From: karn@qualcomm.com (Phil Karn)
Date: Tue, 26 Jan 93 01:55:10 PST
To: cypherpunks@toad.com
Subject: Re:  5th AMENDMENT & DECRYPTION
Message-ID: <9301260954.AA09481@servo>
MIME-Version: 1.0
Content-Type: text/plain


Mike Godwin (formerly, I understand) of EFF and I had a lively
discussion on precisely this topic back at the Hackers' Conference.
Mike insists that there is no firm legal theory or case law on which
to base an assertion that the 5th amendment would shield you from
being compelled to divulge an encryption key that could then be used
to decrypt information to be used as evidence against you.

He says that the closest the Supreme Court came to this issue was an
offhand remark in a 5th amendment case to the effect that "of course,
we couldn't compel the defendant to, say, reveal the combination on a
lock".  I forget the precise legal term that Mike used to refer to
this comment, but he said it didn't establish a binding legal
precedent because it didn't relate directly to an issue in the case at
hand.

On the other hand, several other lawyers I've asked have responded "of
course!" when I ask them whether the 5th amendment would protect a
defendant from being compelled to divulge an encryption key without
immunity for the evidence it might decrypt.

My own opinion, given that I seem unable to get a complete consensus
from the lawyers, (has this *ever* been possible?)  is that the issue
is as yet untested in court and could go either way depending on the
actual case. But Mike seems much more pessimistic, and he *is* a
lawyer. I'm not.

Don't give up working on those steganographic schemes just yet. And
wherever practical (e.g., for communications as opposed to storage),
use a key management scheme that doesn't leave anything around that
can be seized or subpeonaed after the fact (e.g., Diffie's "perfect
forward secrecy" scheme.)

Phil