@Catwoman69y2k @dragonfriend most importantly:

Only with #SelfCustody of all the keys, #SelfHosting of the entire infrastructure and everything being #OpenSource, one can assure (and [let it be] audit[ed] independently) that the #advertised #promises are in fact true.

• All #centralized, #SingleVendor and/or #SingleProvider solutions - and yes that includes @signalapp as well (!!!) - are inherently insecure because they can be forced into "cooperation" - may it be with #Cyberfacism like #CloudAct or listeally a gun to their head...

Cuz not expecting @Mer__edith to break is the same level of "#TrustMeBro!" assurances as #ANØM, #EncroChat, #SkyECC, #WhatsApp etc. do in their #advetising #lies!

• Remember: Corporations/Foundations/non-profits/... don't have a right to be silent , only individuals, and even then there are certain juristictions that have #KeyEscrow laws (i.e. #France, #Russia, #KSA, #China, #India, #UK , ...) in the books!

Former UN Rapporteur David Kaye: “for anyone who ever argued for key escrows, i offer you the example of the muskovites rampaging through USG systems” | Ofcom, please take note…
https://alecmuffett.com/article/111104
#DavidKaye #ElonMusk #EndToEndEncryption #KeyEscrow #backdoors #privacy

Former UN Rapporteur David Kaye: “for anyone who ever argued for key escrows, i offer you the example of the muskovites rampaging through USG systems” | Ofcom, please take note…

…but of course I’m certain that it could never happen here.

<cough>Reform Party</cough>

https://bsky.app/profile/davidakaye.bsky.social/post/3lh7qhncccs2u

#backdoors #davidKaye #elonMusk #endToEndEncryption #keyEscrow #privacy

Remember that #story last week, where the #US #FBI came out and actually recommended people switch to using #encrypted #communications, because Chinese government hackers had burrowed deeply into the US phone infrastructure ?

Remember the #cognitive #dissonance that announcement caused, after literally decades of the FBI and other #American #intelligence agencies demanding backdoors and key escrow and deliberately weakened #encryption #algorithms?

Ya, well, apparently part of that announcement was missed. They're still demanding "responsibly managed encryption":

https://www.forbes.com/sites/zakdoffman/2024/12/11/fbi-warns-iphone-android-users-change-whatsapp-facebook-messenger-signal-apps/

Remember: "responsible encryption" is neither. It's their demand for a back-door. And every back door can be used by the "bad guys" just as easily as it can be used by the "good guys". Anyone who tells you different is #lying to your face; encryption is math, and there is no such thing as math which the "good guys" can do but which the "bad guys" cannot.

The #USA intelligence agencies' demand for backdoors to be built into all parts of the #phone system years ago are exactly what let the #Chinese government #hackers to penetrate and control the phone system now, and which they aren't going to be able to fix for many years, if at all, because it would require replacing a *lot* of equipment with versions that don't have back doors (and which would then not be eavesdrop-able at will).

#CognitiveDissonance #BackDoor #KeyEscrow #ClipperChip #network

#NSA #Backdoor Key from #Lotus-Notes (1997)

Before the US #crypto export regulations were finally disolved the export version of #Lotus Notes used to include a #keyescrow / backdoor feature called differential #cryptography. The idea was that they got permission to export 64 bit crypto if 24 of those bits were #encrypted for the NSA's public key
#privacy #encryption #publickey

http://www.cypherspace.org/adam/hacks/lotus-nsa-key.html

@thatguyoverthere based off second sources, they can basically criminalize any services and systems that don't have #Govware #backdoors to allow #wiretapping and #KeyEscrow systems as well as charge people if they don't want to potentially self-inctiminate.

And even if that wasn't the case, the #PocketCrypto would literally fulfill their definition as in correctly setup encryption isn't attackable outside of brute-forcing passwords!

#Facepalm — what we really don’t need right now is somebody trying to reboot failed 1997 Key Escrow, e.g. like in this letter to the @FT

This is disappointing, misconceived, and woefully repetitious of some nonsense which we last (?) saw back in 1996/ish when secret-sharing was still relatively new, cool & trendy.

