I don't understand this argument. Wouldn't law enforcement still be allowed to access phone records unecrypted if they have an actual suspect and court order?
Yes but they want the data on the mobile device. For example, I use textsecure when texting my friends. Its encrypted locally and over the wire so the records would only help them show who not what I was talking about.
With end-to-end encryption where the messages are encrypted and decrypted on the client it would not be possible for anyone with access to phone records or central servers to read what was said. They would need to obtain the private keys that are generated on the client devices themselves.
"With end-to-end encryption where the messages are encrypted and decrypted on the client it would not be possible for anyone with access to phone records or central servers to read what was said. They would need to obtain the private keys that are generated on the client devices themselves."
Would that it were.
You are using the application processor (the "computer") to do that work, but there are two other computers inside your phone - the baseband processor and the SIM card.[1] Your carrier has access (OTA updates, etc.) to the baseband processor and can load new code/functions on it without your knowledge at any time. Depending on the SOC your phone is based on, the baseband processor can have DMA access to your application processor. What that means is, the baseband processor (which you have no control over whatsoever) can read your RAM directly.
Your cryptosystem that you describe probably works quite well on a desktop or laptop computer, but your carrier completely and totally owns your phone and everything on it.
... and we haven't even gotten to what they can do with the SIM card ...
[1] Yes, the SIM card is a computer with its own processor, RAM and programs running on it right this moment.
It seems like what we need to do is separate the damn things. Build the phone as two independent machines that only communicate with each other over ethernet. Then the user controls the one that runs Android and the other one never sees plaintext.
Nope. They could use a warrant to compel the sender or the recipient of the messages to unlock them or face jail time. But Apple doesn't have the keys.
I think the most important thing here is that law enforcement must approach the individual. What happens next may end up a complicate web of legal acrobatics, but the individual at least knows the law is after them. That's a good thing, IMHO. If your privacy is being violated by police forcing you to open your phone to them... at least you know the "when", "how" and "what" info they're getting. I'm also pretty sure you'd at least have a strong suspicion on the "why" it's happening to you as well - fair or otherwise.
Bingo! You can, as far as I know, confiscate and search a suspect just based on probable cause, whereas you'd need to have at least a subpoena if not a warrant to get wiretap authorization or phone records.
A recent Supreme Court ruling[0] makes it unlawful for authorities to search confiscated cell phones without a warrant. They could, theoretically, confiscate your phone based on probable cause, but searching it would be a different matter.
