A recurring question in law-of-digital-evidence investigations is how the Fifth Amendment applies to acts of compelled decryption. In these cases, the government gets an order directing a person to enter a password to unlock a device. The subject of the order then pleads the Fifth. How should a court rule? I wanted to flag two of my recent writings on this issue.
First, last month I posted a forthcoming law review article on how the Fifth Amendment should apply: Compelled Decryption and the Privilege Against Self-Incrimination, forthcoming in the Texas Law Review. When the government obtains an order directing a subject to enter a password to decrypt a device, it argues, an assertion of privilege should be sustained unless the government can independently show that the suspect knows the password. There are all sorts of caveats to that rule discussed in the draft. But that’s the basic idea.
My article flagged but did not answer an important question: What’s the burden of proof for that showing? No appellate court has answered that yet. But a few days after I posted my draft, the Massachusetts Supreme Court Judicial Court invited amici to submit briefs on this exact question in a case called Commonwealth v. Dennis Jones.
Today I submitted an amicus brief in the Jones case offering my thoughts on the burden of proof. It is posted here: Amicus Brief of Professor Orin Kerr on Standards for Compelled Decryption Under the Fifth Amendment. My brief argues that the government's burden should be to prove by clear and convincing evidence, based on a totality of the circumstances, that the subject of the order knows the password.
As always, stay tuned.