Encryption is nothing like a lock. We should stop using that analogy.
Encryption relies on a secret. It's like burying a treasure in a place only you know, and keeping the location a secret (e.g. in your head). Encryption just gives you a huge digital space where you can bury your treasure instead of a physical space where you can bury it.
Sure, people can just search everywhere for your pirate gold (brute-force attack), use advanced reasoning to narrow the search space, like "you lacked the means to 'bury' it in solid stone" (cryptanalysis), develop technology to speed up the search like ground-penetrating radar (e.g. GPUs, asic, special purpose programs) or try to coerce you to reveal the location (monkeywrench-to-knee passphrase cracking).
What the governments wants is that the maker of the shovel you used to bury your treasure not only has to track where you took that shovel but also has to tell the government that information without you telling the government got the information.
This is what a lot of people in our community seemingly refuse to recognize. For all intents and purposes, encryption is a unbreakable lock that can serve to perfectly hide valuable criminal evidence. Such a thing wasn't possible when our laws were written and has never before been possible in the physical world. Its existence has potential to be a huge shift in how we enforce the law. Regardless of our views on encryption, we need to have a conversation about that shift. Refusing to have that discussion is likely a quicker path to things like government enforced backdoors than if we engaged with government and law enforcement on possible alternatives.
Fine. Here's my contribution to the conversation: Mr Barr, your entreaties in this regard are based on the presumption that the government can be trusted. But our nation was founded on a mistrust of government, and your own actions demonstrate that the government cannot be trusted. Your own special counsel has issued a report that implicates the president in a felony (obstruction of justice) but you have failed to follow up in any way except to imply that there is "nothing to see here, move along." The fourth amendment to the U.S. Constitution guarantees that the right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and the ninth amendment to the Constitution guarantees that the people retain un-enumerated rights. I, as a citizen of the United States, maintain that one of those unenumerated rights is my right to employ technological defenses against government overreach. Those are rights guaranteed to me by the Constitution. The right of the government to catch those it deems to be "the bad guys" is not.
The problem with this line of argument is that it is a general argument against government and not specific to this issue. You could use the exact same argument for why you shot a police officer who broke down your door after securing a warrant. It would quickly be dismissed in that instance so it should carry little weight in the discussion of encryption. If you want the government to completely give up this line of thinking, you need a way to explain to them why a digital lock/encryption should be treated different legally than a physical lock.
> You could use the exact same argument for why you shot a police officer who broke down your door after securing a warrant.
No, I couldn't. The operative word there is not "shoot", it's "warrant." The fourth amendment explicitly makes an exception for warrants. If the government has a warrant then I am legally bound to hand over my keys. If I don't, they can put me in prison for that.
Your initial comment seemed to imply that a warrant to break the encryption was "government overreach". If not, I don't see how what you originally posted is an argument against ways around encryption. The question is whether the government should be able to access this information and not whether the government can be trusted with access to that information. If your argument is the latter, than you are arguing against warrants in general.
> Your initial comment seemed to imply that a warrant to break the encryption was "government overreach".
I have no idea how you could possibly reach this conclusion. My initial comment did not contain the word "warrant".
By "government overreach" I mostly meant spying on me without a warrant, e.g. the activities brought to light by Edward Snowden, and the common practice of seizing devices at the border.
Sort of a side note, if police kick down the wrong door (this happened not long ago) they're not justified in pursuing murder charges in that case. If they served the right warrant at the right address than yes, that is justified.
This entire write up stinks and I don't trust the government to implement this overreach in any sort of way which benefits the average American citizen. :(
Cryptography has existed for over 3000 years [1], steganography [2] has been documented in use over 2000 years ago and it's possible it has been used much longer (the entire point is we wouldn't know).
If encryption is being used to hide "valuable criminal evidence", how is that different from someone hiding evidence by burying it somewhere or simply destroying it?
We don't detain random people and force them to give up locations of bodies they may or may not have buried, and we don't randomly search people's houses and posesssions -- and we shouldn't be doing the same for encrypted data (and this includes requiring backdoors). If there is other evidence to believe a particular person committed a crime, then get a warrant that compels them to give up the location of the body or the encryption key. If they refuse, then depending on the other evidence used for the warrant it might make sense to hold them in contempt.
In my mind, decrypting data to prove your innocence (in the face of other evidence) is vastly different than decrypting your data because law enforcement is on a fishing expedition (no other evidence).
This- encryption + deletion of the key is basically destroying evidence. Which is already illegal and our justice system already has to deal with. No special casing necessary.
Lots of people are bringing up these type of issues, so let me just address them generally. Defaults are important. Yes, it was always possible to build some elaborate booby trapped safe, bury the evidence in the middle of the Mojave Desert, or cook up some home made encryption algorithm to hide evidence. However that wasn't the default. It took elaborate planning and dedication that most people simply didn't have. For example if the average person jotted down an offhanded note, they probably did it in plain English on a regular piece of paper and left it on their desk at home. Now the same note would by default be encrypted on their phone and protected against warrants.
In the same way that private verbal communications are protected by the fifth amendment -- we cannot force people to testify against themselves about possibly incriminating things.
> Regardless of our views on encryption, we need to have a conversation about that shift. Refusing to have that discussion
That discussion has occurred several times. The government keeps talking after they hear the inevitable "no", at which point it's no longer a useful discussion.
There are no possible alternatives. Every possible alternative is equivalent to a backdoor. Any continuation of a discussion leads to "can we have a backdoor".
"Can we continue the discussion" amounts to "you haven't given us a backdoor yet".
There is a useful distinction to draw, though. There are two versions of "no". Some people use "no, that's not possible" (e.g. for technical reasons or because it'll break security properties), in which case the response either involves asking someone else or trying to legislate without knowledge. And some people use "no, we won't do that" (because it's working as designed and we're not looking to reduce security), in which case the responses involves anger and something roughly equivalent in content and tone to "why do you hate (insert country name here)".
Other useful variations on "no": "and what would you have us say when a country you don't like comes to our offices in their country and asks the same question". That one seems to produce slightly more thought, but ultimately an entitled response suggesting there should be some way to prefer their particular jurisdiction over all the others.
> For all intents and purposes, encryption is a unbreakable lock that can serve to perfectly hide valuable criminal evidence.
This doesn't matter. Our rights are not premised on the ultimate physical availability of any given piece of information. There's no "we can always break into the safe" provision of the 4th Amendment.
Fundamentally, the government does not have the right to any piece of your information. A warrant grants them the temporary right to employ certain techniques to try to get it.
I'm going to reply to myself and also point out that we don't require safe makers to make "breakable" safes.
Safe manufacturers make the strongest safes they can, and in parallel, the government develops their own capabilities to attack those safes to execute warrants.
The same thing is true for encryption. At its base theory, encryption is just math--but it is implemented in software, and software is imperfect. The government can, and does, attack devices to break encryption systems to get what it needs.
In fact, the Justice Department Inspector General found that the FBI did not go far enough in trying this, before it tried to sue Apple in 2016. And ultimately the FBI did get into that iPhone by breaking it.
> For all intents and purposes, encryption is a unbreakable lock that can serve to perfectly hide valuable criminal evidence. Such a thing wasn't possible when our laws were written and has never before been possible in the physical world. Its existence has potential to be a huge shift in how we enforce the law.
This is untrue. The equivalent thing that anybody has been able to do for a thousand years is keep their written down secrets in an undisclosed location. If the police don't know where you keep them and you don't tell them, they have never been able to read them. Finding an anonymous storage unit among millions is no easier than guessing the user's password.
But you could put them under covert surveillance ahead of time to find the location, you say? You can do the same thing to get their password then.
> encryption is a unbreakable lock that can serve to perfectly hide valuable criminal evidence. Such a thing wasn't possible when our laws were written and has never before been possible in the physical world.
Uh... what? There is plenty in the law concerning modern digital encryption. Ciphers have been around for thousands of years. If by "our laws" you mean the constitution, Benjamin Franklin apparently didn't think encryption was worth restricting during the constitutional convention, and that's not because he did not know about it.
> Its existence has potential to be a huge shift in how we enforce the law. Regardless of our views on encryption, we need to have a conversation about that shift. Refusing to have that discussion is likely a quicker path to things like government enforced backdoors than if we engaged with government and law enforcement on possible alternatives
You're acting like this is a new debate, but this is something DOJ has been on about for a long time. If the past is any guide we'll certainly "have a conversation" about it when the DOJ begins attempting to put people using or providing forms of encryption they don't like into prison, just like they tried to do 30 years ago.
You act as if the court has no option if someone won't decrypt something they hold the keys too. This is why contempt charges are a thing.
The government has done an astounding job of showing they are untrustworthy with access to our personal information, or frankly even their own information as the OPM breach makes painfully apparent.
