On the Swedish government intent of weakening messaging apps

History has this weird habit of repeating itself. In the early 90s the USA pushed for the clipper chip which implemented a key escrow algorithm to make encrypted calls to which “allowed authorities” could listen to.

Now Sweden is trying to push against secure end-to-end encryption messaging apps by requiring the companies behind them to be able to provide the messages if required by authorities. If you are part of the cybersecurity research community you likely have heard of the letter some of my colleagues are circulating about it.

The clipper chip inspired many hackers to act and caused tools like PGP to be developed and released in an attempt to use technical means to subvert the legally established key escrow algorithms.

Sweden should reflect on those experiences and remember that they have many talented hackers, engineers and cryptographer that would gladly be happy to, as it happened in the 90s, use technical means to subvert whatever mechanisms they impose to weaken messaging apps.

The knowledge needed to make untraceable messaging apps is already out there. We have anonymity preserving key exchange algorithms, we have ways to route messages to hide their actual destination, we have ways to obfuscate the messages so that not even their length can be seen by authorities, and we have ways to make it all distributed and independent of a server. If nobody has put all the pieces together yet is because nobody cared to do it.

Because of this, a law that weakens encrypted messaging is likely to inspire many with the motivation to put it all together and make it work. After all, how apps like Signal were originally developed already should serve as a hint on what can be made when somebody knowledgeable and motivated puts their focus into it.

I’m always in for seeing interesting times, but I sincerely hope that the Swedish government will reflect and reconsider their position because the backslash and the consequences if they insist on weakening messaging apps is likely going to impact them too.