[tanderson92]

How do you enforce this:

> On a case-by-case basis, with proper court process, requiring an individual to provide a passcode or thumbprint to unlock a device could assist law enforcement in obtaining critical evidence without undermining the security or privacy of the broader population.

I can write a piece of messaging software which writes one of the following two in a log, without exception: (1) hash of /dev/urandom (2) message history with passphrase encryption

If the government comes to me and asks for my passphrase and I say "I don't have one", how can they prove that I have a passphrase and am in contempt of any lawful order? The only actual way to enforce this is to make it illegal to write software which does (1).

My point is: the reason the quoted parts in the top-level post are ugly is because search warrants should already be sufficient, unless you want to crack down on the ability of citizens to do the above.

[cryptarch]

What I'm more frightful of, is not knowingly possessing this data but having it planted on me, e.g. a plaintext crypto header with random data, stenographically encoded into a video I'm streaming, stored in my browser cache, and this being discovered when the TSA-equivalent of a country I'm visiting surreptiously scans my HDD (because unless they hide it from me I'd much rather refuse, sit in a booth with angry men for 24 hours and get sent back to my home country).

If not decrypting what looks like random bytes (because that's what good encryption looks like) becomes punishable in a country, it's no longer safe to visit that country with any digital data carriers.