[inlined]

I don't completely understand how demonstrating the chain of investigation should require the disclosure of the vulnerability. I really hope the execution of the law isn't going to depend on 12 random people understanding the finer points of cryptanalysis.

I wish there were some way to get a private but independent verification that X technique allowed IP addresses to be collected if they did action Y (e.g. logging onto playpen). Then the investigation could be questioned without the government disclosing their vulnerability, which seems like a standard we wouldn't hold most to. If someone were on trial for copyright infringement could they subponea for the full source of FairPlay as a coercion to get the case dropped?

[hulahoof]

Being digital data, I'm assuming you have to be able to explain where the data was sitting, posit a reason for the data to exist there at all (edit: or some context around the data) and describe your method of obtaining the data.

Otherwise you could just create the data. With the above, you still can - it does however allow for inconsistencies to arise, and when they do a closer inspection can be conducted. (IANAL)

[1_2__3]

"Private" means "unavailable to the defendant" in this case which runs counter to some of the deepest roots of our justice system.

You do not get to convict someone based on evidence that can't be entered at trial. Some third party saying "oh yeah we totally verified it" is not enough.