My understanding is that the "testimony" would be in the text of the password: c...

spdustin · on May 2, 2016

The case law thus far has stated that compelling the decryption of a data storage device really hinges on this: What evidence is known by the prosecution to exist? In several cases, when the defendant makes known that incriminating evidence exists, or when the prosecution is independently aware of the existence of incriminating evidence (they saw the screen before you locked it, and testified that what they saw was evidence of a crime), the defendant was rightfully forced to decrypt the storage device.

However, when the prosecution has no specific knowledge that the evidence they seek exists, US courts have ruled that the defendant cannot be compelled to decrypt the storage device, since doing so would be forcing the defendant to reveal that incriminating evidence actually exists.

Applying your fingerprint to an iPhone is an act that, without argument, decrypts data on an encrypted storage media, as the act of applying your finger to the sensor instructs the device to retrieve the actual cryptographic information necessary (your passcode/passphrase, plus other hardware-specific data) to access the cleartext of the data.

The more and more I think about this, the more confidant I am that a fingerprint, while "something you have", forces you to disclose, by proxy, "something you know" to your phone.

I guess the question then is twofold: If you have a combination safe that may contain incriminatory evidence, and a safety deposit box that contains only the combination to your safe, can the courts compel you to give them the key to the safety deposit box? And if so, should they be able to?