Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This is only news if your opinion of institutions is much higher than it should be. Any large organization has bad actors in it. Undesired behavior is reduced/filtered first by culture, then by policy, then by law, then by technical ability. Anyone at the FBI who cares to has the technical ability to invade your privacy on a whim. Barrier removed. Whether or not it's technically illegal, any law that isn't enforced effectively doesn't exist. Barrier removed. It's openly admitted to having a policy that changes with its needs. Barrier removed. It sure as shit doesn't have an organizational culture geared toward respecting people and their privacy.


> Anyone at the FBI who cares to has the technical ability to invade your privacy on a whim

Is that true, though? I certainly don't believe any Google employee has the ability to read my email without consequence.


Any employee is a very high bar. I certainly do believe that Google does have multiple employees that can read my email without consequence.


> Any employee is a very high bar

Sure, but as is "Anyone at the FBI", per the comment I was replying to...


Very much doubt this. Maybe at some point in the past but it would be very surprising if anyone could unilaterally read an email at Google without going through hoops with justification


I'm not sure what those hoops might look like that don't still leave at least one person with the ability to unilaterally read an email.

Assuming that backdoor exists, at best there's some kind of oversight committee that has to review and approve a request to read an email. Meaning the door is there and someone has the keys, it's only process that tries to remove the risk of a unilateral invasion of privacy.


Yeah they can just prevent unilateral access. If there's a conspiracy between however many members of the group that is required to give permission there's not much you can do about it, but I'm just saying it's unlikely a single employee can do anything.


Yep that's fair enough! Hopefully they do have a multi-key approach that no one, or at least very few, can work around.


Well think of it that way, the policy might be here, the punishment planned for and the monitoring in place. Then ofc there s a way to bypass it to debug prod incidents without a lawyer present, and so anyone can read anything.

I hope you re right, but I ve worked at a company that had very sensitive data on individuals and I could see it all. We were even GDPR compliant: Im a french citizen working in China and I can ssh to a finland database no problem: the data never left Europe ... that was our interpretation of it anyway and an audit would have had trouble to fault us, for various reasons.

I had a girlfriend working at a giant telco... showing ME proudly the graph of all calls for the day she had to browse for something... and she was remoting on the private vpn all good and compliant... but nobody controls who else is behind the screen.

Best is not to commit crimes on public spaces, and not assume public spaces are private: even letters can be intercepted by the mailman, so... I think you can reasonably expect that it would be hard for one of your enemies to access your data for nefarious reason, but I always assume random access by an employee is possible.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: