This phenomenon presents a manifold of problems, including:
* Because we appear to be unable to move past the most immediately obvious point, we can't fit any other thoughts in our head, like, "maybe there is a real societal problem that needs to be addressed here" --- not by regulating encryption, but, for instance, perhaps by allocating funding and training differently.
* It's boring to have a bunch of people with more or less the exact same life experiences competing to agree with each other.
* When it's not boring, it's exasperating, such as when the thread competes to build a case that all of law enforcement is a conspiracy to find more effective ways to predict who we're going to vote for --- or creepy, such as when people more or less suggest that child pornography isn't a real problem.
Two thoughts. That's all I'm asking. I agree that the first thought is "don't regulate full disk encryption". The second thought though should be something along the lines of, "yes, that's an interesting new problem for law enforcement"; it shouldn't be "OH MY GOD LOOK HERE'S THE GOVERNMENT LOOKING FOR ANOTHER EXCUSE TO SPY ON MY PORN STASH."
† I know, I was just as bad on those TSA threads as everyone else.
Sure, it may be easier for the government to attack the digital storage device to find the terrorist's journal or plans or whatever, but that doesn't mean it's the only way to do it. If someone has been making bombs, there is plenty of evidence outside a document on an encrypted volume, etc etc etc. The entire idea that a crime can exist purely in information is a step too close to thought crime and all the problems that entails for my tastes.
If a crime supposedly exists, investigate the entire crime, not just some theoretical digital footprint on a supposedly inaccessible storage device. Don't try to backdoor negate the right to private information of the citizenry purely because you're too lazy and inept to do so.
What, really? How about when it's a photo on a digital device?
Yes, yes, they're fakable. But other evidence may not exist, or may not be findable without the knowledge embodied in that photo.
The meat of the article is simply describing how investigators should be prepared to deal with FDE, when they expect to encounter it, both via legal and technical measures. This alone highly increases their chances of success.
Finally, this reminds me of Matt Blaze's analysis of the 2010 wiretap report, where in the 6 cases where encryption was found, 0 of them actually prevented evidence recovery. I suspect well-prepared law enforcement will be able to be as effective, even in spite of FDE.
At the risk of being boring, I agree with your two thoughts. I would say "this is an interesting problem for law enforcement. how can we solve this in a manner consistent with the spirit of the 4th amendment."
You do understand that sometimes there just is not "a real societal problem"to be addressed.
"""It's boring to have a bunch of people with more or less the exact same life experiences competing to agree with each other."""
There is a problem of boredom with people "agreeing"? Really? We should disagree just for the fun of it? How about people agreeing on evolution?
Also, the "more or less exact same life experiences" part was totally an assumption, and I assume a wrong one. For one, I'm 8,000 miles away from the US and its life experiences, and I know tons of other on HN that also are.
"""When it's not boring, it's exasperating, such as when the thread competes to build a case that all of law enforcement is a conspiracy to find more effective ways to predict who we're going to vote for --- or creepy, such as when people more or less suggest that child pornography isn't a real problem."""
Well, in a world where tens of thousands of children die of hunger every single day, c/p is definitely not a real problem.
The production of it could be, or it could be not, depending if real children are used.
Even so, it's still is as marginal as they come, but it gets played in the media and such as if it is extremely prevalent, in order to justify bad laws government's need for other purposes.
Nowadays, I'm very suspicious whenever they use the phrase "to fight against child pornography", because I just know they have a different agenda/priority in mind if they had to use that, but they'd rather give the child pornography line to the public.
It is a fallacious nerd narrative that LEOs want super powers to keep track of what kind of anime porn you watch. They don't care. The day-in day-out of LEOs involves crimes so banal (embezzlement, narcotics, counterfeiting, &c) that they don't catch your attention.
What's changing is that technologies that dramatically raise the cost of investigating those crimes are now the default. As a civil libertarian, I'm glad of that. But as a citizen and a counterparty to the social contract, I can appreciate the underlying concern.
The thing you "just know" is false. They care a lot more about child pornography (which happens a lot more than you appear to think it does) than you think they do.
When they try to outlaw full disk encryption to increase their chances of catching child pornographers, let's all share outrage together. Until then, try opening your mind a little bit to LEO's concerns. They have real ones.
Do you really think so?
Last time I checked, facebook made really really easy to investigate the live of everyone as never before. I'm not the one that says that, the FBI chief officers said that.
Last time I checked, there are cameras anywhere in the cities, from banks and shops to circulation plates readers with days of video buffers, so if something bad happens(terrorism) they have more information(and less cost) than ever before.
Last time I checked, they store your telephone tower triangulation information that stores when you were at what time.
They even can analogize all telephone communications of the entire country on real time, store them on a hard drive, and transcribe it for easy searching.
Today this people have more information than ever, but of course, they want more because they want to control everybody.
Terrorism and children protection has become the wild card they use to break the freedom of the people, convert us in the serves and making them the masters ( I got to meet the TSA people).
Note that some Facebook investors have professional relationships with the management of In-Q-Tel, a nonprofit VC firm created by the CIA in 1999.
This isn't a nerd fantasy, the reality is that the FBI is interested in things like which political candidate you support. These aren't investigations to catch criminals, these are investigations to subvert the rule of law and hamper the democratic process.
There wasn't a supreme court decision saying that passwords are testimony because the FBI believed it was testimony, the supreme court decision came about because the FBI believed that it was perfectly constitutional to demand citizens testify against themselves. The mandate of the FBI should not be "maintaining the existing social and political order."
From the Church Committee:
Too many people have been spied upon by too many Government agencies and too much information has been collected. The Government has often undertaken the secret surveillance of citizens on the basis of their political beliefs, even when those beliefs posed no threat of violence or illegal acts on behalf of a hostile foreign power. The Government, operating primarily through secret informants, but also using other intrusive techniques such as wiretaps, microphone "bugs", surreptitious mail opening, and break-ins, has swept in vast amounts of information about the personal lives, views, and associations of American citizens. Investigations of groups deemed potentially dangerous -- and even of groups suspected of associating with potentially dangerous organizations -- have continued for decades, despite the fact that those groups did not engage in unlawful activity.
I don't care if they care, I care if they know. If you don't understand this, please don't claim to be a civil libertarian.
But there are trade offs, and you also get more insidious elements. Certain officials in the government care about who you vote for, what websites you visit, what software you have installed, who you communicate with. This isn't new and has been par for course since time immemorial.
I'd liken it to freedom of speech. Most people, if they use freedom of speech to say something controversial, use it to say stupid and socially damaging stuff. Bush personally planned 9/11, Obama is a Kenyan Muslim plant, etc. But it's still worth fighting like crazy to make sure they have the right to say it, because as a society we do better if there is that ability to say whatever you want, even if people abuse it. It's that way we can fight against the government when we need to.
In the same way, encryption is a valuable tool that prevents government power from being exerted when it should not be. This can range from more effectively avoiding government attempts to undermine counter-establishment political organization to opening up markets that should not be being shut down by government violence.
I don't know if you'd even disagree with any of this. It's of central importance, though, to make sure that people know the debate isn't about whether we should allow child pornographers to avoid punishment.
It depends on who you classify as LEO. One of the big paradigms the US Intelligence Community is into, aside from Open Source Intelligence, is behavior patterning and such mundane things as what anime porn you like do play into that.
This is why they mass-collect cell phone & financial records -- not only to see if you're buying a lot of ammonium nitrate, but to data mine everything you're buying and try to assemble a behavior patterning prediction system.
FBI Director Louis Freeh is the most outspoken advocate of encryption
restrictions. He argues that the capability to conduct court-authorized
electronic surveillance should be built into any technology, including
powerful encryption software. 
One Freeh proposal is that all users of powerful encryption software be
asked to turn over their keys to a third party, so that law-enforcement
officials can gain access to them with a court order.
Freeh's allies include his boss, Attorney General Janet Reno, and
legislators including Rep. Gerald B.H. Solomon (R-N.Y.), the retiring
chairman of the House Rules Committee.
"Let there be no doubt," Reno wrote congressmen last year. "Without
encryption safeguards, all Americans will be endangered."
As always, child porn / blah blah blah (while not minimizing my concern for the children involved) is, as always, merely the excuse. This will, as always, be used for harassing people growing pot or civil rights protestors or to help beat hippies.
Tell that to the manga translator in Sweden who was recently convicted of possession child pornography, because he had some hentai on his computer.
 http://juridikbloggen.wordpress.com/2011/01/28/mangadomen/ (in Swedish)
Also conspicuously absent is preventing terrorism, which is a scenario where obtaining the password is more likely to be impossible, because the owner is most likely dead.
My layman's understanding is that the law doesn't consider being compelled to reveal a password to be self-incrimination. Failing to reveal a password will get you held in contempt, or result in an "adverse inference" ruling from the judge.
It seems to be a core part of (european) music industry's fight for profit-oriented internet censorship: http://christianengstrom.wordpress.com/2010/04/27/ifpis-chil...
We will just have to live with the fact that secure end-to-end electronic communication and storage encryption that is not accessible by law enforcement is available to anyone who really wants it. For the most part, this is good news for privacy, civil rights and protection from information crime; in a few extremely marginal cases, like terrorist plotters and whatnot, this is bad, but we can't have our cake and eat it too. Trying to stop it, roll it back, pretend it doesn't exist, etc. is a pointless waste of time.
The United States once classified some encryption algorithms as a munition and banned exports. We citizens can't buy tanks or air craft carriers or satellites, but we can legally use AES 256 encryption (at least for now) and we should. That's all we have left.
In 1810, the 1 in 6 Americans that were enslaved were not allowed to own guns. In another twenty years even free black men were no longer allowed to own guns (varied by state).
Not terribly relevant, but it is easy to forget where we come from and how far we've come in a relatively short time.
the only technological equality we have remaining is strong encryption – um, I can think of too many counter examples to even begin.
The United States once classified some encryption algorithms as a munition and banned exports. – remember to thank Al Gore for having the stones to let that be lifted and bringing us a fine SSL future with secure(ish) commerce in the Internet. (Ancient history, back in his VP days.)
And Al Gore -- besides obviously having invented the InterTubes -- was only reacting post festa. The PGP printout-book was scanned Down And Under (take that Regulators!), and free implementations of strong crypto were popping up everywhere (ie .de). Banning export was useless. If you can't beat them, join them, and Let the Commerce Profit! Recent history, given his commercial interests of the Intertube days (iGOOG Board). The Doors (of revolving perceptions :).
Put in those terms, it seems that the trade-off between our right to privacy versus the needs of law enforcement is so ridiculously unbalanced that the law enforcement people ought to just slink away with their tails between their legs.
But a line for people suffering from pragmatism would be this: In many, many cases someone has a secret. Sometimes even the secret that he has a secret within a domain is secret. For example, a CIA agent if arrested for child porn. Does he give up his password to the disk drive violating his top clearance status or does he shut the hell up. Or what about someone involved with a psychiatry practice that is arrested for child porn. She is legally obligated to keep those records secret. Or what about someone that signed an NDA with a tech or defense company?
The list goes on. Information is the most valuable resource on the planet. It's probably the most valuable resource in the universe. The most valuable information is the information that only you know. They do not have a right to destroy your wealth or to even know that you have any. I'd rather live in a society with a couple extra perverts.
Laws that criminalise consumption of child pornography on the theory that it aids and abets its production by routing material financial support to the source date back to a time when almost all child pornography was obtained in consideration of payment, usually by mail order. That time is long past. Free porn abounds on the Internet, and anyone stupid enough to pay for illegal porn probably deserves to get arrested. There is several orders of magnitude--literally--more child porn today than could have possibly been imagined in the wildest dreams of postal inspectors in the 1980s.
As for the idea that there is a case for criminalisation of child pornography possession or transmission based on some statistical link between child pornography and actual child molestation, that directly contravenes millenia of legal thought. In other words, it should not matter at all whether there is any scientific basis for the allegation of such a correlation or not; it's beside the point. It doesn't matter if 99% of child molesters have child pornography. That shouldn't affect the underlying principle. And the underlying principle is this:
You can't punish someone for something they could--conceivably, in some hypothetical set of circumstances--do, but have not actually done.
