Here’s an interesting question, arising out of a case before a Colorado court: may the state require a defendant in a criminal trial to enter the password that will decrypt a computer drive with full disk encryption? The Electronic Frontier Foundation has entered a brief in the case of US v. Fricosu arguing Friday that to require the defendant either to hand over the information on the drive or to provide the password enabling the prosecution to get access to the data would infringe her constitutional right against self-incrimination. Apparently the authorities have offered a limited form of immunity to the defendant, who has been accused of fraudulent real estate transactions.
The EFF brief is available online.
It’s hard to think of parallels to this situation from which to argue. Where the state has a search warrant, it may use force to enter premises or containers such as cars or safes. And at the same time the state may not compel a defendant to testify or, indeed, (this cases aside) answer questions whether or not under oath. Here’s a situation where forceable entry is perhaps impossible or, at least, very very difficult. Law Technology News, for instance, says:
While no storage encryption technology is completely unbreakable, today’s algorithms come very close to being impenetrable. The Advanced Encryption Standard (AES), the current encryption benchmark, offers 128-, 192-, or 256-bit security levels. At the low end, 128-bit AES offers 3.4 x 1038 key combinations. At the top level, no known brute-force attack can break a 256-bit key AES in a reasonable amount of time (it would take many years even on the fastest computers available).