Should We Allow Bulk Searching of Cloud Archives?

Discussion in 'privacy general' started by Minimalist, Jan 16, 2016.

  1. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,054
    https://www.schneier.com/blog/archives/2016/01/should_we_allow.html
     
  2. driekus

    driekus Registered Member

    Joined:
    Nov 30, 2014
    Posts:
    489
    The title is very accurate. "Should we allow...."
    This is already being done, the question is really should we allow it.
     
  3. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,147
    Location:
    UK
    It seems rather obvious to me that encryption was NOT operationally used in the Paris attacks, otherwise they would have been all over it publicly, to justify the weakening of encryption (which they were before any of the facts were known).

    As for "should" and "we", it makes sense to understand the "we" who are making the decisions rather than what you might assume by "we".
     
  4. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    This is not about encrypted files.

    That is exactly the "we" the author is talking about.
     
  5. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,147
    Location:
    UK
    Understand that, it's a hypothetical that bulk surveillance might possibly assist after the fact (just as weakening encryption would). We already know that mass surveillance has had minimum influence on terrorist plots over many years (e.g. Alexander's backtracking from his initial claims, and the Anderson report coyly referencing one significant plot foiled except we aren't allowed to know the details).

    What wearies me though, is that there isn't enough focus on opsec that is or could be used by the bad guys (which need not rely on any technology), nor on countermeasures that the adversary might take (or rather, would, because they are not stupid). Nor is any of this stuff done on real evidence-based policy, that a business (say) would be willing to back on a cost-benefit basis.

    Attempting to justify mass surveillance on the basis of terrorism is an evidence-free game, but one that authorities (that want to do so for other far more credible reasons such as economic espionage) will foist on an unsuspecting public.
     
  6. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    It's rather a pointless question, because it will/did happen, no matter what "we" (readers) want/wanted.

    In a way, it doesn't really matter. Anyone who got caught up in the drama would at least be guilty of terminal stupidity. Regardless of their involvement in terrorism or whatever.

    The more useful question is how one would avoid getting caught up in the drama. And technologies to facilitate that.
     
  7. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,591
    As I was reading along in this thread it appears to me its a lose lose to beat them using clearnet. Explaining: my personal answer is that when I cloud I encrypt locally and so even meta data of my cloud files is gibberish. Sure I can pull them down and open everything but nobody else even has a clue what is there. The filenames and other meta data are also encrypted with my "key" to those psuedo filenames contained locally on my drive.

    Back to the junior prosecutor in our story. Would his next move then be lets get a warrant for files that are encrypted/hidden because they must contain bad stuff? The answer is obviously NO, but you can imagine where this is headed! And here we are: where the 3 letter agencies are NOW petitioning for a mandatory backdoor.

    And so my current last step is my selected storage and private email "buddies" communicate on a hidden server where there is nothing to search in clearnet. Since my items are locally encrypted I don't even need to trust the hidden server either. As always the family friends just get left out and there is no real security for folks like that anyway. They are too lazy to learn.
     
Loading...