In an interesting ruling, a UK court held that under the 2000 Terrorism Act individuals can be forced to disclose encryption keys to the police. The judges did agree that you are normally excused from incriminating yourself:
The judges noted existing case law that “No one is bound to answer any question if the answer thereto would, in the opinion of the judge, have a tendency to expose (him) to any criminal charge, penalty or forfeiture which the judge regards as reasonably likely to be preferred”.
But in the end the ruling went the other way. As the Register reports, this might have interesting implications:
[…] point out that this law is essentially about policing memory. If you forget your encryption key, it is for you to prove to a court that this is a genuine – as opposed to “convenient” – lapse.
This question became all too real in one of the first outings for RIPA last year. Although the Act was passed in 2000, it was not finally activated until 2007. In this case, an animal rights’ activist was charged with failing to hand over an encryption key. Her defense was that she wasn’t even aware there were encrypted files on her hard drive and therefore was unable to comply with the CPS request.