“Hand over those decryption keys…or else”

Another day, another worrying proposal from the Dutch government. As we await the formation of a new cabinet, Dutch minister of Security and Justice, Ivo Opstelten is seeking to change Dutch law to make it mandatory for suspects of certain crimes to hand over their decryption keys so that law enforcement officers can have access to their private data. Failure to comply would constitute a criminal offence.

In a letter to the Dutch Parliament, Opstelten reports on the progress made in the ongoing fights against child pornography. The old and tired kiddie pr0n argument is being used to make this controversial and dangerous proposal sound reasonable. It is controversial because forcing people to hand over their decryption keys probably violates the principle of nemo tenetur, the right to remain silent. This right is part of the Dutch legal system and it protects suspects against being forced to cooperate in their own conviction. Basically, every suspect has the right to remain silent as part of their defence. However, handing over your decryption keys could very well contribute to further incrimination. In his letter, Minister Opstelten suggests that forced decryption of a suspects’ data does not necessarily violate this important principle but he doesn’t explain how this can be true.

The minister also fails to specify under what circumstances the handing over of decryption keys should be made mandatory or even how many cases are frustrated by encryption. Without this information, it is impossible to assess if there is a case for the mandatory handing over of decryption keys. If there are only a few cases where encryption was or is a problem, would that be enough to violate the principle of nemo tenetur? And if there is already a serious suspicion against someone, wouldn’t it be possible for law enforcement to make a case without access to the encrypted data? In 2000, there has already been a serious study of this subject and that concluded that mandatory decryption and the principle of nemo tenetur are irreconcilable. I would be curious to learn what arguments the minister has that question the conclusion of this report.

Making decryption or supplying decryption keys mandatory, also opens up the possibility of abuse by law enforcement officers. In their eagerness to achieve a conviction, they could be tempted to plant a chunk of encrypted data on a suspects’ hard drive and then demanding the subject decrypts this material. Not knowing the decryption key, the suspect can be accused of not cooperating and be convicted of this charge instead of the crime of which he or she was originally suspected. That may seem far fetched but it is certainly a possibility, comparable to law enforcement officers planting illegal substances on a person or in their home and then “discovering” them during a search.

We should also not forget that a suspect may actually forget his or her decryption key under the duress of questioning, imprisonment and isolation. Knowing how many users forget their password after a weekend, this is certainly a plausible situation. The suspect may be willing to provide the decryption key but simply is unable to do so. This could easily be mistaken for a refusal to cooperate, landing the suspect in even hotter water.

A further problem is that until data is decrypted, no one except the suspect can know for sure what the encrypted data is. It may pertain to the case or it may be something else entirely. It might be kiddie pr0n but it might also be information on tax returns, business proposals for the suspects’ clients, porn of the perfectly legal kind or even membership records of the hockey club of which the suspect happens to be the secretary. In forcing the decryption of this data, law enforcement may not advance in their case but in the process get access to material which they have no business investigating. Imagine a defence lawyer using encryption to protect the privacy of his clients, for instance. Imagine a journalist using encryption to protect his sources.

An oft heard argument is that if you have nothing to hide, you could safely hand over your decryption keys. Or if you have nothing to hide, why would you use encryption at all? That is turning the argument upside down. The question should be why people shouldn’t use encryption. After all, most people lock their doors at night, keep their money at the bank, draw the curtains in the evening and seal the envelopes on regular mail they send. Why? Because they value their privacy (and that of others in the case of mail). Privacy is absolutely necessary in a democracy. Without the ability to keep things private and hidden from prying eyes, even those of the government, democracy can not function.

If you use encryption at home, there is a way our of this predicament. It is called “plausible deniability” and it is provided by the free encryption software Truecrypt, among others. It allows you to create encrypted volumes that appear simply to contain random data, making it impossible to prove that the volume is encrypted. You have to be careful to follow their guidelines to be absolutely safe, though.