[mpbm]

Let's say a law like this did get passed. How could it even be worded?

For example, if it merely says "you have to give the cops your password when a judge tells you to" then using a password manager should technically protect you, because you don't know the password and have no way of retrieving it.

They could add "or the password for your password manager" but then the judge would have to say "give up all of your passwords", not just the one(s) relevant to the investigation.

Either way, the law would also have to say "and don't change your password(s) until the investigation is over" or "and give the cops a copy of your password whenever it changes".

Even then, you'd only be getting the people with 1) nothing to really hide or 2) so stupid they would have gotten caught some other way anyway because all a criminal would have to do is set their data to permanently lock, or self destruct, when the cops enter the fake password the criminal turned over.

The only way this could work is if the cops could just straight up compel you to assist in your own investigation. They can already do that by tricking you, so I don't think this would add much.

[biot]

It's much simpler than that. A judge orders you to give police access to your account. Regardless of whatever labyrinthian setup you use to unlock the actual credentials, and barring a stay of the order pending appeal, if you do not give police access you will be held in contempt of court and you may be sent to prison until such time as you comply with the court order. Claims of "but technically I don't actually know the password" are going to impress a judge as much as an argument of "but technically it was the bullet that murdered him" would.

[semi-extrinsic]

But what if you set your system up with plausibly deniable encryption? Say you encrypt two data sets, one with perfectly legal data, the other with the secret incriminating stuff. How will law enforcement be able to tell you gave them the key to the innocent data only? Block cipher output is indistinguishable from pseudorandom numbers. Deniable encryption is not a new thing in any way.

Edit: How would this be different from police saying "we know you've gone out and buried something, a neighbor saw you leave with something heavy and a shovel", and then you give them a location where you've buried something innocent (a long way away from your secret criminal stuff)?

[biot]

You could setup a complicated series of plausibly deniable encryption, steganography, and so on and I suppose that might work. But you need to maintain perfect opsec as well as hope they don't already have sufficient evidence that you possess the information they're after. They might have already installed a keylogger plus covert video surveillance and your denials are now contempt of court plus obstruction of justice.

In your burial scenario, they might already possess video surveillance of you dragging a body into the woods, then leaving 30 minutes later but they'd like you to provide an exact location to avoid an extensive search. Telling them you went to the beach with your metal detector won't bode well.

[oolongCat]

What if you "forogt" how to gain access to your account?

[OscarCunningham]

Also, what if you forgot how to gain access to your account?

[bcook]

Are you drunk?