The Fifth Amendment and Sebastien Boucher: Beyond Knee-Jerk Response

February 27, 2009

In December of 2006, Sebastien Boucher was crossing the US border when he was stopped and his laptop was reviewed by ICE officials.   The laptop was in his backseat and, according to documents, the drive containing the child pornography was accessible without requiring a password.

Mr. Boucher was Mirandized, but waived his rights and continued to talk to the agent.  During this conversation Mr. Boucher told the agent that he sometimes accidentally downloaded child pornography but would then delete the files when he realized what they were.  The agent requested that Mr. Boucher show him where he stored the files that he downloaded and Mr. Boucher directed him to a drive “Z”.

The agent continued to search the laptop and found several more instances of child pornography.  Mr. Boucher was subsequently arrested and the laptop seized (it was shutdown).

Nine days later a forensic bit image was made of the drive and the drive “Z” was found to be encrypted by PGP, and the content unaccessible without the encryption key which, curiously enough, Mr. Boucher has refused to turn over.

In November 2007 Judge Jerome J. Niedermeier granted Sebastien Boucher’s motion to quash the subpoena directing him to turn over his encryption key for the drive, citing his fifth amendment rights.

An appeal was filed and U.S. District Judge William Sessions in Vermont ruled this week that Mr. Boucher does not have a fifth amendment right to keep the files encrypted.

What motivates me most to write about this case is the knee-jerk response that will surely follow by those that only read news releases and not the actual filings in the case.  Both judges have raised some fascinating issues regarding the fifth amendment and this specific case, and both the granting of the motion to quash and the subsequent reversal hinged on specific facts in this case, and NOT a blanket decision as some blogs will have you believe.

Judge Niedermeier weighed issues regarding compulsion to testify (subpoena) and the various components that make up a valid fifth amendment argument. In pondering these points the judge notes:

Both parties agree that the contents of the laptop do not enjoy Fifth Amendment
protection as the contents were voluntarily prepared and are not testimonial. See id. at 409-10 (holding previously created work documents not privileged under the Fifth Amendment). Also, the government concedes that it cannot compel Boucher to disclose the password to the grand jury because the disclosure would be testimonial. The question remains whether entry of the password, giving the government access to drive Z, would be testimonial and therefore privileged.

The state evidently agreed to “not use the production of the password against Boucher.”  In so doing the state felt it would remove the testimonial aspect of entering the password.  Judge Niedermeier rejected this outright, citing United States v. Hubbell, 530 U.S. 27 (2000).

In rejecting further arguments, Judge Niedermeier pointed out that the password was something in Boucher’s mind, and further stated:

This information is unlike a document, to which the foregone conclusion doctrine usually applies, and unlike any physical evidence the government could already know of. It is pure testimonial production rather than physical evidence having testimonial aspects. Compelling Boucher to produce the password compels him to display the contents of his mind to incriminate himself.

In his reversal, Judge Sessions notes that neither side questions the fact that “the contents of the laptop were voluntarily prepared or compiled and are not testimonial, and therefore do not enjoy Fifth Amendment protection.”, but notes that the root of the issue is the production of the password that in effect causes the accused to “‘disclose the contents of his own mind’”.

He also mentions the “compelling” aspect of the subpoena and notes that there are two scenarios under which the act of production in response to a subpoena may communicate incriminating facts:

(1) ‘if the existence and location of the subpoenaed papers are unknown to the government’; or (2) where production would ‘implicitly authenticate’ the documents.” Id. (quoting United States v. Fox, 721 F.2d 32, 36 (2d Cir.1983)).

Drawing from this the judge concludes that because Boucher already let the Government see the drive and the contents (unencrypted) and because the Government does not require Boucher’s production of the unencrypted drive to link him to the files on his computer, then the production is not considered incriminating and so the fifth amendment protection is not valid.

I have to say that without reading the opinions I would assume that because Mr. Boucher was Mirandized, willingly volunteered information regarding the existence and contents of the drive (prior to shutdown and encryption) and willingly allowed a Government agent to browse his drive I would have assumed that he had rung a bell that could not be unrung.

