Via Volokh, Vermont Magistrate Judge Jerome Niedermeier (no relation to Douglas) has issued the first ruling to quash the government’s subpoena for a defendant to disclose (or just input) his password to give access to encrypted computer files in In re Boucher.

The facts of the case are a little quirky, making it risky that the decision will be approved by the District Court Judge.  The defendant was entering from Canada when, during a border search, agents suspected he had kiddie porn on his computer.  How they could have suspected this is unknown, so we have to put that aside.  The agent booted up the computer and searched file names, finding “40,000 images, some of which appeared to be pornographic based on the names of the files.”

Aside:  Let’s understand that we have this thing called the internet, which allows computer users across the United States to access the lowest, most disgusting garbage possible from anywhere in the world.  But we use our border agents to make sure that no one can enter the country with a computer that contains porn, lest they threaten the moral fiber of America?  Okay.  Got it.

So the agent tries to access the files, with names like “2yo getting raped during diaper change,” but he can’t open the image.  This, apparently, is what the defendant, Boucher, thinks is a cool name for a file.  But the agent places the defendant in custody, Mirandizes him, and Boucher agrees to open the files for the agent. 

Aside:  Is it possible that this is a Darwinian imperative that Boucher fulfill his sexual needs by computer, thus presenting the possibility that he not further pollute the human gene pool by procreating?  Note that while the legal issue involved is important, Boucher (and his ilk) do not reflect what I personally consider admirable traits in humanity.  Sorry for these asides, but this is why I don’t generally represent people interested in kiddie porn.  But don’t let me influence you.

Cut to the prosecution, where the government takes a mirror image of the hard drive and tries to access this cornucopia of pornography, only to find that they can’t because it’s password protected.  I know nothing about password protection, but I take it that it’s sufficiently well done (or they are sufficiently incompetent) that they can’t break the code.  So, they do what government’s do best (aside from curious searches):  Subpoena.

The defense moves to quash based on the 5th Amendment privilege, due to the act of production piece of the privilege.  This is the “admission” that he possesses the password, which necessarily goes hand in hand with his either providing it in accordance with the subpoena or (offered as an alternative by the government) accessing it for them without their learning the code. 

The Judge rejected the government’s argument that accessing the files was not testimonial, and hence the privilege didn’t apply.  The comparison is a keyed safe versus a combination safe.  The key is non-testimonial since it doesn’t involve something in the defendant’s mind.  The combo is, and does.  The Judge similarly rejected the “forgone conclusion” doctrine, since there are many files that the agent didn’t observe, even though there are some that he did.  Since the password is “pure testimonial production,” forcing Boucher to disclose it would incriminate him.

This part of the decision, one of first impression, is big and tells us how to address anything on a computer that you don’t want the government to see.  Considering that computer crimes are, by far, the fastest growing area of criminal prosecutions, this ruling provides a key consideration for the privacy of whatever we put on a hard drive, even if it is the product of a demented soul.

The downside of this decision is fact specific, because Boucher, after waiving privilege, opened files for the agent.  This detail undermines the entire act of production privilege, since he already incriminated himself by showing that he has the knowledge to access the files.  A second downside is that it’s a decision of a Magistrate Judge, which has no precedential value.  But decisions have to start somewhere.

The good news is that the Boucher decision provides a framework to protection of personal privacy on personal computers.  Hopefully, the rule will be endorsed and upheld, even if the fact specific problems result in a reversal of the order quashing the subpoena.  That would be a big win for privacy in an age when there’s little of it left.