Re: Does he not have a point?
I think you may be spot on. He probably has actual personal information on there (numbers of Swiss bank accounts holding profits from his hacking? /s), mixed with hacked data. The judge is dismissing this possibility out of hand, it seems. Or, he may be bluffing and simply wants to get back the valuable hacked data.
The problem is, as you say, separating the two. If you give back the hardware, complete with not-yet-cracked encrypted data, you're giving him the spoils of his hacking, to sell or whatever, without even knowing what you've done. If you (the police) know that certain data is stolen, you could delete it (securely) from the drive prior to its return. You could delete everything that's encrypted, but that may include his personal data. Doing all of this could be extremely time-consuming, depending on how the files/folders are named and organized — or intentionally disorganized.
If HE were to assist in this effort (provably identifying hacked vs personal data), he'd be admitting to — and providing evidence of — his crimes, so he's not about to do that.
Furthermore, if the police were to return even wiped drives, he could later (at criminal trial) try to claim that the copies were not authentic. Without the original, how do they prove otherwise? In theory, they could give him *new* hard drives with only non-hacked data copied to them (fat chance!).
The judge's decision (www.judiciary.uk/wp-content/uploads/2019/02/lauri-love-v-nca.pdf) says that at least one of the computers was seized while it was powered on and he was logged in. The police attempted to copy the drives' data "live". That's the computer where the judge said an "encryption process cut in to the devices themselves". That system had a TrueCrypt volume. I presume that the TrueCrypt process held the TrueCrypt volume locked, preventing it from being copied as a single file.
According to that document, the police obtained what they claim to be quite a lot of readily-identifiable hacked data. Whether that assertion is based on reading the data or just filenames is another question.
The document also states that the police found two TrueCrypt volumes. They claim that they know the contents of one of them in detail (without saying that they decrypted it) and it is hacked data. (I wonder if that TrueCrypt volume was already open with its password when his home was raided.) The other TrueCrypt volume apparently has unknown content.
He may also have used an OS-based encrypted file system to encrypt drives on each system, turning them into bricks unless you can boot up and log in. The document from the judge suggests that the police have a lot of seemingly hacked data, but also suggests that they've been stymied elsewhere and seek assistance from US law enforcement specialists. I seriously doubt anyone in the US is going to give the UK a bunch of supercomputer time to crack this guy's drives or TrueCrypt volume. I've seen nothing to suggest that he did anything nefarious with that hacked data.