Even if we (dubiously) assume that the FBI's proposed solution is technically impeccable, and can't be comprised, what solutions exist to prevent people from social engineering their way to the data? Heck, what prevents corrupt FBI agents and federal IT staff from just accessing the data themselves?<p>Of course, the same worry exists for the data at each individual company, but at least those breaches are limited to a single company's data. And, from what we've seen, externally, it seems like at least some companies are more interested in protecting privacy than covering things up. When Google found that an engineer was using his access to stalk someone, he was fired, and the indecent wasn't covered up. It's not uncommon for companies to tell users about security breaches in their own product that would otherwise have gone completely unnoticed (e.g., Pinterest announced a security flaw they had rather than just silently fixing it).<p>Conversely, in most cases of police and government corruption I hear about, the news breaks after a failed cover-up. No doubt I don't even hear about most cases, because they're swept under the rug. I don't have a particular fondness for Google's employees or process, but, given their track record, I trust them with my data a lot more than I trust some random government employee.<p>Moreover, if this law gets passed, why would serious criminals continue to use any of these services? This strikes me as having the same impact as most anti-piracy measures: highly inconvenient to non-criminals (in this case, when data gets leaked to actual criminals), but completely ineffective against real criminals. Not to mention the effect on the companies themselves -- I'm certainly not going to use a Chinese email service, because I don't want the Chinese government reading my email. What's an EU citizen going to do if this law is passed?
This is why strong, asymmetric crypto is necessary. I'm worried that the US government will try to put the genie back in the bottle and go back to the 90's where strong crypto was considered a munition not suitable for export [0] and when they wanted all "secure" telecommunication to include an NSA backdoor [1].<p>[0]: <a href="http://en.wikipedia.org/wiki/Pretty_Good_Privacy#Criminal_investigation" rel="nofollow">http://en.wikipedia.org/wiki/Pretty_Good_Privacy#Criminal_in...</a>
[1]: <a href="http://en.wikipedia.org/wiki/Clipper_chip" rel="nofollow">http://en.wikipedia.org/wiki/Clipper_chip</a>
It's not clear from the article what the FBI wants.<p>But it's important to note that most services will cooperate fully with law enforcement when provided with valid legal documentation. (Probably a warrant or other court order.)<p>See, for a good example, Hushmail. (<a href="http://en.wikipedia.org/wiki/Hushmail" rel="nofollow">http://en.wikipedia.org/wiki/Hushmail</a>)<p>I guess it's better that they're asking for transparently weakened services, and access with warrants, rather than just hiring grey-hats to hack the systems.
How the hell are they going to do that?<p>Even if it were possible, and legal, and secure, what about the other 95% of the world's population that can make apps outside of the US?
Is it so unreasonable for the FBI to want to be able to 'wiretap' a facebook conversation, with a warrant, as easily as they can do so to a traditional phone line?<p>This is not to say I approve of the idea of an insecure back door into my online behaviours, more that I wonder whether there is not at least some validity in their desire to replicate land line style monitoring for currently untraceable online communications.
Part of this push by law enforcement is likely due to the increasing recognition of courts regarding the privacy expectations of email. Until recently, for example, U.S. courts have considered a service provider a "third-party", thus certain privacy protections were not available. However, the increasing ubiquity of electronic messaging has caused courts to rethink their position. It is natural law enforcement agencies would want to "push back" to effectively maintain the level of access they've enjoyed previously.
I won't echo everyone else's privacy concerns, though I agree wholeheartedly. But does anyone else think it's ironic that the FBI's internal policy is named the "National Electronic Surveillance Strategy"? That's abbreviated NESS and has to be an homage to one of the FBI's more controversial lawmen.<p>Ness started his career trying to enforce prohibition ... 80 years later our privacy is being prohibited.
The shortsighted aspect of this is that our government wants to order businesses to become spy-friendly to foreign governments that have a track record of stealing economic, industrial, and scientific data. Foreign governments will model their laws after ours, and specify the same interfaces.
This article, uncached: 237 requests, 934.01KB transferred, 8.96s (onload: 6.02s, DOMContentLoaded: 2.36s)<p>This article, cached: 223 requests, 75.66KB transferred, 4.84s<p><a href="http://lucb1e.com/rp/randomupload/thatnews.html" rel="nofollow">http://lucb1e.com/rp/randomupload/thatnews.html</a><p>Uncached: 10 requests, 163.10KB transferred, 0.54s<p>Cached: 6 requests, 0.16KB transferred, 0.19s<p>The only thing I did was remove html. The article looks identical, the menu and site structure is intact, and there is a lot less clutter on the page.<p>Fun fact: CNET has todo comments in their production code.