In re Boucher

Last updated
In re Boucher
District-Vermont.gif
Court United States District Court for the District of Vermont
Full case name In re Grand Jury Subpoena to Sebastien Boucher
DecidedFeb 19, 2009
Citation(s)In re Grand Jury Subpoena to Sebastien Boucher, No. 2:06-mj-91, 2009 WL 424718 (D. Vt.Feb 19, 2009).
Case history
Prior action(s)Motion to quash subpoena granted, WL 4246473 (D. Vt.2007).
Holding
  • Boucher's motion to quash the subpoena was denied. He was ordered to provide an unencrypted version of the hard drive in question.
  • The Government's appeal of the magistrate judge's opinion and order is sustained.
Court membership
Judge(s) sitting William K. Sessions III
Keywords
encryption, self-incrimination

In re Boucher (case citation: No. 2:06-mJ-91, 2009 WL 424718), is a federal criminal case in Vermont, which was the first to directly address the question of whether investigators can compel a suspect to reveal their encryption passphrase or password, despite the U.S. Constitution's Fifth Amendment protection against self-incrimination. A magistrate judge held that producing the passphrase would constitute self-incrimination. In its submission on appeal to the District Court, the Government stated that it does not seek the password for the encrypted hard drive, but only sought to force Boucher to produce the contents of his encrypted hard drive in an unencrypted format by opening the drive before the grand jury. A District Court judge agreed with the government, holding that, given Boucher's initial cooperation in showing some of the content of his computer to border agents, producing the complete contents would not constitute self-incrimination.

Contents

In late 2009, Boucher finally gave up his password and investigators found numerous images and videos depicting sexual abuse of children. In January 2010, Boucher was sentenced to 3 years in prison and deported. [1]

Facts

On 17 December 2006, the laptop computer of defendant Sebastien D. Boucher (born in 1977) [2] [3] was inspected when he crossed the border from Canada into the United States at Derby Line, Vermont. The laptop was powered-up when the border was crossed, which allowed its contents to be browsed. Images containing child pornography were allegedly seen by Immigration and Customs Enforcement (ICE) border agents who seized the laptop, questioned Boucher and then arrested him on a complaint charging him with transportation of child pornography in violation of 18 U.S.C. 2252A(a)(1). The laptop was subsequently powered-down. When the laptop was switched on and booted on 29 December 2006, it was not possible to access its entire storage capability. This was because the laptop had been protected by PGP Disk encryption. [4] As a result, investigators working for the US government were unable to view the contents of drive "Z:", which allegedly contained the illegal content. A grand jury then subpoenaed the defendant to provide the password to the encryption key protecting the data.

Decision of the United States District Court

On November 29, 2007, U.S. Magistrate Judge Jerome Niedermeier of the United States District Court for the District of Vermont stated "Compelling Boucher to enter the password forces him to produce evidence that could be used to incriminate him." [4] Accordingly, Niedermeier quashed the subpoena.

On January 2, 2008, the United States appealed the magistrate's opinion to the District Court in a sealed motion (court docket, case #: 2:06-mJ-00091-wks-jjn-1). [5] The appeal was heard by U.S. District Judge William K. Sessions. [6] Oral arguments were scheduled for April 30, 2008. [7]

On February 19, 2009, Judge Sessions reversed the magistrate's ruling and directed Boucher "to provide an unencrypted version of the Z drive viewed by the ICE agent."

Boucher accessed the Z drive of his laptop at the ICE agent's request. The ICE agent viewed the contents of some of the Z drive's files, and ascertained that they may consist of images or videos of child pornography. The Government thus knows of the existence and location of the Z drive and its files. Again providing access to the unencrypted Z drive 'adds little or nothing to the sum total of the Government's information about the existence and location of files that may contain incriminating information. Fisher, 425 U.S. at 411. Boucher's act of producing an unencrypted version of the Z drive likewise is not necessary to authenticate it. He has already admitted to possession of the computer, and provided the Government with access to the Z drive. The Government has submitted that it can link Boucher with the files on his computer without making use of his production of an unencrypted version of the Z drive, and that it will not use his act of production as evidence of authentication. [8]

See also

Related Research Articles

Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication. PGP is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications. Phil Zimmermann developed PGP in 1991.

In cryptography, plaintext usually means unencrypted information pending input into cryptographic algorithms, usually encryption algorithms. This usually refers to data that is transmitted or stored unencrypted.

Hushmail is an encrypted proprietary web-based email service offering PGP-encrypted e-mail and vanity domain service. Hushmail uses OpenPGP standards. If public encryption keys are available to both recipient and sender, Hushmail can convey authenticated, encrypted messages in both directions. For recipients for whom no public key is available, Hushmail will allow a message to be encrypted by a password and stored for pickup by the recipient, or the message can be sent in cleartext. In July, 2016, the company launched an iOS app that offers end-to-end encryption and full integration with the webmail settings. The company is located in Vancouver, British Columbia, Canada.

The Encrypting File System (EFS) on Microsoft Windows is a feature introduced in version 3.0 of NTFS that provides filesystem-level encryption. The technology enables files to be transparently encrypted to protect confidential data from attackers with physical access to the computer.

<span class="mw-page-title-main">TrueCrypt</span> Discontinued source-available disk encryption utility

TrueCrypt is a discontinued source-available freeware utility used for on-the-fly encryption (OTFE). It can create a virtual encrypted disk within a file, or encrypt a partition or the whole storage device.

Disk encryption software is computer security software that protects the confidentiality of data stored on computer media by using disk encryption.

