Sorry wired just came to hand. You can find it referenced elsewhere.
But it did change from ‘have to’ to ‘have to, if possible’ which is a massive climb down. It’s basically not possible to have a backdoor in e2e encryption so I think it’s dead in the water. It may even make other companies shift to e2e to avoid this legislation, which would be ironic.
And I think the quote is from the minister in charge of the bill, so he/she would talk it up.
The bill is awful. But at least it’s weak(er) and awful.
It’s basically not possible to have a backdoor in e2e encryption
That depends on the encryption method. No one is publicly aware of the standards having backdoors (with a few exceptions), but proprietary encryption implementations can definitely have backdoors.
This has occasionally been a requirement for export-controlled technology (e.g., a mandated maximum key size). And it has occasionally led to the unintended side effect of creating backdoors in the full-strength/domestic/non-export models due to poor implementation.
Sorry wired just came to hand. You can find it referenced elsewhere.
But it did change from ‘have to’ to ‘have to, if possible’ which is a massive climb down. It’s basically not possible to have a backdoor in e2e encryption so I think it’s dead in the water. It may even make other companies shift to e2e to avoid this legislation, which would be ironic.
And I think the quote is from the minister in charge of the bill, so he/she would talk it up.
The bill is awful. But at least it’s weak(er) and awful.
Time will tell.
Indeed.
That depends on the encryption method. No one is publicly aware of the standards having backdoors (with a few exceptions), but proprietary encryption implementations can definitely have backdoors.
This has occasionally been a requirement for export-controlled technology (e.g., a mandated maximum key size). And it has occasionally led to the unintended side effect of creating backdoors in the full-strength/domestic/non-export models due to poor implementation.