Typically when a court finds someone to be in contempt, that person is remanded to jail. It is unusual for such detention to last for long periods of time. However, the case of Francis Rawls is drawing attention for two reasons: 1) his civil contempt detention is now going on two years and 2) the reason for his civil contempt is for failure to produce passwords in order to unlock devices he had owned but which now the government has seized pursuant to a lawful search warrant.

Background:

Francis Rawls is a fired Philadelphia Police Officer who is the subject a a child pornography investigation. About two years ago law enforcement executed a search warrant at Rawls’ home. The validity of the search warrant has never been questioned and based on all accounts the actual search and execution of the search warrant was legal and valid.

Law enforcement found and seized (consistent with the search warrant) several electronic devices. All the devices had some level of encryption / protection[1]. Rawls did provide the password for the iPhone 5s but refused to provide passwords for the seized Macbook Pro, an iPhone 6 and external hard drives[1]. Law enforcement managed, on their own, to get access to the Macbook Pro but the external hard drives remained locked [1].

However, analysis of the encrypted content relieved hashes[3] known to be associated with child pornography.

The judge in the case ordered Rawls to provide the passwords to the inaccessible devices and when Rawls failed to do so he was found to be in contempt of court and remanded to the custody of the US Marshals where he has been confined for about two years[2].

Rawls has appealed his detention and on March 20th 2017 the 3rd Circuit Court of Appeals ruled against Rawls [1].

Legal Break Down

Rawls appealed his detention on two grounds 1) the district court lacked jurisdiction to hold him in contempt 2) providing the password(s) would violate his Fifth Amendment right against self incrimination.

The appeals court ruled against Rawls on both claims. The Fifth Amendment reasoning is very interesting and this paragraph from the court’s opinion seems to set the tone for their reasoning:

The Fifth Amendment states that “[n]o person…shall be compelled in any criminal case to be a witness against himself.” U.S. CONST . amend. V. The Fifth Amendment, however, “does not independently proscribe the compelled production of every sort of incriminating evidence but applies only when the accused is compelled to make a Testimonial Communication that is incriminating.” Fisher v. United States, 425 U.S. 391, 408 (1976). To be testimonial, a communication must either “explicitly or implicitly . . . relate a factual assertion or disclose information.” Doe v. United States, 487 U.S. 201, 210 (1988).

A major “hinge” on which this entire opinion seems to swing is there being a distinction between producing information to the government which is not knowable (thus self incriminating) and producing information which existence is a “forgone conclusion”:

…[T]he Court also articulated the “foregone conclusion” rule, which acts as an exception to the otherwise applicable act-of-production doctrine. Fisher, 425 U.S. at 411. Under this rule, the Fifth Amendment does not protect an act of production when any potentially testimonial component of the act of production—such as the existence, custody, and authenticity of evidence—is a “foregone conclusion” that “adds little or nothing to the sum total of the Government’s information.” Id. For the rule to apply, the Government must be able to “describe with reasonable particularity” the documents or evidence it seeks to compel. Hubbell, 530 U.S. at 30.

Since the government had the hard drive which clearly contained encrypted information they knew the device existed and they knew records existed. More specifically they knew records existed on said drive which matched hashes[3] known to be child pornography. Thus the court determined their being incriminating evidence on Rawls’ encrypted hard drives was a “foregone conclusion” and thus not subject to fifth amendment protection.

…but, but I forgot the password?

There is another issue: Rawls’ did claim he forgot the password (but not till late into this process) and because he forgot the password his detention was illegal as he can’t possibly comply.

So, too, does Doe’s challenge to the contempt order. At the hearing on the contempt motion, Doe maintained that he could not remember the passwords to decrypt the hard drives[1].

In civil contempt cases the person subject to a court order has the burden of proof to prove compliance is impossible[4]. Consistent with this standard the appeals court determined Rawls had not proven he forgot the password. The court cited evidence and testimony that showed:

  • Family having seen Rawls entering the password from memory [1]
  • “[A] detective who executed the original search warrant stated that [Rawls] did not provide his password at the time because he wanted to prevent the police from accessing his computer..” [1]
  • “[Rawls] never asserted an inability to remember the passwords at that time [of seizure].” [1]

InfoSec Take Away:

Regardless of the opinions you may have on this case there are some takeaways from this case that should alarm or at least get the attention of anyone who values privacy and information security.

Encryption is not foolproof:

Encryption may protect data specifics but because hash values are unique to the data which is hashed if law enforcement knows what a hash value corresponds to then your encryption is irrelevant.

You can be compelled to give up passwords:

You can be detained for what would seem an almost indefinite time for failure to provide your passwords.

The quicker you forget your passwords perhaps the better:

Detention becomes more likely when a person does not assert they “forgot” their passwords almost immediately. In the Rawls case he apparently denied access because he “didn’t want to help” but never claimed he had “forgot” the password. It was not until much later that he claimed have forgot.  Since Rawls has the burden of proof it becomes very hard to prove what one knows and doesn’t know.

 

This case has been appealed to the Supreme Court.

 

References:

[1] UNITED STATES OF AMERICA v. APPLE MACPRO COMPUTER, APPLE MAC MINI COMPUTER, APPLE I PHONE 6 PLUS, ELLULAR TELEPHONE WESTERN DIGITAL MY BOOK FOR MAC EXTERNAL HARD DRIVE, Western Digital My Book Velociraptor Duo External Hard Drive

[2] Court Supplement Order Holding Rawls in Contempt.

[3] A “hash” is “[a] mathematical algorithm that calculates a unique value for a given set of data, similar to a digital fingerprint, representing the binary content of the data to assist in subsequently ensuring that data has not been modified.” The Sedona Conference Glossary for E-Discovery and Digital Information Management 21 (Cheryl B. Harris, et al. eds., 4th ed. 2014).

[4] United States v. Rylander, 460 U.S. 752, 757 (1983)