When Uncle Sam Can Demand You Decrypt Laptop

Colorado woman argued that surrendering her full-disk encryption password would violate her Fifth Amendment right against self-incrimination, but a judge disagreed.

Mathew J. Schwartz, Contributor

January 24, 2012

4 Min Read

A judge has ruled that a Colorado woman accused by federal authorities of real estate fraud must surrender a copy of her laptop's hard drive to prosecutors, even though the drive is protected with full-disk encryption software.

The ruling by U.S. District Court Judge Robert Blackburn came Monday after the woman, Ramona Fricosu (aka Ramona Smith), had argued that being forced to produce the password would have violated her right against self-incrimination under the Fifth Amendment.

FBI agents had seized three desktops and three laptops during a search of the house where Fricosu was living with her mother and two children. Only one of the computers, a Toshiba Satellite M305 laptop, was protected by full-disk encryption, and agents couldn't access its contents. Accordingly, prosecutors sought a warrant to search the computer, based on evidence that Fricosu owned it. Notably, agents found the laptop in her bedroom. Furthermore, the FBI agent who studied the computer said that the encryption screen identified the laptop as "RS.WORKGROUP.Ramona," and noted that the latter part of the name would have been selected by the operating system by default, based on information that had been used to configure the PC.

[ A state-of-the-art security system won't much matter if a hacker gets a hold of an employee's password. Read 9 Password Security Policies For SMBs. ]

Prosecutors also produced a telephone conversation recorded between Fricosu and her co-defendant and ex-husband, Scott Whatcott, who at the time of the search was incarcerated on state charges at the Four Mile Correctional Center in Colorado. Discussing the laptop the day after the search of the house, Fricosu told Whatcott, "So um, in a way I want them to find it ... in a way I don't just for the hell of it."

Asked, "It was on your laptop?" by Whatcott, Fricosu replied, "Yes." Later, she said, "My lawyer said I'm not obligated by law to give them any passwords or anything they need to figure things out for themselves."

In his judgment, Blackburn referenced that conversation as proof that the laptop belonged to Fricosu. He also referenced case law, including a case in which a man was stopped while crossing the border from Canada into the United States. A border agent opened the man's laptop, and without having to enter a password, was able to find thousands of images that appeared to be adult pornography, as well as some child pornography. The defendant told a border agent that he sometimes downloaded child pornography from newsgroups by mistake, at which point he would immediately delete it, and showed the agent where it was stored on his computer.

The man was arrested, but when agents went to study the computer further, they found that it was password-protected. A grand jury issued a subpoena demanding that the man furnish the password, but he protested that it would violate his Fifth Amendment right against self-incrimination. A judge concurred. In response, the grand jury revised its request, and required the defendant to produce not a password, but a complete unencrypted copy of the drive partition on which the pornography had been stored. A court upheld that request, noting that "where the existence and location of the documents are known to the government, no constitutional rights are touched, because these matters are a foregone conclusion."

Fricosu had previously filed a motion seeking the return of the seized hard drive. Blackburn upheld that motion, and ordered the government to give Fricosu a copy of her hard drive by February 6, 2012. But he also ordered Fricosu to then supply the government with an unencrypted copy of the drive by February 21, 2012.

Those orders aside, might FBI agents have been able to defeat the full-disk encryption and access files on Fricosu's laptop without a password? According to security experts, it's possible, but not likely. If a full-disk encryption user employs a sufficiently strong key and passphrase, then brute-force techniques could be used to try and hack the encryption, but even with enormous processing power, it would be a longshot.

The right forensic tools in the right hands are just a start. The new Digital Detectives issue of Dark Reading shows you how to better apply the lessons they teach. (Free registration required.)

About the Author(s)

Mathew J. Schwartz


Mathew Schwartz served as the InformationWeek information security reporter from 2010 until mid-2014.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights