Can the Government Compel Decryption?: Don't Trust - Verify
Pages 23 - 36
Abstract
If a court knows that a respondent knows the password to a device, can the court compel the respondent to enter that password into the device? In this work, we propose a new approach to the foregone conclusion doctrine from Fisher v. U.S. that governs the answer to this question. The Holy Grail of this line of work would be a framework for reasoning about whether the testimony implicit in any action is already known to the government. In this paper we attempt something narrower. We introduce a framework for specifying actions for which all implicit testimony is, constructively, a foregone conclusion. Our approach is centered around placing the burden of proof on the government to demonstrate that it is not "rely[ing] on the truthtelling" of the respondent. Building on original legal analysis and using precise computer science formalisms, we propose demonstrability as a new central concept for describing compelled acts. We additionally provide a language for whether a compelled action meaningfully entails the respondent to perform in a manner that is 'as good as' the government's desired goal. Then, we apply our definitions to analyze the compellability of several cryptographic primitives including decryption, multifactor authentication, commitment schemes, and hash functions. In particular, our framework reaches a novel conclusion about compelled decryption in the setting that the encryption scheme is deniable: the government can compel but the respondent is free to use any password of her choice.
Supplementary Material
If a court knows that a respondent knows the password to a device, can the court compel the respondent to enter that password into the device? In this work, we propose a new approach to the foregone conclusion doctrine from Fisher v. U.S. that governs the answer to this question.
- Download
- 277.61 MB
References
[1]
Micah Altman, Aloni Cohen, Kobbi Nissim, and Alexandra Wood. 2021. What a hybrid legal-technical analysis teaches us about privacy regulation: The case of singling out. BU J Sci. & Tech. L. 27 (2021), 1.
[2]
Ran Canetti. 2001. Universally Composable Security: A New Paradigm for Cryptographic Protocols. In 42nd FOCS. IEEE Computer Society Press, 136--145. https://doi.org/10.1109/SFCS.2001.959888
[3]
Ran Canetti, Asaf Cohen, and Yehuda Lindell. 2015. A Simpler Variant of Universally Composable Security for Standard Multiparty Computation. In CRYPTO 2015, Part II (LNCS, Vol. 9216), Rosario Gennaro and Matthew J. B. Robshaw (Eds.). Springer, Heidelberg, 3--22. https://doi.org/10.1007/978--3--662--48000--7_1
[4]
Aloni Cohen, Moon Duchin, J. N. Matthews, and Bhushan Suwal. 2021. Census TopDown: The Impacts of Differential Privacy on Redistricting. In FORC (LIPIcs, Vol. 192). Schloss Dagstuhl - Leibniz-Zentrum für Informatik, 5:1--5:22.
[5]
Aloni Cohen and Kobbi Nissim. 2020. Towards formalizing the GDPR's notion of singling out. Proc. Natl. Acad. Sci. USA 117, 15 (2020), 8344--8352.
[6]
Aloni Cohen and Sunoo Park. 2018. Compelled Decryption and the Fifth Amendment: Exploring the Technical Boundaries. Harvard Journal of Law & Technology 32 (2018), 169--234. Issue 1.
[7]
Aloni Cohen, Sarah Scheffler, and Mayank Varia. 2021. Telling the Truth about Compelled Encryption and Contents of the Mind (Privacy Law Scholars Conference).
[8]
Commonwealth v. Davis, Pa: Supreme Court, Middle Dist. 2019.
[9]
Commonwealth v. Gelfgatt, 11 N.E.3d 605 (Mass.). 2014.
[10]
Commonwealth v. Jones, 481 Mass. 540 - Mass: Supreme Judicial Court. 2019.
[11]
Curcio v. United States, 354 U.S. 118. 1957.
[12]
Doe v. United States, 487 U.S. 201. 1988.
[13]
Fisher v. United States, 425 U.S. 391. 1976.
[14]
Sanjam Garg, Shafi Goldwasser, and Prashant Nalini Vasudevan. 2020. Formalizing Data Deletion in the Context of the Right to Be Forgotten. In EUROCRYPT 2020, Part II (LNCS, Vol. 12106), Anne Canteaut and Yuval Ishai (Eds.). Springer, Heidelberg, 373--402. https://doi.org/10.1007/978--3-030--45724--2_13
[15]
Holt v. United States, 218 U.S. 245. 1910.
[16]
In re Grand Jury Proceedings, 41 F. 3d 377 (8th Cir.). 1994.
[17]
In re Grand Jury Subpoena, 383 F.3d 905 (9th Cir.). 2004.
[18]
In re Grand Jury Subpoena Duces Tecum, 1 F. 3d 87 (2nd Cir.). 1993.
[19]
In re Grand Jury Subpoena Duces Tecum Dated March 25, 2011 (United States v. Doe), 670 F.3d 1335 (11th Cir.). 2012.
[20]
In re Grand Jury Subpoena to Sebasetien Boucher, No. 2:06-mJ-91, 2009 WL 424718. 2009.
[21]
In re Search of a Residence in Aptos, California 95003, No.17-mj-70656-JSC-1, 2018 WL 1400401. 2018.
[22]
Samuel Judson and Joan Feigenbaum. 2022. On Heuristic Models, Assumptions, and Parameters. CoRR abs/2201.07413 (2022).
[23]
Orin Kerr. 2016. Opinion: The Fifth Amendment limits on forced decryption and applying the "foregone conclusion' doctrine. https://www.washingtonpost. com/news/volokh-conspiracy/wp/2016/06/07/the-fifth-amendment-limits-onforced-decryption-and-applying-the-foregone-conclusion-doctrine/.
[24]
Orin S Kerr. 2018. Compelled Decryption and the Privilege Against SelfIncrimination. Tex. L. Rev. 97 (2018), 767.
[25]
Orin S Kerr. 2020. Decryption Originalism: The Lessons of Burr. Available at SSRN (2020).
[26]
Jeffrey Kiok. 2015. Missing the Metaphor: Compulsory Decryption and the Fifth Amendment. Boston University Public Interest Law Journal 24 (2015), 53--80. Issue 1.
[27]
Nathan K. McGregor. 2010. The Weak Protection of Strong Encryption: Passwords, Privacy, and Fifth Amendment Privilege. Vanderbilt Journal of Entertainment & Technology Law 12 (2010), 581--609. Issue 3.
[28]
Robbie Morrison, Natasha CHL Mazey, and Stephen C Wingreen. 2020. The DAO controversy: the case for a new species of corporate governance? Frontiers in Blockchain 3 (2020), 25.
[29]
Kobbi Nissim. 2021. Privacy: From Database Reconstruction to Legal Theorems. In PODS. ACM, 33--41.
[30]
Kobbi Nissim, Aaron Bembenek, Alexandra Wood, Mark Bun, Marco Gaboardi, Urs Gasser, David R O'Brien, Thomas Steinke, and Salil Vadhan. 2017. Bridging the gap between computer science and legal approaches to privacy. Harv. JL & Tech. 31 (2017), 687.
[31]
Laurent Sacharoff. 2018. Unlocking the Fifth Amendment: Passwords and Encrypted Devices. Fordham Law Review 87 (2018), 203--251. Issue 1.
[32]
Sarah Scheffler and Mayank Varia. 2021. Protecting Cryptography Against Compelled Self-Incrimination. In USENIX Security 2021, Michael Bailey and Rachel Greenstadt (Eds.). USENIX Association, 591--608.
[33]
Schmerber v. California, 384 U.S. 757. 1966.
[34]
Sec. & Exch. Comm'n v. Huang, No. CV 15--269, 2015 WL 5611644 (E.D. Pa. Sept. 23). 2015.
[35]
Seo v. State, 148 N.E.3d 952 (Ind.). 2020.
