Child porn suspect jailed indefinitely for refusing to decrypt hard drives | Ars Technica

A Philadelphia man suspected of possessing child pornography has been in jail for seven months and counting after being found in contempt of a court order demanding that he decrypt two password-protected hard drives.

The suspect, a former Philadelphia Police Department sergeant, has not been charged with any child porn crimes. Instead, he remains indefinitely imprisoned in Philadelphia's Federal Detention Center for refusing to unlock two drives encrypted with Apple's FileVault software in a case that once again highlights the extent to which the authorities are going to crack encrypted devices. The man is to remain jailed "until such time that he fully complies" with the decryption order.

The suspect's attorney, Federal Public Defender Keith Donoghue, urged a federal appeals court on Tuesday to release his client immediately, pending the outcome of appeals. "Not only is he presently being held without charges, but he has never in his life been charged with a crime," Donoghue wrote (PDF) in his brief to the 3rd US Circuit Court of Appeals.

The government successfully cited a 1789 law known as the All Writs Act to compel (PDF) the suspect to decrypt two hard drives it believes contain child pornography. The All Writs Act was the same law the Justice Department asserted in its legal battle with Apple, in which a magistrate ordered the gadget maker to write code to assist the authorities in unlocking the iPhone used by one of two shooters who killed 14 people at a San Bernardino County government building in December. The authorities dropped that case after they paid a reported $1 million for a hack.

Donoghue wrote that his client's "first claim is that the district court lacked subject matter jurisdiction. The claim stems from the government’s apparently unprecedented use of an unusual procedural vehicle to attempt to compel a suspect to give evidence in advance of potential criminal charges. Specifically, the government took resort not to a grand jury, but to a magistrate judge pursuant to the All Writs Act, 28 U.S.C. § 1651."

The defense also claims that "compelling the target of a criminal investigation to recall and divulge an encryption passcode transgresses the Fifth Amendment privilege against self-incrimination."

The Supreme Court has never addressed the compelled decryption issue. But Donoghue says the court came close in 2000 when it said a suspect cannot be forced "to disclose the sequence of numbers that will open a combination lock." A federal appeals court ruled in 2012, however, that a bank-fraud defendant must decrypt her laptop, but the ruling wasn't enforced as the authorities obtained the password elsewhere.

The Electronic Frontier Foundation has weighed in on the suspect's plight, telling the circuit court in a friend-of-the-court brief (PDF) that "compelled decryption is inherently testimonial because it compels a suspect to use the contents of their mind to translate unintelligible evidence into a form that can be used against them. The Fifth Amendment provides an absolute privilege against such self-incriminating compelled decryption."

The authorities have called two witnesses. One was the suspect's sister who claimed she looked at child pornography with her brother at his house. The other was a forensic examiner who testified that it was his "best guess" that child pornography was on the drives," Donoghue wrote. The investigation began in 2015 when Pennsylvania prosecutors were monitoring the online network Freenet and executed a search warrant of the man's home.

Donoghue wrote that investigators had decrypted a Mac Pro using a recovery key discovered on the iPhone 5S the authorities seized from his client's residence. He said no child pornography was found. The authorities want the suspect to decrypt two external drives discovered in the search.