CNET también está disponible en español.

Ir a español

Don't show this again

Tech Industry

DOJ: No comment on forcing encryption passphrases

A recent federal judge rejected the Department of Justice's request to force a defendant to cough up his PGP passphrase. We were unsuccessful in getting the agency to elaborate.

The U.S. Department of Justice won't say when it believes an American citizen should be forced to divulge his or her PGP passphrase.

We've been trying for the last two days to get the DOJ to answer this question, which became an important one after last week's news about a judge ruling a criminal defendant can't be forced to divulge his passphrase on Fifth Amendment grounds.

The Fifth Amendment, of course, protects the right to avoid self-incrimination.

In the case of U.S. v. Sebastien Boucher, federal prosecutors think that the defendant has child pornography encrypted with PGP (Pretty Good Privacy) on his Alienware laptop. They sent him a grand jury subpoena demanding the passphrase--which is what a judge rejected on Fifth Amendment grounds.

"I won't be able to provide anyone for an interview," said DOJ spokesman Jaclyn Lesch. "The point you raise is one that we would want to address in court. I hope you understand."

We had asked the DOJ this: "In the DOJ's view, under what circumstances can a person be legally compelled to turn over an encryption passphrase?"

In one view, which prosecutors tend to share, a passphrase is like a document or key that must be forcibly turned over. The civil libertarian view treats a passphrase as the contents of someone's mind, which a defendant cannot be compelled to divulge.

The distinctions between these views are important to Americans' privacy rights and law enforcement needs. Unfortunately, we'll have to wait for future legal filings to find out what our public servants actually think.'s Anne Broache contributed to this report