I’m about to embark on a encryption upgrade to my machine and wanted to know about how the law works in regards to “forcing” me to give up my passwords.
If I encrypt my HD(s) can the police/government/whatever legally force me to give up my passwords? AFAIK PGP is near damn impossible to hack. Are there any laws in place that, say, would jail me forever if I don’t pony up the passwords?
I’m a Canadian but the answer can be for whatever state you’re familiar with. I’m just interested in a general answer.
If a judge can be convinced that your files need to be searched, he can issue a court order directing you to give the cops your passphrase. You can still refuse, of course, in which case you’d end up in jail anyway.
IANAL, but it has been my belief that a law which required you to decrypt your files on demand would constitute forcing you to testify against yourself. For a US citizen this would be a violation of the 5th Amendment to the US Constitution. As an analogy, I believe that police with a search warrant may search for a key to your storeroom, but can they require you to tell them where the key is?
Recently (within the last few years) there was a move in Britain to pass a law requiring decryption on demand and imposing stiff penalties for refusal. This was derailed when some clueful activists pointed out that they could get anyone (e.g. the PM) sent to jail by emailing them an encrypted file and then tipping the police that they possessed kiddie porn or some other illegal material. Especially in light of today’s prevalent spyware and trojans, the fact that I have an encrypted file on my computer does not necessarily imply that I have the software or password to decrypt it, so it’s illogical to hold me accountable for not being able to do so.
I’m curious about the legality of so-called “deniable” encryption. A guy developed an encryption/storage scheme called “rubberhose” (which was at www.rubberhose.org at one time, but seems to be gone now) which allowed your hard drive to contain multiple conceptual partitions, but their data was intermingled such that you cannot tell how big one is, or even how many exist on the disk. If you provide the key for one of the partitions, you can examine its data, but you still can’t see how many are left or see any of their data.
The idea is that if someone is forcing you to give up your key, you can give them one or more of your keys to less sensitive data, and they can’t tell that you haven’t given them all the keys.
I suspect that this would be illegal in cases where you were legally compelled to give up your keys, but very difficult to prove.
Thanks Ntucker. I wasn’t able to find anything on rubberhose except for some over views on what it is. Very interesting encrytion, I’d love to get my hands on it!
Well, I have no idea if Canada has a 5th amendment type protection.
If I were to not cooperate with police and give up my keys, what’s the worse they could do under the law (other than call me an enemy combatant and keep me in jail forever)? Could they convict me regardless of any evidence except for protected HD space? I mean, could they imply I have something to hide thus find me guilty?
If your files do not, in fact, incriminate you, and the mere fact you hold the decryption key does not incriminate you, you may not claim the privilege.
For example, let’s say that the encrypted files contain evidence that you asked for sex from a subordinate as a quid-pro-quo for promotion. This is not a crime, and does not incriminate you within the meaning of the Fifth Amendment. You can be required, under pain of contempt of court, to decrypt your files.
Let’s say that the encrypted files contain evidence that you and three partners have been importing cocaine and distributing it to dealers all over the city. You can assert a Fifth Amendment privilege here. But if the court were to grant you use immunity with respect to the data – that is, a guarantee that the data would not be used to prosecute you – then it no longer incriminates you within the meaning of the privilege and you can be forced to decrypt the data.
This sounds like a steganography system in addition to encryption, and there are a number of applications which provide this kind thing. Steganography involves hiding data to conceal its presence. It’s often coupled with encryption but is a distinct problem. You may find more results searching on that keyword.
