Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Verizon Communications Encryption Government Privacy

Verizon "End-to-End" Encrypted Calling Includes Law Enforcement Backdoor 170

An anonymous reader sends this quote from TechDirt: As a string of whistle blowers like former AT&T employee Mark Klein have made clear abundantly clear, the line purportedly separating intelligence operations from the nation's incumbent phone companies was all-but obliterated long ago. As such, it's relatively amusing to see Verizon announce this week that the company is offering up a new encrypted wireless voice service named Voice Cypher. Voice Cypher, Verizon states, offers "end-to-end" encryption for voice calls on iOS, Android, or BlackBerry devices equipped with a special app made by Cellcrypt.

Verizon says it's initially pitching the $45 per phone service to government agencies and corporations, but would ultimately love to offer it to consumers as a line item on your bill. Of course by "end-to-end encryption," Verizon means that the new $45 per phone service includes an embedded NSA backdoor free of charge. Apparently, in Verizon-land, "end-to-end encryption" means something entirely different than it does in the real world.
This discussion has been archived. No new comments can be posted.

Verizon "End-to-End" Encrypted Calling Includes Law Enforcement Backdoor

Comments Filter:
  • Depends... (Score:5, Funny)

    by TWX ( 665546 ) on Tuesday December 16, 2014 @06:47PM (#48613251)
    ...on which 'end' they're backdooring you in apparently.
    • Re:Depends... (Score:4, Informative)

      by schnell ( 163007 ) <me&schnell,net> on Tuesday December 16, 2014 @07:53PM (#48613635) Homepage

      Nobody is being "backdoored" here except as required by law. The linked story summary is a troll for mentioning the NSA - it has nothing to do with them, but either the writer doesn't know what they're talking about or they just figured that would get more clicks.

      Telecom providers are required to make sure that any voice service they sell is compliant with CALEA [eff.org]. There is no direct CALEA equivalent today for data services, interestingly - this is how far behind the times the Feds can be. And yes everything in LTE is data but for the purposes of the law, anything where you are talking - for example VoIP - is considered a voice service.

      CALEA basically means that if you (the telecom) get a wiretap order - signed by a judge - from a law enforcement agency, you need to wiretap and record that user's calls for the specified time period, decrypt them if necessary, and then turn them over to the law enforcement agency. Verizon had to make this service CALEA compliant, or they couldn't have offered it. And remember that CALEA is not about mass wireless surveillance a la NSA but is actually about targeted recordings of specific individuals where there is probable cause enough to get a judge to sign off on the wiretap order. Very different things. You can dislike CALEA but you can't blame Verizon for putting in some magical backdoor - that has absolutely zero to do with the NSA - which they are required by law to have.

      However for the privacy-minded it should be noted that the way things work, CALEA only applies to telecom providers. If you bought the same software from a non-telecom source (e.g. the software OEM themselves) and put it on your phone, then CALEA won't help law enforcement because Verizon wouldn't have the key to decrypt your calls with and could only turn over the encrypted stream. So if you are worried about being wiretapped by the police, don't buy your encryption service from your phone company.

      • Re:Depends... (Score:5, Informative)

        by Kvathe ( 3869749 ) on Tuesday December 16, 2014 @08:23PM (#48613791)

        From TFA:

        "...the legislation known as the Communications Assistance for Law Enforcement Act requires phone carriers to decrypt communications for the government only if they have designed their technology to make it possible to do so. If Verizon and Cellcrypt had structured their encryption so that neither company had the information necessary to decrypt the calls, they would not have been breaking the law."

        • Re:Depends... (Score:4, Informative)

          by jeffmeden ( 135043 ) on Tuesday December 16, 2014 @09:31PM (#48614131) Homepage Journal

          From TFA:

          "...the legislation known as the Communications Assistance for Law Enforcement Act requires phone carriers to decrypt communications for the government only if they have designed their technology to make it possible to do so. If Verizon and Cellcrypt had structured their encryption so that neither company had the information necessary to decrypt the calls, they would not have been breaking the law."

          TFA is a plain ol' troll. CALEA indeed requires any switching systems used for voice traffic (land lines and cell phones) to allow for electronic eavesdropping of all calls going through them. The only caveat is that replacing/upgrading every switching system is completely impractical, even in decades-long time frames, so the FCC has been granting extensions for non-compliance. If Verizon went to the FCC saying that they were going to put software in that started to roll back CALEA compliance from any call that happened to be made using a pair of their cellphones running their provided encryption software, they would have thrown the book at them. New systems *do* have to be CALEA compliant.

          • Re: Depends... (Score:2, Interesting)

            by Anonymous Coward

            Not a troll. They advertise it as end to end and it is not.

      • Re:Depends... (Score:4, Insightful)

        by Livius ( 318358 ) on Tuesday December 16, 2014 @08:51PM (#48613957)

        Nobody is being "backdoored" here except as required by law.

        An unconstitutional law is actually not a law at all.

        • by fyngyrz ( 762201 )

          Further, the presumption that because it falls under the umbrella of law, it is somehow made "ok", is utter nonsense from word one.

          • Any law has to be tested and evaluated. Never follow any laws blindly for this is what makes dictatorships possible in the first place. And don't think "I was just following orders" will eventually save you.

            Laws must not be an excuse to do what simply is not right.

        • Re:Depends... (Score:5, Informative)

          by schnell ( 163007 ) <me&schnell,net> on Tuesday December 16, 2014 @09:33PM (#48614151) Homepage

          An unconstitutional law is actually not a law at all.

          What's unconstitutional about CALEA? It requires police to show probable cause and have a judge sign off on a request, just as if it were a warrant for arrest or any other search and seizure of personal records. Whether it does so in practice is a different question, but in theory the law itself is at least designed to be fully compatible with the Fourth Amendment.

          NSA warrantless wiretapping? Almost certainly unconstitutional, by any reading other than Dick Cheney's. CALEA? Probably not so much.

          And BTW an unconstitutional law is still a law. Not sure where you learned your legal theory. A law that's unconstitutional should in theory be overturned by the courts so that it's not a law anymore - that's how "checks and balances" work - but until such time, it is most definitely a law and entirely enforceable!

          • The Supreme Court says they are null and void, iow not law.
            Thomas Jefferson, Alexander Hamilton, and other founders also expressed this principle.

            "All laws which are repugnant to the Constitution are null and void.â (Marbury vs.Madison, 1803.)

            âoeEvery law consistent with the Constitution will have been made in pursuance of the powers granted by it. Every usurpation or law repugnant to it cannot have been made in pursuance of its powers. The latter will be nugatory and void.â (Thomas Jefferson

          • From what little I know, the NSA doesn't actually spy on US citizens en mass. Instead, it has contracted other extra-national agencies to do it, specifically to get around the letter of the law. These are quid pro quo arraignments with agencies like Britain's MI6. We monitor them, they monitor us, and we exchange data.

            So technically, they don't spy on us, but the result is the same.

      • My kingdom for a modpoint! This whole submission is a troll right down to the last line, "Apparently, in Verizon-land, "end-to-end encryption" means something entirely different than it does in the real world." Thinking that a large, federally regulated business is going to push a system without a central keystore (what they meant to jab at instead of the "end-to-end" nature) is laughable. Trying to make Verizon out as the bad guy over this is just taking away time that could be spent making them out as

        • Re:Depends... (Score:4, Interesting)

          by sjames ( 1099 ) on Tuesday December 16, 2014 @10:44PM (#48614445) Homepage Journal

          I would say that advertising the 'service' as end to end when it isn't even legal for it to actually be end to end is a legitimate moral shortcoming.

          • Well, there is end-to-end crypto, technically speaking. They're 'just' deliberately misleading the customer as to its utility.

          • I would say that advertising the 'service' as end to end when it isn't even legal for it to actually be end to end is a legitimate moral shortcoming.

            The term "end-to-end crypto" says nothing about who else might have the crypto key. Just blindly assuming that no one in the middle has it, it is a real shortcoming. The only way for a system like you are imaging (where only the caller and receiver have the key) to even work is for you to somehow establish a trusted key with every person you call, on the fly. How do you know no one is in the middle, ready to intercept the key before the first call? The only reason SSL/TLS is reliable is that there is a

            • by dgatwood ( 11270 )

              The term "end-to-end crypto" says nothing about who else might have the crypto key. Just blindly assuming that no one in the middle has it, it is a real shortcoming.

              If anyone else has the key, then the system is pretty much useless. Cell networks already use encryption between your handset and the towers (which gets stronger periodically as folks crack the existing protocols), and the wires are only tappable by the government, realistically, which means Verizon's end-to-end encryption offers you exactly

            • by sjames ( 1099 )

              Agreed, to actually be sure, the software needs to be at least verified by someone you trust. It would not be wise for that someone to be a telco. However, end-to-end has a specific meaning and Verizon's service isn't it.

              As for the keys, you can identify the party through conversation. If you've never met, you would need a trusted introducer in a 3 way call to verify each of you to the other. Then transmit public keys around and read back the key fingerprints. In other words, use the PGP/GPG web of trust ra

      • by sjames ( 1099 )

        But they DIDN'T have to falsely advertise it as end-to-end encryption when it clearly is not.

      • Just out of curiosity, how do you identify voice data when it's encrypted?

        • by jhantin ( 252660 )
          Traffic analysis. You don't have to decipher anything to surmise that the same size packet exactly every 20ms in both directions is a voice call.
          • or the average contemporary game talking to its "always on" server, encrypted to avoid cracks. Or the average MMO communicating with its server, encrypted to make botting harder. Or maybe games isn't interesting enough, how about an encrypted VPN connection tunneling a Windows/XWindow session?

            Voice is by no stretch the only real time dependent form of communication.

            • by jhantin ( 252660 )

              Didn't say it was. It's the pattern of usage, though, not any real time constraints. Server-based games tend to be receive-heavy rather than symmetric; they're sending the user's actions but updating the entire environment around the user. Always on DRM is basically periodic license re-validation, relatively low frequency. UI remoting is again going to be extremely receive-heavy; keystrokes and coordinates take up much less space than graphics pushes.

              You might have difficulty distinguishing one voice ap

      • by gweihir ( 88907 )

        As this is called "end-to-end" encryption, any intentionally-created possibility to eavesdrop is a "backdoor", as it represents an "attack". That such practices may be legal in some broken legislations does not change their nature.

      • Telecom providers are required to make sure that any voice service they sell is compliant with CALEA [eff.org]

        In that case, CALEA would effectively render end-to-end encryption illegal. So, IMHO, they should be hunted down by lawyers for either not complying with CELEA or for not offering what they advertise.

        And remember that CALEA is not about mass wireless surveillance a la NSA but is actually about targeted recordings of specific individuals where there is probable cause enough to get a judge to sign off on the wiretap order. Very different things.

        Indeed. But there's nothing that keeps the NSA from using the same interface, too. either by serving wiretap orders themselfs (decorated with a nice gag order) or by targetting the CELEA equipment.

      • by kbg ( 241421 )

        I don't have anything against law enforcement having the ability through the court system to wire tap. What I am against is when phone companies pretend that this doesn't exists. So this is not "end-to-end" encryption, it should be called "end-to-end except as required by law" encryption

      • by mwvdlee ( 775178 )

        Nobody is being "backdoored" here except as required by law

        That may be what they intended.
        But when it comes to security, adding a backdoor for one means adding an unpatchable gaping security hole for the entire world.
        Either nobody can spy or everybody can spy.

