I'm wondering ...
Person A refuses for - pure principle (and maybe some ripped DvD's)
Person B refuses for - let's say child pornography and a dirty bomb manual
There are other legitimate reasons to not want to reveal the contents of your hard-drive besides principle or self incrimination. For instance, if you had the private information of any other people. My SO works with HIV, and recently got access to sensitive data that had to be sent on DVD via courier.
Who here trusts the police to not disclose their HIV status?
If you're in the Unites States, the data is probably protected by HIPAA, the Health Insurance Portability and Accountability Act[1]. HIPAA includes a clause stating that the Attorney General or their designee may issue a subpoena compelling your SO to disclose that information, but only to someone investigating a Federal health care offense.
I've searched through the rest of HIPAA for keywords such as "law enforcement", "criminal", and "disclosure", but I couldn't find anything about being compelled to disclose HIPAA-protected information to law enforcement in any other circumstance than investigation of a Federal health care offense. However, I did not thoroughly read HIPAA, and there might be something in another section of the US Code that's relevant.
Hopefully someone more knowledgeable about this can let me know if I've missed something.
Yup, that's the case. The question is whether or your hard drive is protected from a criminal charges subpoena. The data is kept encrypted on the hard drive, but of course the authorities don't know what's on the hard drive until it's decrypted.
A covered entity may use or disclose protected health information without the written consent or authorization of the individual... in the situations covered by this section, subject to the applicable requirements of this section.
(a) Standard: Uses and disclosures required by law. (1) A covered entity may use or disclose protected health information to the extent that such use or disclosure is required by law and the use or disclosure complies with and is limited to the relevant requirements of such law.
This would seem to give court orders and criminal subpoenas the power to demand decryption of your hard drive regardless of whatever HIPAA data it contains.
1. HIPAA doesn't apply to you unless you're an employee of a covered entity, that is, a health care provider, health care plan, or a firm contracted by a member of the previous two categories to handle billing. You can hand out your private medical information to whomever you want without worrying about HIPAA.
2. Even if HIPAA did, it doesn't give you the power to refuse to disclose HIPAA data when such disclosure is required by law[1].
No - IIRC it's 5years for 'normal' crimes or 7 years for terrorist cases.
The whole law is ridiculous, it also includes unlimited spying by the security services with the bizarre Kafkesque part that you have to cooperate with the spys and it's a crime to inform anyone that you are being spyed on.
The law became a laughing stock when the government claimed it was necessary to fight international terrorism but then had to admit that there had been 1000s of intercepts by local school boards to investigate parents trying to get their kids into better school catchment areas, and city councils tracking cell phone locations to prosecute people for their dog's litter
I'm wondering ... Person A refuses for - pure principle (and maybe some ripped DvD's) Person B refuses for - let's say child pornography and a dirty bomb manual
Both will get the same jail time?