Hacker News new | past | comments | ask | show | jobs | submit login

The USG does not need to look for weak points to do passive data collection.

Due to the third-party doctrine [0], they can simply demand access, don't even need a legal warrant. Because there's no reasonable expectation of privacy for data you willingly gave to third parties.

[0] https://en.wikipedia.org/wiki/Third-party_doctrine




It's easier to do it quietly though. If there's unencrypted network traffic, they just need to demand access from someone with physical access to the switches, plant a listening device, and everyone with logical access will be blissfully unaware.

If they want to MITM encrypted traffic they need to demand access from somebody with access to the certificates, who is going to be higher paid and more likely to speak to at least a lawyer before granting access.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: