If a judge's private key were compromised there are solutions. Treat the judge as an intermediary CA cert (I'm assuming there would be an actual root somewhere) that issues individual certs per warrant. The software on the phone (which holds the ability to decrypt the data) then verifies the entire chain of trust. If the signature appears correct and everything validates, but the certificate revocation list is too old/can't be updated, maybe it enters some kind of lock mode that only the carrier/manufacturer can unlock. But it gives the LEO nothing and prevents the user from deleting data.
All accesses must be logged. This way we can see what warrants have been executed and can track to see if they match what the judge has issued. Any discrepancy can lead to cert revocation.
And the phone knows what time it is because...?
All an attacker has to do is put the phone in a Faraday cage and spoof the cell time while the cert is stolen. trivial.
If a judge's private key were compromised there are solutions. Treat the judge as an intermediary CA cert (I'm assuming there would be an actual root somewhere) that issues individual certs per warrant. The software on the phone (which holds the ability to decrypt the data) then verifies the entire chain of trust. If the signature appears correct and everything validates, but the certificate revocation list is too old/can't be updated, maybe it enters some kind of lock mode that only the carrier/manufacturer can unlock. But it gives the LEO nothing and prevents the user from deleting data.
All accesses must be logged. This way we can see what warrants have been executed and can track to see if they match what the judge has issued. Any discrepancy can lead to cert revocation.