This is a good time to remember that police forces work for governments and not the other way around.
Of course it would be easier for the police to catch bad guys if they had full-text search access to all conversations and content, worldwide. That doesn’t mean it is a good idea. They’re asking for something to make their job easier... can’t blame them for trying, and of course who doesn’t want to catch people who harm children?
But it’s not their responsibility to account for negative side effects. That’s our responsibility, as citizens who are in charge of our governments. And we have to remember that governments and police can hurt children too. Look at what the border police in the U.S. are doing right now. And when it comes to fighting that sort of thing, encrypted comms are essential for political organizing.
This is on top of the obvious and many benefits of encryption in protecting us all from crime.
Child protection should be treated much more as a "local" than "global" issue. If it's "scale" they want, to really protect children, then local boots on the ground is still the best defense.
Rather than talking about encryption, Interpol should be espousing the benefits of local investigation and intervention based on mandatory reporting.
Removing child abuse content from the Internet is a digital issue. Protecting children from harm is a meatspace issue, and exponentially more important (but also more difficult and fraught with subjectivity).
Yes, giving access to all communications worldwide to the cops still won't help them catch the abusers that don't record and post their abuse online. Which I assume is the majority of child abuse cases.
The bigger problem the police have is not that they don't have enough cases go after, it is that they already are overwhelmed by the cases they do have and the fact that those departments are typically understaffed and overworked. It takes a special kind of person to be exposed to this crap on a daily basis and still be able to function, employee turnover is - not surprisingly - high and the effectiveness is relatively low because of the overwhelming caseload.
This cannot be emphasized enough. Normal humans can’t imagine the depravity to which child predators descend. I’ve heard stories from the teams who review content uploaded to YouTube to remove this filth and people who were just looking for a paying job end up alcoholic, suicidal and psychologically messed up for life after Only a few weeks of encountering this this stuff as part of the flagged content review process for places like YouTube and Facebook. I can only imagine the counseling required for law enforcement agents working these crimes is intense... as well as the temptation to shoot all suspects they arrest merely out of disgust.
That said: banning encryption is not the answer to this.
Yup, my guess is that child predators, by and large, are basically criminal psychopaths. I wonder how many of them only prey on kids because they're such a convenient, vulnerable target.
From what I remember the research suggests this isn't the case. But that was research for predators in general, not the ones spreading abuse images, and thus the findings in the larger group may not apply to the smaller.
It's interesting to note that this abuser was caught precisely because people looked at the images of the abuse and figured out that they had to be from the Netherlands. I suspect that this describes a non-trivial portion of successful prosecutions - especially of those responsible for a lot of abuse, as with this case.
Yes, typically it is a bunch of coincidences that allows these cases to be solved. It's incredible the scale at which they operated and how long they got away with it.
The problem is that perpetrators are not as stereotypical as people assume-- it's not the registered offender down the street, it's not the creepy guy in aviators living out of the panel van. "To Catch A Predator" really fucked up the public's perception of abuse perpetrators.
It's almost always the victim's parent/caretaker or other close relation-- but they always "seem totally normal" so nobody wants to believe it's happening and will excuse or look past all sorts of shitty behavior that, if it were performed by some random, would elicit disgust and antipathy and cause them to be run out of town.
I'm currently dealing with an abuse case. The family is uncooperative because they don't believe the evidence presented, and the victim has been coached into protecting the perpetrator. So the abuse will continue.
> Child protection should be treated much more as a "local" than "global" issue.
That, unfortunately, is no longer an option. Pedophile rings including the content producers have realized long ago that going international gives them an extra layer of protection.
You can't physically abuse over the internet though, that's my point and that's why I separated the two concepts of "removing content from the Internet" and "Protecting children from harm".
No, but you can order physical abuse over the internet. I really don't want to bother you with how dark some of the darker stuff on the internet is but you're going to have to trust me on this without having to become more explicit or you risk losing your breakfast and then some.
The digital can definitely be a pre-cursor and active element in the physical.
Sure, but then we're not talking about the vast majority of digital transgressions are we? That is, the simple (re)distribution of child pornography — ghastly enough as that is — not the few who actively seek out and order new abusive material from those who actually produce the stuff.
This debate is about proportionality. How many children can live a marginally better live by giving up strong encryption and privacy worldwide? Because with the exception of the few cases in countries with a strong and well-functioning legal system, the abuse doesn't stop when the on-line orders stop coming in. How many activists and oppressed minorities will lose out (livelihoods and/or lives) by doing this?
And even then, you're not addressing the real problem with this anti-encryption stance: how are you going to prevent the bad guys from using encryption? Encryption is here, right now, and it exists as a mathematical fact. Introduce a government (incidentally, which?) backdoor in WhatsApp or whichever major platform, and you catch some low-hanging fruit, until they wise up and use the vetted tools without a backdoor that already exist to hide their activities. This significantly impacts the proportionality balance.
If you want to prevent child abuse, investing in education, welfare, economic equality, respect for basic human rights, and boots-on-the-ground police capacity will net you a vastly better return on investment.
I'm not at all trying to pull this into the 'think of the children' domain, I'm just pointing out that what you think is going on is probably not nearly as bad as what is really going on. It goes a lot further than just child pornography, think snuff movies involving children made to order and other 'creative' idiocy.
I'm all for people having access to encryption, I'm also for stamping out these criminals. The two are not mutually exclusive.
I have no doubts that whatever depravity a child can be submitted to that I can think up has or will have happened, and worse. There is certainly no god that prevents it, there is only us humans, and there are a handful of very sick individuals among the seven billion — that's just a statistical surety.
> The two are not mutually exclusive.
There we agree. But politicians worldwide do keep turning this into a 'think-of-the-children' fight. Only this month the Dutch minister of justice and security came up with exactly that argument for forcing Facebook to include a backdoor in WhatsApp — a plea indubitably neatly prompted by his colleagues in the US (cf. attorney general Barr's position on this topic).
> and there are a handful of very sick individuals among the seven billion
This is where you're wrong. Child porn is a substantial market, estimated to be in the billions of $ per year. It's a disproportionate amount compared to 'regular' porn because of the criminal element and the risks involved, just like illegal drugs are far more expensive than legal ones (in most parts of the world, anyway).
Politicians abusing this to push their own agenda's are effectively also abusing these children... it's a fucked up world, that's for sure.
Billions of dollars per year? On a world basis, that's quite insubstantial.
And child abuse has always been around, unfortunately. Much of it probably goes unrecorded. Indeed, we only became aware of how bad the problem really was in the 1980s, due to the very fact that media of it was now being created and exchanged.
I aspire to one day reach your level of cynicism but for now I will have to disagree with you that that is insubstantial, even on a world basis. Especially so because it is concentrated in only a very few countries where children have a very high chance of being exploited in this way.
With respect, which part of this article do you find interesting? In fact, it totally confirms my expectation going in, that the whole thing is empty PR phrases and bullshit numbers. I mean, take the very first line:
"The Philippines has become a top global source of child pornography with around 80% of Filipino kids at risk of online sexual abuse or bullying, a global Unicef report said Tuesday, December 12."
That's the definition of bullshit. What is the actual claim here? 80% at risk (so maybe nothing happened). Of what? Well, possibly "bullying". How is that related to child pornography?
Ignoring the fact that the so-called "at risk" numbers are a favourite way to inflate the danger, because you have very wide latitude to make that number up, this claim is particularly incoherent.
I can't even, in this article, find a solid claim that child abuse is a particularly wide-spread problem in the Philippines; never mind any evidence for such a claim.
The article quotes a Unicef report that I can't find a good source for, and the Phillipines being problematic in this respect is something that is not exactly a secret, it is where a lot of 'production' happens. I'm sure if you dig around a bit you'll find lots of corroboration for that datum. Anyway, I'm on the clock and only look at HN during breaks right now, if not for that I'd be more than happy to find better references.
> The article quotes a Unicef report that I can't find a good source for,
And what does this Unicef report say?
> and the Phillipines being problematic in this respect is something that is not exactly a secret
Terms like "problematic" are excellent for persuasion, as they exclude any quantitative component as they invoke fear.
> I'm sure if you dig around a bit you'll find lots of corroboration for that datum.
Like the fear mongering article you linked?
Look, I'm not advocating for the abuse of children, but when I'm being encouraged to worry about something, I prefer the warnings to have some basis in fact.
Minimizing the incidence of digitally-enabled child abuse is not a winning strategy for protecting our right to use strong encryption.
For one thing, it puts you in the position of defining what incidence of child abuse is low enough to be somehow acceptable. Is the Internet helping one person to abuse a child? Any normal person would say that even one is unacceptable.
For another thing, it can easily make you look like an unserious fool because the people you're arguing with--law enforcement--are going to know way more than you do about the actual incidence of these particular crimes. They are privy to every ongoing investigation, and are generally not legally permitted to tell you about them.
We don't need to doubt the good faith of law enforcement--at least on this issue of child abuse--to advocate against encryption backdoors.
Encryption backdoors are a bad idea because they can be later abused or hacked, causing untold harm.
And we get to use strong encryption for the same reason we get to deny the government placing cameras in our houses. We get strong encryption for the same reason we get to be considered innocent until proven guilty. Efficacy or efficiency for law enforcement is not enough, and should not be enough, to supersede our rights to privacy, expression, assembly, etc.
> I prefer the warnings to have some basis in fact.
What would you consider a fact? A half dozen links to such content?
Really, I'm not sure what you are getting at here, there is plenty of evidence for this stuff being real and being sourced from a limited number of countries if you want to argue the opposite then I'm perfectly ok with that. But that Unicef report is there for you to read and if that does not convince you likely nothing will.
Just like NL has a - justified - bad reputation for hosting a lot of this content so the Philippines have - unfortunately - a bad reputation for being on the producing end. For a while it was Thailand, then the Thai really cracked down on the sex tourists and the child porn production and so the producers shifted to another location.
> What would you consider a fact? A half dozen links to such content?
Well, one link would be a start. And to consider something a fact, I'd generally want to see some evidence. When I'm told something is a fact but there is no evidence to support the assertion, or if the evidence turns out to be an estimate with questionable methodology methodology (say, 1 In 5 College Women Are Sexually Assaulted), then I tend to lower my opinion on the honesty of the individual or person involved.
> But that Unicef report is there for you to read and if that does not convince you likely nothing will.
It is?
> For a while it was Thailand, then the Thai really cracked down on the sex tourists and the child porn production and so the producers shifted to another location.
I don't follow Thailand terribly closely, but I'd be interested to know details about this, particularly how they know child porn producers were there but left.
> Especially so because it is concentrated in only a very few countries
The meaningful question to ask is what's going on in those countries, that makes abuse so much more likely to occur there? It can't just be weak government, the Philippines aren't generally known for having weak or ineffective government.
I find it strange to see the same comment being replied to by that the amount is insubstantial and that it is ridiculously high. Maybe the two of you can come to some kind of an arrangement?
Anti-encryption stances will also concentrate power, and thereby make for less stable societies. That in turn will harm the rate of economic development, which is what brings children out of poverty where they are most vulnerable to child trafficking rings.
These are not my rules. The parent poster said that the government CANNOT ban encryption. It can. No message can be totally hiden from a motivated enough opponent.
The random noise IS the point. you cannot hide its very existence, and a government agent might not want to believe you if you said that it's just random data.
Great. Might as well just jack up the consequences to the point that perpetrators realize they have everything to lose and guarantee there is no low-hanging fruit, and that whatever you do end up having to infiltrate will have a "like-your-life-depends-on-it" security posture.
This is how cures become worse than the disease. Life isn't black and white, nor do things tend to be doable without gratuitous unintended consequences.
Encryption is not, nor has it ever been the be all end all to child predation. Effective investigation techniques have been the issue, and awareness have been the problem, because of the ephemerality of any distribution system once its existence is outed to hostiles in the non-pedophilia community at large.
If you want to take these people down, you have to map the logistics. If you want to map the logistics, you have to consume content; once you have the content, you need to analyze the crap out of it for every possible clue you can about how and where it was made in order to try to make some reasonable guesses about how the production industry works, then you have to double down and go deep to figure out what these production rings look like, whether they know each other, and how do they work. I'm talking picking apart the audio for environmental noise that might clue you in, or developing profiles of certain quirks of equipment. Analyzing the medium of exchange to see if you can exploit the financial traceability aspect, etc... All of which can also be sanitized once the opponent knows you look for it by the way. Proper OPSEC on their part will leave as few breadcrumbs as possible for you to find, and the closer you get to the heart of the op, the more heinous the infiltration will likely get.
All of that has zilch to do with e2e encryption. That's all meatspace work. Ugly work, but work that'll need to happen nevertheless.
Of course you can hide the existence of the message. The art and science of doing so is called steganography. Some forms of steganography are intended to be completely undetectable, while others merely offer plausible deniability.
> Generally though, there are many techniques known to be able to hide messages in data using steganographic techniques. None are, by definition, obvious when users employ standard applications, but some can be detected by specialist tools. Others, however, are resistant to detection - or rather it is not possible to reliably distinguish data containing a hidden message from data containing just noise -
You cant hide the existence of the data. You can pretend that it's just random bits. But they are still here, and an opponent can see them.
Large enough that it bothers me. The Philippines is particularly problematic, the unofficial figures are that you're looking at roundabout 700K perps world-wide and an (obviously) smaller number of producers, how accurate those are I have no idea. Fortunately my exposure to this stuff has diminished drastically over the last couple of years because I stay a mile away from anything associated with webcams but when ww.com was still up it was a regular occurrence that we had to step in and shut down feeds and alert the authorities. And that was with a published policy of going after the originators and giving full cooperation to LE.
So yes, that is happening at a non-negligible scale. In fact it is happening at a scale that is incredible (to me, at least).
> 700K perps world-wide and an (obviously) smaller number of producers
The figures I'd want are not consumers or producers but numbers of children. A child being abused 1000 times is obviously awful but its not as bad as 1000 being abused once.
> A child being abused 1000 times is obviously awful but its not as bad as 1000 being abused once.
Obvious to you. The problem with this sort of reasoning is that children are not mathematical objects. It is also the sort of reasoning that ultimately leads to the rest of society deciding that us tech people are incapable of setting things up in such a way that abuse potential is minimized. Then you get reactive stuff like this article.
Thanks for your continued replies and balanced counterpoints to various statements (including my own).
Maybe I've gone the wrong direction, but I'm almost convinced now that it may actually be worse to make public statements linking encryption to child abuse because it potentially paints backdoors as a solution in the minds of the non-technical folks, and potentially makes child abuse closer to appearing to be a "solved problem" and distracts further from progress towards a real solution.
I'm aware now (thanks to you and some others who have horrid coalface experience) that the digital realm is indeed more of a problem than I'd considered. I can't bring myself to accept, however, that mandated encryption backdoors are worth the attention they're being given by law enforcement for the purposes they're trying to align it with.
I can't accept the backdoors either. Clipper was a bad idea then and any iterations of it in the present are just as bad. Clearly that is not the most effective way to attack the child porn problem, Microsoft, for all its faults has done more to combat this than lots of other parties combined, including most nation states. Properly funding various services including the LE branches responsible for dealing with these crimes would be the way to go and that does not require any backdoors at all. The mountains of proof that are usually unearthed are strong enough for conviction, the bigger challenge is to roll up the networks but there are ways to combat that that do not require access to the payload.
For starters, we can't globally protect children from poverty. This in turn opens up parents in extreme poverty (such as having to choose which kid gets enough resources to survive) to be willing to make exchanges that we cannot fathom.
We cant globally protect children from shitty parents. Abuse and exploitation happens even in households where the parents are literally given stipends to pay for the child's care and upbringing-- be it in foster care or post-divorce.
So children weren't harmed before 1995? Of course a police state makes it easier for them but who will watch the watchers? I want one of these people to give me 24/7 access to their unlocked phone. I promise to not share the information with anyone.
It seems like we have better tools to fight some of these things. How about huge whistle blower rewards (millions) with lifetime witness relocation packages for people who come forward? There are lots of people who are adjacent to lots of these crimes but to come forward would mean threats, loss of income, loss of housing and more. If we made it easy and safe for them with the promise of a new life in a better situation, I think we'd see lots of these crimes go away.
> But it’s not their responsibility to account for negative side effects. That’s our responsibility, as citizens who are in charge of our governments.
Wait, what? We have a saying in the actions and decisions of our governments (context: EU and US)?
No we don't. We don't live in direct democracies. If Interpol or any police force wants to ban encryption and if that benefits who ever is in government, then that ban will come. Thus: that ban will come. (Western) governments have been eyeing bans and bypasses of encryption for decades. This is nothing new. What we as citizens think of that is completely irrelevant. Unless the majority of the population would really care about encryption and it would influence the 4-yearly vote-thing (elections). Which is not the case.
Every Western country has had headlines in their news papers in the past months about their politicians -all of a sudden and all at the same time- wanting to pass laws to allow them to bypass encryption (pressured by the US?). Just in case it would influence the 4-yearly voting thing. The synchronized timing of the publications to me is shocking but not really surprising anymore. Manufacturing consent.
the online kiddy porn and terrorism is really getting out of hand like right about now. Never been worse. Let's all ban encryption quickly and save the world from all child abuse
Maybe go outside, make some friends, join a community of individuals who are interested in claiming their place in the history of the world. Stop waiting for a champion to come and save you, and just be a champion.
We're trying to form a voting bloc in my community to turn the local government upside down. If similar movements happened in other communities around the U.S. the legislature would be very different.
That's nice and I truly hope you'll succeed. My strategy is slightly different and more selfish: I'm planning to move to the only country in the world that has direct democracy.
At the same time I try to convince people outside of that country of what should be their political number 1 priority (in my humble opinion); political decisions through popular vote.
At least in the U.S., the reason we don't have backdoors in private encryption systems today is because of public outcry during the first "crypto wars" in the late 1990s/early 2000s.
In general, there is plenty of hard proof that public advocacy works in the U.S. See the entire environmental and union movements, for example.
Feigning helplessness in the face of corruption is not as insightful or clever as you think, and contrary to what you might think, works to suppress citizen engagement rather than spur it. "You have no power" is what your opponents want you to think. What are you helping them convince people it's true?
The reality is that citizens absolutely have the ability to affect their governments, and should make it clear that mandating encryption backdoors is not acceptable policy.
>the reason we don't have backdoors in private encryption systems today is because of public outcry
I always thought the NSA gave up on its Clipper Chip initiative not because people complained, but rather because of a handful of people with the right skills or the right kind of influence engaged in civil disobedience.
Specifically, Phil Zimmermann wrote PGP and published its source code (under no-commercial-use terms, which at that time were not frowned upon as strongly as they are these days) and enough people demonstrated a resolve to keep the source code on the internet -- by continuing to host it even after being threatened by the US government -- to convince the NSA that it would never persuade enough manufacturers to adopt the Clipper Chip.
Netscape's decision to design and implement SSL and include it in the most popular browser of the day probably had a lot to do with it, too.
> This is nothing new. What we as citizens think of that is completely irrelevant. Unless the majority of the population would really care about encryption and it would influence the 4-yearly vote-thing (elections).
You are contradicting yourself. Effectively you're saying unless a majority of people agree with you then it is non-democratic. As parent poster said we have the responsibility: it is to communicate this argument to people and also to be part of our own government.
> Effectively you're saying unless a majority of people agree with you then it is non-democratic.
No, I'm not. My point is that we (citizens) are not in charge of government. It's misleading to claim that we are.
It doesn't matter whether "the people" are for or against encryption. It's irrelevant for political decision making (unless popular opinion on encryption threatens to influence elections, which right now it doesn't and probably won't ever).
> it is to communicate this argument to people and also to be part of our own government.
"We" (as in the majority of citizens) can't be part of our government. "We" can't even significantly influence government at all other than through elections. Popular political influence through elections only works for very limited very broad subjects that happen to be in fashion by the time an election takes place. Subjects unlike relatively specific things such as encryption.
> we have the responsibility
With the above in mind I don't agree. At all. You could try to explain the point of the parent poster to 1000's of people and convince them to agree. This would be a tremendous task and would politically change: nothing. At all.
You could also try to convince them of the opposite. And this would also have 0 political effect.
Even if everybody on HN did it. Even if everyone on here had the exact same opinion, arguments and same amazing sales skills.
So you don't reckon representative democracy works at all. In which case what is there to talk about here? You should be out attending to the business of revolution, not yakking on forums about incremental change right?
Personally at present I think representative democracy is working, but that people are very dishonest about what they really want.
> So you don't reckon representative democracy works at all.
This seems to me like an uncharitable interpretation of what he said. If one part of it "works", then saying it doesn't work at all is a false statement. The correct question is, to what degree does democracy "work", in 2019 - I believe the year is an important component of the question, because most people's conception of democracy is abstract theory, and disregards the increasing complexity of the world.
> So you don't reckon representative democracy works at all.
What do you mean by "works"? A violent dictatorship with a genocide here and there works perfectly fine, depending on your definition of "works".
> In which case what is there to talk about here?
Priorities. Should the priority be to discuss the importance of encryption. Or should the priority be to discuss the importance of means to influence decisions about encryption?
> You should be out attending to the business of revolution, not yakking on forums about incremental change right?
You mean literally losing a hand or an eye as a yellow vest? Or something like that? Nah. Meh, thanks. Not the best option I would say.
> Personally at present I think representative democracy is working,
Yeah. Again. I agree that it's "working". But without a definition of "working" or a benchmark that's an information-less statement.
> but that people are very dishonest about what they really want.
And you have hope that this will change?
People can't know what they want, if they aren't honestly informed about what's going on around them.
No need to go all the way to Hong Kong for examples. There's been plenty of violence by security forces with 100's of heavily wounded and a few deaths in the yellow vest protests in France recently. Here's a partial list up until January this year: https://www.liberation.fr/apps/2019/01/la-carte-des-gilets-j...
We're talking people losing their hand(s), eye(s) or dying here.
Same for the Barcelona protests (non yellow vests).
You'll have to search quite a bit to find articles on those if you live in "the West", but yeah they do happen.
On topic: if only Macron and Winnie the Pooh could somehow circumvent the encryption of those pesky protesters...
Well I admit working is a poor term. Perhaps framing it as "working for me" or "least scary for me" is more honest.
I'm more afraid of direct democracy than anything. I basically think I'll be dead within a few months of that emerging. Authoritarianism is my next greatest fear.
> Of course it would be easier for the police to catch bad guys if they had full-text search access to all conversations and content, worldwide.
That’s what the govs always try to imply. The reality is, the minimally sophisticated “bad guys” will still use encrypted means and now we can imagine who’s really affected by this condemnation.
Right or wrong is relative. Sure for you encryption by itself is not wrong, but not for Interpol. The same argument is used by Interpol, encryption cause harm for society, at least from their perspective.
Banning direct wrongs are done because the thing being banned is wrong. The effectiveness of the ban doesn't matter (unless maybe one can show that banning the wrong actually increases the rate at it happens, but that is different from failing to significantly enough decrease the rate).
Indirect wrongs are things that aren't wrong but which we ban in order to stop something that is wrong. If there is no effect banning it, then it isn't justified to have a ban. If I want to ban cheese to reduce murder, is it justified? No, because banning cheese will no effect on the murder rate.
I also this is a good time to remember that not every citizen has to have the same values on this. Some people might think the tradeoff in terms of freedoms vs security is worth it.
It seems everyone is so eager to paint the other side as objectively wrong / motivated by bad intentions, when in reality I don't believe this is an objectively right answer. As a society we have to decide how much freedom and security we want at this moment in time.
A nice example of the complexity in this space: the Ben Franklin quote "those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety" means something rather different when taken in context (1).
Not really. While that specific quote wasn't about surveillance, Franklin was decidedly pro-encryption, as were most of the Founding Fathers. They all "encrypted" their letters regularly with elaborate codes and ciphers to thwart surveillance by colonial authorities. The Revolution probably would have been impossible without it.
Also I think "Security" was the wrong term to use - maybe "Societal Order" is better?
What I mean is if companies are required to build in law enforcement backdoors, we could see X benefit (ie some % reduction in certain types of crime) and Y damage (some reduction in technical security, some reduction in govt accountability, etc).
Personally, I place a lot of value on the Y damage, so I don't think the tradeoff is worth it. But those are just my values, and I think it's possible / reasonable to have different values that change the balance.
The problem isn't that it's algebraic though. There are no back doors, once governments have it then all your freedom to communicate against them is broken. I don't know why anyone would look at the likes of world leaders such as Xi, Putin, KJI and Trump and think this is a good idea in any way.
But those citizens need to restrict the freedom and security of others.
In Europe we have many examples of human trafficking where officials had problems to investigate because of political reasons and other problems, mainly understaffed law enforcement.
Every police force asks for more powers, every interior ministry wants more surveillance.
Even with decryption tools, I don't see how traffickers would suddenly not be able to obfuscate their communications.
What becomes very easy is to crack down on dissent though. And being able to communicate with others without any listeners is a security requirement. So freedom and security aren't orthogonal at all.
Exactly, it's not like they'll be using legal encryption versions lmao. This is just a way for governments to monitor their citizens in a wholesale fashion.
> I also this is a good time to remember that not every citizen has to have the same values on this
It's also important to remember that not every nation will have the same set of values on this and that as the world becomes more international you're relationship with other world governments becomes more M * N.
Imagine a world without encryption where the Saudi government had our access logs and decided to share what porn we were looking up. Or for something closer to the real world, imagine the CCP leveraging their influence to cut off services to anyone sharing Winnie the Pooh pictures.
OTOH, it's the point of having nation states to allow different prioritizations of values and different legal systems to coexist. It's the same reason the US is proud of being a federation of states.
> Some people might think the tradeoff in terms of freedoms vs security is worth it.
That's fine, they can make the trade-off. I mean they can give up their own freedom for whatever security that gets them. What many people want is to make the same trade-off for others.
I said this in an earlier comment: for both encryption and guns, they will always come at a cost to society, but that cost is the price of democracy. They will always cost something, and we will always need them, but we can work to create environments that need less of them and environments that make them less costly.
Encryption also provides immense benefits to society. Modern commerce couldn't work without encryption. Companies wouldn't be able to protect their trade secrets. And so on.
Plenty of non-technical people think that they can have their cake and eat it by giving a backdoor to "the government". Which government though? The one of Burkina Faso? The fact is that backdoored encryption is broken encryption.
That's also depends on the society. Obviously it wouldn't benefit the interpol in this case.
For companies, they would have to change their business model that is not relying on trade secret, I would even argue that not having to spend time, money or effort to protect trade secret is a benefit.
Human rights are man-made and arbitrary. They aren't some kind of holy text that must be protected at all costs. They must be bent and ignored if necessary. You can't just say "this is a human right" to shut down any discussion.
Thats true if we assume that every human want the same thing. But the reason there is bloody fight in the first place is not all human want the same thing. Is good for you if you are in the winning side, you certainly don't want to lose them but you can't say the same for the other side. They too want to be on the winning side.
Obviously since there is no God then yeah they are "made-up", but their value is obvious. Governments have a tendency to want more and more power, and by governments I mean the ones in charge like Xi, KJI, and Hitler. Those sorts do not like human rights and think they know better than everyone what is best, especially if it makes them richer and more powerful. This is why human rights are important and why they shouldn't be compromised for "safety" because you might get a little safety in the short term, but tomorrow brings genocide.
> That’s our responsibility, as citizens who are in charge of our governments.
An important point to make, is that it is not given that citizens are in charge of government.
I might trust my current government to uphold democracy - but that does not mean I trust every future government to do the same and I need laws in place for restricting their rights, not mine.
I'm pretty sure part of the job of a bodyguard is to ensure the well being of their client. If they ask for something that improves safety but makes the client miserable, they are not doing their job.
Regarding the question of who watches the watchers, I do wonder if any country has tried appointing a group of citizens who essentially get to watch everything the police do. It would seem like that primary complaints would be that the officers privacy is violated and secondly that people who are under investigation’s privacy would also be violated. But otherwise what kind of oversight or threat of oversight do these guys have? Maybe another approach is you have a group of pseudo officers that are like internal affairs people who’s job it is to investigate the police and maybe that could extend to “watching the watchers”?
Many years of reading on HN, I used to just accept that encryption is the best thing. And from a point of view of what will happen, that’s what will happen. But should we as a society want this?
I would argue these days that it is far better to be able to reconstruct a conversation and prove someone said something. In case things go wrong, we have to have a way to establish truth, and prove things, so we can have fairness in outcomes.
Now, if we have governments that punish people for being dissidents or engaging in victimless crimes, the answer is to fix the government and the laws, and not to sneak around. That’s like making slavery better for those few people who happened to have nice masters (or encryption).
So, what’s the upshot? We need more immutability and also work hard to make governments not punish people for victimless crimes.
PS: freedom of speech should refer to actual speech of humans, not the unregulated ability of organizations to provide megaphones (whether Twitter or network TV). I think these are harmful for society, and I would be happier if every statement in science, news, politics, history etc. would be peer reviewed and battle it out in some wiki site before the general public sees it. Unless they want to press the Talk page to see the battle going on behind the scenes, regular people should see the article AFTER multiple sides have battled it out. I see the current megaphones controlled by Sinclair or Twitter or Newspapers or Network TV a lot more harmful and dividing our society.