In case you’re not familiar: this proposal (a) will not scale to meet demand nor growth (b) is in any case an illiberal imposition, (c) breaks Ranum’s Law by attempting to technically bodge around a social problem, (d) will not be deployable globally because there is no such thing (and likely never will be) as global consensus on how to build a backdoor; not to mention (e) will doubtless be circumvented by motivated actors — because it can be.

This is a distraction at the time we least need one. At least we can be grateful that Andersen didn’t suggest putting the escrow onto the blockchain.

Letter: Here’s the democratic key to the encryption backdoor
From Andersen Cheng, Founder and Executive Chairman, Post-Quantum, London SE1, UK

Several encrypted messaging services, including Signal and WhatsApp, recently signed an open letter criticising UK government plans for an encryption backdoor, a method by which authorised and unauthorised users are able to get around normal security measures. They cited concerns around government surveillance and weakened security.

Separately, the FBI, Interpol and the UK National Crime Agency, in a statement about Meta, argued that encryption allows crimes to occur, such as child sex abuse (Report, April 20).

Clearly, a government backdoor infringes on personal privacy and a backdoor for one is a backdoor for all. This used to summarise our entire position, and that’s why we set up the world’s first quantum-safe encrypted messaging service in 2014. Our app was successful in keeping messages secure, but we soon found out this had made it a recommended tool for Isis. Without hesitation, we shut the otherwise very successful app down.

If a backdoor compromises security, but full end-to-end encryption makes investigations impossible for law enforcement agencies, surely there’s a middle ground?

What law enforcement agencies, the government and platforms all miss is the options that thread this fine needle — encryption key splitting. This allows governments, courts, external watchdog or any combination of actors to have one encryption key split between them so that a specific threshold is required for very restricted access.

Users will still have secure data, but if the government would like to access a message it would have to gain approval, perhaps from “fragment guardians” who hold part of the encryption key such as courts or external privacy watchdogs. Both sides make valid points, but the middle ground and cryptographically provable technology is already available and waiting to help settle the debate.

Andersen Cheng
Founder and Executive Chairman Post-Quantum, London SE1, UK

• Click to share on Twitter (Opens in new window)
• Click to share on Facebook (Opens in new window)
• Click to share on LinkedIn (Opens in new window)
• Click to share on Reddit (Opens in new window)
• Click to share on WhatsApp (Opens in new window)
• More

• Click to share on Telegram (Opens in new window)
• Click to share on Tumblr (Opens in new window)
• Click to share on Pinterest (Opens in new window)
• Click to share on Skype (Opens in new window)
• Click to print (Opens in new window)
• Click to share on Pocket (Opens in new window)
• Click to email a link to a friend (Opens in new window)

#back-to-the-future #end-to-end-encryption #key-escrow

https://alecmuffett.com/article/59280

@zensaiyuki #KeyEscrow #KeyQuorum

Schon wieder ein durchdrehender Minister: Ferdinand Grapperhaus, niederländischer Justizminister, fordert Key Escrow.

https://nos.nl/nieuwsuur/artikel/2308847-minister-grapperhaus-wil-toegang-tot-chat-en-berichtendiensten.html

#e2ee #keyescrow #privacy

RT @MM_PolyTIC@twitter.com: Back to 1996;) #KeyEscrow. Le directeur technique de la DGSE peut même réutiliser le texte des loi et décrets d'époque;) cf. cette analyse (d'époque également;)): http://iris.sgdg.org/axes/crypto/decrets.html cc @reesmarc@twitter.com https://twitter.com/nextinpact/status/1013786908726448129

"The security of this vault is no laughing matter, because it will ultimately store the master encryption key every single device that manufacturer ever makes. For Apple alone, that’s about a billion… [The] proposal relies fundamentally on the ability of manufacturers to secure massive amounts of extremely valuable key material against the strongest and most resourceful attackers on the planet."

https://blog.cryptographyengineering.com/2018/04/26/a-few-thoughts-on-ray-ozzies-clear-proposal/

A response to the #keyescrow proposal covered in WIRED. #infosec

That article is a good read on the current thinking regarding #keyescrow, BTW. #infosec #privacy #surveillance