Appeals Court Finds Encrypted Data Beyond Reach of Government Investigators
Client Alert | 1 min read | 02.27.12
In an important decision that could have significant implications for government enforcement, the Eleventh Circuit ruled that a suspect could not be required to decrypt his computer hard drives because it would implicate his Fifth Amendment privilege and amount to the suspect's testifying against himself.
In United States v. Doe, the government seized hard drives that it believed contained child pornography. Some of the hard drives were encrypted, and the suspect refused to decrypt the devices, invoking his Fifth Amendment right against self-incrimination. The Eleventh Circuit held that compelling the suspect to decrypt and produce the drives’ contents “would be tantamount to testimony by Doe of his knowledge of the existence and location of potentially incriminating files; of his possession, control, and access to the encrypted portions of the drives; and of his capability to decrypt the files.” Moreover, the government could not force a suspect to decrypt and produce the information where it could not identify with “reasonable particularity” the existence of certain files, noting that an “act of production can be testimonial when that act conveys some explicit or implicit statement of fact that certain materials exist, are in the subpoenaed individual’s possession or control, or are authentic.” The court also rejected the government’s attempt to immunize production of the drives’ contents because the government acknowledged that “it would use the contents of the unencrypted drives against” the suspect.
This decision appears to limit government investigators’ ability to compel an individual to reveal the contents of devices encrypted with passwords or codes in a criminal investigation based only on government speculation as to what data may be contained in certain files. Although a corporation or partnership does not enjoy Fifth Amendment protection, individuals and sole proprietorships do, and this decision could have a significant impact on small businesses and individuals who work in highly regulated industries including health care, government contracting, energy, chemicals, and others that may face government scrutiny.
Insights
Client Alert | 7 min read | 12.17.25
After hosting a series of workshops and issuing multiple rounds of materials, including enforcement notices, checklists, templates, and other guidance, the California Air Resources Board (CARB) has proposed regulations to implement the Climate Corporate Data Accountability Act (SB 253) and the Climate-Related Financial Risk Act (SB 261) (both as amended by SB 219), which require large U.S.-based businesses operating in California to disclose greenhouse gas (GHG) emissions and climate-related risks. CARB also published a Notice of Public Hearing and an Initial Statement of Reasons along with the proposed regulations. While CARB’s final rules were statutorily required to be promulgated by July 1, 2025, these are still just proposals. CARB’s proposed rules largely track earlier guidance regarding how CARB intends to define compliance obligations, exemptions, and key deadlines, and establish fee programs to fund regulatory operations.
Client Alert | 1 min read | 12.17.25
Client Alert | 2 min read | 12.16.25
Client Alert | 11 min read | 12.15.25
New York LLC Transparency Act: Key Requirements and Deadlines
