You can have E2EE to the service provider, but they can be free to rummage through your data if they choose to or are coerced to by a legal demand from an authority. But it eliminates the average schmoe from going through that data.
Is that adequate security? Is that adequate privacy? This is what bills like EARN IT and its ilk are positing with backdoors et al. It depends on your threat model.
If a warrant opens a door or account one way or another, it can be argued that privacy-wise, locks and passwords are poor solutions. Are you protecting business data or trying to survive in an oppressive regime?
Different solutions for different problems, how appropriate they are varies with demographics too.
E2EE refers to fully encrypted communication between end-users of a service, hence end-to-end. If one of the ends is the service provider, the term doesn't apply.
This is the point. It's a buzzword and the reality of a lot of popular services is that the service provider can likely already provide access to your data if requested to by a government.
Ergo, if this is a consideration within your threat model, it's an inappropriate solution. However, I am highlighting that EARN IT is no more a threat than existing service providers abiding by a court order, ergo the existing solutions likely aren't fit-for-purpose for some folks, depending on threat model.
Is that adequate security? Is that adequate privacy? This is what bills like EARN IT and its ilk are positing with backdoors et al. It depends on your threat model.
If a warrant opens a door or account one way or another, it can be argued that privacy-wise, locks and passwords are poor solutions. Are you protecting business data or trying to survive in an oppressive regime?
Different solutions for different problems, how appropriate they are varies with demographics too.
This is an interesting talking point about privacy and security: https://news.ycombinator.com/item?id=35617773