Back to News & Commentary

Kicking in Our (Electronic) Doors

Jay Stanley,
Senior Policy Analyst,
ACLU Speech, Privacy, and Technology Project
Share This Page
February 27, 2009

A major unresolved legal issue in the United States right now is your right NOT to tell the government your password when they demand access to encrypted material in your posession. Now a fight is underway over just that question and the authorities have just won a round:

A federal judge has ordered a criminal defendant to decrypt his hard drive by typing in his PGP passphrase so prosecutors can view the unencrypted files, a ruling that raises serious concerns about self-incrimination in an electronic age.

In an abrupt reversal, U.S. District Judge William Sessions in Vermont ruled that Sebastien Boucher, who a border guard claims had child porn on his Alienware laptop, does not have a Fifth Amendment right to keep the files encrypted.

With the government gaining more and more powers in recent years to access private data held by third parties (through the Patriot Act and other means), information kept in one’s own posession is still largely protected by the Fourth Amendment.

But, there are exceptions including a big one: any time you cross the nation’s border. As it stands now, DHS policies allow the searching and copying of data, books and documents at the border, all without probable cause. And, the information that people routinely carry in their posession can now include what in a previous time would have been entire libraries of correspondence and other “papers and effects” (to quote the Fourth Amendment).

In that situation, encryption is often the last bastion of privacy. But if this decision is upheld — it has already been appealed to the 2nd Circuit — this last bastion will be breached. If it is upheld, no one will travel with sensitive data in the future because they will never be able to be confident that it cannot be breached (and sometimes even everyday data is sensitive, because in large quantities its disclosure feels like such an invasion). Instead, people will turn to Virtual Private Networks and Cloud Computing, in which data is stored on remote servers and which raises privacy problems of its own since the data is held by a “third party” where it has so far been judged to have no constitutional protection.

The government’s aggressive stance with regards to electronic searches is ensnaring innocent people, drawing precious security resources away from real threats, imposing costs on business, and resulting in racial profiling of business travelers.

Meanwhile, last year both houses of Congress introduced legislation that struck a nice balance between Americans’ privacy and national security. The bills would restore Americans’ privacy rights at the border by prohibiting the copying of electronic data without probable cause. (Federal agents would still be able to retain intelligence after getting a warrant.) We’re looking for this Congress to reintroduce this, or similar legislation, this session, so stay tuned.

Learn More About the Issues on This Page