I recently posted to SSRN a new draft artice, "Compelled Decryption and the Privilege Against Self-Incrimination," forthcoming in the Texas Law Review. Here's the abstract:
This essay considers the Fifth Amendment barrier to orders compelling a suspect to enter in a password to decrypt a locked phone, computer, or file. It argues that a simple rule should apply: An assertion of privilege should be sustained unless the government can independently show that the suspect knows the password. The act of entering in a password is testimonial, but the only implied statement is that the suspect knows the password. When the government can prove this fact independently, the assertion is a foregone conclusion and the Fifth Amendment poses no bar to the enforcement of the order. This rule is both doctrinally correct and sensible policy. It properly reflects the distribution of government power in a digital age when nearly everyone is carrying a device that comes with an extraordinarily powerful lock.
As regular readers may note, I've blogged about these issues before. The new draft builds on the themes of my blog posts, elaborating on the argument and offering my responses to several counteraguments. Comments are very welcome, especially critical ones (and especially from techies).