I really find the idea that possessing a file is a crime, let alone a rather non-trivial one, to be literally unintelligible. It is one of the most incomprehensible things about contemporary life to me. I don't understand how it's possible given the intellectual pedigree of Western jurisprudence.
In other words, I don't think this is a market problem so I don't see market solutions having any justification (or indeed effect).
Not to mention, many pictures our parents took of us as infants might count, as that is bad enough.
"Child Porn" has been stretched to include things that do not involve any actual children in any way, shape or form.
As for your last statement, contradictions cannot exist. I think that the presumed rationality of the "justice system" is in error.
I just don't get it. I'd like to think I have a pretty broad mind. I'm not a radical or overly idealistic Libertarian. I am capable of comprehending abstractions, extrapolations, generalisations, and juridical pragmatism in the public interest. Still, the rationality of this eludes me completely.
The best I can come up with is that legislators fear it will lead to copycats. Its been shown that people who hear about a suicide are more likely to both commit suicide and do it in the same manner. See http://en.wikipedia.org/wiki/Copycat_suicide. "Examples of celebrities whose suicides have inspired suicide clusters include the Japanese musicians Yukiko Okada and Hide and Marilyn Monroe, whose death was followed by an increase of 200 more suicides than average for that August month". And if you consider that copycat suicides may not have happened without the trigger suicide, the thought that copycat child abuse may not happen without a trigger child abuse is not a wild leap. And the trigger child abuse can be that harmless few bits.
I'd feel fine about losing some freedom to stop that child abuse trigger. There are all sorts of reasons why some information is protected from the public, and when that information can cause public harm but not be in any public interest the case to ban it is very strong. Child porn may be equivalent to that sort of may be "harmful and not in public interest" category which gets it perma-banned.
tl;dr maybe to stop copycats
I now see half way through posting that many other reasons have already been listed, so I'll end it at that. See the plight of Jacob Applebaum who works on the Torproject for a very specific example. I think it got to the stage where he had to replace his electronics when he travels because he couldn't trust what was returned, thats if he gets the equipment back at all from customs, or purchases fresh equipment in foreign countries to know they are 'clean'. I think he weighs is equipment too.
In my mind (IANAL), if I don't have to give up information about myself, then I have the right to encrypt my information, and to not be presumed a criminal merely for having encrypted my information.
Note that the 5th amendment is not about protecting your criminal activity, since you're presumed innocent unless convicted. It's a right that you have regardless of your character or activity.
It is generally seen as analogous to the combination to a safe or a key to a door. Compelling revelation of the password is not generally seen as a violation of the Fifth ammendment.
While a ruling from a lower court, there is a good discussion of this at IN RE JURY SUBPOENA TO SEBASTIEN BOUCHER, Dist. Court, D. Vermont 2009 (which is available on Google Scholar)
It is my opinion, having read accounts of people being prosecuted by the government for various crimes over the past 20 years, that in many cases, the government does not hold itself within the bounds of the law, and that such prosecutions are often illegal themselves. Yet, they are able to get away with this, because, what prosecutor is going to destroy their career by pressing charges on cops, other prosecutors or judges?
Also, in this day and age, asset forfeiture is extremely easy. The government can seize all of your assets, effectively denying you the ability to pay your legal counsel, forcing you to rely on the legal services they provide for you. Further, even if you can afford your own counsel, as an "officer of the court" they are subject to extreme pressure. I've read about a fair number of situations where lawyers would not even introduce constitutional arguments for their defendants innocence because it would result in recriminations against the lawyers by the judge. (e.g.: its "frivolous" to claim that federal drug laws are unconstitutional, even though to criminalize alcohol an amendment was needed.)
I'm not a lawyer, of course, this is just my perspective.
It all depends on exactly how paranoid you are as to how deep you go with layers of misdirection here of course but the point remains, they cannot continuously compel you to provide a passphrase when they do not know that another one actually exists.
This is the one arena where the only reason the government has any power at all is due to our ignorance, they do not, and indeed should not, have any power at all in this realm.
unfortunately there have been cases of judges simply jailing people for contempt for years
The point is, they can. If you're in some place run by a dictator they can do whatever the hell they want to you, including torturing you until you die.
