Reply to post: I'm not even worried about hackers

New UK Home Sec invokes infosec nerd rage by calling for an end to end-to-end encryption

DougS Silver badge

I'm not even worried about hackers

Let's say they could leave a backdoor for the police while making it just as resistant to hackers as full encryption is today (which is not 100%, there are constantly holes being found in the way encryption is applied i.e. MiTM attacks and so forth so encryption isn't proof against hackers anyway)

What I'd be worried about is abuse like hoovering up all communications, decrypting it, and doing word searches looking for things that fit their filters. Or some stalker cop forging the court approval (because you know it'll allow for stupid stuff like judges that don't believe in technology faxing an order with their all-too-easily-forged signature)

Or worse it'll be directly accessible to anyone anywhere who can claim to be law enforcement, like a part time sheriff in a tiny town, so hackers will simply phish him and then use his access to look up the encrypted comms of their target for e.g. corporate espionage. The hackers won't need to break the encryption through the backdoor like you are worried about, they'll just need to steal the credentials to the system from anyone who has access and walk right in through the front door.

No one should expect them to hand out a 2FA physical key to everyone, and audit all accesses, with no exceptions. That's how we would set it up, but they will want to make it "convenient" for its users.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon


Biting the hand that feeds IT © 1998–2019