> There is, generally, no way to "brute force" an encrypted container containing child pornography for the simple reason that no one who respects the gravity of the situation would dare choose a password less than 8 characters. Even 8 a-z characters requires (26^8)/2 attempts to bruteforce on average, which is absurdly high.

That's just not true. People viewing images of child sexual abuse used to buy access using their credit card - Pete Townsend for one. (Obviously we need to be careful here; lots of crooks were using stolen credit cards).

Many people viewing images of child sexual abuse just aren't very good at encryption or anonymity.

See "DeAnonymizing alt.anonymous.messages" http://ritter.vg/blog-deanonymizing_amm.html

> The slides cover the information-theoretic differences between SSL, Onion Routing, Mix Networks, and Shared Mailboxes. It talks about the size of the dataset I analyzed, and some broad percentages of the types of messages in it (PGP vs Non-PGP, Remailed vs Non-Remailed). Then I go into a large analysis of the types of PGP-encrypted messages there are. Messages encrypted to public keys, to passwords and passphrases, and PGP messages not encrypted at all!

I strongly agree that turning in the card is the only sensible choice. It's a scary option though.