[_ah]

I have always thought the best solution is strong encryption, plus weak encryption.

Every user has their data encrypted with a unique, zero-knowledge, weak key. Then it's encrypted again by the service provider with a strong key.

When the government shows up with a warrant, they get the strong key. But the weak key is known only to the user, not the service provider. So now the government has to go spend CPU time to brute force the weak key.

Economics enforces good behavior. Governments with lots of resources can afford to break into any single user's data. But they can't afford to break into EVERYONE'S data and go fishing. It's the same as hiring detective to do a stakeout... you can follow anyone but you can't follow everyone.

[hcfman]

There's a funny/sad story about the first person in the UK to be jailed for not giving up his password under new at the time laws in the UK. He was a person crossing the channel with mental health problems. He was stopped and he had some este model rocktry rockets. He was found to have a couple of micrograms of an explosive on him that could have come out of the search dogs fur. He refused to give up his passwords and so he was jailed. He did give up one password to a truecrypt volume, but it had another encrypted truecrypt volume inside it. He was jailed for a year for that.

[stiray]

You can do whatever you want when you are the only player on encrypting data. The problem is interoperability and I imagine "backdoor" that cops want as a way to decrypt tls (which is quite doable, with reasonable safety in mind, to each request you add symmetric key used in data encryption, encrypted with supercop-public-key, distributed on daily bases).