Cybersecurity Company Loses Encryption Key for Internal Election

The Internal Association of Cryptologic Research (IACR) was forced to cancel their annual leadership election after one of the officials permanently lost their encryption key, rendering the results permanently encrypted.

According to Ars Technica, the IACR is a nonprofit who conducts research in cryptology. They define cryptology as "the science and practice of designing computation and communication systems that remain secure in the presence of adversaries."

To conduct internal elections, the IACR uses an open source voting system called Helios. Per the organization's bylaws, three members are selected as "independent trustees," and each holds a third of the cryptographic key needed to decrypt the results.

“Unfortunately, one of the three trustees has irretrievably lost their private key, an honest but unfortunate human mistake, and therefore cannot compute their decryption share. As a result, Helios is unable to complete the decryption process, and it is technically impossible for us to obtain or verify the final outcome of this election.”
- The IACR

One of the far less exciting but nonetheless crucial topics that the privacy community often neglects is backups. It's said that "two is one, one is none." If you don't have backups, you're gambling with your data. The current conventional wisdom preaches a "3-2-1" rule:

• 3 copies of your data
• 2 different mediums (such as external hard drive and cloud storage)
• 1 live copy

It's also worth noting the follow up piece of advice: "if you haven't tested your backups, you don't have backups." There's few feelings worse than needing to recover your backups and realizing they aren't there after all.

The IACR has updated their policies: only two of three trustees are now required going forward. New elections have started and polls will close on December 20.