    • by jacobsm ( 661831 )

      With no anal lube either.

  • by roman_mir ( 125474 ) on Tuesday December 16, 2014 @06:50PM (#48613263) Homepage Journal

    People are running around with computers in their hands, the phone is now nothing but an add-on feature, as such we should be able to have a real p2p encrypted channel with communications over it, so for people with data plans this shouldn't be a problem. I am more interested seeing if we can have a system that uses voice to send encrypted data over it...

    • Re: (Score:3, Funny)

      by Anonymous Coward

      Perhaps if we could figure out some way to "modulate" encrypted digital data into sounds, and then "demodulate" the sounds into data on the other end, we might have something on our hands.

    • by Lumpy ( 12016 )

      So write the software. Nobody is stopping you.

    • Redphone: https://whispersystems.org/ [whispersystems.org] Not P2P, but beats this offering.

    • by DarkOx ( 621550 )

      You right, the obvious solution is just have the handsets negotiate. There is absolutely no "good" reason call setup between two cellular handsets should not feature some kind of certificate validation step between the end points followed by the exchange of uniquely per call generated symmetric key exchanged securely using the same PKI used to validate the certificate authenticity. Essentially SSL for phone calls.

      People could use third party CAs like they do for the web today for most callers. Phone soft

  • by Karmashock ( 2415832 ) on Tuesday December 16, 2014 @06:50PM (#48613271)

    Aren't our calls supposed to be encrypted anyway? I mean, so some jack ass with a radio can't listen to them? So what are they charging me for here?

    Sounds like a reasonable product for the government.

    For the consumer though, you have to ask yourself what you're actually getting with this? Doesn't appear to be anything. After all, the only people that could normally break into your communications would be the government anyway.

    • I know that for most GSM calls, there are a few stream ciphers in common use, and most or all of them can be cracked in realtime. That just covers the connection between your phone and a cell tower, anyhow. It's meant to protect you from eavesdropping, and not much more.
      • Frankly, in the long term I see us going to peer to peer VOIP in any case. Everything in between doesn't need to encrypt or know my encryption keys. All it needs to know is how to route my data stream to my target.

        As it stands, if I want to make a secure call, I can already do it... for free. There are lots of VOIP programs that do it. The only issue is interlocking the VOIP systems with the old phone networks. And again, you can do that in your own home without a lot of trouble.

    • by dunkindave ( 1801608 ) on Tuesday December 16, 2014 @07:14PM (#48613431)

      Aren't our calls supposed to be encrypted anyway? I mean, so some jack ass with a radio can't listen to them?

      Cellular communications are encrypted between the handset and the tower to prevent the radio buff from listening in. How effective that encryption is is up for debate. This means any end-to-end encryption would actually be double encrypting the data as it passed between handsets and towers, once for the cellular signal, and once for the end-to-end system.

      Apparently, in Verizon-land, "end-to-end encryption" means something entirely different than it does in the real world.

      Also I believe the summary is misleading. This probably is an end-to-end encryption system, meaning the call is encrypted at one handset and the encrypted data travels to the other handset before being decrypted for the purpose of the call. If there is a backdoor that compromises the encryption key, that doesn't change that the system is end-to-end encrypted, just that a snooper would be able to decrypt the traffic.

      • if the keys aren't private then it is hard to claim the encryption is worth anything..

      • You do not understand what "end-to-end encryption" means. The end isn't where ever you feel an "end" is. It's the other end that you are communicating with. That's why it's called "end-to-end" and not "end-to-middle" or "end-to-system" or any other variations.

        • You do not understand what "end-to-end encryption" means. The end isn't where ever you feel an "end" is. It's the other end that you are communicating with. That's why it's called "end-to-end" and not "end-to-middle" or "end-to-system" or any other variations.

