Comment by Aurornis
1 day ago
It's not like companies have a choice. If they have a key in their possession and law enforcement gets an order for it, they have to provide it.
1 day ago
It's not like companies have a choice. If they have a key in their possession and law enforcement gets an order for it, they have to provide it.
That only strengthens the parent point. Switch to an OS where this requirement doesn't come into play if you're worried about any governments having a backdoor into your own machine.
> Switch to an OS where this requirement doesn't come into play
I use BitLocker on my Windows box without uploading the keys. I don't even have it connected to a Microsoft account. This isn't a requirement.
Considering Windows's history with user consent I would be worried about the keys eventually being uploaded without asking the user and without linking online accounts.
Probably not now but not something unimaginable in some future.
However, since Windows can still run on user-controlled hardware (non-secure boot or VMs), I guess this kind of behavior could be checked for by intercepting communications before TLS encryption.
except Microsoft probably as a master key
4 replies →
If you sync your Linux machines key in the cloud, police could subpoena it too. The solution is not to switch to Linux, but to stop storing it in plain text in the cloud.
Do you know what a private key means in this context?
4 replies →
> It's not like companies have a choice.
> If they have a key in their possession [...]
So they do have a choice.
People/users have an option to keep the key themselves. Most wouldn’t bother to manage encryption keys.
put $10 into the pub box for commenting without reading the OP, or at least being reasonably well informed before commenting.
And even if they don't have the key. Case in point: https://medium.com/@tahirbalarabe2/the-encryption-dilemma-wh...
Thanks for the link, interesting article. The UK is among the worst in this regard.
Regarding the article's Apple example:
> The FBI eventually found a third party to break into the phone, but the tension between privacy and security remains unresolved.
This is actually quite resolved.
- Tech companies in the US are free to write secure encryption technologies without backdoors.
- Government is free to try to break it when they have valid legal authority.
- Tech companies are obligated to turn over information in their possession when given a legal warrant signed by a judge based on probable cause that a crime has occurred.
- Tech companies are not required to help hack into systems on the government's behalf.
As far as I'm concerned, in the US things are perfectly resolved, and quite well I think. It's the government and fear-mongers who constantly try to "unresolve" things.