Self-Incrimination in the UK
In the UK you can be compelled to provide testimony and evidence against yourself. This requirement to self-incriminate or go to prison has been extended to the electronic realm of Blackberries.
In the US the theory (untested in the courts) is that providing decryption keys is providing testimony. This is because the government is asking you to say something, write something, or otherwise communicate information to the investigators. Forcing testimony you consider self-incriminating is prohibited by the Fifth Amendment. The analogy is my shed which is locked by a combination lock and the police have presented me with a valid, Judge-signed search warrant. I am under no obligation to unlock the shed nor can I be compelled to recite the lock combination. If the police want to search fine, they can get out the bolt cutters and search the property (shed) named in the warrant. It is the same if the search warrant calls for the seizure of my hard disk. I am under no obligation to decrypt the data nor am I under any obligation to recite the description key. Let the police use the access technology on the market (electronic bolt cutters) to access the hard disk named in the warrant or find the password written down on a piece of paper in my desk.
Here are competing theories on this:
The US DOJ thinks your crypto key is not "testimonial" and, thus, not protected by the Fifth Amendment to the US Constitution.
Mr. Sergienko disagrees and backs up his analysis with case law citations the DOJ paper lacks. His position is that your crypto keys are testimonial (protected) because the keys are both communicative and can be used for authentication. Either property makes an utterance testimonial.
Both (US DOJ and Sergienko) though agree that the matter rests squarely on the testimonial, compelled, and incriminating nature of the plain text recovered. The DOJ avoids the topic of authentication completely and only addresses the communicative nature the plain text recovered.
But, as I said earlier neither theory has been test before by the 9 demi-gods in black dresses, so relying on the fifth for protection when needed may prove as helpful as a broken tooth.
BTW, did you notice in the article that Blackberry seems to be the only internet PDA device which routinely encrypts your email traffic end-to-end? Do Section 49 directives only target Blackberry because the other PDA’s (e.g. iPhone) send your email traffic in the clear so all the police need to do is go to your ISP or packet sniff for the emails of interest?
I may have to consider a Blackberry for that reason alone.