[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Cryptography] EU pushes for backdoored encryption

On Tue, Nov 10, 2020 at 2:47 PM Tamzen Cannoy <tamzen AT cannoy.org> wrote:

> On Nov 10, 2020, at 2:22 AM, Danny Muizebelt <dannym AT packetloss.at> wrote:
> The ORF news agency in Austria got hold of a fast tracked internal EU resolution which would demand backdoors in end-to-end encrypted messaging apps like Whatsapp and Signal.
> https://files.orf.at/vietnam2/files/fm4/202045/783284_fh_st12143-re01en20_783284.pdf
> ...[deleted]...
> A more nuanced examination.
> https://techcrunch.com/2020/11/09/whats-all-this-about-europe-wanting-crypto-backdoors/

That story has this rather odd statement in it:

         (And a backdoor that everyone is told about obviously
wouldn’t be a backdoor.)

I think most of the people on this list would disagree with that. All
it means is that the existence of any backdoor would not (necessarily)
be secret.

The backdoor on my backyard deck is still a backdoor, despite the fact
that my neighbors can see it.

Also, if LE is to request the E2EE service provider to decrypt a
particular message with said non-backdoor backdoor, they would still
need to know the phone #, user name, or some other unique identifier
of the suspected sender and/or recipient. But given the poor device
security (especially that associated with Android devices since 90+%
of them never get updates after the first 6 months or so), it seems
that it would just be easier to install spyware on that device. The
general service provider (e.g., VZW, T-Mobile, AT&T, etc.) certainly
have allowed 5-Eyes to do inplant secret backdoor comm channels
before. So what's one more hack amongst pals? Just  surreptitiously
exfiltrate all the keystrokes to one or both of the endpoint devices
and the problem is mostly solved. I guess 5-Eyes just doesn't want to
let LE play with their toys. ;-)

Blog: http://off-the-wall-security.blogspot.com/    | Twitter: @KevinWWall
NSA: All your crypto bit are belong to us.
The cryptography mailing list
cryptography AT metzdowd.com