[HWR_14]

> Unless you encrypt it in a manner resistant to any way you can be compelled to decrypt it,

In the US you it is not legal to be compelled to turn over a password. It's a violation of your fifth amendment rights. In the UK you can be jailed until you turn over the password.

[eel]

At Amazon, their travel trainings always recommended giving out your laptop password if asked by law enforcement or immigration, regardless of whether it was legal in the jurisdiction. Then you were to report the incident as soon as possible afterwards, and you'd have to change your password and possibly get your laptop replaced.

That kind of policy makes sense for the employee's safety, but it definitely had me thinking how they might approach other tradeoffs. What if the Department of Justice wants you to hand over some customer data that you can legally refuse, but you are simultaneously negotiating a multi-billion dollar cloud hosting deal with the same Department of Justice? What tradeoff does the company make? Totally hypothetical situation, of course.

[ratorx]

You can make it so employees don’t have ambient access to data, and require multi-party approval for all actions that require user data. Giving away a user password should be treated as a routine risk.

I’m not saying that’s how it actually works, and this process doesn’t have warts, but the ideal of individual employees not having direct access is not novel.

[DANmode]

Totally.

[SpicyLemonZest]

There are many jurisdictions in the US (not all!) where you can't be compelled to turn over a password in a criminal case that's specifically against yourself. But that's a narrow exception to the general principle that a court can order you to give them whatever information they'd like.

[HWR_14]

It's a federal constitutional protection to not be compelled to turn over your password. If you think a jurisdiction can compel you, I would like references.

[SpicyLemonZest]

The ACLU has a good overview (https://www.aclu.org/news/privacy-technology/police-should-n...). A number of state-level supreme courts have ruled that the protection you're describing exists, but others have ruled against it, and on the federal level AFAIK only the DC Circuit has made a clear ruling about it.

[lesuorac]

Well, currently sure.

However, back when the constitution was amended the 5th amendment also applied to your own papers. (How is using something you wrote down not self-incrimination!?).

It only matters if one year in the future it is because all that back data becomes immediately allowed.

[HWR_14]

Papers were covered under the 4th amendment. It's always been the case that a warrant could let the government access your journal.

[lesuorac]

> See United States v. Hubbell. In Boyd v. United States,[60] the U.S. Supreme Court stated that "It is equivalent to a compulsory production of papers to make the nonproduction of them a confession of the allegations which it is pretended they will prove".

https://en.wikipedia.org/wiki/Fifth_Amendment_to_the_United_...

This opinion hasn't lasted the test of time but historically your own documents cannot be used against use. Eventually the supreme court decided that since corporations weren't people that their documents could used against them and then later that it also people weren't protected by their own documents.

[rrr_oh_man]

There’s an interesting loophole for Face ID…

[estimator7292]

In the US, law enforcement is specifically allowed to compel biometric scans to unlock personal devices.

[schrodinger]

FYI -- Because of this, Apple made a feature where if you click the power button 5 times, your phone goes into "needs the passcode to unlock" mode.

Whenever I'm approaching a border crossing (e.g. in an airport), I'm sure to discreetly click power 5 times. You also get haptic feedback on the 5th click so you can be sure it worked even from within your pocket.