Your Encryption Key Is Protected By The Constitution?

from the can't-incriminate-yourself dept

In an interesting case up in Vermont, a federal judge has ruled that someone accused of a crime cannot be forced to reveal his or her encryption key, as it would be a violation of the Constitution's 5th Amendment, saying that an individual cannot be forced to self-incriminate. In an age where encryption is becoming increasingly popular, expect to see other cases of this nature. It seems likely that a case like this one (if not this one itself) will eventually wind up before the Supreme Court to determine whether or not someone can be forced to give up his own encryption key. Where it gets tricky is the question of whether or not the key itself incriminates the person. As the article notes, a person can be forced to give up a key to a safe that contains incriminating evidence, which many say is analogous to this situation. In the meantime, though, we've already seen cases where people are presumed guilty just because their computers have encryption software installed -- so, it may not matter whether or not the key is provided when the presence of PGP alone is viewed as incriminating.

Filed Under: constitution, encryption, encryption key, fifth amendment, pgp


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Kelly Martin, 17 Dec 2007 @ 8:50am

    Combination locks

    It's established law, IIRC, that you cannot be forced to give up the combination to your combination lock because that would require an utterance. The same goes for the passphrase to a private key. The key itself they can have, but not the passphrase required to use it. It's not the key that's the issue; it's the passphrase. Moral of the story: use passphrases on your private keys, and don't write them down anywhere.

    The difference between a safe combination lock and a digital private key is that a safe's lock can be circumvented in a reasonable timeframe. A digital private key encrypted with a strong passphrase and nonreversible encryption, not so much.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Shop Now: Techdirt Logo Gear
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.