> There are towns in the US where the local government consists only of a couple of people who may only do local government work for a few hours a week
How does anyone authenticate anything allegedly issued by such small parts of local government?
"Not very quickly" is presumably one part of the answer?
In the real world these documents are usually not authenticated, perhaps beyond trying to get a person on the phone by googling the issuing authority.
It’s actually a pretty novel idea that companies should be prepared to deal with fake court orders, etc. In theory it’s supposed to be the job of law enforcement to prevent this, but of course that is also essentially impossible.
If the federal lawmakers wanted the federal government to undertake the herculean task of making all these documents verifiable and traceable, they could of course do that. Are they likely to do so? No.
Also, there’s an important detail that is largely being ignored in this conversation: How many hours of paralegal time can we expect companies to spend verifying legal requests concerning accounts that don’t belong to paying customers?
> In the real world these documents are usually not authenticated [..]
So if a stranger in a suit were to turn up on your doorstep with a "search warrant" to search your house, issued by a court/judge/jurisdiction you'd never heard of, you'd not attempt to authenticate it?
> verifying legal requests
I'm not sure that these EDRs as described can be said to be "legal requests".
Aren't they just asking for disclosure of data without the usual legal checks and balances?
> So if a stranger in a suit were to turn up on your doorstep with a "search warrant" to search your house, issued by a court/judge/jurisdiction you'd never heard of, you'd not attempt to authenticate it?
Most people would not, no. I’ve had a search warrant served on my home once by police in civilian clothes, they handed me a piece of paper and refused to give ID even though I insisted.
What are you going to do? Physically fight them? Bad idea.
> I'm not sure that these EDRs as described can be said to be "legal requests".
The thing is that real search warrants or court orders do not provide any additional security over these EDRs when the submitting party is not acting in good faith.
> The thing is that real search warrants or court orders do not provide any additional security over these EDRs when the submitting party is not acting in good faith.
I'm not sure what you're saying there, can you expand on this? Are you saying a fake search warrant or fake court order is no more secure than a fake EDR?
My point is that the EDR system (if we can even call it a system) appears designed to avoid any and all scrutiny, verification or legal process. "We need this in a hurry, lives are on the line, we haven't got time to get a court order" doesn't exactly invite the recipient to understand that they have every right to say no.
EDRs are basically backdooring an otherwise fairly well-understood system with checks and balances.
(Sorry to have to ask) but are there [m]any towns in the USA without telephones?