What are your thoughts on this? "The government wants him to give up the password [to decrypt his hard drive], but doing so could violate his Fifth Amendment right against self-incrimination by revealing the contents of the files."
I'm on the side of the prosecutors on this one, they should be given the password. If he has nothing to hide, he has nothing to fear. Accidental downloading of child-porn doesn't wash with me as a defense. But my thoughts are still half-formed.
What are yours?
I sent an e-mail to David Mader asking if he had any legal insight for me, and he responded with this:
Hey Catelli,It's an interesting issue, eh? I haven't quite thought the whole thing through, and truth is I'm not a CrimProcedure expert. But there's been quite a bit of discussion about it, at least from a legal perspective, over at the volokh conspiracy - don't know whether you've seen it.
Check out: http://volokh.com/posts/1197670606.shtml
The first link provided a synopsis of the judgement rendered. The most significant statement to me was this: In distinguishing testimonial from non-testimonial acts, the Supreme Court has compared revealing the combination to a wall safe to surrendering the key to a strongbox. See id. at 210, n. 9; see also United States v. Hubbell, 530 U.S. 27, 43 (2000). The combination conveys the contents of one's mind; the key does not and is therefore not testimonial. Doe II, 487 U.S. at 210, n. 9. A password, like a combination, is in the suspect's mind, and is therefore testimonial and beyond the reach of the grand jury subpoena.
Based on my reading of this, that pretty much settles it. The password to encrypted files is very much akin to a combination lock. Orin Kerr rebuts in the second link Mader provided, and makes a counter argument on legal precedence.
Logically, the judgement makes no sense, especially in light of modern technology. As part of a criminal investigation, investigators get warrants to search for evidence. If they have a properly executed warrant, you have to let the investigative team into your home, business or office to conduct their search.
I see no distinction between that, and a warrant to search the files on your computer. If its properly executed, you must give them access, password protected or not. However, if you have a wall safe protected by a combination lock, you do not have to provide the combination. (Which begs the question, can the police then employ a safecracker?) I don't think people fully understand the ramifications of this logic.
For instance, say your house were secured with one of these. You know you are the subject of an investigation, and that a search warrant will be exceuted. You lock the keys into the house, and move into a hotel. To get into the house requires a password. Under the concept outlined above, the police cannot execute the warrant, because forcing you to reveal the password is a violation of the fifth amendment. Now, can this state go on indefinately? Probably not, you'll want into your house eventually, but this delaying tactic could be quite useful. Or the police could just break into your home, if the law allows. But the example does serve to illustrate the inconsistency of this decision. To my mind, either a warrant is a legal means of conduction a search or it isn't. Basing access to secured items on what is possesed vs. known is a distinction without merit.
To answer Ken's question "I thought the feds had the technology to break PGP-encrypted files?"
Everyone with a computer does. Cracking encryption is a simple mathematical computation. All computers are number crunchers at heart. The trick is, the longer the key used to encrypt data, the more processing power required. So in this case, if the key used on the hard drive is 128 bit or longer, the computing power required is substantial, and may not even exist. If it does, its at the NSA or CIA and its 100% dedicated to reading terrorist traffic, and won't be available to help investigators in Vermont.