>the answer is to fix the government and the laws, and not to sneak around
It would be nice if someone “fixed” some governments (and some crimes as a side quest), but 1) condemning privacy only makes this harder than de-facto almost impossible. 2) “prove someone said something” is not how our earth-wide culture works. We are basically based on the fact that conversations are private to some extent.
Did you find yourself in a situation when your opponent knows your every step and thought and you don’t? Play any game that way and see where it goes.
>We need more immutability and also work hard to make governments not punish people for victimless crimes.
That’s cool, but something hints me you’re not living in one of these countries where hard work is required. Swap with one of its citizens, make a change, then we talk.
What if we apply the same radical transparency to government as well? No more secret courts or meetings, even black ops must be revealed after each limited operation is complete, everything must be out in the open. But leave democratic elections, for instance.
Would any government agree to unilaterally do this? I think the biggest danger will come not from the other governments but from losing the ability to be bribed and do unaccountable things.
> That’s cool, but something hints me you’re not living in one of these countries where hard work is required. Swap with one of its citizens, make a change, then we talk.
There are some points in the GP though. Ideally we should try to fix the government and the laws for who can't, but even people in countries blessed enough to be able to try don't try enough.
> I would argue these days that it is far better to be able to reconstruct a conversation and prove someone said something. In case things go wrong, we have to have a way to establish truth, and prove things, so we can have fairness in outcomes.
I'd love to have that capability. What matters is who controls it. If everything about me was constantly recorded but I was the person that decides if and when make some of this information available to other people (and initally to whom) then it would be great and I think that's our future that marries our progressing tech with our freedoms.
If I can be coerced to reveal information about myself or it can be revealed at the whim of government, judge or a corporation, then it's a dystopian nightmare which we see some people are trying to create for example by coercing people to reveal their passwords or unlock their devices.
There's of course some grey area like public places where privacy does not apply. Your thoughts there are private but the rest is not yours. We have pretty much worked out what's private and what's public in physical space. As for digital space I think things I do on my local machine or on another machine that I control then it's private. Once I do something on someone elses machine it stops being private.
I don’t think everything about you should be recorded without your consent. Privacy in your OWN person and documents is a major thing.
However, when you engage with another party and make promises, and then break them, the other party should have a way to prove what you said in a dispute. I think the default mode should not be “off the record”. Because most parties aren’t savvy enough to demand that you go “on the record” right before you talk. Instead, you can ask to go “off the record” so that will be the alert that none of your promises will matter during that period.
If being “on the record” is the default for all conversations, that’s what I’m talking about. The concept of “privacy” still applies to non-participants in the interaction.
The main question is, can we extend this expectation to other interactions not just conversations online? What if one of the participants had been carrying tiny body cameras and microphones, which has become more and more feasible to do?
You know how many rape crimes could be solved? Or police altercations? Imagine if everyone KNEW they were being recorded.
What if the cameras were not on the person’s body, but in the room? Surely we wouldn’t know, so the laws have to allow for it. But suppose we COULD legislate what these cameras did. One is to outlaw all cameras. The other is what if the video footage was always encrypted and it would require two keys:
1) M of N of the participants
2) a judge saying this is an active dispute / trial
It is in the interest of both parties to unlock the video once there is a court case, to help resolve what happened. Refusing to do so may be seen as an admission of guilt. The main reason for 1) is to allow people the option to be presumed guilty / held in contempt of court but not reveal the evidence against them. The problem is that they may be protecting some mob boss etc. so we may have to relax the condition 1) to just one of the parties. But recording entrapment still won’t be legal in two-party states.
Sure. I wouldn't mandate it. There would be no incentive to mandate it, when the owner remains in legal, practical control all the time, even in court.
I think most of us would still use it. To record our lives so you can review or share the good parts or prove something you said, heard or seen. It's already happening with phones (they just don't record all the time but that's mostly to technical limitations) and I think people today would love to be able to get easy, legal access to footage containing them from other sources.
> Now, if we have governments that punish people for being dissidents or engaging in victimless crimes, the answer is to fix the government and the laws, and not to sneak around.
You might as well be saying that instead of having democracy and elections, the answer is to fix the government and the laws.
You are putting the cart before the horse here: Sufficiently powerful individuals are the precondition for fixing the government and the laws. And that doesn't change once all the governments and laws are fixed: Criminals will continue to try and corrupt the government and the law. If you have too much power concentrated in one spot, be it a dictator or surveillance agencies, that is the spot that criminals will try to manipulate/use to their advantage, and only sufficient independent real power of individuals (that is: power that can not be made to disappear by a simple decision of someone trying to subvert the system) can possibly keep that in check.
The dream of the benevolent dictator, in some form or an other, seems to be irresistible--but if we want human rights to stay, we have to overcome that urge. Benevolent dictators are not a thing, and every attempt to build one so far has led to disaster.
How does that change anything? If you have a dictator control a thousand computers or a thousand humans, the result is that the dictator has the power.
The post office is obviously not a central component of the government, it simply was operated by the government in the past because it was useful to have as a basic service to serve the economy.
We may have misunderstood each other. I agree we should empower individuals in general, and try to defuse centralization of power. And I thought by powerful individuals you meant people in the government or some rival organizations.
I began talking about recording interactions, though, being potentially a very good thing.
Sigh. What we can basically tell from this is that the Five Eyes crew have joint legislation ready to go on this and are now going to insert an easy-to-digest and appealing narrative into the mainstream ahead of the release of that legislation.
The combination of "But the children! You don't support child predators, do you?!", low general technical understanding and overall apathy to the removal of our rights (in the name of "progress") means that this is basically destined to succeed.
Might be time to really re-evaluate our personal relationship with technology and make the appropriate moves to isolate it in our lives. If/when this goes through, technology will essentially have us under surveillance in every aspect of our daily lives.
Look at the government repression on the Hong Kong protesters, who are fighting for freedom and accountability. That's a good reason to support encryption technology.
It’d probably be some new PKI on top of SSH where your private key would be held in escrow by an identity provider. e.g. Your username is your email address, and your email provider retains your key pair. It’d probably be portrayed as an improved key management solution that allows more frequent key rotations and revocations. Might even start with being required for government projects, resulting in supported implementations by cloud providers that want lucrative government contracts. Then they just wait for a crisis opportunity like a cyberattack to force ISPs to block non-PKI-based SSH traffic in the name of national security.
And the largest and most paranoid companies that host their own mail and authentication services on-perm would probably be allowed to use those. But most everyone else is left doing key escrow with Google and O365 for their work and personal accounts...
But think of the children! Do you want to help the terrorists? What's so bad that you want to hide it?
America is looking more and more like a Soviet style dictatorship every day. The United States' propaganda machine is so well tuned that they don't need to physically oppress us with secret police on every block. We oppress ourselves.
Given the trade wars, would the US be ok if China were to hold onto American company private keys so they can "monitor for lawful activity" of Chinese users?
Let that sink in and show that the government arguments are not workable in the slightest.
> It’d probably be some new PKI on top of SSH where your private key would be held in escrow by an identity provider.
There's only a small problem here: the SSH private key is not used to encrypt the connection. It's used solely to authenticate the connection. The key used to actually encrypt and authenticate the data is an ephemeral key derived through a Diffie-Hellman key exchange during the connection establishment. That is, having the SSH private key does not allow one to decrypt the data after the fact. The only thing having the SSH private key allows is doing a MITM attack, and since SSH does mutual authentication, the attacker would need to have the private key for both ends of the connection.
Any time these topics around weakening privacy or removing encryption comes up, it's nearly always presented with a save the children type of argument. I mean, who doesn't want to protect children from child abuse and predators? The problem however, is that most children that are abused are done so by family members or people already close to them (like maybe their priests), so with that in mind I don't really understand how weakening encryption will help protect children from predators.
It's framed as child protection precisely because it shuts down any debate on the matter. Everyone sees through the terrorists excuse but child exploitation causes such rage in the population they agree to anything the government says will make it stop. Discussion of any news related to this child abuse will pretty much always be full of people advocating for execution, torture and rape for the perpetrators. Encryption is nothing to these folks.
The reality is encryption regulation will be a tool for governors to secure their own power. They will abuse the insecurity to spy on political opposition, whistleblowers, journalists, protesters, even their own significant others. Child molesters are actually a low priority target for them, just a convenient enemy for the public to rally against. However, arguing against laws that are said to protect children is political suicide because they just label the opposition as pedophiles and enablers.
Children are the perfect political weapon. Any law can be justified by saying it's to protect children. They aren't even using terrorists as an excuse anymore.
> Everyone sees through the terrorists excuse but child exploitation causes such rage in the population
I agree, but this is what seems so interesting about the Epstein case. In the age of #MeToo, you would think this story would be getting 24x7 media coverage, especially with Prince Andrew's "interesting" interview the other day - a fairly big deal one would think, but I saw no mention of it on the first 3 pages of /r/all. Yet, there seems to be something about the story that severely psychologically disinterests people, and not just the average person, but relatively smart people as well.
That's because there is a deeper agenda than just "protecting children". If you read the Edward Snowden book (permanent record) then you'll note that he talks about what the NSA/CIA is actually doing with their signals intelligence programs. It isn't about national security, it is about espionage on a global scale. They want information on what foreign governments, journalists, domestic organizations (not just terrorist groups as they claim) and corporations are doing. For domestic citizens, they want to know if you are a threat to the United States or violating laws.
The second strong end-to-end encryption is implemented, the whole system simply fails to operate. Instead of having a massive data collection system, you now have to go back to more traditional methods that require much more effort to implement - like hacking a target's computer directly. If that happens then the USA will lose its edge in terms of obtaining critical information and that will be a treat to their global dominance....hence the reason they mention national security. Of course, you can't just come out and say this is the reason so they mask it in "fighting sexual exploitation" etc.
The truth is end-to-end encryption and fighting sexual exploitation are not mutually exclusive. We can have both.
