This came to my attention via a colleague who forwarded a Washington Post story. It's another one of those modern day Internet dilemmas that may ultimately become legislative turf.

Here's the story:

Sebastien Boucher, a 30-year-old dry-wall installer from New England, is a Canadian by birth, but a legal resident of the U.S. He was driving from Canada to Vermont when he was stopped at the border. A laptop was discovered in the back seat.

According the report, Boucher admitted to the border authorities that he owned the laptop. The officers inspected it and found thousands of images on his PC, some pornographic. They also found some files with very graphic names containing references to child porn.

That's where the story gets a bit complicated. Those file names pointed to a part of the disk partitioned as Drive Z. A special agent was then called in to examine the computer further and found that the drive that the images pointed to, Drive Z, was encrypted and inaccessible without a password. Boucher used Pretty Good Privacy, one of the most popular, low-cost encryption programs on the market, to keep Drive Z inaccessible. Next, the agent asked Boucher to type in his password and, according to the court reports, Boucher complied. Some images of graphic child pornography were seen. The computer was confiscated; Boucher was arrested. That was in December 2006.

The Department of Corrections made a mirrored image of Boucher's disk, but of course they couldn't access the images in question without his password. This time Boucher refused to comply, pleading the Fifth Amendment. Compliance would constitute self-incrimination. The password would create an undeniable link to him and the images on the PC.

Today the FBI still wants to force Boucher decrypt the drive. The FBI's POV, paraphrased from a press quote, is that you shouldn't be able to refuse to give up a password to the authorities since this would encourage criminals and terrorists to encrypt their data, too. But a local U.S. District Court in Vermont ruled that compelling the man to enter his password into his laptop would violate his Fifth Amendment right against self-incrimination.

What a sticky wicket. To my mind Boucher already incriminated himself when he accessed the images for the first agent. I might try taking the files back to Pretty Good Privacy, which may know enough about their key combinations (the root of encyrption softeware) to help decrypt what it encrypted.

So how would you rule? Does taking the Fifth make it safer for others—pornographers, pedophiles, crooks, and terrorists—to do the same? If the government rules to force you to decrypt your data, are they violating your right to privacy?

For other perspectives:

A more detailed report of the arrest is available from Computerworld.

An article in the YaleGlobal Online weighs the legality of searching a person's laptop.

For the serious geeks who want to know more about how Pretty Good Privacy works.