Commonwealth v. Gelfgatt

Lenk, J.

(dissenting, with whom Duffly, J., joins). The court holds today that the defendant, an attorney who practices from his home, may be ordered to enter decryption keys sequentially on each and every electronic device seized from his home, his home office, and his automobile, in order to provide law enforcement officers with unencrypted access to those devices.1 Such an order is the functional equivalent of requiring him to produce the unencrypted contents of the devices seized. The government suspects that some unspecified set of documents related to a mortgage fraud scheme may be located on one or more of these devices,2 which the government thus far has been unable to read because of the encryption. I agree with the court that this act of decryption is compelled, testimonial, and potentially incriminating. Unlike the court, I conclude that this also holds true for the intrinsically linked act of thereby producing in unencrypted form any material that may be on the now encrypted devices. Further, I do not agree that the Commonwealth has shown suf*528ficient knowledge of the existence, location, and authenticity of the documents it seeks such that the information that would be revealed by decryption and production is a “foregone conclusion,” and therefore that requiring the defendant to decrypt the devices would not violate his constitutional privilege against self-incrimination. Because I believe that the act of compelled entry of the codes to decrypt the seized devices, thereby producing the unencrypted contents of those devices, is protected under both the Fifth Amendment to the United States Constitution and art. 12 of the Massachusetts Declaration of Rights, I respectfully dissent.

1. Act of production and authentication. The court concludes that the act of decrypting the devices pursuant to the Commonwealth’s proposed protocol, which necessarily would produce in unencrypted form any files stored thereon to which the encryption key would permit access, is not analogous to the act of responding to a subpoena to produce a document, where the act of production would be testimonial because it makes an assertion that, among other things, the document produced is authentic. To reach this conclusion, the court adopts the Commonwealth’s contention that, by decrypting the computers and thereby producing their unencrypted contents, the defendant would be asserting only his ability to decrypt the devices. On this view, he would not be asserting that he owned them, had exclusive use and control of them, or was familiar with any of the files on them; that certain files contained the incriminating evidence sought; or that the documents were authentic. Such is far from the case.

In taking this view of the matter, the court maintains that the defendant merely would be entering a password, which he would not disclose to the Commonwealth, into the encryption program, and would not thereby be selecting and producing any documents. Such an artificial distinction between the act of entering the decryption key and the inevitable result of decrypting the devices,3 and thereby producing the files for inspection, obfuscates the *529reality of what the defendant is being compelled to disclose. The Commonwealth seeks the decryption order at issue not for its own sake but, rather, to enable the government to access the documents it sought when obtaining the search warrant permitting it to seize the devices. Here, as the United States Court of Appeals for the Eleventh Circuit concluded in similar circumstances, “the decryption and production would be tantamount to testimony by [the defendant] of his knowledge of the existence and location of potentially incriminating files; of his possession, control, and access to the encrypted portions of the drives; and of his capability to decrypt the files.” In re Grand Jury Subpoena Duces Tecum Dated March 25, 2011, 670 F.3d 1335, 1346 (2012) (In re Subpoena Duces Tecum). Inexorably, once the decryption key is entered, the names and sizes of the files (if any) to which the defendant has access on that computer will be produced, the amount of unused space available to the defendant on that computer will become known, and the contents of any files will be made accessible to the Commonwealth.4

Moreover, the defendant has denied that there are any documents related to Baylor Holdings, Ltd. (Baylor), on that subset of the seized devices of which he has acknowledged ownership, denied that he created any documents for Baylor,5 denied that the encrypted communication program he used to communicate with Baylor continues to be installed on those devices, and denied that there are any saved records of the encrypted communications he had with Baylor employees. If the defendant is compelled to decrypt the devices, and any such documents are produced thereby, the act of decryption will have resulted in a prior inconsistent statement by the defendant, which the Commonwealth may seek to use against him at trial.6

In light of all this, I would conclude that both the acts of *530decrypting the devices and of inexorably producing thereby the unencrypted contents of the devices that the Commonwealth otherwise cannot now access are testimonial. See United States v. Hubbell, 530 U.S. 27, 43 (2000) (Hubbell); Doe v. United States, 487 U.S. 201, 212 (1988).

2. Foregone conclusion. The court concludes that the act of entering the codes to decrypt the devices would not infringe upon the defendant’s privilege against self-incrimination. The court is of the view that the defendant already has disclosed during an interview with State troopers anything that, absent such disclosures, might be testimonial about the act of decryption. In particular, the court concludes that the facts that might be learned through the act of decryption — ownership and control *531of the seized devices — have been revealed previously by the defendant, or are already known by the Commonwealth through other means, and therefore that the “foregone conclusion” exception applies to what otherwise would be testimonial conduct. The court does not consider whether the act of production, also in my view testimonial, is encompassed within the foregone conclusion exception.

“The touchstone of whether an act of production is testimonial is whether the government compels the individual to use ‘the contents of his own mind’ to explicitly or implicitly communicate some statement of fact.” In re Subpoena Duces Tecum, 670 F.3d at 1345, quoting Curcio v. United States, 354 U.S. 118, 128 (1957). Under the foregone conclusion doctrine, an otherwise testimonial act of production is not testimonial if the government establishes that, at the time it sought the compelled production, it already knew of that which would explicitly or implicitly be conveyed by the production. Fisher v. United States, 425 U.S. 391, 410-411 (1976) (Fisher). See Hubbell, supra at 36 n.19, 43-45 (act of production testimonial if by compelled conduct “the witness would admit that the papers existed, were in his possession or control, and were authentic”; inquiry turns on extent of government’s prior knowledge of existence and location of documents produced); United States v. Ponds, 454 F.3d 313, 320-321 (D.C. Cir. 2006).

a. Reasonable particularity standard. In addressing the extent of knowledge that the government must establish in order to invoke the “foregone conclusion” doctrine, four circuit courts of the United States Court of Appeals have concluded that the government must show with “reasonable particularity” that it already knows the “location, existence, and authenticity of the purported evidence.” In re Subpoena Duces Tecum, 670 F.3d at 1344 & n.20. See United States v. Ponds, supra at 320-321; In re Grand Jury Subpoena Dated April 18, 2003, 383 F.3d 905, 910 (9th Cir. 2004); In re Grand Jury Subpoena Duces Tecum Dated October 29, 1992, 1 F.3d 87, 93 (2d Cir. 1993), cert. denied sub nom. Doe v. United States, 510 U.S. 1091 (1994).

Treating computer files as documents, the United States Court of Appeals for the Eleventh Circuit is, to date, the only circuit court to have addressed the issue specifically in the context of *532encrypted computers. Concluding that a defendant’s compelled decryption and production of the contents of computer drives and external hard drives would be sufficiently testimonial to trigger Fifth Amendment protections, the court determined that “an act of production is not testimonial — even if the act conveys a fact regarding the existence or location, possession, or authenticity of the subpoenaed materials — if the Government can show with ‘reasonable particularity’ that, at the time it sought to compel the act of production, it already knew of the materials, thereby making any testimonial aspect a ‘foregone conclusion.’ ” In re Subpoena Duces Tecum, 670 F.3d at 1345-1346. To establish a foregone conclusion, “[t]he government does not have to show that it knows specific file names,” but would have to “show with some reasonable particularity that it seeks a certain file and is aware, based on other information, that (1) the file exists in some specified location, (2) the file is possessed by the target of the subpoena, and (3) the file is authentic.” Id. at 1349 n.28.

While the United States Court of Appeals for the First Circuit has yet to consider the issue, I would adopt, at a minimum for purposes of art. 12, the same reasonable particularity standard for establishing a foregone conclusion that other circuit courts have adopted, and would conclude that the Commonwealth has not met that burden here. See id. at 1346, 1349 (no evidence “that the Government, at the time it sought to compel production, knew to any degree of particularity what, if anything, was hidden behind the encrypted wall”). Contrast United States v. Fricosu, 841 F. Supp. 2d 1232, 1235-1237 (D. Colo. 2012) (existence and location of files foregone conclusion where government introduced recorded conversation of defendant and third party in which she said that file sought “was on my laptop”).

b. Extent of government’s knowledge in this case. Here, the Commonwealth has made no showing that the existence, possession, and authenticity of the broad categories of items sought are foregone conclusions, under any definition of that term. The court focuses on the defendant’s apparent access to the devices seized, and his statements that he owns a “laptop,” that “everything is encrypted,” and that he could decrypt at least one device (“my computer”). In so doing, it conflates the prob*533able cause showing that the Commonwealth was required to make in order to seize the devices in the first instance with the showing that the Commonwealth must make when, as here, it seeks the otherwise testimonial assistance of a defendant in accessing the contents of those devices.7 The showing that the Commonwealth must make as to its knowledge of the contents of those devices in order to render anything revealed by the decryption and production of that content a foregone conclusion is significantly greater than what is required to show probable cause. Hence, the “reasonable particularity” standard requires much more than government knowledge that a defendant owns or has access to a particular computer.

Even under the less specific requirements articulated in Hub-bell, supra, moreover, the government’s burden of establishing that, at the time it sought to compel decryption and production, it already knew of the documents sought, rendering any testimonial aspect of that conduct a foregone conclusion, is not met by a showing that a defendant had in his house what is essentially a locked file cabinet in which such documents might have been kept. See In re Subpoena Duces Tecum, 670 F.3d at *5341347 n.25 (“This situation is no different than if the Government seized a locked strongbox. Physical possession of the entire lockbox is not the issue; whether the Government has the requisite knowledge of what is contained inside the strongbox is the critical question”).

i. Existence and content of documents sought. Aside from knowledge pertinent to the existence and nature of the encryption program itself,8 the government has not shown that it has any knowledge as to the existence or content of any particular files or documents on any particular computer.9 To the contrary, the Commonwealth’s computer forensic expert’s affidavit provides general information about what computers can do, but makes no specific assertions as to any files or documents expected to be found on any of the seized devices. The focus of the trooper’s affidavit is on the defendant’s actions away from his home, as observed by police surveillance.10 There no description *535of files that are expected to be found,11 let alone that are known to exist, on the defendant’s computers;12 moreover, the affidavit contains numerous indications of the defendant’s apparent efforts to avoid downloading documents to his computers, using telephone or facsimile transmission from his house. Service providers’ Web sites that the Commonwealth asserts the defendant used13 are described as advertising that documents are stored *536on the third-party service providers’ computers, and may be accessed over the Internet without downloading anything to a user’s own computer. See G. Jacobs & K. Laurence, Professional Malpractice § 17.1 (2013) (discussing “cloud computing” as “in essence a sophisticated form of remote electronic data storage on the Internet. . . . Unlike traditional methods that maintain data on a computer or service at a law office or other place of business, data stored ‘in the cloud’ [cloud computing] is kept on large servers located elsewhere and maintained by a vendor”). The Commonwealth accordingly has not shown that it knows “with some reasonable particularity that it seeks a certain file and is aware, based on other information, that (1) the file exists in some specified location, (2) the file is possessed by the target of the subpoena, and (3) the file is authentic.” In re Subpoena Duces Tecum, 670 F.3d at 1349 n.28.

“In Fisher, [supra at 411,] . . . the act of production was not testimonial because the Government had knowledge of each fact that had the potential of being testimonial. As a contrast, the Court in Hubbell[, supra at 44-45,] found there was testimony in the production of the documents since the Government had no knowledge of the existence of documents, other than a suspicion that documents likely existed and, if they did exist, that they would fall within the broad categories requested.” In re Subpoena Duces Tecum, 670 F.3d at 1345. Here, too, the government has no more than a suspicion that broad categories of documents, extending over periods of years, may exist on one or more of the seized devices. See United States v. Doe, 465 U.S. 605, 613-614 & nn.11-13 (1984). See, e.g., Commonwealth v. Hughes, 380 Mass. 583, 592, cert. denied, 449 U.S. 900 (1980) (act of producing gun by defendant charged with assault by means of dangerous weapon would not convey “merely trivial new knowledge” but would communicate “just those matters about which the Commonwealth desires but does not have solid information”). Contrast Fisher, supra.

*537The court notes that the defendant has admitted to engaging in real estate transactions for Baylor, communicating with Baylor over an encrypted communication program installed on his laptop, using the Internet to communicate, having more than one computer, that “everything” on his computer is encrypted, and that he knows how to decrypt it. The court points also to the fact that two of the mortgage assignments to Baylor apparently are fraudulent.14 None of this, however, establishes anything about the government’s knowledge of the documents, if any, that may be stored on the seized devices.15 See In re Grand Jury Subpoena Dated April 18, 2003, 383 F.3d at 910 (“Although the government possessed extensive knowledge about [defendant’s] price-fixing activities as a result of interviews with cooperating witnesses and [his] own incriminating statements . . . , it is the government’s knowledge of the existence and possession of the actual documents, not the information contained therein, that is central to the foregone conclusion inquiry”).

Furthermore, the court misconstrues the extent of the defendant’s statements concerning the encryption, thereby inferring that the defendant has asserted greater access and control than is in fact the case. The court conflates the encryption of the disk drive on one of the computers, which the defendant acknowledged, with the existence of the encrypted communication program16 purportedly used to communicate with Baylor.17 Contrary to the court’s statement, the defendant has not said that the *538communication program that he ran in order to communicate with someone at Baylor is installed on any of his computers at this time; indeed, he stated explicitly that it had been installed on his “laptop” but that it might no longer be there and that the program itself “may not exist anymore.”18

On this record, the Commonwealth does not know what is stored on any of the seized devices, or if any of them contain information relevant to the charged offenses. Notwithstanding the court’s conclusion to the contrary, the affidavit in support of the search warrant and the defendant’s statements to police do not give rise to a foregone conclusion that whatever would be revealed by the defendant’s entry of the decryption key, and consequent production of the unencrypted contents of all of the *539seized devices, is already known to the government. See Hubbell, supra at 45 (“the overbroad argument that a businessman . . . will always possess general business and tax records,” could not “cure [the] deficiency” of government’s failure to demonstrate its “prior knowledge of either the existence or the whereabouts” of requested documents); In re Grand Jury Subpoena Dated April 18, 2003, 383 F.3d at 911 (“A subpoena such as this, which seeks all documents within a category but fails to describe those documents with any specificity indicates that the government needs the act of production to build its case against [the defendant]”). See also United States v. Doe, 465 U.S. at 614 n.12.

Even more fundamentally, to establish a foregone conclusion the government must first show that it knows any files at all exist on a particular computer. In In re Subpoena Duces Tecum, 670 F.3d at 1346, 1349, the United States Court of Appeals for the Eleventh Circuit reversed an order requiring a suspect to decrypt his computer, which was using the same type of encryption program that the Commonwealth’s expert avers is being used to encrypt the devices here, because the court concluded that the government had not shown that any files existed on the computer, other than the encryption program itself. The encryption program at issue not only encrypts information stored on a computer, it also encrypts all unused space on the computer’s hard drive, making it impossible to determine how much of the computer contains actual files and how much is unused or blank. Because the government could not show that any data on the computer represented actual files, the court concluded that “[t]he [government has failed to show any basis, let alone shown a basis with reasonable particularity, for its belief that encrypted files exist on the drives . . .”. Id. at 1349. Given the properties of the encryption program in place on the seized devices here, as described by the Commonwealth’s expert, the Commonwealth does not know whether they contain any documents of any kind.

ii. Ownership, exclusive use, and control. The court’s decision also conflates access to a particular computer19 with access to, and knowledge and control of, each of the files on that *540computer.20 As stated, the United States Supreme Court has rejected the view that a defendant’s access to a locked cabinet, whose contents are not known but that might contain the documents sought, is sufficient to establish that the government knows the contents of those documents, such that their compelled production by unlocking the cabinet is a foregone conclusion. Hubbell, supra. This distinction is even more critical in considering the issue of production or search of files stored on a computer. See In re Subpoena Duces Tecum, 670 F.3d at 1346, 1349; United States v. Fricosu, 841 F. Supp. 2d 1232, 1235-1237 (D. Colo. 2012). Like many courts to have considered the issue, we have concluded that each computer file is a separate document in a closed container, requiring that searches of a computer to locate specific files must be limited and particular. See Commonwealth v. McDermott, 448 Mass. 750, 775, cert. denied, 552 U.S. 910 (2007). See United States v. Potts, 586 F.3d 823, 833 (10th Cir. 2009) (“officers must be clear as to what it is they are seeking on the computer and conduct the search in a way that avoids searching files of types not identified in the warrant”). See, e.g., United States v. Mann, 592 F.3d 779, 786 (7th Cir.), cert. denied, 130 S. Ct. 3525 (2010), and cases cited; United States v. Burgess, 576 F.3d 1078, 1088-1089 (10th Cir.), cert. denied, 558 U.S. 1097 (2009); United States v. Carey, 172 F.3d 1268, 1270-1273 (10th Cir. 1999); United States v. Stierhoff, *541477 F. Supp. 2d 423, 439 n.8 (D.R.I. 2007), aff’d, 549 F.3d 19 (1st Cir. 2008). See generally Goldfoot, The Physical Computer and the Fourth Amendment, 16 Berkeley J. Crim. L. 112 (2011); Kerr, Searches and Seizures in a Digital World, 119 Harv. L. Rev. 531 (2005); Trepel, Digital Searches, General Warrants, and the Case for the Courts, 10 Yale J. L. & Tech. 120 (2007). Therefore, the government must establish knowledge of the existence of the particular file, either by the name of the file or by knowledge of its contents, as well as the defendant’s access to that portion of the encrypted drive on which the file exists. See In re Subpoena Duces Tecum, 670 F.3d at 1346, 1349. It has not done so here.

3. Attorney-client privilege. I would conclude also that the defendant cannot be compelled to enter the decryption key, and thereby produce all documents to which he has access, on each device, under the protocol as proposed by the Commonwealth, because of the possibility that the computers contain privileged information relating to the defendant’s legal clients. See Preventive Medicine Assocs. v. Commonwealth, 465 Mass. 810, 822-824 & nn.24-26 (2013) (“a search, to be reasonable, must include reasonable steps designed to prevent a breach of the attorney-client privilege .... [T]he harm to the defendant could be irreparable if the Commonwealth viewed privileged materials, even if only by accident”). The issue of attorney-client privilege is not addressed in the search warrant affidavit, the protocol proffered in conjunction with the Commonwealth’s motion to compel, or the court’s decision.21

The defendant told police that he ran a law office from his house, and that he had approximately ten active personal injury clients. He stated that he sent facsimile transmissions to his personal injury clients, when necessary, using TrustFax, an In*542temet facsimile site, from his home computer. He acknowledged that “my computer” is encrypted, but did not identify which one of the seized devices he meant, and asserted that the encryption was to protect his “privacy.” The police photographs of one of the computer screens when that computer was mnning, showing the directory name “K:\Leon DocumentsYMy Scans” and an icon labeled “Attorney Leon I. Gelfgatt,” do not indicate that the documents, if any, on the computers relate to Baylor and not to the defendant’s other clients. Nor do they show that the computers contain any documents related to Baylor. Because the proposed protocol potentially would allow the Commonwealth to view privileged information related to the defendant’s other clients, I would conclude, on this basis as well, that the requested order to compel is unreasonable and impermissible.

4. Conclusion. Because I believe that the compelled decryption and production here is fundamentally testimonial, and the Commonwealth has not established a foregone conclusion that the existence, location, and authenticity of the information that would be produced is known to the government, I respectfully dissent, and would answer the reported question, “No.”

The Commonwealth’s proposed order requires the defendant to decrypt “all” of the “digital storage devices that were seized from him.” These include two desktop computers and a laptop computer seized from his house; a “netbook” computer seized from his automobile; an external hard drive; two universal serial bus (USB) “thumb” drives (also known as “flash drives,” “USB drives,” and “sticks”); fourteen compact discs; two secure digital cards; and two cellular telephones. The devices were seized pursuant to a search warrant issued based on an affidavit by a State trooper involved in the investigation. The affidavit sought, inter alla, “[cjomputers and/or electronic storage devices capable of storing any of the below-described records and/or data”; it encompassed “[a]ny and all records, documents, items, and/or data, in whatever form, relating in any way to” a lengthy list of broadly defined items.

A “netbook” is a smaller, more lightweight, and less powerful type of laptop computer usually used for Internet and electronic mail (e-mail) access. See Cloud Control: Copyright, Global Memes and Privacy, 10 J. Telecomm. & High Tech. L. 53, 58 & n.27 (2012). Flash drives “are solid state memory devices that can comfortably be carried on a key chain. They can be used, usually thru a USB port, much like an external hard drive.” United States v. Burgess, 576 F.3d 1078, 1090 n.12 (10th Cir.), cert. denied, 558 U.S. 1097 (2009). Like flash drives, secure digital cards are a type of “solid-state memory technology that stores information when not powered,” but they “serve different functions and have limitations that USB flash drives do not”; secured digital cards “are thin cards used in phones or cameras that serve primarily as digital film substitutes.” Sandisk Corp. v. Kingston Tech. Co., 863 F. Supp. 2d. 815, 819-820 (W.D. Wis. 2012). They are “not readily compatible with computers and often require a special adaptor to interface with a computer’s USB port.” Id. at 820.

That no individual file would be decrypted on the computer’s disk drive until someone requested that particular file is of no moment. According to the Commonwealth’s expert, the act of entering the decryption key is what would permit the decryption program to run automatically and provide readable access to an individual file upon request.

The issue, of course, is not whether the decrypted contents of the computer are “testimonial,” but whether the act of decrypting the computer and thereby producing decrypted information is “testimonial” under the Fifth Amendment to the United States Constitution and art. 12 of the Massachusetts Declaration of Rights.

The defendant told police that he received the already-executed mortgage assignment documents from Baylor through the United States mail, and that he merely recorded those documents at the relevant registry of deeds.

The Commonwealth asserts that while, according to the proposed “protocol,” it will not introduce evidence of the manner in which the computers *530were decrypted (unless the defendant opens the door), it intends to introduce evidence of the encryption itself as evidence of “consciousness of guilt.” The Commonwealth intends to make this argument even though encrypting files on computers is now a common business practice that is mandatory in many circumstances. See In re Grand Jury Subpoena Duces Tecum Dated March 25, 2011, 670 F.3d 1335, 1347 (2012) (rejecting “the suggestion that simply because the devices were encrypted necessarily means that [the defendant] was trying to hide something. Just as a vault is capable of storing mountains of incriminating documents, that alone does not mean that it contains incriminating documents, or anything at all”). See also G. L. c. 93H, § 2 (requiring adoption of regulations “relative to any person that owns or licenses personal information about a resident of the commonwealth” that are designed to “insure the security and confidentiality” of such information; “protect against anticipated threats or hazards to the security or integrity of such information; and protect against unauthorized access to or use of such information”); 201 Code Mass. Regs. §§ 17.00 (2009) (implementing G. L. c. 93H); G. Jacobs & K. Laurence, Professional Malpractice § 17.1 (2013) (discussing requirement, pursuant to G. L. c. 93H and Supreme Judicial Court Interim Guidelines for Protection of Personal Identifying Data, that attorneys “identify reasonably foreseeable risks to records containing such information, control access to it, establish policies regarding storage and secure transportation of records [e.g., in e-mail correspondence] outside of the premises, require use of up-to-date computers, firewalls, anti-virus software, and secure encryption of all electronically stored and transported data” [emphasis supplied]); John W. Sime, Selecting a Law Firm Cloud Provider, 93 Mich. B.J. 48, 49 (2013) (“Data should be encrypted at two stages. The first stage is during data transmission. . . . [D]ata should also be encrypted while in storage at the cloud provider”). Moreover, it also seems likely, and the Commonwealth has not stated otherwise, that, should any such documents be produced on any of the seized devices, the Commonwealth will seek to characterize evidence of the defendant’s earlier denials as inconsistent statements, lies, and further consciousness of guilt.

The Commonwealth argues that the order to provide the key to decrypt the computers and thereby produce the unencrypted documents is necessary because encryption creates significant difficulties for law enforcement officers attempting to prosecute a lengthy list of serious crimes. In a similar vein, the Commonwealth argues explicitly that it should be able to compel the decryption of the devices and the production of their content based on the warrant affidavit, which established probable cause to seize them, as the seizure otherwise has produced no information that would be useful in prosecuting the charged offenses.

