[rootusrootus]

> It is literally impossible for request recipients to solve this problem.

This I agree with. I'm trying to find the actual text of the law, I'm surprised the government isn't pretty specific about what constitutes a valid EDR, who can send them, etc. Bureaucrats love to write rules.

[novok]

From the article, I couldn't see what actually compelled the need to comply with an "EDR". From what I could see, they were not actual warrants or subpoenas that legally compelled performance, they were requests. They do it out of not wanting to have bad PR in case it was real, because the consequences for a screw up are pretty much nil.

The end solution is either an authentication scheme, a $1000 rush processing fee that includes a verification process and the requirement to call it in (It is an emergency, isn't it? Emergencies do not happen often, so what is $1000 to an american organization funded by taxpayer dollars?) or E2E encryption that makes it they can't give data.

Another thing about the $1000 fee, is you get to see the payment information about the account it comes from, and you can further require it comes from a government account which matches the requesting organization. Thanks to governments being very gung ho about their financial surveillance infrastructure being a hard requirement for almost everything now.