> Anyone who can determine the secret needed to break the encryption will gain full access
Without collections just having the secret key[s] won't help you much. I don't like the idea of a backdoor as much as anybody else, but this notion that you merely have to have a key to access everything is strictly false.
This may only be true specifically for systems that allow anybody (or some broad set of untrusted people) to see other people's encrypted data. For most architectures backdoored E2EE is still more secure than no encryption. And obviously if there was a backdoor people wouldn't use/design systems that allow for easy collections.
Reminder that the NSA is basically collecting all of the internet traffic it can get its hands on. They didn't build a data centre in the middle of the desert for the fun of it.
Well, that's part of the point. Governments have been doing mass collections for decades and a lot of that might be cleartext. As far as I know this has not lead to random hackers obtaining great access. So it's preposterous to claim that backdoored E2EE would universally enable that[0]. E2EE does in large part protect from governments and other powerful players and it should be okay to say that.
Again, that said, if Facebook was to offer plaintext and backdoored E2EE messaging, the backdoored version would still be a strict improvement security wise.
[0] as noted, with exception of some systems that might provide easy access to everybody's data by design.
Why would hackers need to hack the NSA's methods of tapping the internet to obtain communications sent in cleartext? If you are sending everything unencrypted there should be no expectation of secrecy. The problem is that we current do send high value information encrypted and this proposal wants to weaken that encryption; what happens to low value information freely sent unencrypted doesn't seem relevant to me.
I'm arguing against the specific point that merely leaking secret keys would give anybody great access.
As far as I understand it the governments are not asking for backdoored transport layer encryption. They want the data one stores or transmits to be ultimately decryptable by them one way or another. Most services that use secure transports merely use it to transmit cleartext and store it as such. With E2EE messaging even if you have the server tapped you'll only capture encrypted binary blobs and perhaps some metadata. That's what the governments don't like.
With backdoored E2EE you'd still need to hack the server AND have the key to access the data.
The problem is that you wouldn't have to 'hack the server', at least for Matrix, given anyone can run a server - so all it would take is for one server in the room to be vulnerable to a social or technical attack (e.g. a nosey sysadmin).
If an escrow public key has been mixed into the e2ee encryption, then all it takes is for the private key to be leaked (e.g. for a price on a dark market) and the nosey sysadmin can go and break the encryption of all its users.
The same goes for a centralised service too (c.f. the twitter hack) - while it might be less likely given the smaller attack envelope, it's a much bigger prize.
Without collections just having the secret key[s] won't help you much. I don't like the idea of a backdoor as much as anybody else, but this notion that you merely have to have a key to access everything is strictly false.
This may only be true specifically for systems that allow anybody (or some broad set of untrusted people) to see other people's encrypted data. For most architectures backdoored E2EE is still more secure than no encryption. And obviously if there was a backdoor people wouldn't use/design systems that allow for easy collections.