It does not follow, however, that further restrictions should be placed on fundamental protections provided by the Fifth Amendment and art. 12, which heretofore have been enforced by both State and Federal courts, because the prevalence of computers, in this digital age, at times may facilitate the commission of crimes. The omnipresence of electronic devices that may be monitored, tracked, and recorded has likewise afforded unparalleled opportunities to law enforcement officers in their pursuit of criminal investigations. That encryption may at times present significant difficulties to law enforcement officers does not, as the Commonwealth suggests, result in a conclusion that the Fifth Amendment privilege should be restricted so that enforcement is made easier. See Blaisdell v. Commonwealth, 372 Mass. 753, 761 (1977) (“Where the privilege is applicable, the constitutionally required result is that no balancing of State-defendant interests is permissible to facilitate the admittedly difficult burdens of the prosecution”). See also Commonwealth v. Doe, 405 Mass. 676, 680 (1989).

David Papargiris, the director of the Attorney General’s computer forensics laboratory, submitted an affidavit in support of the Commonwealth’s motion to compel decryption. Papargiris stated that some of the storage devices seized from the defendant’s house indicate use of an encryption program called “DriveCrypt Plus Pack.” When this program is installed on a computer, the computer displays a particular screen requesting a password every time the computer is started. Nothing further can be done on that computer until the user enters the password. Because all of the seized computers display the same screen when they are started, Papargiris believes that the program is being used for all of the seized computers and separate storage devices.

As to one external hard drive, the Commonwealth has shown knowledge of two documents related to the defendant’s own home, not involving Baylor Holdings, Ltd. (Baylor), or Puren Ventures, Inc., and some links (which do not involve documents) to third-party Web sites.

The trooper’s affidavit details police surveillance and review of surveillance video footage of the defendant driving to various stores and post offices. Police suspect the defendant purchased money orders and gift cards at these locations, by filling out forms by hand. Additional surveillance footage shows the defendant on one occasion entering and leaving a court house that also houses a registry of deeds. Cooperating witnesses and documents obtained from third parties indicate that an unknown individual purporting to represent Baylor arranged for checks to be mailed via United States mail to the defendant’s former office building in Boston.

The affidavit also recounts police observations of the defendant suspected to be using publicly available and “anonymous” wireless Internet services, which allow access to the Internet without identifying a particular user’s Internet Protocol (IP) address, from a variety of locations, such as restaurants. These suspicions are based largely on his presence at particular times at loca*535tians where such services are available, or in nearby parking lots, and, on two occasions, because he was observed apparently using a laptop.

Based on the affidavits, the Commonwealth clearly had probable cause to seize the devices themselves. In this regard, there was reason to think the defendant used some unspecified computer to connect to the Internet in communicating with the intended victims of the fraud.

The search warrant affidavit states that the seized computers “are capable of storing,” inter alla, information about the defendant’s “contacts and activities” for a period of more than four months; “anything having do to with” his financial transactions over an approximately three-year period (although the fraudulent mortgage scheme allegedly lasted for less than one year); any Internet search, over an unlimited time frame and geographic area, for residential properties; and “any” document filed with “any Massachusetts Registry of Deeds,” again over an unlimited period. The same information is also sought, from “[a]ny and all records, documents, items, and/or data, in whatever form,” to be found at the defendant’s house and in his automobile. The affidavit states further that, because “[transferring data files between computers or onto storage devices such as disks is a simple task that takes little time. . . once a file is on one computer at a given location — particularly a home — I believe that there is probable cause to believe that it could be moved to any storage device or other computer at that same location.” The court does not address whether these broad categories and date ranges meet the specificity requirements of Commonwealth v. McDermott, 448 Mass. 750, 771-775, cert. denied, 552 U.S. 910 (2007) (concluding that each computer file is separate, closed container, and discussing limitations necessary on searches to be conducted of computer hard drives so that warrants to conduct such searches are not constitutionally infirm). The record here also does not indicate whether the Commonwealth sought a warrant as to the search of each of the devices once they had been seized and transported to the police laboratory. See id. at 774-775.

The trooper’s affidavit suggests that the defendant made use of third-party services over the Internet to establish certain corporate telephone and facsimile numbers. The Web sites described in the affidavit, however, are explicitly discussed as services that would not require placing any documents on a suspect’s own computer. They are described as permitting anonymous use, storing documents on the third-party service provider’s computers, and permitting access to, for instance, e-mail message attachments without downloading anything to a user’s own computer. See United States v. Falso, 544 F.3d 110, 112-114 (2d Cir. 2008) (warrant affidavit asserting after forensic examination of computer that defendant “appeared to have gained or attempted to gain” *536access to Web site that distributed and sold child pornography, where e-mail address belonging to defendant was listed as subscriber to member section of Web site, defendant had Internet service from his house, and defendant had been convicted of prior misdemeanor sex offense, did not establish probable cause that images of child pornography would be found on defendant’s computer).

