Linked by Thom Holwerda on Thu 25th Jul 2013 16:32 UTC
Legal "The U.S. government has attempted to obtain the master encryption keys that Internet companies use to shield millions of users' private Web communications from eavesdropping. These demands for master encryption keys, which have not been disclosed previously, represent a technological escalation in the clandestine methods that the FBI and the National Security Agency employ when conducting electronic surveillance against Internet users." Well. "And where once you had the freedom to object, think, and speak as you saw fit, you now have censors and systems of surveillence coercing your conformity and soliciting your submission." When quoting a work of fiction befits the state of reality better than reality itself, shit has officially hit the fan.
Thread beginning with comment 567946
To read all comments associated with this story, please click here.
Confusing article
by flypig on Thu 25th Jul 2013 17:31 UTC
flypig
Member since:
2005-07-13

It could simply be some shorthand or confusion in my reading of the article, but I don't think it would make sense to approach Google or Microsoft for encryption keys. The really useful keys are the root signing keys held by the Certification Authorities such as Symantec (VeriSign). This would allow someone to perform the man-in-the-middle attacks discussed later on.

The article also mentions the use of SSL for GMail and Hotmail, which I think is also a red herring (since all this really protects is your email pasword, given the email will be relayed in cleartext).

Any data that's sent to a company and that's readable by that company is basically open to access by the authorities (e.g. with a warrant). I don't think SSL/TLS was intended to solve this. The obvious solution for email is to use something like PGP/GnuPG.

Reply Score: 8

RE: Confusing article
by Pro-Competition on Thu 25th Jul 2013 17:53 in reply to "Confusing article"
Pro-Competition Member since:
2007-08-20

The obvious solution for email is to use something like PGP/GnuPG.


They're not giving up that easily:

http://www.informationweek.com/security/government/want-nsa-attenti...

Apparently, they are storing all encrypted communication indefinitely, so they can crack it later.

Edited 2013-07-25 17:53 UTC

Reply Parent Score: 7

RE[2]: Confusing article
by Lennie on Thu 25th Jul 2013 18:17 in reply to "RE: Confusing article"
Lennie Member since:
2007-09-22

That is why more and more companies are deploying:
http://en.wikipedia.org/wiki/Perfect_forward_secrecy

Reply Parent Score: 5