Today, the Pennsylvania Superior Court, the intermediate appellate court in the Keystone State, issued a decision affirming a lower court's approval of a motion to compel a defendant in a criminal case to provide the password for a TrueCrypt encrypted computer. Commonwealth v. Davis, 2017 Pa. Super. LEXIS 968.
A special agent of the attorney general's office received a file from a particular IP address through a peer to peer connection on a file sharing network. The file was found to contain child pornography. The IP address was registered to Comcast, which responded to a court order and identified the subscriber information for the address. The government obtained a search warrant and seized a computer in the defendant's home which was encrypted with TrueCrypt 7.1 aBootloader. The computer won't boot up the OS unless the password is entered. The question presented to the appellate court was whether or not providing the password would violate the appellant's rights under the Fifth Amendment and Article 1, Section 9 of the Pennsylvania constitution. (The Pennsylvania Supreme Court has ruled that Article 1, Section 9 does not provide any greater protections against self-incrimination than the Fifth Amendment to the United States Constitution).
There is an exception to the Fifth Amendment, allowing for productions to not be regarded as testimonial communications when the facts are already known to the government, and . . .
1. the existence of the evidence demanded has been proven;
2. the defendant is in possession of the evidence; and
3. the authenticity of the evidence has been established.
In this case, the appellant's answer to a request by the arresting agents for the password, ("Why would I give that to you?' We both know what's on there. It's only going to hurt me.") was important. Judge Seletyn's opinion states that, "the record reflects that appellant's act of disclosing the password at issue would not communicate facts of a testimonial nature to the Commonwealth beyond that which he has already acknowledged to investigating agents." (Id. at *16). The opinion notes that, "knowledge of the encrypted documents or evidence that it seeks to compel need not be exact. " The court found that the TrueCrypt password would be self-authenticating.
Under the facts in this case, providing a password was not found to be testimony protected by the Fifth Amendment.