In re Boucher

In re Boucher (case citation: No. 2:06-mJ-91, 2009 WL 424718), is a federal criminal case in Vermont, which was the first to directly address the question of whether investigators can compel a suspect to reveal their encryption passphrase or password, despite the U.S. Constitution's Fifth Amendment protection against self-incrimination. A magistrate judge held that producing the passphrase would constitute self-incrimination. In its submission on appeal to the District Court, the Government stated that it does not seek the password for the encrypted hard drive, but only sought to force Boucher to produce the contents of his encrypted hard drive in an unencrypted format by opening the drive before the grand jury. A District Court judge agreed with the government, holding that, given Boucher's initial cooperation in showing some of the content of his computer to border agents, producing the complete contents would not constitute self-incrimination.

In late 2009, Boucher finally gave up his password and investigators found numerous images and videos depicting sexual abuse of children. In January 2010, Boucher was sentenced to 3 years in prison and deported.

Facts
On 17 December 2006, the laptop computer of defendant Sebastien D. Boucher (born in 1977) was inspected when he crossed the border from Canada into the United States at Derby Line, Vermont. The laptop was powered-up when the border was crossed, which allowed its contents to be browsed. Images containing child pornography were allegedly seen by Immigration and Customs Enforcement (ICE) border agents who seized the laptop, questioned Boucher and then arrested him on a complaint charging him with transportation of child pornography in violation of 18 U.S.C. 2252A(a)(1). The laptop was subsequently powered-down. When the laptop was switched on and booted on 29 December 2006, it was not possible to access its entire storage capability. This was because the laptop had been protected by PGP Disk encryption. As a result, investigators working for the US government were unable to view the contents of drive "Z:", which allegedly contained the illegal content. A grand jury then subpoenaed the defendant to provide the password to the encryption key protecting the data.

Decision of the United States District Court
On November 29, 2007, U.S. Magistrate Judge Jerome Niedermeier of the United States District Court for the District of Vermont stated "Compelling Boucher to enter the password forces him to produce evidence that could be used to incriminate him." Accordingly, Niedermeier quashed the subpoena.

On January 2, 2008, the United States appealed the magistrate's opinion to the District Court in a sealed motion (court docket, case #: 2:06-mJ-00091-wks-jjn-1). The appeal was heard by U.S. District Judge William K. Sessions. Oral arguments were scheduled for April 30, 2008.

On February 19, 2009, Judge Sessions reversed the magistrate's ruling and directed Boucher "to provide an unencrypted version of the Z drive viewed by the ICE agent."

"Boucher accessed the Z drive of his laptop at the ICE agent's request. The ICE agent viewed the contents of some of the Z drive's files, and ascertained that they may consist of images or videos of child pornography. The Government thus knows of the existence and location of the Z drive and its files. Again providing access to the unencrypted Z drive 'adds little or nothing to the sum total of the Government's information about the existence and location of files that may contain incriminating information. Fisher, 425 U.S. at 411. Boucher's act of producing an unencrypted version of the Z drive likewise is not necessary to authenticate it. He has already admitted to possession of the computer, and provided the Government with access to the Z drive. The Government has submitted that it can link Boucher with the files on his computer without making use of his production of an unencrypted version of the Z drive, and that it will not use his act of production as evidence of authentication."