importance of forward secrecy for comms (Re: Encrypting to self)

[Adam Back]

Michael Froomkin writes:
> I would bet a fortune that the court would require, **at a minimum**
> that you turned over the ciphertext, everything about how the
> records were encrypted, how to decrypt them, and the relevant
> key(s).  

This or the following interpretation are the spectrum of possibilities
for stored data.

> The tougher question is whether giving up the key is compelling speech to
> the point where the 5th amendment would be violated unless full blown
> immunity -- barring the use of the data -- is required.  

However for communications data there is an alternative: use forward
secrecy.  (Either at the user key level (discard decryption keys after
use), or via transport level security (tunnel SMTP/POP3 via forward
secret SSL/TLS or other protocol)).

Then you can selectively keep sent and received plaintext, and this
kept text then becomes subject to the same access requests (and
storage encryption key requests) as other stored data.

For the data you have chosen not to archive, the attacker is out of
luck: they can't demand keys, nor plaintext for data which doesn't
exist anymore.

They might perhaps demand you tell them what the message was about,
but this is getting closer to interogation.

Steganographic file systems, and file systems which hide multiple
volumes where the attacker can never be sure how many volumes there
are can achieve interesting things for storage recovery attacks.

Anyway, communications security is more an immediate concern in my
view, because DTI, GCHQ, FBI etc seem much more concerned with the
ability to read communicions traffic, and seem to have strong
preferances for real-time key escrow based access.

Adam