Via: Cnet:
The U.S. government has attempted to obtain the master encryption
keys that Internet companies use to shield millions of users’ private
Web communications from eavesdropping.
These demands for master encryption keys, which have not been
disclosed previously, represent a technological escalation in the
clandestine methods that the FBI and the National Security Agency employ
when conducting electronic surveillance against Internet users.
If the government obtains a company’s master encryption key, agents
could decrypt the contents of communications intercepted through a
wiretap or by invoking the potent surveillance authorities of the
Foreign Intelligence Surveillance Act. Web encryption — which often
appears in a browser with a HTTPS lock icon when enabled — uses a
technique called SSL, or Secure Sockets Layer.
“The government is definitely demanding SSL keys from providers,”
said one person who has responded to government attempts to obtain
encryption keys. The source spoke with CNET on condition of anonymity.
The person said that large Internet companies have resisted
the requests on the grounds that they go beyond what the law permits,
but voiced concern that smaller companies without well-staffed legal
departments might be less willing to put up a fight. “I believe the
government is beating up on the little guys,” the person said. “The
government’s view is that anything we can think of, we can compel you to
do.”
No comments:
Post a Comment