Compelled Production of Encrypted Data

Compelled Production of Encrypted Data

John E.D. Larkin · 14 Vand. J. Ent. & Tech. L. 253

Abstract

There is a myth that shadowy and powerful government agencies can crack the encryption software that criminals use to protect computers filled with child pornography and stolen credit card numbers.  The reality is that cheap or free encryption programs can place protected data beyond law enforcement’s reach. If courts seriously mean to protect the victims of Internet crimeall too often childrenthen Congress must adopt a legal mechanism to remedy the technological deficiency.

To date, police and prosecutors have relied on subpoenas to either compel defendants to produce their password, or to decipher their protected data. This technique has been met with mixed success.

A better solution  would be to couple a subpoena for the deciphered data with a warrant that specifies what and how to search.  If the defendant refuses to produce the deciphered data, he can be held in contempt.

Where handing over protected data means the certainty of a lengthy prison sentence, some defendants will  prefer contempt to compliance. Therefore, the court needs an additional legal mechanism to allow fact-finders to look into protected data. This Article proposes that when a defendant refuses to comply with a court order to produce deciphered data, the court should be able to issue a missing evidence instruction as a surrogate for actual inspection. If a warrant, a subpoena, and a contempt order cannot induce a defendant to decrypt his data, courts should issue an instruction that the fact-finder may presume that the missing data is incriminating.