First thing first,
FBI Warns iPhone, Android Users—We Want ‘Lawful Access’ To All Your Encrypted Data.
Forbes.com Feb 24, 2025, 06:48am EST
and second thing:
Apple’s recent decision to kill E2EE in the UK is just the tip of the iceberg. According to many privacy and security experts, agencies like the FBI are looking for ways to follow suit:
That won’t stop the FBI from infiltrating anything any where.
How does this affect PureOS and L5, or does it, or will it?
What’s the American saying about eating the cake and having it too? It was just recently that encryption was good and encouraged, according to FBI: Why the U.S. government is saying all citizens should use end-to-end encrypted messaging Sure, the point probably is “encryption + a back door”, but those are competing goals undermining each other. Same repeating conversation has/is been had here at EU side under the banner of “save the children”/CSAM more than national security, but basically the same.
At the higher levels, it’s about power and control (which have negatives that are being marketed with the few positives), and in the lower levels it’s practicalities (peace, order, civility, safety etc. - but whose and how, and who gets to set limits on those). It’s a balancing act of a complex global socio-technical system.
For similar conversations with good points already made on this, remember some of these threads:
For a start, this is a statement of intent from the FBI. It’s what they want, not what they have. It’s “wishlist”. So in the short term, it doesn’t affect anything.
Where it goes from there depends on how the political and legal debate plays out in the US - and that could take a period of time measured in years.
If the FBI wins that debate, you can expect that any information that you store with a US company and any information that you send through a US company, assuming that encryption is involved and the encryption is arranged through that US company, … should be assumed to be compromised … you should assume that the encryption is security theatre and that it can be compromised by the US company (and thereby by the US government).
If we reach that point, it would be appropriate to analyse the services that Purism provides, in order to see how those services are affected.
However to see the limits of what this means:
To illustrate the second bullet point, even though sending text messages is laughably insecure, if two parties agree a pre-shared key and encrypt all messages using that key (details omitted) before sending as a text message then text message is adequately secure and no new legislation will really change that (other than perhaps the provider could be forced to block all messages that it thinks might be encrypted, and then we get into steganography).
Or to illustrate that second bullet point differently, I could send you a private message via this forum - but that is not private at all. Purism can read it and therefore we can assume that, worst case, the US government can read it. But if you and I share a pre-shared key via another mechanism and I encrypt what I send you before sending it via this forum, that is adequately secure.
In the Apple world, governments are mainly concerned about iMessage and iCloud, where iMessage is a messaging service that works only between two Apple devices and bypasses the mobile service provider’s text message service, and where iCloud is a storage service where you can back up or store content from your phone to the service.
As always, the devil is in the details. The legislation that ends up being passed in the US may be much broader, presenting much greater security threats, or there may never be a change, or things may get done behind closed doors.
In addition, some services might start disappearing. Apple did previously say that they would rather shut down iMessage in the UK than compromise it. However Apple’s bluff was called and they collapsed like a wet paper bag. Other providers may be made of sterner stuff.