You just know the government will not let this go un-appealed.

There are a lot of issues I wondered about related to the 5th amendment, but I don't know if they are real issues since the questions are inspired by TV Dramas. For instance, can the police or court literally put words in your mouth and make you read incriminating text aloud for a voice line up? And can a lawyer really make a witness read text handed to him aloud? In both cases the government would be forcing presumably innocent people to speak words that are not theirs.

Not only will this not go unappealed, even as a civil libertarian I don't think it should stand.

With a lawful warrant, the police can make you unlock a door or open your safe. Why should your digital data be different?

@ #1

As far as TV law shows go, I have always gotten the impression that what they are reading are things that they had previously written. Like a report or previous testimony that says the opposite of their current testimony.

Actually, reading more, I stand corrected.

With a warrant, the police CAN make you unlock a door, because that is physical posession of an object (physical evidence).

However, opening a safe also conveys the testimony that you knew the combination, so it is considered a testimonial act and IS protected by the 5th ammendment.

Do you have caselaw on a police being able to force you to unlock a door or open a safe?

I know they can give you a choice - do it yourself or we will do it for you - but I'm unaware of any court ruling that says you must play an active part in the role.

This sounds like a very common-sense ruling. It doesn't mean the government can't crack your key, or access the archive. it just means that you have the freedom from being forced to incriminate yourself. I'm pretty sure that consitutional right trumps any court ruling or warrant.

What next? Asking you to tase yourself?

This is probably one of the most important court decisions that I have heard in a long time. It is also the right decision. Thank you Boing Boing for reporting this. For those who do not know what PGP is they should consult the Wikipedia article on the subject. There is also a very interesting history in the development of PGP regarding the government.

For years and years I thought a judge could order anyone to hand over their passphrases otherwise they'd be charged with obstruction of justice?

Vermont: still keeping America safe from itself. W00t!

-Proud Vermonter

And of course, the most simple argument, that the defendant could simply claim to not recall the password.

But mistake No. 1. was having the files unlocked while in transit across the border.

What's irritating about this case is that the noise mongers will harp on the fact that this case involves child abuse ("What about the children!") to obscure the rather clear constitutional precedent.

Woolie:

I'd say mistake #1 was downloading child pornography in the first place.

@1: I always thought the idea was that they were gathering evidence as in "Is this the voice you heard?" The words themselves are irrelevant, the identification of the voice is what is. It's not like the police are, even on tv, saying "Read this," then the suspect reads the paper aloud saying, "I am going to kill you all." And the police say, "He just threatened us. Taze him!" (Well, maybe Chief Wiggum would do that, but let's be reasonable, and even then I bet Officer Lou would have something to say about it.)

@8: That's what I thought as well. I have a feeling this judge has gone off the reservation and is going to get smacked pretty hard on appeal.

plausible deniability ftw.....You can bet the government will fight this tooth and nail if only for the "national security" implications --

(though the ruling could be got around the same way that refusing to submit to a breathalizer currently is - that is making substantial penalties above and beyond contempt charges for refusing to provide an encryption key when ordered to)

wasn't one of the demands in the original PGP wars something like local officials would have the master keys that could be used upon court order?

--

I wonder why his computer files were being looked through in the first place (also the original article mentions an "animation depicting child/adult porn" could be a lot of but what about the children bluster over a cartoon)

--

could you remember your key while being waterboarded?

#8

If you lie it's obstruction, if you keep silent based on your rights it's not. If someone else knew the pass phrase and they where to subpoenaed that person they might face obstruction charges if they don't hand it over (unless that where to break some other natural right they have)

If you knew your files would be searched or in any way a part of an investigation (or could be helpful to it) and thus encrypted/deleted them then it could be obstruction, but then theres also that whole innocent until proven guilty thing.

Anything electronic is virtual and anything virtual can be cracked. The rulling is just a formality and any enforcement could easy have the files open in any regard. (too many years inside the machine).

