So in Germany we have an ID card with a PIN, NFC and a government app. Website owners can request to be able to use this feature. They then get a certificate from the government that has the fields they are allowed to request stored within it.
Websites can request data from the user by sending that certificate, it opens the app, it shows you the categories of data to be send, you hold your ID card to the phone, enter the PIN, and the certificate is uploaded to the ID card which verifies it. If its valid, the ID sends back the data that is specified in the certificate.
You then get presented with exactly the data that is going to be sent to the website. You can then agree or disagree. So far that is only used to log in to government websites.
This way the government does not know which sites you visit, and you only send your age to the website.
fabian2k · 2m ago
It's even more restrictive than than, for age verification you only get back whether the person is above the age limit or not, it's a boolean response.
So I think from that view the eID works pretty well, it provides the minimal necessary information. The bigger issue with something like this is if you use them to enforce real name policies or stuff like that.
Seattle3503 · 45m ago
To me it seems like Cory Doctorow is demanding perfection, and saying that because we can't achieve perfection in age verification, we can't do age verification at all. That isn't going to stop people from trying, and we will end up with a worse system overall. IMO this is a common pitfall of techno-idealists.
Technologies like the mdl standard [1] can attest to age without revealing the users identity.
As Cory points out, its still possible for kids to swipe someones ID and use that. There are probably practical solutions that are good enough. Android, iOS, and parents could work together to deal with the problem of stolen IDs. If mdl is implemented on devices such that they are managed by the device OS, that would lead to auditability. Parents can ask their child to see their phones ID app, which will show full roster of IDs on the child's device. If a parent sees an ID that shouldn't be there, they can have a conversation about it. In this way the law would be about empowering parents to shape their child's online experience. This is just a straw-man example solution, but there may be better ones.
The other objections I saw could be worked through in a similarly pragmatic fashion.
This is probably going to be good enough for most folks, and its probably a good thing to keep children away from pornography and such. And IMO coming up with a "good enough" solution will flush out all the bad actors who are hiding behind the excuse of "save the children" when really they want to build up an record of everyone's browsing history. But by denying any solution to a real problem, we let the bad actors hide amongst the well-intentioned folks who are trying to do the right thing.
Common pitfall? It’s why these techno-idealists are loudmouthed on the internet, but don’t get respect anywhere politically. If you want to gain ground politically, you need to at least acknowledge what the problem is, or is perceived to be, and offer a real solution. “Nope we can’t do that because of this 0.1% edge case” doesn’t qualify. “Apple should just dump all schematics online regardless of what China might do” doesn’t qualify. “The internet is great at it is, and your political concerns are invalid” doesn’t qualify.
Seattle3503 · 19m ago
Yeah, it feels like a junior engineer fresh out their undergrad algorithms course. The business isn't going to grind to a halt and wait until you build the perfect solution.
gjsman-1000 · 16m ago
Let’s take the pornography argument for example.
Regardless of whether pornography is, or should be legal, average exposure is now 11 years old. That’s average, many kids are even younger.
If this even prevents 95% of kids from accessing pornography until they’re 15 and get a debit card to buy a VPN, that’s a win in the eyes of most parents and legislators. It doesn’t need to be perfect, or even perfectly force you to be 18, to get the primary job done. Pointing to “a 16 year old can get around it with a VPN” is missing the point. It’s not a surprise why that argument falls on deaf ears.
Or, another one, “just use parental controls,” have you even tried this? Almost all parental controls are horrifically buggy, full of loopholes, and these kids can just borrow each other’s technology. Apple’s parental controls predate HTML5 (literally, HTML 4.01) and regularly don’t work, sometimes even by their own admission. It also forces the parent to be in the role of a tech expert fluent in Microsoft, Apple, Google, Nintendo, and other products all at once. You might as well get CompTIA certified. That argument also falls on deaf ears.
idle_zealot · 1m ago
> Apple’s parental controls predate HTML5 (literally, XHTML 4.01) and regularly don’t work, sometimes even by their own admission. It also forces the parent to be in the role of a tech expert. That argument also falls on deaf ears.
The solution, then, ought to be to pass a law requiring some sort of standardized parental controls that allow trivial set-and-forget management. Require device manufacturers/software distributors to sort out a "child mode" switch you can flip upon device initialization, in-your-face and unmissable, and then have apps/webpages be able to see whether the device reports it's in child mode. Does this not solve the "prevents 95% of kids from accessing pornography" threshold of effectiveness while being infinitely less invasive?