>hence the reason they mention national security. Of course, you can't just come out and say this is the reason so they mask it in "fighting sexual exploitation"
And then all the intelligence employees come on HNews after 5 PM and bitch and moan about how we don't trust their agency's reports about its own conduct and activities...
> Instead of having a massive data collection system, you now have to go back to more traditional methods that require much more effort to implement - like hacking a target's computer directly.
Which is more amenable to accountability. Usually this requires a warrant or approval of some kind.
> If that happens then the USA will lose its edge in terms of obtaining critical information and that will be a treat to their global dominance
How does the US banning encryption help it on the global stage where other countries continue to encrypt their messages?
This sounds like what CIA should be doing, right? It's like saying that military has an agenda to build more aircraft carriers and control all movements in the open waters.
The only thing I wonder about is whether this encryption crisis is just a lazy attempt to preserve the no longer working espionage methods or it's a smart conspiracy of evil people to break the humanity: convince people that there is a child or whatever problem and convince them to build the 24/7 monitoring system. This way people would build a prison for themselves.
You know what else protects criminals? Walls. Seriously, wouldn't it all be much easier if the police could just look into your home from the outside without those pesky walls around it?
This constant war on encryption is getting so absurd lately. The kind of people who are pushing this should just be fired if not thrown into prison. It's just a blatant attack against human rights and the public should finally start viewing it as such.
Encryption backdoors mean they can look at your data without your knowing. This is not equivalent to warrants.
What they however can do is have a warrant to access your house, where some of your data might live, or potentially decryption keys. And they could potentially motivate you to reveal your keys.
All of this is possible currently without encryption backdoors.
Isn't the most effective way to get around encryption to compromise the endpoint? Obviously not after the fact, but I doubt a highly motivated and well funded police force would find ways to get eg video of a password being entered inside the house of nearly any selected criminal.
Only if they think something is already happening. A world where every room in every house is covered by cameras results in less child abuse than a world where warrants are required to search a house.
Encryption is scary. Of course law enforcement is dismayed by the possibility that certain kinds of crimes could leave behind no trace at all. What these people, who want to regulate encryption, don't seem to understand is that this is the downside of living in a free society. In a free society, people can commit crimes, and sometimes they can get away with them. We've made a deliberate choice to structure our society this way rather than optimizing for preventing crimes or punishing criminals. This is the right choice.
At the same time, you have to understand the temptation of structuring your society in a different way, in order to punish the guilty and protect the innocent. That perspective truly has massive appeal. Comments that fail to acknowledge this and boil down to "you can't regulate math" are not good arguments. They're condescending and far too dismissive of a facet of human psychology that is actually admirable (a strong preference for justice). A better argument acknowledges these things but reiterates the liberal arguments that undergird our societies (which have turned out rather well, if you ask me).
> don't seem to understand is that this is the downside of living in a free society
No, what they don’t understand is that the cryptography that protects your bank account is the exact same cryptography that (supposedly) makes law enforcement difficult. There’s no way to separate the two, any more than you can separate the arithmetic that is responsible for updating your bank account from the arithmetic that is responsible for updating the bank account of a Colombian drug lord.
Of course there's a way to separate them. Let banks do what they like and obstruct everyone else in some way. As another poster phrased the argument: "Corporations should have access to strong encryption, just not little people."
Sure except that's like trying to ban alcohol, and we all know how that worked out. It's far too easy to get your hands on, especially for criminals who are sufficiently motivated.
You don't need that parenthesized qualifier, and putting it there seems unfair. If we are to have a fair, honest discussion focusing on the merits we need to recognize when the opposing side makes a valid point, and it is pretty obvious that secure & encrypted communications does make law enforcement materially more difficult.
Once this point is accepted we can focus the discussion on whether the trade off is worth it.
Exceptional access is an architectural issue, and does not need to depend in any way on weakening of encryption. This presumes a logically implemented plan to offer exceptional access. Earlier this year, one commenter on HN pointed out a few trivial schemes to offer exceptional access in a way that doesn't compromise the encryption.
The concerns about exceptional access are about custody and access controls. If you share a secret with a 3rd person (LEO, IC, tech company), the possibility of that secret being leaked has gone up by some non-zero amount. The design of exceptional access mechanisms is therefore not only technological and procedural, but also political, etc.
For the arguments about "you cannot stop math", the concern is about the deployment of strong encryption, without exceptional access -- at scale. Policy dictates implementation of encryption at scale (by major tech companies), not math. Individuals and businesses will still be free to deploy their own encryption that doesn't offer exceptional access. It's unlikely that encryption itself will ever be attempted to be outlawed. If, for instance, you want to xor every bit of your comms with a OTP that you've shared with your overseas partner, it's unlikely that such a thing will ever be outlawed on Western public networks.
Likely, the concerns for LEO and the Intelligence Community are related to "going dark at scale" - meaning that if the big tech companies were to entirely lock out the possibility of exceptional access, the job of the criminal to hide from LEO would become trivial and accessible to all levels of criminals.
> In a free society, people can commit crimes, and sometimes they can get away with them. We've made a deliberate choice to structure our society this way rather than optimizing for preventing crimes or punishing criminals.
If we're talking about the United States, then we're talking about a society of control. When you go to the store, you may pay with a debit card, thus making you trackable. Alternatively, you will be caught on a camera entering, shopping, checking-out, and then leaving the store. Maybe your smartphone was tracking your location, you had your partner email you a shopping list, or you were in a group chat discussing what to buy for your nephews Christmas present and their aunt suggested a book. Maybe your mother got a little too into genealogy and did 23andme or some other service allowing police to look for criminals. If you walk your dog through your neighborhood, how many doorbell cameras are you caught on? How many times have you seen here on HN where people said they felt compelled to check email after work to put forth the image that they fully committed to their company?
Everyone knows this is happening and everyone marches on because we still feel free despite the decentralized panopticon we've fallen into. All of the previous examples shape behavior, yet allow the facade of freedom. There's no more likely occurrence than for encryption to be subsumed to further exert control, but it will be in a way that doesn't seem to hamper freedom.
> The international police organization Interpol plans to condemn the spread of strong encryption in a statement Monday saying it protects child sex predators, three people briefed on the matter told Reuters.
Let me fix that for you
> it protects nearly every single person on the planet.
This is close to saying child rapists rape children behind closed doors so you shouldn't have locks, ignoring that well locked doors benefit everyone who has a house. It's disingenuous.
While I support the sentiment that privacy is important, comparing encryption to locks in this ghastly context is self-defeating.
Recall that there were more than one instance where critical evidence against a wealthy person, required for the prosecution to make a compelling case in court, was obtained by force with a police raid. At least one such instance happened in the US in 2019 and was well-publicized.
Now imagine a real-life security system that is absolutely, one hundred percent immune to unauthorized entry, even if it is attempted as a part of law enforcement raid.
It is possible to identify with the argument that everyone should have access to such an impenetrable lock. However, it’d be really hard to argue that widespread access to it wouldn’t create a radically new situation.
> It is possible to identify with the argument that everyone should have access to such an impenetrable lock. However, it’d be really hard to argue that widespread access to it wouldn’t create a radically new situation.
With regards to communication, we already have that impenetrable lock built in. I can say something incriminating to someone else in private, and the only way law enforcement will ever know what is if either party involved in the private conversation agrees to divulge it. Traditionally, the means for law enforcement to address this is to be part of the conversation.
In your example, law enforcement can force itself into the conversation in multiple ways (without compromising your counterpart), including listening devices or a break-in.
Most real-life analogies to encryption are not good enough. A smart layperson can easily spot issues with the “if crime happens in private, you shouldn't ban privacy” type of argument.
There is no encryption that is 100% immune. All encryption can have its key guessed, if the key is expressible in bits. This ensures that classical encryption schemes, even post-quantum ones, have a guessability or hardness in terms of the number of bits that must be correctly guessed at once in order to forge credentials.
This reasoning leads to export-grade cryptography, a bane of our praactice that nonetheless was an acceptable compromise for many years. It seems that that era of compromise is coming to an end, though.
"Export-grade encryption" was always a bad idea. You can block the export of stronger encryption schemes but nothing prevents them from being developed outside the country. The result is that all new and innovative crypto work gets done elsewhere, leaving your own country playing catch-up.
If nobody had any freedom at all there would be absolutely no "crime". If everyone was locked in their own individual cells 24/7 there would be no "predators". Fortunately, for now, most people (unlike you) reject the idea of giving up our freedom so that all of our actions can be controlled and monitored by the police state just because an infinitely tiny percentage of the people do bad things.
I wish these people who say privacy is dangerous would commit to having all their communications and movements published for all to see. Or something similar like that. At least then they wouldn't be such hypocrites.
For example, there was an interpol bribery scandal a year ago. Maybe it could have been prevented if that person had to communicate fully in the open.
Encryption is math, and not even hard math at that. You have as much chance of stopping evil people from using encryption as you have of stopping them from doing multiplication.
Make every politician who opposes encryption feel like an idiot for thinking they can stop people from adding and multiplying.
No it isn't. The algorithm is math, but the application is much more than that. It's design, ux, marketing, etc. Governments weren't calling for an end to encryption when PGP was the best most people had. The thing that changed is how easy it is now, and that lower barrier is what governments are fighting in a very ill-thought way.
Sadly, courts will laugh and proceed. The same argument could be done for firearms – it’s just physics, and not even space/quantum physics. Really, a device pushing a small body to some direction via expansion of another body. It’s all bodies, you can’t stop people from surrounding them with these.
If adopted, a law will state “the piece of information for which format and representation cannot be detected in a considerable amount of time” and then a judge to decide. Send some random bytes and you’re in trouble.
Courts are not our worry. Politicians making the laws are the problem. We need to focus on those passing these laws and make them fear any law limiting encryption. Encryption isn't even complicated math, and can be done with a deck of cards.
We need to emphasis there is no safe backdoor, and all politicians are doing is ensuring our money will be stolen and our pictures of our children will end up in the hands of perverts and freaks because of unencrypted data breaches. "Why do you want your constituents ripped off?" "Why do you want little Timmy's picture stolen by perverts?" Turn it around, make them the evil ones. The only real way to protect ourselves is to actually make this a voting issue and make the other side out to be the villain. Its been a while since politics was logical arguments and being a victim of these idiots is getting old.
Luckily speech (math, algorithms, etc) are protected in the US and many other developed countries so even when the PGP code was considered a 'munition', at the end of the day they couldn't/wouldn't bother charging the creator of PGP with exporting munitions[0]. Currently the same shame 'investigation' is occurring with 3D blueprints to print firearms[1] but it's almost certainly going to fall under protected speech as well.
The difference between the two is that encrypted data can also be considered speech while the actual manufacture/printing of a gun can be regulated. The big IF at least in the US IMHO is whether the government can force private companies to not offer E2EE but there is 0% chance that encryption in general could be criminalized. i.e it will always be legal to send PGP encrypted text through WhatsApp or a private Chanel (self-hosting IRC, email, etc.)
So the hypothetical law you proposed wouldn't be legal in the US. On the other hand, if major companies are forced to break their E2EE, it will make the rest of us stand out like a really sore thumb.
Indeed. It would appear all the necessary components for encryption are impossible to ban, by simple common sense if not by guarantees of very basic constitutional or charter rights.
1. public and private keys (criminalize the possession of large integers?)
2. transmission and reception (criminalize freedom to speak or write or read or hear large numbers or random-appearing text?)
3. encryption and decryption (criminalize, as you say, some relatively simple math operations?)
Anti-encryption governments and law enforcement don't want this simple breakdown understood by voters. They'll emphasize fear (<insert_threat>) and shame/virtue ("what do innocent people have to hide?") Weak arguments but they seem to press stronger emotional buttons than the more principled (IMO) philosophical math and speech arguments that should guarantee freedom to encrypt forever.
The weirdest part of this is criminals making child porn already break the law, why would the law stop them using encryption? It doesn’t actually make sense.
From the article: "Tech companies should include mechanisms in the design of their encrypted products and services whereby governments, acting with appropriate legal authority, can obtain access to data in a readable and useable format"
They would target companies, not math or protocols.
But software is written not only by companies. Single person can deliver to millions of users and remain anonymous if he's careful.
So drop the idea you can prevent encryption, learn to live with it. Drop the idea of giving your policemen ability to time travel and listen to anyones private conversation from the past while remaining invisible. It would be nice for you but physics (of internet) does not allow it.
I love how governments love to pretend that either none of these crimes happened prior to the digital communication age or that they never caught anyone prior to it (which they definitely did).
Let's also take a step back and consider the series of events and how this would play into that. Under normal circumstances, you need a warrant/reason to look at such data and communications. The theory here is that if they could decrypt everything that would make their job much easier. Fair point. But in the world 20-30 years ago these tools never existed so there was no such communication to capture. Which means the evidence was non-existent.
Yet, through other means of investigation they were able to identify and gather evidence against these criminals and prosecute them. How did they do that? It's because these are real world crimes (meaning not purely residing in the digital world) so there is real world evidence to be gathered. And all the other methods they have without decrypting data still applies. That can mean tracking credit card charges, phone calls, cell tower pings, etc, etc. As we know, they can build out quite a substantial profile of a criminal network in that manner. They can correlate all sorts of things and gather insights into the data.
This is just government pulling a classic fear-mongering bullshit tactic wrapped in a "think about the children!" plea to simply make their lives easier while simultaneously trying to whittle down our privacy rights even further.
Interpol is a bloody joke. Recently they accepted a submission from Russia to put an international arrest warrant on an activist named Ihor Mazur right before he was going to EU to appear at some conference. The guy, is not a terrorist, nor an extremist, but he was arrested on the Polish border and it took 2 days of effort from Ukrainian and Polish embassies for Interpol to finally accept the Russian claim as bogus and withdraw the warrant. He was eventually freed, but for Interpol to even accept this from Russia on their word alone was insane.
The weirdest part of this argument is that law abiding people get no encryption while people who break the law will still have access to encryption, so how does it help you catch pedophiles?
I don’t really understand how this will work in reality for things like SSL or ssh.
The idea is that if only criminals use encryption, they can go after every user of encryption and do some enhanced interrogation on them, since they are obviously up to no good.
But I also don't understand what they plan to do for online shopping and so on.
I think that's how it should be argued. Strong encryption software exists. It's on the internet. You can't make it disappear. If you outlaw it, law observing people won't use it. But how would you force a criminal not to use it if you can't force him not to abuse children?
First assume that a random-looking message is sent only by criminals.
Second, ignore the theoretical problems with measuring kolgomorov complexity of a message. That's just academic mumbo jumbo - "can I zip the message?" is good enough.
Third, buy $80 car battery at HD with $20 booster cables.
No - the really weird part is that you know that both law enforcement and politicians will all get to use unbreakable encryption...
...but somehow, anyone else using such encryption will be deemed a criminal.
I say what is actually being attempted is that law enforcement and politicians (and our governments by extension) are just wanting to hide their criminal acts behind encryption - but project those criminal wants and ideas onto the ordinary citizen as an excuse.
If we as a society fall for this ruse, children will still be exploited - by the connected and the powerful in our governments, as they currently are today. It's just that these people want that capability to themselves, they want it secret, and they don't want the small players to have the same abilities.
If recent events haven't shown people that, they aren't paying attention and deserve the misery they will build for themselves. They essentially want a future where they can continue doing what they do today, but without the oversight that eventually leads to them needing to "secretly" kill off a person who might rat them out (and then do whatever it takes to suppress any and all mention in the media of any follow-up to the story - we are watching this happen real-time, and I don't know exactly how it works, but it seemingly is working very, very well - despite all the evidence and everything else already out in the public domain; there are forces and organizations that want it buried - and they are currently winning).
If only they have unbreakable encryption - and oversight of it all - only they can get away with it and not have to worry about those pesky stories (and should anyone internal to the system harbor objections - then they can be easily eliminated without anyone knowing either - or at least they think this, I believe).
> law abiding people get no encryption while people who break the law will still have access to encryption, so how does it help you catch pedophiles?
If only people who break the law use encryption, then everyone who uses encryption must be breaking some law (that is, "(~lawbreaker => ~encryption) => (encryption => lawbreaker)").
That is, instead of having to do all the work to find out if the guy is really a pedophile or something else, they can simply arrest the guy for using encryption. It's a lazy approach.
> I don’t really understand how this will work in reality for things like SSL or ssh.
It wouldn't, these protocols (and many others) would have to be basically rewritten, or we'd have to go back to plain HTTP and telnet.
But they'll allow a cutout for politicians and law enforcement (aka government) - ergo, such people -must- also be criminals.
Heck - we know today, encryption using or not - many within our governments are at best shady, and more than a few are criminals or perform criminal acts.
They say "think of the children"? Trust me - they already are, and not in the good way.
We have no idea just how far and deep the tentacles of Epstein's "system" went - but based on what we already know and/or suspect - it was far reaching, involving many high-up government officials, corporations, public and private universities, and likely more. It wouldn't surprise me to find out high-up law enforcement and quite possibly even individuals involved in child protection systems were involved as well. I'm almost certain there were more than a few state governors involved. Probably also members of the media, bankers - if you can think of it, Epstein probably had one or more of them involved.
They didn't want him to spill the beans. And now, they want things to be even more quiet, so they can monitor, but can't be monitored themselves.
This is such a tired argument but is becoming more and more widespread. It's time for IT professionals beyond just the activists like the EFF to stand up and explain how encryption is good and necessary.
However, if newbies come into the discussion faster than they can be brought up to speed there's a risk of an "Eternal September" effect diluting common sense, so you're basically right about how we should all be explaining it to our friends and family and whatnot.
Every time somebody tries to exploit the children protection narrative to justify a privacy/freedom withdrawal it's a huge red flag.
E.g. at the time when the government was introducing the websites blocking system in Russia they spoke about blocking underage porn but as soon as the system was deployed they started to block whatever sites they dislike (for political reasons or for money) every day.
So in the same time they should condemn democracy and freedom, as they're having exactly the same effect. It is much easier for police in authoritarian countries to prevent crimes and find perpetrators.
But if they don't condemn democracy and freedom, they should also not condemn encryption. The ability to communicate privately, or saying things outside the consensus anonymously, is an important tool for citizens to protect democracy.
The Interpol job is to protect the law under the settings of democracy and freedom, not to try to change those settings in order to make their job easier.
"It is much easier for police in authoritarian countries to prevent crimes and find perpetrators."
Is this actually true? This sounds like one of those bits of received wisdom (like the trains supposedly running on time under Mussolini) that turns out to be bogus. I'm not sure that the expansion of police powers under authoritarian regimes has anything to do with making them more efficient at preventing or solving crimes that are crimes in all regimes (e.g. murder, rape, etc). I would at least need to see some evidence that clearance rates are better in authoritarian countries.
Authoritarian states tend to be not as advanced technologically (one consequence of authoritarianism!), thus their police forces should be less efficient in general despite the increased powers.
But controlling for other factors, why wouldn't enhanced surveillance help catch criminals? It's a pretty logical claim.
Perhaps you should look for the evidence and bring back to us. For now, it is reasonable to accept the common sense statement.
Given the needle in a haystack effect? Common sense has proven itself wrong repeatedly
It was "common sense" that merchants had to be frauds because the value of goods was universal and they had transport labor.
Besides just because they can doesn't mean they will. Authoritarians are also infamous for both corruption and finding rooting out dissidents a higher priority than what most would call actual crime. All other things /aren't/ equal.
Common sense is an useful tool. It helps us estimate outcomes when data is absent or scarce, even if it's frequently unreliable. When I leave my desk to go to the bathroom yet again, I expect it to be there. Can't prove it, but it's a reasonable assumption. Without it, every human action would require scientific studies and high quality measurements.
The way to contest common sense isn't to point out that common sense is often wrong; instead, it's to provide data. My assertion is that when going against a statement strongly rooted in common sense and, YOU are the one who has the burden of proof.
Yes, perhaps authoritarians would do a worse job at catching criminals if they were omniscient? I'm not saying that you ARE wrong, just that you are LIKELY wrong and thus you should provide data to support your claims.
You're correct. Authoritarians are also infamous for idleness and piss-poor execution of their duties (as well as corruption), as their are accountable to the power hierarchy above them but not necessarily the citizens. Thus, the motivation to protect citizens from crime becomes a second-order task - the real task is to stay in good with the authoritarian state.
The argument is not about 'enhanced surveillance' in a vacuum; it was about authoritarianism. The idea that police are more effective given more power IMO requires proof; it seems just as plausible that the absence of checks and balances on their behavior makes them more prone towards arresting and successfully prosecuting innocent suspects or failing to prosecute crimes that aren't advantageous to them to investigate.
The idea that police in an authoritarian state are just like police in a democracy only with more powers seems hopelessly naive. Everything about their structure and accountability is different, and it doesn't seem to follow from some "common sense argument" that you can just assume they are more efficient controlling for technology.
Most so-called democratic governments are running the same game. They support the word democracy, but when it comes to all the parts that actually make democracy work they often take the authoritarian stance.
“Tech companies should include mechanisms in the design of their encrypted products and services whereby governments, acting with appropriate legal authority, can obtain access to data in a readable and useable format.”
Yes, because governments always act with appropriate legal authority, by definition, right?
It's so obvious to many of us that 'think of the children' is a disingenuous argument, that it's difficult to articulate a counter-argument which would be emotionally valid to someone for whom this is not obvious. Here is my attempt:
Someone whose child has been kidnapped, would sacrifice a great deal to get them back. A lot of the things which we hold dear, our dignity, privacy, democracy, even rule of law - would pale into insignificance to against the loss of a loved one. But for that very reason, we should not look to victims for a standard of how much the police can override our civil rights. The standard of 'what the police can demand from honest citizens' cannot be 'what a mother would sacrifice for her child'.
This is why Tor and onionland is a lawless wild west. All so that journalists can report and trade documents, and so that repressive regimes can't easily censor access to news and information. This is the cost of encryption: you get all sorts of scoundrels in the mix in the name of privacy and security for the masses. Some might say this cost is too high: that scoundrels are running rampant and won't stop their criminal actions. But without this we get a broken backdoored Internet where no such privacy/security exists and could actually cause more damage to society since spying would be rampant.
Reminds me of the old saying, if you outlaw guns then only outlaws will have guns. Maybe this would be an analogy politicians could understand better when it comes to encryption!
Surely the analogy would break down quickly on closer inspection, but politicians live and die by sound bites, not by thoughtful consideration and debate of all points of view.
So to fight fire with fire, when faced with the "protect the children" argument that stifles debate, counter with "a government who takes away everyone's encryption is one step away from taking away everyone's guns". Then see how that plays out with their constituents.
After normal citizens stop being able to use "unbreakable" encryption, only criminals will be able to use it.
So you will get the same "terrorism" and "child pornography" as you do today, but we won't be able to protect our privacy from state actors (or from tech companies and their employees) who will develop the upcoming wholesome, good-enough-for-you encryption.
By the way, is XOR considered "strong encryption"? Is it if an one time pad is used? Just asking :).
The issue here is that you can't stop people from using encryption; they'll just start using a combination of encryption and steganography for example.
It isn't like we are dealing with people who are afraid to break the law.
I don't follow this argument. Compromising commonly used encryption means less people will use hard encryption. That goes for criminals too. They won't all just switch to a hardened scheme. Some will switch, some will go with the compromised version, and some might even stop the criminal things they are doing for fear of detection.
The question is whether this means it's worth compromising encryption.
I can’t imagine that a significant number of criminals who are involved in sexual exploitation of children would suddenly be unmasked due to any government imposed rules about encryption. At best you’d have a small wave of folks caught off guard.
The "question” is a false premise. You can’t stop people form using encryption. The people who are strongly motivated to use it to cover their criminal activity (the more heinous the more motivated they’re likely to be) are still going to. The knock-on effect is that you give the police and governments the keys to the kingdom against people who are probably not committing heinous crimes.
The abuse potential increases with little to nothing gained for the rule of law and the common person.
People have been committing crime and hiding them (the key component to not getting caught it turns out) since humans decided to implement laws. Weakening encryption isn’t going to stop that and it’s a hollow argument.
This is repeated often but that doesn't make it any truer. Legislation can make people use ineffective encryption, or prevent the use of it. Remember when SSL certificates had 48 bits effective key length? It was legislation that caused this. People used bad encryption because of the legislation. Remember when PGP was the only end-to-end messaging scheme widely available? Only very few people used it. Its reach was hampered by legislation. (In part; let's not forget bad usability.)
Most people are unaware how the services they use are protecting them from eavesdropping. Sure some are careful and research the failure modes in the security of their communications. And some would go to any length to keep their communications encrypted. But the less mainstream it is, the easier it is for them to fuck it up. Suppose due to legislation no apps in the Google Play store can do reliable end-to-end: Suddenly you have these "privacy conscious" people downloading an App binary from some random site because they heard it was "good". Yeah right we know how that story goes.
By all means, argue that ubiquitous encryption increases security for all of us. And I'm your friend. But don't go claiming that compromising mainstream encryption wouldn't hamper security for the bad guys. Because it absolutely would. Like for the rest of us!
Of course, if a child predator really wants to conceal their communication and it's not built into the chat service, they can do so using, say, PGP and some sort of steganography.
On the other hand, that law enforcement agencies can catch criminals today using e.g. Messenger means that there are criminals that are not careful or savvy enough to do so.
IMO end-to-end encrypted chat should be regarded as private eye-to-eye conversation. It's understandably convenient for law enforcement if it isn't. In the end, that a criminal can say something incriminating to another in private is not a new problem.
I understand that child predators are thrown around a lot as an example of why backdoors are needed - but, in reality, it's the worst example.
The crimes that warrant a violation of public privacy would need to be those that create _systemic_ risk. Like on the order of the 9-11 attacks that were so disruptive to the entire country that they merit a (temporary) privacy sacrifice.
Child predators are used for their emotional bait, because everyone agrees they are hated, but for all the horror they inflict, they do not cause a systemic problem.
IMO, the reason they always use the child abuse excuse for encryption backdoors is evident in this thread discussion.
Nearly all people are against child abuse / porn. But if a person says "I'm not willing to give up secure encryption worldwide just because it is used for child abuse / porn", a pile of people will say "It's not acceptable for one child to be abused!"
Of course it's not acceptable. But should everyone in the entire world lose their privacy, even if it eliminated all child abuse, which obviously it won't?
To me, these encryption backdoor ideas are rarely about law enforcement. They are about people in power wanting to maintain and extend their power.
Criminals who want to use unbreakable encryption will always have easy access to it because encryption is an easy technology that anyone can use. Governments can make whatever laws they want, but it will mainly affect law-abiding citizens. The criminals will just ignore them, as always.
The people pushing this backdoor encryption agenda are not stupid. They know that criminals will ignore these new backdoor rules, which is why I believe it is really about power, not child porn.
Fight against pedophilia has always been one of the common excuses (the other being terrorism) used to install spying devices everywhere, even despite very few actual organizations that fight the problem actually asking for such things.
I would be sad to hear that it would indeed be a useful tool, because the behavior of western government in the last 20 years at least makes it impossible to trust them on that one.
There is a huge part of the public that does not understand the implications of encryption, but they are moved by any mention of fighting against evil (and pedophilia is a scare for most) and these people have the right to vote. With enough propaganda, they would vote happily on anything, so this particular one is an easy one.
So, where is Ghislaine Maxwell? Shouldn't the all-seeing panopticon we've already constructed be able to pinpoint her location at a moment's notice? I'll believe all this surveillance is really about "predators" the day I see her taken into custody.
Have any of these proposals to require companies to provide access to law enforcement included any concrete suggestion of how, exactly it should be done without also providing access to bad actors?
It sounds like Interpol et al. are just saying "make 1 + 1 = 3" and expecting the nerds to figure it out.
There must be an algorithm that we can apply to show what such a change will have for society. If the probability is that the change is negligible, we should consider allowing it. But if the probability is that the change is overwhelmingly "bad", we should not allow it. Let's not argue from ignorance. What are the numbers? What are the ethics?
For example: Say if we listened in on all connections, we would catch an extra 200 predators. But we also know that several hundred million people's private conversations would be scrutinized by government(s). We know from historical precedent that letting child predators go unnoticed means more children get abused. But we also know from historical precedent that governments scrutinizing otherwise private information about citizens leads to abuses of government's powers, and of citizens' rights.
An algorithm could show estimates, such as "for this given change in the US, 1,750,000 people's rights may be potentially violated for every 1 new predator arrested". But if the value was actually 5,000 additional predators caught, this would become "70,000 people's rights potentially violated for every 1 predator caught". This is of course a very wacky over-generalization based on some ballparked numbers, which is why an algorithm with more data could give more realistic probabilities.
But also from the other side of the algorithm, you could look at our historical access to privacy. Telephones and mail have been monitored in the past by law enforcement. Now that we have privacy, we don't want to give it up. But would it actually benefit society more to have less privacy? Again, you tune the algorithm to take data about when we had privacy and when we didn't, what the outcomes were, and what the potential new outcomes are from a change. It could be that as a society, we actually don't significantly benefit from, or could do without, total privacy of remote communications. But then again, our transactions weren't all remote. All of these considerations (and more) if compiled in some way that could be easily analyzed, may lead to a conclusion that is easier to reason about.
