backtop


Print 34 comment(s) - last by NellyFromMA.. on Jul 31 at 11:51 AM


  (Source: blogspot.com)
The question of whether it's legal for them to ask for these SSL keys or not is unclear

The feds are trying to creep further into the personal lives of Web users by requesting master encryption keys from Internet companies. 

According to a new report from CNET, the Federal Bureau of Investigation (FBI) and the National Security Agency (NSA) have both tried to obtain master encryption keys as part of their digital surveillance efforts, but there's a huge question as to whether they have the legal authority to do so. 

 Master encryption keys are crucial to Web encryption. They put contents of Web communications into code that is tough to crack using Secure Sockets Layer (SSL). If government agencies were to get their hands on these SSL keys, they could decode the content and peek into the lives of Internet users.

The NSA is also looking to get these SSL keys because it would allow for surveillance through its fiber taps, which are now heavily guarded by SSL.

SSL was originally put in place because of insecure and open Wi-Fi networks. Google adopted HTTPS (which appears in the browser to show that SSL is enabled -- back in 2010 for Gmail, and Microsoft did the same for Hotmail. Later in 2012, Facebook followed suit for its popular social network.

Now, these large Internet companies face the fear of government agencies trying to obtain the SSL keys and expose information on their users. Microsoft, Google and Facebook all said that they haven't given any SSL keys to the government, and agreed that they would fight against doing so. 

Other larger companies like Apple, Verizon, AT&T, Yahoo, Comcast and AOL haven't said if they've been asked for or have given SSL keys to the feds. 

But the larger companies fear that smaller Web establishments without deep pockets or a hefty legal department will give in to the government's requests for keys. 

SSL has certainly hindered the government's spying abilities, which is why they're coming directly to the source for the keys. But if all else fails, the feds have other avenues of getting what they need. For instance, companies like Packet Forensics help government agencies import "legitimate" copies of SSL keys -- which could possibly be obtained through a court order -- for spying on users. 

Speaking of a court order, it's not clear whether federal surveillance laws allow the government to ask for SSL keys -- even with subpoenas. Subpoenas call for gathering evidence related to an investigation, where SSL keys would seem to open up a treasure trove of data that may contain pieces of information relevant to an investigation, but likely most that are not.

Source: CNET



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: hypocrite much?
By conq on 7/26/2013 8:49:36 AM , Rating: 2
While there's certainly plenty of truth to this let's not completely exaggerate the comparison. People don't regularly "disappear" in the US, regularly get incarcerated for their political beliefs, or have a infamous "3 generation imprisonment" rules.

I am certainly not saying the actions of the NSA are permissible, I stand on the very opposite end of the spectrum in fact. What I am trying to say is you're comparing crimes of a crack cocaine dealer (US) to the crimes of a pedo (N. Korea), serial killer (Iran), and a crime kingpin (China). Yes, they're all bad people but different levels of bad.


RE: hypocrite much?
By ClownPuncher on 7/26/2013 11:43:42 AM , Rating: 2
Yea, honestly - as bad as things are in the US, it really makes light of the horrible things people had to endure in Soviet countries to say it is the same. I mean TENS of millions of people died as a direct and indirect result of actions taken by the Soviet government. Same with Mao in China.

I think that's disrespectful.


RE: hypocrite much?
By Ammohunt on 7/26/2013 3:34:32 PM , Rating: 2
Not to mention there isn't a shred of evidence that the NSA has done anything at all illegal none, nada, zilch!


RE: hypocrite much?
By Arls on 7/26/2013 7:31:37 PM , Rating: 3
No but it could be deemed unconstitutional. I'm not a US citizen but I believe that process goes to the supreme court.

Illegal or not, having the capacity to spy on every citizen simultaneously just seems wrong. If Americans just take this lying down then you deserve to be subjugated and controlled.


RE: hypocrite much?
By Arls on 7/26/2013 7:16:23 PM , Rating: 2
I'm pretty sure he means spying on its citizens. All those countries have or had massive surveillance programs.


RE: hypocrite much?
By misuspita on 7/29/2013 10:19:55 PM , Rating: 2
quote:
People don't regularly "disappear" in the US, regularly get incarcerated for their political beliefs, or have a infamous "3 generation imprisonment" rules.


....yet! A few more invasions of privacy and you will get there...


"Nowadays, security guys break the Mac every single day. Every single day, they come out with a total exploit, your machine can be taken over totally. I dare anybody to do that once a month on the Windows machine." -- Bill Gates














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki