>From the new Washington Post Article > According to a separate “User’s Guide for PRISM Skype Collection,” that > service can be monitored for audio when one end of the call is a > conventional telephone and for any combination of “audio, video, chat, and > file transfers” when Skype users connect by computer alone. Google’s > offerings include Gmail, voice and video chat, Google Drive files, photo > libraries, and live surveillance of search terms.
http://www.washingtonpost.com/investigations/us-intelligence-mining-data-from-nine-us-internet-companies-in-broad-secret-program/2013/06/06/3a0c0da8-cebf-11e2-8845-d970ccb04497_story_1.html On Sun, May 26, 2013 at 6:32 AM, ianG <[email protected]> wrote: > On 26/05/13 03:31 AM, James A. Donald wrote: > >> On 2013-05-26 2:13 AM, Eric S Johnson wrote: >> >>> >>> Sauer: We answer to this question: We provide a safe communication >>> option available. I will not tell you whether we can listen to it or not. >>> >>> In other words, no evidence there, either. >>> >>> >> Oh come on. "We will not tell you" tells us. >> > > > > This is the problem with non-disclosure. It tells us, but what does it > tell us? > > For my money, Mr Sauer has told us that Skype is /preserving the option/. > He doesn't tell us who Skype is listening to or when, it is even worse > than that: they are preserving the option for anyone they so desire. > People who hold an option do so because they can benefit from it, because > options are not free. So Skype have decided that someone needs to listen, > they will get a benefit, and they'll decide who that is, when and if [0]. > > > > The curious thing to take out of this is, for me: how should a security > company act? > > If they act like Skype acted, people won't trust them. So how is it that > a security company can deliver security if they themselves cannot be > trusted? > > Consider two examples. Apple are mostly trusted, but they never tell us > what they do in security. Verisign's CA model was an exercise in > non-trust, because they told us in glorious 100page detail, and nobody had > a clue what the deal was. What's the difference here? > > It seems to me that we should be able to determine a better way to be a > trusted security company. Or, maybe there is no principle to be extracted > here, maybe the "market for security & trust" has no single way? > > We've been doing this for 20 years now, and it seems we still don't know. > > > > iang > > > > [0] Observers may point to limitations in the ToS. But if you need to > point to ToS, then you are simply proving your deception. Does anyone know > when the ToS were changed to permit intercept and listening? If they've > changed ToS to permit e2e, where it wasn't permitted before, without > telling us that e2e is over, then they've also changed them to permit > whatever they want, and any new uses will likewise see a change. > > ______________________________**_________________ > cryptography mailing list > [email protected] > http://lists.randombit.net/**mailman/listinfo/cryptography<http://lists.randombit.net/mailman/listinfo/cryptography> >
_______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
