alt Hacker NewsI am saying you can't keep the keys just on a stick in the employee's pocket since multiple people need to have access to the data.
And if those keys are stored by a company subject to US jurisdiction, we're back to the same problem.
I am saying you can't keep the keys just on a stick in the employee's pocket since multiple people need to have access to the data.
And if those keys are stored by a company subject to US jurisdiction, we're back to the same problem.
Well yes, if you hand your keys over that is indeed a problem. Of course handing your keys over to the provider rather defeats the purpose of E2EE so hopefully no one is doing that.
Key escrow is the usual solution to an employer needing access to employee materials.