Police suspect the two assignments to Baylor are fraudulent based on their communication with the closing attorneys involved in the sales of the two properties not long after the assignments had been recorded, and with the banks that previously held the mortgages.

The trooper’s affidavit states, without record support, that evidence seized from the external hard drive shows that the defendant used his computers to create the forged assignments. The documents described as having been observed on the external hard drive, however, which are the only specific documents described as existing on any of the seized devices, relate to an unsigned release of a mortgage on the defendant’s own property, and not to any assignment to Baylor; nothing in the affidavit indicates how the documents were created.

As the defendant described it to police, the communication program works like an online “chat” session; one person types, and the other person sees the message displayed on his or her computer screen. The message that the user types is encrypted before it is sent to the recipient. The program as *538described is not intended to create and store documents, or to encrypt computer drives, but, rather, to allow users to send messages back and forth in a secure way so that someone trying to eavesdrop on the messages being sent would be unable to do so.

The court points to the defendant’s statement to police that, “[i]n order to decrypt the information, he would have to ‘start the program’ ” as being a reference to the “DriveCrypt” encryption software on the computer drives that it takes as an admission of control over the drives and the ability to decrypt them. The defendant was speaking, however, of the communication program he started in order to communicate in a “chat” session with the Russian individuals at Baylor, not of the encryption of the computer drives themselves. According to the defendant’s statement, the communication program takes up very little space on a computer drive and can be installed on any device, including a removable “flash” drive; the program requires only an Internet connection, and can be run from anywhere, by inserting a “flash” drive into a computer.

The defendant, who is a native of Russia, obtained the program at a financial conference in Europe sometime in 2004, 2005, or 2006, because he intended to develop his business in the Russian market; he believed that encrypted communication was necessary to address Russian security concerns. In response to an explicit question, the defendant answered that he did not know whether the communication program saved the contents of any conversation on a computer drive, and then clarified that the communication program did not save any of the typed conversations but, rather, deleted them at the end of a communication session, and that he thought it did not store copies of the conversations because it was intended to be secure.

When asked at another point about the location of the “encryption device” that he used to communicate with Baylor (“Is it on your laptop? Is it on your desktop”?), the defendant replied, “At different points it was.” Whether the defendant was referring to the “laptop” seized from his house or the “net-book” seized from his car is unclear. It is also unclear which of the two other computers was meant by “your desktop.”

The defendant stated that the computer in his home was in an area acces*540sible to anyone in the house or who came to his home office, and that Baylor employees accessed his computer using the encrypted communication program. On this record, the government has not shown that the defendant had exclusive access to the computers.

According to the Commonwealth’s expert, the encryption program on the seized computers permits multiple users with distinct passwords, each potentially having access to a different portion of the computer drive. The government does not currently know how many user accounts exist on any of the computers, and to which portions, if any, of any particular computer the defendant has access. See Trulock v. Freeh, 275 F.3d 391, 403-404 (4th Cir. 2001) (where two individuals shared use of computer, and both had access to entire computer hard drive, other user did not have authority to consent to search of suspect’s password-protected files on that drive). The ability to enter a password to start the computer does not, therefore, indicate whether the defendant has access to or control over all of the different user accounts and different sections of the computer drives that may have been established on any of the seized computers; it would, however, potentially reveal to the Commonwealth the existence of other accounts, and possibly others who use the computers, about which the Commonwealth has indicated no knowledge.

The question is addressed by the defendant in his brief and by the Commonwealth in its reply brief. While the Commonwealth asserts in its reply brief, prior to a discussion on the merits, that the question of attorney-client privilege is not part of the reported question before the court, the plain language of the Commonwealth’s motion to report, which was allowed, and which is presented by the Commonwealth in its initial brief as “the issue presented for review,” asks, “Can the defendant be compelled pursuant to the Commonwealth’s proposed protocol to provide his key to seized encrypted digital evidence ...” (emphasis supplied)? The joint stipulation of the parties as to the wording of the reported question uses identical language.