[  Copies of the opinions will be uploaded soon]

1 Comment | Cases, Production | Tagged: , , , , , | Permalink
Posted by inforensics

Adobe Releases Fix for Flash

February 26, 2009

OVERVIEW:
Adobe released a fix for its Flash Player yesterday that mitigates 5 different attack vectors.  Some of the flaws could allow a malicious attacker to take over a compromised system merely by enticing a user to a page with a compromised .swf (Flash) file.

AFFECTED SOFTWARE:
Flash player 10.0.12.36 and earlier for:

Windows, Mac OSX, Linux

USEFUL LINKS:

Adobe Security Bulletin:
http://www.adobe.com/support/security/bulletins/apsb09-01.html

Patch for v. 10
http://www.adobe.com/go/getflashplayer

Patch for v. 9
http://www.adobe.com/go/kb406791

NOTES:

Make sure to patch each browser that you have installed.  You can do this by visiting the patch link each time for each browser.

Leave a Comment » | Inforensics News | Tagged: , , , | Permalink
Posted by inforensics

Microsoft Excel Vulnerability

February 24, 2009

IMPORTANT INFORMATION REGARDING:Microsoft Excel Vulnerability.

OVERVIEW:
It has been reported that a vulnerability existing in Microsoft Excel
is being exploited in the wild.  Exploitation of the vulnerability
involves interaction with Excel spreadsheets specially crafted by
malicious users.  Successful exploitation may allow code execution at
the permissions level of the logged in user, whereas unsuccessful
exploitation may result in a DoS condition.

AFFECTED SOFTWARE:
**UPDATE** MS has confirmed the following versions as vulnerable:

Microsoft Office Excel 2000 Service Pack 3

Microsoft Office Excel 2002 Service Pack 3

Microsoft Office Excel 2003 Service Pack 3

Microsoft Office Excel 2007 Service Pack 1

Microsoft Office Excel Viewer 2003

Microsoft Office Excel Viewer 2003 Service Pack 3

Microsoft Office Excel Viewer

Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1

Microsoft Office 2004 for Mac

Microsoft Office 2008 for Mac

MITIGATION:
No patches or workarounds have been issued for this vulnerability.
Alternative methods of mitigation can include educating end users on
the hazards of interacting with Excel files (or any files) received
from unknown sources.  If Excel files are not a part of day to day
business practices, it may also be possible to block incoming Excel
files at an appropriate firewall and/or mail server. Ensuring user
permissions are set appropriately may also be beneficial.  In the event
of successful exploitation, a user with limited permissions will suffer
less impact than accounts working with full administrator priveledges.

RECOMMENDATION:
Due to the lack of a software fix to this vulnerability, we recommend
alerting end users about the presence of this vulnerability, and taking
any other mitigation steps that are appropriate for your work
environment. We will be keeping a close eye on this situation, and will
send notification once patches/workarounds are available.

REPORTING AGENCIES:

Microsoft:

http://www.microsoft.com/technet/security/advisory/968272.mspx

Information Week:

http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=214502844

Leave a Comment » | Inforensics News | Permalink
Posted by inforensics

Weekly Reading List: Week Ending Feb. 6

February 7, 2009

Snow Crash, Neal Stephenson – This week is a little different: fiction for a change.  The story line is good cyberpunk, but what really stands out in this novel is the concept of “memes“.  Stephenson’s presentation of ideas as social viruses (particularly religion) is incredibly thought provoking, and makes the read worthwhile.

While on the topic of Stephenson, there is a leading quote in his book “Diamond Life” credited to Sir Charles Petrie (the historian) from 1960.  This could have been written yesterday:

Moral reforms and deteriorations are moved by large forces, and they are mostly caused by reactions from the habits of a preceding period.  Backwards and forwards swings the great pendulum, and its alterations are not determined by a few distinguished folk clinging to the end of it.

Sir Charles Petrie, The Victorians (1960)

Leave a Comment » | Reading | Permalink
Posted by inforensics