from the of-course-they-are dept
This is hardly surprising, but Declan McCullagh is reporting that the feds have been trying to get various tech companies to hand over their master encryption keys so that the NSA and FBI can decrypt any of the messages they scoop up. So far the tech companies have been resisting:
“The government is definitely demanding SSL keys from providers,” said one person who has responded to government attempts to obtain encryption keys. The source spoke with CNET on condition of anonymity.
The person said that large Internet companies have resisted the requests on the grounds that they go beyond what the law permits, but voiced concern that smaller companies without well-staffed legal departments might be less willing to put up a fight. “I believe the government is beating up on the little guys,” the person said. “The government’s view is that anything we can think of, we can compel you to do.”
It’s unclear from the article if any companies have given in and provided the keys, but it sounds like at least most of the big ones are fighting it. Microsoft and Google both directly denied that they would hand over such a master key. Lots of other companies didn’t respond to Declan’s questions. Of course, it’s no surprise that the government would ask. They’ve been asking for access and backdoors to just about everything.
If they can’t convince the companies that this is legal and required, you can fully expect that a law will be proposed shortly which will more or less require companies to hand over such keys.
“The requests are coming because the Internet is very rapidly changing to an encrypted model,” a former Justice Department official said. “SSL has really impacted the capability of U.S. law enforcement. They’re now going to the ultimate application layer provider.”
Once again, perhaps it’s time to think about moving away from a situation in which all our “cloud” data is stored in a few centralized spots. You can still get the benefits of a cloud, even if you control the data yourself — if only companies would open up and allow users to point their services at data stored elsewhere.