“The U.S. government has attempted to obtain the master encryption keys that Internet companies use to shield millions of users’ private Web communications from eavesdropping,” Declan McCullagh reports for CNET. “These demands for master encryption keys, which have not been disclosed previously, represent a technological escalation in the clandestine methods that the FBI and the National Security Agency employ when conducting electronic surveillance against Internet users.”
“If the government obtains a company’s master encryption key, agents could decrypt the contents of communications intercepted through a wiretap or by invoking the potent surveillance authorities of the Foreign Intelligence Surveillance Act,” McCullagh reports. “Web encryption — which often appears in a browser with a HTTPS lock icon when enabled — uses a technique called SSL, or Secure Sockets Layer. ‘The government is definitely demanding SSL keys from providers,’ said one person who has responded to government attempts to obtain encryption keys. The source spoke with CNET on condition of anonymity.”
McCullagh reports, “The person said that large Internet companies have resisted the requests on the grounds that they go beyond what the law permits, but voiced concern that smaller companies without well-staffed legal departments might be less willing to put up a fight. ‘I believe the government is beating up on the little guys,’ the person said. ‘The government’s view is that anything we can think of, we can compel you to do.'”
“It’s not entirely clear whether federal surveillance law gives the U.S. government the authority to demand master encryption keys from Internet companies. ‘That’s an unanswered question,’ said Jennifer Granick, director of civil liberties at Stanford University’s Center for Internet and Society. ‘We don’t know whether you can be compelled to do that or not,'” McCullagh reports. “‘One of the biggest problems with compelling the [private key] is it gives you access to not just the target’s communications, but all communications flowing through the system, which is exceedingly dangerous,’ said Stanford’s Granick.”
Read more in the full article here.
MacDailyNews Take: United States Constitution, Amendment IV:
“The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety. – Benjamin Franklin, Historical Review of Pennsylvania, 1759
Join The Electronic Frontier Foundation in calling for a full congressional investigation here.
Related articles:
Apple, Google, dozens of others push Obama administration to disclose U.S. surveillance requests – July 19, 2013
Secret court agrees to allow Yahoo to reveal its fight against U.S. government PRISM requests – July 16, 2013
How Microsoft handed U.S. NSA, FBI, CIA access to users’ encrypted video, audio, and text communications – July 11, 2013
DuckDuckGo search engine surges 33% in wake of PRISM scandal – June 20, 2013
Yahoo: Since December 2012, we have received up to 13,000 U.S. gov’t requests for customer data – June 18, 2013
Apple: Since December 2012, we have received U.S. gov’t requests for customer data for up to 10,000 accounts – June 17, 2013
Nine companies, including Apple, tied to PRISM, Obama to be smacked with class-action lawsuit – June 12, 2013
U.S. lawmakers urge review of ‘Prism’ domestic spying, Patriot Act – June 10, 2013
PRISM: Do Apple, Google, Facebook have an ethical obligation not to spy on users? – June 8, 2013
Plausible deniability: The strange and unbelievable similarities in the Apple, Google, and Facebook PRISM denials – June 7, 2013
Google’s Larry Page on government eavesdropping: ‘We had not heard of a program called PRISM until yesterday’ – June 7, 2013
Seecrypt app lets iPhone, Android users keep voice calls, text messages away from carriers, government eyes and ears – June 7, 2013
Obama administration defends PRISM data-collection as legal anti-terrorism tool – June 7, 2013
Facebook, Google, Yahoo join Apple in sort-of denying PRISM involvement – June 7, 2013
Report: Intelligence program gives U.S. government direct access to customer data on Apple servers; Apple denies – June 6, 2013