Gregory's ServerCase in point: there's no way to build a backdoor that only the "good guys" can use.
When the entire technical community says that the EU's ChatControl legislation + similar pose serious cybersecurity threats, we're not exaggerating for effect.
 32 comments
@realdanny @Mer__edith So - never do it! https://apple.news/AgTMvweTVQlqWcs4RbfMXXQ for those of you with apple news subscription but not direct WSJ subscription.  @Mer__edith I have always the impression that the people who are pushing chat control in the EU have no idea how this should work technically and what is and isn’t possible. As is so often the case, clueless politicians make decisions about things they don’t understand. @doerk @Mer__edith very much so. End2end encryption is honestly pretty simple. That genie is fundamentally out of the bottle and you can't put it back in. Are you going to make "math" illegal? @snosrapkungfu @doerk @Mer__edith Well in 2015 Malcolm Turnbull very much wanted to https://www.zdnet.com/article/the-laws-of-australia-will-trump-the-laws-of-mathematics-turnbull/  @Mer__edith but there is one the "good guys" could use and the "bad guys" discover and freely use without any restrictions... you know a free for all  Oh yes.... China spied on secret US systems while the US was oblivious. When will people learn the elementary school lessons.... 1. Nothing online is ever private or secure.  @Mer__edith The only answer to a request for backdoored encryption is "You first." Then all the reasons they can't do it are all the reasons WE won't do it. Mobile backdoors proudly brought to you by the ETSI Technical Committee LI https://www.etsi.org/committee/li  I don't think "proudly" and the idea originated in other places Edit: I don't find li a particularly good idea, but afaiu etsi had to follow the legislation, that had been put in place - and the driver was iirc not even Europe Indeed @lobingera, the idea can be traced back to an infamous meeting in Quantico VA in 1993. But from 1996 all backdoor requirements originated in Sophia Antipolis, France. The technical specifications are produced by this ITU group called 3GPP SA3LI. Here are their latest doqs from July https://portal.3gpp.org/ngppapp/TdocList.aspx?meetingId=35178 @harkank @Mer__edith latest CRs ... standardization has some bureocratic overhead. And itu and 3pgg have different agenda, you are simplifying here Disclosure: in my dayjob my org's name contains "standardization" and SA3's job is more than LI... (in case you wonder: my work is in RAN 1/2/3/4) Oho @lobingera, that's excellent news. If you wish   Encryption shifted the focus of surveillance on the devices. They lost control over our data. Knowledge is power, and in an unencrypted world all the FBI people can still just call by the phone, because only the state gets the info from the telcos. Now that everything is encrypted, they panic, and want to get a hold of the devices. This CCSAM argument is such an obvious pretense, it's crazy. This is literally not something that needs device backdoors. Just better police work.  @Mer__edith@mastodon.world @Mer__edith Not to mention that it takes a stunning feat of naivety, neglect of history* and exactly ZERO marginalised characteristics to imagine that “the good guys” are ever completely the good guys. *history like Switzerland last week @Mer__edith So clearly the answer is to use AI to encrypt it, then put it on the blockchain, and store a secret in an NFT that is then stored in a smart contract which is then stored in an offline (cold) wallet available only to the good guys. Sounds reasonable, right?  snaps fingers, completely screwing over the AI's interpretation of the world on accident and receiving the secret from said AI without any effort whatsoever because neural networks like these are way too unreliable for cryptography yeah. sounds reasonable. anyway here's your loca-  |
@Mer__edith Backdoors for the "good guys" only? Yeah, right. That's how you get hacked. 🚫💻