That has been the question since national security level encryption has been available to the masses. Up to the early 90’s it was considered a “munition” and restricted as to export. That was defeated when books with code exaples like “Applied Cryptography” by Schneier and Zimmerman’s PGP program was printed out and mailed to Europe. They could not be stopped under 1st Amendment protections. Plus once the Duffie-Hellman protocol became practical, commercial interests wanted strong cryptography available in browsers for eCommerce. The fight between Netscape and the defeat of the clipper chip under Clinton Admin was based on that.
Logically, data protected by strong encryption and available only through the application of its password/passphrase should be in the same vein as demanding the combination of a safe by the police. Essentially a warrant for what is inside your head. In the past that was protected. The cops could haul away your safe and force it open but they couldn’t force you to incriminate yourself by demanding you open it.
Some federal courts have upheld that notion. The most famous was Kevin Mitnick in the 1990’s who was arrested,tried and convicted for hacking the US Govt sentenced to prison for years. The FBI labs had his laptop but could never open his files without his input, which he refused.
State courts have demanded decryption, some Fed courts also while United States Court of Appeals for the Tenth Circuit has said the 5th Amend applies. The Supreme Court agreed in a general sense, but not on this issue. National Security Letters which can be applied to Enterprises, may be exempt.
However some courts do not agree and there is now a US citizen held without charge. charge or conviction (except contempt), for 16 months, because he won’t open his files based on 5th Amendment assertion.
So the question becomes, can a US Citizen be compelled to “self incriminate” if the data is stored digitally but protected; but not if its testimony or documents as in US v Hubble? It will end up in the Supreme Court, and how it rules will be interesting. Will the judges be “conservative” or “liberal” in their reading?
Ridge
https:/arstechnica.com/tech-policy/2017/02/justice-naps-man-jailed-16-months-for-refusing-to-reveal
-passwords
Put it bluntly. That is the issue at stake with Customs and Border Patrol and other law enforcement officers forcing under threat of arrest without probable cause the disclosure of passwords to phones.
Even when the law enforcement officer is not cleared for access to a phone used in US national security purposes.
Even when the phone is a corporate phone for corporate business.
Those last two depart from current norms of impunity.
Crossing international borders are special cases and they have always been exempt from many of the “search and seizure” elements of the Constitution.
What is brewing here is the tendency to rely on digital devices and stored data for much of one’s personal details. Lavabit closed shop rather than comply with a NSL. Truecrypt went really bizarre and basically denegrated its own program on its website saying it wasn’t secure, probably because of pressure for backdoors by US or European security services.
The Apple iPhone case showed that corporate co-operation wasn’t necessary when you have companies like Cellebrite. How about iTunes cloud storage? Is it really secure? If you use such services, encrypt the data before you send it up.
This is different from the biometric locking of devices as that is “who you are”. What they are requiring is “what you know that will land you in the slammer”. For the former cop and possible child pornographer to sit for 16 months rather than unlock his files means, its really, really incriminating or he is really, really principled. Neither is material for 5th Amend considerations.
I first got into this stuff back in ’98 when I read an article about a program called “Scramdisk” where the author stated it was so secure that files would be proteced to a degree that “God couldn’t read them”. Hey!, that sounded pretty cool. That lead to PGP, PGPDISK, GPG, S/MIME, PKI, SSL, SSH, IPSec VPNs, etc…
The programs all depend on the security of the system they run on to be effective. Certainly each device can be compromised, but without that compromise in place, once data stored and protected, its protected. Its the safe that can’t be cracked; so hiding your deepest, darkest secrets there is the best way to protect them.
Of course such secrets are exactly what police departments want. Who knows what’s in there. Society must be protected. So personal privacy and the sanctity of one’s own personal thoughts vs the State. There has always been a struggle against the two, with many in Washington (Dem and GOP) wanting access to those thoughts. Law and Order.
That is a little bit of a ramble, but the courts have yet to catch up. How will the Appeals and Supreme Court rule? Don’t know, but one might practice hiding the encrypted container. There are methods, but one more step in an already time consuming process.
R