That's not the point. Like a body buried in the desert, there is nothing that can force a person to reveal anything. Silence is encryption enough when it comes to secrets. Torture doesn't work either.
So it's business as usual. It's obstruction of justice. Book'em.
And of course, "I can't remember" is always the greatest defense.
This whole thing is about the government endangering the public in exchange for abusing their rights.
It's all bad. You could go as far as argue that the government is obstructing justice and endangering the public by denying basic security.
We already know the enemy will find ways to access all the data. Encryption is not the last line of defense. It's the only line.
Can't remember is a statement that can be disproven. Pleading non self incrimination laws (as per Miranda) is more effective. Even if you have nothing incriminating.
This is what DoJ wants to close by making just possession of encrypted documents criminal.
>Can't remember is a statement that can be disproven
It is? I'm not sure how you'd disprove it. Anecdotally (which I suppose actually matters in this case!) I've had a case where a (fairly long, 26 character) password I used regularly suddenly (and thus far, permanently!) went out of my head. I can remember some fragments of the password but not the whole thing.
I'd say the point is that the idea that the legal system suddenly has no way to deal with witnesses claiming forgetfulness "because encryption" is absurd.
The only novel issues encryption brings to the table involve self incrimination, because, AFAIK, IANAL, etc., the only time an encryption key is inarguably protected by the fifth amendment is where the fact that the defendant knows the key is itself incriminating evidence, because the fifth amendment only applies to self-incriminating testimony, not other self-incriminating evidence in the defendant's possession (e.g., the contents of a hard drive, encrypted or not).
my first though as to how you would do this, is that you would implement some kind of key bag. You don't ever own your own private keys, theres a copy of them held in a central repository. they are all centrally stored and can be requested by a warrant.
The problem with this of course is that its a truly horrible idea which defeats the whole concept of a private key. Another massive problem here is that you've just created the biggest target for hackers. once the keys are out... everyone is screwed.
No, it is incredibly simple. You have a master key and the government holds this key on a secure audited system which can only be used to unlock a device once a court order is granted.
The government's security for the master key will certainly be much better than the average user's password security so this will not decrease the average user's security in the least.
You would also make the master keys expire regularly (maybe daily) so as long as a user updates their phone they will get updated with the new keys to protect against a leaked key.
> You would also make the master keys expire regularly (maybe daily) so as long as a user updates their phone they will get updated with the new keys to protect against a leaked key.
What would the logistics of this be? Would the government need to store all master keys to be able to decrypt an old message? How would you know you're using the right key to decrypt a message? What happens if all the old keys leak?
What about foreign communications? You can't compel foreign actors to encrypt with your algorithm. What if I'm storing foreign data which is encrypted with illegal algorithms, is that going to be illegal? If so, then goodbye hosting services in the US. If not, how are you going to differentiate between foreign data and local data?
What about the transition period? What do you do with legacy encryption? What about people who haven't received the newly updated government-sanctioned encryption yet? What about old devices that can't run your encryption algorithm, closed systems, etc?
I don't think it's as incredibly simple as you put it.
We are talking about different things. I was talking about allowing access to encrypted data on devices which is the main issue that le has been complaining about. You seem to be talking about a backdoor for all crypto everywhere which is very different.
> The government's security for the master key will certainly be much better than the average user's password security so this will not decrease the average user's security in the least.
Yes it will. A single user being careless with their password only exposes that user. Leaking the master key (and it will leak) exposes everyone. The target is much bigger, the payoff is much bigger for the bad guys, the risks are immense.
> Leaking the master key (and it will leak) exposes everyone
I agree that it should be assumed that the key will leak but there are plenty of ways to practically mitigate the usefulness of a leaked key.
I mentioned expiring keys already, which is obvious, but there are more sophisticated protocols that can be put in place.
> The target is much bigger, the payoff is much bigger for the bad guys
I don't think this is true. These keys would only be usable with physical access to a device. If you have physical access to the device its hard to imagine a scenario where the easiest route to cracking it would be penetrating a secure government facility.
Let me add that you have to think about security in relative and not absolute terms.
If you trust the government to secure a massive stockpile of NBC weapons, if you trust the government to manage a massive state security apparatus with hundreds of thousands of armed agents deployed domestically, then it is a little silly to draw the line at trusting them with your facebook feed.
> If you trust the government to secure a massive stockpile of NBC weapons [etc]
Physical security and digital security are very different. Someone stealing a bomb is still only one bomb. Securing that bomb involves fortifying a well-defined local border. Attacking it requires personal risk that is hard to parallelize.
Digital networks can be attacked at any time from any number of opponents. These attacks are usually automated without the risk of being found by a guard with a machine gun. Stealing the escrow key database isn't merely a single bad event; it would allow access - possibly retroactively - everything supposedly protected by those key, which is presumably "everything".
> key
You seem to be using "key" to mean several different concepts.
> government's security for the master key will certainly be much better
It's foolish to assume this after Snowden was able to walk away with his archive of classified documents. In his case, storing that many documents within the reach of one person risked losing the entire archive, which is exactly what happened. If literally everything depends on a government held escrow key, You've painted a target on a huge single-point failure.
This is called a key escrow, which is known for not working, mainly because the assumptions ("once a court order is granted") can't be implemented technically.
> ("once a court order is granted") can't be implemented technically
we live in the real world. if you can't trust your judiciary then your precious little algorithms aren't going to save you. (sorry to be the bearer of bad news)
The "government master key" idea is silly (for a number of reasons).
Yet, it's very possible to share a copy of every user key using methods like Shamir's secret sharing - therefore requiring P out of N entities agreeing on allowing the decryption to happen.
The secrets can be shared in advance with attorneys, civil rights groups, government entities and allows a democratic-ish process around decryption.
Answer: you can’t.