

One of the Biggest Privacy Wins in Recent Memory Has Been Reversed - obituary_latte
http://motherboard.vice.com/read/one-of-the-biggest-privacy-wins-in-recent-memory-has-been-reversed

======
obituary_latte
Direct link to ruling:
[http://pdfserver.amlaw.com/nlj/DAVIS_CA11_20150505.pdf](http://pdfserver.amlaw.com/nlj/DAVIS_CA11_20150505.pdf)

------
Istof
This effectively destroys privacy...

------
higherpurpose
The article is burying the lead by focusing on "cellphone data". This ruling
will apply to all 3rd-party data, which is _devastating_ for privacy, since
much of our data (and virtually all metadata) is in the cloud now and the
trend is growing.

It's time to start yelling at companies to adopt end-to-end encryption. IM's,
email, file storage - everything. Boycott those who don't do it as they will
now be _complicit_ with abusive law enforcement (when there's no warrant
requirement law enforcement becoming abusive is imminent).

~~~
schoen
It's not clear how cell phone carriers could use end-to-end encryption to
protect the particular kind of data at issue here; from the point of view of
the GSM protocol, the carriers _are_ the other endpoint. It's like the way
your ISP couldn't use encryption to blind itself to whether or not you're
currently using your home Internet connection: if packets are being routed
over that interface, you're using it.

I think this situation is horrible, but we don't, in this particular case,
have a ready-to-deploy encryption remedy that carriers could simply choose to
enable. A lot of the problem is found in the architecture of the mobile
network itself.

For the larger picture, a challenge is the prospect of much _larger_ numbers
of users yelling back at the companies who _do_ adopt end-to-end encryption,
because the companies become unable to reset the customers' forgotten
cryptographic passphrases. So you can expect yelling on both sides. (I heard
that one company that specifically advertises how it can't read or access your
data already gets a considerable number of support requests from users with
forgotten passphrases who, in the moment, don't believe that's even possible,
and the company must be lying because it doesn't want to help them.)

