The Fifth Amendment rules that nobody may be "compelled in any criminal case to be a witness against himself." Or, in other words, one has a right to avoid self-incrimination. Therefore, it's highly significant that Judge Robert Blackburn ordered a Peyton, Colorado woman accused of a being involved in a mortgage scam, to decrypt the hard disc drive of her Toshiba laptop no later than February 21. If not, she would face the consequences, including contempt of court. In a 10-page opinion, the judge wrote, "I find and conclude that the Fifth Amendment is not implicated by requiring production of the unencrypted contents of the Toshiba Satellite M305 laptop computer." The accused, Ramona Fricosu, is declining to decrypt the laptop, which has been secured withSymantec's PGP Desktop software, which is strong enough to thwart the FBI. She will appeal the ruling, perhaps because it appears that she may be unable to decrypt it for any number of possible reasons, according to her lawyer, which could technically get her off the hook, as people cannot be punished for not doing what they are physically incapable of doing. It's not yet clear what those 'reasons' are. Requiring a defendant to give up their password is a thorny, unsettled legal issue, with judges in some cases agreeing that they shouldn't have to give up their passwords due to the Fifth Amendment and in other similar cases that they do, with law review articles arguing for either side over the last 15 years. This case might settle this question once and for all. It's important to note that the prosecutors in this case are not asking for the actual password, but simply expect the defendant to type it into the laptop in order to decrypt its contents, which might be the key to getting their way. So, let's look at this from the defendant's point of view, assuming that the order to decrypt stands and they have actually done what they're accused of. They would be in a lose-lose situation, since they would get punished whether they reveal the decrypted contents or not. What they now have to decide is which option causes them to lose less. In the UK, you can be jailed for two years for not decrypting data when demanded, which might actually be a good compromise for a crime that carries a hefty sentence of say, 10 years or so. Plus, they get the dubious satisfaction of having thwarted the authorities, which might be priceless to them. There's more detail and analysis on this story over at c|net.