|
|
|
|
|
|
by cyphar
2267 days ago
|
|
|
> The server is one of the "ends" in "end to end". Not in the phrase "end to end encryption", which is specifically used to refer to schemes and services where the service provider does not have the ability to access the communications (a-la Signal). If that wasn't the case then any site with TLS would be called "end to end encryption". > The law didn't contemplate that you would use a service but not want that service to access your data. This law in particular does. The only restriction (relevant here) is that TCNs must not result in the creation of a "systemic vulnerability". The meaning of this term is not outlined in the legislation -- my understanding is that it is meant to mean something like "backdooring OpenSSL and thus making most of the internet insecure" rather than "backdooring all communications using a particular service provider". If that understanding is accurate, then it's a meaningless restriction. |
|
|