The best part of the “going dark” debate is that we have to pretend sophisticated attacks by nation-states and criminals are some kind of Gibsonian sci-fi fantasy. It’s 2019. Theres a multi-billion dollar industry around attacking phone security systems.https://www.fastcompany.com/90307864/u-s-fund-sells-israeli-hacking-firm-nso-group-amid-spy-mystery …
-
-
Do you think that they'll reduce state 0day usage if they have key escrow? They'll hoard 0days anyways, just because they don't know when the ones they have get known and therefore are "burnt". Also: there is no secure way of implementing escrow...
-
Yes. The high-end criminals will absolutely adapt to using encryption tools that are opaque to key escrow (see the recent arrests around PhantomSecure) and the government will go back to using 0days on them. Key escrow is for the dumb criminals.
- 17 more replies
New conversation -
-
-
Key escrow is not a full alternative to 0days though: if you’re gathering evidence or intell you can’t always expect to have physical access to a device.
-
You misunderstood, I said you can use 0day to achieve anything that key escrow can do - not the other way around.
- 7 more replies
New conversation -
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
So my view is as follows: exploits happen and in the short-medium term will continue to happen, but importantly vendors are able to detect and fix/mitigate them going forward Legally mandated removal of security cannot be fixed, and will make vendors complicit in the consequences
-
We're able to fix and mitigate them, but government policies can either help or hinder that. I think some people are arguing hindering it to avoid key escrow is a good thing, I absolutely disagree.
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

