Two rulings this week helped to clarify the circumstances under which a defendant can be compelled to reveal the contents of an encrypted hard drive. On Wednesday, the Tenth Circuit Court of Appeals let stand a judge's ruling in a Colorado case that the defendant in a mortgage fraud case could be compelled to produce the contents of her encrypted laptop. But on Thursday, the Eleventh Circuit Court of Appeals overturned a Florida contempt of court charge against a suspect in a child pornography case who refused to decrypt the encrypted contents of several hard drives.

While the two rulings reach opposite results, they don't necessarily contradict each other. The results turned on how much the government knew about the contents of the encrypted drives. In previous cases, the courts have held that when the government already knows of the existence of specific incriminating files, compelling a suspect to produce them does not violate the Fifth Amendment's rule against self-incrimination. On the other hand, if the government merely suspects that an encrypted hard drive contains some incriminating documents, but lacks independent evidence for the existence of specific documents, then the owner of the hard drive is entitled to invoke the Fifth Amendment.

For example, in 2006, a border guard in Vermont examined the contents of a traveler's laptop and found several files that appeared to be child pornography. But when the laptop was closed, the portion of the hard drive containing these files was automatically encrypted, and the government sought to compel the suspect to decrypt the files again. The court ruled that because a government agent had already seen specific incriminating files, compelling the suspect to produce those same files did not violate the Fifth Amendment's privilege against self-incrimination.

In the Colorado case, the police had intercepted a telephone conversation in which the defendant, Ramona Fricosu, acknowledged her ownership of the laptop and alluded to the existence of incriminating documents in the encrypted portions of the hard drive. The government successfully argued that this precluded her from claiming Fifth Amendment protection, since she had already acknowledged the existence of incriminating documents in the case. The Tenth Circuit let that decision stand on Wednesday, though it may consider the issue again later in the process.

In the Florida case, on the other hand, the government lacked any specific evidence about the contents of the encrypted hard drives. A forensic expert acknowledged it was theoretically possible that the drives, which were encrypted using TrueCrypt, could be completely empty. Hence, forcing the suspect to decrypt the drive would be forcing him to reveal whether any relevant documents exist, which would be inherently incriminating.

The government tried to get around this problem by offering the suspect, identified in the court filings only as John Doe, immunity in exchange for producing the documents. However, the immunity the government offered was extremely limited: the government promised not to use the fact that he was able to produce the documents against him, but it reserved the rights to use the contents of the documents against him.

But Doe still refused to decrypt the drives, arguing that he would still be incriminating himself if he helped produce incriminating documents.

"Reasonable particularity"

In its Thursday ruling, the Eleventh Circuit agreed. It pointed to a 2000 Supreme Court case that arose out of the Whitewater investigation. In that case, a Bill Clinton associate named Webster Hubbell was compelled to produce incriminating documents after being granted limited immunity by the government. When the government used evidence from those documents against him, Hubbell appealed, arguing that the immunity he had been granted should have extended to the contents of the documents, not merely to the fact that he had been able to produce them.

The Supreme Court agreed, holding that the government could only compel a suspect to produce documents when it can describe those documents with "reasonable particularity." The government only knew that Hubbell was likely to have relevant tax and business records, it couldn't identify the specific documents it was seeking. And so the Supreme Court held that the government was barred from using the contents of those documents as evidence against him.

The Eleventh Circuit argued that exactly the same reasoning applies to an encrypted hard drive. When the government lacks any specific knowledge about an encrypted hard drive's contents—or, indeed, whether the encrypted drive contains any files at all—then compelling a suspect to produce incriminating documents stored on that hard drive violates the Fifth Amendment's protection against self-incrimination.

As for Fricosu, if she still refuses to decrypt the contents of her hard drive, or claims she has forgotten the hard drive's password, the judge will have the option to hold her in contempt. If he does so, this could lead to another round of appeals in which she could cite the Eleventh Circuit decision as a precedent. However, that decision may not be sufficient to save her, because the government has more specific evidence that the encrypted drive in her case contains incriminating documents.