A Federal judge in Vermont ruled today that a defendant can’t be compelled to reveal the password used to decrypt files on his or her hard drive. From the ruling:
Compelling Boucher to produce the password compels him to display the contents of his mind to incriminate himself…The foregone conclusion doctrine does not apply to the production of non-physical evidence, existing only in a suspect’s mind where the act of production can be used against him.
This is good news for electronic privacy. Unfortunately, there is already precedent allowing law enforcement to install a key logger on a suspect’s computer to obtain the encryption password without the suspect’s knowledge. So I guess this ruling (for as long as it stands) just protects us when law enforcement wasn’t smart enough to install a key logger before charging us with a crime and seizing our computers.
I wonder what, if any, case law exists to compel a person to reveal the code used to encrypt a hand-written diary? Do we have more privacy rights now that our PGP/GPG keys are part of our fifth amendment right not to act as a witness against ourselves?