I see the Daily Mail today reporting that Facebook should "hand over" the password to a Facebook account to the police.
First of all, doesn't this set a dangerous precedent?
Yes it does, especially if you're talking about literally handing over a password. The journalist has clearly messed up but even if talking about access to the account then there need to be some checks in place.
Second of all, how could Facebook do this? Facebook don't know the person's password, they do not store it. This is literally web security 101, NEVER store a password. What is most stunning is how the Mail don't seem to know this, when a five second Google would give you this information.
When our media doesn't even understand how technology works - including apparently how to use Google - how can they be trusted to act in our best interest?
Indeed they might not be able to - it depends how they've stored the passwords. They are however going to be able to access the account.
Nah in that article the DM journalist refers simply to accessing the account and doesn't make the mistake the OP has highlighted, also that article is from the 31st of August whereas the OP on the 4th of Sept refers to an article "today". Might have been helpful if he'd included a link to the article he was actually referring to but I'm perfectly willing to take his word for it that a journalist has got this wrong.
Yeah, I'd agree with that - FB do have an large engineering office in London and their EU HQ. I find it pretty silly how they can operate a social media platform which may contain evidence relating to a murder, yet - any and all decisions relating to handing that evidence over, must go through a challenging and lengthy US DOJ application..
Interestingly, Nick Ferrari announced he's talking about this on LBC in the next hour,
I dunno, I can see situation where they might not want to give access via foreign courts/governments - plenty of countries with poor human rights records over there. Also flip it around, say you're a UK company with various legal obligations re: data protection, you don't just dish out customer data to some foreign authority. If the process if somewhat convoluted then perhaps there needs to be something done to speed things up - perhaps there can be some international agreement signed whereby some trusted foreign courts can make data access requests i.e. I don't see why say a court order in relation to a particularly serious offence such as a murder enquiry shouldn't be allowed from the likes of courts in the UK, EU, Aus/NZ/Canada, the US etc.. if some sort of mutual recognition were put in place.
I severely hope not. That would show a worrying lack of security.
I don't see why it would show that at all, they already fulfil these sorts of requests for access via US courts etc.. it doesn't imply that there is a lack of security. Its not like any random employee can simply access user data. Fort Knox can easily hand over gold if required to by the US govt, it doesn't imply that gold isn't stored securely.
Also, the way end-to-end encryption is reported on makes it seem like it's the bee's knees to keeping everything secure and private, but that's 100% NOT the case. As its name suggests it's only working on securing the communication between two parties - the thing to remember is that the two parties that are communication are two "Facebook Accounts". Not two "people".
Yep people do seem to get confused by end to end encryption, there was a thread on here not so long ago where one user seemed to think it was some magical catch all technology when it simply refers to the communication between point A and point B being encrypted but says nothing about the storage at either end. For example, am not up to date on WhatsApp, but at one point IIRC the backup of all your messages could be stored unencrypted in iCloud. I think they have now addressed this, but I'm sure someone on here in a previous thread didn't understand that this back up has nothing to do with the service itself utilising end to end encryption for the purposes of transmitting messages.
/pedant