2OEH8eoCRo0 · 30m ago
All the govt needs to do is send fines to offenders and the industry will be forced to implement one or more solutions.
The govt doesn't care how you verify age only that you don't sell to minors.
wmf · 28m ago
Experience with GDPR and DSA shows that the fines lag years behind the abuses.
Muromec · 53m ago
I'm confused. Author puts crypto backdors and IDP with ZKP into the same bucket and calls it "nerding harder". But why? You can have identity provider, several European countries do and you can have subcredentials. You literally can nerd harder here.
Sure, there is a strong ideological argument why you should not have strong identities required in the internet in general (or even in offline) and on porn sites specifically, but the argument is not technical.
torginus · 28m ago
These 'anonymity' technologies are laughably worthless - sure ZKP might provide mathematical proof that it's impossible to find out who the subject is, but embed a tracking cookie and fingerprinting script into both the porn site, and the online grocery - and there you go, you have irrefutable cryptographic evidence of how John Doe likes to spend his evenings.
thyristan · 45m ago
But it is. In those European countries, IDPs and certification authorities are one and the same entity. So the technical requirement of privacy evaporates, the government will always know who is proving their age to which porn site.
therein · 26m ago
I don't know why you are downvoted. And even more disappointingly, it is interesting how easily people overlook the fact that this is happening in lockstep across the globe, obviously the goal is to deanonymize the internet.
I can't wait for the next generation that will enjoy "nerding out" on how to best patrol every neighborhood with drones.
Let's put NFC tags on everyone at birth, we can then nerd out harder.
skybrian · 3m ago
You’re probably better off just reading the paper he links to:
If you're a web person who understands SSL, privacy-preserving age verification can be explained by analogy.
It's a system which requires a central agency, probably a government agency, analogous to a certificate authority.
You are authenticated with that agency; it has personal info about you. But you are externally identified by some impersonal identifier, not your name.
The agency issues you a certificate binding this identifier to an assertion like "is over 18 years old".
When you interact with a site that wants to know whether you are over 18 years old, you present the certificate. The site can see that it's signed by the authority and that it has the assertion that you are over 18.
You can't just give that site someone else's certificate because it has to be the one tied to the abstract identity you are presenting (which contains no personal info; it's some kind of UUID or whatever). Plus the cert can be bound to a specific device and such.
The cert has a private keys with which you can prove that you own that cert; or at least that you are the authenticated operator of a device to which that cert was issued.
It's something like that. I may have some key details wrong. The main idea is that some brokerage that does have info about you can attest that you are over 18 without revealing any of the personal info via certificate-like objects.
It sounds like, in theory, the system can achieve good privacy in age verification. But not perfect age verification; people will find ways around it.
A grown up can certify themselves to be over 18 and then hand the device to a teenager; and such an operation can likely be scaled to some extent. And of course no cryptographic system can eliminate the possibility that minors are looking at the screen of a device operated by an adult, who may even step out of the way to let them operate it.
irchans · 19m ago
Even after reading the article, I think there are reasonable ways to set up a low cost system that uses zero-knowledge proofs to "prove" your age without disclosing your identity. I do think that you will need trusted entities and the system will only stop most, maybe 80 or 90 percent of children under 18 from seeing porn. But, if you do this, then maybe 99% of kids under the age of 14 will have a lot of difficulty viewing porn which is a good thing. There may be valid a slippery slope argument for not setting up the age validation system even if everything I said above is true.
Seattle3503 · 17m ago
Yeah, I think even if we only manage to delay the "age of first porn viewing" to something like 14-15, thats probably a win.
jofla_net · 23s ago
Maybe, but as a parent, I believe its an embarrassment to expect to radically retrofit a society in such ways as to make up for my own negligent lack of responsibility for my own children, which I do take quite seriously.
Not to mention the myriad of resultant unintended consequences which invariably arise when such systems(of which i'm quite familiar) are brought to bear.
Though I do speak from such a position of professional neutrality, as I would gain no benefit at all from implementing such a ubiquitously mandated system. Perhaps if things were different, I'd think otherwise.
torginus · 36m ago
The problem is not only that it's impossible to make cryptography that's only secure when the good guys use it, it's that once cryptography is made insecure, it's insecure for everyone, forever.
