
Attorney General will ask Zuckerberg to halt plans for end-to-end encryption - minimaxir
https://www.buzzfeednews.com/article/ryanmac/bill-barr-facebook-letter-halt-encryption
======
saagarjha
> We are writing to request that Facebook does not proceed with its plan to
> implement end-to-end encryption across its messaging services without
> ensuring that there is no reduction to user safety.

Oh, so you’re asking for more end-to-end encryption?

> While the letter acknowledges that Facebook, which owns Facebook Messenger,
> WhatsApp, and Instagram, captures 99% of child exploitation and terrorism-
> related content through its own systems, it also notes that "mere numbers
> cannot capture the significance of the harm to children."

This is such a lazy argument :/

~~~
posix_compliant
99% of domestic disturbances happen in private homes. Should they put cameras
there, too?

~~~
slig
It's called "Telescreen" and will be soon available.

~~~
onli
It's called laptop, smartphone and smart tv, is already available and we do
know it's already watched and listened to.

~~~
pcdoodle
^^^ Source Please.

~~~
inanutshellus
How about the (now former) head of the FBI recommending we cover our front-
facing cameras?

[https://www.engadget.com/2016/09/23/the-fbi-recommends-
you-c...](https://www.engadget.com/2016/09/23/the-fbi-recommends-you-cover-
your-laptops-webcam-good-reasons/)

and, mostly because it's mentioned in the engadget article:

[https://twitter.com/topherolson/status/745294977064828929/ph...](https://twitter.com/topherolson/status/745294977064828929/photo/1)

------
danShumway
> mere numbers cannot capture the significance of the harm to children.

Oh, bull crap. By this argument, literally no protection or liberty that
allows even one child to be harmed could ever be tolerated. Why stop at
vetting baby-sitters or teachers? We ought to require mandatory background
checks for every person who ever visits a family or goes into a public space
that might contain children. Law enforcement also ought to be able to track
every underage child at all times, via mandatory GPS collars.

At the risk of sounding callous, there are occasionally some situations where
you really do need to shut up and multiply.

~~~
xgb84j
The argument about children is easily invalidated by the fact, that for some
reason that during the Vietnam / Afghanistan / Irak war many children were
harmed for much less than everybody's privacy.

~~~
wefarrell
Those are other people's children.

The reptilian brain will respond differently to children from different
cultures on the other side of the world. I understand the logic behind your
argument but policy isn't driven by logic.

~~~
SomeOldThrow
Hell, it’s nakedly visible in policy in treatment of children from different
cultures in the US itself. Xenophobia is a known route to power. This impulse
CAN be countered by putting it in the light. Policy can and should always be
driven in part by logic.

------
brunoTbear
The claim of catching 99% of activity is really hard to justify. In many
detection systems you cannot know your true number of false negatives. It's
inherently unknowable in this case. A better metric would be mean time to
detection for a given CEP sharer or perhaps a metric around how much CEP is
shared before detection, or perhaps a metric for network size of CEP and how
well FB can clean up an entire network at once.

This NYTimes article [https://www.nytimes.com/interactive/2019/09/28/us/child-
sex-...](https://www.nytimes.com/interactive/2019/09/28/us/child-sex-
abuse.html) is quite good. I don't want to punish FB for doing a good job of
detection by turning around clutching my pearls at them. Stamos tweeted that
every hosting platform has these challenges and I believe him.

There has to be some nuance from the absolute privacy folks on this one. How
do we balance the need to fight child abuse with privacy?

~~~
awaythrowacct
It's easy to detect a vast amount of child porn, simply because the vast
majority of child porn sharing is just a few thousand different files, shared
over and over again. A few hundred thousand files if you count the non-nude
and nude "child modelling" stuff, too.

You can catch a majority of such content just by running a dumb hash over the
bits, even though the detection rate suffered a little thanks to dumb
smartphone users who will screenshot everything instead of sharing the files,
thus creating "new" content.

If you add some simple "content hashing", like
[https://pypi.org/project/dhash/](https://pypi.org/project/dhash/) or
Microsoft PhotoDNA [https://www.microsoft.com/en-
us/photodna](https://www.microsoft.com/en-us/photodna) you can catch an
astounding number of content shares, something which really looks great in
press releases. My guess would be that the vast, vast, vast majority of those
18M reports that letter mentions came from automated engines detecting the
"common" content with dumb bit or content hashes. But you really didn't do
much except annoy and scare some online pedophiles* who shared the same 10,
20, 40 year old content* and maybe even put a few of them away for good or
caused them to kill themselves. And yet, you almost never actually prevented
ongoing child rape and other abuses.

The problem however is that you absolutely cannot catch new content that way.
Content that isn't widely shared but shared between two people or in rather
small groups. These small groups have elaborate vouching and proving systems
in place, and are hard to infiltrate, going as far as having to prove yourself
by sharing a picture of you victim holding a sign with a time stamp and some
passphrase.

facebook aimed their AI at porn so they might catch some of this new content
by accident; it's porn after all. Then again, my hopes aren't that high,
seeing Microsoft's bing fucked up even removing the known child abuse content
from search results even as the company runs the PhotoDNA database I mentioned
before. And google's AI is "clever" enough to think black teens are gorillas,
but they are supposed to catch child porn?

Also, those dedicated child abuse content producers do read the news and know
not to use facebook or twitter. Most of them do, anyway.

There is essentially three types of pedocriminals I have observed: the
aforementioned part time online pedos who share the same old child abuse
content but do not actually produce it or abuse children in the real world, a
group of active pedophiles who do not care about getting caught because they
live in places where they do not actually have to fear the police
investigating them __ _, and a cautious group who might use common public
services to make initial contact and talk a little in code but will
immediately exchange tox ids etc or at least link to "how to setup qtox over
tor"_ __* guides (I saw a few "groomers" do just that), and never share
anything incriminating over a public service. My guess is that they are be
behind tor or a VPN even when using those public services.

And there is a small number of dumb fucks too who will get caught easily and
who end up in the press, and, of course, a probably quite large group of
pedophiles who just abuse children but do not tell anybody about it,
especially not on the internet.

The majority of people you'd actually want to neutralize because they engage
in ongoing child abuse you will not catch on facebook or twitter or whatever.
I sometimes liken it to catching a lot of drug users, but not the dealers let
alone the drug producers.

Not that my experience dealing with the police is much better. The average
time for them to get back to you is a few months if they are from the West,
and usually never in other parts of the world, even if they have dedicated
groups and/or tip lines. Maybe sometimes they do investigate without
acknowledging the reports you sent, I don't know, but it is my feeling that
probably not. I don't want to blame the individual police officers and
detectives who have to deal with this shit, it's probably all due to lack of
resources and institutional support.

But to shit a bit more on the police: I saw some chats with essentially
reverse-grooming, where a "girl" started off telling how "wet" she is and how
much she likes dicks and only then that she is only "13". After learning about
"her" age the dude then usually quickly leaves, but often only after having
posted some personal information already. I later learned that such "girls"
are either the police "child grooming" units, or blackmailers. I don't even
want to know how many of the grooming cases that actually go to court are a
result of this tactic, catching stupid horny wannabe pervs, while the actual
groomers go free. Burning resources like this instead of using them to catch
the truly evil and nasty people again seems to be a political decision.

Source: personal experience from having to deal with this shit occasionally,
and having caused some pedophiles to go to prison.

* There have been a few studies that found that the group of people consuming child abuse media and the group that actually molests and rapes children doesn't have too much overlap, contrary to what one might expect.

 __A lot of the "common" content is rather old, like digitized VHS tapes and
magazine scans, or stuff like "1st st __ __" (the producer of which went to
prison like 10 years ago) or the East European nude "modelling" stuff from the
early 2000s, or webcams from a time when webcams had half a megapixel. There
is some newer stuff, like "R _b_ n" and "R __girls ", but that's the
exception. And if you try to fill in the blanks and google any of this, you're
stupid and/or evil; don't.

 __* I have had a few tell that to my face, taunting me to report them to
their local police.

 __ __I am singling out tox /qtox because at least at in the recent past it
seems to have been the goto tool for security conscious pedophiles, based on
my personal observations.

