[happythomist]

> Do you think, in that scenario, that safe manufacturers should be required to make a master key and distribute it to law enforcement?

I'm not sure, to be honest, but I think it's certainly a reasonable position to take.

> IANAL, but as far as I know, if the police can't physically break into your safe, there is nothing saying that they have any legal recourse to compel you to open it.

If it can be established that the safe is yours and that you possess the key or know the combination, I believe a court can indeed order you to open it or to produce the contents, punishable by contempt of court.

> Any why should it be the responsibility of the manufacturer/service provider to supply law enforcement with a key?

Because the state has a compelling public interest in ensuring that law enforcement can successfully execute lawful search warrants. The existence of indestructible safes would constitute a significant impediment to achieving that goal, so manufacturers of such safes have the responsibility of ensuring that law enforcement can access them.

I don't necessarily agree with that argument, but I don't think it's unreasonable.

[RussianCow]

> If it can be established that the safe is yours and that you possess the key or know the combination, I believe a court can indeed order you to open it or to produce the contents, punishable by contempt of court.

I got curious about this, so I did some quick research. Again, IANAL, but my understanding is that, in the US, the court can order you to give up the physical key (if it is determined that you have it) but not the combination. The latter is protected by the Fifth Amendment right against self incrimination, in the same way as sharing knowledge verbally. So then the question becomes, is an encryption key (or passcode, etc) more like a physical key, or a combination? If the former, then you would be legally compelled to decrypt it if law enforcement asked you to do so. If the latter, however, then there is no legal way for law enforcement to force you to decrypt the device.

The legal framework for deciding how to handle encrypted data already exists, it's just ambiguous. Instead of passing a law that completely changes the scope and usefulness of encryption, doesn't it make much more sense to simply disambiguate and update existing laws accordingly? I don't know the full repercussions of that, but it seems that there exist less drastic solutions to the problem.

> I don't necessarily agree with that argument, but I don't think it's unreasonable.

I think it is unreasonable because it's asking companies to willfully violate their user's privacy and trust, and to severely undermine encryption as a whole. There is zero chance that this does not get abused.

[happythomist]

> The latter is protected by the Fifth Amendment right against self incrimination, in the same way as sharing knowledge verbally. ... If the latter, however, then there is no legal way for law enforcement to force you to decrypt the device.

Not exactly. Yes, revealing the combination requires the person to implicitly admit that they know the what the combination is. But if the government can prove that they already know this "testimony" -- which they can in most cases -- then the "foregone conclusion" doctrine applies and the 5th Amendment privilege cannot be asserted. See, for example, the Massachusetts Supreme Court's decision in Commonwealth v. Jones. [1]

There is also conflicting 11th Circuit precedent that further requires the government to establish with "reasonable particularity" what is on the encrypted device. [2] In my opinion this is not correct; the contents of the drive have nothing to do with the testimonial value of the combination. In any event, this issue will eventually need to be resolved at the Supreme Court.

> I think it is unreasonable because it's asking companies to willfully violate their user's privacy and trust, and to severely undermine encryption as a whole. There is zero chance that this does not get abused.

I don't see how it violates user privacy or trust. In general, you don't have the right to keep records secure from law enforcement if they have a warrant. If this law is passed, these companies should simply disclose to their customers that they will provide law enforcement with the means to decrypt their data, as many already do.

I also don't see how it severely undermines encryption. Yes, end-to-end encryption is more secure, but it's not the industry norm. Security is relative, but I wouldn't call Gmail "insecure" just because Google allows law enforcement to read emails with a warrant.

[1] https://www.socialaw.com/services/slip-opinions/slip-opinion...

[2] https://www.eff.org/files/filenode/opiniondoe22312.pdf

[RussianCow]

> Not exactly. Yes, revealing the combination requires the person to implicitly admit that they know the what the combination is. But if the government can prove that they already know this "testimony" -- which they can in most cases -- then the "foregone conclusion" doctrine applies and the 5th Amendment privilege cannot be asserted.

That's fascinating, thank you for sharing! That helps make my point, though, that the legal framework for handling encryption already exists and just needs to be clarified a little bit, instead of making new, far-reaching laws with serious implications on the landscape.

> I don't see how it violates user privacy or trust. In general, you don't have the right to keep records secure from law enforcement if they have a warrant. If this law is passed, these companies should simply disclose to their customers that they will provide law enforcement with the means to decrypt their data, as many already do.

It will get abused. Just like wire tapping got abused, just like NSA surveillance got abused. Furthermore, having a master key floating around means that at some point, inevitably, a foreign government or organization will get ahold of it. If this were implemented correctly—over a special, secure channel that only law enforcement could access (with a warrant!)—that would be mostly harmless, but I simply don't trust our government and businesses to implement anything correctly that has to do with the privacy and security of user data. There have simply been too many previous violations.

> I also don't see how it severely undermines encryption. Yes, end-to-end encryption is more secure, but it's not the industry norm. Security is relative, but I wouldn't call Gmail "insecure" just because Google allows law enforcement to read emails with a warrant.

But the issue with bills like the EARN IT Act is that they make end-to-end encryption completely infeasible for any company to implement. That's the problem: you can't even have E2EE in the first place if it passes, because it conflicts with the requirement to allow law enforcement to be able to read messages.

[happythomist]

> That helps make my point, though, that the legal framework for handling encryption already exists and just needs to be clarified a little bit, instead of making new, far-reaching laws with serious implications on the landscape.

I think this can be a reasonable argument, but it depends on whether criminal suspects generally comply with decryption orders. If most don't, then it is understandable that the government also wants the keys to reside with parties that almost certainly will comply: OEMs and service providers.

> It will get abused. Just like wire tapping got abused, just like NSA surveillance got abused.

Yes, warrants get abused, but they're necessary for the criminal justice system to function.

I think we need to be careful not to conflate this issue with warrantless surveillance, which is a different beast.

> Furthermore, having a master key floating around means that at some point, inevitably, a foreign government or organization will get ahold of it.

I don't see why this is necessarily true, and many Internet services are premised on it not being true. HTTPS requires that you trust the ability of CAs to keep their master keys secret. Gmail and Outlook require that you trust that Google and Microsoft will keep their master keys secret.

> But the issue with bills like the EARN IT Act is that they make end-to-end encryption completely infeasible for any company to implement.

I realize that. My point was that there's an argument to be made that in practice, most people don't use E2EE or even need it in the first place.

E2EE is probably necessary in certain cases -- for example, if you're a dissident in an authoritarian regime. But that doesn't mean it needs to come standard on every iPhone.

To be honest, I'm undecided on this issue. Maybe the security benefits of standard E2EE are worth making it more difficult for law enforcement to execute lawful search warrants. But to me the answer isn't obvious.

[RussianCow]

That's fair. It's definitely a tradeoff. I guess I'm sensitive to it because I strongly value freedom of speech and the right to privacy, and generally like governments having as little power as possible (to lower instances of abuse). I realize that you have to draw a line somewhere, though, and I don't have enough data to make any judgement on whether something like this is necessary. But in any case, I certainly hope it isn't!