| ▲ | 0x262d 5 hours ago |
| Is it meaningfully misleading? How often is this an obstacle for the FBI? |
|
| ▲ | runjake 5 hours ago | parent | next [-] |
| Yes, "asked" versus "ordered" is meaningfully misleading, especially in this context. There is reasonable suspicion, some might argue evidence, that Microsoft voluntarily cooperated with U.S. Intelligence Community without being compelled by a court order, the most famous instances being leaked in the Snowden disclosures. To be fair to Microsoft, here's their updated statement (emphasis mine): "Microsoft confirmed to Forbes that it does provide BitLocker recovery keys if it receives a valid legal order. “While key recovery offers convenience, it also carries a risk of unwanted access, so Microsoft believes customers are in the best position to decide... how to manage their keys,” said Microsoft spokesperson Charles Chamberlayne." |
| |
| ▲ | Retric 4 hours ago | parent [-] | | You’ve overly simplified the degree to which a company must accept a court order without pushback. First they are capable of fulfilling the request in the first place which means their approach or encryption is inherently flawed. Second companies can very much push back on such requests with many examples of such working, but they need to make the attempt. | | |
| ▲ | Zak 3 hours ago | parent [-] | | I don't think it's reasonable to expect businesses to spend money fighting court orders for customer data, especially if the orders are more or less reasonable. They do seem to be reasonable in the case that brought about this reporting, with substantial evidence that the suspects committed fraud and that evidence is on the devices in question. | | |
| ▲ | chaps an hour ago | parent | next [-] | | Heh, I subpoena'd Microsoft once in part of some FOIA litigation I did against the White House OMB back in 2017. They, in no unclear terms, denied it. We were seeking documentation. I realize it's not a court order, but just want to add to the stack that there are examples of them being requested to provide something within the public's interest in a legal context (a FOIA lawsuit) where their counsel pushed back by saying no. | |
| ▲ | Retric 2 hours ago | parent | prev [-] | | Never means the specifics are irrelevant, you’re making the sad argument on the worst possible case and the best one. So why should customers entrust their data to the company? It’s a transactional relationship and the less you do the less reason someone has to pay you. Further, our legal system is adversarial it assumes someone is going to defend you. Without that there’s effectively zero protection for individuals. | | |
| ▲ | Zak 2 hours ago | parent [-] | | People shouldn't entrust highly sensitive data to third parties who aren't highly motivated to protect it. That means different things in different situations, but if you're likely to be investigated by the FBI, don't give Microsoft the encryption keys to your laptop. | | |
| ▲ | chaps an hour ago | parent [-] | | As many, many people have pointed out -- many people don't know that their drives are encrypted or know that these protections exist. You're also assuming that the FBI doesn't investigate just random people. "I'm not doing anything bad, why should I worry?" You're making a lot of assumptions about how people use their computers, their understanding of their own devices, and the banality of building argumentation around what someone should have done or should not have done in the face of how reality works. |
|
|
|
|
|
|
| ▲ | Zak 5 hours ago | parent | prev | next [-] |
| I would guess that the FBI never asks Microsoft for encryption keys without a valid legal order because it knows Microsoft will demand one, and because the FBI rarely has possession of suspect devices without a warrant to search for them and obtain their contents. It could be a bigger obstacle for other agencies. CBP can hold a device carried by someone crossing the border without judicial oversight. ICE is in the midst of a hiring surge and from what I've read lately, has an abbreviated screening and training process likely not matching the rigor of the FBI. Local law enforcement agencies vary greatly. |
| |
| ▲ | danielschreber 44 minutes ago | parent | next [-] | | >I would guess that the FBI never asks Microsoft for encryption keys without a valid legal order I keep seeing mentions in the news of FBI agents resigning suddenly. | |
| ▲ | DANmode an hour ago | parent | prev [-] | | Great comment. |
|
|
| ▲ | bnjms 5 hours ago | parent | prev | next [-] |
| It’s immensely misleading. At least with a valid legal order we are still living by rule of law. With the recent actions I can’t say ICE is acting by rule of law. Having said that I won’t go back to Windows. |
|
| ▲ | cyanydeez 5 hours ago | parent | prev [-] |
| Broader context isWindows defaults to making their access to your data legally accessible. Their entire windows platform and one drive defaults to this insecurity Inlight of fascism coming to Democratic cities and anyone documenting it being a registered domestic terrorist...well thats pretty f'n insecure by default. |