Robin Hood @ 14 said "(though the ruling could be got around the same way that refusing to submit to a breathalizer currently is - that is making substantial penalties above and beyond contempt charges for refusing to provide an encryption key when ordered to)"

I don't think so. The reason that the law allows the suspension of your license if you refuse to take a breathalyzer is based on the notion that driving is a privilege, not a right. Since the use of PGP is not otherwise restricted, it would be hard to make that argument here. I don't see any possible way that they could punish you for failing to turn over your key without violating the 5th amendment (not that that would stop them).

this is a victory for all right thinking,freedom loving people.

It is a duty of right thinking, freedom loving people to kill the defilers of children.

not mutually exclusive.

I love cases like this. It separates the posters who truly believe in constitutional rights from the hypocrites who believe in them until it's inconvenient, or until it gores their own horse.

Even putting aside civil liberty issues, I think this is still probably the right precedent. The alternative ( hauling people off to jail for not disclosing passphrases ) possibly leads to the unintentional outcome where people can mail someone they don't like an encrypted harmless document via a remailer, and then dob them in to the police, leaving it up to the victim to somehow prove that they genuinely don't know the passphrase and the contents of the encrypted archive.

@18: "It is a duty of right thinking, freedom loving people to kill the defilers of children."

This is a hateful thing to say, and you are a bad person for saying it.

@16. To break pgp using a brute force attack may well take thousands of years of computer time. No one has shown that pgp encryption can be broken - even the NSA has to use current technology.

What if the guy forgot his passphrase. I encrypted a drive I didn't use (just to be trendy) and promptly forgot the password. doh.

Should I be subject to prosecution for contempt of court because I refuse to divulge the contents of my stupid disk that I never even use?

The police need to throw people who commit crime in jail, in this case they don't just have the evidence.

@16 The principal idea behind encryption schemes like PGP is that, without the decryption key, it takes a discouragingly-long amount of time to brute-force decrypt the files.

As long as the accused was careful not to write down the passphrase (or otherwise compromise the security of the key itself) and the particular encryption scheme does not have any usable holes, then the chances are slim that the investigators could brute-force the files before a sixth amendment argument could be made.

1) This is absolutely the right ruling. The police do not have the right to force you to testify against yourself. That is abundantly clear in the Constitution. They can appeal all day and night, but I don't think it's going to go anywhere, and thank the gods.

2) I know this is not a popular viewpoint, and I understand and appreciate why, but I would like to point out that there is a difference between a child rapist, a statutory rapist (as in with someone physically mature, but under 18), and someone who has infinitely-reproduceable, electronic copies of pictures or fictitious depictions of either of those crimes. The pictures are several orders of magnitude less damaging to society than the second, and many more less than the second. Most law seems to reflect this. If he's "defiling" anything, it's his own mind.

Moreover, I don't think it's at all right to refer to victims of child abuse as "defiled." There's nothing wrong with them; they didn't do anything wrong, and that thinking and terminology is what causes the problem in their lives, more than the abuse, actually. It's the way people look at them. It's the way people think about them if they find out. We have control of that part of the process. Don't use words (or, rather more importantly, concepts) like "defile," and you'll solve the worst part of the abuse.

@#16: Of course it is possible to brute-force (crack) a PGP encrypted disk. But it will take
1) a lot of time, and
2) a lot of processing power,
to the extent that it really is not feasible for the mere purpose of sending someone to jail on child pornography charges.

Another point that should be made: The immigration official who happened to view the file judged it to be "child pornography", but this might have been a matter of opinion. I have a collection of David Hamilton's photography on one of my hard drives, I wonder what the immigration official in question might think of that. From what I know about the mindset of the average U.S. immigration official, I'd rather make sure to have it on an encrypted partition if I ever were to travel to the U.S. with a laptop. (however unlikely)

One essential point hasn't been touched yet. It is technically possible, even easy, to keep encrypted data in a deniable way.

If the accused has done that, forcing him to turn over his key will end in a farce. He would turn over his first-level key, but keep his second-level, invisible, unknowable, deniable key to himself. In such a system there is no way to prove even the existence of such a second-level key.

In other words, facing an intelligent and cautious person, law enforcement is powerless. That's today's digital truth, whether we like it or not.

Hans-Georg Michna, Germany