Comment by GoblinSlayer
4 months ago
Encryption for end users is de facto legal almost everywhere except for UK. For vendors it's illegal almost everywhere maybe except for USA, but that's just how the law works in USA: you receive a subpoena, then it's up to your luck.
It's not illegal for vendors, they just have to colaborare with law enforcement when a subpoena is received, and this collaboration can entail attacking their own users as long as a technical capability to do so exists.
If you think about it, it's more or less the only way this could work in any democratic society.
Not illegal in Finland at least.
Oh and proton mail brags that Swiss allows it too.
Mullvad is Swedish and they run no logs VPN so not illegal there
Curious as to whether Mullvad will respond the same way Signal did to Sweden's assault on E2EE.
https://www.theregister.com/2025/02/26/signal_will_withdraw_...
> Encryption for end users is de facto legal almost everywhere except for UK.
Encryption is legal in the UK.
But if the government turns up asking for your decryption keys, "you can't have them" is not an option unless you wish to enjoy the luxurious surrounds of a prison cell until you change your mind.
Which, to be fair, is basically the case worldwide, as per the famous XKCD cartoon[1].
[1] https://xkcd.com/538/
That’s a huge simplification.
If you don’t have they keys, you can’t hand them over, for one thing.
Also, the wrench treatment is extremely unlikely in most democracies. Now, deplatforming such as seizure of DNS names and such, is another matter and varies, often orthogonally to the risk of wrench treatment.
> the wrench treatment is extremely unlikely in most democracies
If you prefer ... substitute "wrench treatment" for the democratic wording: "jail time and the associated criminal prosecution process"
2 replies →
There's deniable encryption to counter the wrench attack
> There's deniable encryption to counter the wrench attack
The trouble with deniable encryption is its viable use-case is very narrow.
It is, for example, not viable to use deniable encryption when exchanging messages with others.
If the authorities, through whatever means, get the a copy of an encrypted message you sent, and they have done sufficient metadata homework to link it back to you, find your address and come knock on your door, then you are going to seriously struggle with a deniable encryption defence.