Courts in the US and the UK have recently been ruling that criminal suspects may be forced to reveal cryptographic keys that encode files that may include incriminating evidence. US courts have been divided on whether this infringes upon the otherwise absolute right to avoid self-incrimination. I’ve never taken that argument very seriously — it’s certainly not in the spirit of the right to refuse to assist in prosecuting oneself to allow people to hide documentary evidence of a crime, just because the revelation would be “speech”. But while people may be compelled to testify in court, and in some democracies may be required to assist police by correctly identifying themselves, it’s not usual for people to be compelled by law to reveal particular information, particularly when they may not know it. While perjury charges may be brought against those who testify falsely, the inevitable unreliability of memory makes perjury convictions difficult, and I thought impossible when the subject simply pleads ignorance rather than testifying to a falsehood.
In fact, the strongest argument for a right not to reveal a password is that it’s not the hidden data that are protected by the right against self-incrimination, but rather the admission that you know the password, hence are at least in some way in control of and responsible for them, that cannot be compelled. According to the Regulation of Investigatory Powers Act 2000 (that was apparently a banner year for civil liberties in the UK), “failing to disclose an encryption key” is an offence in itself. In 2009 a man was jailed for 13 months for refusing on principle to provide encryption keys to the authorities, despite the fact that he was not suspected of any crime other than not cooperating with the police.
I have encrypted volumes on my laptop hard drive — with old exam papers — whose passwords I’ve forgotten. I probably should delete them, but I haven’t gotten around to it, and maybe I’ll remember one of these days. Even if I did delete them, they’d still be there on my hard drive unless I took exceptional measures. So if customs officials ever took an interest in my laptop while I was entering the UK, I could end up in prison for up to two years. The only thing I could do to protect myself is either to destroy the hard drive, or have it erased, which is itself suspicious.
Unlike most other criminal offences, the offence of withholding a cryptographic key is impossible to prove, but also impossible to disprove. It is even impossible for anyone but the accused even to know whether or not there has been any offence. And if there has been no criminal offence — if the accused does not, in fact, know the key — there is no way to prove that. It is the democratic state’s version of the plight of the man being tortured for information that he does not have, so that he has nothing to offer to end the suffering.
Along these lines, I was wondering about the current state of the right to silence in British law, and there came a revelation in the form of the British authorities (oddly, the news reports are all vague about which authorities it was; presumably the UK Border Agency, but maybe agents from a secret GCHQ data-mining task force) detaining the partner of journalist Glenn Greenwald under schedule 7 of the Terrorism Act 2000. According to the Guardian,
Those stopped under schedule 7 have no automatic right to legal advice and it is a criminal offence to refuse to co-operate with questioning,
This is pretty frightening, particularly when these laws are being so blatantly abused to settle political grudges.