I believe that the Supreme court will likely rule that passphrases are protected by the fifth amendment though. The best analogy I have heard made is to the two different sorts of safe, safes that use combinations and safes that use keys. In the case of safes opened with a key, the government can force you to hand over the key to the safe. The government can not force you to reveal the combination to a combination safe, provided that it exists only in your mind (and is not written down on paper etc). So in cases where encryption is done with a key file, it is likely the government has the legal right to demand that you hand over the key file. However, if the encryption is password based I do not think the government has any right to demand the password. Now for safes the government doesn't really care, since they can open a safe in either case. For encryption they do care though, because they cannot usually break encryption without the password. So it is possible that the supreme court will rule in favor of the government simply because the government wants them to do so, but if they can see the analogy to key files and keys and passphrases and combinations then they will only rightfully agree that the government has no right to demand a passphrase. The government is trying to argue that passwords are more analogous to physical keys than they are to combinations. In my opinion they are correct in some cases and incorrect in others, depending on the way the cryptosystem is implemented. In almost all cases the users password is only ever used for derivation of a key that is used for encryption and decryption. The users password itself is used to provide the cryptosystem with a static entropic seed, it is not used directly for encryption or decryption. Usually the user types in their password and then it is used as a seed by a 'password based key derivation function' (PBKDF). The PBKDF then returns the encryption key that is actually fed to the symmetric encryption algorithm. So I think of the password as being much more similar to a combination, even though the key derived from the password is more similar to a key. Really it is most accurate to think of the password as a set of instructions for crafting a key. Since the government can not obtain the key without the password, since the key doesn't exist until you run your password through a PBKDF, and since the password only exists in your mind, I think that it is pretty obvious that the government can not legally demand your key. Another approach they have taken is promising immunity for the content of your password. For example, if your password is "I, Alice, murdered Bob on December 25th of 2002", they will not be able to use that against you in court. But they can still run it through the PBKDF and obtain the resulting key, with which they can still decrypt your CP, which they can still use against you in court. They argue that this is respecting the 5th amendment right against self incrimination. Another approach they have taken is demanding the defendant produces the decrypted drive itself, but not demanding to know the password. In this case they will leave the defendant alone with the computer and a keyboard, and after some time passes they will come back and expect the drive to be decrypted. They do not learn the password in this case, but they still get the decrypted content of the drive. They have argued that this is respecting the 5th amendment as well. For the most part though they have just been trying to get people to accept plea deals before any of the cases make it to the supreme court, because if the supreme court rules against them it will be a very major blow against them. They would rather offer someone a lighter sentence in return for encryption keys and a guilty plea than they would take the risk of never being able to convict the majority of people who use FDE. So far all of the people in such cases have accepted a plea bargain and turned over their passwords. There have been some cases where charges were simply dismissed though, they don't always press the matter. The primary issue for them is that traffic analysis is only really good for intelligence, it is circumstantial evidence at best. When they raid somebody for CP they usually are not positive that the target is actually involved in CP, it could be a neighbor using open WiFi (although recently they have started checking for this prior to raiding), it could be a botnet master using an infected computer as a proxy, etc. Without actually recovering CP off of a computer or media in the possession of the suspect, their case is going to fall apart. Their typical strategy is traffic analysis to identify suspects, raids to seize computers and forensics to confirm the presence of CP. FDE makes the last step much less likely to be a success. Of course, in addition to other techniques, the smartest CP traders use Tor to prevent the first step , which prevents the second step, and they also use FDE to prevent the third step in case the first steps fail.