"""The main criticism was that it is simply impossible to rule out that a backdoor - once it is built - is abused by criminals or undemocratic regimes. A lowering of the security level would immediately affect all users - and not just those who are the subject of a judicial investigation."""
The comment says:
> I'm glad you're keeping safe dealers, pedophiles, and other criminals as well as their lawyers.
This does not look like a solid point to me; it looks like rhetoric.
> This draft included a passage that would have forced companies such as WhatsApp and Signal to decrypt their encrypted chats upon request by the authorities for criminal investigation.
> Belgian intellectuals like Professor Bart Preneel said that "by putting a backdoor into Whatsapp, you would make it less safe for everyone".
This does not look like a solid point to me; it looks like rhetoric. Anyway:
> a backdoor - once it is built - is abused by criminals or undemocratic regimes.
If they can get their hands on a governmental private key, which is unlikely.
The NSA leaked its own hacking tools to the internet. Oops.
The US government gave… gave, not leaked, not accidental, deliberately outright gave.. the identities and other personal information of people
who had worked with the US in Afghanistan to none other than the Taliban. Because the Taliban pinkie promised not to slaughter them. Too bad, the Taliban didn’t keep its word.
Let’s not be naïve about the government’s ability or interest in keeping things private.
> If they can get their hands on a governmental private key, which is unlikely.
But those private keys aren't going to be created by the government. They will be created by Facebook, Signal, Telegram etc., who will then hand over one of them to my government, one to yours, and one to each and every government that makes a similar law, from Argentina to Zimbabwe. And they could just as easily hand over another to <insert billionaire or other non-governmental figure you dislike here>.
Just by virtue of providing the possibility of keys to the "Proverbial kingdom" and centralizing location of those keys gives far greater incentive for hackers or state actors to find new ways to gain access to these tools for decryption.
What economic damage can be done in the interval between a private key being accessed by a criminal and the key being revoked?
Depends on the systems connected to the private key of course, but billions per incident are certainly possible in some cases.
Even if this is just private chat on messenger platforms rather than 2FA or HTTPS, imagine how blackmailers would respond to getting all the nudes, the drunk confessions, the adultery, from 30 minutes access to all of the 10th most popular chat app in your country.
Then perhaps you can explain why so much stuff leaks from, say, the USA government?
Not just the stuff from government employees or contractors like Snowden and Manning who appear to be motivated by whistleblowing, but also the actual double agents working for the Soviets in the Cold War, and the apparently accidental leaks of NSA spyware: https://en.wikipedia.org/wiki/EternalBlue
Great, that just leaves the possibility that the system to install keys will itself be compromised, perhaps something like happened a few years ago with a downgrade attack to the old USA “export grade encryption” back when crypto was counted as a munition. The use of e2e encryption started to become a general standard in chat apps precisely because centralised keys proved to be a weak point after Snowden.
