With appeals ruling, the United States has effectively outlawed file encryption

Posted on Mar 21, 2017 by Rick Falkvinge
Share Tweet

An appeals court has denied the appeal of a person who is jailed indefinitely for refusing to decrypt files. The man has not been charged with anything, but was ordered to hand over the unencrypted contents on police assertion of what the contents were. When this can result in lifetime imprisonment under “contempt of court”, the United States has effectively outlawed file-level encryption – without even going through Congress.

Yesterday, a US Appeals Court ruled against the person now detained for almost 18 months for refusing to decrypt a hard drive. The man has not been charged with anything, but authorities assert that the drive contains child pornography, and they want to charge him for it. As this is a toxic subject that easily spins off into threads of its own, for the sake of argument here and for sticking to the 10,000-foot principles, let’s say the authorities instead claim there are documents showing tax evasion on the drive. The principles would be the same.

Authorities are justifying the continued detention of this person – this uncharged person – with two arguments that are seemingly contradictory: First, they say they already know in detail what documents are on the drive, so the person’s guilt is a “foregone conclusion”, and second, they refuse to charge him until they have said documents decrypted. This does not make sense: either they have enough evidence to charge, in which case they should, or they don’t have enough evidence, in which case there’s also not enough evidence to claim with this kind of certainty there are illegal documents on the drive.

In any case, this loss in the Appeals Court effectively means that file- and volume-level encryption is now illegal in the United States.

Without going through Congress, without public debate, without anything, the fuzzy “contempt of court” has been used to outlaw encryption of files. When authorities can jail you indefinitely – indefinitely! – for encrypting files out of their reach, the net effect of this is that file level encryption has been outlawed. (Encryption of transmissions, like with a VPN, has never been threatened this way – transmissions are transient in nature and therefore can’t be seized.)

So were there illegal documents on the drive? We don’t know. That’s the whole point. But we do know that you can be sent to prison on a mere assertion of what’s on your drive, without even a charge – effectively for life, even worse than the UK law which will jail you for up to five years for refusing to decrypt and which at least has some semblance of due process.

The point here isn’t that the man “was probably a monster”. The point is that the authorities claimed that there was something on his encrypted drive, and used that assertion as justification to send him to prison for life (unless he complies), with no charges filed. There’s absolutely nothing saying the same US authorities won’t claim the same thing about your drive tomorrow. Falsely, most likely. The point is that, with this ruling, it doesn’t matter.

Privacy remains your own responsibility.

About Rick Falkvinge

Rick is Head of Privacy at Private Internet Access. He is also the founder of the first Pirate Party and is a political evangelist, traveling around Europe and the world to talk and write about ideas of a sensible information policy. Additionally, he has a tech entrepreneur background and loves good whisky and fast motorcycles.

VPN Service

Comments are closed.


  1. d0x360

    Blame users fast clicking. Too lazy to change a single basic setting during setup…That’s users.

    Also to call it a keylogger? It’s not and never was, nor was it active during any secure communications in windows or any programs.

    As for the USB bug, that effects anything that uses a USB keyboard hooked up to it. From your phone to your Unix server. If it’s USB it’s exploitable but unless you are the under some serious government surveillance…I wouldn’t worry.

    Way to fear monger some more about win10

    3 years ago
    1. Falkvinge

      This would appear to be a comment to something else?

      3 years ago
      1. d0x360


        It was on another story entirely and after I posted it I got replies and they were all on the right page. Oddly the author of the article I actually commented on changed twice between replies as well.

        3 years ago
    2. Patrick

      option didn’t show up in my windows 10 upgrade process from 8.1

      3 years ago
  2. Erinnanto

    Awesome post…

    3 years ago
  3. Mercenary_Soldier

    Here’s where it gets crazy: the American public aren’t going to care. Nor will they ever (until it is too late). It seems the fat, apathetic Americans will never put pressure on their government to protect their rights so long as they can buy a 12 piece bucket of KFC that fits in the cup holders of their cars.

    No, that would require the fat, lazy Americans to get off their greasy rears and do something besides watching TV. Unfortunate, Americanism will be the destruction of free society.

    3 years ago
    1. Sal KNightRO

      nt America is the third most productive country in the world in terms of worker with hours.

      3 years ago
  4. Jakub

    The crazy thing is… let’s say you have a file with random content on your computer – it is not a encrypted file! just a random bits or maybe a corrupted file. Authorities claim that this file is encrypted with truecrypt or veracrypt and it has child pornography or documents showing tax evasion. You refuse to decrypt the file or you tell them that this is not an encrypted file or you don’t remember the password. By doing so the government can imprison someone indefinitely.

    you can also do a prank on your enemies by placing a encrypted file (or random bits) called MyVeraCrypt.encrypted on their computer, call the police and say that you know they have child pornography or documents showing tax evasion in a file called MyVeraCrypt.encrypted.

    Thats it! you just put someone in prison for life!

    3 years ago
    1. Sal KNightRO

      Ok ok ok i have the solution to this dillema – I think there should be a totally separate department who is neutral(probably foreign) who can fly over to the US and he gets to see the decrypted files alone and only looks for stuff like child pornography and he doesn’t tell anyone what else is in it(even murder unless torture is involved or a missing person case is involved). I mean I guess there could be a private organization in the US who can also provide this service. Then jailing someone for not decrypting makes sense.

      Now the “what if someone planted a encrypted file”. I mean what’s the point of doing that? Why not just plant child pornography if you can do that. So I think I technically solved the framing dillema cuz there is no motive of planting a encrypted file so the argument that someone planted it won’t hold up in court.

      Now the random corrupt file that happens to be in your PC that you claim is a corrupt file or you’ve lost the password. Well don’t lose passwords. I guess the only solution is that you make it illegal to lose your passwords.

      Ok NVM. The only solution I see is having encryption softwares​ that are made by private companies that will be legal but the companies have a special AI program(that the company can’t even control) that has your key and scans for child pornography. Everything else should be illegal and you should install proper antivirus software(maybe comes with the encryption software to get rid of those corrupt planted encrypted files. Tell me what’s wrong with this.

      3 years ago
      1. Hauken

        Where goes the line then? Then it will be moved to include rape, and further down the line it will be violent crimes, and finally it ends up being for your mobile videos showing you speeding. The one thing that is certain in such things is that there is no such thing as a clear line drawn. There will always be arguments that “when it is allowed for that, then why not also for ……”. Some rights must be absolutes without any exceptions, because the cost of losing those rights are so high that you cannot justify it in the long run.

        3 years ago
        1. Sal KNightRO

          Ok I guess you’re just ok with ppl going to jail for just possessing a encrypted file. I’m just providing a solution. Nothing will be get done if you use the “full privacy no matter what, my way or the highway”.

          3 years ago
    2. Richie73

      It’s even worse than that. Veracrypt/Truecrypt has a hidden volume feature that lets you hide another volume inside of an encrypted volume with a separate pw. The existence of the hidden volume is unprovable unless you open the volume with the correct pw.

      So even if you decrypt your encrypted volume for authorities to prove your innocence, they can always claim that there is a hidden volume that you are not telling them about. If the hidden volume does not exist, then you cannot prove that it does not exist. So you get put away for life with no chance of proving your innocence because you can’t prove non-existence of a hidden volume. That’s the point of the plausible deniability feature of hidden volumes.

      So it’s worse. It’s not just that refusal to cooperate can land you in prison for life. Even full cooperation can.

      3 years ago
  5. thurnun

    Utter absolute ludicrous!!! He needs to be charged or let go. Evidence is the foundation of Law, operating without it inevitably leads to chaos, you don’t sacrifice a person’s way of life based off of a good hunch.

    3 years ago
  6. walt kovacs

    so gone are the rights to remain silent and against self incrimination
    and all the government has to say is that they know its cp and the court takes them at their word?
    this is very scary

    3 years ago