> Telephones and mail have been monitored in the past by law enforcement
But is that in any way comparable with automated surveillance? I think a fitting analogue would be having every mail scanned and archived. Different circumstances...
I doubt the numbers game you are proposing would net any insights, since it has a hidden premise that child trafficking can only be prevented with restricting encryption.
We need to solve child porn, but law enforcement always uses this example when talking about encryption to help us forget that the state is the enemy. When people start demanding concessions from the state in the midst of an economic crisis, the state will use its powers to suppress protests and ensure wealth continues to concentrate in the upper strata.
We see this in revolutions all over the world at this very moment. The state is dangerous and the police are not to be trusted in this way. The police stand against a democratic and equitable society. We must never forget this.
Banning encryption is like requiring that all your walls be made of glass and that the police can search your home at any time, for any reason, without warrant.
A personal electronic device, and the connections made with it, are extensions of the person and their respective home. A literal ban on encryption is probably the single largest step any government could take towards becoming a dystopic, tyrannic, borderline-criminal entity.
(I originally posted this comment under my reddit account, /u/lovecars.)
Note that the politicians and the law enforcement people (and the government by extension) will have walls built you can't see thru...
...gee, where do you think all the criminality will be occurring then?
In a way, they'd be figuratively shooting themselves in the foot. Right now, they can somewhat get away with their criminality, because they are more or less noise in the signal - since everyone has "walls" that can't be seen thru.
If they get their way with this kind of legislation, you know there will be an exception for them.
Once the people realize that the criminality continues, they will look around and say "well how's that possible? if only criminals use encryption...<lightbulb turns on>" - and then they become the targets of the people.
Of course, the people should have realized this NOW - not later...
The "going dark" issue has been known for something like 30 years now. Law enforcement has had a lot of warning. Instead of modifying why way they did things they instead wasted their time by buying various sort of cracking technologies. Any idiot could see that such technologies were a stopgap measure. Now those technologies are not working very well, or at all, and law enforcement is acting all surprised and outraged.
On the other land, do you want to live in a lawless society where there is freedom but no personal safety, and why would the internet be any different in that regard?
The assumption is to let law enforcement do their job with safeguards in place to prevent overreach. The tech community are in a good position to monitor overreach and provide transparency, right?
This reminds me of the cypherpunk movement in the early 1990's (more information: https://en.wikipedia.org/wiki/Cypherpunk ). We have seen this kind of threat before. We need organizations like the EFF and ACLU more than ever.
I see this as an existential threat to human civilization. It poses a very significant risk of creating power asymmetries between the politically connected elite and the masses that lead to highly unstable social hierarchies where states have total control over their population.
I'm unclear how this could help law enforcement deter or solve crimes.
eg Why does the FBI need to unlock a spree shooter's iPhone AFTER the mass killing? What new information could they possibly learn? That the now dead murderer had mac & cheese for dinner beforehand?
This is nothing more than an extension of technology enabling both good actors and bad actors. I refuse to penalize/water-down technology solutions available to good actors because there are a handful of bad actors that make some of us clutch our pearls.
They can't. That's why legitimate users won't be able to use encryption (because it's against the law) and criminals will still continue using it because they can and they don't care.
This ask presupposes a huge amount of trust which simply isn't justified considering the history of governments. I prefer my trust to be guaranteed; with like, y'know, cryptography.
Look at the Marc Dutroux case, where evidence clearly suggested that the predators' network was located inside the government itself... gives a new light to Interpol's views.
I hate to say it, but us (citizens of the internet), are fighting a losing battle. Gone are the days of the internet being an open, connected hub for worldwide culture.
throughout history, bad people protected themselves from good people using the same technologies by which good people protected themselves from bad people.
if you remove the former, you also lose the latter. there’s nothing more to it. anyone advocating for removing the former must first be clear that they are abdicating the latter. any other framing is a lie.
Lots of criticism here, fair enough, it’s very worrying to give non-transparent institutions this kind of power, not to mention the technical feasibility.
But... what should be done about child pornography, then? The ability to disseminate it with impunity is a problem we can’t just pretend doesn’t exist. Using online platforms pedophiles can monetize and go full time professional in countries where children are easily exploited. Nobody is coming to save those kids.
If we're going to throw out anything and everything to win that unwinnable battle, first goes encryption, then cameras, then computers, and then finally all humans after puberty.
Obviously there must be some reasonable limit, and making all encryption illegal (or just for civilians, and then shady stuff will start happening under govt and corporate encryption) is truly throwing the baby out with the bathwater, in that digital society can no longer function.
We don't stop selling knives because some people get stabbed with them, they still sell AR-15s in America despite ridiculously frequent mass shootings, so I can't see where the logic is coming from for making encryption illegal.
Yes I agree with you. But at the same time, I don’t feel comfortable knowing what is going on and just accepting that it is a cost of liberty. We are talking about the worst, most harmful most exploitative human behaviour that destroys lives. If we can’t introduce some nuance and proportionality here then well I think we are doomed.
Guns aren’t a good example... I mean guns are regulated? There isn’t total liberty there.
Well, encryption doesn't cause child exploitation, very much like how the air we (and criminals alike) breathe doesn't either. Limitations of police powers are there for a very good reason, and it's not like there wasn't much crime when they were introduced. I think it's short-sighted to give up our civil liberties because of crime.
Your answer is in the monetization system and old fashioned police work and auditing. The financial transfers are already regulated and monitored. Investigate and trace and even if the other end is under absolutely no influence (unlikely given diplomatic clout and foreign aid). Investigators doing their job can still obtain a list of everyone who was party to paid remote molestation schemes.
Of course the dirty secret is that 'for the children' is just a pretense. We can tell because their current actions show that they don't give a damn about the children or their welfare.
You are manipulating: if there is a problem and the solution that is proposed is excessive, rejecting the proposed solutions does not move the burden of finding a solutions on the people rejecting it. For example, I propose to stop everyone from breathing, it will stop pedophiles; if you don't agree, you have to provide a solution for pedophilia. Not a logically sound argument, is it?
I’m genuinely interested if anyone else feels uneasy about just leaving things the way they are, and if they have any thoughts about what could be done instead of compromising cryptographic integrity. Sorry if that came across as an attempt at manipulation, not my intention at all.
It is not our responsibility to find a solution for pedophilia. For example, I am an IT manager, not a policeman and not a law maker. Yes, I would like to know a solution exists and it will be implemented like I would like to know there is a cure for cancer, but it is not my expertise to find it and I have no expectation that a discussion about encryption will find the solution for pedophilia.
IMO trying to attack dissemination of CP is like trying to intercept bullets midair (perhaps even harder). There are countless ways to smuggle porn, just as there are countless ways to smuggle drugs. Drugs are harder, and yet they still can't prevent it.
Maybe it's time to think of an alternative approach.
Find a way to cure the actual problem in society. Even if you set up a magic filter that stops every single such image from being sent, you don't end up saving children. Instead, we should focus on solving that problem.
> it’s very worrying to give non-transparent institutions this kind of power
What power do they have? They issued a statement. Anyone can issue a statement.
Here's jrockway's statement denouncing the color orange: it's bad. With the color orange in the wild, people will be confused about orange the color and orange the fruit! Wow it's bad!
All this shows is that I'm a crackpot, not that I have too much power.
I had an idea that a decent compromise is to limit keystrength, but not have any kind of backdoor.
This way the vast majority of communication is protected, and the government can't just spy en mass.
But, if there was some specific target they could throw a lot of computing resources at it. But they would need to know in advance who to target, they couldn't just have a wide dragnet.
If a cipher can be broken by the government, it can also be broken by narco cartels or mafia states. The targets will be key decision makers, not regular citizens, but their decisions, coerced by those mafia states, will harm regular citizens.
Unlike physical locks, breaking encrypted data doesn't need physical presence. This means that not just local authorities under an elected Sheriff can break into one's house, but also completely random people from say China or KSA can teleport in, break in and kidnap the data.
In the near future we'll have a brain-to-computer-to-internet interface. This will be a big leap forward or backwards as it can be used for rapid collaboration or total undisputable survelliance for a greedy dictator. The crypthography case today will set the precedent for tomorrow. Btw, even the 24/7 thoughts monitoring can be used for good: someone really advanced, a saint-like person, could be giving advice on what's wrong with your thoughts. But we understand that the humanity is far from this level of maturity.
> if there was some specific target they could throw a lot of computing resources at it
1. Yes, for many (too many) values of they. "Your" government, all governments, so essentially any corporation, or any private individual that can afford time or computing resources and is interested in a target.
2. This scheme doesn't age well. Targets' mandatory low-grade encrypted communications today could be saved as blackmail time capsules, much more easily decrypted with cheap resources in the too-near future.
Throwing computing resources at it can be fairly accessible to small groups or even individuals as a result of 'cloud' computing. There are examples of people coordinating a large number of cloud instances for a short amount of time to crack hashes, and it was surprisingly cheap.
I don't have a reference on hand though.
This also makes it trivial for nation states and larger groups to decrypt whatever data they're able to sniff. It would actually encourage more groups to get into more places where they can sniff more data.
There is no need for a compromise - why do that? I have no reason to give up on any of my freedoms, including the ones that I don't care about, I don't use or can be used to do bad things. I am not willing to give up anything, that is a slippery slope, so there is no compromise to do.
Of course it would be easier for the police to catch bad guys if they had full-text search access to all conversations and content, worldwide. That doesn’t mean it is a good idea. They’re asking for something to make their job easier... can’t blame them for trying, and of course who doesn’t want to catch people who harm children?
But it’s not their responsibility to account for negative side effects. That’s our responsibility, as citizens who are in charge of our governments. And we have to remember that governments and police can hurt children too. Look at what the border police in the U.S. are doing right now. And when it comes to fighting that sort of thing, encrypted comms are essential for political organizing.
This is on top of the obvious and many benefits of encryption in protecting us all from crime.