Cryptography is the one thing in the world that isn't easily defeated by the absurd amount of violence States are willing to commit in the interests of controlling society.
That's a feature, not a bug.
I for one am tired of using coercion to define society and we would do well to embrace anything that disempowers violence.
If you have a back door, it’s there for everybody not just the people it’s intended for. Additionally, there’s not going to be a way to force people to use the encryption that happens to have a backdoor.
It’s an algorithm. People who don’t obey the rules will just use a more secure method when they need to protect something.
This is why there’s no point to having the conversations except to explain it to people.
Do you realize how condescending it is when someone comes to you with a problem and your answer is that "is not a discussion worth having"? Warrants losing their power in the digital age is a problem and our community's refusal to recognize that just pushes the government down alternative routes to something like PRISM.
Also focusing on enforcement is making the perfect the enemy of the good. What percentage of communication in this country flows through either Apple, Google, Facebook, or Amazon? A solution that works for those 4 companies would be a huge step even if it wouldn't result in 100% coverage.
And just to be clear, I don't think the answer is necessarily backdoors in encryption. But I recognize that there is a problem and that we should be open to talk about ways to fix that problem.
Do you realize how PRISM is the very reason that the government cannot be trusted?
>What percentage of communication in this country flows through either Apple, Google, Facebook, or Amazon?
You make it sound like data collection and snooping on innocent people is the whole point of it. If backdoors are required on communication that goes through Apple, Google, Facebook, and Amazon then nobody's going to use the communication on those services for illicit activity that the government would care about. They would use something else.
>But I recognize that there is a problem and that we should be open to talk about ways to fix that problem.
There is no talk to be had, because the entire idea is silly. If the US government can mandate backdoors then so will every other government. This would make everyone vulnerable.
Warrants aren’t losing their power, warrants are gaining power! Never before have you been able to issue a warrant to a phone company and get someone’s location in real time, to a tech company and get the copies of all their sent mail perfectly preserved, or to their bank or credit agency to get a record of nearly every transaction they have ever made. The rate at which new information available to law enforcement might be slowing down, but it is still increasing YoY even with encryption on the rise.
> Regardless of our views on encryption, we need to have a conversation about that shift.
Not trying to be snarky here: I don't understand what this conversation looks like. What does it look like? What purpose does it serve, what it's ultimate goal?
But we do have this discussion, but the authorities don't want it. We say "either we have secure communications, or not", they say "I don't believe you, let us have access".
While no physical lock is "unbreakable", there are lots of safes that are close enough to be the same thing to law enforcement. Those safes have existed for a long time.
Computer security is fundamentally different, it is not limited by space or time like physical security. My door locks have to protect me from my neighbors, but my crypto keys have to protect me from anyone with an internet connection.
Also, the importance of being able to get away with crime should not be overlooked. It wasn't that long ago that being gay was illegal. And ICE is operating concentration camps this very second.
Well no, here's another inaccessible bit of information: face-to-face conversations where there are no recording devices present. Hence the importance of testimony in a criminal investigation.
Should we now require all buildings to, by law, record audio conversations in case such conversations might one day be "needed" by law enforcement? Or perhaps there are other ways to perform targeted wiretaps?
It's always been possible, and frequent. People have had innumerable conversations relevant to criminal intent, and refused to divulge information on them. The founders were certainly aware of that when the Fifth Amendment was added to the constitution.
It was the development of telephone communication, and warrants for wiretapping, that first made such private communications accessible to the government.
>For all intents and purposes, encryption is a unbreakable lock that can serve to perfectly hide valuable criminal evidence. Such a thing wasn't possible when our laws were written and has never before been possible in the physical world.
> and has never before been possible in the physical world
People have been hiding information and assets via buried treasure for millennia, with the key (location) only accessible in the brain of the one burying it.
Is it easier now? Sure. But there've always been physical analogues.
If we are going to continue with this metaphor of encryption being a lock...
If you obtain a warrant to bypass that lock, then you have the right to compel me to hand over the keys. In this case, that metaphorical "key" would be my "private encryption key".
The point where this metaphor breaks is when I either refuse to provide that key, or have lost/destroyed it. On one hand, it's trivial for a physical lock to be bypassed, either by picking it or destroying it, thereby allowing you to "get inside" and (the end goal) "search". Of course, to "search" encrypted data does not involve "getting inside". It involves decryption.
The problem is that there's no way for the government to actually enforce this 100% - sure, on the average person, but we have to assume that someone engaged in espionage / terrorism / etc. is going to take additional precautions. The threat doesn't go away by doing this.
Nothing assumes 100% perfection as a requirement. We might not like it but if, say, popular services had a way to satisfy warrant requests that would mean that most cases would be satisfied with a warrant even if a small percentage required something else, just as the existence of very hard to open safes doesn’t mean most criminals use them.
To be clear, I’m opposed to widespread access and would want a warrant at a minimum but honesty compels me to note that there are crimes which would be solved if someone used, say, SMS but not Signal and we should consciously accept that as the cost of not living in a surveillance state rather than pretending it’s not true.
Yeah you get the majority easy enough. They’re mostly law abiding anyway, so you conjure up as much petty crap to pin on them to justify the police state.
Meanwhile the connected and savvy minority coddle pedophiles and grifters among their lot.
These are not really new concerns or ideas. The context has shifted from “meatspace” to “cyber space”. Generally the old ideas of trust and verify, avoid unenforceable, spurious, overreach still apply.
There’s an interesting parallel to the Pareto principle here, IMO. Society is pushing for more and more policing of the 80%ish and less on the 20%ish.
Wealth inequality, and civil rights inequality, filter into our tech contexts.
Too bad we largely focus on these things in our favored context rather than see it as the general political plight of the masses, as it really should be considered, IMO.
> Regardless of our views on encryption, we need to have a conversation about that shift.
I agree that this is the real discussion, but I think that there is indeed a vibrant, worldwide discussion happening on this topic with more frequency and intensity than has ever been the case before.
The writing on the wall is unambiguous: the internet is an evolutionary force whose trajectory and destiny are to deprecate monopolistic government. This has already been shown convincingly with respect to censorship. It is increasingly obvious with respect to intellectual property and remix art. On the horizons are monetary policy and policing.
The humane and sane approach here is to get out of the way and let evolution run its course. Every time the state insists on pre-information age norms, it sounds to me like a whining adolescent, surprised that some of its childhood toys have broken.
The old model of investigative surveillance is broken - broken because of cameras which can reveal the conduct of (uniformed or undercover) state agents, broken because instantaneous worldwide communication moves much faster than bureaucracy, and yes, broken because cryptography.
Sure, you can also destroy evidence! This is already a crime we deal with.
Encrypting and throwing away the key is deleting with more steps - in fact it is often an implementation detail of deletion in some software systems. It is already illegal, and already something our justice system deals with. No power grabs necessary.
> Sure, you can also destroy evidence! This is already a crime we deal with.
That is just assuming the premise. Destruction of evidence is a crime, but destruction of private lawful communications is not. The FBI has no right to a married couple's sexting.
The usual case for destruction of evidence is one of two things. Either they produce some emails where you're conspiring to destroy evidence, or that they catch you in the act, seize the evidence you were destroying, and then use it to prove that what you were destroying was evidence.
Finding someone with a bucket full of confetti or an encrypted drive but no key isn't evidence of a crime, and it's unreasonable to be able to put anybody in jail just because they shredded their old credit card statements or can't remember the password for an old device that has been in a closet for three years.
The fact that the FBI has no right to a couple sexting without a warrant is exactly why encryption is fine. When they present evidence to a judge that there is something they need in those conversations to prove a crime, and get a warrant, then it becomes evidence in a criminal investigation.
IANAL or law enforcement, but I don’t see the problem with this system.
The problem is that you may not be able to decrypt it.
It's like finding some footage that you drove into and out of a place where there was a murdered body during the same time that the body went missing. That's circumstantial evidence you might have moved it, and it might convince a judge to issue a warrant and have the police search your residence for evidence. But if they can't find anything it's not reasonable to charge you with destruction of evidence for not producing the body, because they haven't proved beyond a reasonable doubt that you could have.
People forget passwords all the time. Sometimes the police find the phone of somebody else who left it in your car and you didn't even realize it was there, and now you think they planted it and they think you won't unlock it, and the person who knows their phone is missing would rather see you in jail than claim the phone and end up there themselves. Higher level paranoia security systems can make unused space indistinguishable from encrypted data, or send cover traffic when there is no real traffic, and there is no way to decrypt it because it's not actually encrypted data to begin with.
There is no way to prove you can't decrypt something which means it's unreasonable to demand that somebody do it when they may not be able to.
Planting evidence, losing keys, forgetting where you buried something or being falsely accused of burying something are not new. Dealing with these gray areas is the job of the judge and jury, and it isn’t a technical problem, or a new one.
I am not sure you can be compelled to remember something you forgot. And nobody can tell you if you remember or not, or if you will ever remember again.
So no, some judge may try to hold you in contempt of court, and it may work for a while, but at some point -- if you have a good lawyer it will turn in to a civil rights issue.
Also, you could plead the 5th as well.
NOTE: I am not a lawyer, and these are just my opinions on this matter.
Courts have ruled that providing a password to decrypt something is not in itself testimony and isn't protected by the 5th amendment.
Judges can certainly hold you in court indefinitely on a contempt of court charge as well. Considering the nature of the charges that this typically comes up in (see Francis Rawls) I wouldn't count on trying to make it a civil rights issue doing much in your favor.
It’s important to point out in this case the stated reason for the contempt charge is the “foregone conclusion” that there IS child porn on those encrypted drives, not the mere existence of encrypted drives with what could contain anything.
Police can’t compel you to provide a combination to a lock (encryption key) to go on a fishing expedition, but if they KNOW the safe contains illegal contents then you can be held in contempt for not providing it (they already know it’s in there).
Without spending forever delving into the case record I can’t comment on whether they should really have a high enough certainty that the drive does contain CP, but the argument in this specific case does match our interpretation of the 5th amendment when it comes to physical locks.
This is a good argument WHY encryption is important, however. Backdooring crypto would allow law enforcement to fish through everything they want with wanton disregard for the fifth amendment, instead of needing to build up a suitable case for illegal acts being committed with standard investigatory techniques. This right here is how the system SHOULD work.
If the prosecution has such convincing evidence that the drives contain the images they say, then why do they need to compel the defendant to do anything at all? If it's such a foregone conclusion, why not just go ahead and try him on the child porn charge?
Dunno, I’m just an armchair lawyer who watches too many Leonard French videos. Like I said in my original comment, I haven’t read the case record in detail, nor am I familiar enough with the Federal Rules or Criminal Procedure to know if there’s some evidentiary requirement they cannot meet without the contents of the drive or whatever.
I’m guessing it’s because they are operating off testimony of a witness (defendants sister) claiming she was shown the alleged images, and since they weren’t on the unencrypted internal drive they MUST be on the encrypted external drives. That combined with the knowledge that these files were in fact purportedly known to be downloaded via his internet connection is enough for something, but all they have without the drives is hearsay, hence the compulsion to decrypt then?
Personally I think in this instance with recent rulings that an individual cannot be identified by an IP address and a single witness that there isn’t enough to KNOW anything, otherwise I could wardrive around, download a bunch of CP on somebodies connection and say I saw them looking at it through a window or something.
All I know is that we do have precedent for this in the physical world, so it’s not a logical leap to require disclosure of cryptographic keys when we KNOW what they unlock.
This situation also has an analogy in the physical world: if the owner of the key is dead or otherwise non-coercible, that's effectively the same as a physical document being destroyed.
I wonder whether there is any work on plausibly deniable public key cryptography.
The sender uses the public key to encrypt the plaintext, and the receiver uses their private key to decipher the ciphertext, as usual. But, on being compelled, the receiver can also choose an arbitrary target plaintext, and efficiently compute a new private key that maps the ciphertext to the chosen target plaintext.
It is designed for that, and more. In fact, it does not leave the theoretical "anyone could fake the logs", they created a tool to do so, so that you do not need an expert witness to explain to court that someone could doctor the logs - a tool exists for it. On purpose. They call it Deniable authentication:
> Messages in a conversation do not have digital signatures, and after a conversation is complete, anyone is able to forge a message to appear to have come from one of the participants in the conversation, assuring that it is impossible to prove that a specific message came from a specific person. Within the conversation the recipient can be sure that a message is coming from the person they have identified.
Encryption relies on a secret. It's like burying a treasure in a place only you know, and keeping the location a secret (e.g. in your head). Encryption just gives you a huge digital space where you can bury your treasure instead of a physical space where you can bury it.
Sure, people can just search everywhere for your pirate gold (brute-force attack), use advanced reasoning to narrow the search space, like "you lacked the means to 'bury' it in solid stone" (cryptanalysis), develop technology to speed up the search like ground-penetrating radar (e.g. GPUs, asic, special purpose programs) or try to coerce you to reveal the location (monkeywrench-to-knee passphrase cracking).
What the governments wants is that the maker of the shovel you used to bury your treasure not only has to track where you took that shovel but also has to tell the government that information without you telling the government got the information.