[36]
State v. Andrews, 197 A. 3d 200 - NJ: Appellate Div. 2018.
[37]
Dan Terzian. 2013. The Fifth Amendment, encryption, and the forgotten state interest. UCLA L. Rev. Discourse 61 (2013), 298.
[38]
Dan Terzian. 2015. Forced Decryption as a Foregone Conclusion. 6 California Law Review Circuit 27 (2015).
[39]
United States Constitution. Amendment V. 1791.
[40]
United States v. Apple MacPro Computer, 851 F.3d 238 (3rd Cir.). 2017.
[41]
United States v. Bright, 596 F. 3d 683 (9th Cir.). 2010.
[42]
United States v. Burns, Dist. Court, MD North Carolina. 2019.
[43]
United States v. Doe, 465 U.S. 605. 1984.
[44]
United States v. Fricosu, 841 F. Supp. 2d 1232 (Dist. Court, D. Colorado). 2012.
[45]
United States v. Greenfield, 831 F. 3d 106 (2nd Cir.). 2016.
[46]
United States v. Hubbell, 530 U.S. 27. 2000.
[47]
United States v. Kirschner, 823 F. Supp. 2d 665 - Eastern District of Michigan. 2010.
[48]
United States v. Maffei, Dist. Court, ND California. 2019.
[49]
United States v. Ponds, 454 F. 3d 313 (D.C. Cir.). 2006.
[50]
John Henry Wigmore. 1961. A Treatise on the Anglo-American System of Evidence in Trials at Common Law; Including the statues and judicial decisions of all jurisdictions of the united states, John Theodore McNaughton (Ed.), Vol. 8.
[51]
Andrew T. Winkler. 2013. Password Protection and Self-Incrimination: Applying the Fifth Amendment Privilege in the Technological Era. Rutgers Computer & Technology Law Journal 39 (2013), 194--215. Issue 2.
[52]
Karen Yeung. 2019. Regulation by blockchain: the emerging battle for supremacy between the code of law and code as law. The Modern Law Review 82, 2 (2019), 207--239.
Index Terms
- Can the Government Compel Decryption?: Don't Trust - Verify
Recommendations
Deniable encryptions secure against adaptive chosen ciphertext attack
ISPEC'12: Proceedings of the 8th international conference on Information Security Practice and ExperienceThe deniable encryption is a type of encryption which can hide the true message while revealing a fake one. Even if the sender or the receiver is coerced to show the plaintext and the used random numbers in encryption, a deniable encryption scheme ...
Deniable Searchable Symmetric Encryption
In the recent years, Searchable Symmetric Encryption (SSE) has become one of the hottest topic in cloud-computing area because of its availability and flexibility, and there are a series of SSE schemes were proposed. The adversary considered in these ...
Deniably Information-Hiding Encryptions Secure against Adaptive Chosen Ciphertext Attack
INCOS '12: Proceedings of the 2012 Fourth International Conference on Intelligent Networking and Collaborative SystemsThe deniably information-hiding encryption (DIHE) is a type of deniable encryption which can hide an additional information in encrypting a normal message. Even if the sender or the receiver is coerced to show the plaintext and the random coins in the ...
Comments
Information & Contributors
Information
Published In
November 2022
202 pages
ISBN:9781450392341
DOI:10.1145/3511265
- General Chair:
- Daniel J. Weitzner,
- Program Chairs:
- Joan Feigenbaum,
- Christopher S. Yoo
Copyright © 2022 Owner/Author.
This work is licensed under a Creative Commons Attribution International 4.0 License.
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 01 November 2022
Check for updates
Author Tags
Qualifiers
- Research-article
Funding Sources
- Princeton University Center for Information Technology Policy
- NSF (National Science Foundation)
- DARPA
Conference
CSLAW '22
Sponsor:
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 246Total Downloads
- Downloads (Last 12 months)150
- Downloads (Last 6 weeks)33
Reflects downloads up to 16 Oct 2024
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in