Even if E2E encryption can have its own flaws and back doors with a poor implementation, building a back door is as dumb as ever. If the central server has global access to conversations, it can...
Even if E2E encryption can have its own flaws and back doors with a poor implementation, building a back door is as dumb as ever. If the central server has global access to conversations, it can be marketed as E2E in name only.
Are you allowed to open my mailbox and look through my mail. No. Federal offense. How this does not expand to all user data is beyond me. Lazy police work and left over 90's war on crime is my guess.
Are you allowed to open my mailbox and look through my mail. No. Federal offense. How this does not expand to all user data is beyond me.
Lazy police work and left over 90's war on crime is my guess.
In the U.S., at least, according to the U.S. Postal Inspection Service website: Precedent thus suggests that the appropriate authorities, given probable cause, may search your mail. Depending on...
Are you allowed to open my mailbox and look through my mail.
4. Can Postal Inspectors open mail if they feel it may contain something illegal?
First-Class letters and parcels are protected against search and seizure under the Fourth Amendment to the Constitution, and, as such, cannot be opened without a search warrant. If there is probable cause to believe the contents of a First-Class letter or parcel violate federal law, Postal Inspectors can obtain a search warrant to open the mailpiece. Other classes of mail do not contain private correspondence, and therefore may be opened without a warrant.
Precedent thus suggests that the appropriate authorities, given probable cause, may search your mail. Depending on the form of correspondence, they may or may not require a warrant in order to do so, but in either case there is a process in place for the appropriate authorities to search the contents of your mail. I would imagine that similar precedents exist in other non-U.S. locales. Seeing as they want to make it possible for the appropriate authorities to gain access to that data, the scenario is similar in nature.
Do note that I'm not arguing in favor of this policy, but merely pointing out that precedent is very likely on the side of law enforcement. Whether or not we agree with or like this sort of policy is a separate matter altogether.
I think there's two key points your analogy is missing here -- it's not just a single mailbox, and once it's broken there's no fixing it. Essentially calls for placing a government accessible...
I think there's two key points your analogy is missing here -- it's not just a single mailbox, and once it's broken there's no fixing it. Essentially calls for placing a government accessible backdoor into end-to-end encryption services are asking for the ability to digitally and on a mass scale (if the NSA's meta-data collection programs are any indication) rifle through your 'mailboxes', while simultaneously ensuring that you have no easy* method to avoid their doing so. What's worse, we've seen a huge number of malwares/exploits created by the NSA and other intelligence agencies leaked or compromised over the last few years, so there's a very real chance you no longer can be confident that bad actors (criminals, state-sponsored espionage, etc.) don't have this ability as well.
That is the escalation in precedent from what @Emerald_Knight points out, imo.
* of course, you could always go back to using GPG & email, but that's a much higher bar of entry for the general public as compared to downloading an app on your phone.
Yes, yes and yes. Let's never forget the AT&T backdoor that started this whole fiasco. https://en.wikipedia.org/wiki/Room_641A https://www.pbs.org/video/frontline-room-641a/ The newer version a...
Yes, yes and yes.
Let's never forget the AT&T backdoor that started this whole fiasco.
It's remarkable how often Signal comes up as an example of doing things right when this stuff is brought up.
Moxie knows what he's doing.
Even if E2E encryption can have its own flaws and back doors with a poor implementation, building a back door is as dumb as ever. If the central server has global access to conversations, it can be marketed as E2E in name only.
Are you allowed to open my mailbox and look through my mail. No. Federal offense. How this does not expand to all user data is beyond me.
Lazy police work and left over 90's war on crime is my guess.
In the U.S., at least, according to the U.S. Postal Inspection Service website:
Precedent thus suggests that the appropriate authorities, given probable cause, may search your mail. Depending on the form of correspondence, they may or may not require a warrant in order to do so, but in either case there is a process in place for the appropriate authorities to search the contents of your mail. I would imagine that similar precedents exist in other non-U.S. locales. Seeing as they want to make it possible for the appropriate authorities to gain access to that data, the scenario is similar in nature.
Do note that I'm not arguing in favor of this policy, but merely pointing out that precedent is very likely on the side of law enforcement. Whether or not we agree with or like this sort of policy is a separate matter altogether.
I think there's two key points your analogy is missing here -- it's not just a single mailbox, and once it's broken there's no fixing it. Essentially calls for placing a government accessible backdoor into end-to-end encryption services are asking for the ability to digitally and on a mass scale (if the NSA's meta-data collection programs are any indication) rifle through your 'mailboxes', while simultaneously ensuring that you have no easy* method to avoid their doing so. What's worse, we've seen a huge number of malwares/exploits created by the NSA and other intelligence agencies leaked or compromised over the last few years, so there's a very real chance you no longer can be confident that bad actors (criminals, state-sponsored espionage, etc.) don't have this ability as well.
That is the escalation in precedent from what @Emerald_Knight points out, imo.
* of course, you could always go back to using GPG & email, but that's a much higher bar of entry for the general public as compared to downloading an app on your phone.
Yes, yes and yes.
Let's never forget the AT&T backdoor that started this whole fiasco.
https://en.wikipedia.org/wiki/Room_641A
https://www.pbs.org/video/frontline-room-641a/
The newer version a decade later.
https://www.sfgate.com/technology/article/nsa-spying-network-att-folsom-room-641a-13028155.php
https://www.sfgate.com/technology/businessinsider/article/The-Most-Interesting-Revelations-From-Frontline-s-5491775.php