This is the primary danger that comes from blind adherence to Democratic/Republican principles. Letting the COLLECTIVE will filter down without bureaucratic checks and balances in terms of having laws expire and having to get reaffirmed as the population changes leads to a slow consolidation of power that goes unchecked to the Federal level.
The Federal Government was not intended to be the hammer that gets thrown about all over the country. The fact that we're even entertaining the discussion that the Federal Government should be able to exercise such primacy in access to personal information is a scary thing indeed.
It was never meant to be that pervasive. This country runs from the bottom up. There are ways for Law Enforcement to do their jobs without ubiquitous capacity to wiretap. The potential for abuse is simply too high.
That's all well and good, except irrespective of the issue, if you as an individual Citizen tell Facebook to do something, it will take one look at you and say 'bugger off'.
I don't see that there is anything intrinsically wrong with the government directing Facebook to operate within laws or take action. The problem here is that, the particular policy of the government in this case is stupid, and it's up to the collective Citizens to change that policy.
In my own opinion @salawat's heart is in the right place, but his/her ideas are completely unworkable. Expecting a lone individual in Lincoln, or Birmingham, or Providence, or Dallas to be able to protect his or her rights against Facebook, in the absence of a federal government, is just naive.
The "Collective" Citizen, represented by the Federal Government, MUST be limited in it's ability to intrude in the affairs of the Individual Citizen.
Things like CALEA represent dangerous precedents and potentials for abuse that should require reaffirmation and consistent reevaluation in the light of advancing technology.
We all want a powerful and responsible government, but we have to weigh the dangers and potential for abuse in the long run against the short term gains from granting a new power with little or no constraint.
Perhaps I didn't express it that well.
While I very much support individual privacy and liberty, I think the statement above is being misapplied: Yes it runs from the bottom up, and therefore it does not run according to ancient rules and their interpretations. It's a democracy, not a religion; today's voters decide what they want, not ancient prophets (the Founders) who handed down scripture (the Constitution, Federalist Papers, etc.). And in fact, that's how the founders of the U.S. designed it.
And wouldn’t it be more secure to setup your own infrastructure instead of depending on someone else’s infrastructure where you are unable to determine with certainty that serverside code is unmodified?
So Facebook's Messenger is made more vulnerable by the fact that "Also the government can't wiretap this" isn't a prominently advertised feature. In fact, prior to this article if you'd asked if they can do so I'd have guessed "Yes" and recommended Signal instead.
Why not set up your own infrastructure? Well that does come with a significant downside. "Don't Stand Out" is one of the principles we've learned is important for real world communications security. Once you set up your own secure systems, while everybody else keeps using Messenger, you are marked out, your communications label themselves as especially interesting. So _once you do that_ you have to be sure that two things are true:
1. Your technical systems are 100% secure. No adversary has a backdoor to your GPU firmware, a laser microphone listening to your keypresses, a black bag team who can break in and silently copy your data when you're out shopping, a zero day exploit for your browser, or whatever. If your adversary is "Bob from next door" this seems plausible. But if it's the government of your country you are probably in deep shit immediately.
2. Your society has both norms and strongly enforced laws that will ensure it's not just easier and cheaper to bypass all this technology and get what they want from you anyway.
But so long as you Don't Stand Out all this fades into the background. If we make _everybody's_ communications secure, yours won't Stand Out and a powerful adversary (such as the US Government) can't target you.
> However, end-to-end encryption is not an option for Messenger voice calls.
Hence, the FB infra is in a position where they can actually retain the key, which Signal is not:
> This differs in a major way from other secure messaging applications like Signal, WhatsApp, and iMessage. All of those apps use protocols that encrypt that initial session key—the key to the voice data—in a way that renders it unreadable by anyone other than the intended participants in the conversation.
However, Signal could of course modify the client applications to siphon off the keys and send them wherever. Especially since it's hard/impossible to verify the source code running in the binary on your phone, this is somewhat scary and forces me to trust Signal.
But if I understand everything correctly, Signal could not be coerced into revealing keys from the backend side. (Please correct me if I'm wrong)
Unless this case is actually about trying to establish precedent and using the fact that it’s a well known, heinous gang to argue for something more than it needs.