My colleagues at CEA in #Paris, France, are hiring a 2-year #postdoc to work on the joint research project #SECUBIC about #fuzzing binaries to identify #backdoors. (See this recently joint work at #ICSE2025 for previous results: https://upsilon.cc/~zack/research/publications/icse-2025-rosa-fuzzing.pdf )

If you're interested, or know interested candidates, head to: https://secubic-ptcc.github.io/jobs/open/2025/04/02/postdoc-supply-chain-binary-fuzzing.html for details.

Sadly, this is only the beginning of a domino effect should it go into law.

https://techcrunch.com/2025/04/17/florida-draft-law-mandating-encryption-backdoors-for-social-media-accounts-billed-dangerous-and-dumb/

"At least Florida’s SB 868/HB 743, “Social Media Use By Minors” bill isn’t beating around the bush when it states that it would require “social media platforms to provide a mechanism to decrypt end-to-end encryption when law enforcement obtains a subpoena.” Usually these sorts of sweeping mandates are hidden behind smoke and mirrors, but this time it’s out in the open: Florida wants a backdoor into any end-to-end encrypted social media platforms that allow accounts for minors. This would likely lead to companies not offering end-to-end encryption to minors at all, making them less safe online.

Encryption is the best tool we have to protect our communication online. It’s just as important for young people as it is for everyone else, and the idea that Florida can “protect” minors by making them less safe is dangerous and dumb.

The bill is not only privacy-invasive, it’s also asking for the impossible."

https://www.eff.org/deeplinks/2025/04/floridas-new-social-media-bill-says-quiet-part-out-loud-and-demands-encryption

They are all at it

https://www.theregister.com/2025/04/03/eu_backdoor_encryption/

Our latest Cyber & Cognitive Conflict Compass (4C) is out: Austria busts Russian #disinfo, Serbia hit with #Pegasus spyware, Lazarus fakes job offers, FamousSparrow sharpens malware, UK rolls out #AI facial recognition and the German coalition talks discuss encryption #backdoors and expansive surveillance. #Cyber never sleeps.

https://internationalcybersecurity.substack.com/p/disinformation-data-breaches-and

"We don’t know what pressure the Trump administration is using to make intelligence services fall into line, but it isn’t crazy to worry that the NSA might again start monitoring domestic communications.

Because of the Signal chat leak, it’s less likely that they’ll use vulnerabilities in Signal to do that. Equally, bad actors such as drug cartels may also feel safer using Signal. Their security against the US government lies in the fact that the US government shares their vulnerabilities. No one wants their secrets exposed.

I have long advocated for a "defense dominant" cybersecurity strategy. As long as smartphones are in the pocket of every government official, police officer, judge, CEO, and nuclear power plant operator—and now that they are being used for what the White House now calls calls "sensitive," if not outright classified conversations among cabinet members—we need them to be as secure as possible. And that means no government-mandated backdoors.

We may find out more about how officials—including the vice president of the United States—came to be using Signal on what seem to be consumer-grade smartphones, in a apparent breach of the laws on government records. It’s unlikely that they really thought through the consequences of their actions.

Nonetheless, those consequences are real. Other governments, possibly including US allies, will now have much more incentive to break Signal’s security than they did in the past, and more incentive to hack US government smartphones than they did before March 24.

For just the same reason, the US government has urgent incentives to protect them."

https://www.schneier.com/blog/archives/2025/03/the-signal-chat-leak-and-the-nsa.html

Are Encryption Backdoors Putting Your Organization at Risk?

In this clip, @sherridavidoff and @MDurrin explain why encryption backdoors are a nightmare for organizations, creating security gaps that cybercriminals can exploit.
Watch this full episode of Cyberside Chats to hear Sherri and Matt break down Apple’s battle against the UK’s demands for backdoor access, the worldwide backlash, and what it all means for cybersecurity professionals.

We'll cover:
Why backdoors are a double-edged sword for security
Historical backdoor failures that left organizations exposed
Pro tips to strengthen your security posture against evolving encryption policies

Watch the full video: https://youtu.be/5HhNKMIJkCQ
Listen to the podcast: https://www.chatcyberside.com/e/the-encryption-battle-security-savior-or-cyber-risk/

Best News of the Year: We've stopped a backdoor law in France

Encryption backdoors must never be allowed. We at Tuta will continue to fight against mass surveillance!

https://tuta.com/blog/why-a-backdoor-is-a-security-risk

"In a moment of clarity after initially moving forward a deeply flawed piece of legislation, the French National Assembly has done the right thing: it rejected a dangerous proposal that would have gutted end-to-end encryption in the name of fighting drug trafficking. Despite heavy pressure from the Interior Ministry, lawmakers voted Thursday night (article in French) to strike down a provision that would have forced messaging platforms like Signal and WhatsApp to allow hidden access to private conversations.

The vote is a victory for digital rights, for privacy and security, and for common sense.

The proposed law was a surveillance wishlist disguised as anti-drug legislation."

https://www.eff.org/deeplinks/2025/03/win-encryption-france-rejects-backdoor-mandate