Judge Orders Capitol Rioter to Unlock Laptop
Guy Reffitt traveled from his home in Wylie, Texas, to Washington, D.C., with an AR-15 rifle and a Smith & Wesson .40 caliber handgun, to participate in the riot and obstruction of Congress that occurred at the U.S. Capitol on January 6, 2021. He wore a helmet equipped with a Kodak camera, similar in style to a GoPro, as he went from the ellipse outside the White House to the U.S. Capitol. When Reffit got home from his sojourn to the nation’s capital, he used his laptop computer to show family members the video he took.
In a later interview, Reffitt denied having taken any video at the capitol (except for one second). When the FBI seized the helmet and camera (after Reffit’s arrest) a forensic examination of the SD card in the camera showed that three video files had been on the SD card but had been deleted on January 9, 2021. Believing that these deleted videos might have been transferred from the camera to a laptop, the government sought to examine that laptop, but it was encrypted with fingerprint, facial and PIN protection. After unsuccessfully attempting to guess the PIN, the Department of Justice turned to the court to attempt to obtain an order, under what is called the All Writs Act, compelling Reffit to deliver to the government an unencrypted laptop—essentially an order compelling Reffit to give the government the finger. In the biometric sense, of course.
Putting on the Writs
The All Writs Act, written in 1789 by the first Congress, never contemplated biometric unlocking of a Microsoft Surface Pro laptop, of course. It’s the same statute the government attempted to use to compel Apple to write code bypassing its own security protocols and give the government access to the iPhone of Syed Rizwan Farook, the San Bernardino shooter. The Act is very short and simple. It states that courts “may issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law.” Essentially it’s treated as a “catchall” provision to permit courts to issue writs (orders) in furtherance of their jurisdiction. Want to order someone to give a blood sample? All Writs Act. Appear in a lineup? The 18th Century law applies.
Take the Fifth
The Government sought to compel Reffitt to deliver an unencrypted laptop. But this apparently “neutral” demand actually masks what the government really wanted Reffitt to do. They wanted Reffitt to take some act to convert the encrypted device into an unencrypted one. The Fifth Amendment provides that, in criminal cases, no person shall be compelled to be a witness (to testify) against themselves. If what the government sought to compel Reffitt to do was “testimonial,” then it either could not compel the act, or it would have to grant Reffitt what is called “use and derivative use” immunity for whatever was compelled. It’s not as bad (for the government) as it sounds. The government could still use the contents of the laptop and anything derived from the contents against Reffit or anyone else, it just could not use the fact that Reffit decrypted the tablet as evidence or proof that he, for example, owned it, that he had control over it or that he locked it. They could, of course, prove all of those facts through other means.
But what, exactly, did the government want Reffit to do?
Key, Face, Finger, Password
As we all remember from the CISSP exam, multi-factor authentication includes an assortment of factors that include (1) something you are (biometric), (2) something you have (token) and (3) something you know. From a technical standpoint, each of these factors has different strengths and weaknesses, and it is the combination of them that provides a modicum of security. From a legal perspective, however, they each have different legal consequences. A token (key) is just a thing—a thing which can be subpoenaed, seized and used. It impinges no “testimony” itself, although again, the act of producing the “key” admits control over the thing that is locked. A biometric involves compelling the target to do something—put their face near the camera, a finger on a reader, a retinal scan, etc. Again, it has a testimonial component to it, but it’s not “testimony” under the Fifth Amendment. A password, however, is perceived by courts to be “testimonial,” and at least one federal appellate court has found this to be true. You are required to say (or type) something. The subject is in a dark room with a single overhead light swinging slowly as the FBI agent (bad cop) slams his palms on the metal table and says, “All right, listen up—I need to know your P455w0rd!” It just feels like testimony in a way that a key or a fingerprint does not. So, courts are more likely to find a Fifth Amendment issue with compelling someone to give up a password. (“Tell me where the body is buried,” or “Where’s the stolen plutonium?”). Courts don’t like that, and several have held that a person can’t be compelled to give up a password. (“The Court quashes the subpoena requiring Defendant to testify — giving up his password — thereby protecting his invocation of his Fifth Amendment privilege against compelled self-incrimination.”); (“The state here seeks to force the minor to produce the passcode and iTunes password for an iPhone. To do so would be to compel testimonial communications in violation of the minor’s invocation of his Fifth Amendment rights.”) In one particularly egregious case, an Illinois court issued a search warrant authorizing the seizure of evidence including cell phones, and “the government [sought] the authority to compel any individual who is present at the subject premises at the time of the search to provide his fingerprints and/or thumbprints” onto the touch ID sensor of any Apple iPhone, iPad, or other Apple brand device in order to gain access to the contents of any such device.” The court declined to issue such a blanket decryption order. Remember though, even if the act of unlocking is testimonial, it does not mean that, under the Fifth Amendment, it can’t be compelled. It’s just that the government can’t use the act of unlocking to supply a “link in the chain” of prosecution.
Foregone Conclusion
Ordinarily, in order to force someone to testify, the government has to grant them immunity from the use of their testimony—or testimonial act. An exception exists where the thing admitted—for example, ownership or control over the tablet computer—is a “foregone conclusion.” If there is overwhelming evidence of ownership or control, then a court can conclude that immunity is not necessary, as the tiny bit of extra evidence obtained as a result of the compelled decryption doesn’t alter the balance all that much. In fact, this is what the government relied on in its petition to compel Reffitt to unlock his laptop.
The Result
On July 21, 2021, United States District Judge Dabney Friedrich agreed with prosecutors that Reffit could be compelled to unlock his Surface Pro, and ordered him to do so. The prosecutors relied on a number of previous cases in which courts had ordered individuals to unlock computers, cell phones or other devices. For example, in United States v. Apple MacPro Computer, a child pornography case, the court ordered the owner of seized laptop computers to decrypt the seized devices, using the All Writs Act. Similarly, in another child pornography case, United States v. Spencer, the federal court ordered the defendant to decrypt his computer after the government showed the court that it could prove ownership and control through other means. The same result was obtained in United States v. Fricosu where a Colorado federal court explained its rationale for using the All Writs Act to compel someone to decrypt a drive encrypted with PGP.
The law on decryption of devices and the Fifth Amendment is in a state of flux, and mostly looks at whether the act of decryption admits something that the government needs to prove, or whether, under the circumstances of the case, is merely a “foregone conclusion.” For Mr. Reffitt, the fact that the computer—which was found together with a computer festooned with an “American Sniper: One Shot, One Kill” sticker on the outside; a Confederate battle flag and American flag stickers near the keyboard, belonged to him was, in the opinion of the court, a foregone conclusion.
