Linked by David Adams on Fri 11th Dec 2009 01:25 UTC
Privacy, Security, Encryption I was reminded of Sun Microsystems' Scott McNealy's infamous sound byte (used as the title of this article) when I read about Google CEO Eric Schmidt's foot-in-mouth moment during a recent CNBC interview (YouTube Link). Here's what Schmidt said: "I think judgment matters. If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place. If you really need that kind of privacy, the reality is that search engines -- including Google -- do retain this information for some time and it's important, for example, that we are all subject in the United States to the Patriot Act and it is possible that all that information could be made available to the authorities."
Thread beginning with comment 399036
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: Good article
by Evan on Fri 11th Dec 2009 12:01 UTC in reply to "RE: Good article"
Member since:

Uhh. Yes, it is completely legal to sell US citizens encryption the government can't crack. (You cannot export it)

In America our laws are setup where the government is granted specific rights, so until congress passes a law stating you cannot sell uncrackable encryption, it is legal.

Not understanding this difference is pretty much where every stupid fascist law we have comes from.

The real question is if it is legal for storage companies to use the key to your encrypted files except when a warrant is issued.

Reply Parent Score: 2

jabbotts Member since:

Another question would be; "why does the backup company have your private key in the first place?"

If I'm storing truecrypt-ed backup blobs to a third party storage services, I'm surely not going to be emailing the key to them for safe keeping with it. If someone wants my blob files decrypted then they can bloody well provide just cause and a court order.

Reply Parent Score: 3

boldingd Member since:

Even having never actually used such a service myself, I'd kinda expect that they'd do the encryption on their end, both to provide a degree of transparency to the end-user ("just send us your files, and we'll magically encrypt them for you at some point"), and possibly precisely so they can guarantee their own access to that data later, if they need it (like if they're compelled by court order to turn over your data).

If you just buy space on some remote pool of storage, then sure, send it whatever you want. I'd expect a consumer-oriented backup service to try to make the process as simple and transparent for the client as possible, so I'd expect the service provider to handle the encryption on their end.

Reply Parent Score: 2

RE[3]: Good article
by Vlad on Sun 13th Dec 2009 07:40 in reply to "RE[2]: Good article"
Vlad Member since:

I wasn't as clear as I should have been. My opinion is the only person who should hold the key to your data is you - companies shouldn't keep an extra set of keys and thus should never be in a position to even be able to comply with a warrant for your unencrypted data.

Thus if the government wants your unencrypted data, it should be serving YOU with a warrant for it.

So again, the real question is: can you sell security that the government can't bypass? Your question is moot if the company doesn't have the keys, and if the answer to my question is indeed "yes" then why don't they?

Reply Parent Score: 1