Re: [ietf-privacy] [Internet Policy] How a Radio Shack Robbery Could Spur a New Era in Digital Privacy

Mark Nottingham <> Tue, 28 November 2017 06:51 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 7B6E11270AE for <>; Mon, 27 Nov 2017 22:51:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.72
X-Spam-Status: No, score=-2.72 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key) header.b=i0egq3TD; dkim=pass (2048-bit key) header.b=SPU2SpLR
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 2APdnz8j-axL for <>; Mon, 27 Nov 2017 22:51:29 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id E2C3E1200E5 for <>; Mon, 27 Nov 2017 22:51:28 -0800 (PST)
Received: from compute3.internal (compute3.nyi.internal []) by mailout.nyi.internal (Postfix) with ESMTP id 52BB020A11; Tue, 28 Nov 2017 01:51:28 -0500 (EST)
Received: from frontend2 ([]) by compute3.internal (MEProxy); Tue, 28 Nov 2017 01:51:28 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; h=cc :content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; bh=Lm4avxMXJquVovsjpaOoQedl9/bw+ +gBuSlnQzhxBYU=; b=i0egq3TDYmgUZMSDTgq5tZVsOKFe8IeQZJiAqi+P06O46 TF0+ROeDCBHaMLcRpy6Gy3gLME/SWKuNagLoB1W5pKDG9VQmlwx9YjKmj+ntwHvJ 3ZRen+0ZO+jfg5vv8pnWf74V41lQL1rhDJzsm9CaDe8qJsNOmv8OU2/NRx9BpuW2 e7ZveRADZujZD/0Gx3OpH4HT4C8xUwNMhTv3+MVc8r28oPONQPb4/2jqMBpts8sU 5QzQ4Zgy9L4Gt0OE2Il8Os8PMgSl1BabbW3dAqgBJIWU/XNvbZsoFmvk4l/p4jsu gdakzrIuh0dvI3VLyaXZEgT3A/p5VDeS2LhjWyLHw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=Lm4avx MXJquVovsjpaOoQedl9/bw++gBuSlnQzhxBYU=; b=SPU2SpLRtiRccsBKptgC9p JhFWgRi+K5HxKIuw2FIxnHilyL/xjdru9sMvQYOUKvmOREoWG00CKtqk5QcgOFub /QGNr3dlRJOX8a7YyB+cX8Wp0X95scO+BxumiIO9quDCzOLpT1UPvNAQ7ry2HuJc IyO7brYy0wTxeKyvkp611fbR08yOCUSbjjK6wivooGSzfUAxkOvMP80IiN4X0YvH 7S3lxi+WkRHSiF9Cf3oYW2/TA0L+A9qHxmpKU/ihDWN1e0wtcNkOzwG9g5SsnU+O U1avgIz9XYTqxyoFxIZnLfHbjb1Mznc+i/xPv+g96LWIUeWMYXYk49pKk1eYZMSQ ==
X-ME-Sender: <xms:cAcdWoTR-foiyD_pznpqib-O8XILWj74wEHe6w34EPpRmmYFlwZgMg>
Received: from [] ( []) by (Postfix) with ESMTPA id 561572471E; Tue, 28 Nov 2017 01:51:27 -0500 (EST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 11.1 \(3445.4.7\))
From: Mark Nottingham <>
In-Reply-To: <20171127204133.17312.qmail@ary.lan>
Date: Tue, 28 Nov 2017 17:51:26 +1100
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <20171127204133.17312.qmail@ary.lan>
To: John Levine <>
X-Mailer: Apple Mail (2.3445.4.7)
Archived-At: <>
Subject: Re: [ietf-privacy] [Internet Policy] How a Radio Shack Robbery Could Spur a New Era in Digital Privacy
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Internet Privacy Discussion List <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 28 Nov 2017 06:51:31 -0000

On 28 Nov 2017, at 7:41 am, John Levine <> wrote:

Interesting, when looked at through the lens of the e2e crypto debate:

> The second kind of case considered when disclosure from inside a protected space eliminated privacy. The Supreme Court decided a long string of those cases in the decade before Katz. And it consistently adopted a simple rule: A person who knowingly exposed private information from a private space to outside observation waived Fourth Amendment protection.


> First, a space had to be protected, which was the case if society was willing to recognize an expectation of privacy as reasonable there. Second, the person had to “exhibit” an actual expectation of privacy, an intention “to keep” the protected space “to himself,” by not exposing the space “to the plain view of outsiders.”

So, it seems like (IANAL) one way to read the situation is that the government is currently trying to get companies to forcefully take the expectation of privacy off the table for commonly used communication tools.

I wonder what the analysis is WRT back doors vs. "keep the plaintext" (what they currently seem to be pursuing). The latter seems to sidestep the second test above...

(Of course, I'm just a bystander here, and could be very wrong, but would be interested to understand why)

Mark Nottingham