Update CSE4303_L14.md

content/CSE4303/CSE4303_L14.md

@@ -129,3 +129,28 @@ MiTM can insert and create 2 separate secure sessions
   - Certificate hash lookup page
   - Kazakhstan's ongoing MITM saga
 
+#### Related privacy question: visibility
+
+- Question: should govt agencies (including law enforcement) have access to encrypted communications?
+  - One "yes" argument: helps catch criminals, prevent terrorist attacks, etc.
+  - One "no" argument: invades privacy, gives too much eavesdropping power
+- Relevant history / case studies:
+  - Munitions restrictions on crypto circa late 1990's: DES
+  - Phil Zimmerman and PGP: e-mail encryption, govt attempts to suppress
+  - Edward Snowden revelations 2013: fears of privacy abuse are well-founded
+  - RSA Sec's use of NIST-recommended PRNG w/ECC: was apparently an NSA backdoor
+  - Syed Farook ("San Bernardino shooter") case 2015: FBI pressure on Apple to unlock user's iPhone
+    - Apple resisted
+    - Never resolved legally: FBI found 3rd party to grant access
+  - GCHQ "ghost protocol" proposal 2018
+    - Don't weaken encryption, but secretly add government to encrypted conversation at will
+      - Add extra private key to encrypted convos; suppress notifications about new user being added to convo
+    - Condemned by big tech companies June 2019
+- Question: should private companies have access to encrypted communications, or just metadata, or neither?
+- Relevant history / case studies:
+  - Zoom end-to-end encryption [Dec 2022 status]
+    - Note: without E2EE, Zoom holds keys but never decrypts conversations
+  - Facebook/WhatsApp terms of service update 2021 [Wired mag article]
+    - Note: WhatsApp still has E2EE for messages, but shares metadata
+
+