> People are divided in two camps. One sees the password as a > physical key that must be handed to authority when ordered by the > court. The other sees the encryption as a part of a person's > memory, divulging of which would constitute self-incrimination.
I see it personally neither, but instead as an unacceptably bad failure scenario. In order to make "reveal your encryption key/password" enforceable, the penalty for non-compliance has to be significant enough for the accused to choose to turn over the key rather than face whatever consequences there are; in other words, the penalty needs to be at least as great as the penalty for whatever crime they may incriminate themselves by the action of divulging the key. This means that "failure to provide the key" needs to be a pretty significant charge. Well, I can think of at least two failure scenarios where the punishment for this action would be egregiously in violation of the basic principles of justice -> first, the accused may not actually remember the key; and second, the accused may not have ever possessed the key in the first place. In particular, the second scenario can be effectively leveraged maliciously. Irritated at your soon-to-be-ex-boyfriend for cheating? Encrypt part of his hard drive and call the police insisting that you saw child porn on his computer. Can't find the books to convict Al Capone of tax evasion? Just encrypt a disk and slip it in his coat pocket. Instead of "throwdown guns" you'll now see "throwdown usb keys". _______________________________________________ FDE mailing list [email protected] http://www.xml-dev.com/mailman/listinfo/fde
