Hacker News new | ask | show | jobs
by janmo 454 days ago
Thank you for pointing that out! I would add that intelligence agencies and law enforcement are almost completely exempt from all those fancy GDPR requirements.

Furthermore, in the EU, there is no such a strong equivalent to the 4th Amendment. Law enforcement and intelligence agencies can access your cloud data without needing a warrant—unless the data is stored in the US in which case a US judge would have to approve it. This is one of the reasons they are so eager to keep it "home".

The craziest thing is what happened with Encrochat and SkyECC. These two services made the critical mistake of trusting OVH to host their servers, and then OVH literally placed law enforcement and intelligence agency backdoors on them. Eventually, they even used these backdoors to send malware to users' devices, not caring whether they were located in the EU or not.

While all this was happening, the founder of OVH appeared on a popular YouTube tech channel and proudly explained that, unlike Amazon and Google, they weren’t sniffing their customers’ data. What a liar!
2 comments
sofixa 454 days ago
> Furthermore, in the EU there is not something such as the 4th amendment, Law Enforcement and Intelligence agencies can grab your cloud data without requiring a warrant. Unless the data is stored in the US, which is one of the reasons they are so eager to keep it "home

You're commenting under an article that explicitly says how US intelligence agencies and police get around the need for warrants. Many rights in the US are more theoretical than practical if someone in power decides so.

Also, there are strong expectations of privacy in the EU, as well as due process, warrants, etc. There are of course abuses, and especially "terrorism" can enable some shortcuts (to be fair, often for very good reason multiple EU countries have had tens to hundreds of dead from terrorist attacks that could and should have been prevented), but I don't have the impression it's in any way even close to as bad as the US. Do you have any information/sources to the contrary?

link
janmo 454 days ago
Look at the technique they used with Silk Road:

"Because the SR Server was located outside the United States, the Fourth Amendment would not have required a warrant to search the server, whether for its IP address or otherwise."

- Assistant US Attorney Serrin Turner

link
ivan_gammel 454 days ago
To me this statement only makes sense if it explains why an American law enforcement agency can hack a foreign server without an American warrant. And it just demonstrates the limits of American privacy protection.

If you think this was about European legal system, you are mistaken. If Americans were hacking European servers without due process involving European authorities, this was probably highly illegal here.

link
janmo 454 days ago
There is a pattern:

Silk Road, SkyECC, EncroChat, TorMail+Freedom Hosting.

What do they all have in common?

Their servers were found or their encryption were broken under mysterious circumstances involving classified "techniques". In 3 out 4 cases malware was sent from the services to their users once taken over.

All were hosted in the EU, even stranger, all of them had servers hosted by OVH. Although SR was not directly hosted by OVH Ross Ulbricht had a vnc server (virtual desktop) there which he apparently used to administrate the SR main server and on another OVH server he had a deadmanswitch and his will.

In a sense this is the counterpart to the survival bias. But in this case we only know where the taken down services were hosted, we don't know where the survivors are being hosted.

All this has serious Crypto AG vibes. Back then it was: trust us, we are from Switzerland, we are neutral....

link
ivan_gammel 454 days ago
It doesn’t make sense to build a conspiracy theory on randomly selected facts, when there’s an obvious explanation that in all those cases the law was broken and law enforcement acted as they were supposed to act. Other ISPs and hosting providers are cooperating with lawful requests too.
link
janmo 454 days ago
If these takedowns were lawful, why do they lie and hide the details about how they did it?

Read carefully the sections related to the encrypted containers and the OVH servers and tell me your opinion: https://www.justice.gov/d9/press-releases/attachments/2019/0...

link
ivan_gammel 454 days ago
Your comment needs some serious fact checking. For example, Encrochat backdoor was authorized by judge, so there was a due process. And it was not an ordinary customer.
link
janmo 454 days ago
The fact that this was "due process" and "legal" makes the matter even worse IMO.
link
ivan_gammel 454 days ago
How? They busted huge criminal network and linked the app itself to a criminal gang. This is how the law enforcement should work. Every human right, including privacy, has limits and the purpose of the law and the due process to establish where those limits should be. It would be strange to expect that privacy of a human trafficker or drug dealer is protected more than the rights of the people they harm.
link
janmo 454 days ago
They intercepted and read the messages of most users, yet the number of arrests is significantly lower than the total number of SkyECC and EncroChat users.

Not only that, but they also have charged and are attempting to jail the creators of these phones/end-to-end messaging apps.

With what is happening it is becoming pretty much impossible to provide backdoor free communication tools within the EU.

link