Linked by Thom Holwerda on Sat 8th Jun 2013 14:57 UTC
Legal And yes, the PRISM scandal is far, far from over. More and more information keeps leaking out, and the more gets out, the worse it gets. The companies involved have sent out official statements - often by mouth of their CEOs - and what's interesting is that not only are these official statements eerily similar to each other, using the same terms clearly designed by lawyers, they also directly contradict new reports from The New York Times. So, who is lying?
Permalink for comment 564274
To read all comments associated with this story, please click here.
RE[4]: Comment by Nelson
by talaf on Mon 10th Jun 2013 06:20 UTC in reply to "RE[3]: Comment by Nelson"
talaf
Member since:
2008-11-19

Q: How much extra work is this?

Not much, the server has one extra public key encrypt (which is cheap and happens every-time you visit a HTTPS page), after that the extra work is done client side (and is still pretty cheap). The only thing burdensome perhaps is that any search/ad indexing must happen are receive time and is not deferred (which may or may not be the case now for gmail).

The real technical challenge here is how to make sure the user has their private key on their devices/browsers without storing the key at Google, etc. Perhaps putting this key server in a different legal jurisdiction or letting users sneaker-net it at their choice is an option.



Actually, if I get you idead correctly, it would mean doing public key encryption rather than private key encryption for Google, which is orders of magnitude slower. While it's technically "cheap", the cost in processing would be gigantic.

Reply Parent Score: 2