Hacker News new | past | comments | ask | show | jobs | submit login

The result of these campaigns if successful, would likely be key-escrow rather than banning encryption. With that the risk of criminal abuse is negligible.

Instead the risks are added complexity creating opportunities for bugs, and having to trust everyone with decryption access to not abuse that. It is possible to control that access technologically. For example, by requiring two separate keyholders (or in general N ot of M) keyholders before being able to decrypt any messages.

Those downsides matter, but they are scary for abuse by governments, nation state adversaries, and NSA type hackers. The downsides do not make criminals more scary.




> The downsides do not make criminals more scary.

Eh, I'm not sure. Assuming that the government keys never get leaked (which is possible even with the key-split method you propose). And assuming that the local municipal police departments and groups given access to those keys never get hacked. And assuming that products never get restricted to less-secure schemes as the technical world evolves around them.

Maybe the UK has a better track record on this, but off the top of my head a lot of the key-escrow systems I've seen in the US are quite bad. We have systems for TSA locks, fireperson access to locked buildings, etc... many of those systems are not secure, they just don't get abused very often because the prizes for doing so aren't large enough.

Key-escrow systems are less risky in terms of criminal activity than just banning full E2E encryption entirely, but I don't think I agree that 'less risky' is the same as 'safe'.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: