|
|
|
|
|
|
by kmeisthax
1022 days ago
|
|
|
The OS vendors refuse to implement lawful intercept capability because there is no such thing as a lawful intercept capability. There is only intercept capability for any purpose because ROM bootloaders and secure enclaves cannot vet the lawfulness of a request to subvert their owners. You can make a phone relatively secure against people trying to break into it, but only if it has unique access keys for the owner. If you give any government a second key for intercept capabilities, that key will be a single point of failure for the entire system. Eventually it will leak and your phone password will be effectively useless. I don't even need to invent a scenario for this: you can buy the TSA master keys off Amazon right now. The only reason why it's not a huge problem is that TSA locks are a special thing you buy and use solely for airline luggage that is already in TSA custody anyway. If you use TSA locks on anything else, however, you're just asking for it to be stolen because the locks don't actually provide any security. The shady clients will get their hands on any intercept key provided by law enforcement, because it's legally unreasonable for Apple or Google to only provide intercept capability to some of the countries they operate in. e.g. if you give the US and UK a decryption key you also have to give it to Saudi Arabia[0]. Hell, in some countries the shady and legit clients are part of the same government - e.g. you can't give the key to just the FBI but not the NSA or CIA. [0] The Saudis have one very big lever they can use to force the west to do what it wants: gas prices. |
|
|