By 2030, real encryption may be illegal in the European Union. Heck, Spain wants to ban end-to-end encryption entirely It’s already under attack in the UK. Be sure that the USA and China will be nipping at their heels.

Because mathematics are mathematics, there’s not actual safe way to provide lawful government access to encrypted communications. If the government has a key, at some point the key will leak. The shared keys for DVD CSS and AACS leaked. Any shared keys for decrypting content eventually leak, and there’s no sound way to update content to disable those private keys.

So what’s are some likely outcomes?

  1. Most messaging systems will eventually get hacked. Even if they aren’t most users will not know they’re being surveilled, as surveillance warrants will be secret. Assume the government is reading all your sexts.
  2. Many users move to Signal, which will be technically illegal but somehow side-loadable. Moxie Marlinspike ends up living in Brunei.
  3. Anybody with Signal installed on their phone gets special attention from the cops if they’re detained for something else.

If companies are required to do this, what are some strategies that can reduce the blast radius?

  1. Companies retain a private key on a user-by-user basis (or even a conversation-by-conversation basis), meaning that a leaked key affects a small number of users. Von der Leyen’s keys are still worth millions, and leaking many keys is as likely as leaking a single one, in the event of a cyberattack.
  2. Users can move communications move to more obscure platforms, things like fake websites with strange payloads
  3. Users can stop using the internet, and much illegal activity that can be monitored at a fuzzy, obscure level now, can simply not be monitored without massive boots-on-the-ground surveillance. Welcome to the old world of spycraft.