Child porn case tests right against self incrimination

A laptop owner's Fifth Amendment rights are at stake in a complicated legal case

Can the government force you to reveal a password to unlock encrypted files on your computer that are known to contain child pornography? Or would doing so constitute a violate your Fifth Amendment right against self incrimination?

That's the issue in front of a US federal district court in Vermont in what is believed to be the first case to test the issue in the U.S.

The case involves a Canadian citizen, Sebastien Boucher, who is now a legal permanent resident living in Derry, N.H. Boucher was arrested in December 2006 at the Canadian border in Derby Line, Vt. on charges of transporting child pornography on his computer.

According to a description of the arrest in court documents, Boucher was pulled over for a secondary inspection by a Custom and Border Protection officer while attempting to cross into the U.S from Canada. During the secondary inspection, the officer noticed a laptop computer in Boucher's car and proceeded to inspect it for child pornography images.

Of the 34,000 or so image files on Boucher's computer, several appeared to have names suggesting explicit child pornography, including one titled, "Two-year old being raped during diaper change." On being asked by the officer whether the computer contained child pornography images Boucher claimed that he did not know for sure because he had not checked the temporary Internet files folder on his computer.

A special agent who had experience and training in identifying child pornography was then called in to inspect Boucher's computer. That inspection revealed several images of adult and animated child pornography. But when the special agent tried to click on the file with the name suggesting child pornography, he found he was unable to open it. When asked about the file, Boucher stated that he visited various newsgroups from which he downloaded pornographic images. He conceded that some of the files might unknowingly be child porn but added that he deleted those files when he saw them.

Boucher was then asked to show the agent the files that he downloaded from such news groups. Boucher was allowed access to the laptop and he navigated to a section of it called drive Z. An inspection of the files in drive Z revealed several containing graphic child pornography including many involving preteens. The computer was then seized and Boucher himself was arrested.

About two weeks after the arrest, an officer at the Vermont Department of Corrections took custody of Boucher's laptop and created a mirror image of its contents. However when he attempted to access the contents in drive Z, he found that he was unable to do so because it had been encrypted using software from Pretty Good Privacy (PGP).

According to court documents, the files are nearly impossible to open without knowing the password or without any "back doors" to the files. The only way to get access to the files without the password is to use an automated password guessing system but it's a process that could take years, according to the government.

A grand jury subpoenaed Boucher to provide the password for accessing the files. Boucher refused on the grounds that it violated his Fifth Amendment right against self incrimination. Magistrate Judge Jerome Niedermeier, who heard the case this past November, granted Boucher's motion to quash the grand jury subpoena.

In explaining his decision, Niedermeier said that compelling Boucher to enter the password forces him to produce evidence that could be used to incriminate him. "By entering the password, Boucher would be disclosing the fact that he knows the password and has control over the files on drive Z," he said. "If Boucher does know the password, he would be faced with the forbidden trilemma; incriminate himself, lie under oath, or find himself in contempt of court," Niedermeir wrote.

Earlier this month, the government appealed Niedermeier's decision to the U.S. District Court in Vermont, which now needs to make a decision on the issue.

As a test case, the Boucher affair is a messy one, said Michael Froomkin, professor of law at the University of Miami's School of Law in Florida. Giving up the password to an encrypted file automatically ties that individual to the file and its contents, Froomkin said. In this case, it would be akin to Boucher admitting that he knew what the contents of the file were and how to access it, both of which could be considered self-incriminating.

Page Break

However Boucher may have waived his privilege against self-incrimination when he earlier provided access to the drive containing the alleged child porn at the time of his arrest, Froomkin said. "You can waive your right if you show the stuff to people and therefore have already admitted to the critical issue of being tied to the data." In that case "it might not be any more incriminating to do that again. It puts the case in a completely different position."

The Boucher case comes at a time when courts are increasingly willing to ask individuals to produce data that in the past might have been considered self-incriminatory, Froomkin said. "One hundred years ago, the Supreme Court had a view of the forced production of private papers which said 'of course we don't do that'," Froomkin said. That has changed over the past 30 years, he said.

In this case, Boucher could well be asked to use his password to unlock the files containing the pornographic data and be offered immunity for that act, he said. In other words, the courts could treat the documents as never having been encrypted in the first place. So the act of decrypting it by itself would not necessarily be self-incriminating, Froomkin said.