cje
Meredith WhittakerCase in point: there's no way to build a backdoor that only the "good guys" can use.
When the entire technical community says that the EU's ChatControl legislation + similar pose serious cybersecurity threats, we're not exaggerating for effect.
Danny Lucas@Mer__edith Backdoors for the "good guys" only? Yeah, right. That's how you get hacked. 🚫💻
Duncan Idaho@realdanny @Mer__edith
And even in case it _would_ be possible - you never know when "good guys" turn into "bad guys"
So - never do it!
Steven Willems@Mer__edith 💯
it’s pretty simple: a backdoor is in the first place a door.
it’s pretty simple: a backdoor is in the first place a door.
katzenberger 🇺🇦The more fundamental problem being that there are no good guys anyway.
David Fetter@katzenberger certainly not ones demanding such access.
Mauser II@Mer__edith
And related: Never trust people who call themselves the "good guys".
And related: Never trust people who call themselves the "good guys".
Justin Derrick@Mer__edith The only answer to a request for backdoored encryption is "You first."
Then all the reasons they can't do it are all the reasons WE won't do it.
Francis Mangion (M)
Erich M.Mobile backdoors proudly brought to you by the ETSI Technical Committee LI https://www.etsi.org/committee/li
lobingeraI don't think "proudly" and the idea originated in other places
Edit: I don't find li a particularly good idea, but afaiu etsi had to follow the legislation, that had been put in place - and the driver was iirc not even Europe
Indeed @lobingera, the idea can be traced back to an infamous meeting in Quantico VA in 1993. But from 1996 all backdoor requirements originated in Sophia Antipolis, France. The technical specifications are produced by this ITU group called 3GPP SA3LI. Here are their latest doqs from July
https://portal.3gpp.org/ngppapp/TdocList.aspx?meetingId=35178
@harkank @Mer__edith latest CRs ... standardization has some bureocratic overhead.
And itu and 3pgg have different agenda, you are simplifying here
Disclosure: in my dayjob my org's name contains "standardization" and SA3's job is more than LI... (in case you wonder: my work is in RAN 1/2/3/4)
@Mer__edith btw, good thread by @mattblaze also
Matt Blaze (@mattblaze@federate.social)
We’ve been warning about this for literally three decades, ever since CALEA mandated wiretap-ready telecom infrastructure. And this is merely the latest example of how these dangerous interfaces can be turned against us by our adversaries. https://mastodon.social/@fj/113253726161428151
joe@Mer__edith Also there's no backdoor which guarantees only to infiltrate the bad ones.
boredsquirrelEncryption shifted the focus of surveillance on the devices. They lost control over our data.
Knowledge is power, and in an unencrypted world all the FBI people can still just call by the phone, because only the state gets the info from the telcos.
Now that everything is encrypted, they panic, and want to get a hold of the devices.
This CCSAM argument is such an obvious pretense, it's crazy. This is literally not something that needs device backdoors. Just better police work.
Jeff Codes 🤨@Mer__edith it's almost like legislators have no idea how technology works...
ëRiC@Mer__edith they just need to NERD HARDER!
what's so difficult about it?! I don't even
what's so difficult about it?! I don't even
James Edwards@Mer__edith Even if everyone's a good guy, we still have to trust that they know how to maintain data safely, that they won't build a system which stores spy-level access codes in plain text, or copy them onto a USB stick then leave it on a train.
Governments are the last people in the world I would trust to keep data secure. Not because they're bad actors necessarily, but because they're incompetent. Government IT projects routinely fail because they don't understand what constitutes success.
Oblomov