The Sixth Circuit just ruled in Warshak v. United States LINKthat the goverment cannot use a court order (subpoena) to obtain a person's e-mails from the person's ISP (more than 180 days old) without first providing that person with notice and a hearing. The court essentially found that the portion of the statue that permitted the government to obtain the e-mails without first notifying the person and giving him or a chance to object based on anything less than a search warrant based on probable cause violated violated the Fourth Amendment. The court granted Warshak an injunction barring the government from obtaining e-mails by subpoena in the future without providing notice and a hearing to Warshak.

I wonder what the Fifth Circuit will do?

Janette A

If they are smart, probably the same thing. Emails are no different than regular snail mails. And you certainly wouldn't let the Govt. get your paper letters -- without notice or an opportunity to be heard, on anything less than a search warrant.

In a civil suit, when a SDT is issued to a non-party witness, the party can file a motion for protective order and the like. Here Warshak was denied the opportunity to do so based on the misconduct of the Govt. in failing to properly notice him of the seizure, as required by statute. But that did not matter so much as the fact that the statute itself was found to be, in part, unconstitutional due to the due process and 4th Amendment violations. People that use email have an expectation of privacy, just like they do with snail mail and telephone calls.

Encrypted laptop poses 5th Amendment dilemma


By JOHN CURRAN
Associated Press

BURLINGTON, Vt. � When Sebastien Boucher stopped at the U.S.-Canadian border, agents who inspected his laptop said they found files containing child pornography.

But when they tried to examine the images after his arrest, authorities were stymied by a password-protected encryption program.

Now Boucher is caught in a cyber-age quandary: The government wants him to give up the password, but doing so could violate his Fifth Amendment right against self-incrimination by revealing the contents of the files.

Experts say the case could have broad computer privacy implications for people who cross borders with computers, PDAs and other devices that are subject to inspection.

"It's a very, very interesting and novel question, and the courts have never really dealt with it," said Lee Tien, an attorney with the Electronic Frontier Foundation, a San Francisco-based group focused on civil liberties in the digital world.

For now, the law's on Boucher's side: A federal magistrate here has ruled that forcing Boucher to surrender the password would be unconstitutional.

The case began Dec. 17, 2006, when Boucher and his father were stopped at a Derby Line, Vt., checkpoint as they entered the U.S.

Boucher, a 30-year-old drywall installer in Derry, N.H., waived his Miranda rights and cooperated with agents, telling them he downloads pornography from news groups and sometimes unknowingly acquires images that contain child pornography.

Boucher said he deletes those images when he realizes it, according to an affidavit filed by Immigration and Customs Enforcement.

At the border, he helped an agent access the computer for an initial inspection, which revealed files with names such as "Two year old being raped during diaper change" and "pre teen bondage," according to the affidavit.

Boucher, a Canadian with U.S. residency, was accused of transporting child pornography in interstate or foreign commerce, which carries up to 20 years in prison. He is free on his own recognizance.

The laptop was seized, but when an investigator later tried to access a particular drive, he was thwarted by encryption software from a company called Pretty Good Privacy, or PGP.

A grand jury subpoena to force Boucher to reveal the password was quashed by federal Magistrate Jerome Niedermeier on Nov. 29.

"Producing the password, as if it were a key to a locked container, forces Boucher to produce the contents of his laptop," Niedermeier wrote. "The password is not a physical thing. If Boucher knows the password, it only exists in his mind."

Niedermeier said a Secret Service computer expert testified that the only way to access Boucher's computer without knowing the password would be to use an automated system that guesses passwords, but that process could take years.

The government has appealed the ruling.

Neither defense attorney James Budreau nor Vermont U.S. Attorney Thomas Anderson would discuss the charge.

"This has been the case we've all been expecting," said Michael Froomkin, a professor at the University of Miami School of Law. "As encryption grows, it was inevitable there'd be a case where the government wants someone's keys."

Authorities have encountered such dilemmas before, but have used other methods to learn passwords, including installing surveillance devices that capture keyboard commands. Sometimes investigators have given up before a case reached the courts.

In a 2002 case, the FBI used a keyboard program to obtain gambling records from the computer of Nicodemo Scarfo Jr., the son of a jailed New Jersey mob boss.

In another case, an officer found child pornography on the laptop of a man who flew into Los Angeles International Airport from the Philippines. But a federal judge later suppressed the evidence, ruling that electronic storage devices are extensions of the human memory and should not be opened to inspection without cause.

That case didn't hinge on a password, though.

Orin Kerr, a law professor and computer crime expert at George Washington University, said the distinction that favors the government in Boucher's case is that he initially cooperated and let the agent look at some of the laptop's contents.

"The government can't make you give up your encryption password in most cases. But if you tell them you have a password and that it unlocks that computer, then at that point you no longer have the privilege," he said.

Tien, the attorney with the Electronic Frontier Foundation, said a person's right to keep a password secret is a linchpin of the digital age.

Encryption is "really the only way you can secure information against prying eyes," he said. "If it's too easy to compel people to produce their crypto keys, it's not much of a protection."