On 12/18/12, Henry Yen <henry@aegisinfosys.com> wrote:
On Mon, Dec 17, 2012 at 20:45:04AM -0600, Jimmy Hess wrote: Physical threat is somewhat different than seizure by law enforcement, though.
I'm not so sure about that. It's a kind of physical threat; the set of all physical threats includes a subset of threats that are LEO threats involving authorities and are related to (quasi-)legal threats. The law enforcement personnel may have been paid off by a rogue party in the first place, to seize and "misplace" the data (E.g. deny the legitimate principal access to it for the purposes of competitive advantage), or to seize and "accidentally" leak the data to overseas entity attempting to gain the data for economic advantage, by taking advantage of insufficient security controls of the law enforcement entity.
the idea of encryption as a shield against law enforcement is not yet a settled issue in the US; see the "Fricosu" case. A nice explanation: https://www.eff.org/deeplinks/2012/03/tale-two-encryption-cases
It obviously wouldn't work for all kinds of data, but; even if it's not a 5th amendment issue; E.g. "required to reveal your keys and allow the data to be decrypted"; the POSSIBILITY has to exist that that you can in fact know or recover the keys. You can't testify against yourself, if you had your memory permanently wiped in some manner, so that you are incapable of ever recalling, because "there's nothing there to present" --- it doesn't matter if there was no 5th amendment, the fact your memory was wiped, erased the possibility of ever testifying. If an automatic response to the security breach results in complete reliable destruction of physical and logical devices absolutely required to be fully intact to recover the keys and execute decryption activity, then "there is inherently nothing to provide", once that occured; the remaining option would be for the LEO to dedicate massive computing resources over a sufficient hundred years, to discover the key through brute force key space search of 10^77+ keys. That's assuming no backups of the key devices.
-- Henry Yen Aegis Information Systems, -- -JH