Let’s assume your corporation is investigated by a government agency. As corporate in-house counsel, you receive a request to produce documents related to the investigation, but they are on an employee’s password protected or encrypted device. Unfortunately, the employee refuses to share the password or encryption key for fear it would lead to self-incrimination. Is the company obligated to produce the information? May the employee be compelled to divulge the passwords and encryption keys?
The answer may not be clear cut. The government will argue that the employees must cooperate under the “collective entity” exception to the Fifth Amendment, but the type of business entity and the focus of the investigation may come into play.
Custodians of Corporate Records Must Hand Over Corporate Data During Governmental Investigations
Cases involving forced decryption may implicate the Fifth Amendment of the U.S. Constitution, which protects parties against self-incrimination during discovery and litigation for civil and criminal cases. However, if the documents at issue are corporate records possessed by an employee, the government will likely argue that the employee must cooperate and cannot raise a Fifth Amendment defense—even if handing over the corporate record would amount to self-incrimination. Under the “collective entity” doctrine, the Fifth Amendment’s protection against incrimination does not extend to custodians of corporate records. Braswell v. U.S., 487 U.S. 9 (1988).
In Braswell, a federal grand jury subpoenaed a business owner’s accounting records for two of his companies. The business owner refused to cooperate, stating that doing so would violate his Fifth Amendment right against self-incrimination. The government countered, arguing that under the collective entity doctrine, corporations may not raise Fifth Amendment protections against self-incrimination, and that Braswell was required to comply with subpoena as an agent of the corporation.
The Supreme Court agreed that the corporate entity doctrine applied. Justice William Rehnquist, in the majority opinion, quoted Hale v. Henkel, 201 US 43 (1906) and explained that corporate entities, as “creatures of the state,” are required to submit business records to the state for inspection, and are therefore not entitled to the same constitutional protections typically afforded to private individuals.
An Exception for Sole Proprietors and Individual Misconduct?
While it should be noted that Braswell was decided in 1988—well before smartphones and cloud storage blurred the lines between our personal and business lives—Braswell’s holding remains controlling today. However, there are exceptions and differing opinions as to whether passwords are truly “corporate records.”
For instance, the Supreme Court carved a narrow exception that may allow sole-proprietors to raise the Fifth Amendment in response to a government subpoena for business records. Additionally, if the focus of the investigation is wrongdoing by specific corporate employees, the employees may be able to assert Fifth Amendment rights and refuse to turn over passwords. At least one court determined that passwords are not corporate records falling within the “corporate entity” doctrine, but rather testimonial information falling within the individual employee’s “thought processes”. See, e.g. Securities and Exchange Commission v. Huang, Civil Action 2015-969 (E.D. Pa. September 23, 2015).
This article was written by Eric R. Pesale, a soon-to-be attorney who regularly writes about E-discovery, intellectual property law, and the growing impact of emerging legal technology for law firms and companies. He graduated from New York Law School, and has worked as a legal intern at BBC Worldwide Americas, Inc., and various law firms in New York City. You can follow him online on LinkedIn (linkedin.com/in/ericpesale) and on Twitter (@ericpesale)