It is not in fact settled law that unlocking an encrypted drive is testimonial. It's also worth remembering that the primary motivation for 5A is to prevent false, coerced testimony and torture; when SCOTUS eventually deals with this, they could find that no protected substantive rights are threatened by demands to unlock encrypted media.
We're unlikely to get it both ways: both a right to strong encryption without government interference and a right to defy court demands to decrypt specific files. But we'll see.
Realistically, how can we differentiate between a suspect who's refusing to unlock something, and a suspect who has genuinely forgotten his password?
I know for myself, even with passwords I use multiple times a day from memory, it only takes a couple of months of not using them before I cannot recall them again. This guy has been locked up for 7 months.
See also the numerous people who stored bitcoin in brain wallets (bad idea), who now cannot reclaim their money despite considerable financial incentive to do so.
There is no foolproof way, but uncertainty is something the law has dealt with for centuries, and isn't unique to this situation. The short answer is: it gets argued in court like everything else.
If cryptography introduces too many new cases of contempt, we'll need to rework the contempt system, and, in particular, introduce juries to the process (perhaps for contempt sentences exceeding a certain number of weeks).
> uncertainty is something the law has dealt with for centuries, and isn't unique to this situation. The short answer is: it gets argued in court like everything else.
Yes, precisely. This is a specific point I have seen programmer types uniquely vulnerable to tripping over.
Courts, generally, aren't like computers, where a little technicality will override common sense completely in a literalistic following of instructions. Sure there are exceptions to this rule, but for the most part a court proceeding has humans running it that live in the actual society and have some ability to factor in not just the rules but also the consequences, including unintended ones, of their actions.
"Courts, generally, aren't like computers, where a little technicality will override common sense completely in a literalistic following of instructions."
True, and in rare cases where something like that does happen, it's probably going to be a lot more amenable to sensational reporting, so more likely to be widely reported.
> I know for myself, even with passwords I use multiple times a day from memory, it only takes a couple of months of not using them before I cannot recall them again. This guy has been locked up for 7 months.
You have the timeline reversed. He's been locked up for 7 months because he refuses to decrypt the drives.
> We're unlikely to get it both ways: both a right to strong encryption without government interference and a right to defy court demands to decrypt specific files.
What about the plausible deniability that is provided by some encryption softwares (Truecrypt was one of these when it was still relevant and considered secure, I don't know about current ones)? If the suspect decrypts an encrypted volume and can deny plausibly that there is another one hidden within, is he supposed to remain in jail until he decrypts a volume providing evidence of crimes he might have committed?
In my opinion this is the reason why "I have forgotten the password" should be accepted as an answer, for the two situations are similar: either there is enough evidence to convict the guy and other evidence is not really needed, or there is not and the burden of the proof should not be on the suspect.
Defying court demands should always be an option - such actions can be a crime, and it can be adequately punished, but it certainly is an option that can happen, and if a person does defy court demands, then consequences should require the following:
1) There is a proper verdict that the person has actually defied the court (as opposed to forgotten the password or the encrypted data not being his in the first place) - this has not happened in this situation, we have only claims by the prosecution not verified by the court;
2) the guilty person receives an appropriate punishment for this crime - and indefinite imprisonment (e.g. life sentence if the person doesn't yield) is not valid even if the person is guilty of everything claimed.
We're unlikely to get it both ways: both a right to strong encryption without government interference and a right to defy court demands to decrypt specific files. But we'll see.