Brian Klein is a partner at the litigation boutique Baker Marquart LLP and an advisor to BlockSeer, a blockchain analytics company.
The fight over digital privacy and security waged between governments and their citizens and companies is getting more contentious and serious.
A recent development indirectly raises the significant issue of whether the US Constitution’s Fifth Amendment protects people from being forced to disclose their bitcoin private keys to law enforcement.
On 16th February, at the request of US federal prosecutors, a federal court issued an order requiring Apple to unlock an iPhone tied to the recent terrorist attack in San Bernardino, California.
The prosecutors sought this order so that law enforcement can create a "backdoor" allowing them to bypass the iPhone's built-in encryption technology. This order, which Apple plans to challenge, highlights ongoing and serious tensions over digital privacy and security, in particular encryption, and it is therefore likely to have broad implications for bitcoin, which is encryption-based.
To that end, one issue of great importance that the Apple order indirectly raises – it is attenuated from the main legal dispute as discussed below – is how much protection the Fifth Amendment offers a person who wants to keep a bitcoin private key just that, private (ie, not have to provide it to the government).
After all, like an iPhone’s locked screen passcode (or a password-protected laptop or computer file), a bitcoin private key, which is an un-guessable string of numbers and letters, gives the holder of it access to and control of the bitcoins.
As anyone who is familiar with bitcoin knows, you (or a proxy like a wallet service) need your bitcoins' private key or keys to move and use them.
The Fifth Amendment provides people with a number of rights, including the right against self-incrimination.
For all intents and purposes, only a person (not a company like Apple) can assert the right against self-incrimination, and he or she may make such an assertion in both criminal and civil cases.
That said, in seeking the order against Apple for "passcode help," the federal prosecutors' motion relied, in part, on a 2012 federal case from Colorado where the court ordered a defendant to unencrypt a computer that was obtained through a search warrant by using a passcode known only to that defendant.
The court’s ruling in favor of the government was premised on the fact the government knew of the existence and location of the computer’s files it was seeking to decrypt, even though it did not know the specific content of those files.
The federal prosecutors squaring off against Apple, however, ignored a more recent federal case in Pennsylvania decided in late 2015, which is at odds with the Colorado decision. That case, for reasons that will be obvious, strengthens the argument that people can assert the Fifth Amendment in connection with their bitcoin private keys.
In the Pennsylvania case, the SEC sought personal passcodes for smartphones owned by a company that required its employees to keep the passcodes secret.
Unlike the Colorado case, the SEC had no evidence of what was on the smartphones.
The Pennsylvania court denied the SEC’s request, finding the defendants could invoke their Fifth Amendment right against self-incrimination, because the court believed the SEC was seeking the defendants' "personal thought processes...".
There are a small number of other federal cases, all with slightly varied fact patterns, dealing with passcodes and passwords and whether the Fifth Amendment is a barrier to law enforcement learning them.
Overall, they support the notion that the Fifth Amendment shields people from being compelled by the government to disclose their bitcoin private keys. This is because the courts have maintained that the Fifth Amendment prevents the government from forcing individuals to tell the government the passcode to the digital device, which should apply equally to private keys due to their inherent similarities.
Despite all that, in one prominent case, a court ruled that the defendant did not have to tell the government the passcode to unencrypt his computer, but he did have to provide the government with an unencrypted copy.
Translated to bitcoin private keys, that could mean a person would have to transfer his or her bitcoins to where the government wanted them moved (eg, a government controlled bitcoin wallet) but not tell the government the private key used.
So far, no US court has ruled, at least publicly, on whether the Fifth Amendment protects a person from government compelled disclosure of his or her bitcoin private key or keys.
But from the current cases, we know the factors a court is likely to consider if confronted with this issue. Some of those key factors are:
- Whether the private key is written down somewhere (likely less protection) or only in the person’s head (likely more protection)
- Has the individual acknowledged control of the bitcoins seen (likely less protection) or kept quiet (likely more protection).
In the not too distant future, there can be no doubt that a US court will tackle the issue of the application of the Fifth Amendment to bitcoin private keys in a case that undoubtedly will be closely watched like the current Apple case.
And that court should uphold one of the Fifth Amendment’s most important protections and not compel disclosure, despite prosecutors urging otherwise.
The Fifth Amendment would be undermined if a court did anything else, and a defense attorney should vigorously contest any government attempt to seek such a court order.