They won't get more data, but they will send a clear signal to other users of this stuff to behave themselves.
Solitary itself could reasonably be described as abuse.
That is a big difference.
I shouldn't have to provide specific examples, because you seem to basically be arguing that if I have nothing to hide, I have nothing to fear, but here are a couple anyway:
My doctor has a laptop; I sure hope that any medical records pertaining to me that are on that hard drive are encrypted. Ditto for my lawyer, accountant, etc. I carry around business data and keys to various production servers as well that my boss wouldn't want exposed, too.
1. Everyone on here except the tinfoil-hat brigade know that governments can't crack modern encryption that's been properly implemented. If they /do/ have the capability then it's tucked away somewhere very secret and they're using it for far more important things than catching criminals.
2. "with the cryogenic RAM freezing technique, presumably" - errr, no. With the "sit down at the computer and turn off the encryption/copy the data to an external drive technique", I think you'll find. Obvious bullsh*t to anyone technical but sounds 'cool' to your average 14yr old who reads these sort of sites.
3. "a risk to national security" ... "vital for the prosecution of child porn and pharmaceutical spam barons". Okay, so we eventually get closer to the truth. But hey - 'national security threats' sound much more urgent - let's put that in the article.
2. "with the cryogenic RAM freezing technique, presumably"
- errr, no. With the "sit down at the computer and turn off
the encryption/copy the data to an external drive
technique", I think you'll find. Obvious bullsh*t to anyone
technical but sounds 'cool' to your average 14yr old who
reads these sort of sites.
The point is that inaction or inadvertent action by the law enforcement may trigger an action on the machine. Such digital landmines could be made so unpredictable that there would be virtually no way to extract the data on site reliably.
In general, there is no solution to this problem. The person protecting their data will always be able to surprise the person that's trying to extract it. Furthermore, no government can control "manufacture" of encryption, the way that it can control manufacture of physical goods. It could mandate that a backdoor must be provided, or that you need to escrow your decryption key such that it could get at your data, but let's face it: people that do have something sinister to hide will not care much for this regulation anyways.
Even still, I would doubt whether or not your average digital forensic investigator would be using such esoteric techniques. Most of the stuff they do is pretty routine using off-the-shelf products like EnCase. Thankfully, for the rest of us law-abiding citizens, your average criminal is pretty thick and therefore the level of sophistication required to catch them isn't that high.
Basically it's a vampire spice for the device input power, connected to a UPS, and then you kill the rest of the power; desktop is now portable in on-state.
Maybe if he'd use a micro-SD, he could swallow it. Or hide it pretty much anywhere cause it's the size of a fingernail. Dump the empty micro-SD/SD-adapter into one of those typical "computer paraphernalia" boxes always found on any desk, you know, the one that also contains an aged USB stick, three paperclips, a PS2-USB adapter, post-its, ear-phones and some USB cable, and nobody will expect a thing.
LOL. More details please.
In the rubble we found his camera, which was of course useless if not because of the heat, then because of the water damage from the fire-fighters.
Inside was a 2GB SD card and it still worked.
So yeah, if for some strange reason you can't keep your backups off-site, nor in a fire-proof safe, store them on a SD card in a camera :-)
 He also wasn't insured, making the story even sadder. Fortunately he just landed a pretty good job, also he met his current girlfriend while staying at his parents until he found a new home. So some good came of it, I suppose.
 Glass windows melted, can you imagine? Looks like icicles. I later asked a glassworker friend, she said that means it must at least have been 800 degrees Celsius.
That's at least what I imagined, his setup might be completely different (a keyboard combination for logging out might also work better).
if the SD card is not mounted when the user logs in the system is automatically shutdown too.
Basically the SD card only fights against using the computer. You of course could remove the hard drive and mount it in another computer, but that is why the whole drive is encrypted.
This script is auto-started before my gnome Login screen.
This assumes that your HD isn't fully encrypted, in which case you'd be pretty well protected. It does sound like a nifty way to auto-logout quickly though...
a) Yes they can.
b) Of course they can do that if the HD is not encrypted or the encryption is broken.
c) Yes they can do that, but why would they do it if they already broke the hard drive encryption? They could just delete the script.
d) Well yes surely they could do this.
