United States v. A 2TB HITACHI HARD DRIVE SERIAL NUMBER YFGNBBTA AND LABELED HD-2, 1:18-mj-00307

Background

Law enforcement obtained and executed a warrant for a 2TB Hitachi hard drive (the Device) tied to Burns’s downloading and possession of child pornography. Burns later pleaded guilty to receiving child pornography and agreed to forfeit the Device.
Forensic examiners found deleted child-pornography images on an unencrypted system drive and discovered that the Device was fully encrypted with VeraCrypt; a copy of VeraCrypt and instructions were found on the system drive.
Burns admitted to downloading and storing child pornography, identified the Device as where files were saved, acknowledged there were contraband images on the Device, but refused to provide the decryption password.
The Government’s Cyber Crime Center ran extended brute-force decryption attempts without success; IDRIX (VeraCrypt’s creator) publicly states it cannot decrypt without a user’s password/key.
The Government filed an All Writs Act application seeking an order compelling Burns to produce the Device in an unlocked/unencrypted state; Burns opposed, raising Fifth Amendment and adequacy-of-government-effort arguments.

Issues

Issue	Plaintiff's Argument	Defendant's Argument	Held
Authority to compel decryption under the All Writs Act	All Writs Act permits orders necessary to effectuate a warrant; magistrate had jurisdiction under Rule 41	Order unnecessary; government decryption efforts were inadequate and should seek vendor assistance	Granted: All Writs Act authorizes decryption order to effectuate previously issued warrant
Necessity / adequacy of government efforts before compelling decryption	Government performed forensic review and sustained brute-force attacks; vendor cannot decrypt (IDRIX statements)	Government made only minimal/primitive attempts and failed to contact VeraCrypt maker	Held government efforts were sufficient; vendor cannot help, so compulsion is appropriate
Fifth Amendment privilege against compelled testimonial incrimination	Compulsion to decrypt is non-testimonial because existence, possession, and control of device and files are a "foregone conclusion" given Burns’s plea and admissions	Compelled decryption would force testimonial communication (password) and violate Fifth Amendment	Held: Foregone conclusion doctrine applies; Fifth Amendment does not block order to decrypt
Scope and practical impact of order (necessity for other proceedings)	Access needed to identify victims, assist Psychosexual Evaluation, and confirm extent of dissemination	Order unduly burdens defendant and impinges constitutional protections	Held: Order limited to producing the Device unlocked; legitimate investigatory and evaluative needs justify it

Key Cases Cited

Fisher v. United States, 425 U.S. 391 (Sup. Ct.) (Fifth Amendment protects testimonial communications, not all incriminating evidence)
Hiibel v. Sixth Judicial Dist. Ct. of Nev., Humboldt Cty., 542 U.S. 177 (Sup. Ct.) (Fifth Amendment requires communication to be testimonial, incriminating, and compelled)
United States v. New York Tel. Co., 434 U.S. 159 (Sup. Ct.) (All Writs Act reaches persons able to frustrate court orders)
Pennsylvania Bureau of Correction v. United States Marshals Serv., 474 U.S. 34 (Sup. Ct.) (All Writs Act is residual source of authority for writs not otherwise covered)
United States v. Hubbell, 530 U.S. 27 (Sup. Ct.) (limits to foregone-conclusion doctrine where Government lacks prior knowledge of documents’ existence/possession)
United States v. Apple MacPro Computer, 851 F.3d 238 (3d Cir.) (upheld use of All Writs Act to order decryption to effectuate a warrant)
In re Grand Jury Subpoena Duces Tecum (Miss. Emp’t Sec. Comm’n), 670 F.3d 1335 (11th Cir.) (discusses foregone-conclusion doctrine in decryption context)
United States v. Phillips, 477 F.3d 215 (5th Cir.) (defines brute-force attack as method of password cracking)
United States v. Gavegnano, [citation="305 F. App'x 954"] (4th Cir.) (applies foregone-conclusion doctrine where Government independently proved possession/control)