Judicial rubber-hoses

| 4 Comments
The other day a Colorado court ordered a defendant to produce the unencrypted contents of their own laptop. This is what I called "rubber hose cryptography", and previously we've heard of efforts in the UK to compel decryption. It has now happened here, and not at the US border. Unlike the UK, this decryption demand in Colorado is not based on a law that specifically says that courts can demand this.

Wired article

The counter-argument is quite clearly the 5th amendment right guaranteeing the ability to not self-incriminate. If that decryption key only exists in your head, and disclosing it would incriminate you, then you don't have to yield the key.

This judge disagreed. I'm not a lawyer, so I can't tell what legal hairs were split to come to this decision. But the fact remains that this judgment stands. The only concession he appears to have made for the defendant is to preclude the prosecution from using the act of disclosure as a 'confession', but the data yielded by the disclosure is still admissible.

4 Comments

Your comment is not correct. The judge has ordered the defendant to produce and un-encrypted version of a document, not to reveal the password or completely decrypt all data.

Which just means that we need to use steganographic encryption methods now, so we can shift the argument from "It's there, you need to decrypt it" to "The defense says there's nothing there and the prosecution can't prove otherwise."

It would be interesting to know how would the Court make itself sure that the defendant is providing THE un-encrypted copy of the drive's contents without knowing the passphrase...