like six hours. He ultimately gave in but I wonder if it would have been legal for the authorities to brute force a passphrase on the file...this is relatively unbroken legal ground.
Breaking a cipher with brute force (or whatever) without cooperation from the suspect is certainly *not* "unbroken legal ground". See Kahn's "The Codebreakers" for several stories about rum-runners and other Prohibition violators who used relatively weak codes and ciphers that were cracked by the authorities and used against them in court. See if you get the same sense of deja-vu that I got. What *is* unbroken legal ground is the original question of whether a court could compel you, under threat of contempt, to divulge an encryption key to decrypt information that could then be used against you. Mike Godwin, who unlike me *is* a lawyer, has forcefully argued that a strong legal case could be made that the Fifth Amendment would *not* protect you, while I've heard other lawyers (including a law school prof who specializes in the Fifth Amendment) say exactly the opposite. Ah, lawyers. Where would they be if they all *agreed*? :-) Anyway, even Mike concedes that the specific facts may be very relevant. For example, I might do much better by refusing to concede that I even know the key to the file in question, as opposed to admitting that I do know it but am standing on my Fifth Amendment right to not reveal it. But this might be hard to do if the file were encrypted with PGP in the public key mode, especially given PGP's fondness for user-friendly error messages like: "This message can only be read by Phil Karn <karn@unix.ka9q.ampr.org>" On the other hand, if the file in question were encrypted with PGP with the -c (conventional cryptography only) option, then I'd have a somewhat better chance of claiming that I didn't know the key. I could claim that it belonged to my, uh, uncle (now conveniently deceased, alas) who, uh, asked me to hold onto it for safekeeping and, uh, I just hadn't had the heart to delete it yet. It would be even better, of course, to use encryption that leaves *no* identifying markings of any kind on its ciphertext. Just flat, random binary data. This way you don't even have to concede that it *is* ciphertext. Perhaps you were playing with your new PC sound card, and you must have accidentally recorded some interstation noise from the FM radio, yeah, that's it... And, of course, there's no real reason why you have to leave yourself at all vulnerable to compelled key disclosure when it comes to encrypted *communications* (as opposed to stored information) given the existence of things like authenticated Diffie-Hellman key exchange... Phil