11th Circuit Court says, “No you may NOT look at my encrypted files!”

A big win for privacy advocates and folks who don’t want to incriminate themselves today as an 11th Circuit Court judge ruled that forcing someone to decrypt the contents of a hard drive is unconstitutional.

The case, In Re Grand Jury Subpoena Duces Tecum Dated March 25 2011 (PDF), in which 7 pieces of digital media (various computers and external hard drives) were seized through a legal warrant, the defendant refused to comply with the court’s order to decrypt the contents of the hard drives and exercised his Fifth Amendment Right – in particular his right to not incriminate himself. The court was not amused did not feel that the Fifth Amendment applied in this case and ultimately found the defendant, Doe, in contempt of court.

Per the 11th Circuit Court’s opinion, the Government had not made their case in Doe’s appeal. The Court has ruled that compelling a defendant to decrypt the contents of a hard drive would violate their Fifth Amendment Rights. From the Court’s ruling:


Requiring Doe to use a decryption password is most certainly more akin to requiring the production of a combination because both demand the use of the contents of the mind, and the production is accompanied by the implied factual statements noted above that could prove to be incriminatory. See Hubbell, 530 U.S. at 43, 120 S. Ct. at 2047. Hence, we conclude that what the Government seeks to compel in this case, the decryption and production of the contents of the hard drives, is testimonial in character.

Moving to the second point, the question becomes whether the purported testimony was a “foregone conclusion.” We think not. Nothing in the record before us reveals that the Government knew whether any files exist or the location of those files on the hard drives; what’s more, nothing in the record illustrates that the Government knew with reasonable particularity that Doe was even capable of accessing the encrypted portions of the drives. . . .

To be fair, the Government has shown that the combined storage space of the drives could contain files that number well into the millions. And the Government has also shown that the drives are encrypted. The Government has not shown, however, that the drives actually contain any files, nor has it shown which of the estimated twenty million files the drives are capable of holding may prove useful. The Government has emphasized at every stage of the proceedings in this case that the forensic analysis showed random characters. But random characters are not files; because the TrueCrypt program displays random characters if there are files and if there is empty space, we simply do not know what, if anything, was hidden based on the facts before us. It is not enough for the Government to argue that the encrypted drives are capable of storing vast amounts of data, some of which may be incriminating. In short, the Government physically possesses the media devices, but it does not know what, if anything, is held on the encrypted drives. Along the same lines, we are not persuaded by the suggestion that simply because the devices were encrypted necessarily means that Doe was trying to hide something. Just as a vault is capable of storing mountains of incriminating documents, that alone does not mean that it contains incriminating documents, or anything at all.


It should be noted that Doe was accused of having kiddie porn in the drives in question but the Government had failed to properly present their case for obtaining the contents of said password as seen in the Court’s decision. That said a win for privacy proponents helps keep things on the up and up. Let us know what you think in the comments.