| I'm from France, I read the Cassation ruling, and I'm law-savy. First, we wouldn't care of what the 1st court ruled.
Nobody would consider a 1st court ruling as a new statu-quo. Content of the 7h November 2022 ruling :
https://www.courdecassation.fr/decision/6368dc51f1ea8a7f744f...
> It says that's an iPhone 4... > the lower court (Cour d'Appel) ruled that the passcode is not a "cryptographic convention" (which both the Algorithm and Private Key would classify as), and consequently that the person is not guilty. > The general prosecutor, not happy with this verdict, appealed to the higher court (Cour de Cassation), arguing that the lower court violated the law by insufficiently researching IF on the concerned iPhone 4, does the passcode is a "cryptographic convention" Because when a Cour d'Appel applies a law, in this case, without not even research if this specific law is applicable to this specific element, it can be broken by the high court. The Cour d'Appel did not even have to be "right" or sufficiently technically competent.
The Cour d'Appel only had to declare that it researched IF on this phone, the passcode was a "cryptographic convention". If the Cour d'Appel declared such a thing, EVEN IF IT WERE BLATANTLY FALSE (I'm not arguing myself for the correctness here of this statement), then the Cour d'Appel would be deemed to have stated its sovereign judgment on this matter. On such a task, The Cour d'Appel could not be overridden by the higher Cour de Cassation. (the Cour de Cassation cannot re-evaluate the sobering judgment of the Cour d'Appel). BUT, the Cour d'Appel intended to apply the "refusing to yield the cryptographic convention == bad" law, without even researching IF beforehand this was REALLY a "cryptographic convention". The general prosecutor leveraged this oversight by asking the Cour de Cassation to break the lower court jugement. He won. The Cour de Cassation break the lower court ruling, and sent them back to court again.
The break ruling is : > By affirming that the passcode is not a "cryptographic convention", WITHOUT analysing the technical characteristics of the concerned iPhone4, yet essential to figure out a decision, the lower court insufficiently justified its decision ==== What I have to say on this matter It's an old iPhone. I'm a bit lazy to Google what's the passcode is doing on the range of iOS versions supported on such an old phone. A 4-8 digits passcode is not enough not be secure. That's weak as hell.
That's only 10^8 possibilities, and the Private Key can be brute-forced in 1 second. Still, IF on this old iPhone the weak-as-hell passcode was the Private Key of encrypted data, then it could be deemed a "cryptographic convention", and the person could be deemeded guilty. On a RECENT iPhone, I think that this person could escape being guilty for not giving its homescreeen password or code. On RECENT iPhone, those weak (4-8 digits) are NOT part of a "convention de déchiffrement"
The passcode is neither the crypto algorithm, nor the Private Key to the data. on recent iPhone, the password is ONLY a key to a safe : the Secure Enclave (T2 chip). The Secure Enclave, even in rescue mode, has an API, and only accepts ~10 passcode attempts.
When you succeed, you are giving a mean to decipher data. I don't even know if : - the Secure Enclave yields back the Private Key - or just provides an hardware API to further decrypt data. What I mean is that on recent iPhone, the passcode is NOT part of the "cryptographic convention".
It only unlocks a safe : the Secure Enclave. That would be the same thing as storing the Private Key in a safe. On iPhone4, probably the passcode IS used as a seed to regenerate the Private Key, and as such refusing to give it to police is breaching the law. On iPhone with Secure Enclave + T2, probably the passcode is not used as a seed, because that would be weak as hell. refusing to give it to police is possibly not a breach of law. |
Same thing with LUKS. Password just unlocks the encrypted master key stored on the disk, which is then used to decrypt actual data.
Not sure why this one layer of indirection would matter to purpose of the law.
If you erase the LUKS header (by some tamper detection mechanism), then you will not be able to provide any means to decrypting the actual data, even if you give up the password. That may matter to the law, since nothing it does may ever yield the decrypted data.
But this same effect can be achieved with direct password->key transformation. Tamper detection can erase the data itself instead of the master key.