Can the government compel decryption? Don't trust -- verify
Files
Accepted manuscript
Date
2022-08-04
Authors
Cohen, Aloni
Scheffler, Sarah
Varia, Mayank
Version
Accepted manuscript
OA Version
Citation
A. Cohen, S. Scheffler, M. Varia. 2022. "Can the Government Compel Decryption? Don't Trust -- Verify"
Abstract
If a court knows that a respondent knows the password to a device, can the
court compel the respondent to enter that password into the device? In this
work, we propose a new approach to the foregone conclusion doctrine from Fisher
v US that governs the answer to this question. The Holy Grail of this line of
work would be a framework for reasoning about whether the testimony implicit in
any action is already known to the government. In this paper we attempt
something narrower. We introduce a framework for specifying actions for which
all implicit testimony is, constructively, a foregone conclusion. Our approach
is centered around placing the burden of proof on the government to demonstrate
that it is not "rely[ing] on the truthtelling" of the respondent.
Building on original legal analysis and using precise computer science
formalisms, we propose demonstrability as a new central concept for describing
compelled acts. We additionally provide a language for whether a compelled
action meaningfully entails the respondent to perform in a manner that is 'as
good as' the government's desired goal. Then, we apply our definitions to
analyze the compellability of several cryptographic primitives including
decryption, multifactor authentication, commitment schemes, and hash functions.
In particular, our framework reaches a novel conclusion about compelled
decryption in the setting that the encryption scheme is deniable: the
government can compel but the respondent is free to use any password of her
choice.
Description
License
This article is distributed under the terms of the Creative Commons Attribution 4.0 International (CC BY 4.0).