Should a suspect’s encrypted data be open to law enforcement?


A Colorado District Court judge is currently deliberating whether or not an order should be issued to compel a defendant into revealing her password so encrypted data on her laptop can be accessed and investigated. The defendant is accused of committing financial fraud and access to the data has been requested by the prosecution. The scenario represents a classic case of individual rights versus public interest – the outcome will be very interesting indeed.

It’s easy to make a case for both sides; it’s no co-incidence that council for the defense is also a member of the Electronic Frontier Foundation who’s motto is “Defending your rights in the digital world”. Obviously the right to privacy and the American constitution play a major role in defense strategy, and groups pushing the civil liberties barrow are bound to concur. On the other hand, the prosecution is arguing that failure to demand access to encrypted data harms public interest and would almost certainly open a door for criminals to escape justice simply be encrypting incriminating digital data.

To me, the answer is a simple one; there is already a template in place for discerning the thin white line between individual rights and overzealous law enforcement – it’s called probable cause. If the prosecution is already in possession of enough evidence to substantiate its suspicions the court order should be granted. If, on the other hand, the prosecution is relying solely on what the encrypted data may or may not reveal then that smacks of a fishing expedition and could easily be considered a case of ‘guilty until proven innocent’.

Regardless of laws and individual rights, in cases such as these I can’t help thinking that if persons under suspicion are innocent and have nothing to hide, then why wouldn’t they just grant access. It would take an extremely dedicated (innocent) person to place their rights to privacy above the embarrassment, inconvenience, expense and loss of face caused by court proceedings. The old adage ‘if you have nothing to hide, you have nothing to fear’ springs to mind.

I firmly believe laws have been heading in the wrong direction for years, largely due to the efforts of the civil libertarians and do-gooders. There are far too many laws already in place which tend to protect the rights of criminals while ignoring the rights of victims and frustrating law enforcement. I actually admire the way America enforces its criminal code. We recently heard of a young American single mother who shot an intruder dead and was not subsequently charged with any offense. Two men invaded the woman’s home with evil intent, she shot one, and the other, who escaped unhurt, was later charged with several offenses. If that happened here in Australia, the young mother (AKA victim) would have been charged with murder, the surviving accomplice would have received a slap on the wrist and subsequently sued all and sundry for copious amounts of compensation.

Anyway, that’s my rant for the day. Now getting back on track, do you think passwords and encrypted data should be sacrosanct under any circumstances or do you believe that, in the case of suspected criminality, law enforcement should have the right to demand access?


Posted in:
About the Author

Jim Hillier

Jim is the resident freeware aficionado at DCT. A computer veteran with 30+ years experience who first started writing about computers and tech back in the days when freeware was actually free. His first computer was a TRS-80 in the 1980s, he progressed through the Commodore series of computers before moving to PCs in the 1990s. Now retired (aka an old geezer), Jim retains his passion for all things tech and still enjoys building and repairing computers for a select clientele… as well as writing for DCT, of course.