Skip to main content

Federal court finds refusing to decrypt a hard drive is contempt of court

An image of a court gavel.
Paul Matthew Photography/Shutterstock
Refusing to decrypt your hard drive for authorities, even if you’ve allegedly forgotten the password, is still considered contempt of court. That’s according to a U.S. Third Circuit Court of Appeals ruling handed down this week, which upheld a lower court ruling.

The John Doe at the center of the case had argued that not decrypting his hard drives was allowed under his Fifth Amendment right to avoid self-incrimination. The man is accused of owning child pornography. Several devices were seized upon his arrest including a Mac Pro, two external hard drives, an iPhone 5S, and an iPhone 6 Plus.

According to court documents published by The Register, the defendant had voluntarily handed over the password for one of his iPhones but refused to do so for his Mac and the two external hard drives. The authorities eventually got access to the Mac with help from forensic analysts but have been unable to decrypt the external hard drives.

Through their investigation, the analysts determined that the computer had been used to download files from sites that hosted child abuse material, however these files were not found on the Mac. The police believe they are stored on the external hard drives, citing a statement from the defendant’s sister indicating that she said she saw these files on the drives.

The defendant had already provided access to his iPhone 6 Plus where police did indeed find incriminating material.

“Forensic analysts also found an additional 2,015 videos and photographs in an encrypted application on Doe’s phone, which Doe had opened for the police by entering a password,” said the ruling.

Based on this, the police felt that there was reasonable cause for decrypting the hard drives in the same way the other devices were decrypted. However, John Doe failed to provide access to the hard drives because “he could not remember the passwords necessary to decrypt the hard drives,” Several incorrect password attempts were made during the examination.

The judge overseeing the case thinks otherwise, though, and stated that the defendant was lying and “chose not to reveal [the passwords] because of the devices’ contents” which amounts to contempt of court.

An attorney for the Electronic Frontier Foundation told The Register that it was disappointed in the ruling. The digital rights organization is opposed to compelled password production by authorities. “Any time suspects are forced to disclose the contents of their mind, that’s enough to trigger the Fifth Amendment, end of story,” he said.

Editors' Recommendations

Gmail client-side encryption adds security for businesses
Google services (YouTube, Gmail, Chrome, Duo, Meet, Google Podcasts) icons app on smartphone screen.

Google has made client-side encryption (CSE) available for a number of its Workspace applications after introducing the function in beta mode last December.

Detailing the feature in a blog post on Tuesday, Google announced that client-side encryption would allow professional users to send data in Gmail and Calendar apps in such a way that no one except those in the organization and the recipients can access or read the content. Google as an entity is not even able to access data sent or created through Gmail or Calendar as it would be encrypted before reaching its servers. This is yet another way Google is using AI to the benefit of customers the brand said.

Read more
Apple’s security trumps Microsoft and Twitter’s, say feds
Apple's Craig Federighi speaking about macOS security at WWDC 2022.

Apple has long held a reputation for rock-solid security, and now the U.S. government seemingly agrees after praising the company for its security procedures. At the same time, the feds have suggested Microsoft and Twitter need to pull their socks up and make their products much more secure for their users, according to CNBC.

In a speech given at Carnegie Mellon University, Cybersecurity and Infrastructure Security Agency Director Jen Easterly pointed to Apple as a company that took security and accountability seriously, and suggested other companies should take note.

Read more
LastPass reveals how it got hacked — and it’s not good news
A depiction of a hacker breaking into a system via the use of code.

Last year was a particularly bad one for password manager LastPass, as a series of hacking incidents revealed some serious weaknesses in its supposedly rock-solid security. Now, we know exactly how those attacks went down -- and the facts are pretty breathtaking.

It all began in August 2022, when LastPass revealed that a threat actor had stolen the app’s source code. In a second, subsequent attack, the hacker combined this data with information found in a separate data breach, then exploited a weakness in a remote-access app used by LastPass employees. That allowed them to install a keylogger onto the computer of a senior engineer at the company.

Read more