seanismorris

radarthekat said:

Referencing Apple as an example of poor quality is dumb.

22july2013 said:

seanismorris said:

22july2013 said:

Why can't companies like Facebook and Apple provide secure End to End communication for US (and/or UK/Canada/etc.) citizens but key-escrowed communication for foreigners (eg, China, Iran, etc.)? All it would take is for Facebook and Apple to write software that determines the nationality of the user. That's a modest technical problem. The problem is primarily that Facebook and Apple actually want to provide secure communications for people who have no such right, and perhaps secondarily also that the government wants key-escrow for nationals who may have a "right" to privacy.

This solution would be unsatisfactory to Apple and Facebook because SOME of their customers (eg, citizens of Iran, China, Somalia) would be unhappy that their keys were being escrowed. And it would also be unsatisfactory to the governments because SOME of their suspects (eg, citizens of US, Canada, UK) would have keys that are NOT being escrowed. Both sides, government and corporations, aren't willing to settle for a 50% satisfactory solution, which is sad. They both want 100%.

Some of you may respond to this idea by saying that it's technically impossible for corporations to determine the nationality of its users. That's a false argument which I will ignore. And most of you are unimaginative enough to figure out how to solve this problem. I could explain how it could be done, technically, but I don't want to argue about technical solutions, I want to argue about whether this approach is a useful and legal approach. Is it legal? Very probably. Is it useful? Probably for many situations. But both sides want it all and aren't willing to compromise.

How are you going to determine if I’m a local good old boy?  If I turn on my VPN it looks like I’m German, when I’m actually in the USA.

Besides, you haven’t been paying attention, they want your information just as much as they want foreigners.

If you think these surveillance problems work, here you go.  Yesterday’s news: (you’ll note the US was spying on there own people)

NSA spent $100M on phone surveillance program that prompted two unique FBI leads

https://www.washingtonexaminer.com/news/nsa-spent-100m-on-phone-surveillance-program-that-prompted-two-unique-fbi-leads

You asked me "how" it would be done. I explicitly wrote I don't want to talk about "how it's done" because that would change the topic to a technical topic rather than a policy topic. The link you sent me was not a key escrow issue, so it's irrelevant to my point. (I get the impression that you don't even understand what key escrow is since you are diverting attention from the topic I raised.) But you admit you don't understand "how" nationality could be determined. Let's ignore how it's done and talk about whether it's a good idea to do this. Ask yourself if this method I've described, if it were possible, would be "legal" and "useful". I said it would be very probably legal and probably useful in many situations. You had nothing to say. I was right when I expected that responses to my message would try to address "how" this could be done rather than whether it's a good idea. As I said, corporations ignore this question because they want all their customers to get the same high grade encryption, while governments ignore this question because they want to be able to view everyone's traffic.