Its more like "Give your house keys and safe combination to BigCorp, so that if we get a warrant for the contents of your safe, we can serve the warrant on BigCorp and more easily covertly execute the warrant without you knowing that it has happened. And try not to worry that no one at BigCorp will ever abuse the fact that they have your house keys and safe combination, or fail in their responsibility to safeguard those items from criminals."
Well, I kinda view giving my keys to BigCorp as leaving the door unlocked. From a privacy standpoint, I think that is also how it works [e.g. 3rd party doctrine]
Er...no. In the real world they don't always arrive with a SWAT team. Many warrants are served peacefully, and they have even been known to use locksmiths. I don't agree with stereotyping encryption users as if they were criminals, nor do I agree with stereotyping law enforcement as if they were shock troops.
> legally entitled to break into your house even if you don't want them to.
You even admit I'm right yet claim I'm not. So I'm kinda confused.
The key phrase there is "break in". As in, they acquire access without the consent of the owner. In this case, the "door" is the encryption key which they are expected to acquire and/or break so that they can gain access.
A conventional door you can:
1) Get a locksmith to essentially duplicate the essential function of a key to gain access. [Steal the Key]
2) Kick it in. [Brute Force]
3) Convince the owner to cooperate. [Social engineering]
They have the same options to acquire an encryption key. The fact it makes their job more difficult isn't relevant.
Cash makes their job more difficult as well since its essentially anonymous when handled with gloves. Should we ban cash and gloves too?
Of course it is. You keep your front door locked, you might have a lockable screen door and bars on the windows, or a burglar alarm or a number of other security precautions, but I'm pretty sure you don't live in an impregnable fortress or a bank vault.
More likely you have a basic level of security that deters crimes of opportunity, perhaps even a serious burglar, and that is sufficient, same as for most people. Now maybe I'm wrong and you live in a decommissioned missile silo or some other super-hardened structure, but to pretend that there's no difference between basic security measures and leaving your front door unlocked is total BS.
Encryption isn't an impregnable fortress. It is a basic, locked door.
Say you use TextSecure. If someone installs Malware on the phone and keylogs, they can capture your password. With the password and the phone, they can decrypt the messages.
I'm not sure why this is the equivalent of a bank vault to you? It can be defeated by some guy in his basement.
Law enforcement has shown the ability and willingness to use malware as well.
1) The app store is still controlled by the corporation.
2) Malware to capture the key is all that is required.
3) Law enforcement is capable of producing malware competently and legally forcing it onto machines.
4) The corporation can be legally compelled to install said malware via an automatic update [thereby disabling and/or capturing the key]. If that isn't an option, there are various other methods [such as taking the person into custody, installing the malware manually, then releasing them].
The only difference is the number of steps involved.
This is absurd. The complaint is that if service providers like Apple and Google maintain a backdoor to assist law enforcement, then it's wide open to any other attacker - fair enough.
Now you're saying it's just a basic locked door and it's trivial to break anyway and law enforcement can legally force malware onto machines if they need to do password harvesting, which to my mind sounds worse than having a backdoor in the first place that might be exploitable.
If I understand you right you just want some additional steps for law enforcement to go through (although the legal step of getting a warrant should be sufficient; making it more difficult after that is obstructing a lawful search rather than an opportunistic one. But now you also potentially have malware in the wild, because it's not beyond the capacity of bad guys to set up a honey pot to attract the attention of law enforcement.
Sorry, I just find you argument fundamentally circular.
No, pedantry and fundamental misrepresentations are absurd. That is exactly what you are doing.
Let us start from the top to get this across:
Me:
> "Leave your front door unlocked. Just in case we want to search you for drugs/obscene material/weapons/etc."
I said people have the right to lock their door [encryption key -> encryption software == key -> door].
You:
> Except it isn't. When the FBI has a warrant they are legally entitled to break into your house even if you don't want them to.
Yes, they have the right to break into your phone. That doesn't stop me from having a lockable door. It is perfectly legal and has always been so. There was a fight about it in the 90s with PGP and such.
So you are agreeing with me. Except for the fact you put "except it isn't" without providing any actual proof it isn't. Because y'know, there is no actual proof I'm wrong.
Me:
> The key phrase there is "break in". As in, they acquire access without the consent of the owner. In this case, the "door" is the encryption key which they are expected to acquire and/or break so that they can gain access.
You:
> Your original claim was that you were being asked the equivalent of leaving your house unlocked for their convenience, which is a wild exaggeration.
That isn't a wild exaggeration. Plain text being stored accessibly from the internet is the equivalent of leaving your house unlocked. Its basic, fundamental security. Its why you hash your password and store your backups in an encrypted container.
I don't understand why basic, standard precautions any competent IT person engages in is "wild exaggerations".
Me:
> No, it isn't. If I don't have the ability to prevent 3rd parties from entering my house, it isn't a wild exaggeration.
If strangers can walk into my house without breaking in and do WTF they want, it isn't locked by any sane definition.
You:
> Of course it is. You keep your front door locked, you might have a lockable screen door and bars on the windows, or a burglar alarm or a number of other security precautions, but I'm pretty sure you don't live in an impregnable fortress or a bank vault.
Now that is a wild exaggeration. Encryption is not an impregnable fortress.
Me:
> http://www.wired.com/2013/09/freedom-hosting-fbi/
> 1) The app store is still controlled by the corporation. 2) Malware to capture the key is all that is required. 3) Law enforcement is capable of producing malware competently and legally forcing it onto machines. 4) The corporation can be legally compelled to install said malware via an automatic update [thereby disabling and/or capturing the key]. If that isn't an option, there are various other methods [such as taking the person into custody, installing the malware manually, then releasing them].
A couple of ways in which encryption can be circumvented (malware, two delivery methods)
You:
> This is absurd.
At no point did I say it was "trivial". You've resorted to misrepresentations, putting word in mouth, etc. to argue with me.
The fact you are going to such lengths to argue against an obvious and accurate analogy [in the majority opinion, since I'm being upvoted while you are downvoted] is absurd.
You:
> If I understand you right you just want some additional steps for law enforcement to go through
At no point did I say that. What I have said this whole time is "Same steps as serving a physical warrant? Well, same for technology."
Get Warrant from Judge -> Serve Warrant [Force Entry if required] -> Find Evidence.
That is how physical warrants are handled and it is how digital warrants should be handled. That is how it works for computers too, fyi. Like desktops with full disk encryption.
"Leave your front door unlocked. Just in case we want to search you for drugs/obscene material/weapons/etc."
I don't know about you, but I don't want to leave my house unlocked 24/7 "just in case" the FBI wants to serve me with a warrant.