By letter of the law, CALEA does not require key escrow. Do you believe that in practice along with extralegal pressure in the manner described above, that CALEA and associated laws amount to near ubiquitous key escrow?
Do you believe that the USG can get access to nearly any telecommunication record in close to real time for emergencies if it needs it, and to nearly any telecommunication record history up to some amount of time later for investigations? If you do not, could you defend this belief - it runs counter to conventional wisdom.
Presuming you do believe that access to telecommunication records can be made post hoc and/or on demand: do you believe this is because of weak crypto (KASUMI, A/5, etc) or because there is no encryption for there to be escrowed for large or critical parts of the infrastructure? Or is it something else?
There are too many questions here crossing too many areas of the law to answer in an HN comment; some of the language you're using includes legal terms of art where the meaning is not necessarily intuitive. A blog post would be more suitable and I can't take that much time away from my work on http://recent.io/
But briefly: You should assume, as I've written in many places in the past, that your records in the hands of the AT&T/VZ/etc. phone companies can easily be accessed by TLAs. The NSA itself brags of a surveillance "partnership" with those companies, as I wrote in this CNET piece: http://www.cnet.com/news/surveillance-partnership-between-ns... In those cases, crypto has little to do with it.
In this HN comment yesterday, I wrote here about some of the privacy differences between our favorite Silicon Valley companies and AT&T/VZ/etc.: https://news.ycombinator.com/item?id=8902638
> there is no encryption for there to be escrowed for large or critical parts of the infrastructure
That is to say that TLAs get access to records before encryption is ever applied to them (I would tend to agree with this) thus obviating the need for escrow. Laws requiring key escrow, then, become red herrings to the larger discussion about the legality of access.
I personally would classify 'partnerships' under extralegal pressure. Under this interpretation you do seem to agree with the GP comment - though I would understand if one were to argue that for some important semantic reason I asked the question with the wrong word. I would probably agree that 'partnerships' are only a strict subset and not synonyms for extralegal pressure.
It does appear that there are partnerships with some digital corporations and that PRISM is a program for corporations that resist 'partnered' access to records. Given the history of telecoms and their development of partnerships, current development of partnerships in our industry and known applications of extralegal pressure in our industry, we ought to be especially watchful.
Briefly: There has been plenty of misreporting about PRISM. I tried to correct some of that in 2013 here: http://www.cnet.com/news/no-evidence-of-nsas-direct-access-t... (Note the Washington Post backed away from their initial claims and rewrote its original PRISM story.)
Thank you again for your reply. I am aware of the confusion regarding PRISM and its 'vernacular' use to encompass the activities from other disclosed programs in addition to confusion about its particular details.
In your haste I'm afraid you may have drafted a response that is not on the topic of its parent, though this is okay since it appears the conversation found a natural and agreeable conclusion.
By letter of the law, CALEA does not require key escrow. Do you believe that in practice along with extralegal pressure in the manner described above, that CALEA and associated laws amount to near ubiquitous key escrow?