Hacker News new | past | comments | ask | show | jobs | submit login
Open Letter from Governments to Facebook Is an All-Out Attack on Encryption (eff.org)
530 points by schoen on Oct 6, 2019 | hide | past | favorite | 218 comments



It's interesting how governments come to feel entitled to forms of surveillance. For thousands of years financial transactions were completely illegible to government. They took place hand to hand, either in cash or barter. But now that transactions are digitized, it is actually illegal to conduct certain types of transactions anonymously (KYC/AML laws). This came about because governments got used to being able to peer into the financial lives of their citizens, and once they got used to it, they didn't like it when people circumvented that, so they made it a crime.

The same is true here of private messaging. Governments got used to being able to read our messages. They have come to rely on it. And so now they want to make it illegal for us to keep them out.

I guess what i'm saying is: We ought to be extremely careful what we allow our governments to get used to doing. There is an argument to be made that the original sin here was allowing wiretaps at all, even when the medium was un-encrypted.


Yes.

After WWII, the US imposed a constitution on Japan. Here's Article 21: "Freedom of assembly and association as well as speech, press and all other forms of expression are guaranteed. No censorship shall be maintained, nor shall the secrecy of any means of communication be violated."

All wiretapping was illegal in Japan until 1999.[1] Even today, it's very rare. 40 wiretaps in 2017.[2]

[1] https://www.iol.co.za/mercury/world/japan-passes-controversi...

[2] https://mainichi.jp/english/articles/20170217/p2a/00m/0na/01...


> "... nor shall the secrecy of any means of communication be violated."

> All wiretapping was illegal in Japan until 1999.

So, at the end of the day constitution is just some document that holds no real power and can be violated once those in power are no longer interested honoring it.

And this is the primary reason for people to have encryption. It's not to protect from some random wannabe hackers, criminals or corporations (which the government can enforce laws against), it's to protect from the government itself. This is why media conversations sound weak and incoherent about encryption and privacy, they are afraid to talk about the biggest reason, don't want to openly and directly oppose the government and instead choose to entertain and dance around all those manufactured ideas.


Is this argument different if you replace encryption with the right to bear arms?


This particular argument? Not as phrased, no.

The main point often raised around the right to bear arms is that, as currently interpreted in the US, it comes at a steep cost in homicides and suicides.

Encryption doesn't really have comparable collateral damage in society. There's the whole "but terrorists and pedophiles will hide behind encryption" argument, but even if you granted that and could measure the impact, there's little chance it would be anywhere near equivalent to 30 000 deaths annually.

So: a more nuanced version of this argument would point out that there's little to no harm from allowing widespread strong encryption, whereas there's widespread demonstrable harm from allowing widespread firearms.

To compound this, the reverse harms - lack of privacy / security on one hand, strict monopoly of force on the other - are hard to compare. Both have the potential harm of leading to unchecked tyranny, along with the potential benefit of maintaining national security and civil order; depending on which side of the debate you're on, the tendency is to downplay either the harm or the benefit and exaggerate the other.

Any reasoned comparison here ought to take into account that the tradeoffs are clearly different.


I don't think it can be an argument for offensive weapons. It's the opposite for offensive weapons. As the government can always have better and more of offensive weapons and letting people have them would just be an excuse to use them against people, make people fear the government, etc.


> No censorship shall be maintained

How does that square with Japanese censorship of pornography?


Same way as in the US and many western countries. https://en.wikipedia.org/wiki/United_States_free_speech_exce...


It's not censorship; they actually have pixellated genitals.


Perhaps they don't bundle censorship of ideas and political messages and discussion with censorship of people fucking for others' entertainment...


what about people fucking for the sake of proving a political point?

what decides which way their motivation swings, legally?

perhaps they, and others, shouldn't consider the lines between censored topics to be so vividly painted as 'indecent' or 'not'.

it's an issue that some of the most important law-shaping courts in the world have argued back and fourth about for years; the criteria for concluding what is or isn't indecent.


>what about people fucking for the sake of proving a political point?

Then they can always find another way to make the same point.

>what decides which way their motivation swings, legally?

Society, courts, etc.

>it's an issue that some of the most important law-shaping courts in the world have argued back and fourth about for years; the criteria for concluding what is or isn't indecent.

Yes.


>Then they can always find another way to make the same point.

Making a political statement in certain way is itself a statement.


That is the censorship of a political idea - that the government has no place censoring depictions of what is responsible for every human being's existence masking itself as "morality" and "community standards".

"But advocating it is still legal" would be no more valid an excuse than making displaying or depicting police misconduct illegal but nominally allowing advocacy against police misconduct. The point of censorship is enforced ignorance to maintain control.


The Jakuza probably appreciated that!

Now they have to be more careful.


I have a suspicion you might be a criminal. Tell us the passwords to all your accounts to prove your innocence.


That is a very lame straw man argument.

Are you sure you appreciate how many criminals got convicted because their phones have been tapped?

Does your stance against lawful surveillance also mean that law enforcement must never try to look into a suspect's seized phone or computer?


You speak of strawman, yet respond with more strawmen.

Interesting tactic.

But, ultimately, the security and safety of the American public is served best by actually using software and services that are safe and secure. When the Federal government works against that they are undermining the security of the American public.

It's not very complicated. The interests of the government do not align with the interests of the American public.


It's not a strawman. If you oppose my statement that the Jakuza probably liked using normal telephones without fear of the police listening (on what logic exactly), you do seem do advocate totally outlawing surveillance, don't you?

And if you really don't think surveillance should be completely outlawed, as it was in Japan for a time, then you don't have any basis for disagreeing with me.


>It's not a strawman. If you oppose my statement that the Jakuza probably liked using normal telephones without fear of the police listening (on what logic exactly), you do seem do advocate totally outlawing surveillance, don't you?

Well, Jakuza could find 50000 ways to bypass the "police listening".

Tapping telephones had not really helped thwart Latin/Central American drug dealers (which got 10x as big and dangerous from when wiretapping was far more difficult).

Heck, in Italy, where the state could quite easily wiretap anybody, has a much bigger "Yakuza" style problem...

Plus, a state can always get warrants and tap when it's needed, e.g. for suspected or known Jakuza members, without having to do it for everybody...


> Plus, a state can always get warrants and tap when it's needed, e.g. for suspected or known Jakuza members, without having to do it for everybody...

Wait, but this sub-thread started with "all wiretapping was illegal" - so it was not only warrantles wiretapping that was illegal, if I understood it correctly.


Well, if someone isn't willing to accept that easy evasion of surveillance (normal phones) rather than more difficult evasion (burner phones, code words, walkie talkies) is a benefit to criminals, even though countless criminals are convicted because of exactly that surveillance, there is no common reality left over which to argue, is there?

Fun Fact: Central American cartels have indeed switched to communication channels that are harder to intercept. And boiling down such a complicated issue as cartel violence to a simple issue as phone surveillance is at best dishonest.


>Well, if someone isn't willing to accept that easy evasion of surveillance (normal phones) rather than more difficult evasion (burner phones, code words, walkie talkies) is a benefit to criminals, even though countless criminals are convicted because of exactly that surveillance, there is no common reality left over which to argue, is there?

Well, if one can't use basic common sense, and instead believe that just because wiretapping was illegal, criminals the Yakuza casually talked in normal phones and didn't already use burner phones, code words, walkie talkies, etc, I don't know what is left to argue...


You just don't want to listen, do you? It's a basic fact that criminals use basic communications like phone and text messaging all the time. It's a fact they get caught because of that, all the time (sometimes even the most sophisticated and organized ones). It's a fact that using less susceptible means of communications, like walkie talkies and encrypted messaging, is more difficult.

Which of these basic facts are you disputing?


You are being very defensive. This makes you even more suspect.

Why won't you hand over your passwords if you have nothing to hide?


Why won't you reply with a logical argument if you disagree with something? Maybe because you can't defend your position with logic?


Why won't you just hand over your passwords and put this whole matter — for both sides of the argument — to rest?


His is a very logical argument.


> Does your stance against lawful surveillance also mean that law enforcement must never try to look into a suspect's seized phone or computer?

By all means, try. A warrant authorizes the attempt; it does not guarantee the outcome.


A warrant can also authorize surveillance, at least in most countries. In Japan even that was impossible until 1999. That's why I said the Jakuza and other criminals in Japan probably liked that policy...

And both surveillance and the seizure of evidence are routinely the key to convicting criminals. Outlawing court-approved surveillance or even seizure of evidence makes basic laws, like against homicide, much less enforceable.


>That's why I said the Jakuza and other criminals in Japan probably liked that policy...

Well, they also liked that other policy, that suspected Yakuza members can't just be shot on sight -- but had to be arrested, go through trial, etc.

So?

Bad guys liking a policy and the policy being generally bad is not the same thing...


Again with the straw man. Please read more carefully.

I did not imply anything with that statement but the pure and simple fact that the Jakuza has at least one big extra problem to deal with since police are actually allowed to tap their phones.

And you could also be more honest by saying that total privacy is more important to you than a significant portion of criminal convictions. I don't think that's a good tradeoff.


>I did not imply anything with that statement but the pure and simple fact that the Jakuza has at least one big extra problem to deal with since police are actually allowed to tap their phones.

I seriously doubt it is a problem for them, much less "a big one". What kind of amateurs speak openly on their regular phones about covert action, whether it's legal or not to wiretap them? Besides the fact that the police could be listening in (illegally, but still routine in most of the world) to get useful tips (and use them, just without expecting to use the recordings in a trial), rival gangs could also listen in on their plans, and so on...

>And you could also be more honest by saying that total privacy is more important to you than a significant portion of criminal convictions

Considering that Japan is perhaps the safest countries in the world (and was for decades while wiretapping was not allowed), and the US and UK with dead easy access to wiretapping warrants and mass surveillance are of the worst western countries in regards of crime, I don't think there's that much to teach the Japanese with regards to getting more "criminal convictions"...


What kind of amateurs use basic phones for criminal activity? Well, apparently a whole lot of them, looking at criminal convictions based on such surveillance. Are you disputing that basic and obvious fact?

Sorry, but this is not a fact based argument any more. You are somehow trying to convince me that, despite all evidence and data, wiretaps are useless in prosecution of criminals. I'm not having that, anymore.


How has the conviction rate changed since 1999?


The conviction rate in Japan is bonkers and has been for a long time.

http://hakusyo1.moj.go.jp/en/61/image/image/h002003001001h.j...


That is completely irrelevant to the discussion because such a rate would depend on a huge number of more significant factors.


You talk about governments as if they were an alien sentient life form ("governments ... feel entitled"). They're not. They are groups of people who serve constituencies. You could tell the exact same story in reverse: the lack of surveillance technology made people feel entitled to anonymous financial transactions. The feelings of entitlement (if you want to call them that) follow the available technology. But ultimately these decisions are always trade-offs between one feeling of entitlement in one constituency and another feeling of entitlement in another. In this case, one side feels entitled to privacy, the other, to security (or the illusion of security, which some people find valuable even in the absence of actual security).

I point this out not because I disagree with your baseline position that privacy is valuable. I don't. I point this out because i believe that arguing for it on the basis that government feelings of entitlement are somehow less legitimate than the feeling of entitlement of non-governmental constituencies is not going to be an effective strategy because it's based on a false premise.


I've witnessed in the last couple of years several politicians arguing vehemently for something their constituency wants, such as safe access to encryption, and then they're taken aside and briefed on something by the intelligence service, and completely flip their views.

The constituency hasn't changed their views. The politician was still elected on the same platform. But they no longer serve the constituency.

I can well-understand the feeling that the government is a separate entity, and behaves differently.


It is very hard to put a finger on exactly why though. Politicians discover that their pro-good-ideas stance puts them at odds with powerful forces. Consistently. But it seems unlikely that there is an actual conspiracy afoot. There is some powerful incentive structure at work. Take war for example. It seems that consistently peaceful candidates are voted in then they end up invading somewhere.

It may be military lobbying; but even then it seems a little strange that absolutely no progress gets made on issues that seem to have a remarkable amount of support from what must be most voters. People voting for humanity or economic reasons would agree that endless overseas wars are a mistake - that catches most voters. Realistically it should even catch the imagination of the foreign policy people; power projection is one thing, but killing foreigners doesn't put America in a great place for the next generation.

It would almost be more helpful for politicians to honestly state why they keep flipping their positions rather than sending another smooth-talking politician in to see if they flip. Surely there must be some equilibrium where less people die but all the insiders are happy.


Some of the turnarounds are utterly baffling.

I would understand to a certain extent if the national intelligence briefing informs the politician of a dozen programs that are reliant on the premise and have prevented x number of attacks and so on.

But I've seen politicians flip completely after a single 20mins meeting. From fiercely against to fiercely for. For those cases, I've held my judgement, because I don't have a non-insane answer for why this happened, but everyone involved is presumably a somewhat-logical human being, and people don't let go of beliefs easily.


And most likely what they're told is hey, do you really want to spend political capital on this and risk going against us, or do you want to pursue things you can change enough to get reelected


Is easy to see that the government is not in the hands of anything one may call constituency but in the pockets of the most wealthy, such thing is easy to see when you read how the wealthy pay less taxes than they have ever done historically and even less than the average american[0] despite being only a tiny amount of people in favor of such policies.

[0] https://i.imgur.com/xhYCQh4.mp4 (from https://www.nytimes.com/interactive/2019/10/06/opinion/incom...)


>You talk about governments as if they were an alien sentient life form ("governments ... feel entitled"). They're not. They are groups of people who serve constituencies.

Lately, I've been thinking about what's happening in HK, and how the protesters were pulling down facial recognition towers. Without that, the social credit system is crippled (a bit). If enough people made it their business to take down a tower, here and there, with enough frequency, the govt would probably find a way around it but, still, that big, powerful government weakens when the right/wrong citizens get together.

And even when the govt says no masks are allowed, there are ways around that, too [1]

1 - https://www.reddit.com/r/specializedtools/comments/ddu3eh/ho...


> I point this out not because I disagree with your baseline position that privacy is valuable. I don't. I point this out because i believe that arguing for it on the basis that government feelings of entitlement are somehow less legitimate than the feeling of entitlement of non-governmental constituencies is not going to be an effective strategy because it's based on a false premise.

I am not arguing that. I was explaining the process by which the feeling of entitlement arose. The argument for the legitimacy of privacy rights is one I assumed I didn't have to make at all in this venue. I suppose we could have that debate if you want, but I was not trying to make that case here.

If we assume as an axiom that privacy is a right, the question then becomes: how do we structure our governments and public institutions to protect those rights? And one answer to that is to be more intentional about which invasions of privacy we allow than perhaps we have been in the past. With the foreknowledge that governments and institutions will come to depend on any access they are given.


> If we assume as an axiom that privacy is a right

But you can't assume that. For everyone who thinks that privacy is a right you can find someone else who thinks that safety and security is a right. Neither of these follows from the laws of physics. Which one ends up being a right (or which one ends up being the more "fundamental" right that ends up trumping the other) is a function of what we as a society decide.

So you can't win this fight simply by standing up on a soap box and proclaiming that privacy is a right. You have to come up with an argument for why losing privacy is a greater evil than letting the bad guys get away.


Security from the things that the violations of privacy are meant to stop is already a right. Most governments hold that children have the right to not be molested.

It’s the governments duty to uphold that right whether they can read communications or not. A right to security absolutely does not mean no right to privacy. That’s a false dichotomy.


> For everyone who thinks that privacy is a right you can find someone else who thinks that safety and security is a right.

You can't strip away people's privacy without violating their safety and security in the process. These positions are not in conflict.

And "society" doesn't get to decide what is or is not a right. Individual people decide that for themselves.


Please read the rest of my comment. I'll say it again: None of what I am saying is an argument for privacy. We can have that debate if you want, but this is not it.


“constituencies” is a great untruth isn’t it, they largely serve themselves and the people who give them money.


If politicians in democracies can survive without serving their constituencies, that means their constituencies are letting them get away with that. For example: the voters might have failed to vote for sensible campaign financing reform so that politicians serve financial interests more than voters.

In the end these possibilities are always given by voters, and they can only be taken away by voters.


In the real-world countries often referred to as "democracies", most meaningful choices involving voting are on too large a scale (country-wide, and decade-long time horizon), and rigid (binary choice, irreversible), for voters to get any taste of democracy (other than the average citizen being mostly protected from extreme abuse).

In the end, decisions are taken by a republic. If this republic doesn't serve its constituency, there isn't much the constituency can do apart from waiting for the next term and then vote for the second most popular party.

This is well examplified by the fact that protests are still a thing in countries thought to be democracies. Historically, protests are a tool against dictatorships. If citizens had proper democratic agency, they would not have to disrupt their own country's economic activity in hopes to bend their leader's arm. It's a very inefficient and fuzzy decision-making mechanism.

