Linked by Thom Holwerda on Thu 25th Jul 2013 16:32 UTC
Legal "The U.S. government has attempted to obtain the master encryption keys that Internet companies use to shield millions of users' private Web communications from eavesdropping. These demands for master encryption keys, which have not been disclosed previously, represent a technological escalation in the clandestine methods that the FBI and the National Security Agency employ when conducting electronic surveillance against Internet users." Well. "And where once you had the freedom to object, think, and speak as you saw fit, you now have censors and systems of surveillence coercing your conformity and soliciting your submission." When quoting a work of fiction befits the state of reality better than reality itself, shit has officially hit the fan.
Permalink for comment 567946
To read all comments associated with this story, please click here.
Confusing article
by flypig on Thu 25th Jul 2013 17:31 UTC
flypig
Member since:
2005-07-13

It could simply be some shorthand or confusion in my reading of the article, but I don't think it would make sense to approach Google or Microsoft for encryption keys. The really useful keys are the root signing keys held by the Certification Authorities such as Symantec (VeriSign). This would allow someone to perform the man-in-the-middle attacks discussed later on.

The article also mentions the use of SSL for GMail and Hotmail, which I think is also a red herring (since all this really protects is your email pasword, given the email will be relayed in cleartext).

Any data that's sent to a company and that's readable by that company is basically open to access by the authorities (e.g. with a warrant). I don't think SSL/TLS was intended to solve this. The obvious solution for email is to use something like PGP/GnuPG.

Reply Score: 8