That was exactly my thought: you can't say "triple-DES encryption" and "we don't have the key." Saying that they delete it afterwords gives little comfort, especially considering that their infrastructure has been…
I'm not saying 1 bad turn deserves another, but this is no worse than what any company operating at scale does when they serve https through a gateway service (Scrubbers, CDN, whatever).
That was exactly my thought: you can't say "triple-DES encryption" and "we don't have the key." Saying that they delete it afterwords gives little comfort, especially considering that their infrastructure has been…
I'm not saying 1 bad turn deserves another, but this is no worse than what any company operating at scale does when they serve https through a gateway service (Scrubbers, CDN, whatever).