That is the good part. The bad part is that in that jurisdiction the government can legally compel any company or individual to assist it by whatever means deemed necessary in the subversion of communication secrecy in any product it provides to the public. While this may - and has been - tested in court, I very much doubt GnuPG has the resources to to so.
I used to work professionally in a digital forensics lab that had a lot of government customers. I *am* one of the people the United States government has called upon to subvert security mechanisms in order to gain access to information. I was regularly briefed by Legal on government cooperation.
At the end of each briefing we received the same bottom line: "if any representative of the government tells you to do something, don't do that something. Say 'I want my lawyer', *nothing else*, and then make two phone calls: one to us here in Legal, and one to your own national security attorney. We're three floors above you and we'll be in your office in five minutes. Don't even touch the warrant or the device unless we're in the room telling you to do it."
My takeaway from a decade of briefings on just this subject is it's way more complicated than you seem to think. Specifically, you're glorifying the All Writs Act and the Communications Assistance for Law Enforcement Act above the blackletter text of the Constitution. You're also forgetting that individuals have a lot more ability to resist such orders than do corporations.
(Note: the following is a fairly deep dive into the subject. This is an off-the-top-of-my-head summary of a decade of legal briefings I had to sit through, nothing more. I am not a lawyer. I am especially not your lawyer. This is really super especially not legal advice. If you need legal advice, seek competent counsel in your jurisdiction, not me!)
The Fifth Amendment guarantees your right against self-incrimination. Imagine there's a safe which was used by a mobster, but they don't know who the mobsters are. So they seize the safe with a warrant and start parading suspects in front of it: "open the safe, now." One person after another says "I don't know the combination" and is let go. Now it's your turn. You're completely innocent, but you DO know the combination. Revealing the fact you know the combination might reasonably expose you to risk of criminal prosecution, so ... ding ding ding!, Fifth Amendment applies. "I invoke my Fifth Amendment right against self-incrimination. Hey, also, I want a lawyer before we go further."
Would the FBI know you were a mobster? Sure, absolutely. But they would know it in a way that couldn't lawfully be used by the government for any purpose, *including investigation,* since invocations of the Fifth and Sixth Amendments ("I want a lawyer") are considered sacred and cannot be used to support government action.
So, right there's one very broad way individuals can refuse to cooperate with United States government investigations: assert their Fifth Amendment rights. Are there legal countermoves to this? Sure, mostly involving involuntary grants of immunity, and there are countermoves to countermoves. The existence of countermoves does not change the bottom line: the Fifth Amendment can be *incredibly* useful in refusing to cooperate with a government investigation.
Next up is the Thirteenth Amendment. "Neither slavery nor involuntary servitude, except as a punishment for crime whereof the party shall have been duly convicted, shall exist within the United States, or any place subject to their jurisdiction." We fought a war about that one. The text is clear: there will be no involuntary service except as punishment for crimes. Criminal convicts can be ordered to perform a variety of tasks, but the government has no authority to order *anyone* to perform services for them involuntarily. (How this balances against military conscription is, of course, a deeply fascinating ball of yarn: start with _Arver_ in 1918.)
Okay. The Constitutional issues aside, let's look at the All Writs Act, which the FBI attempted to use to compel Apple to bypass a PIN for them in 2015.
You know what people forget about that case? The Department of Justice dropped it.The day before oral argument was due to be made, FBI dropped the case saying they'd found a third party (rumor is Azimuth; Grayshift and Cellebrite are other likely suspects) who was able to bypass the iPhone security measures in question.
If DoJ had been confident of winning, they wouldn't have dropped it. They would've taken it to a final judgment and used that precedent in other cases. Instead, there was a significant risk they would lose, and they elected to drop it.
So, yeah. The question of whether companies can be compelled via the All Writs Act or CALEA to cooperate with government investigations is complicated, there are no easy answers, and DoJ has been really eager to *not* explore this one in court. They're afraid they'd lose.
There's a lot of room for hope here.
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list [email protected] https://lists.gnupg.org/mailman/listinfo/gnupg-users
