"Microsoft and the FBI had come up with a solution that allowed the NSA to circumvent encryption on Outlook.com chats"
"For Prism collection against Hotmail, Live, and Outlook.com emails will be unaffected because Prism collects this data prior to encryption."
"analysts will no longer have to make a special request to SSO", "this new capability will result in a much more complete and timely collection response". "This success is the result of the FBI working for many months with Microsoft to get this tasking and collection solution established."
"One document boasts that Prism monitoring of Skype video production has roughly tripled since a new capability was added on 14 July 2012. "The audio portions of these sessions have been processed correctly all along, but without the accompanying video. Now, analysts will have the complete 'picture',"
Well, did you expect "privacy" to imply that your data would not be released to the government following legal requests for it? I always assumed it meant that they wouldn't share it with other businesses, but maybe that's just me.
Analogously, if one of the major phone providers started selling information to marketers, including what times of day I made phone calls, would it be inappropriate for a competitor to create a marketing campaign around "privacy" highlighting that they don't do similar things? Would you complain that since the government can still get a wiretap and listen to private conversations, there really isn't a meaningful privacy difference?
That implication is exactly what Colin provides with my tarsnap backups. He (or Amazon) can respond to legal requests with my strongly encrypted data, and Neither Colin/tarsnap nor Amazon can provide them with my private keys.
You can design your systems this way. It appears you're allowed under US law. It seems there's companies jumping through hoops on behalf of the NSA and/or FBI to build systems that _dont_ provide that guarantee.
Note that Colin _could_ conspire with / be compelled by the NSA to attempt to convince me to "upgrade" my local tarsnap code with a backdoored version - and I'm OK with that, if the NSA is looking for me specifically, I fully expect them to find out _everything_ - that's their job and I expect them to be world-class at it. What I _dont_ accept, is that they have any "right" to record and archive permanently anything I ever do online "just in case". And I can and am taking steps to make that harder for them, and I'm noticing which companies are apparently working agains my wishes. I'm curious to know if Dropbox are noticing an drop in de-dup rates lately? My Dropbox storage is now all encfs encrypted - including the folders full of grabbed funny-cat-pics and Internet meme images. My versions are no longer the same as the other several million of them stored on Dropbox. Same for my SkyDrive/GDrive/Jotta accounts.
Can they do that?
I assume there is a difference in law between the somewhat passive act of giving access to information already stored and forcing somebody to actively perform some action.
For example if you have private CCTV on your premises, a court can demand access to whatever footage they have captured but I don't think that they can force you to install hidden cameras on your property.
Isn't stuff like that usually done as part of a bargain, like having somebody wear a wire in exchange for not going to jail.
They persuaded a lot of big companies to collaborate actively (i.e. Microsoft, Blackberry etc subverting crypto). Personally I don't see it as legal or ethical, and would resist it, but a large government can bring a lot of pressure to bear. So if tarsnap got big enough to be a problem, then perhaps we'd find out.
I didn't think it meant they would give the NSA an un-encrypted firehose of private user data violating unlawful search and seizure implications that are a constitutionally protected right of American citizens, but maybe that's just me.
I can see how "but maybe that's just me" (and the entirety of the first paragraph) could be read as snarky, but that's not how I meant it. It was a non-rhetorical question: what should a company like Microsoft do when faced with a court order? Does compliance with such orders make "privacy" campaigns nonsensical, if they still have meaningful privacy protections compared to competitors? Also, IANAL, but as far as I know Microsoft can't violate the 4th amendment, only the government can.
No-one can violate the 4th amendment. The government is only seen to be violating it because they've chosen to interpret it under a different meaning that somehow allows them to collect private user data en-masse.
I think the best part is that Microsoft has been bragging about how they care about privacy so much more than Google therefore you should use their products/services, and now they just got caught red handed doing the worst possible privacy violations in the book.
On the contrary, it's exactly that sort of characterization that I object to. How could complying with court orders be the "worst possible privacy violation"? I'm sympathetic to the argument that the orders are overbroad, or that Microsoft should have appealed the orders and hasn't opposed the orders as stubbornly as it could have (though of course we know very little about what has actually occurred along these lines). But why would responding to a court order be a worse privacy violation than selling information about my online behavior to other companies (in addition to also responding to court orders!)?
Meaning:
"Microsoft and the FBI had come up with a solution that allowed the NSA to circumvent encryption on Outlook.com chats"
"For Prism collection against Hotmail, Live, and Outlook.com emails will be unaffected because Prism collects this data prior to encryption."
"analysts will no longer have to make a special request to SSO", "this new capability will result in a much more complete and timely collection response". "This success is the result of the FBI working for many months with Microsoft to get this tasking and collection solution established."
"One document boasts that Prism monitoring of Skype video production has roughly tripled since a new capability was added on 14 July 2012. "The audio portions of these sessions have been processed correctly all along, but without the accompanying video. Now, analysts will have the complete 'picture',"