Mark, > On 20 Sep 2020, at 13:02, Mark Tinka <mark.ti...@seacom.com> wrote: > > > > On 19/Sep/20 22:53, Valdis Kl ē tnieks wrote: > >> Are there any actual countries heading that way? Seems like most of them >> insist >> they have the ability to snoop unencrypted traffic (where "crypto that has a >> baked-in >> back door" counts as unencrypted). > > Let's not give them a reason. > > The most I've heard (from Africa) is countries making requirements for > nominated information to not be stored outside of the country, especially in > the U.S, and parts of Europe. To some extent, this has pushed many of the > cloud bags to become present in Africa so they can comply, although I'm not > sure even sleeping with one eye open counts as being safe in that respect.
I believe right now the only country in the world with enforcing of crypto backdoors is Australia[1], which is kind-of crazy. OTOH, they had their own set of problems with massive Chinese intelligence penetration. And we have couple of countries like Russia, obviously China, Turkey(?) that insist or either having your data locally, dear content provider, or forbid your service to operate at all in given country. Apple, Amazon, Microsoft and Google of this world are on a different level of compliance here. As far as I know, in most of EU countries, inspecting payload of customer traffic is explicitly forbidden by telco laws. Ah, and there’s cooperation between US and EU about exchanging citizen data, which recently was stopped by EU once it become obvious, US was abusing that cooperation[2]. That can help potential malicious SP to cross-check and correlate user to content across continents. We’re living in interesting times. [1]. https://www.cyberscoop.com/australia-encryption-backdoors-law-passes/ [2]. https://www.wsj.com/articles/eus-top-court-restricts-personal-data-transfers-to-u-s-citing-surveillance-concerns-11594888385 -- Łukasz Bromirski CCIE R&S/SP #15929, CCDE #2012::17, PGP Key ID: 0xFD077F6A
