I would not read too much into this ruling -- I think that this is a special situation, and does not address the more important general issue. In other cases, where alternative evidence is not available to the government, and where government agents have not already had a look at the contents, the facts (and hence perhaps the ruling) would be different.

Balls. This is a straight end-run attempt around the Fifth Amendment. The cops initially demanded a court order making him reveal his password -- then modified their stance on appeal after they lost. So he can't be forced to reveal it, but "on a technicality" he can be forced to produce the same effect as revealing it? Just how broad is this technicality, and how does it get to override a personal constitutional right? If the cops bust down your door and you foolishly left your computer turned on, are they entitled to make you reveal your encryption passwords anytime later, because your encrypted drive was accessible when they ran in screaming at your family and shooting your dog? Suppose they looked it over and typed a few things to the screen? Suppose they didn't? Suppose they used a fancy power-transfer plug to keep it running as they walked it out the door, but they tripped and dropped it and it powered off? That's a technicality, isn't it? Don't forget, this is a nuisance case. It's about a harmless Canadian citizen who's a permanent US resident, who crossed the Canadian border with his laptop. A guy smart enough to encrypt his drive. On the drive, among other things, was a few thousand porn images downloaded from the net. Legal porn. The border guards, who had no business even looking at his laptop's contents, trolled around in it until they found some tiny fraction of the images that (they allege) contained underage models. (How would *he* know the ages of the models in random online porn? Guess he'd better just store no porn at all, whether or not porn is legal. That's the effect that the bluenoses who passed the "child porn" laws want, after all.) That's the "crime" being prosecuted here. This isn't the Four Horsemen's torture-the-terrorist-for-the-password hostage situation where lives are at stake and the seconds are ticking away. This is a pointless search containing the only evidence of a meaningless censorship non-crime. If the feds can force you to reveal your password in this hick sideshow, they can force it anytime. Suppose the guy had powered off his laptop rather than merely foolishly suspending it. If the border guards had DRAM key recovery tools that could find a key in the powered-down RAM, but then lost the key or it stopped working, would you think he should later be forced to reveal his password? Suppose they merely possessed DRAM key recovery software, but never deployed it? Hey, we claim that you crossed the border with that key in decaying RAM; fork over that password, buddy! Don't give them an inch, they'll take a mile. Drug users can now not safely own guns, despite the Second Amendment. Not even guns locked in safes in outbuildings, because the law passed against "using a gun in a drug crime" has been expanded by cops and judges to penalize "having a gun anywhere on the property even though it was never touched", and even when the only drug crime was simple possession. Five year mandatory minimum sentence enhancement. (Don't expect NRA to help -- their motto is "screw the criminals, leave us honest people alone". That's no good when everybody's a criminal, especially the honest people like this guy, who had nothing to hide from the border guards and helped them search his laptop.)

Sessions wrote: "Boucher's act of producing an unencrypted version of the Z drive..."

There is no such document as "an unencrypted version of the Z drive". It does not exist. It has never existed. One could in theory be created, but that would be the creation of a new document, not the production of an existing one. The existing one is encrypted, and the feds already have it. I'm still trying to figure out what the feds want in this case if the guy complies. They'll have a border guard testify that he saw a picture with a young teen in it? They'll show the jury a picture of a young teen, but won't "authenticate" it as a picture that came off the hard drive? It can just be any random picture of a young teen, that could've come from anywhere? How will that contribute to prosecuting this guy for child porn? Maybe they're just bored from training themselves by viewing official federal child porn images (that we're not allowed to see), or endlessly searching gigabytes of useless stuff on laptops. Instead they want the thrill of setting a precedent that citizens have no right to privacy in their encrypted hard drives. Let's not help them by declaring this guy's rights forfeit on a technicality. John --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE