I love that this Stanford cryptography 101 course basically teaches students how to add a government backdoor.

“Adding the sending key encrypted under the government’s public key should not compromise the security properties of the chat client.”


@aral To be fair, they wrote "As an additional challenge, assume you live in a
country with government surveillance.". Too bad it is meant as a technical challenge and not an ethical one.

@hypolite @aral since the question of legislating for imposing state-sanctioned backdoors in encryption systems comes back regularly, perhaps this course is in fact preparatory for this eventualilty

@hypolite That’s my point exactly. The assumption is that – of course – you comply with it. What a beautiful way to normalise adding a backdoor to your app because a government demands it (news flash: all governments demand it; some – like the U.K. – have even made it the law. Doesn’t mean you must comply).

@aral Every single telco in probably the whole world uses legal interception...
I'm not surprised.

But if a properly encrypted message is intercepted it cannot be decrypted. (not without a lot of difficulty at least).

What this is suggesting is to fatally undermine the encryption by allowing privileged interceptors (those in possesion of the government's private key) to trivially decrypt the message.

@dublinux the Legal Interception means telcos *have to* store all your communications for 2 years (in spain is 2 years IRC) to let the gov check the *content* of the communications in the case you are prosecuted by the law.

So they need to be able to decrypt the communication.

NOTE: I'm not defending it, I'm just describing it.

@ekaitz_zarraga @aral
You can tap telephone lines, but there's not blanket storage of phone conversations just in case someone wants to listen in later. Also, the unconditional storage of telecoms metadata has been ruled incompatible with civil liberties by EU and national constitutional courts of various EU countries, several times.

So: It might be widespread practice but that does not make it legal.

Law enforcement needs to put in some effort if and when they have reasonable suspicion.

@Mr_Teatime @aral Even if what you say is true (i'm talking from a past experience and it might be updated), if you want to tap a telephone line that is encrypted (as all should be), you need to implement a backdoor, so someone needs to know how to implement that.

(I don't like it, still but it's not surprising they are teaching it)

@ekaitz_zarraga @aral
Hmm... yes, but ...
To tap classical analog telephony you'd have to be at the source (or access the wire...)
These days, it's all VoIP under the hood but with operator-side decryption in the loop. So you'd still need operators to cooperate as it happens.

Backdooring E2E this way means anyone could read along if they have the government key, with or without cooperation from the operator. Much easier to misuse, and for accessing content after the fact.

@Mr_Teatime @aral Of course.

Well, in the past people working for telephony companies were able to listen to everything... so in the end I don't know which one is worse in that matter.

Backdoors imply other things though, that are IMO even worse than the fact that anyone with a gov key can listen to conversations.

Sign in to participate in the conversation
Aral’s Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!