I'm not a privacy hardliner, and I think the socially acceptable tradeoff between privacy and security have been well established before the computer era - if the police has a well-enough established suspicion against you - they can get a warrant and search your home. That's due process.
I would accept if there was a digital version of that which targeted not the encryption itself (which could be as strong as possible) - but the endpoints, like smartphones and computers.
Let's say police had a device which they could plug into your phone, which would send a specially signed message - a digital warrant, containing all the info a real warrant would - which be permanently be burned into the ROM of your phone, after which the phone would surrender its encryption keys, and the police could dump your unencrypted disk.
The phone would be then presented as evidence at the trial, and not following due process would be a cause for mistrial, no matter what they find there.
The general public would be safe in the knowledge that as long as the police isn't hauling them in, their secrets are safe, and the government would get the tools for what they claimed they wanted - a way to catch bad guys with digital tools.
buzer · 13m ago
> Let's say police had a device which they could plug into your phone, which would send a specially signed message - a digital warrant, containing all the info a real warrant would - which be permanently be burned into the ROM of your phone, after which the phone would surrender its encryption keys, and the police could dump your unencrypted disk.
And when (not if) that device leaks whoever steals your phone will be able to get access all of the things in there.
JanisErdmanis · 49m ago
How would setting up a primary credential with an identity provider differ from the process of registering to vote for USA citizens? All the discrimination opportunities and accountability issues seem to apply equally there.
nemomarx · 27m ago
if you had to register to vote to use Reddit or whatever people would complain about that constantly. and voter id laws are in fact controversial yes.
Seattle3503 · 43m ago
I agree "ensuring everyone has ID" is a separate problem that we should absolutely trying to tackle. We are already seeing people struggle with it absent any new ID schemes, eg in the case of trying to get access to banking. You can already get ID at a post office, maybe we should add other government facilities such as libraries.
JoshTriplett · 38m ago
That's absolutely true, and orthogonal to the problem that you shouldn't need to identify yourself to the government in order to access arbitrary websites.
Seattle3503 · 12m ago
I don't think thats the proposal. The proposal is that you prove to websites that you are over 18 to see adult content.
sltkr · 30m ago
The “not everyone has an ID!” argument is such an American perspective. The vast majority of world citizens live in countries that require you to have some form of government ID anyway:
It seems pretty reasonable to leverage this into online identification.
In fact, online ID is already used in the European Union for popular initiatives (see, e.g., https://www.stopkillinggames.com/ ) and nobody seems to think this is “bullshit” or infeasible or any of the concerns that are lobbed at the age verification requirements.
lmz · 44m ago
The same people who argue this will also argue that voter ID rules are discriminatory.
mattnewton · 13m ago
Voter ID laws actually have a long history of being used for disenfranchisement of certain classes in the US (most notably former slaves and their descendants, but also women), so it's understandable there is scar tissue there. It gives the incumbent state another lever of power in our very close first-past-the-post winner-take-all elections. Americans don't need imagination to see how it could be abused, just a good history book.
sltkr · 28m ago
Are the laws that require you to show ID to buy alcohol, tobacco, fire arms, or gamble in casinos also discriminatory? Or is it only discriminatory when you prevent people without IDs from watching porn?
9rx · 8m ago
> Are the laws that require you to show ID to buy alcohol, tobacco, fire arms, or gamble in casinos also discriminatory?
So long as it is done for a legitimate purpose and in good faith, generally no. As such, IDs are only expected where there is reasonable suspicion of possible violation. For example, there is no onus, with a few exceptions, to see an elderly person's ID to buy alcohol when it is clear beyond all reasonable doubt that they aren't below the minimum age.
The exceptions haven't really been tested. It very well could be found discriminatory, and you could make a pretty good case that it is. Which is ultimately the same case being made earlier. Asking a no-question-about-it 50 year old to provide his ID to watch porn isn't really in good faith, is it?
mattnewton · 9m ago
The definition of Porn by the state can change to include things that some people consider protected by the first amendment - right now there are a lot of state politicians or members of the house on record supporting classifying discussion of LGBTQ lifestyles as pornography for example.
I think alcohol, tobacco and gambling here are mostly irrelevant, but the firearms is a better example because of the second amendment, where you have a clash between a very old right granted by the bill of rights clashing with modern societies beliefs.
dathinab · 44m ago
> "Privacy preserving age verification" is bullshit
it is possible if you accept that it only needs to be good enough
- it's fully okay if it can be deceived in all kinds of ways
- verifying only once per account is okay, if a adult passes their verified account to a child that their responsibility
- legally not just forbid but criminalize (with required prison sentence) the storing of any data except is adult yes/no from a age verification process
- allow a OS accounts to just tell applications (including websites) that "is 18", if a age verification was done in the account, also no singing or anything cryptographically, because again it's good enough no need to protect it against hacking, the main responsibility still lies with the parents
so then you can do a single age verification per OS account, once, and be done with
furthermore this verification could e.g. go through a process which might identify you identity but a) isn't allowed to pass anything but adult yes/no to anyone else b) isn't allowed to store that info c) on a storing it is a "criminal liability" level where a CTO ordering data collection would go to prison
through if you live in a country where everyone has a passport with NFC chips (e.g. all of EU) just adding a "adult yes/no" function(1) to it + a transparent (open source, non profit) app per country to bridge it to accounts which need verification would do the job without needing the extra strict criminalize abuse part.
Which brings us to the main problem:
- requiring politicians to accept a "good enough" solution, accept that the main responsibility still lies with the parent
- politicians not abusing it to spy on their population
- make laws to prevent companies from ab-using "age verification" to collect private data
and that seems indeed impossible
---
(1): Technically I think it does exist, somewhat in many passes already. But practically it not viable as it (I think) discloses too much information and has too much issues wrt. integrating it (wrt. certificate nonsense)
loglog · 19m ago
No cryptographic verification is required for content blocking. Make it easy to set up a slightly locked down "child" account (e.g. one behind a MITM proxy that only lets through HTTP(S) and blocks some domains) by requiring it from every OS vendor. Label existing devices/software without it "18+".
aktuel · 36m ago
Not just age verification. The whole security circus is bs. Kids cannot go outside by themselves anymore. They have to wear helmets while being constantly monitored. None of it has brought us to a better place. Fuck it. Just fuck it.
charcircuit · 49m ago
>politicians all over the world demanded a kind of impossible encryption
It's not impossible to design a cryptographic system where law enforcement is a party within it. The false dichotomy of encrypted or not encrypted in my opinion is used to shutdown the conversation since it's easy to argue why no encryption is bad. It's a strawman.
JoshTriplett · 39m ago
It's impossible to design a cryptographic system that does end-to-end encryption and has a backdoor that can never be misused. No technical solution will address the fact that it's failing at its one job.
jgeada · 38m ago
That is a bad faith argument.
As soon as there is another untrusted party in the encryption, an in particular a party with a "skeleton key" that can decrypt anybody's message, then your encrypted communications are merely one leak away from being decoded by everybody else.
aaronmdjones · 15m ago
If there's one thing you can trust a government to do, it's to not be able to keep secrets for very long.
Up to now, there has only been intense wishful thinking by politicians, and strong "NOPE" by anyone with any kind of knowledge about cryptography. Either really everyone, including the likes of NSA, CIA and other spy services don't actually employ top cryptographers. Or they repeatedly tried and failed miserably. Or really nobody, including the spies, wants backdoored NOBUS encryption.
loglog · 16m ago
NSA does probably want it, and did probably standardized at least one such scheme in the past: Dual_EC_DRBG.
layer8 · 36m ago
The argument regarding general use of encryption for communication is that (a) law enforcement private keys would leak sooner or later, suddenly exposing everyone’s past communication, and that (b) criminals would just use “forbidden” encryption (“if x is outlawed, only outlaws will use x”).
crooked-v · 35m ago
If you include law enforcement by default, the system becomes completely insecure literally the first time an agent is corrupt, lazy, or just gets access stolen from them.
Websites can request data from the user by sending that certificate, it opens the app, it shows you the categories of data to be send, you hold your ID card to the phone, enter the PIN, and the certificate is uploaded to the ID card which verifies it. If its valid, the ID sends back the data that is specified in the certificate.
You then get presented with exactly the data that is going to be sent to the website. You can then agree or disagree. So far that is only used to log in to government websites.
This way the government does not know which sites you visit, and you only send your age to the website.
So I think from that view the eID works pretty well, it provides the minimal necessary information. The bigger issue with something like this is if you use them to enforce real name policies or stuff like that.
Technologies like the mdl standard [1] can attest to age without revealing the users identity.
As Cory points out, its still possible for kids to swipe someones ID and use that. There are probably practical solutions that are good enough. Android, iOS, and parents could work together to deal with the problem of stolen IDs. If mdl is implemented on devices such that they are managed by the device OS, that would lead to auditability. Parents can ask their child to see their phones ID app, which will show full roster of IDs on the child's device. If a parent sees an ID that shouldn't be there, they can have a conversation about it. In this way the law would be about empowering parents to shape their child's online experience. This is just a straw-man example solution, but there may be better ones.
The other objections I saw could be worked through in a similarly pragmatic fashion.
This is probably going to be good enough for most folks, and its probably a good thing to keep children away from pornography and such. And IMO coming up with a "good enough" solution will flush out all the bad actors who are hiding behind the excuse of "save the children" when really they want to build up an record of everyone's browsing history. But by denying any solution to a real problem, we let the bad actors hide amongst the well-intentioned folks who are trying to do the right thing.
[1] https://en.wikipedia.org/wiki/Mobile_driver%27s_license
Common pitfall? It’s why these techno-idealists are loudmouthed on the internet, but don’t get respect anywhere politically. If you want to gain ground politically, you need to at least acknowledge what the problem is, or is perceived to be, and offer a real solution. “Nope we can’t do that because of this 0.1% edge case” doesn’t qualify. “Apple should just dump all schematics online regardless of what China might do” doesn’t qualify. “The internet is great at it is, and your political concerns are invalid” doesn’t qualify.
Regardless of whether pornography is, or should be legal, average exposure is now 11 years old. That’s average, many kids are even younger.
If this even prevents 95% of kids from accessing pornography until they’re 15 and get a debit card to buy a VPN, that’s a win in the eyes of most parents and legislators. It doesn’t need to be perfect, or even perfectly force you to be 18, to get the primary job done. Pointing to “a 16 year old can get around it with a VPN” is missing the point. It’s not a surprise why that argument falls on deaf ears.
Or, another one, “just use parental controls,” have you even tried this? Almost all parental controls are horrifically buggy, full of loopholes, and these kids can just borrow each other’s technology. Apple’s parental controls predate HTML5 (literally, HTML 4.01) and regularly don’t work, sometimes even by their own admission. It also forces the parent to be in the role of a tech expert fluent in Microsoft, Apple, Google, Nintendo, and other products all at once. You might as well get CompTIA certified. That argument also falls on deaf ears.
The solution, then, ought to be to pass a law requiring some sort of standardized parental controls that allow trivial set-and-forget management. Require device manufacturers/software distributors to sort out a "child mode" switch you can flip upon device initialization, in-your-face and unmissable, and then have apps/webpages be able to see whether the device reports it's in child mode. Does this not solve the "prevents 95% of kids from accessing pornography" threshold of effectiveness while being infinitely less invasive?
The govt doesn't care how you verify age only that you don't sell to minors.
Sure, there is a strong ideological argument why you should not have strong identities required in the internet in general (or even in offline) and on porn sites specifically, but the argument is not technical.
I can't wait for the next generation that will enjoy "nerding out" on how to best patrol every neighborhood with drones.
Let's put NFC tags on everyone at birth, we can then nerd out harder.
https://www.cs.columbia.edu/~smb/papers/age-verify.pdf
It's a system which requires a central agency, probably a government agency, analogous to a certificate authority.
You are authenticated with that agency; it has personal info about you. But you are externally identified by some impersonal identifier, not your name.
The agency issues you a certificate binding this identifier to an assertion like "is over 18 years old".
When you interact with a site that wants to know whether you are over 18 years old, you present the certificate. The site can see that it's signed by the authority and that it has the assertion that you are over 18.
You can't just give that site someone else's certificate because it has to be the one tied to the abstract identity you are presenting (which contains no personal info; it's some kind of UUID or whatever). Plus the cert can be bound to a specific device and such.
The cert has a private keys with which you can prove that you own that cert; or at least that you are the authenticated operator of a device to which that cert was issued.
It's something like that. I may have some key details wrong. The main idea is that some brokerage that does have info about you can attest that you are over 18 without revealing any of the personal info via certificate-like objects.
It sounds like, in theory, the system can achieve good privacy in age verification. But not perfect age verification; people will find ways around it.
A grown up can certify themselves to be over 18 and then hand the device to a teenager; and such an operation can likely be scaled to some extent. And of course no cryptographic system can eliminate the possibility that minors are looking at the screen of a device operated by an adult, who may even step out of the way to let them operate it.
I'm not a privacy hardliner, and I think the socially acceptable tradeoff between privacy and security have been well established before the computer era - if the police has a well-enough established suspicion against you - they can get a warrant and search your home. That's due process.
I would accept if there was a digital version of that which targeted not the encryption itself (which could be as strong as possible) - but the endpoints, like smartphones and computers.
Let's say police had a device which they could plug into your phone, which would send a specially signed message - a digital warrant, containing all the info a real warrant would - which be permanently be burned into the ROM of your phone, after which the phone would surrender its encryption keys, and the police could dump your unencrypted disk.
The phone would be then presented as evidence at the trial, and not following due process would be a cause for mistrial, no matter what they find there.
The general public would be safe in the knowledge that as long as the police isn't hauling them in, their secrets are safe, and the government would get the tools for what they claimed they wanted - a way to catch bad guys with digital tools.
And when (not if) that device leaks whoever steals your phone will be able to get access all of the things in there.
https://en.wikipedia.org/wiki/List_of_national_identity_card...
It seems pretty reasonable to leverage this into online identification.
In fact, online ID is already used in the European Union for popular initiatives (see, e.g., https://www.stopkillinggames.com/ ) and nobody seems to think this is “bullshit” or infeasible or any of the concerns that are lobbed at the age verification requirements.
So long as it is done for a legitimate purpose and in good faith, generally no. As such, IDs are only expected where there is reasonable suspicion of possible violation. For example, there is no onus, with a few exceptions, to see an elderly person's ID to buy alcohol when it is clear beyond all reasonable doubt that they aren't below the minimum age.
The exceptions haven't really been tested. It very well could be found discriminatory, and you could make a pretty good case that it is. Which is ultimately the same case being made earlier. Asking a no-question-about-it 50 year old to provide his ID to watch porn isn't really in good faith, is it?
I think alcohol, tobacco and gambling here are mostly irrelevant, but the firearms is a better example because of the second amendment, where you have a clash between a very old right granted by the bill of rights clashing with modern societies beliefs.
it is possible if you accept that it only needs to be good enough
- it's fully okay if it can be deceived in all kinds of ways
- verifying only once per account is okay, if a adult passes their verified account to a child that their responsibility
- legally not just forbid but criminalize (with required prison sentence) the storing of any data except is adult yes/no from a age verification process
- allow a OS accounts to just tell applications (including websites) that "is 18", if a age verification was done in the account, also no singing or anything cryptographically, because again it's good enough no need to protect it against hacking, the main responsibility still lies with the parents
so then you can do a single age verification per OS account, once, and be done with
furthermore this verification could e.g. go through a process which might identify you identity but a) isn't allowed to pass anything but adult yes/no to anyone else b) isn't allowed to store that info c) on a storing it is a "criminal liability" level where a CTO ordering data collection would go to prison
through if you live in a country where everyone has a passport with NFC chips (e.g. all of EU) just adding a "adult yes/no" function(1) to it + a transparent (open source, non profit) app per country to bridge it to accounts which need verification would do the job without needing the extra strict criminalize abuse part.
Which brings us to the main problem:
- requiring politicians to accept a "good enough" solution, accept that the main responsibility still lies with the parent
- politicians not abusing it to spy on their population
- make laws to prevent companies from ab-using "age verification" to collect private data
and that seems indeed impossible
---
(1): Technically I think it does exist, somewhat in many passes already. But practically it not viable as it (I think) discloses too much information and has too much issues wrt. integrating it (wrt. certificate nonsense)
It's not impossible to design a cryptographic system where law enforcement is a party within it. The false dichotomy of encrypted or not encrypted in my opinion is used to shutdown the conversation since it's easy to argue why no encryption is bad. It's a strawman.
As soon as there is another untrusted party in the encryption, an in particular a party with a "skeleton key" that can decrypt anybody's message, then your encrypted communications are merely one leak away from being decoded by everybody else.
https://www.vice.com/en/article/hackers-published-replicas-a...
Up to now, there has only been intense wishful thinking by politicians, and strong "NOPE" by anyone with any kind of knowledge about cryptography. Either really everyone, including the likes of NSA, CIA and other spy services don't actually employ top cryptographers. Or they repeatedly tried and failed miserably. Or really nobody, including the spies, wants backdoored NOBUS encryption.