That's why the proper term for the current popular government system is "democratic republic", not just "democracy". An actual democracy on the scale of a country would be way more complex than what we have now. It would probably be closer to the economic market in terms of complexity. We might get there one day, but calling our current systems "democracies" is proper newspeak.


> An actual democracy on the scale of a country would be way more complex than what we have now. It would probably be closer to the economic market in terms of complexity.

In fact, it would be exactly the economic market. The ultimate form of democracy is 100% economic means ("vote with your wallet") and 0% political means (force).


... which implies there is an option on the ballot that has a hypothetical, "good", surveillance-free candidate.

There is not.


That is again something the constituency can easily change. It just needs one of the many anti-surveillance voters to be willing to run for office.


Voters don't vote on particular decisions, or even on decision makers for particular issues, they vote on one decision maker for all issues.

How likely is it that an anti-surveillance candidate also happens to satisfy more than 50% of voters on aspects other than surveillance?

Since surveillance is low on the list of priorities of most people, it's a rational choice for them to ignore the candidates' stance on surveillance while choosing their preferred candidate.

As such, the stance of republican leaders on low-interest, non identity-defining aspects like surveillance is mostly unaffected by democracy.


> the people who give them money

What do you think "constituency" means?


In the UK at least it has a very specific definition relating to a population of voters living in a defined geographic area.


>They are groups of people who serve constituencies.

They also exist to serve themselves.

That is not their purpose but that is what ends up happening with most institutions.


Aren't you missing power hierarchy in those entitlement examples? If one entitled to something but has no power, does it really matter? It only matters if power is involved and the entitlement can be enforced.


AML laws are nuts. They operate on the presumption of guilt. That is, the burden of proof is on you to prove the money's provenance is not illegal. It's pretty scary. I have some BTC I mined back when they weren't worth much and those AML laws make me worried to cash out.


What we need are innovative ways for organizations to manage and organize themselves without relying on the traditional method of putting a few people or special interest groups “in charge”. Inevitably, the types of people who seek out those roles wreck the intentions of the organization that they lead.


It's not that they got used, it's simply because they can do it with today's technology. They quickly got to using all sorts of atrocious things such as poison gas and nuclear bombs as soon as they were possible. Same with street surveillance. The cat's out of the bag now, can't turn time back and pretend we can't track every message anymore since we had cheap storage, cameras, internet and AI to sort through the collected data.


It's not that "the government" feels entitled, but rather that surveillance - even and especially the very limited, court-approved, kind - is essential to law enforcement. As in dismantling organized crime and preventing terror attacks.

For me it feels too easy to say "the government" has no legitimate interest in intercepting communications.


> It's not that "the government" feels entitled, but rather that surveillance - even and especially the very limited, court-approved, kind - is essential to law enforcement. As in dismantling organized crime and preventing terror attacks.

This isn't actually true, though. It may be essential to enforcing the law at the level we have come to expect. But that is sort of my point: whatever governments are given, they will come to depend on. Once a capability has been granted them, it can never be taken away.

For instance, let's say someone builds a mind-reading app, that records everyone's thoughts so we all have cool thought journals. Of course it needs to store these journals in the cloud, because why not? This will immediately be used by law enforcement to prosecute crimes. And why wouldn't it be? Everyone's thoughts are literally right there for the taking, sitting in an AWS datacenter somewhere. Once this becomes the norm, it'll quickly be made illegal not to journal your thoughts, using the exact same reasoning you just elaborated. It will have become essential to the enforcement of law that police have this tool. And the people saying that will be right - the removal of that tool will represent a degradation in law enforcement capability, no question about it.

We just have to decide which kind of society we want to live in. Sometimes the price of freedom is more crime. In a democratic society, it's up to us to choose how much of each.


> surveillance - even and especially the very limited, court-approved, kind - is essential to law enforcement

This is a meme that keeps getting repeated by proponents of dragnet surveillance, but they're all palpably quiet after each terror event. Because it wasn't caught despite perpetrators already usually being persons of interest and subject to said dragnet surveillance.

We are far past the point of diminishing returns in terms of counter terrorism efficacy vs. surveillance cost and impact. 'Think of the children' and 'think of the terrorists' are quantifiable, provably, bullshit arguments.

There is a very real cost to widespread surveillance, including financial. You can't justify that cost with preventing maybe 1-10 deaths per year when the same marginal increase in healthcare resources would save 10k-100k per year.


Do you want to say no terrorism has been prevented by lawful surveillance?

The number of 1-10 deaths per year is completely ridiculous. And distorting the fact that law enforcement is not just about preventing terrorism. Can you count the number of cases where criminals have been convicted because of surveillance?

I don't think you'd like a world where criminals can evade any surveillance just by outlawing all of it. You don't even need to think about drug traffickers, terrorists or pedophiles. Just think about all the "unorganized"/private murderers that have been convicted partly because of telephone recordings or, yes, text messages.


> Do you want to say no terrorism has been prevented by lawful surveillance?

There could be no verifiable data on how much is that. Maybe many, maybe none.

Yet the facts are: terrorism is not a huge threat. There are few terrorists, even fewer successful ones. It's three times more chances of getting killed by a lightning strike here in Europe, than by a terrorist.

Another fact is: the vast majority of people are good decent people, who behave well and not blowing up planes, shooting jews in synagogues etc.

Hence, the surveillance measures taken to "prevent terrorism" have costs vastly surpassing the benefits, since the majority is suffering for the sake of (allegedly) diminishing of already tiny numbers [1] [2].

Not to mention the increase of risk of waking up in a totalitarian state.

[1] http://www.europarl.europa.eu/news/en/headlines/security/201...

[2] http://www.europarl.europa.eu/news/en/headlines/society/2019...


You're talking as if unbreakable end-to-end encryption doesn't exist today. It exists and we are not suffering horribly because of it.

On the other hand, we will suffer horribly under an authoritarian panopticon if it is able to come into existence.


More people need to know the meaning of the term panopticon. Bentham and Foucault need to be mandatory high school reading.


Not everybody goes to high school; not everybody that goes to high school participates; not everybody that participates comprehends. We've had a suitable version of this, 1984, recomended for some years now. Only a small percentage of people however fully comprehend the meaning of the term "Orwellian", as evidenced by the popularity of many of the early Telescreen prototypes in the guise of smartphones, smart TVs and home voice assistants ...


The problem is that governments themselves undermine this argument by constantly expanding those limits until everyone is subject to surveillance at all times.

Surveillance powers that are introduced to fight terrorism or child exploitation end up in the hands of local authorities for their war against fly-tipping and dog fouling.

https://www.theguardian.com/world/2016/dec/25/british-counci...


Then you better not argue about encryption with Facebook but about laws with your legislature...


I don't think the law can be cleanly separated from the reality of politics or the economics and practicalities of law enforcement.


>even and especially the very limited, court-approved, kind

Unfortunately historical precedents shows this to be false -at least to an important degree- meaning this power will be abused and misused: FBI controversies abound[0], from covert operations on political groups (e.g. Martin Luther King) to more recent investigation into misconduct at the DOJ and FBI over its probe of Hillary Clinton's private email server; in the same vein 85.000 law enforcement officers have been investigated in the last decade for misconduct[1], as noteworthy the time the LAPD (Los Angeles Police) helped fuel the crack epidemic[2], or when the FBI mistakenly relied on wrongly classified DNA evidence[3] during 25 years (involving 268 cases), historically some of the strongest racism USA has seen was from the police itself when Harry Anslinger as head of the FBN created the war on marihuana specifically to target black people, famous for saying "This marijuana causes white women to seek sexual relations with Negroes, entertainers and any others."[4]

[0] https://en.wikipedia.org/wiki/List_of_FBI_controversies

[1] https://www.usatoday.com/in-depth/news/investigations/2019/0...

[2] https://www.globalresearch.ca/crack-and-the-contras-how-the-...

[3] https://www.businessinsider.com/people-may-have-been-wrongfu...

[4] https://timeline.com/harry-anslinger-racist-war-on-drugs-pri...


No case of abuse of such powers negates the relevance and importance of legally approved surveillance to enforcing laws.


Why not? How much abuse is too much for you? Is there a threshold I can read about and about any logic behind it?


I never claimed there is no abuse. I specifically stated that surveillance, even limited through laws, is essential to most of law enforcement.

Transgressions about such limits don't somehow make it untrue that many criminal convictions in all sorts of areas are based upon entirely lawful surveillance. I don't think there is any solid argument society would be safer if all such surveillance was deemed illegal.


How do you know the abuse from having those new surveillance tools will be lesser than the good they will provide?


Even if we accept public surveillance I think technology has to be the boundary. We push so much data into our smartphones, most of us literally sending our thoughts through private companies non-stop.

To allow digital surveillance is to allow the government into your head and our children's heads.

No.

It stops here.


End-to-End encryption is not about preventing "Digital surveillance" at all. Nor does it prevent Facebook from abusing your data.

The only benefit to an average user is that no Facebook employee can look at your text messages. Law enforcement agencies don't look at text messages of average users, and even in the collect-everything scenarios, they don't take notice of virtually anyone, on average.

It's really mostly the criminals that benefit disproportionally from default encryption in facebook messages.

From the perspective of US law, you might not want LEAs to read your text messages, but even if they could, they can't do anything about it even up to threatening them. Free speech in the US is pretty limitless, up to the point that such speech infringes on the rights of other people or endangers them.


Okay. But who gets to define what constitutes a criminal?


In the particular case of US jurisdiction, and many other Western democracies, that is defined by the applicable laws as issued by the legislature.

There is no better way to define "criminal", despite all the shortcomings.


Facebook is not giving over text messages of average users to law enforcement, so far. It still requires due process for LEAs to get that data or to do anything with it.


I beg to differ. I actually don't mind targeted ads, but I do have a massive problem with Facebook giving that data to the government.

> Free speech in the US is pretty limitless, up to the point that such speech infringes on the rights of other people or endangers them.

The US Constitution explicitly makes calls to violence illegal.


> The US Constitution explicitly makes calls to violence illegal.

Um, no it most certainly does not.


Okay, more like calls to violence aren't protected free speech.


The text of the US constitution has no explicit exceptions to first amendment, those were introduced by the supreme court upon interpretation of the purpose of the amendment.


Yes, in fact, they are. Under the current state of jurisprudence.


It’s not like this is the first time this has come up: what do the crime statistics look like for 2016, the year WhatsApp implemented end-to-end encryption?

If an effect can be isolated to being caused by WhatsApp going dark that would help qualify how essential these warrants were to preventing and/or prosecuting crime.

It’s easy to bend statistics, but it would be better than nothing. Right now it feels like we have to take the government at their word when they say this is an important thing they need, with the only evidence for that either being “we used message warrant evidence in court so it must have been critical, right?” or “think of the children!”


Organized crime and terrorism are basically nonexistent threats except to the people involved in those things.

The war on drugs and the war on terrorism did no net good. Saying we need to give up our freedom so the government can continue doing those things is naive at best.


There's nothing wrong in what you've said, but it doesn't help with the other side of the argument, which is catching child abusers/terrorists/baddies.

The biggest problem (and my understanding is that it's much more widespread than the others we hear about) is the sharing of child abuse imagery.

I think these governments and the EFF are both being willfully blind asses here. Governments don't see that their people don't trust them to have sound morals (because of their shitty morals) and the EFF is so laser-focused on privacy that it wants to wave it's hand about child abuse as the lesser of two evils.

Someone needs to come up with a system that doesn't offer shelter to paedophiles, soon, or their going to lose the argument in the eyes of the public (and then legislatively).

I don't think it's possible to do both of these things, so I think we're ultimately going to lose the argument. Would be nice to be surprised though!


I get the downvotes, but this gets ignored at our collective peril.

E2E encryption, for all it's many benefits, does allow bad people to do bad things with impunity. Turning a blind eye to that because we want the privacy benefits isn't going to fly forever, and the solution that non-tech-savvy legislators will come up with if nothing is done will invariably be much, much worse than anything we can think of.


I think you are right about the problems with the EFF arguments and the issues of providing easy shelter to criminals such as traffickers of child pornography (and many other, less emotional offenses).

I'm not for legislation against end-to-end encryption. But Facebook does have to answer those questions about its policy. They will also have to answer for cases, where predators go free because the texts to their victims can't be recovered...

No easy answers here!


Throughout history when societies enjoy above average improvement, it is because they are able to displace inheritance-based systems. These inheritance-based systems hand out benefits to random children, they subvert progress by enabling the incompetent and disabling the competent. Commonly, people who inherit stuff (money, authority, property) keep skewing laws to prevent others benefiting from the fruits of their labor, so that inheritors can maintain ownership. They do this by paying to skew laws to benefit owners over achievers.

If privacy doesn't exist anymore, then the inheritors will receive a level of power they have never had before. They will be unstoppable. We will reach an end-state of cultural-political development where the inheritors will no longer be challenged. We have had dark periods of time when inheritors have ruled for long periods, ancient Egypt with mass enslavement for example. Without privacy we will reach an event-horizon of wealth inequality, and no political counter-movement will be able to take root to challenge it. We are seeing the beginning of this in Hong Kong, we are seeing it in an uncompetitive pay-to-play patent system, in an increasingly monopolistic corporate environment, in increasingly uncompetitive marketplaces in dark pool trading systems, and in Apple/Microsoft/Facebook/Google/Amazon app stores and tech markets.

The threat to privacy is the greatest threat to progressive civilization we have ever encountered IMO.


This reminds me of one curious legend / hypothesis about the last days of Atlantis that I read in some book. The story was basically that during the Atlantis era, the "world config" was tuned slightly differently and that allowed what we'd call magic: curious long distance effects that could be caused without the modern tech. For some time it went well, but then it started sliding to the dark side: bad and evil people, that could use anything to gain power, kept winning over the good people who were restricted by "moral" and things like that. By about 10,000 B.C. the power of evil people became indisputable: they could see nearly everything and could instantly squash any opposition by means of notoriously powerful black magic. There were a couple unsuccessful attempts to bring power back to good people, but it never worked for long time: evil people kept taking it back quickly and efficiently. I think, the Lord of The Rings book took the idea from that story. The situation looked completely hopeless and there was no point to continue running this show, so shortly before 10,000 B.C. the entire civilization was "hard reset" and the "world config" was tweaked to prevent any long distance effects. Since then people are following the technology track. As we see, it's taken only 12,000 years to replicate the very same system without any magic: powerful long distance weapons and amazing surveillance technology that would impress even the Sauron form the movie. We are only missing that Sauron who would consolidate all the power.


> We are only missing that Sauron who would consolidate all the power.

https://news.ycombinator.com/item?id=21074907

“And nine rings were gifted to the race of men, who above all else desire power. […] But they were all of them deceived.”


Where did you come across this curious legend??


That book was written a few centuries ago by one bishop.


What's the name of the book? What's the name of the bishop?


What's your source for ancient Egypt having mass enslavement? The sources I've read on the matter indicate that ancient Egyptian society was no more and no less reliant on slavery than its contemporaries (like the Phoenicians). The popular image that we have of the pyramids being built by vast armies of slave labor is a myth. Most Egyptian monuments, like the Pyramids or the temple of Ramses II were built using paid wage labor that would have been otherwise idle during the dry season.


>"‘We cannot hide from my lord that, with all the money and animal stocks consigned to my lord, nothing is left at my lord’s disposal save our persons and our farmland. Let us not perish before your eyes, both we and our land. Take us and our land in exchange for bread, and we with our land will be serfs to Pharaoh; provide the seed, that we may live and not die, and that the land may not become a waste.’ (JPS Tanakh, 2000)

“Smoothing out the ravages of the business cycle” indeed. What Mr. Ruby ignores, and what the text devotes many verses to emphasizing, is that central planning of the kind undertaken by Joseph and Pharaoh ultimately leads down a Hayekian “road to serfdom.” Here, what starts as a grain shortage brought on by natural cycles in the east wind and the Nile’s ebb and flow is leveraged by a government with authoritarian ambitions to utterly enslave the people – better yet, to have the people beg the government to enslave them! This much is clear: the more the coercive power of the state is deployed in the name of preventing individuals from making bad decisions about how to arrange their own sustenance, the greater will be the eventual loss of individual liberty."

https://www.timesofisrael.com/the-road-to-egypt-job-creators...

It's a source, whether you deem it credible or not.


That's a very strange and non-standard definition of "slavery". By that definition, any job-creation programme undertaken by any government at any time in history is "slavery" or "serfdom". You're free to define "slavery" in that manner, of course, but then don't be surprised when others find your definition confusing.


Lack of coinage was probably the culprit.

What other way does a central authority coordinate a basic income to a large population? Well, if they're on the roster and they have the documents, they get their share of the harvest.


Precious metal commodity money is held to have emerged as a consequence of this, at least by Graeber.


> If privacy doesn't exist anymore, then the inheritors will receive a level of power they have never had before.

I’m having a hard time understanding your implication here. Wouldn’t the inheritors want more privacy as that would lessen the visibility of their actions and those involved?


> Wouldn’t the inheritors want more privacy

For themselves - not necessarily for others. And when privacy is invaded, only the powerful get access to the resulting information.

There's also the matter of who needs privacy - the loss of it hurts those without power to defend themselves more. E.g. Hong Kong protesters are rightly worried of being identified.


If I understand the grand-parent correctly, his/her point is that the lack of privacy gives more control to the inheritors as they can use that as a way to pass more stringent laws governning communications and enforce blanked surveillance as a way to quash dissent.

There is an assymetry because the procecutions under these laws will not be as effective against of those who have the means to defend themselves against them (basically money and influence).

Also the loss of encryption will probably not affect all means of communication but getting mass-appeal apps like FB and WhatsApp to forego with encryption means most people would then easily become 'surveillable'.


For a more concrete example:

At present, a new item in the news cycle is a 2nd whisteblower coming forward about Trump - Ukranian things.

This person is apparently being represented by the same lawyers as the 1st person.

If (all) encryption becomes subverted, that law firm would have no effective way to store and/or communicate details digitally. Back to pen-and-paper records, only meeting in person in (eg) secluded locations, etc.


The "meritocratic" system is as big a fraud and every bit as bad (if not worse) than the inheritance system.


Please explain how it’s worse than inheritance.


What's merit? Who defines, what the merit is?

The majority definitely couldn't judge merits, since avg Joe knows nothing about surgery or economics.

The institutions couldn't regulate themselves as well, since this leads to corruption, where the most politically active are getting to the top and starting to regulate on the loyalty basis. We need external checks and balances for institutions as well.

We can't have a meritocracy without an external authoritative voice judging, what's the merit. Hence any meritocracy or even technocracy applied is ended up being a authoritarian, ineffective corrupted mess. We had this in soviet union, we had this in china.

The idea that people should be judged by merits and the best scientists, academics, writers should be at the top ended in soviet union with the distortion of the very notion of merits and values: careerists got to the top and ruled out actual smart people, turning institutions into corrupted mess.


This is a giant strawman. In market economy, merit is judged by the people, according to whatever dimensions they value / care about (could be different for different people). The whole point is just that the barriers to entry are (relatively) low and people are (relatively) free to prove themselves. See a shitty sword and think you can do better? Pick a hammer and make a better sword. No requirement for you to inherit membership of the swordmaking guild. Of course there are still barriers, but they're lower than in non-merit-based systems, and serve (ostensibly) different purposes (e.g. protecting consumers, not protecting the elites).


Absolutely a lie, because it's predicated on the false belief that we all start from the same point.

Most of the accrual of wealth in the 'meritocratic' system also goes to the inheritance class - in your example, see a shitty sword and think you can do better? Get a world-renowned swordsmithing coach, have the finances to work at it all day for however long it takes, import the best materials, buy the best workshop, then reap the rewards - all while talking about "your hard work and dedication" and claim everyone else could do it too.

It's total, and utter, bullshit.


I think you're conflating a few things. All meritocracy is, is saying "he gets the job because he's the best" as opposed to "he gets the job because he's my/the king's son". Why someone is the best, is a completely different question. Talent, effort, genetics & IQ, education, nutrition (possibly one of the biggest contributors to the rise of IQ in the 20th century), ... Now, I think it's prudent, from the perspective of society and/or individual companies, to not just consider who is the best right now but also who has the most potential (to be the best in the future), because extreme innate talent seems to be widely distributed and found in unexpected places (e.g. Ramanujan), so societies that fail to identify and develop that talent are losing out... But then, this idea is orthogonal to meritocracy (e.g. already the Habsburg empire recognized the value of public schooling and literacy of the general population).


At least inheritance was honest - you didn't do anything to deserve it, and everybody knew it.

Meritocracy is a lie, but it's sold as a feel-good truth: you could just come from the ghetto, work hard, and by gosh, be successful! Of course that isn't the way it plays out almost ever - we tell ourselves that the supremely rare few who it does work out for could be everyone else if they just WORKED HARD. It's a LIE.

Meanwhile, we've accepted this disgusting fiction, and we place the blame squarely on REGULAR PEOPLE - any system that requires you to be exceptional to succeed (or even have food security!) is a failure, but one that cloaks the actions of the inheritance class as "merit" (as they are best able to, of course, "compete" - with coaches, perfect nutrition, educational trips, etc) is MORE insidious and evil - and it doesn't actually displace that same inheritance class!

The technically literate, ironically, eat that meritocratic shit up for some reason. The same people who built surveillance capitalism, destroyed the poor with the "gig" economy because it always "seemed to work for them!", built the methodology of tracking everyone's persuasions and beliefs online to be used for propaganda or ethnic violence, who repackaged sub-prime mortgage suffering as a "data science" problem.

Tech people, especially those who believe in "meritocracy", are so painfully blind, they don't even understand that the wheel will come around for our skill set - we're in a weird period of history where our technical skills are extremely profitable. Rather than making the world better, we've caused the kind of damage that drives a stake in the heart of our very society. Very Promethean.

If we were as wise as we were smart, we wouldn't be here - we're the brightest fuckwits in the whole world.


> Meritocracy is a lie, but it's sold as a feel-good truth: you could just come from the ghetto, work hard, and by gosh, be successful! Of course that isn't the way it plays out almost ever - we tell ourselves that the supremely rare few who it does work out for could be everyone else if they just WORKED HARD. It's a LIE.

Just one example is worth having a meritocratic system, IMO. (Btw, meritocracy isn't based on hard work, just on output - whether it's genetic, or a result of effort, or whatever is irrelevant.)

https://en.wikipedia.org/wiki/Srinivasa_Ramanujan


We set the bar above where regular people can succeed, and claim ONE example 'validates' meritocracy?

Even with all the trash I listed about it? It's a lie and a shit belief.


Actually inheritance has a lot of merits, even though they're mostly for societies with poor general education. Who do you want to be ruled by? A person without any education and experience, or somebody who has been nurtured surrounded by diplomats and rulers for their entire life?

Of course it's a roll of the die. Of course you might end up with a cretin or a criminal. Of course it's made worse by inbreeding which comes with inheritance. But it's still the best roll of the die you have.


I think you have to qualify that blanket statement and give your definition of "merit".


I think you wanting them to define merit may prove their point. Who defines what merit is? Merit, depending on time and place, has been as arbitrary as your level of attractiveness, wealth, religious conviction, political conviction, etc. Merit means something different to many different people.


Most things in life require some sort of technique or procedure which can be done poorly or can be done more well (less wastefully?)

These can be objective metrics. They can be measuring pretty much anything you want, and you usually find a way to get better at it.

I think finding the right things to measure is the most challenging part, almost because of the fact that you can usually 'game the system'.

But to deny merit completely or find it in contempt is in my unearned opinion, a fear response in denial of the massive amount of skill a small but influential number of people develop in all sorts of endeavors.


It can be seen as an appeal to fairness and it can be seen as a distinct set of KPI that can measure the value of your efforts. You picked the latter one.


Merit != Meritocracy


Let me remind everyone to never let the "going dark" rhetoric go unchallenged. People are under vastly more surveillance (with data flowing one way, towards governments and corporations, not reciprocal like neighbors) than ever in history. But somehow the tiny scrap of privacy that encryption allows us to keep is framed as "going dark".


The ability to privately communicate with other citizens of your country is fundamental to a functioning representative democracy.

It should be as clear as day that an attack on encryption is an attack on the values of America.

This is the tact that should be taken in the conversation - is the attorney general so anti-American as to request this?


One good thing from this kerfuffle is the tacit confirmation that end-to-end encryption actually works.


The encryption works but the endpoints are compromised. The Intel management engine and the AMD equivalent are good examples of how modern hardware is complex enough to seed backdoor hardware into a system.


I actually doubt this to be a current and feasible attack vector for mass surveillance.

You could still route around it with software if these components are indeed compromised. Random number generation has always been a hot topic and a problem for deterministic machines, but I doubt there are usable hardware exploits to crack modern encryption.

It could be viable for industrial espionage where systems are even more uniform and it is imperative to keep an eye on that topic and hold hardware developers accountable.


That's assuming that this isn't just security theater.


Theoretically it works. If Facebook's implementation is actually sound and trustworthy is another problem...


Or they just want you to think it does


Then why the fuss? If it was a theater, why would the governments act hostile in public?


Mathematically we know it works.


Mathematically we can be reasonably certain it works, but afaik it’s not formally proven that, say, there isn’t an efficient algorithm for prime factorization. It just seems unlikely that the U.S. government would know of one that nobody else has managed to figure out.

Plus, flawed implementations can open up side channels; this seems like an endorsement of Facebook’s implementation in that sense.


> afaik it’s not formally proven that, say, there isn’t an efficient algorithm for prime factorization

Correct. AES or something is also not proven secure, we just don't know of an efficient attack on it. Since loads of people tried with significant resources, since there is often parallel discovery (so if the NSA discovers a flaw, it's likely that someone else figures it out as well), and since an algorithm is usually weakened before a complete break is found, the security community is quite sure it's secure. But it's not proven or certain.


Also the security of the theoretic primitives behind symmetric encryption rely on the existence of pseudorandom generators / pseudorandom functions ect. which is not proven either. On top of this, AES for example is "only" an apporoximation of what a pseudorandom function really is. In the end these ciphers are secure as long as nobody finds a flaw in them. However, flawed implementations are the main risk.


A one-time pad has been proven to be unbreakable. https://en.wikipedia.org/wiki/One-time_pad

Quote "Claude Shannon proved, using information theory considerations, that the one-time pad has a property he termed perfect secrecy"


One time pads just push the problem to the random number generator (which has to be 100% perfect, free from correlations and bias). How exactly does one prove that their hardware RNG is uncorreleated? e.g. what you thought was RF noise could actually contain the theme tune to Barney the dinosaur. The most provable way we have to generate random numbers of the quality necessary is to generate them using... cryptographic ciphers.


Hardware random number generators poof of correctness comes from... physics.

Unless there is some fundamental hole in our understanding of physics, including thermodynamics and quantum mechanics, HRNG are the best source.

Using cryptographic ciphers for pseudorandom functions can be catastrophic, as seeding them correctly is a problem. (You still need some entropy from outside for seeding)

Of course, using one time pads is not really practical either.


What about collecting cosmic background radiation and converting it to one-time pad bits?


Why not roll physical dice?


How many dice would you have to roll for sending this message? How long would that take?


You know, for many years I have been writing and speaking about the dangers of centralizing power in the hands of a few social networks. That’s what all this comes from. (Remember this? https://www.eff.org/deeplinks/2018/12/congress-censors-inter...). We have no good software alternatives to Facebook and Google — for now. So we accept FEUDALISM on the Web! Look at the latest post here for example:

https://qbix.com/blog

On HN and at EFF we all diagnose the problem correctly, but the solution requires a platform to coordinate everyone. This platform currently does not exist. And it must be open source, permissionless and work across domains. If you want, come join me in making it. (Yes, scuttlebutt, matrix, mastodon etc. exist but they are not mainstream. SAFE network is probably the best design around, but they never even release it.)

I already went ahead and put about half a million $ of our company’s revenues into building this platform. We have to go the other way — get people to use it first, like they do Wordpress! 34% of all websites now. And then attract developers.

We designed a crypto ecosystem for it to incentivize people to participate: https://qbix.com/token

This is not encouraging anyone to buy anything. Just information about what we are working on. I feel like very few people will get what we are doing until it’s ready: liberating people from giant centralized corporations and giving them control and choice. Like Linux and Wordpress and the Web did.

Contact me if you’re interested to contribute to this platform or use it for your own web projects like you use Wordpress/Drupal (greg at-symbol and then qbix.com)


Writing “open letters” always feels incredibly passive aggressive. It’s shameful to see it used as a tool of government policy.

If democratic governments want to force Facebook to keep files on their citizens for law and order purposes, pass a law that says that explicitly.

This whole “nice social media business you have there, would be a shame if something were to happen to it...” is extra-democratic bullying.


An all out attack on encryption is an all out attack on free speech. It is no different than using shorthand, or symbols, or a made up language to communicate.


Free speech doesn't come into it at all.

If a government wants to limit your free speech it will do that, no matter the technology. In western society, the defense of free speech has to be done in the open, and through the democratic process.

Lack of end-to-end encryption in Facebook does not affect anybody's free speech rights. Not even in authoritarian countries, because those will just block facebook if they can't crack it or haven't already.


The government not allowing FB (a legal citizen of the united states) to use encryption is a violation of FBs right to free speech, exactly as if they did it to your grandma's home server.


Nobody is talking about not allowing Facebook to use encryption. In fact, they are explicitly allowed to use it but encouraged not to make it the default setting. Also, privacy must not be confused with free speech. Free speech rights center on public speech, because "private speech" is not amenable to censure. Surveillance and prosecution of of private communication is neither a violation of privacy nor free speech, but rather an issue of authoritarian legislation.

Encryption has absolutely nothing to do with free speech as long as you are in a jurisdiction with an actual right to free speech. If you aren't, well, good luck convincing those authorities.

Also, a right to free speech does not entail a protection from all consequences of such speech, only from those consequences a government can dish out.


You make me wonder if perhaps new languages evolved for exactly this purpose. To conceal ideas and thoughts from the enemy.


There are elements of this. Two examples:

1. Younger generations develop colloquial terms that the older generations don't understand. This allows the younger generation to communicate more freely.

2. Highly specialised positions develop "jargon" which, although arguably allows more accurate and concise communication, also allows elements of protectionism and in-group gatekeeping.

Both of these examples are more complex than just "To conceal ideas and thoughts from the enemy", but it's definitely a motivating factor in language evolution.


Do you have any citations for [1]? My intuition is that it's no different than the jargon mentioned in [2], more of just a made up term to more accurately/efficiently communicate.


No citations, just personal experience :-) Many nicknames for drugs, code words for parties, colloquial terms for sex have survived the 20+ years since I last had to use them.

EDIT: An interesting article that may aid in further research: https://www.theguardian.com/media/mind-your-language/2016/ap...


It certainly has happened, but there are many other reasons. An almost modern example https://en.wikipedia.org/wiki/Polari


In addition to the defense of the need for real encryption I’d like to see EFF and others go on a more proactive offense as well proposing solutions for the bogeymen that governments keep raising — especially around child exploitation.


Why should the burden of solving that be placed on the defenders of privacy? The people calling for the power to spy on everyone have not offered any explanation of how backdooring everyone's communication reduces sexual abuse of children.

Of course, they don't really care about child exploitation. They are cynically using the issue as a pretext to preserve and normalize a massive expansion of their power.

The DOD budget is $617B[1]. The entire DOJ budget is $6B, with about half of that allocated to law enforcement[2]. I'm not sure precisely how much of that is spent investigating child exploitation, but the DOJ doesn't view it as a high enough high priority to even mention it in the budget. A couple of highlights:

- $295 to fight the opioid crisis. How successful was the drug war with the ability to tap phones again?

- $486M for violence against women programs and $45M for victims of human trafficking. Maybe next they will tell us that reading our messages and snooping our video calls will make women safer.

[Edit: Also interesting, the FBI's nearly $10B budget request[3]. The budget request doesn't break down the spending, but it does include a section on crimes against children almost at the very end. They highlight their recent investigations have led to about 1000 arrests. The FBI's stated top priorities[4] do not include crimes against children.]

[1] https://en.wikipedia.org/wiki/Military_budget_of_the_United_...

[2] https://www.justice.gov/jmd/page/file/1033086/download

[3] https://www.fbi.gov/news/testimony/fbi-budget-request-for-fi...

[4] https://en.wikipedia.org/wiki/Federal_Bureau_of_Investigatio...


Looking at priorities is not a good metric. Federal law enforcement priorities will be different than a state’s law enforcement priorities. It may be the law enforcement of the states who see it as priority and pushing it up to the federal government to do something to make their job easier.


According to this NYT article law enforcement at all levels have done very little even in the years before encryption was widespread. Apparently the vast majority of intel on this stuff comes from Facebook auto generating reports.

https://www.nytimes.com/interactive/2019/09/28/us/child-sex-...


Please explain to me how giving producers, traffickers and consumers of child pornography would not benefit from easy and hurdle-less end-to-end encryption.

I'm not saying that this is a good reason to stop Facebook from implementing this. But there is no question that it is going to make the lifes of a lot of criminals a whole lot easier.

We may imagine criminals, especially the semi-organized ones, to be experts in cryptography or at the very least covert communications. They really aren't. If they can just use their usual facebook accounts, they'd really appreciate that.


Yes, apparently something like 8000 incidents of attempted solicitation of children on Facebook last year.

I'm not saying E2E and encryption of data at rest doesn't benefit these scumbags. It does, no doubt, and that's exactly why the tech savvy ones use them. I'm saying that inexpensive computers, digital cameras, and broadband internet also benefit them, but these things are also an enormous benefit to us all.

I'm not willing to give these things up because some bad guys use them. It's fair to ask if the trade off is reasonable. Assume those 8000 incidents are all different children and different predators and none of them are iffy/false positives. (not likely) Assume 1 billion people used FB to send a message during that time. (a low estimate) Is it weakening the security of 125,000 people for each one of these bad guys? Why should 999,992,000 people have to go without for the sake of 8000?

To those who think that the many should have to suffer for the few, I ask: Where does it stop? For example, Should all digital cameras be required to upload photos to the police before allowing the user to see them? That would certainly help the police, wouldn't it?


The problem is that your "1 Billion" have virtually no reduction in their security, because the government doesn't have a warrant for their data, whereas the 8000 incidents may each have severe consequences. And "attempted solicitation" is by far not the only crime that is routinely prosecuted with evidence from Facebook or other types of surveillance.

The slippery slope arguments are as stupid here as they are in gun debates. Not making encryption the default for text messaging, thereby leaving a chance of court-ordered disclosure, is not remotely comparable to total surveillance.

But I guess that's not the kind of distinctions the audience here is going to appreciate, is it?


> The problem is that your "1 Billion" have virtually no reduction in their security

Yes they do. Ambitions tend to grow with opportunities. That is especially true for government, you just have to look at China and other regimes.

Your personal conquest against crime doesn't justify compromising security.


The point is that technology is not the point to argue and fight over when it comes to government overreach.

A government needs both the technology and the will to overreach. And you are talking like western democracies, are, well, not democratic. That would be the only reason to fight over the technology, and not try to fight over the will (i.e. legislation) to do harm. And it wouldn't work, in that case, either, because "the government" is always the one with the power. If someone else is more powerful, then that's the government.


> The problem is that your "1 Billion" have virtually no reduction in their security, because the government doesn't have a warrant for their data

You are ignoring the inevitable "mission creep" once a backdoor is allowed. Reasons for granting a warrant will become more numerous and more trivial.

You are also ignoring the fact that backdoors will eventually be used by criminals. All it takes is one corrupt, blackmailed or incompetent employee to grant access to someone who shouldn't have it and the security of everyone's data is gone.


It's perfectly reasonable to assign weight to the numbers. We should think about their meaning. If I had to choose I'd definitely take having my message history dumped over being raped. That said, having my private messages made public is bad. I would be emotionally distressed. I wouldn't be getting over it in a couple days either. I should also point out that we are more geographically dispersed from our close friends and family these days. For many of us electronic communication is all we have to talk with those we love and those we depend on for our financial well being.

The going dark alarmists claim (excuse me for being a bit off, I'm on mobile and don't want to double check) something like 12 million incident reports from Facebook pertaining to some 40 million images. Sounds big. But then again I could counter with a reasonable guess of 10 messages per user on average for a staggering 10 billion private messages at risk.

What the FBI doesn't like to admit is that our security track record isn't great. We've had a lot of huge breaches and they aren't going to stop any time soon. We do not have and are not going to have 100 million creeps trading kiddie porn, but we have certainly had data breaches of that scale already. We don't have any great techniques to secure databases like Equifax or OPM, but we can effectively mitigate the threat of mass breach of our private communication. The FBI says it has technical experts who assure us backdoors won't put us at risk. Well just last week we see yet another vulnerability in Signal that allowed an attacker to turn this tool for privacy, designed and built by world class experts, reviewed by world class experts, into a remote listening device.

Is having 10 years of private messages made public 1/100th as bad as being raped? 1/1000th? 1/10000th? Multiply by a by 100 million or a billion and we're talking about a lot of hurt. It's uncomfortable to have to compare such things, but we really have to think about these trade offs.

I wasn't trying to make the slippery slope argument, though I see how it could be read that way. I'm raising a question of ethics: Is it justified to require all of us to record all of our in person conversations? If not, then how is it ethical to demand we do the same with the modern electronic equivalent? This isn't theoretical. We're already pretty far down the road of replacing our in person contact with the kind mediated by other people's computers.

Finally, and this is a bit of a tangent, I also point out that even if our communication was perfectly secured end to end, the minute details of our lives are more recorded and accessible to law enforcement than ever before. We carry cell phones that record our locations, pay with credit cards that record what we buy and where, read "newspapers" that keep lists of what we read, and so on. In that respect authorities have vastly more investigative power than ever before. Law enforcement likes to talk about balance, but it sure doesn't like to talk about that and goes the extra mile to keep it quiet with parallel construction.


> Please explain to me how giving producers, traffickers and consumers of child pornography would not benefit from easy and hurdle-less end-to-end encryption.

It already exists. WhatsApp, Signal, OTR, etc. provide robust E2E encryption with a few clicks. Much of it is open source. Making it illegal only prevents law abiding citizens from using it, not criminals.


The current controversy with facebook does not envision making end-to-end encryption illegal, just less convenient.

And you'd be surprised how many criminals don't know the first thing about encrypted messaging...


Please tell me how giving criminals the right against self incrimination or the right to an attorney makes us safer? If we really cared about the children we should just lock them up without a trial, right?


Actually, the right to not incriminate yourself does make us safer, in the long run, because it is part of due process.

Other than that, you are making a classic straw man. I never argued against due process, nor do I think getting rid of due process would make children any safer.


>Please explain to me how giving producers, traffickers and consumers of child pornography would not benefit from easy and hurdle-less end-to-end encryption.

Oh yeah. Forbid encryption, good idea.

I have another good idea to you: forbid bombs. If you forbid bombs, terrorists would not be able to use them.


I never said that encryption should be prohibited. I am arguing that there are no easy answers as to what should be the default. But it's easy to make these kind of simplistic conclusions, isn't it?

And yes, prohibition and regulation of explosives does make it a lot harder for terrorists and the like to use it. In fact, many are caught in the act of procuring those. That would actually be an argument in favor of outlawing encryption, because then you could equally detect criminal activity by looking for people encrypting their messages.

Which I don't propose, because encryption is more broadly and genuinely useful than explosives or guns are.


They also benefit from food. It may be a more abstract need to have privacy, but that isn't optional for free societies.


The children argument is an emotional argument, not a technology one. For thousands of years people watched over their children, now they want to outsource this to the govt because they are too busy. The EFF could only respond with an emotional counterargument, about how self-censorship stunts children's mental development or sth.


That argument seems to stem from a profound lack of understanding about how child abuse, trafficking and pornography works.

These children don't have relatives who can or want to protect them, and that's the whole deal. Either the government enforces their rights, or they don't have any.

This is really not a hill limited-government activists should try to defend....


Sure, we aren't reverting to small scale communities. The police can go after predators in many ways, and asking to technically remove privacy from society should not be one of them. It's the lazy way and the police is addicted to it. We need the police to do better, and we also need absolute, unbreakable privacy, just like we can have in the physical world.


From what I understand a large segment of child exploitation happens in the living room, and involves family. It's horrible but I don't think the solution is to put a government backdoor into a mandatory listening device in every household.


That is a strawman argument and nobody actually proposed that.

Human trafficking and the distribution of child pornography is a valid concern and distinct from familiar abuse. Just that you can only fight one of these issues through technological means does not mean you shouldn't.


It really annoys me that people think child abuse is a consequence of the internet.

It's existed at a huge scale for hundreds of years, child porn production soesn't noticeably bump the needle.


You don't need child exploitation as bogeyman. There is also plenty of organized and disorganized crime and terrorism that is routinely disrupted by surveillance.


Is this disruption verifiable?


Are you saying you never heard of criminal organizations being unraveled by court ordered surveillance?


> As well as child abuse imagery, these referrals include more than 8,000 reports related to attempts by offenders to meet children online and groom or entice them into sharing indecent imagery or meeting in real life.

It would be nice if people could commit to seperating out the requests by shoolmates for naked pics of 17 year olds and requests by older men for naked pics of 10 year olds when presenting these stats. :/

As it is, information like this (and indeed most stats you see in public discourse) is useless for determining the scale of a problem and sensible public policy approaches.



I'm baffled to see how governments are able to synchronize, send a crystal clear message and take action when it serves their interests.


It's always about control under the pretense of security. Rights to privacy can be violated and dismissed, but good encryption itself cannot. Encryption is the last frontier of privacy, and we must defend it vigorously.

Encryption, like any tool, can be used to do good things and bad things, stop blaming the tool for the user's behavior. Law enforcement agencies will need to adapt to that reality instead of using a blanket ban or backdoors into everyone's lives under the pretense that there are bad people out there and to think of the children™ excuse that has been used and abused over and over again.


Bruce Shneier always had a good response to these governments:

Which other governments would you like to have a backdoor?


Five to Fourteen-eyes[0] wouldn't mind.

[0]: https://en.wikipedia.org/wiki/Five_Eyes


You can always switch to VK.


I find it funny, that in effort to "catch criminals", government tries to pass laws to make things those criminals do, illegal. If you make encryption illegal, its not going to stop the human trafficker from using it. They are already breaking the law... what's another smaller law to help protect them? So they go to jail for encryption rather than human trafficking. The laws are now helping them, while hurting all the good citizens that just want privacy.


Your governments have been reading your facebook messages, sms, logging telephone calls forever. This attack on encryption is attempt by the governments to suggest that somehow facebook is actually your friend and has some weight in protecting you. Facebook is losing dominance on the access of your communications, and your government wants you back on facebook where its contractors monetise it most with the least amount of effort. The security contracts need to maintain high ROI, otherwise they will lobby for more of your tax money in the name of security.


But they aren't demanding this of Apple, for instance?


I don't think this open letter is for Facebook. It is for the general public.


It's for Zuck


They were at one point in time [0]. Formally they asked for unlocking the iPhone, which ultimately isn't too hard given we are talking about a 3 letter agency. It was more about a general rule for backdoors.

[0]: https://en.wikipedia.org/wiki/FBI%E2%80%93Apple_encryption_d...


Apple makes a big deal about on-device security but they heavily promote backing up data to iCloud. They hold the keys to iCloud encrypted backups, and your backed up messages are happily handed over to LE when asked. That's why "going dark" isn't a problem on iMessage.


What is the (business) rationale for Facebook to refuse?

I mean, beyond the personal political opinion of Mark and shareholders, why would this company defy those governments?

(asking naively because I feel blinded by my opinion, I can't make a good strategic case for it, only a moral one)


> What is the (business) rationale for Facebook to refuse?

Advertising, market segment/product substitution.

There's a pervasive idea that Facebook must be gobbling up your communication data and it's starting to weird the general public out. It's very common to see people discussing how their phones must be recording for Facebook because they said something near their phone and then they saw a Facebook ad for it. Making a big publish show of fighting the government over whether messages can be intercepted at all provides the kind of advertising that money can't buy.

Also, there will likely always be some subset of people who are more technically savvy and care more about their privacy. These people tend to also set technical trends for the rest of the population. People may leave your platform for being too insecure, but nobody is going to leave your platform for being too secure, so build a secure product and target both market segments. This will give you a larger market, and will also deny your competitors the opportunity to grow by luring away a subset of your users by offering what is to those users a superior product.


They need to fix their reputation of awful privacy violations. While the reputation is more out of fear and speculation than it is of actual understanding, they still need to fix it.

So when companies like Apple are offering great security, people are scared Facebook is reading their conversations, continuously tracking their location, and listening to their microphones.


Less time and money spent in legal battles (that can get especially tricky in international cases) over individual surveillance requests if Facebook can just throw their hands up saying "It is not within our ability to comply".

It would also let them avoid inevitable articles such as "Facebook helps Beijing/Erdogan/Putin spy on protesters". I'm sure an executive could argue those drive away some users.


Don't you think a significant number of users would leave the platform if they knew the service was backdoored by the government? There are plenty of competitors, many of which offer end-to-end encryption.


opening up for one could subject them to opening up for everybody would be an easy one


I find it rather ominous that they are coordinated in this too.

Not big on shadow world gov conspiracy theories but that seems rather...strange


Users will eventually switch to services that offer end-to-end encryption, and Facebook won't have a choice.

Some governments will eventually try to shut down such services.


Is there some way Facebook can implement it quietly?


It's actually available today in messenger, but you have to start a "Secret conversation" first. FB's plan is to make it default


Perhaps if we only broke encryption only for messages to/from all children, that would satisfy their requirements?


That's not such a bad idea actually, because text messaging is a primary part of predatory "grooming" activity.

I'm sure those predators would appreciate "secret" Facebook messaging. They'll probably tell their victims that nobody can ever see the pictures they send "secretly".


How are you going to check the age of somebody? Requiring them to sign up with an ID? From my experience PayPal for example doesn't actually verify your age, although you have to provide an ID.


EFF is special in that is completely disregards legitimate use cases to access information.

I thought civil liberties was about fine tuning the scope of the government's power from sweeping in innocent citizens. EFF doesn't attempt to suggest a statute to do a better job in these areas. It lumps together a complicated subject.

They appear to believe any reason the government has to want to access E2E communication is illegitimate.

> Facebook and others would face immense pressure to also provide them to authoritarian regimes, who might seek to spy on dissidents in the name of combatting terrorism or civil unrest, for example.

It's blocked in China. Russians use VK.

> Many people—including journalists, human rights activists, and those at risk of abuse by intimate partners—use encryption to stay safe in the physical world as well as the online one.

If someone's safety was at risk, why would they be on Facebook at all though.

They sell their data in bulk. Maybe what you really want is a GDPR-like assurance as a consumer.

> “enable law enforcement to obtain lawful access to content in a readable and usable format.”

It's public information this is already done by large companies.

Why not make this into a conversation about who can access the data, for what reasons, and what threshhold of proof is needed to minimize the sweep?

> law enforcement and national security agencies in these three countries are asking for nothing less than access to every conversation that crosses every digital device.

Law enforcement and national security are not the same thing.

They're exacerbated by places like EFF that blur them together to get donations and keep laypeople running in circles.

EFF is supposed to be staffed with lawyers. The least it could do is help the public understand the intricacies.


The problem is that there's no way to make a backdoor only for legitimate uses. There is an illusion that it could be done, but practice shows that it gets exploited by bad actors, too.

Another problem is that correct strong encryption would work equally for nicest law-abiding citizens and for vilest criminals. But there are other numerous efficient means to fight against criminals, even if the encryption is available to them. For the law-abiding citizens, there is no reasonable way to stay safe in many areas, such online financial transactions, if the strong encryption is not available.


Interestingly, this article [0], indicates that in theory at least, it may be possible to develop a privacy-respecting secure network that is capable of optionally (per node operator) rejecting some traffic. However, assuming such a thing is possible, it would still not satisfy the TLA’s (assuming what they’re really after is the ubiquitous transparency).

[0] https://news.ycombinator.com/item?id=21169768


I happen to agree with EFF on this, but even when I don’t agree with EFF, I appreciate that they are consistent on their pro-privacy stance. We need more organizations like EFF that are a consistent voice for one cause and aren’t swayed by unrelated political matters.


What do you think about parallels between the EFF and NRA? They're both principled and wouldn't budge one inch on their respective issues.

Full disclosure: I donate yearly to the EFF, this is just food for thought for those who support the EFF and not the NRA like I do.


I strongly disagree with you.

But I just want to say it's disappointing that you're being downvoted by people because they disagree with you, rather than because you're not contributing to the conversation.


Paul Graham:

I think it's ok to use the up and down arrows to express agreement. Obviously the uparrows aren't only for applauding politeness, so it seems reasonable that the downarrows aren't only for booing rudeness.

It only becomes abuse when people resort to karma bombing: downvoting a lot of comments by one user without reading them in order to subtract maximum karma. Fortunately we now have several levels of software to protect against that.

https://news.ycombinator.com/item?id=117171


That’s good to know. I hadn’t read that before.


I feel the same. Upvoted not because I agree, but because I disagree and want to hear arguments that oppose mine. That's how it's done, son.


Same, but I think saying these arguments "oppose yours" is a bit too flattering to the arguments. They aren't really legitimate enough to rise to the level of opposing a reasoned view. But I understand what you mean.

Let's just recognize that they are ill-founded arguments coming from someone who has not grasped the basic points of the article, or the basic issues of what is being discussed.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: