[mikeash]

To me, the most convincing argument is, what if you legitimately forget your password?

If that alone gets you thrown in jail, then you're going to be jailing a lot of innocent people. On the other hand, if that does not get you thrown in jail, then one can simply claim to have forgotten the password without repercussion.

Personally, I'd rather let people hide evidence by encrypting it than jail people for being forgetful, since those seem to be the only two choices.

[grecy]

I agree 100%

I'm thinking about the case where a person never even knew the key to what they have. The example is a business laptop being carried through customs, that was encrypted by someone else, who will decrypt it upon your arrival (or something similar)

[tedunangst]

1. If there's no evidence that you know the password, that's possibly a reasonable defense. When the police have a recording of you saying "don't worry, the files are on my encrypted partition", it's less reasonable.

2. I would seriously reconsider the decision to carry unknown contents through customs.

[jrockway]

2. I would seriously reconsider the decision to carry unknown contents through customs.

My ISP does this billions of times per day.

[alextgordon]

And, what if I do this?

    head -c 1048576 /dev/random >not_encrypted_I_promise

I can't prove that file isn't actually encrypted data. Are we going to throw people in jail for possessing random data without a justification?

[tedunangst]

No, we're only going to throw people in jail for possessing random data and failing to produce encrypted documents we have evidence they possess.

[gcb]

that's the most dodged response ever.

i think for his question to even be made, it was assumed he was being accused of possessing encrypted something.

Let's attach the old guy from france that got into the 3 strike law without even having a computer at the time. Now let's say instead of getting the IP of that old guy from france, the police got the IP of the comment above yours, from let's say mr Buttle. Now they confuse him with Mr Tuttle and assume he has encrypted criminal data. but all they could find on his computer is the file "not_encrypted_i_promise".

he is then throw in jail because he failed to provide the password. His infective defense was that he was "playing" with philosophical questions regarding encryption.

[tedunangst]

Then explain that to the judge. The defendant in this case is not claiming to be the victim of mistaken identity.

[gcb]

that was even less to the point. you are good

ignore the mistaken identity, was just a means to reach the false/wrong accusation resulting in the experiment he just did convicting him.

[tedunangst]

I don't see the problem. People get convicted based on faulty evidence. The sad fact is it happens. [Yes, that is a problem, but...] Why is cryptography special?

[furyofantares]

If they believe it's encrypted data containing incriminating evidence, and you refuse to decrypt it, you may be charged with obstruction of justice.

You have no need to prove it isn't actually encrypted data. All you must do is debunk whatever evidence they provide that it is encrypted. The prosecution must present compelling evidence that it isn't random data.

[rayiner]

You're creating a dichotomy that doesn't exist. What actually happens is that there is an intent element to crimes associated with destroying evidence. So you might get in trouble for purposefully destroying evidence, or in some cases negligently destroying evidence (e.g. a company that didn't have a proper data-retention policy). You usually can't get in trouble for accidentally destroying evidence. Then, you testify as to your intent, and the jury gets to decide whether you're telling the truth, making inferences from your circumstances. People might believe you forgot the password to some drive you never use, but probably won't believe you forgot the password to the drive holding the bank codes for all the money you embezzled.

[mikeash]

And what if the police just think the drive holds the bank codes for all the money I embezzled, but is actually an archive of amusing cat pictures I forgot the password to a year ago?

Seems to me that the only way to reasonably apply "innocent until proven guilty" there is to only convict if they know what the encrypted contents are, and if they can already prove that beyond a reasonable doubt, why do they even need you to decrypt them for you? Conversely, if they don't know the contents, then they may well be innocent, and the password innocently forgotten.

[dedward]

which means prosecutors will have supporting evidence that you have the info they need andyou wonthaveevidence that you are acat freak.