Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Monday March 26 2018, @11:09PM   Printer-friendly
from the does-any-other-nation-do-this? dept.

Submitted via IRC for AndyTheAbsurd

UPDATE, March 23, 2018: President Donald Trump signed the $1.3 trillion government spending bill—which includes the CLOUD Act—into law Friday morning.

"People deserve the right to a better process." Those are the words of Jim McGovern, representative for Massachusetts and member of the House of Representatives Committee on Rules, when, after 8:00 PM EST on Wednesday, he and his colleagues were handed a 2,232-page bill to review and approve for a floor vote by the next morning.

In the final pages of the bill—meant only to appropriate future government spending—lawmakers snuck in a separate piece of legislation that made no mention of funds, salaries, or budget cuts. Instead, this final, tacked-on piece of legislation will erode privacy protections around the globe.

[...] As we wrote before, the CLOUD Act is a far-reaching, privacy-upending piece of legislation that will:

  • Enable foreign police to collect and wiretap people's communications from U.S. companies, without obtaining a U.S. warrant.
  • Allow foreign nations to demand personal data stored in the United States, without prior review by a judge.
  • Allow the U.S. president to enter "executive agreements" that empower police in foreign nations that have weaker privacy laws than the United States to seize data in the United States while ignoring U.S. privacy laws.
  • Allow foreign police to collect someone's data without notifying them about it.
  • Empower U.S. police to grab any data, regardless if it's a U.S. person's or not, no matter where it is stored.

Source: https://www.eff.org/deeplinks/2018/03/responsibility-deflected-cloud-act-passes

See also: As the CLOUD Act sneaks into the omnibus, big tech butts heads with privacy advocates


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Tuesday March 27 2018, @02:20AM (2 children)

    by Anonymous Coward on Tuesday March 27 2018, @02:20AM (#658755)

    For the archive yes, but in order to do anything useful with email, it has to be decrypted by somebody at some point. Unfortunately, that some point tends to be before it goes over the wire as there remains no practical means of encrypting emails and few bother. I don't think I even know anybody that has theirs encrypted, which makes it pointless for me to encrypt mine as nobody would be able to read it.

    It's a sucky position to be in as the 4th and 5th amendments don't apply the way that they probably should.

  • (Score: 2) by takyon on Tuesday March 27 2018, @02:50AM

    by takyon (881) <reversethis-{gro ... s} {ta} {noykat}> on Tuesday March 27 2018, @02:50AM (#658768) Journal

    Yeah I meant the other data, not email.

    Theoretically it ought to be possible to do seamless public-private key encryption/decryption of all email with very little work for the user, but only some providers will do this.

    What does seem to be popular are encrypted chat apps. These are being used by younger people in place of email, are associated with big IPOs and lots of user growth, can be used seamlessly on smartphones, etc. The security implementation might be opaque or too centralized (to the point of being useless for the paranoid) for your tastes, but at least it would be less work to get someone to use it. Using it on the smartphone could be risky due to insecurities in that system, so you could find one with a desktop app or ability to work with something like Pidgin (I see plugins [pidgin.im] for Telegram and WhatsApp).

    You would still run into fragmentation issues and need to convince people to use the app, but that seems to be where we're heading. You want practical and "secure" communications.

    --
    [SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
  • (Score: 2) by edIII on Tuesday March 27 2018, @07:27PM

    by edIII (791) on Tuesday March 27 2018, @07:27PM (#659106)

    Email encryption is possible, and it's fairly easy at this point. Enterprise email does offer these features.

    With the appropriate settings, you can prevent unencrypted connections between your mail server and others. Preventing that trick that downgrades secure connections between email servers is also trivial with the right settings.

    You can't worry about the other side, but concentrate on yourself. One way governments win, is when fucking everybody is using gmail. Google then dictates the future of email technology, because it doesn't fucking matter what I'm running. If a user cannot email somebody at gmail, then your email is faulty and worthless. Even if technically superior.

    All you can do is pay to run your own server. Use a VM provider, use full disk encryption, and security harden it. That way the government has to spend resources to crack thousands, or hundreds of thousands of email servers to get the data, versus a single connection to Google downloading all of the data.

    Basically, in the end, the ONLY way to protect ourselves is to have possession of the keys and transmit 100% encrypted data all the time. The government cannot be trusted to act properly, nor can it be trusted to have the security required to protect itself, or our data.

    --
    Technically, lunchtime is at any moment. It's just a wave function.