DamianTV
07-24-2013, 02:14 PM
http://it.slashdot.org/story/13/07/24/1812227/anonymous-source-claims-feds-demand-private-ssl-keys-from-web-services
Lauren Weinstein writes
"With further confirmation of the longstanding rumor that the U.S. government (and, we can safely assume, other governments around the world) have been pressuring major Internet firms to provide their 'master' SSL keys for government surveillance purposes, we are rapidly approaching a critical technological crossroad. It is now abundantly clear — as many of us have suspected all along — that governments and surveillance agencies of all stripes — Western, Eastern, democratic, and authoritarian, will pour essentially unlimited funds into efforts to monitor Internet communications."
If this is true it means that SSL/TLS to any Internet service could be useless — the authorities could simply main-in-the-middle anyone. Without knowing who has given keys over, or if anyone has given keys over... The NSA does claim encryption poses a problem for them, but honesty isn't their best attribute. The source claims that major providers at least have resisted (assuming it is happening), but that smaller companies may have folded to the pressure.
Resistance is not possible if all that is available is Monitored Communication.
Lauren Weinstein writes
"With further confirmation of the longstanding rumor that the U.S. government (and, we can safely assume, other governments around the world) have been pressuring major Internet firms to provide their 'master' SSL keys for government surveillance purposes, we are rapidly approaching a critical technological crossroad. It is now abundantly clear — as many of us have suspected all along — that governments and surveillance agencies of all stripes — Western, Eastern, democratic, and authoritarian, will pour essentially unlimited funds into efforts to monitor Internet communications."
If this is true it means that SSL/TLS to any Internet service could be useless — the authorities could simply main-in-the-middle anyone. Without knowing who has given keys over, or if anyone has given keys over... The NSA does claim encryption poses a problem for them, but honesty isn't their best attribute. The source claims that major providers at least have resisted (assuming it is happening), but that smaller companies may have folded to the pressure.
Resistance is not possible if all that is available is Monitored Communication.