Federal prosecutors have formally dropped demands that a child-porn suspect give up his encryption keys in a closely watched case, but experts warn the issue of forced decryption is very much alive and is likely to encompass a larger swath of Americans as crypto adoption becomes mainstream.
"I think we're going to see more of this in the courts," said Hanni Fakhoury, a staff attorney with the Electronic Frontier Foundation.
The question of whether the government can force a suspect to decrypt hard drives was thrust into the limelight earlier this year when federal authorities suspected a Wisconsin man of downloading child pornography from the file-sharing network e-Donkey. One federal judge ordered the defendant to decrypt as many as nine hard drives seized from the suspect's suburban Milwaukee apartment. Another judge put that decision on hold to analyze the implications of whether the demand breached the Fifth Amendment right against compelled self incrimination.
The hotly contested legal issue was mooted when prosecutors said the FBI cracked two of the suspect's drives -- both Western Digital My Book Essentials. They announced they found kiddie-porn images and days ago dropped their forced-decryption legal battle. It's allegedly enough illicit porn to put Feldman away for decades, if he's found guilty.
"The government’s decryption efforts to date have already revealed a substantial child pornography collection. As a result, no basis currently exists to seek to compel Mr. Feldman to assist in the execution of the search warrant. Therefore, the government moves to dismiss its application to compel decryption," prosecutor Erica N. O'Neil wrote (.pdf) in a recent court filing.
Western Digital declined comment, only saying that it uses "standard 256-bit encryption on our drives," spokeswoman Heather Skinner said.
Wes McGrew, a Mississippi State professor of computer security and reverse engineering, suspected that authorities cracked Feldman's passwords, rather than the underlying encryption, to decrypt the Western Digital drives.
"I would imagine that would be how they got into it," he said.
For the moment, requiring suspects to decrypt data is rare, and has never been squarely addressed by the Supreme Court.
But the legal issue is likely to become more commonplace as the public begins embracing encryption technology that now comes standard on most computer operating systems. What's more, the public is searching to counter the National Security Agency, whose domestic spying has been thrust into the mainstream press in light of disclosures by NSA leaker Edward Snowden, Fakhoury said.
"The one silver lining: I think courts are not buying into the government's theory that encryption is evidence of criminal behavior," Fakhoury said.
Among others, Snowden highlighted NSA-backed spy programs, including one called PRISM and another that collects metadata of every phone call made in America.
The courts, meanwhile, are all over the map on the forced-decryption issue.
A federal appeals court last year rejected an appeal from a bank fraud defendant ordered to decrypt her laptop so its contents could be used in her criminal case. The issue was later mooted for the defendant Ramona Fricosu when a co-defendant eventually supplied a password.
What's more, failing to follow a judge's decryption order could result in contempt charges and jail until compliance with the order.
Consider the case of an unidentified witness ordered to appear before a Florida grand jury with the unencrypted contents of data on his five hard drives and two laptops, which were suspected of holding child pornography. The witness was found in contempt of court in 2011 and jailed for eight months pending an appeal to the 11th U.S. Circuit Court of Appeals.
The appellate court released him in December of that year and eventually found the decryption order breached the Fifth Amendment right against being compelled to testify against oneself.