Anyway my only goal implementing the SD card shutdown was to secure the system from friends who want to invade my privacy and thief's. Basically I can do auto login to my admin account and if the SD card is not mounted it shut downs.
Even if you lie in court it is very difficult to prove it.
I thought that if they had a warrant, you had to give up the password, much as you'd have to give up the key to a locked door in your house?
> No person shall...be compelled in any criminal case to be a witness against himself
Courts have previously upheld passwords as self-implicating information, which you cannot be constitutionally compelled to provide.
> in In re Boucher (2009), the US District Court of Vermont ruled that the Fifth Amendment might protect a defendant from having to reveal an encryption password, or even the existence of one, if the production of that password could be deemed a self-incriminating "act" under the Fifth Amendment.
Boucher ended up having to unlock the hard drive, because he had previously unlocked the drive for border agents. Had he refused, the court likely would have held that he could not be compelled to produce the password or the hard drive contents.
A warrant gives law enforcement the right to gather evidence, but doesn't compel you to provide it. If you won't provide it, they are authorized to take it by force. In the case of encryption, they don't have enough (legal) force to take it. Therefore, they are entirely dependent on the accused cooperating to gather that information, but the accused cannot be compelled to cooperate under the Fifth. This is scary for them, because it means that they can't legally compel you to give up the information, and they can't gain access to it by force. A wholly uncooperative defendant is effectively unassailable.
The US government has frequent shown that they have no qualms against unconstitutionally compelling individuals...
I wouldn't be at all surprised to learn that targets had passwords "coaxed" out of them.
So it sounds like the actual legal question here, of whether the government can compel you to hand over your password in the general case, has never actually been tested?
As I understand it, if he had initially refused to unlock the drive, then he couldn't have been compelled to unlock it again, under grounds that it could be self-incrimination.
That is, while one can prove that there is no physical key to a door on the person, there is no way to prove that one does not know the password.
You can't prove a universal negative, so the only way that becomes a prosecutable offense is if the initial assumption is of guilt rather than innocence, no?
> "Drage was convicted of failing to disclose an encryption key in September." 
Though it says that he "failed" to disclose a password when asked. Not clear if he was unwilling or unable, and if such a distinction even matters. (It's unclear if the use of the term "refusal" was an actual action, or a journalistic spin. It might come down to needing to be very careful about word choice in such situations; "I would like to speak with my lawyer first" seems like the most appropriate answer).
It's contrasted with Napoleonic code, in which innocence must be proven. It is or was the basis of law in countries conquered under Napoleon, and/or their colonies (e.g.: Mexico).
It's common knowledge that the government has few qualms about violating its own laws. No doubt they won't allow some pesky legal restrictions stand in the way of cracking FDE.
While that's probably no comfort to anyone who winds up accused of terrorism , it does mean there's a large chunk of law enforcement officials for whom FDE is still a practical problem.
 The express-lane to the wrench-room, I'm sure.
No doubt this question has already been answered on numerous occasions with respect to such violations in 3rd world countries and enemies of the US and its allies. However, the US government, for all practical purposes, is above international law.
This might not sound so bad on paper, but I personally don't know what I would do when locked in a room with a professional interrogator.
The idea that you can't be compelled to testify against yourself, present in many western legal systems, is a good one, and is designed to prevent both torture and false imprisonment due to torture-induced false confessions. But that doesn't mean it's not a good thing in those circumstances when a guilty person does incriminate themselves.
These are not criminals we are talking about. These are citizens accused of crimes.
Oh, and a tip of the hat to Phil Zimmermann, who created PGP twenty years ago this year.
The ship has sailed. Crypto is a key component of the modern economy. It would be like banning US dollars because drug dealers use US dollars.
I'm not a tin-foil hat person, but I wouldn't trust any encryption out there with my life if there was a concentrated effort by combined governments to defeat it.
Imagine what would happen if people could hold information in their minds without putting it computer files. That would be a very serious risk.
Certainly sounds like intelligence (and counterintelligence) is one of the main aspects of their work. Agree, they don't sound like _human_ intelligence gatherers... but I'm fairly certain that US-CERT would know plenty of information about hackers, hacking, pirates, and so on.
Again, there is a terrorist and "child porn ringleader" hiding under every rock.
Before computers and full disk encryption people used other forms of information hiding, and the world did not end.
If the only evidence for a crime is to be found on some encrypted disk drive, it would be a weak case anyway.
[The study, titled “The impact of brain privacy on police investigation,” illustrates the difficulty that CSI teams have in obtaining enough data to build a solid case against criminals.]
It's funny because we'll come to this one day.
Was I the only one who thought "Good." when they encountered this sentence?
"I admit that I smoked marijuana on the 5th of December 2010".
"I under paid my taxes in 2005 by $50."
These passphrases, as literal admissions of a crime, would have to be protected by the 5th amendment.
Of course, that presumes that the legal system operates under the constraints of the bill of rights, a presumption I don't believe currently holds very often.
(Neither of the example phrases given here are actually true about me. )
It's the use-mention distinction. Uttering a set of words is not the same thing as asserting that they're true. If you say "My password is 'I killed and ate a young girl in Tucson'" then that does not count as a confession, and could not be taken as one by any court (thankfully, because I just typed out that sentence myself...). Therefore, uttering that sentence does not count as testifying against yourself.
I believe you'd have to be under oath as well.
Further, I believe that this strategy would be employed as an argument to not ever giving up the passphrase. You would tell the judge, or whomever, that the phrase is a literal confession of a crime, and thus, by doing so, invoke 5th amendment protection.
(You may be right, and my idea may not work. I just want to make sure you're not assuming that the confession is for a false crime, when I meant it to be for a real one (though my examples of course, are false.) Which is why I didn't use a murder as an example...)
1) tell you to provide the pass phrase to your lawyer (which makes it protected via attorney-client privilege) and then tell your lawyer to unlock the system and provide it to the court
2) out-geek you and notify you that since your encryption system does not actually use your passphrase but instead passes it first through a strong hash function you are to provide the court with the hashed passphrase so that they can use a decrypt method which skips the hashing step.
The short version is that claims that a passphrase alone is protected via the 5th is unlikely to succeed.
I'm not assuming the confession is for a false crime, but nonetheless uttering the phrase "my password is $string' where $string is a true confession is still not a confession.
In your strategy, there are two parts to your confession:
1. The information that your password is the string "$s", and
2. Your volunteering of the information to the judge that the strong $s is in fact a confession of a real crime which you did in fact commit.
Part 1 is not testifying against yourself, unless in conjunction with part 2. Since you voluntarily threw Part 2 into the discussion, you're voluntarily testifying against yourself, and there's no rule against that.
A physical equivalent to your strategy would be to write out a letter of confession, leave it in your basement, and tell the police that the existence of this letter means they're not allowed to search your basement. It's not gonna work.
The success of your strategy hinges on the idea that divulging the password is an act of a testimonial nature, and existing precedents have not gone that way. Testimony is a very particular kind of thing, rather narrowly circumscribed.
Secondly, they can get around this quite easily by telling you to just type it in without disclosing it to them. Your refusal to comply will be regarded the same way as a refusal to open a safe or something similar, and you can be held (indefinitely, in many jurisdictions) for contempt of court. The difference, of course, is that the police can open a safe if they have to.
The 5th amendment does not release you from an obligation to cooperate with police, though, as you rightly point out, you are not required to disclose evidence to them or to aid their investigation apart from complying with their request to look around. To what extent divulging a password or passphrase enters into this scope is a matter of ongoing court battles. They have gone both ways.
However, that then puts you in the awkward situation where you're admitting that the passphrase is an actual criminal admission and you might end up being "randomly" selected for an investigation along those lines to find evidence to independently corroborate the criminal act.
There are encryption methods to prevent key extraction under duress available and have been for some time. Let's not go thinking that the government actually has any power in this particular instance.
When Reiser was asked to explain why he hosed out his car and said "everybody loves a clean car", the jury was not particularly impressed.
Exercise to the reader to ascertain if this has already come to pass.
If you have multiple dummies, be sure to have something embarrassing, but not incriminating, in the other dummies.
Seen it in a few places. I also think its terrible.