Cryptography is the practice and study of encrypting information, or in other words, securing information from unauthorized access. There are many different cryptography laws in different nations. Some countries prohibit export of cryptography software and/or encryption algorithms or cryptoanalysis methods. Some countries require decryption keys to be recoverable in case of a police investigation.

The Linux Unified Key Setup (LUKS) is a disk encryption specification created by Clemens Fruhwirth in 2004 and originally intended for Linux.

Disk encryption is a technology which protects information by converting it into code that cannot be deciphered easily by unauthorized people or processes. Disk encryption uses disk encryption software or hardware to encrypt every bit of data that goes on a disk or disk volume. It is used to prevent unauthorized access to data storage.

United States v. Hubbell, 530 U.S. 27 (2000), was a United States Supreme Court case involving Webster Hubbell, who had been indicted on various tax-related charges, and mail and wire fraud charges, based on documents that the government had subpoenaed from him. The Fifth Amendment provides that no person "shall be compelled in any criminal case to be a witness against himself." The Supreme Court has, since 1976, applied the so-called "act-of-production doctrine". Under this doctrine, a person can invoke his Fifth Amendment rights against the production of documents only where the very act of producing the documents is incriminating in itself.

This is a technical feature comparison of different disk encryption software.

<span class="mw-page-title-main">Fifth Amendment to the United States Constitution</span> 1791 amendment enumerating due process rights

The Fifth Amendment to the United States Constitution creates several constitutional rights, limiting governmental powers focusing on criminal procedures. It was ratified, along with nine other articles, in 1791 as part of the Bill of Rights.

<span class="mw-page-title-main">All Writs Act</span> 1789 U.S. statute giving federal courts authority to effectuate the law

The All Writs Act is a United States federal statute, codified at 28 U.S.C. § 1651, which authorizes the United States federal courts to "issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law."

Key disclosure laws, also known as mandatory key disclosure, is legislation that requires individuals to surrender cryptographic keys to law enforcement. The purpose is to allow access to material for confiscation or digital forensics purposes and use it either as evidence in a court of law or to enforce national security interests. Similarly, mandatory decryption laws force owners of encrypted data to supply decrypted data to law enforcement.

United States v. Fricosu, 841 F.Supp.2d 1232, is a federal criminal case in Colorado that addressed whether a person can be compelled to reveal his or her encryption passphrase or password, despite the U.S. Constitution's Fifth Amendment protection against self-incrimination. On January 23, 2012, judge Robert E. Blackburn held that under the All Writs Act, Fricosu is required to produce an unencrypted hard drive.

<i>United States v. Cotterman</i> 2013 court case regarding electronic storage devices

United States v. Cotterman,, is a United States court case in which the United States Court of Appeals for the Ninth Circuit held that property, such as a laptop and other electronic storage devices, presented for inspection when entering the United States at the border may not be subject to forensic examination without a reason for suspicion, a holding that weakened the border search exception of the Fourth Amendment to the United States Constitution.

United States v. Kirschner, 823 F. Supp. 2d 665, was a federal criminal case in Michigan. The defendant had previously been indicted by a grand jury under three counts of receipt of child pornography under 18 U.S.C. § 2252A(a)(2)(A). The government sought to use a grand jury subpoena post-indictment to acquire additional evidence: the contents of an encrypted file from the defendant's hard drive.

<span class="mw-page-title-main">Proton Mail</span> End-to-end encrypted email service

Proton Mail is an end-to-end encrypted email service founded in 2013 headquartered in Plan-les-Ouates, Switzerland. It uses client-side encryption to protect email content and user data before they are sent to Proton Mail servers, unlike other common email providers such as Gmail and Outlook.com. The service can be accessed through a webmail client, the Tor network, or dedicated iOS and Android apps.

<span class="mw-page-title-main">USBKill</span> Software to protect from unknown USB devices

USBKill is anti-forensic software distributed via GitHub, written in Python for the BSD, Linux, and OS X operating systems. It is designed to serve as a kill switch if the computer on which it is installed should fall under the control of individuals or entities against the desires of the owner. It is free software, available under the GNU General Public License.

<span class="mw-page-title-main">Evil maid attack</span> Type of computer security breach

An evil maid attack is an attack on an unattended device, in which an attacker with physical access alters it in some undetectable way so that they can later access the device, or the data on it.

References

  1. "Quebec man sentenced in U.S. child porn case". Canadian Broadcasting Corporation . January 22, 2010. Retrieved October 4, 2019.
  2. Nakashima, Ellen (January 16, 2008). "In Child Porn Case, a Digital Dilemma". The Washington Post.
  3. http://www.katzjustice.com/boucherdocket.pdf%5B%5D
  4. 1 2 Niedermeier, Jerome J. "In Re Boucher" (PDF). Retrieved August 29, 2009.
  5. Liptak, Adam (January 7, 2008). "U.S. courts consider legality of laptop inspections". International Herald Tribune . Retrieved August 29, 2009.
  6. "Feds appeal loss in PGP compelled-passphrase case". The Iconoclast. Archived from the original on 2012-01-06. Retrieved 2009-08-29.
  7. "CM/ECF Filer or PACER Login".
  8. "In re Grand Jury Subpoena to Sebastien Boucher, Memorandum of Decision" (PDF). The Volokh Conspiracy. February 19, 2009. Retrieved 2009-08-29.
  9. "Archived copy" (PDF). Archived from the original (PDF) on 2012-10-06. Retrieved 2012-01-29.{{cite web}}: CS1 maint: archived copy as title (link)
  10. Electronic Frontier Foundation: U.S. v. Arnold
  11. "U.S. v. Fricosu" (PDF). Archived from the original (PDF) on 2013-04-13. Retrieved 2012-01-29.

Further reading