A judge has ruled that a person has to give up their encryption keys to the police, under the logic that an encryption passphrase is equivalent to a key, and a suspect can be forced to produce a key to a safe that holds incriminating evidence.
For me, this is a case of the physical vs the intellectual. Testimony that incriminates myself is, in essence, information locked in my mind that can only be accessed because I willingly surrender it. An encryption passphrase is, to me, the same. It is non-physical information that grants access to other non-physical information. Can a person be compelled to give up the location of a cache of drugs, or where the bodies are buried, the existence of which would prove their guilt?
A key to a safe is a physical object needed to gain access to other physical objects that are known about. Â Although I’ll be honest, I’m not sure I even like the idea that a suspect should be forced to give up a safe key. Â If the government wants the contents of my safe so badly, they can search for the key, hire a safe cracker, or contact the manufacturer for access. Â Same with encryption. Â Run a decryption algorithm. Â If you are lucky, it’ll work fast & you can prosecute me before I die.
This has been through other federal courts already, and has gone both ways. Hopefully a conflicting decision will force this into the SCOTUS.
Hell … if imprisonment wont pry the password from the defendant, then maybe the judge should just order him to be waterboarded.
If encryption can be removed forcibly upon penalty of contempt of court or obstruction of justice, would erasing the hard drive be evidence of obstruction, despite there being no more incriminating evidence on the drive?
TrueCrypt has a container within a container for plausible deniability. It’s good software for storing your personal docs and scans in an encrypted file in case your home computer is stolen.
One wonders: How, exactly, can a police man in the U.S. force one to give up their pass key without opening themselves up to a torture claim?
So, really, this ruling is only yet another court approved means by which investigators can trip up the uninformed by lying to them.
Mark: If this is allowed to stand, judges will jail defendants indefinitely on contempt, on the theory that the defendant can get out of jail at any time by coughing up the passphrase.
Such jailings have, in the past, only been allowed if the person was granted immunity for such testimony.
What’s to stop someone from just saying “I forgot my password”? Wouldn’t they have to prove beyond a reasonable doubt that you did *not* forget it? That seems an impossible task. This defense assumes you are willing to let your data go, never to be seen again, as if you really did forget the password.
“they can search for the key, hire a safe cracker, or contact the manufacturer for access.”
Actually what they will do is destroy your safe getting it open and tell you they are not liable for the damage because they gave you the opportunity to provide them with the key or combo and you refused. Once they have a warrant, you can cooperate or not. They will do what they have to do to get what they want. That has already been through the courts and been upheld. The case law, if I remember correctly, was that the lock on a safe was the same as a lock on a door. If they have a valid warrant, you can provide them with an opening or they will open it for you and not be held responsible for any damage they do gaining access. Problem here is they could potentially destroy the evidence they are after in trying to get it. They want the info to help convict.
Exactly my point. If they have to hire a safe-cracker and he needs a torch to cut open the safe, they risk setting fire to the contents.
Also, what happens when they get the creative geek, whose data is encrypted with code that can destroy the encrypted contents if some preset condition is not met before or during decryption? Is a defendant obligated to tell the state about any digital booby traps? And what if he doesn’t and the data is destroyed?