Matthew GreenSo I am getting the distinct feeling that Google (in addition to Apple) got a Technical Capability Notice from the U.K.
Senator Wyden asked both companies to confirm or deny that they’d received TCNs. Both parties said, essentially, “if we got one we wouldn’t be allowed to tell you under U.K. law.” https://www.wyden.senate.gov/news/press-releases/bipartisan-members-of-congress-to-uk-spy-court-uk-gag-orders-for-surveillance-backdoors-threaten-americans-security-and-privacy-impede-congressional-oversight
Money quote(s) from the article. Note that there is no “you can’t deny” clause in the U.K. law.
This maybe confirms a bad feeling I was getting a few weeks back. https://ioc.exchange/@matthew_d_green/113929669316823012
Matthew Green (@[email protected])
So why am I tweeting about this on a Saturday? Because something funny happened recently. I heard (thirdhand) from a person at Big Company X that they were under pressure to disable end-to-end encryption for cloud backup.
Waps@matthew_d_green I think by now it's safe to assume that everyone doing e2ee has received a letter from the UK.
Johnathan Corgan@matthew_d_green But would either be prohibited by that UK law from setting up a canary? Interesting times that such large, mainstream companies would need to start doing that.