~~~
arknave
> There have been a few studies that found that the group of people consuming
> child abuse media and the group that actually molests and rapes children
> doesn't have too much overlap, contrary to what one might expect.

Do you have some links for this? I've anecdotally heard it both ways.

[https://olemiss.edu/depts/ncjrl/pdf/I%20C%20A%20C/2013%20-%2...](https://olemiss.edu/depts/ncjrl/pdf/I%20C%20A%20C/2013%20-%20April%2018-19/09f%20-%20BUTNER%20STUDY.pdf)
seems to imply the opposite.

------
drawkbox
It is amazing to me that people that are supposedly "pro-business" and "pro-
market" are against encryption.

Mostly encryption protects privacy and business information. Corporate
espionage is bigger than state espionage or terrorism my many multiples, and
directly threatens national security as well as markets.

Encryption is pro-business and pro-privacy for business and individuals.
Without encryption or with backdoors you are trusting that bad actors don't
get access to it, they will.

Why have a world class security system, yet plenty of keys under rocks in the
backyard?

I wish encryption was framed like this:

Going without encryption or including backdoors is another level of trust,
like leaving your window open on vacation and putting a note that says, "Only
Sally the neighbor can come in through the window, please" (Sally being the
gov't). Guess what, Sally won't be the only one coming in. In that situation
you may as well open the front door because that is the same as the backdoor
or window, just less obscurity but more attractive to underground/opposition
forces whether that is state, corporate, personal or more.

Oversight and security has gotten lazy, two decades of surveillance based
detective work without warrants over real detective work with warrants has
made enforcement and security lazy and unable to operate without all the noise
that comes with access to everyone's data. Initially it was about terrorism,
but everyone knows it is about business information, personal information and
other over steps like the drug wars or fights against sex workers or other
wars on people that are low hanging fruit that are picked on constantly. Good
detective and intel work needs to come back and less of the surveillance type.

~~~
echelon
Terrorists can and will use steganography, which even the most advanced
automated systems cannot detect.

They want to surveil the public.

~~~
ohazi
They don't even need to... You can have a correct implementation of RSA in
like 20 lines of code. The cat was out of the bag 20 years ago.

~~~
yuushi
Correctness defined as "this produces the right answer" vs correctness defined
as the above with the addition of "this does not leak information / is not
highly vulnerable to side-channel attacks" are very different things, and only
one of those definitions is actually useful for cryptography.

Writing it yourself for the first time, or just copying some code off the
internet, is going to have a vanishingly small chance of being actually
secure.

------
OedipusRex
"We are writing to request that Facebook does not proceed with its plan to
implement end-to-end encryption across its messaging services without ensuring
that there is no reduction to user safety."

Isn't the entire point of E2E Encryption for user safety, as in safety from
the government reading your message?

~~~
kamyarg
True E2E Encryption would also mean the platform(FB, Telegram, Google, Apple,
etc.) also can not read the messages and thus the law enforcement can not
force them to reveal what a user said because it would be impossible for them
to know.

~~~
snarf21
You are partially right but the issue is that E2E isn't even enough. E2E
doesn't matter if they force a patched binary that _also_ sends the data to
the government. This is _EXACTLY_ what the Australian laws saws they must do,
oh and it is a gag order so they can't disclose it.

I'm starting to wonder if this is a smokescreen. Eventually give in to E2E
because you know you have got app store signing keys for the apps so you can
upload a patched one with backdoors.

~~~
Miner49er
This is a good point. E2E is better then not, but you still can't trust FB.
Anybody who seriously cares about privacy will still use something open
source.

~~~
nickik
But its not about those couple people, its about rolling out better security
to billions of people. Even a 0.01% increase in secuirty is an incredible
benefit if it runs on a platform like Facebook.

It also totally changes how government has to force Facebook into giving them
something. They can't just request access to some server anymore.

The main way to defeat a state is to make mass survailance difficult enough
that it doesn't scale well.

------
ddoolin
> While the letter acknowledges that Facebook, which owns Facebook Messenger,
> WhatsApp, and Instagram, captures 99% of child exploitation and terrorism-
> related content through its own systems, it also notes that "mere numbers
> cannot capture the significance of the harm to children."

Ah yes, "think of the children!" This is so tired, I'm (just a bit) surprised
they fell into this argument.

~~~
kazagistar
I will believe that anyone in politics gives a shit about children when the US
stops bombing children in other countries.

~~~
alkonaut
Also:

Kids being shot in schools: the price of freedom.

Private communications means also criminals can communicate privately:
outrage.

------
eloff
I hate these requests for government back doors into tech communication
software in the name of "the children". Let the parents worry about and
protect their own children. Let the government mind its own business and stay
out of ours.

~~~
robrenaud
And if the parents are the abusers, then it's okay?

I am still pro E2E encryption, especially given the Snowden revelations (the
US gov cannot be trusted to be responsible), but it does come at a high cost.

[https://www.nytimes.com/interactive/2019/09/28/us/child-
sex-...](https://www.nytimes.com/interactive/2019/09/28/us/child-sex-
abuse.html)

~~~
mlindner
The thought that people can remove all crime or get anywhere near it is faulty
from first axioms.

[https://en.wikipedia.org/wiki/Blackstone%27s_ratio](https://en.wikipedia.org/wiki/Blackstone%27s_ratio)

"It is better that ten guilty persons escape than that one innocent suffer."

If you start thinking that parents "can be" the criminals then you've decided
that parents are automatically guilty and must be proved innocent. This goes
against the very moral fiber of the entire western world theory of law, the
presumption of innocence.

~~~
anon9001
How is the idea that we can remove all crime faulty? Blackstone is just saying
that we _shouldn 't_ try to remove all crime because it's more harmful to
society to try than to let some crimes go unsolved. His main argument is that
there might be an ambiguous situation where someone appears guilty but
actually is not guilty.

It's definitely possible to eliminate all crime with total surveillance with a
high degree of accuracy.

We probably shouldn't, especially not without being able to quickly update our
laws, but it could be done. Imagine if anyone going over the speed limit was
instantly charged a fine. We can do that today with complete accuracy, but we
choose not to do enforcement that way.

~~~
therwey
> It's definitely possible to eliminate all crime with total surveillance with
> a high degree of accuracy.

Unless the state itself is criminal. Not only can law stray from morality,
authorities of the state can even violate the laws of that state itself. If
you can imagine an extreme authoritarian state with a constitution, can't you
also imagine that the leaders of that state choosing to ignore that
constitution?

But before even getting into the above, you've assumed the possibility of
perfect surveillance. Who or what and how could that ever be possible?

The only way I can conceive of perfect law enforcement is to have very few if
any laws. Everything else is an excuse for the personal fancies of
authoritarians.

~~~
anon9001
All phones could be mandated to record audio/video at all times and stream it
to government servers for archiving and processing, for example.

And you could set up society so that you'd be useless without carrying your
phone, as we're most of the way there already. Not streaming your complete
data to the government would become a crime.

All public places could be recorded in a similar way.

If you combined it with satellite tracking of the whole planet, you could even
identify people that have chosen to go off the grid for some period of time,
so you could solve crimes that happened in the forest if you want.

That's pretty close to perfect surveillance.

I can't think of a crime that couldn't be solved this way, but it's not a
society where I'd want to live.

~~~
mlindner
Who watches the watchers? Who prevents the watchers from deleting
footage/recordings? Unless you're genetically engineering humans to no longer
have any desires, anyone can be bribed or blackmailed for the right price.

~~~
anon9001
Other watchers would watch those watchers. Government officials would not be
exempt from data collection. People would eventually learn that you can't
bribe or blackmail because it's impossible to do without having it recorded
and detected by surveillance. That's how our system of government works today,
but the only people who get caught are those that leave evidence behind. If
you use technology to ensure everyone creates tons of evidence, then everyone
doing something illegal can be caught.

I'm not sure why I'm being so heavily downvoted, the only difference between
the dystopian future that I describe and the system we have currently, is that
the government isn't collecting and processing data on such a wide scale. If
they collect more data, we will have more crimes solved and more privacy
forfeited. If you take that to its logical extreme, we have full surveillance,
no privacy, and no crime. I'd rather live in a world where we have some crime,
but privacy and no surveillance, but I think it's far more likely we'll head
in the opposite direction.

------
Johnny555
"We are writing to request that Facebook does not proceed with its plan to
implement end-to-end encryption across its messaging services without ensuring
that there is no reduction to user safety."

I don't understand why they don't just ask for what they want, why say it's
about "user safety" when it's not about that at all.

Just say "As a matter of national security, the government needs to be able to
read user messages (and we don't care if that opens up a hole that enables
_other_ governments to do it too)"

~~~
smueller1234
Quite simply because this makes it hard for Facebook to fight back. If they
do, they look like they're on the wrong side of morality.

If the demand was phrased around security, it would be less emotionally laden
(for most).

~~~
Johnny555
I'd be awfully surprised if anyone that really cares about this would be
fooled by this ruse. For most people, if the government says "We need to do
this so you'll be safe", the vast majority of people will agree, or at least
won't actively object.

~~~
ultrarunner
The argument is, as the saying goes, "good enough for government work."

I find that quite appalling, to be frank.

------
authoritarian
Ah yes, another case of "We must stop the pedophiles and terrorists, so please
just allow us to monitor everything you do at all times"

------
mprev
Forgive the OT comment but in the UK we have a soft drinks manufacturer named
AG Barr, most famous for Irn Bru.

I spent a few moments trying to understand what had led to the manufacturer of
Tizer, Irn Bru, and various other traditional British soft drinks getting
involved in this.

[https://www.agbarr.co.uk/](https://www.agbarr.co.uk/)

~~~
dang
Wow, that's quite a stretch for a title ambiguity: attorney general or soft
drink?

Submitted title was "AG Barr Will Ask Zuckerberg To Halt Plans For End-To-End
Encryption".

~~~
brianpgordon
I mean, I doubt that many UK natives know the name of the US Attorney General
off the top of their heads. It seems like a reasonable mixup to me.

~~~
atonse
Reasonable to think that a soft drink provider would ask FB to not use end-to-
end encryption?

But I agree that AG should be expanded.

~~~
brianpgordon
They realized that something was off, obviously. They were just saying it was
confusing at first because without the context of knowing who Barr is, "AG" is
a nonsense word. The only remaining parse is a soft-drink company.

------
wcunning
There was a discussion not long ago about brain privacy on the front page and
this twitter thread was brought up in the comments:

[https://twitter.com/hashbreaker/status/709314886384427008](https://twitter.com/hashbreaker/status/709314886384427008)

> Fun game to play: Take statements from Comey et al. Replace "smartphones"
> with "brains"/"memories"/"thoughts". Technology will get us there!

Very on brand for the new versions of this request...

------
oconnor663
How does the Attorney General feel about foreign governments making "lawful
requests" for people's private Facebook messages? Does he believe America
benefits from giving _every_ government access, or does he believe that these
systems would somehow serve America alone?

------
Brushfire
If they don't do E2E, users will abandon Facebook for platforms that do
support it (and already are). And they aren't doing this to commit crimes, but
to prevent advertisements from targeting every conversation they've ever had.

~~~
saagarjha
I wonder how many WhatsApp users are aware that their messages are encrypted
end-to-end.

~~~
hathawsh
I also wonder how many users are aware of the imperfections in the end to end
encryption in WhatsApp.

[https://keybase.io/blog/chat-apps-softer-than-
tofu](https://keybase.io/blog/chat-apps-softer-than-tofu)

(I have no affiliation with Keybase, I just appreciate their very thorough and
public analysis.)

~~~
myu701
Thanks for posting this!

I used the wayback machine to read the older version of this article, it took
specific aim at WhatsApp and Sigal, indicating that (in so many words) it
disapproved of the apps providing a notice of Safety Numbers changing instead
of the app flipping its wig and making the user take affirmative action to
continue communications, otherwise it wasn't true TOFU.

I have about 30+ contacts on Signal, and I almost __never__ get Safety number
changes. I certainly don't think making the user click through yet-another-
dialog-they-wont-read will be a big security improvement.

I suppose I disagree with the 'not true TOFU' argument.

------
sakisv
I, for one, love the sweet irony where the Attorney General is making Zuck and
FB appear like the good guys.

Also, should we read this request as "if you implement E2E encryption we will
no longer have visibility over what FB users say"?

If so, and because the connection between us and FB is over https, I assume
there are deals in place where various 3-letter-agencies from these 5
countries are given (or they take themselves) the contents of our private
messages? I wonder why they would be opposed to something like E2E then /s

------
jknz
Detecting child abuse pictures is not incompatible with end-to-end encryption
if the detection is done locally.

Facebook (or other messenger app owners) could train a good classification
model to detect child abuse pictures on large servers and provide the model to
smartphones locally. Before sending pictures, the app would run the trained
model (which is cheap computationally). If if detects pictures of abuse with a
certain accuracy, the app would block the transmission of the picture
(possibly, explaining why to the user). If the detection of pictures of abuse
happens again, the user could be banned from the app for 1 day, and if it
happens more often the ban would become longer and longer.

That way facebook can fight child abuse without ever having the pictures.

~~~
jpadkins
don't trust the client. How easy it would be for a motivated community to
create a binary patch that skipped the local abuse checks?

~~~
jknz
There are ways to run trusted code on a client using remote enclaves (provided
it is supported by the local CPU)

[https://signal.org/blog/private-contact-
discovery/](https://signal.org/blog/private-contact-discovery/)

~~~
jandrese
How are you going to get a pedo to setup a secure enclave on his box that you
control?

This is one of those technologies that are cool in theory but almost
impossible to implement in practice on current hardware.

------
akersten
They can ask all they want, the answer should always be "No."

------
univalent
Why should Facebook guarantee that it won't lead to security concerns? That's
not their job. Is the AG going to go around asking all companies not to do E2E
encryption until they can each make that guarantee?

------
s3r3nity
Question for those more knowledgeable than I in this space: a huge value prop
for iMessage is E2E encryption, correct? Why hasn't that gotten similar
response from the AG? (OR has it already, and I may have missed it?)

~~~
sigmar
I'd like to contrast with the other responses here by offering my suspicion
that Apple is cooperating with governments to quietly swap out keys for users
upon receiving a court order. It would explain why Skype was banned by China
and iMessage was not.

~~~
ub
This. Apple cooperates a lot with law enforcement than they let out. While
they make a big deal about on-device security, iCLoud which most users turn on
is the loophole. Apple turns in backup content when asked much more willingly.

------
fnord77
Hey Barr, if innocent people have nothing to hide, please set an example by
releasing all your private communications to the public.

------
throwaway66666
There are many forms of tyrants, but there are none so terrible as those
stifling their own people in the name of freedom and safety.

------
Havoc
Zuck looking like the good guy in an exchange about privacy. Now that takes
some doing...

------
noonespecial
In the current political environment, allowing the government (just about any
nation's) in via eliminating end-to-end encryption _is_ a reduction to user
safety.

------
stefek99
> Our understanding is that much of this activity, which is critical to
> protecting children and fighting terrorism, will no longer be possible if
> Facebook implements its proposals as planned.

Here is some legislation from 2000:
[https://en.wikipedia.org/wiki/Regulation_of_Investigatory_Po...](https://en.wikipedia.org/wiki/Regulation_of_Investigatory_Powers_Act_2000)

> Critics claim that the spectres of terrorism, internet crime and paedophilia
> were used to push the act through and that there was little substantive
> debate in the House of Commons.

20 years in life of internet is a lot. Same arguments. Remarkable.

~~~
ekianjo
This predates the age of the Internet by millenia. Almost every politician in
History appeals to children to drive their policies or block their opponents'.

~~~
throwawaylolx
How? Childhood is a rather modern concept and child labour exploitation peaked
just a few centuries ago during the Industrial Revolution.

What historical events and periods are you referring to in the past millenia?

~~~
leetcrew
corrupting the youth was one of the charges against Socrates made by
essentially political opponents.

~~~
JoeAltmaier
Which, incidentally, he was undoubtedly guilty of. By putting all sorts of
notions into their heads.

~~~
leetcrew
from the perspective of a contemporary Athenian, yes, he did say things that
were incompatible with the state religion. I don't think a modern reader
necessarily has to agree that that's "corrupting the youth". the Athenians
also probably didn't care very much about this anyway. the charge was
literally true, but it was also bullshit because none of the accusers actually
cared about any of the offenses they were charging him with. what they
actually cared about was that he had humiliated them in public on many
occasions and his association with (though not outright involvement in) the
reign of the thirty tyrants.

so actually fairly analogous!

------
quotemstr
It's really amazing how often tyranny is justified on the basis of "safety".
It's why the "trust and safety" team moniker ubiquitous in the tech industry
sounds so Orwellian.

I think tech companies would have a stronger basis for refusing to monitor and
censor user traffic if they hadn't volunteered to monitor and censor _some_
user traffic. Doing anything some of the time makes you vulnerable to pressure
to do more of that thing.

Carrying all legal content and refusing any cooperation with the government
without a warrant is the _only_ sustainable path.

------
evilsnoopi3
I don't think this often, but, in this case, Facebook is doing the right thing
both ethically and practically.

~~~
TazeTSchnitzel
Facebook isn't doing it because they believe in it. WhatsApp added E2EE after
being acquired by Facebook but before FB fully took control, a parting gift of
sorts.

------
choppaface
Time for Facebook to make like Google and say 'sorry but foregoing end-to-end
encryption would lower the Barr'

[https://arstechnica.com/information-
technology/2013/11/googl...](https://arstechnica.com/information-
technology/2013/11/googlers-say-f-you-to-nsa-company-encrypts-internal-
network/)

(Of course, this just prompted Google to serve more legal data requests, but
better than letting the Justice Dept sweep everything for who knows what end)

------
carapace
The problem is deeper than just protecting your data against the government:
One of the products these guys sold to corrupt goverments was a tool to _plant
CP_ on people's computers.

[https://hacked.com/italian-hacking-team-hacked/](https://hacked.com/italian-
hacking-team-hacked/)

How do you like those apples?

I can't think of a technical defense against a threat like that that doesn't
involve disconnecting all the computers in my house and throwing them away.

