[Discuss] Data including email, stored in the cloud, may be available to law enforcement without search warrant

[bill at horne.net (Bill Horne)]

On 11/3/2011 1:25 PM, Gregory Boyce wrote:
> On Thu, Nov 3, 2011 at 1:07 PM, Daniel C.<dcrookston at gmail.com>  wrote:
>> On Thu, Nov 3, 2011 at 11:06 AM,<markw at mohawksoft.com>  wrote:
>>>> On 11/3/2011 at 10:11 AM, Bill Horne wrote:
>>>> This is a problem that can be easily solved by using end-to-end
>>>> encryption. The capability is already built-in to every common email
>>>> client.
>>> Assuming your ISP allows encryption to a server on your premises. Most
>>> email servers are outside of your premises and thus in the custody of a
>>> "provider." The problem is that there is no 4th amendment protection for
>>> your data in the custody of a vendor. They can be ordered to hand over
>>> your data, unencrypted, by any number of government agencies.
>> I'm not sure what you're saying.  Email clients can encrypt and
>> decrypt - there's no need to rely on the provider to do any work, and
>> you don't need an email server at your home to encrypt an email before
>> you send it, or decrypt after it's received.
>>
>> -Dan
> I suspect he's talking about transport encryption (SSL/TLS) while
> you're talking about message encryption (PGP/GPG)

I can't speak for Mr. Boyce, but _I_ was talking about _end_ _to_ _end_ 
encryption, i.e., encrypting data at the originating MUA,  in such a way 
that only the intended recipient(s) are able to decrypt it, usually 
using the built-in functionality of their MUA. Some systems use X.509 
certificate-based cryptography, and some use GPG/PGP. Neither of those 
methods depends on the MTA(s) or servers in between the MUA(s) involved.

Bill

-- 
Bill Horne
774-219-7638 (cell)
339-364-8487 (office)