Exploits of "lawful access" interfaces, such as the Chinese attack reported today by the WSJ, appeared almost immediately after they became standardized in the 90's. The most famous example is the case known as "the Athens Affair" https://spectrum.ieee.org/the-athens-affair .

It was a bad idea then, and still a bad idea now.

Mandated wiretap interfaces and cryptographic backdoors are *expensive*, both in terms of money and, more importantly, exposure to risk. Worse, those burdens are borne inequitably.

Overall, almost no one is the subject of a lawful wiretap, even in places where wiretapping is an important investigative tool. Most people aren't suspects. But these mandates degrade security (and impose other costs) for *everyone*, the vast majority of whom will never be wiretapped.

@mattblaze The other area of focus that people are missing, with the same foundational arguments, are our OS and Phone makers spying on us for advertisement reasons. While these companies lament that making backdoors for gov is impossible, they've certainly put forth a solid effort to syphon the same data for their revenue. All this data should be protected in both cases; but people, I feel, have lost sight and subsequently control of their data by these companies.

After all, they are the ones buying, selling, trading and loosing our data on a daily basis. I'm less concerned now with the gov backdoor concerns than what is being forced to coerced by big tech.

@dntlookbehindu Well, of course that's a huge concern, too. But these are additive risks. We don't have to only worry about one.

And it's not the government abusing its legal access I'm worried about here (that's a different question). It's that the architectural burden that implementing it imposes makes everything vulnerable to *illegal* access. As with adware, too.

@mattblaze I'm feeling we are past the architectural burden for this stuff when my phone see's an encrypted Singal conversation, and provides a popup of "do you want this translated from XX to English" without my permission or request (and no foreign language being used as well). The companies are screen scraping our encrypted conversations with poor AI systems, and turning their data into business transactions.

In short, I feel these companies have already made the backdoors and related infrastructure, and the malware, doing so under the color of adtech and revenue. All the keystroke loggers, screen scrapers, etc.