Federal authorities have cracked two encrypted drives they say are filled with child pornography, leading to an arrest in an ongoing case that shows the limits of encryption and highlights a novel legal issue in which the government has been trying to force the defendant to decrypt the drives to aid his prosecution.

Investigators arrested Jeffrey Feldman in Wisconsin on Tuesday and accuse him of three counts of receiving and possessing child pornography.

The arrest came months after the authorities told a federal judge they were unable to decrypt the drives and needed the defendant to disclose his passwords – pitting the constitutional right against compelled self-incrimination against the government's need to access data. In June, the authorities urged the court to demand that Feldman fork over his passcodes, saying the suspect could "forget his passwords."

FBI agent Chadwick Elgersma said in court documents filed Tuesday that seven more drives await decryption. It remains unclear whether the judge presiding over the case will order Feldman to decrypt them.

Elgersma said in an arrest affidavit that investigators cracked two Western Digital My Book Essential external hard drives they believe were used with a Dell Inspiron 530 personal desktop running Windows 7. Authorities suspect thousands of files on the drives are child pornography, the agent said.

The authorities did not say what type of encryption Feldman used. But the case illustrates that encryption isn't foolproof and that the authorities are making headway cracking encryption.

"The investigation is ongoing and the FBI is still working on decrypting Feldman's remaining seven encrypted drives," Elgersma wrote. (.pdf)

Authorities believe Feldman downloaded child pornography on the file-sharing e-Donkey network. They seized several drives and a computer from his suburban Milwaukee apartment with a search warrant in January. A federal magistrate had ordered Feldman to decrypt the drives, but because of procedural grounds, reversed his decision and the legal flap continues.

Though rare, decryption orders are likely to become more common as the public increasingly embraces technology that comes standard on most operating systems. Decryption orders have never squarely been addressed by the Supreme Court, despite conflicting opinions in the lower courts.

Among the last times an encryption order came up in court was last year, when a federal appeals court rejected an appeal from a bank-fraud defendant who has been ordered to decrypt her laptop so its contents could be used in her criminal case. The issue was later mooted for defendant Romano Fricosu as a co-defendant eventually supplied a password.

Whether a defendant forgets the password is another story.

That issue, too, has never been addressed in court. But judges usually view forgetfulness "as a sham or subterfuge that purposely avoids giving responsive answers."