[1156] in cryptography@c2.net mail archive
Re: Supreme Court dicta on safe combinations
daemon@ATHENA.MIT.EDU (Arnold G. Reinhold)
Wed Jul 2 17:28:13 1997
In-Reply-To: <199707010539.WAA06834@servo.qualcomm.com>
Date: Wed, 2 Jul 1997 14:48:48 -0400
To: Phil Karn <karn@qualcomm.com>, cryptography@c2.net
From: "Arnold G. Reinhold" <reinhold@world.std.com>
Cc: karn@ka9q.ampr.org
Phil Karn quotes the Court and writes:
...
>
> [Footnote 9] We do not disagree with the dissent that "[t]he
> expression of the contents of an individual's mind" is testimonial
> communication for purposes of the Fifth Amendment. Post, at 220,
> n. 1. We simply disagree with the dissent's conclusion that the
> execution of the consent directive at issue here forced petitioner to
> express the contents of his mind. In our view, such compulsion is more
> like "be[ing] forced to surrender a key to a strongbox containing
> incriminating documents" than it is like "be[ing] compelled to reveal
> the combination to [petitioner's] wall safe." Post, at 219.
...
>
>Consider a) the passphrase for a PGP key that has your name on it and
>b) the passphrase to a conventionally encrypted file. In the first
>case, the government could argue that because your name is on the
>public key used to encrypt some file, you must certainly know its
>passphrase. So revealing it would not be testimonial; it would be like
>giving up the key to a safe deposit box already known to be in your
>name. Of course, you could simply have forgotten your PGP passphrase,
>as seems to happen all too often, just as you could claim to have lost
>the safe deposit box key -- though safe deposit boxes are much more
>easily drilled open than strong ciphers.
>
Not to quibble, but wouldn't being compelled to reveal the passphrase for a
PGP key that has one's name on it be more analogous to "be[ing] compelled
to reveal the combination to [petitioner's] wall safe?" The government
could just as well argue that the owner of a wall safe certainly knows its
combination.
Here are some other relevant quotes from the majority opinion in the case
(Doe v. United States, 487 U.S. 201 (1988)) you cite:
>The Government, on the other hand, suggests that a compelled
statement
>is not testimonial for purposes of the privilege, unless it
implicitly
>or explicitly relates a factual assertion or otherwise conveys
>information to the Government. It argues that, under this view,
the
>consent directive is not [487 U.S. 201, 209] testimonial because
>neither the directive itself nor Doe's execution of the form
discloses
>or communicates facts or information. Petitioner disagrees ...
>It is the "extortion of information from the accused," Couch v.
United
>States, 409 U.S., at 328, the attempt to force him "to
>disclose the contents of his own mind," Curcio v. United States, 354
>U.S. 118, 128 (1957), that implicates the Self-Incrimination Clause.
>See also Kastigar v. United States, 406 U.S. 441, 445 (1972) (the
>privilege "protects against any disclosures that the witness
reasonably
>believes could be used in a criminal prosecution or could lead to
other
>evidence that might be so used")
Of course, no one can be certain how the court will eventually rule on the
question of compelled key disclosure, especially given all the 5-4
decisions this year.
One more thought: an unintended consequence of making the use of
cryptography in commiting a crime a separate federal offence might be to
put disclosure of a key squarely within the bounds of Fifth Amendment
protection!
Arnold Reinhold
