[deejaybog]

Even if they do, it is very unlikely they were built with provable nonrepudiation requirements. From personal experience designing the security of a PKI CA that passed gov security certifications, the audit subsystem is the most challenging part to do right. Could probably consult for the defense in tearing down the evidence :)

[inlined]

I'll accept that it's hard, but why do you think Google didn't do it right?

[deejaybog]

It would require a prohibitive amount of engineering resources to be done right, i.e. a chain of guarantees that from creation time to the moment they are inspected it can be proven that the logs cannot be tampered with by nonauthorized users. There are other requirements e.g. separation of roles that are expected on audit subsystems. I am positive it would not pass an adversary expert analysis.

[sangnoir]

Google's threat models include nation-state adversaries: I suspect the effort that seems "prohibitive" to you was seen as necessary after the infamous smiley on that PRISM slide. Security is an existential threat: if user's don't trust Google, they will fail.

Google also has an internal PKI CA - I think they meet and exceed that security baseline for rigor.

[deejaybog]

Yes, for purposes of issuing certificates I'm sure they are OK wrt auditing (I was just establishing my "credentials" with the CA comment).

The threat models targeting anti-Google malicious actions obviously worked since they have traces of the Otto guy's activities. What I am asserting is that these forensics logs they use as evidence can be attacked in court as not being sufficiently protected from tampering by an internal Google party interested in fabricating evidence.