          How did this get modded up? The "ends" are the handsets. As I said "the call is encrypted at one handset and the encrypted data travels to the other handset before being decrypted for the purpose of the call". One handset encrypts it and the other decrypts it. The encrypted data is sent from one handset to the other with the transport system as designed not decrypting the data anywhere in the middle. That is the definition of end-to-end encryption. The only way to push the endpoints further out, assum

  • by swschrad ( 312009 ) on Tuesday December 16, 2014 @06:51PM (#48613277) Homepage Journal

    as we have pre-selected the best of the bad guys to listen in on all your calls! this handy feature is worth twice the price!

  • It's required (Score:3, Informative)

    by LynnwoodRooster ( 966895 ) on Tuesday December 16, 2014 @06:51PM (#48613285) Journal

    See the CALEA Act [wikipedia.org] passed in 1994. Telecom providers HAVE to provide that backdoor. If not - they are subject to fines of up to $10,000 per day per connection not in compliance, and having their network shut down until it comes into compliance.

    Your indignation should not be directed at Verizon - it should be directed at Washington, DC.

    • Re:It's required (Score:5, Informative)

      by mythosaz ( 572040 ) on Tuesday December 16, 2014 @06:53PM (#48613301)

      False.

      CALEA only requires the backdoor to exist if it's technically possible. TFA is pretty clear that other manufacturers and carriers have chosen to implement end-to-end encryption that doesn't have the ability to be backdoored, and as such, there's no need to provide the (non-existent) backdoor to the feds.

      • by nickovs ( 115935 )

        Firstly, if you can facilitate multi-way calling then it is clearly technically feasible to support a wire tap. Secondly, unlike many other snooping regulations, CALEA explicitly obliges telecommunications companies to modify their systems and equipment in order to facilitate "lawful access" (sic). Verizon are a telco, not an app company, so they are bound by CALEA in ways that people like Silent Circle [silentcircle.com] or CellTrust [celltrust.com] are not.

        • In this case there would have been nothing easier than create a new company out of thin air that sells the service that is no telco. It's not like creating a new virtual company is hard in this country.

        • by gweihir ( 88907 )

          Nonsense. Multi-way can also be end-to-end encrypted with no way to intercept. Maybe read up on crypto before claiming BS?

      • False.

        CALEA only requires the backdoor to exist if it's technically possible. TFA is pretty clear that other manufacturers and carriers have chosen to implement end-to-end encryption that doesn't have the ability to be backdoored, and as such, there's no need to provide the (non-existent) backdoor to the feds.

        Can you design a system you would solely supply for encrypted end-to-end communications that could NOT have a backdoor implemented? If you implement the end-points, then a back-door is automatically possible - you control the encryption/decryption on the ends.

    • Re:It's required (Score:5, Insightful)

      by mean pun ( 717227 ) on Tuesday December 16, 2014 @07:34PM (#48613529)
      If you are right, then Verizon should not offer the product, since they can't legally deliver what they promise.
      • They are providing end-to-end encryption. They probably just control the keys.

      • Actually, CALEA means that it's basically illegal to deliver a full end-to-end encrypted system that does not have a back door. Now, if Verizon simply passed encrypted data between endpoints, and let a 3rd party app developer create the endpoints which encrypted/decrypted the data, then Verizon could not offer a backdoor - it has no way of intercepting/decrypting the data. But by doing the full chain (encrypt, transport, decrypt) it simply has to offer a back-door per CALEA because it is obviously possibl
    • Re:It's required (Score:5, Insightful)

      by jc42 ( 318812 ) on Tuesday December 16, 2014 @07:45PM (#48613591) Homepage Journal

      Your indignation should not be directed at Verizon - it should be directed at Washington, DC.

      A fun part of this is that the government employees at ARPA back in the 1960s explained it all to us. They firmly rejected building any sort of encryption into the network itself, on the grounds that such software would always be controlled by the "middlemen" who supplied the physical connectivity, and they would always build what we now call backdoors into the encryption. They concluded that secure communication between two parties could only be done via encryption that they alone controlled. Any encryption at a lower level was a pure waste of computer time, and shouldn't even be attempted, because it will always be compromised.

      This doesn't seem to have gotten through to many people today, though. We hear a lot about how "the Internet" should supply secure, encrypted connections. Sorry; that's never feasible, unless you own and control access to every piece of hardware along the data's route. And the ARPA guys didn't consider that, because that first 'A' stands for "Army", and they wanted a maximally-redundant, "mesh" type network that would be usable in battle conditions. They went with the approach that you use any kind of data equipment that's available, including the enemy's, and you build in sufficient error detection to ensure that the bits get through undamaged,. Then you use encryption that your team knows how to install on their machines and use. And you probably change the encryption software at irregular intervals.

      Anyway, the real people to direct your anger at are the PR folks in both industry and government, who keep trying to convince you that they can supply encryption that's secure. Yeah, maybe they can do that, but they never have and they never will. And the odd chance that they've actually done so in some specific case doesn't change this. The next (silent, automatic;-) upgrade will introduce the backdoor.

      Unless you have all the code, compile it yourself, and have people who can understand its inner workings, you don't have secure encryption; you have encryption that delivers your text to some unknown third parties. It's the US government's own security folks who explained this to us nearly half a century ago.

      • Re:It's required (Score:4, Informative)

        by blueg3 ( 192743 ) on Tuesday December 16, 2014 @10:19PM (#48614353)

        And the ARPA guys didn't consider that, because that first 'A' stands for "Army"

        The "A" stands for "Advanced". I think they were more interested in a research network than a tactical (battlefield) network. I think it's still true that "one organization controls all the infrastructure between two points on the Internet" was *not* the model of the Internet they were envisioning at the time.

        • by Ken D ( 100098 )

          ARPA was also called DARPA at various times, where "D" stands for "Defense", and the ARPANet was therefore called DARPANet at those times.

          Back in the day when the only people on the 'net were military, schools, and tech companies... long long before Canter and Siegel's Green Card spam.

      • by Kjella ( 173770 )

        It was the 1960s. You were lucky to have a 300 baud modem, they wanted to save two bits by chopping the "19" off 1960 and encryption was regulated as munitions. Heck, even in the 1990s they wanted to restrict my browser to 40 bits so I didn't have "export grade" cryptography. I still hear cost for servers and battery life on clients as an argument for why sites don't move to HTTPS, The very idea to build the Internet with strong encryption by default was ridiculous on technical merits and I don't recall any

  • by jamesl ( 106902 ) on Tuesday December 16, 2014 @07:09PM (#48613405)

    Verizon sells you end-to-end encryption and then sells NSA the key.

  • by NoKaOi ( 1415755 ) on Tuesday December 16, 2014 @07:33PM (#48613517)

    If you think you're defending against the NSA with encryption provided by a big telecom company, you're fooling yourself, even if this policy weren't public. If, on the other hand, you're defending against basic hackers hired by a competitor, then perhaps this would be a reasonable option. It's like locking your doors, putting bars on all your windows, and putting your stuff in a safe. Sure, that'll keep most burglars out, but do you think the NSA wouldn't be able to get to your stuff?

    This is the part that bugs me: "so long as they're able to prove that there's a legitimate law enforcement reason for doing so." It used to be that meant demonstrating to an impartial judge that they had probable cause, which takes the form of a warrant. However, it doesn't say they need a warrant...so now it's a Verizon employee rather than an impartial judge who gets to decide if there's probable cause.

    • by NoKaOi ( 1415755 )

      Also, FTA:

      Verizon believes major demand for its new encryption service will come from governmental agencies conveying sensitive but unclassified information over the phone, says Tim Petsky, a senior product manager for Verizon Wireless.

      Sensitive, but unclassified. That should give an indication as to the level of security they expect it to provide.

      • by blueg3 ( 192743 )

        1. That's pretty common simply because getting anything approved for encryption above the SBU level is difficult and expensive. (It also requires, in essence, review by and the approval of NSA.) So tons of encryption products are made only up to the SBU level.

        2. Even with end-to-end encryption, it's unlikely that they would approve classified data transiting the Internet.

    • In this context a legitimate law enforcement reason means a warrant would indeed be needed. Companies are increasingly challenging governmental and law enforcement requests for data in several different venues. Including telecommunication data, data stored in data centers, and video surveillance collected from publicly mounted cameras. Even when the FBI attempted to slap a GPS tracker to a suspects car without a warrant resulted in the evidence collected being thrown out of court. There is a system in place

    • by AHuxley ( 892839 )
      The voice side and network will always be wiretap friendly. So expect any new device on any network to stay backdoor and trapdoor friendly too.
      Any voice or text entered will just be collected on the device before the encryption software.
      Think about a number station or one time pad. Anyone can hear that long list of personal messages.
  • Seth Polansky, Cellcrypt's vice president for North America, disputes the idea that building technology to allow wiretapping is a security risk. "It's only creating a weakness for government agencies," he says. "Just because a government access option exists, it doesn't mean other companies can access it."

    I doubt it will be very long before third parties apart from government figure out how to access their backdoor.

    • by schnell ( 163007 )

      I doubt it will be very long before third parties apart from government figure out how to access their backdoor.

      No, because the "backdoor" is getting a judge to sign a warrant for the police to wiretap you, and the police submitting that request to Verizon through official channels so that Verizon uses the keys that they have to decrypt the communication and give it to the police.

      How is a third party going to use that?

      • by Smerta ( 1855348 )

        Well it depends.

        Mr. Polansky himself (while certainly not a security expert or a cryptographer) describes it as a "weakness" built into the system. The streets are littered with products and systems built with backdoors/weaknesses that are found & exploited by attackers (sometimes an insider who knows about or helped implement the weakness.)

        On the other hand, while still subject to abuse, if the "weakness" is a 2nd, high entropy key, then you either have to get the key, or break the crypto (getting

      • "No, because the "backdoor" is getting a judge to sign a warrant for the police to wiretap you"

        The police and the police only? In each and every case?

  • by geekmux ( 1040042 ) on Tuesday December 16, 2014 @10:30PM (#48614409)

    ...US Laws.

    'nuff said.

    No, seriously, can we please stop being shocked and appalled over the (ancient) concept that a US Corporation would beholden a US Citizen with any form of communications service that also contains a back door for the US Government? The OMGWTFEFF attitude is wearing thin.

    US Corporation. US Laws. CALEA is twenty years old now. You have no Right to privacy anymore with any US-based communications service.

    Oh, and according to this Administration, you just might be a terrorist if you think or assume otherwise. Have fun.

    • by gweihir ( 88907 )

      The pattern repeats itself. There are quite a few obvious spots in human history where things like this have been done before, and universally with catastrophic consequences.

  • by Opportunist ( 166417 ) on Wednesday December 17, 2014 @02:31AM (#48615123)

    Any backdoor is by definition available to everyone. Some may have a key, the others have lockpicks.

    • How is this insightful? What does "backdoor" have to do with it then? If anything with keys can be picked, then all encrypted communication is vulnerable and adding a backdoor would just be meaningless.

      All communication has to be decryptable or it isn't communication. (How would one-way communication work? exactly like a write-only memory chip). So someone always has to have a key, but that doesn't always have to be the NSA or government or even Verizon.

      • The bigger the group of people who have access to resources that are to remain secret, the bigger the threat that the secret gets out. It just takes one link in the chain to break it, and only one to talk to render a key useless.

        Or, in other ways, while breaking a key may be impossible, breaking a kneecap isn't.

The 11 is for people with the pride of a 10 and the pocketbook of an 8. -- R.B. Greenberg [referring to PDPs?]

Working...