This is already tested somewhat in the UK, where you're required by law to provide a password to an encrypted file or volume when asked. If you're in possession of the encrypted volume, the courts assume you know the password, and throw you in jail if you don't. Obviously this can be easily abused by slipping an encrypted USB drive into someone's backpack.
The point is that they will look at intention and surrounding context - is there a crime leading to you in some way and could it have been facilitated in part by encrypted messaging? Did you also transit a billion random Spanish words during this time frame? If so, it seems to follow by their current laws and logic that they can assume this was encrypted information and therefore broke the law. And if you refuse to decrypt it for them, that's another broken law.
Perhaps we need to make a special decrypt program, one that accepts any password and just produces some log files. They can't prove it is not the data (except by claiming they planted it)..
This is done on projects like VeraCrypt with hidden containers to give you plausible deniability - one password opens the decoy container and another opens the real one. Of course this means a ton of wasted space on the disk, and as soon as you boot the decoy container it starts desytroying hidden container data. And also there's apparently ways to detect hidden containers if this is to be believed:
Encryption is the one-to-one mapping of a set of bytes to a set of bytes. Software + key is the mapping function. When doing cryptographic forensics you don't use the user's software, you use your own.
So proving that the user's decryption program is fake is trivial and may not even come up as you wouldn't bother running it.
And you can't choose keys in a way that would alter the byte mapping in a way that you can control, the true key will map to the true data, and anything else will map to random bytes.
What if I use my own proprietary encryption algorithm? If I don't specify a file extension, then how could they tell what algorithm is used -- it's just a scramble of bytes.
In fact, what if encryption one day gets so good we cannot distinguish it from plain English? Kinda like trying to spot LLM generated content.
I recommend filling up the empty space on hard drives and flash drives with random data from /dev/urandom. What is the government going to do, try and get you to decrypt that? On my computer I already have several terabytes of completely random data. Decrypt that, thought police.
If encryption is illegal, you are suspected of having to encrypted data and don't provide the keys, the police won't be puzzling about what's random or encrypted bytes: they'll interrogate you, abuse you and throw you into jail.
There is no law in the UK making it illegal to possess random data. And I strongly encourage other people to use the "dd" command and create some large random files on their own computer, themselves. It's a perfectly legal form of protest. The more people that do so, the less these key disclosure laws can be enforced?
In fact it would be really nice if Android smartphones, when encryption is enabled, fill up all the unused space with random data. I wonder if they do that already or not?
Even better would be have the operating systems fill up the unused space with random data upon partitioning the disk, by default. SSDs are very fast nowadays so it doesn't really take too much time to do so.
This random data filling could even be implemented by SSD controller firmware. Any SSD firmware developers here, please consider doing this by default, as it would severely impact the ability of the government to violate our rights. If AES crypto hardware is available, just use a random key, and let the hardware generate a stream of encrypted zeros.
Also if you run a Web site, you can generate chunks of random data dynamically each time and serve it up to the users. That way it will end up being stored in peoples' browser caches worldwide. Even a couple of kilobytes at a time would be fine. This can be embedded in HTML files, added as dummy data in video files, music files, JPEG, PNG, etc. Again, this is all perfectly legal to do. Transmission and possession of random data is not illegal.
So anywhere you can, if it's cheap to do, don't pad it with zeros, pad it with random numbers instead! You can even do it with RAM, because it will likely end up in the swap space at some point.
When nearly every computer or embedded device out there contains large quantities of random data on it's disk, these "key disclosure laws" will be rendered completely useless.
But I strongly doubt it's illegal to cause thousands or even millions of computers to have random data in their browser caches, as long as no hacking takes place? Just by padding files with dynamically generated random data, as I described above?
We could write software to do this, and people can install it on their web servers, as a means of protest?
They’ll be interrogating and torturing suspected individuals, but the ability to perform dragnet surveillance or steal your data without a warrant would be curtailed. The comic mocks encryption advocates but portrays a return to old school police work necessarily limited in scope, which is what we want.
You're speaking as if this will help you. If you go to the prosecution/trial phase, you will be found guilty since you probably hadn't the best opsec and forensic analysis of your computer found the encryption/steganography software you used, or you left something in the system logs (e.g. timestamps of accessing files), or you left something in the thumbnail cache, or you did not rename the file before deleting it, or the timestamp analysis of e.g. you browser data and logs will show clear behavioral patterns pointing to you hiding data. If you use VMs, their ram is stored in a plaintext file unless you configure it otherwise, on your ssd it never goes away due to wear protection. Even if you had an encrypted drive you will be forced to give them the key, then they will rederive the master key and analyze parts of the disk free space to find something on you, again on ssd this is a certainty and on for example Bitlocker you can never change the master key, ensuring you going to jail.
Even if all of this did not incriminate you, you're in trouble for something in the first place, since you're on trial, right? So probably other people you communicated with lead them to you. And in this case, the judge applies common sense, there is this traffic cell of 6 people and on 5 computers we have clear evidence but on 6th nothing, therefore you're still probably 95+% guilty? Judges aren't stupid.
People making comments like yours annoy me since you seem to be calming people down that we could endure total strong encryption ban, while we absolutely could not.
The type of person you are replying to has most likely never lived in any sort of authoritarian regime. People like them play these games...almost like the equivalent of a child saying "I'm not touching you".
What happens in authoritarian regimes is that the law is used to justify the actions of the ruling body, not the other way around. So if you just so happen to blast random static and act suspicious, you'll be taken, beaten and either admit to a crime or a law will be made or amended to justify it. And then you'll admit to it.
The price of freedom is constant vigilance. You are correct in saying we could not endure a total strong encryption ban.
So what's the point of sending random static over the network and looking for trouble like that then?
Complying in a way that you find slightly less humiliating but still complying?
Well yes, if you're not using encryption and it's a one off thing, the judge will probably find you not guilty.
The OP seemed to suggest that when you ban encryption, random people will randomly get in trouble, therefore banning encryption is a bad idea.
But judges have common sense and law enforcement has limited resources (prioritization) therefore random people will probably not randomly get in trouble. Therefore strong encryption ban is very realistic and very easy to sell to the population, and not like the OP claimed something that will backfire. This is why his comment is naive. He likes encryption and doesn't want for it to be banned therefore he deludes himself with some alternative reality where doing something he doesn't like backfires and is reversed.
Well no, judges do not have common sense. They are either extremely obtuse or corrupt. Worst case, they will make up their mind early on and refuse to budge.
Sometimes they are too old to even comprehend the technology.
Judges are always on the side of law enforcement, and whomever can purchase the more reputable legal firm. Judges have favorites, and biases.
Laws like this will immediately backfire. It won't hurt politicians initially. They get immunity. But it will allow the party in charge to cement their position through illicit use of encryption.
No encryption allowed for the opposing party! But us...
Extremely late edit : I would also point out that "random people" are easier to arrest than actual career criminals. Police here are extremely lazy and usually only go for the low hanging fruit. Some of these cases do get thrown out. But not all of them.
Did the other anti privacy laws and customs backfire? Did big tech which is in bed with the goverment censoring you while the goverment pretends you have your 1st ammendment rights backfire? Did mass metadata collection backfire? Did KYC backfire? Did banning open wifi networks backfire? Did banning face coverings in public backfire? Did indefinite contempt for refusing encryption keys backfire? Did Patriot Act backfire? Did judges signing every warrant without reading backfire? Did that FBI raid on anonymous vault storage for people, where they admitted to laying on the warrant backfire? Did civil asset forfeiture backfire?
Will the soon introduced kybc (know your business customer) forcing hosting and cloud providers to identify their customers before allowing them a Vps backfire?
My country does not have free speech. It has some of the most stringent copy right laws in the world. It also has defamation laws that have been used to suppress truthful reports.
Police are allowed to hold you indefinitely with no justification. (Technically they are limited to 30days) They are allowed, and constantly refuse to allow you access to a legal representative.
They are allowed to force you to confess to a crime you never committed.
Politicians get away with corruption, and secure votes through the use of cults.
I know what it looks like when the current dominating party was created by a literal Class A Warcriminal from WW2.
These anti- encryption laws make life even worse. The last thing we have here is a semblance of privacy.
I do not want, or need 1st world countries such as Britain or Spain to give an example for my government to follow.
I am, of course, familiar with the wrench decryption method (https://xkcd.com/538/).
I am saying no ban on encryption can be logically consistent since you can’t absolutely prove that something is encrypted. Even if it is a file called encrypted_drive.imencrypted.
I’m not a lawyer but this kind of ban should be wide open to legal attack. Especially if the country also has freedom of speech. And if it doesn’t have that, it should.
And if all else fails and this insane law passes, the illiterates who pushed it through will cause a national economic and security disaster. Online crime will skyrocket. The KGB/FSB will have a feeding frenzy. Voters will quickly learn to love encryption again.
- will it be illegal to transmit a blast of static?
- will it be a crime to transmit words that aren’t good, clear Spanish? If no, what if it’s a crazy complicated language?
- will it be a crime to transmit Spanish with bad grammar? What if I transmit a billion random Spanish words?