[Cryptography] Ad hoc "exceptional access" discussion at Crypto'15 ?

Jerry Leichter leichter at lrw.com
Tue Jul 14 17:00:38 EDT 2015

[Moderator:  This may be wandering far afield from crypto.  Obviously, feel free to choose not to forward to the list.]

On Jul 14, 2015, at 12:59 PM, Ray Dillinger <bear at sonic.net> wrote:
> I have no issue with law enforcement's desire to execute search
> warrants - you know, the kind where they have to go to court and
> get an actual judge to sign off on a warrant to search for a
> very specific thing in a very specific place, and that warrant
> then becomes public record. With a warrant they have, in addition
> to the general access allowed to the public, the right to enter
> premises and seize property, or compel the cooperation of the
> person whose stuff they're pawing through before actually
> pawing through it (or face arrest),
This is way off.  A search warrant lets them ... search.  They can physically search your property, even your body.  They can't require you to tell them where you store your records, or unlock your safe.  Of course, if you don't, they'll search everywhere and get someone to open your safe - and if that requires destroying your safe, tough - you had the choice to open it yourself.

It's an undecided question whether they can compel you to unlock your computer or give then your crypto keys.  Cases have gone both ways.

Other kinds of cooperation (perhaps under physical compulsion) - e.g., getting a DNA sample - require something beyond a general search warrant.

Oh, and "arrest" is not a punishment or penalty - it's a way of gaining physical control over your person.  Many innocent people are "arrested"; that's an expected side-effect of needing to take control over them *before* they can be tried and adjudged guilty or innocent.  They are *assumed* innocent until then, but they're still arrested.

> A search warrant is not a surveillance order.
This is true.  There are court orders other than search warrants.  "Surveillance order" isn't, as far as I know, a legal term - but many things these words would appear to cover may well be available under lower standards than search warrants.

> Surveillance means COVERTLY observing someone, and what our constitution
> (though in many cases unconstitutional laws exist) allows for
> COVERT observation on people is that law enforcement gets
> exactly the same access to someone that members of the general
> public have.
Incorrect.  Wiretaps have been allowed (with suitable court orders) for many decades.  The courts readily allow the planting of bugs in, say, restaurants where Mafia dons are alleged to gather.  Courts have decided that the FBI can't *on its own* decide to plant a GPS tracker on someone's car - but they didn't say the FBI can't do it, they said the FBI has to get permission from a court first.

*You* may think this is "unconstitutional", but you're simply wrong.  There's nothing to debate here:  "Unconstitutional" is a term from *within* the current American legal system, which has its own standards and mechanisms for deciding when it applies.  Those standards and mechanisms *define* what "unconstitutional" means.  To say otherwise is like deciding that, sure, your team scored fewer runs in the game yesterday - but *your* definition of "winning" a game of baseball is "left fewer men on base", so your team *really* won.

> When you do surveillance, you don't get the keys
> to someone's house.
Not only can the government do so, it can *compel* a third party (like your landlord) to provide them.

>  Meaning you don't get cryptographic keys
> handed to you either.
*In general*, there is no issue with the government compelling the production of cryptographic keys.  The only open issue whether *you, personally* can be compelled to produce *your own* keys - because we have a special rule in the Constitution protecting you against self incrimination.  There are some other special protections - spousal privilege, attorney-client privilege - that might, in some circumstances, prevent certain people from being compelled to produce keys - but those are *exceptions*.  This is *exactly why* you don't want to share your keys with, say, your cloud storage provider:  The provider can be compelled to produce your keys and you have no say in the matter.  The government doesn't have to inform you; your provider doesn't have to inform you and, even if they want to, they may be ordered not to.

> ...But the police are not (constitutionally)
> permitted to break the law for purposes of covert surveillance.
Incorrect.  Just as an exercise:  Where in the words of the Constitution do you find any such protection?  The closest you will get is the Sixth Amendment:  "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."  Nothing here about *how* the search or seizure is done - just that the US government (later extended to the States through the Fourteenth Amendment) need probable cause before proceeding.

> And while surveillance may be done secretly, serving a warrant
> must (constitutionally) create a public record for accountability.
But that record can be kept secret pretty much indefinitely under the right circumstances.

> I really hate unconstitutional laws.  How long until they are
> struck down?
If you want to say these laws are wrong, immoral, against public policy, dangerous, a threat to democracy, an affront to human privacy and decency - I'm with you every step of the way.

Stating they are "unconstitutional" is bringing a knife to a gunfight.  Let the lawyers fight that one out.  I'm not a lawyer myself, so there are probably some mistakes in my statements above - but based on reading about this stuff, I think I'm closer to the gist of things than you are.  (You might want to spend some time at http://popehat.com and http://blog.simplejustice.us and https://www.washingtonpost.com/news/volokh-conspiracy/ - and a number of other quality sources they will lead you to - to get some idea of how the law really works.)
                                                        -- Jerry

More information about the cryptography mailing list