Legal Report August 2012
U.S. JUDICIAL DECISIONS
ENCRYPTED DATA. An appeals court decision finds that the government may compel an individual to reveal the password to an encrypted hard drive if the government is already aware of what material resides on the hard drive. Another rules that when the government does not know what is on the hard drive, compelling disclosure violates the individual’s Fifth Amendment right to avoid self-incrimination.
In a case before the U.S. Court of Appeals for the Tenth Circuit, the government was asking that Ramona Fricosu, who was accused of real estate and mortgage fraud, be compelled to turn over the password to an encrypted laptop. The laptop was seized during a search of Fricosu’s home. Fricosu later admitted in a telephone conversation that she had incriminating evidence on the laptop and that it was password protected.
The government sought to compel Fricosu to relinquish her password. Fricosu argued that forcing her to turn over the password was a violation of her Fifth Amendment rights. The U.S. District Court for the District of Colorado found in favor of the government, ruling that law enforcement need not know exactly what was in the documents, only that they were related to the crime in question and clearly belonged to Fricosu. The appeals court upheld the decision.
In another case involving a child pornography investigation, the government tracked the account of a suspect (who was known as John Doe in the court documents) to a hotel. Comparing the name on the IP account to the names of hotel guests, the police found only one match. They raided that guest’s room, seizing all digital media.
The two laptops discovered in the search were encrypted. The government ordered Doe to turn over the passwords to the files. He refused to do so, invoking his Fifth Amendment rights. The U.S. District Court for the Northern District of Florida found Doe in contempt. Doe appealed the district court’s decision.
In reviewing the contempt order, the U.S. Court of Appeals for the Eleventh Circuit ruled that the government could not compel Doe to give up the passwords. Because the government had no idea what sort of data was present on the laptops, requiring Doe to provide the password was essentially asking Doe to testify against himself. In the written opinion of the case, the court noted: “We conclude that the decryption and production would be tantamount to testimony by Doe of his knowledge of the existence and location of potentially incriminating files; of his possession, control, and access to the encrypted portions of the drives; and of his capability to decrypt the files.” (Fricosu v. United States, U.S. Court of Appeals for the Tenth Circuit, No. 12-701, 2012. In re: Grand Jury Subpoena v. Doe, No. 11-12268, 2012.)
TERRORISM. Convicted of providing material support to a terrorist organization, Jubair Ahmad has been sentenced to 12 years in prison. Ahmad’s material support consisted of producing a video in support of Lashkar-e-Tayyiba (LeT), a designated terrorist organization, recruiting others, and raising money.
Ahmad, a 24-year-old resident of Woodbridge, Virginia, at the time of his arrest, was born in Pakistan. He received religious training from LeT in Pakistan when he was a teenager. Ahmad moved to the United States with his family in 2007.
In September 2010, Ahmad produced a propaganda video on behalf of the LeT and uploaded it to YouTube. Ahmad revised the video and reposted it at the request of the LeT in October 2010. Investigators found video and audio files on Ahmad’s computer that matched the video.
The government also presented evidence that Ahmad recruited others to join the LeT movement and raised money for the group. (U.S. v. Ahmad, U.S. District Court for the Eastern District of Virginia, No. 1:11CR554, 2012)
U.S. CONGRESSIONAL LEGISLATION
CYBERSECURITY. A bill (H.R. 2096) that would mandate government cybersecurity efforts has been approved by the House of Representatives. It is currently pending in the Senate Commerce, Science, and Transportation Committee.
Under the measure, certain federal agencies would have to transmit a cybersecurity strategic research and development plan to Congress. An annual update would also be required. The executive branch would be required to report to Congress on the cybersecurity needs of the federal government work force.
The bill would also expand existing National Science Foundation grants for basic research on innovative approaches to enhancing computer security, including research into identity theft, crimes against children, and organized crime. Under the measure, the government would establish a task force of academic and industry experts to explore mechanisms for carrying out collaborative cybersecurity activities.
TRANSPORTATION. A bill (H.R. 3173) that would alter the application and distribution process for the Transportation Worker Identification Credential (TWIC) has been approved by the House. The bill is now pending in the Senate Commerce, Science, and Transportation Committee. Currently, transportation workers must make at least two trips to a TWIC enrollment center every five years to apply for and then pick up and activate their cards. Sometimes workers travel hundreds of miles to the nearest enrollment center.
Under H.R. 3173, the Department of Homeland Security (DHS) would be required to revise the application process to require that transportation workers make only one trip to an enrollment center to obtain their cards.
COURTHOUSE SECURITY. A bill (S. 2076) that would upgrade security equipment in state and local courthouses has been approved by the Senate Judiciary Committee. The Senate has not announced whether it will take up the bill.
S. 2076 would allow state and local governments to use money from various federal grant programs to improve security at courthouses. The bill would also direct the government to ensure that state and local jurisdictions can request any extra security equipment purchased by the government before that equipment is given to other organizations. Such equipment would include metal detectors, wands, and baggage screening devices. The bill would stipulate that priority would be given to courthouses that have no security equipment.
WHISTLEBLOWERS. A bill (S. 241) that would expand protections for whistleblowers reporting misuse of federal funds has been approved by the House Homeland Security and Governmental Affairs Committee. The bill would apply to employees working for companies that receive federal funds, including those that have government contracts or receive grants or payments from the government.
S. 241 would protect those employees who are discharged, demoted, or discriminated against because they reported or participated in reporting a misuse of federal funds. The misuse need not be fraud. Whistleblowers could report gross mismanagement of a contract or grant; waste; activity that is a danger to public health or safety; an abuse of authority; or a violation of laws, rules, or regulations.
The bill would provide whistleblowers with compensatory damages and reinstatement if deemed appropriate by the Investigator General.
AIRLINE SECURITY. Two bills, H.R. 4068 and S. 2044, introduced respectively by Rep. Mike D. Rogers (R-AL) and Sen. Susan Collins (R-ME) would require the government to study the health effects posed by the use of backscatter x-ray machines at airline checkpoints.
The bills, which are identical, would require the Department of Homeland Security to commission the independent study. Also, the bills would require the Transportation Security Administration to place large, legible signs or electronic displays at the front of checkpoints where backscatter devices are used. These signs must inform passengers that they may request alternative screening methods in lieu of the backscatter machines.
H.R. 4068 has three cosponsors and has been referred to the House Homeland Security Committee’s Subcommittee on Transportation Security. S. 2044 has five cosponsors and has been referred to the Senate Committee on Commerce, Science, and Transportation.
SOCIAL MEDIA. A bill (S.B. 1349) currently pending in the California Senate would prohibit employers and educational institutions from requiring or requesting that employees or students give to those authorities the passwords to their social media sites or provide access to their accounts.
This column should not be construed as legal or legislative advice.