Mike Godwin writes:

Note that a court could cite you for contempt for not complying with a subpoena duces tecum (a subpoena requiring you to produce objects or documents) if you fail to turn over subpoenaed backups.

I understand this, but could I be cited for failure to produce evidence not known by the court to exist? (Clearly, I could be so cited if the evidence were ever discovered.) Is there a process that the court can use that says "hand over absolutely all artifacts pertinent to the case at hand known to *you*, whether such artifacts be known to the court or not." ? Or is it the case that failure on my part to offer up such evidence is inherently contemptuous?

To be honest, I don't think *any* security measure is adequate against a government that's determined to overreach its authority and its citizens' rights, but crypto comes close.

I wholeheartedly agree; I'd of course encrypt my secret backups :-) Gee, now that I've publicized this great idea, I suppose it can never work for me. -- Mike McNally

...

Note that a court could cite you for contempt for not complying with a subpoena duces tecum (a subpoena requiring you to produce objects or documents) if you fail to turn over subpoenaed backups.

This is gonna sounds weird, but.... Let's say I have a (paper) document which explains how I (for example) embezzled money from Megacorp, Inc. I presume that the Fifth Amendment means I cannot be forced to produce this document. Case 1: let's say that I have the same document on disk, in the clear. Can they force me to produce that? Case 2: They sieze a disk from an associate which has the document, but it's encrypted. Can they force me to produce the key? Mike, you claim that there is precedent which says that they can. I'm curious how the Fifth Amendment allows this. I've heard you say in the past that key escrow doesn't violate the 5th because you're not disclosing anything at the time. But if the government possesses an incriminating document, wouldn't forcing me to give them the key constitute self-incrimination? Case 3: I keep all my stuff encrypted, and enter the key from (say) a smartcard of some sort when I boot up. They seize my machine, and insist that I give them the key. I refuse, because the key is stored in a cleartext document, which incriminates me in some way. (Say the key is a hash of the document itself.) Since I'm sure there's no precedent for this, what are the legal implications of seizing this document? Case 4: "I forgot." Can they do anything? Marc

Marc asks a bunch of legal questions:

This is gonna sounds weird, but....

Let's say I have a (paper) document which explains how I (for example) embezzled money from Megacorp, Inc. I presume that the Fifth Amendment means I cannot be forced to produce this document.

Why presume this? Suppose the document doesn't directly incriminate you (it doesn't say "I did this crime," for example), but, taken together with other evidence the government has, does tend to incrimininate you. In some circuits, at least, production of that document can be compelled. (In others, there is a "last link" exception--the government can't compel evidence that would constitute the "last link" in proving the government's criminal case against you.)

Case 1: let's say that I have the same document on disk, in the clear. Can they force me to produce that?

Assume that the rules are the same for paper or electronic documents.

Case 2: They sieze a disk from an associate which has the document, but it's encrypted. Can they force me to produce the key?

This has never been decided, but I think that, in terms of the relevant legal precedents, they can. The rule is that you can be compelled to produce anything that is not, in itself, testimonial in nature and tending to incriminate you. An encryption key, *taken by itself*, normally doesn't tend to incriminate anyone--after all, it usually looks like gibberish.

Mike, you claim that there is precedent which says that they can. I'm curious how the Fifth Amendment allows this.

See above. The Fifth Amendment bars compelled testimony. If what is being compelled is not testimonial in nature, it doesn't violate the Fifth.

I've heard you say in the past that key escrow doesn't violate the 5th because you're not disclosing anything at the time.

More precisely, what I've said is that this is the argument the government would make. In spirit, I think it violates the Fifth Amendment.

But if the government possesses an incriminating document, wouldn't forcing me to give them the key constitute self-incrimination?

Possibly, in a circuit that recognizes the "last link" rule.

Case 3: I keep all my stuff encrypted, and enter the key from (say) a smartcard of some sort when I boot up. They seize my machine, and insist that I give them the key.

If you mean the smartcard itself, well, that can be compelled or seized. But I take it you mean the key information.

I refuse, because the key is stored in a cleartext document, which incriminates me in some way. (Say the key is a hash of the document itself.)

There is an exception to the rule that nontestimonial stuff can be compelled, and it's called, loosely, "the production privilege"--when the very act of producing what is sought tends to incriminate you, (by showing your ownership, control, authorship, or something similar), compelled production may violate the Fifth Amendment. But your question is more on the order of "What if the key is (or is derived from) a document that says 'I did this crime'?" My answer is: "I don't know." But I should note that if you set up elaborate schemes to block a law enforcement investigation that you already know or have reason to believe is taking place, you may be creating risk of criminal liability for obstruction of justice.

Case 4: "I forgot." Can they do anything?

Yes. They can conclude that you're lying and cite you for contempt or (if you say "I forgot" under oath) charge you with perjury. Remember, courts and judges *frequently* have to decide whether people are lying or not, and they could decide you're lying in this case. --Mike