~~~
jMyles
> a tool to plant CP on people's computers.

This tool is not described in the article you've linked. Do you have an
additional link for those of us who want to read more about this?

~~~
newguy1234
Here is another discussion on it:

[https://news.ycombinator.com/item?id=9836336](https://news.ycombinator.com/item?id=9836336)

It is true, there is a tool that was developed to basically plant evidence on
a compromised machine. So the idea here being that the hired hackers would
compromise the machine and then the government client would tell the hackers
to put CP, incriminating evidence or other stuff on the machine before the
police raided the house/building. The computers would be seized and then it
would be used as evidence to prosecute the target.

It is real.

Also if you are interested, dark net diaries did an episode on this group
called "hacking team".

[https://darknetdiaries.com/episode/38/](https://darknetdiaries.com/episode/38/)

------
tracker1
F*ck AG Barr... they can subpoena their data requests like they should have
already been doing.

------
gumby
> "We are writing to request that Facebook does not proceed with its plan to
> implement end-to-end encryption across its messaging services without
> ensuring that there is no reduction to user safety."

Seems easy for FB to comply with this: they are adding encryption specifically
to _improve_ user safety.*

The later extract in the article body talks about "public" safety, which is
the classic false dichotomy that has been brought up by law agencies for the
past 30 years.

Much as it sticks in my craw to say something supportive of either of that
meretricious duo Barr and Patel, I have to admit I am glad that they are using
an open letter rather than trying for a backroom deal or quiet threats.
Perhaps they tried those already and have been rebuffed.

I have seen some friends of mine outraged by social media's inability to do
wholesale censorship, spurred by some NYT articles on child abuse from last
week. I wonder if that was coordinated?

* OK, they are a corporation doing it to encourage people to use their service, but they are trying to accomplish _that_ by improving user safety.

------
wongarsu
> Risks to public safety from Facebook’s proposals are exacerbated in the
> context of a single platform that would combine inaccessible messaging
> services with open profiles, providing unique routes for prospective
> offenders to identify and groom our children

So the government not having access to private communication is a threat to
public safety, and won't somebody think of the children!

------
euske
It is interesting that they chose to control Facebook instead of calling it a
monopoly and splitting it into two, because it's their interest to have a
choke point that they can conveniently go after. Apple is big and they provide
e2e encryption, but they're not a choke point because not everyone uses Apple.
On the other hand, everyone (except me) uses Facebook.

------
justinclift
> ... without ensuring that there is no reduction to user safety.

Australian here. Does "user safety" include journalists not being raided
and/or prosecuted for publishing public interest material? For example, likely
evidence of war crimes by some of our soldiers.

As has begun happening here, after laws were introduced forcing our telco's to
allow monitoring of _anyone_.

------
sedachv
This is most likely motivated by the US government (current and past
administration) efforts to suppress whistle-blowers:

[https://theintercept.com/2019/08/04/whistleblowers-
surveilla...](https://theintercept.com/2019/08/04/whistleblowers-surveillance-
fbi-trump/)

------
gorgoiler
How many crimes are solved through wiretapping or evidence gathered from
Facebook servers? Facebook’s 99% figure needs more context — maybe that’s 99%
of just 1% of all child abuse / sexual assault / terrorism crimes?

Some more statistics would be useful to quantify the impact on criminal
justice of losing either of those options. Otherwise the arguments just feel
political or emotional.

End-to-End won’t impact the major source of evidence in, say, sexual assaults
where the victim unlocks their phone and submits a copy of their decrypted
message threads to the police, though this is a controversial policing method,
recently reported on in the UK:

[https://www.theguardian.com/society/2019/sep/21/people-
repor...](https://www.theguardian.com/society/2019/sep/21/people-report-rape-
routine-demands-mobile-data)

~~~
gorgoiler
2,500 prosecutions as a result of “the work we did with Facebook in the last
year”, according to UK government (Brandon Lewis, a minister on Radio 4,
October 4th.)

------
JDEW
I find it strange that there isn't already some precedent from the supreme
court on the right to encrypt under the second amendment. This isn't a new
idea [1] and the debate about whether or not encryption is a fundamental right
is already going on for ages...

If Americans cared so much about their freedom to protect themselves from
their government, rationally it would make far more sense to be up on the
fence about encryption than about firearms.

[1] [https://law.stackexchange.com/questions/3696/is-the-right-
to...](https://law.stackexchange.com/questions/3696/is-the-right-to-keep-and-
bear-crypto-protected-by-the-second-amendment)

[Edit] I don't want to start a flame war about guns, I'm genuinely curious
about what the law would say about encryption under the second amendment.

------
zer0gravity
The only thing I can say about this is that, once we'll have BMIs, the
Government will want to tap into that as well, because you may have dangerous
thoughts.

If you see the insanity of this, you should see the insanity of the Government
tapping into private messages.

------
Porthos9K
You'd think that with all his billions, Zuckerberg would buy himself a spine
and tell the AG to fuck off. We keep having this debate because law-
enforcement types won't be happy until they can monitor your thoughts in real
time. You expand their powers even a little, and the next day they're
clamoring for more. And it's always the same excuses: preventing terrorism or
protecting children.

Well, I don't see the Feds cracking down hard enough on homegrown fascist
groups, and I would be happy if Bob Barr's kids or grandkids were locked in a
dungeon and made to sit in their own filth Omelas-style if it meant we'd have
strong crypto for everyone.

------
BLKNSLVR
No one is physically raped, murdered, or even injured (beyond choosing to be
offended by a certain combination of letters on a screen) in the electronic
arena. All crimes they like to mention for the fear factor take place in
meatspace and as such leave traces that can be followed by appropriately
skilled investigators.

Electronic surveillance is primarily used for reconstruction and back tracking
after a significant crime has taken place. After the fact.

Electronic surveillance is paying cheap lip service to a problem instead of
paying the expensive price of doing it properly, in meatspace, with boots on
the ground.

------
gigatexal
Perhaps Zuck will make a deal with the Devil and go forward with this if he
receives some agreement that they won’t break up FB into many companies and
continue to allow the firm to do shady things with user data.

~~~
m0zg
Republican administration will not break up FB. Elizabeth Warren could, which
is why she won't win the election if she's nominated. Big Tech, which is in
charge of what we see and don't see is directly threatened by her, so you can
bet that "algorithms" will all of a sudden find it appropriate to de-rank her
content.

------
JaRail
If they're worried about kids, maybe they should have asked to not enable E2E
for Messenger Kids. There's already a feature to let parents see their kids'
messages. I'm pretty sure they have no plans of breaking that. Government
should be providing their expertise to help FB train AIs to help alert parents
to suspicious chats. There are lots of good ways to protect kids. This ain't
it.

Ask any woman/minority, domestic abuse victim, etc. They don't want people
spying on their messages.

------
hashkb
Remember - we don't actually need social media. Encrypted email is enough to
protect your actual private communication so you can revolt or share a little
illegal material with a few friends. It's not fair to ignore the network
effect here. And what do we, as a society, gain from social media? Nothing!
It's addicting us, wearing down our critical thinking, and it's stopping you
from going outside.

------
plmu
What happens if someone distributes an OSS toolkit that enables everyone to
easily setup an encrypted ad-hoc peer to peer network?

If you want to prevent criminals from communicating safely in the long run,
you would have to prohibit open internet access and/or mathematics.

Prohibiting platforms will lead to some delay at best. The collateral damage,
taking away privacy from the population at large, is proably the real goal.

------
justapassenger
> mere numbers cannot capture the significance of the harm to children.

So, when is ban on guns, cars and parents coming? Each of them killed
countless kids.

------
dehrmann
My questions for Attorney General Barr would be after revelations about
warrantless wiretapping, the FISA court, and National Security Letters, what
did you think would happen, and given the US government's gripes with Huawei,
isn't the only difference that this backdoor is for the Five (or Three) Eyes?

------
tadasZ
I don't want to give up my privacy just because some bad actors are using (or
will use) OTHER end to end encrypted messaging apps. Bans won't solve the
problem of child abuse and etc., when i'll want to live in a dictatorship i'll
move to china or some similar place.

------
realid
Didn't we already do the crypto wars? I guess we need to go through this again
for those who missed it.

------
AlexCoventry
I guess FB could just respond by linking to this blog post:
[https://newsroom.fb.com/news/2018/05/end-to-end-
encryption/](https://newsroom.fb.com/news/2018/05/end-to-end-encryption/)

------
stockkid
> prioritize public safety in designing its encryption by enabling law
> enforcement to gain access to illegal content

I don't think it works that way. Serious criminals that we really want to
catch are probably not coordinating their activities using unencrypted
channels anyway.

------
surfsvammel
"We are writing to request that Facebook does not proceed with its plan to
implement end-to-end encryption across its messaging services without ensuring
that there is no reduction to user safety."

I don’t get it. How could end-to-end encryption reduce user safety?

~~~
fooey
This is the authoritarian argument that it makes everyone less safe if they're
not allowed to spy on everyone.

~~~
adrianmonk
It's even a poor version of that argument. The victims of whatever crimes this
would allegedly prevent aren't necessarily users of the platform. In that type
of scenario, the perpetrators are the users.

------
rpmisms
And this is why I enjoy politics from afar. If you're invested, all that's
going to happen is that your otherwise good person you support will start
pushing shit like this. Party doesn't matter: state power will always be the
goal.

------
doggydogs94
Granting one government access to data is the same as granting access to every
government.

------
velox_io
Banning encryption in one place will not change anything, it just means that
those who want their actions hidden will go elsewhere or use tools such as
VPNs, which seem fairly common these days, even amongst general users.

------
jenkstom
Well, I guess we know now that law enforcement reads our messages whenever
they want.

------
eanzenberg
I’n extremely surprised that warrants haven’t been brought up yet here. A
device cannot be unencrypted when a warrant is issued, so that evidence is
lost, assuming the device itself is lost. Is this an ok course of action?

------
shmerl
Lack of proper security (i.e. lack end to end encryption) always reduces
public safety due to bad actors being able to snoop on the data. Not that
anyone should trust Facebook to begin with for exactly the same reason.

------
radres
Do you really think the user cannot implement end-to-end encryption
themselves?

------
PovilasID
"Think of the children" often covers a lazy powergrab. Now is full
transparency bad or the role of privacy itself that is not a online comment
battle conversation but this is just lazy.

------
cbeach
Removing / banning encryption will hurt us all, including (I hope) the
ignorant and authoritarian politicians responsible for eroding our privacy.

I eagerly await the publication of these politicians’ private communications.

------
ddmma
If 99% then why not Facebooks systems include AI to catch bad guys before they
act and imprison’em in a benevolent virtual reality using oculus.

Classic Spielberg called ’Minority Report’ with underwater ‘precogs’

------
agoodthrowaway
Yet another reason not to have so much concentration in a single person. If we
had smaller or more distributed social networks it would be impossible to
control the spread of E2E encryption.

------
bpicolo
If Facebook implements E2E encrypted chat, and they are able to catch 99% of
those child exploitation cases today, are they going to be down to catching 0%
of those cases with E2E in place?

------
dontbenebby
The constitution does not specify that one's speech must be intelligible to
the government. Governmental restrictions on strong encryption plainly violate
the 1st amendment.

------
zarro
I think its more about "We wont be able to collect data en masse as
efficiently anymore" than it is about "National Security or prevention of sex
trafficking".

------
munk-a
Interesting side note, if the concern is that this end-to-end messaging is
being made available through the same service that hosts social profiles -
instead of asking the company to _please-please-please include backdoors
thank-you_... maybe, just maybe, it's time to break up a vertically integrated
monopoly - when your argument is that their vertical integration is literally
a threat to public safety.

This will, of course, never happen because breaking up businesses and consumer
protection is verboten and anti-american, but I really wish someone with a big
voice could stand up and make this point because it makes them look silly.

------
unityByFreedom
I don't see the point in this request. We're going to have to figure out how
to live with encrypted messaging regardless of whether Facebook implements it.

------
elif
Maybe what we need is an "encrypted messaging system" generator.

If there is an infinite supply of encrypted channels, controlling them all
becomes literally impossible.

~~~
judge2020
I think you're describing PGP. Other than some platforms having character
limits, you can run PGP over any text format as long as both clients (or
humans) know what to do with the encrypted messages.

A system that handled things like performing the encryption and decryption of
messages over any platform would be interesting, the only pushback you would
get from an authoritarian government is them telling providers to "block all
pgp/encrypted comms on your platform" and/or the platform actively attempting
to block your client's access to the API.

~~~
elif
What I mean is not generating the encryption layer, but generating the
transport layer.

For instance, discovering and negotiating various publically available http or
irc or jabber etc. nodes, and coordinating around their unavailability.

------
HorizonXP
META: DAE get popups/hijack ads when the click anywhere on that article? I'm
on macOS Safari, and I'm wondering if it's me, or the site.

------
ryeguy_24
At the end of the day, Facebook isn’t the arbiter of whether bad actors can
speak privately or not. Anyone can communicate privately using encryption
tools. Do we shut down every website that offers to convert your message into
cypher text? A scary world it would be if all communication was accessible by
government. I liken this to stopping gun violence by pointing to mental
disease. Is Facebook really the way to stop bad actors? What about the next
communication device like cell phone transcripts? Is that fair game too
because criminals communicate by phone?

------
srmatto
We probably need a constitutional amendment guaranteeing the right to use
encryption, otherwise this cat and mouse game will never end.

------
amiune
"It seems to me, Golan, that the advance of civilization is nothing but an
exercise in the limiting of privacy." -Isaac Asimov

------
oneplane
But what if the rest of the world doesn't want the rules of the USA applied to
them? Perhaps only do this to USA-users in the USA?

------
ineedasername
The timing of this this seems suspicious. Combined with the ramp up of
antitrust investigations, it almost comes across as a shakedown.

------
NoblePublius
Do any police out there miss actually solving crimes as opposed to just
sucking up all the cell phone data and Ring camera feeds?

~~~
logfromblammo
Don't forget searching public DNA databases.

------
tgb29
ZuckerBerg was talking real tough when the opponent was Elizabeth Warren.
Let’s see if he’ll go to the mat with this one.

------
neop1x
I thought there a backdoor already? Messenger and Whatsapp, all proprietary,
can't be trusted anyway. :)

------
kup0
Another attack on privacy and liberty that cheaply hides behind "protecting
children" as the reason.

------
auslander
No Libra? Eat this! I removed Moxie's E2E encryption from WhatsApp for you, I
can put it back, you know.

------
nichch
Makes me wonder what level of access the Five Eyes currently has if they're
this afraid of losing it.

------
yccheok
So that FBI can have my cat pictures?

------
diogenescynic
The corrupt and criminal AG recruiting foreign governments to interfere in our
elections? That one?

------
benterris
I don't get it, hasn't E2E been already available for a long time in facebook
messenger ?

------
notyourday
While not being a fan of Zuck, I sincerely hope his reply to Barr is "Fuck
off, clown"

------
jasonhansel
"...except for phone calls with the President of Ukraine. Those can stay
secret."

------
ashelmire
This is equivalent of asking for a ban of wax stamp seals in the age before
the internet.

------
aloukissas
What a great way to convince even more of my contacts to switch to Signal :)

------
Alupis
Does End-to-End Encryption mean anything here?

What's stopping the government from just forcing Facebook to provide access to
the servers directly, or through some sort of portal?

This just means the government can't intercept them without Facebook
cooperation... no?

~~~
simonbw
I believe end-to-end means that the message is encrypted on the sender’s
device, remains encrypted in transit and on Facebook servers, and is then only
decrypted on the receiver’s device. Facebook themselves would not be able to
read user’s messages.

~~~
Alupis
Ah, ya that makes more sense.

Although I have a tough time believing Facebook would lock themselves out
fully... they need all those data points for pushing ads...

~~~
tempestn
They get plenty of data from what people post to the facebook and instagram
platforms. I can definitely see how business incentives could swing toward E2E
encryption for messaging. (Not because most people will know the difference,
but because people who influence tech trends will, and are privacy conscious.)

------
hansdieter1337
my (conspiracy) theory after watching some house of cards: No end2end
encryption before the US election 2020 🇺🇸

------
kitchenkarma
Assume these services are being tapped. If you want ultimate privacy exchange
keys with your contacts offline and you PGP over any messaging service.

------
eranima
What are Facebook's options?

------
alexnewman
This is bs. Facebook can already push a bonked app to your phone which makes
interdiction easy.

~~~
alexnewman
Why must I always get downvoted when I say anything slightly critical or anti
big tech?

------
no_opinions
I'm in favor of the government being capable of seeing and viewing 100%
everything. 110%.

The infrastructure should be there. If there's a court order or lawful
authorization, info should be accessible without delay.

 _But_

The way to do that would be more systems of review for when it's used,
generally making the standards more strict, less ambiguous.

 _But_

The problem is there are side effects to changing the law that can give away
methods and also put convictions at risk. There's other ramifications we may
not know about until it was put in effect, but they could be negative. I bet
that's one reason there isn't as much movement in the area.

There was an article in the news recently that right now in USA the case law
considers unopened email to be discarded.

GDPR went into effect in EU. That is another aspect that US doesn't a similar
thing for (does it _need_ one? I don't see people bringing it up often,
convince me otherwise?)

My point is, backdoors are more of a hypothetical thing. The legal framework
around them and making them better is more productive use of your time.

That would involve people coming together and nuancing what the types of
privacy are and whether it involves US people, foreign countries, drug
dealers, etc.

------
ghostly_s
Kind of seems this news should be considered in context with the other
Trump/Zuck news today that strangely hasn't been upvoted to the front page:

[https://news.ycombinator.com/item?id=21152869](https://news.ycombinator.com/item?id=21152869)

------
ZuckMuck
Right to privacy supersedes the AG's request.

------
ganitarashid
In other words, these politicians are unelectable

------
bArray
> the letter raises concerns that Facebook’s plan to build

> end-to-end encryption into its messaging apps will prevent

> law enforcement agencies from finding illegal activity

> conducted through Facebook, including child sexual

> exploitation, terrorism, and election meddling.

Not buying the case for the protection of children from the UK, after repeated
failures to protect children despite mountains of evidence [1] [2] [3] [4] [5]
[6] [7] [8] [9] [10]. Finding pedophiles is relatively easy in the UK, they
are one of the single most hated groups and often cited as the reason to bring
back capital punishment.

Terrorists are already using encrypted chat services such as Telegram to evade
intelligence agencies. Encryption has no influence over election meddling.

What this is really about is watching the general public. Facebook now blocks
content even in private messages. The other day I wanted to share a free-
documentary (i.e. fully legal) with a friend and so shared a page with a
direct download and magnetic link, which in turn Facebook kindly blocked.
Something that is pouted as "safety" is actually just about trying to line the
pockets of the film/music industry.

[1]
[https://en.wikipedia.org/wiki/Rotherham_child_sexual_exploit...](https://en.wikipedia.org/wiki/Rotherham_child_sexual_exploitation_scandal)

[2]
[https://en.wikipedia.org/wiki/Derby_child_sex_abuse_ring](https://en.wikipedia.org/wiki/Derby_child_sex_abuse_ring)

[3]
[https://en.wikipedia.org/wiki/Huddersfield_grooming_gang](https://en.wikipedia.org/wiki/Huddersfield_grooming_gang)

[4]
[https://en.wikipedia.org/wiki/Jimmy_Savile_sexual_abuse_scan...](https://en.wikipedia.org/wiki/Jimmy_Savile_sexual_abuse_scandal)

[5]
[https://en.wikipedia.org/wiki/Manchester_child_sex_abuse_rin...](https://en.wikipedia.org/wiki/Manchester_child_sex_abuse_ring)

[6]
[https://en.wikipedia.org/wiki/Newcastle_sex_abuse_ring](https://en.wikipedia.org/wiki/Newcastle_sex_abuse_ring)

[7]
[https://en.wikipedia.org/wiki/North_Wales_child_abuse_scanda...](https://en.wikipedia.org/wiki/North_Wales_child_abuse_scandal)

[8]
[https://en.wikipedia.org/wiki/Oulu_child_sexual_exploitation...](https://en.wikipedia.org/wiki/Oulu_child_sexual_exploitation_scandal)

[9]
[https://en.wikipedia.org/wiki/Oxford_child_sex_abuse_ring](https://en.wikipedia.org/wiki/Oxford_child_sex_abuse_ring)

[10]
[https://en.wikipedia.org/wiki/Rochdale_child_sex_abuse_ring](https://en.wikipedia.org/wiki/Rochdale_child_sex_abuse_ring)

------
not_a_cop75
This could probably be reworded better.

"While the letter acknowledges that Facebook, which owns Facebook Messenger,
WhatsApp, and Instagram, captures 99% of child exploitation and terrorism-
related content through its own systems, it also notes that "mere numbers
cannot capture the significance of the harm to children." "

------
wonderwonder
Sometimes I can understand the willingness to reduce the privacy of self and
others in order to ensure that the law is able to prosecute those involved in
heinous crimes. Our current political environment though involved a president
openly calling on foreign governments to investigate his political opponents.
What is to stop them from going after the private communications of those same
opponents in the name of targeting "Corruption".

Encrypt it, end to end, the government does not need to be able access all
private communications of private citizens. There are other means of
investigating potential crimes.

~~~
mytailorisrich
> _Encrypt it, end to end, the government does not need to be able access all
> private communications of private citizens._

Law enforcement and security agencies need to be able to access _any_
communication. This does not mean that they should monitor _all_
communications.

They can eavesdrop on _any_ phone call. They do not eavesdrop on _all_ phone
calls.

The problem with E2E encryption is that it prevents eavesdropping even with
the standard legal safeguards (warrant, etc), while not being required for the
privacy of users. It is only effectively a marketing tool to convince people
to use services from providers they don't trust, although, of course, since
they control the app they can still in principle access the data.

~~~
dmix
The police have more than enough data to do their jobs without having sweeping
surveillance powers.

Even with E2E the police can get warrants for the devices which is usually
more than enough to access data.

They just want an easier job, it’s not a major roadblock. When police jobs
being easy is a good sign that privacy has been completely destroyed.

~~~
mytailorisrich
One of the points of eavesdropping is that the target is unaware of it, which
enables the police to gather more evidence about more people.

E2E is not required for privacy. There is also a difference between privacy
and the right to privacy, and a guarantee that no-one will ever be able to
know what I'm doing.

There is no absolute, including absolute right. It's all about balance: We
have a right to privacy but the police may search our homes and eavesdrop on
our communications in strict, specific circumstances because that's in the
public interest. The idea is simply to have the same online.

------
sroussey
FB has enough privacy problems, and now we supposedly want them to read and
keep all private person to person messages? No thanks.

------
surfsvammel
Sometimes I think that things like this is a problem related to age. Older
people (often those is charge) is not any where near as tech-savvy as younger
people. They just don’t understand. Ignorance. In time it will all be
alright...

------
Snickelfritz72
I claim Citizen Privilege per the Constitution and the "... Supreme Court has
found that the Constitution implicitly grants a right to privacy against
governmental intrusion from the First Amendment, Third Amendment, Fourth
Amendment, and the Fifth Amendment." __Law enforcement rooted out criminals
and organized crime before end-to-end encryption and you can do so now. YOU, a
hypocrite who testified he was against law enforcement spying on Americans
while investigating if a possible crime was occurring ... even if they have
probable cause. Public Safety my Ass!
__[https://www.wikiwand.com/en/Right_to_privacy](https://www.wikiwand.com/en/Right_to_privacy)

------
rosybox
For those of you opposed to this request from the government, what do you
think the negative consequences are for end to end encryption? Do you think
there are no negative consequences or are they just negligible? Just try and
imagine what the cost might be, how broad the impact might be and who and how
many would bear the brunt of those costs.

Nobody really cares about your personal Facebook messages to your friends and
family. You're not that important. But still considering what is being offered
in payment for this privacy, it's still worth it to you?

I'm not so sure it is, personally.

~~~
kyboren
You make the mistake of assuming the watchmen have and will always have noble
intentions. Rather, you should assume that at some point, someone in power
will have the most ignoble intentions.

What do you think the negative consequences are for a government to have a
permanent record of every private conversation made over the Internet? Bear in
mind that the fraction of all private conversations which occur over the
Internet is only increasing.

You must assume that "exceptional access" really means "routine access". While
the government claims it only wants access to _some_ encrypted content,
decryption leaves no trace. The NSA's collection posture is: "Sniff it All,
Know it All, Collect it All, Process it All, Exploit it All, Partner it All."
Does it sound to you like the NSA will sit on their hands while some other USG
functionary has the Golden Key?

> Nobody really cares about your personal Facebook messages to your friends
> and family. You're not that important. But still considering what is being
> offered in payment for this privacy, it's still worth it to you?

Perhaps you're correct now. But imagine that a decade from now, you (or a
friend or family member) become an activist or a political candidate. Now your
incumbent political opponents have a wealth of sensitive private data to mine
to find _anything_ to imprison or discredit you. The argument extends further
than your own direct interests: What happens to our political system when
policymakers are completely transparent to the NSA and their political co-
conspirators?

Considering the very real risks of a totalitarian government ruling with an
iron machine learning model, or a silent coup by military intelligence, is it
still worth it to you?

~~~
rosybox
You didn't address my question though. You're just thinking about the cost to
you personally if you don't have end to end encryption. I'm asking you to
think about the cost of having it. What's the cost. Compare that probably real
cost, a thing that is a real problem right now, with your own personal alarm
at some future imagined problem.

