The case illustrates the legal confusion in the US over whether encryption keys are effectively protected by the Fifth Amendment – the right to refuse to say something that might be self-incriminating.
No such right exists in the UK. Even though invoking the 'the fifth' can be traced in origin back to Magna Carta and is related to the British 'right to remain silent', that right as far as encryption is concerned was effectively revoked by the Regulation of Investigatory Powers Act (RIPA). This act is rarely used in the UK (although it carries its own gagging order); but one case involved a 19 year-old youth sentenced to four months imprisonment in 2010 for refusing to hand over a 50-character key.
But demonstrating the whole complexity of the issue, Adrian Culley, a former Scotland Yard detective now global technical consultant with Damballa, told Infosecurity that despite apparent clarity in the UK, there is an anomaly. "The penalty for not providing the key is very low, so had you done something very bad, you may be wiser to go for being prosecuted for not providing the key."
The current case in the US has revolved around FBI attempts to break the encryption on several hard disks seized from the suspect. One magistrate originally declined to order him to decrypt the drives, then subsequently changed the ruling. This was then suspended and a new briefing on the Fifth Amendment was scheduled.
But just before the briefing was due to be held, the FBI this week arrested the suspect on two counts of of receiving or distributing child pornography, and one count of possessing child pornography. The Journal Sentinel Online reported, "At his initial appearance, Assistant U.S. Attorney Karine Moreno-Taxman said the FBI's continued efforts had finally decrypted enough of two hard drives to find specific videos of child porn. She told U.S. Magistrate Judge Nancy Joseph that the recovered images involve preteen children in images of sexual assault, bondage and bestiality, 'the worst I've seen.'"
The timing of the arrest just prior to a scheduled briefing in which the government is expected to present its arguments on why the Fifth Amendment should not apply here could mean either that the authorities believe an existing case with evidence would have a positive effect on the deliberations, or that they believe their argument will be rejected, and are proceeding with what they have so far.
That comes primarily from the small portion of the disk drives so far cracked. Back in May, an FBI agent's affidavit to the court stated that the storage system "contains an intricate electronic folder structure comprised of approximately 6,712 folders and subfolders." In these folders, reported the Journal Sentinel at the time, "agents found roughly 707,307 files. Among those files were many that constitute child pornography."
At this point, however, the question of whether encryption keys are protected by the Fifth Amendment remains confused. "Though rare," writes David Kravets in Wired, "decryption orders are likely to become more common as the public increasingly embraces technology that comes standard on most operating systems. Decryption orders have never squarely been addressed by the Supreme Court, despite conflicting opinions in the lower courts."