From an American perspective: it's because police are idolized and worshipped on the nightly news just about every single day. Growing up, speaking ill of the police was second only to speaking ill of God himself, and this isn't an exaggeration. There are no cops in my family, but this reverence is still held. My family is quite religious, and I wonder if that plays a factor (I would suspect it does).
It's just another form of tribalism, picking teams, and blindly supporting your chosen team.
Religion is the same, pick a team and throw critical thinking out the window.
Supporting police vs. the criminals, there's an implicit dichotomy: who do you support? if you're not with us, you're against us. You don't support the criminal team, do you? Go blue! Blue lives matter!
Employment: which company is your team? You must be employed, now go choose one, and let your employer even define talking points for defending its poor behavior at family gatherings. [0]
Politics: Red or Blue, pick one and always vote your color no matter what the consequences.
Once people are engaging in teams, they're largely no longer thinking critically about the substance anymore. It's no longer relevant, the priority is being aligned with their peers.
In the US, the police force is locally raised and what training they receive at the police academy is short and poor. There is no attempt to form them into an anonymous "arm of the law", they are just locals enforcing local mores. If the people would approve of the sheriff jailing a black teenager by mistaking the birdshit on his car for cocaine (https://www.vice.com/en_us/article/zmj9gx/nothings-happening...), the cops will do just that.
That would explain why even when people distrust the government they approve of the police, simply because they are not the government from far away imposing an alien law, they are the local posse keeping order.
As a counterpoint, the Chinese police in Hong Kong are exactly an anonymous arm of the law (masks included), specifically because it would be harder to get locals to be so cruel to their own.
It's little surprise people want to keep at least some sovereignty local.
The various denominations of Christianity tend to view government as a manifestation of the divine order. It's easy to see how that can degrade to blind submission to whoever sits in power. The official Catholic position is here: http://www.vatican.va/archive/ENG0015/__P7W.HTM
I have a related question, which is if the government's argument is valid, then why not extend it? Why not require cameras in every room of the home, so that if abuse or molestation of a child occurs then child services can step and remove the child, and the parents be prosecuted? You might also argue that if you don't accede to this simple request, then you must have something to hide.
Let's extend it with reason instead. Everyone has something to hide, but the people with the most power can do the mosr dangerous things. We need power-progressive surveilence: everyone with lots of power over the lives of others should have their choices and lives be scrutinizable by those whose lives they affect.
- Random ordinary citizen? Leave me alone.
- Someone in a law enforcement agency? Jail time if their mandatory badge came stop functionioning, with all the footage being public data.
A powerful politician? Billionaire CEO? Board members of a massive international corporation? 24/7 livestreamed public surveillance.
After all, the worst the average person can do is shoot some people, but those who hold power can ruin the lives of millions with a word, and often do. They shouldn't be allowed to get away with it, and if they don't like it, they can simply step away from power.
I honestly believe this, but even if you don't, it's worth considering why it's always a discussion of the powerful privately and secretly monitoring the weakest in society, rather then the other way around. Almost like its purely a reinforcement of the existing hierarchy.
I make a similar argument about the age of transparency hurting the elite more than it hurts common folk. If you make all my data public, I'll be at most embarrassed. If you make the elite's data public, that includes the location of dead bodies.
You wouldn’t just be embarrassed. Job interviews, health insurance policies, even the prices or discounts available to you may all come under rational consideration.
"The accused never purchased an Alexa, carefully disabled all Android smart assistants, and even when his diligent neighbor across the street purchased a Ring for neighborhood security and protection, the accused immediately planted a very large hedge row in front of his home."
Wow, you managed to pack so much wrong in such a small space, I'm a little impressed! First, at worst I've induldged in a slippery slope fallacy, not a strawman. However, I'm not making an argument, really. I'm asking a hypothetical question.
As for the absurdity of placing monitors in every room, I'm surprised someone on HN would raise that objection. IoT devices are dirt cheap, and whats more, many people voluntarily install them. The government could easily choose to subsidize Nest/Amazon/Google devices - for the low low price of free access for your protection. Maybe you would get insurance premium discounts. Many would jump on that deal.
Then you use a straw-man yourself, implying that this system would require constant human monitoring to be effective. It wouldn't. The data would be used in the same way security camera footage is used now, to be used as evidence after-the-fact, and so, as a deterrent.
So, rather than reflexively attack me, how about engaging with the thought behind it?
Politicians are responsible for some of the most critical decisions affecting a whole country, and they are also accountable in front of the people. So to improve on your idea, I'd say they should be the first to wear such an always on camera/microphone and wiretapping of every device they use. This way any attempt to corrupt or extort them would be mitigated. Why should we only think of the children when politicians are constantly the target of attacks and tempted by corruption?
Yes, it would be a massive privacy violation but given the kind of power they wield the checks in place must be equally massive. Trying to bypass these measures in any way could even be treated as a national security threat.
Yes, it's a serious problem but even onerous approach you describe has a fundamental weakness. Since even prisoners in jail are able to obtain and use drugs, we should expect such a system to have failures and due to the nature of aggregated political power. Even a small number of such failures can have outsized negative consequences.
There is an alternative approach to mitigating this problem which is easier, cheaper and more effective. We need to reduce the concentration of political power by making politicians and beaurocrats less powerful. Since the benefits of political power tend to amplify over time, we should limit all such positions of power to single terms. Once elected to any state-wide or national public office, you can never be elected to another. One and done. If there are no 30-year career politicians, the value of influencing them is greatly diminished.
The next step is to reduce the amount of power centralized within government. Much as bank robbers target banks "because that's where the money is", crony capitalists and lobbyists seeking regulatory capture target politicians because we've allowed too much power to pool in one place.
> We are saying three things. One, that strong encryption is necessary for personal and national security. Two, that weakening encryption does more harm than good. And three, law enforcement has other avenues for criminal investigation than eavesdropping on communications and stored devices (this is just one example).
Also: law enforcement assumes criminals and others are stupid and cannot not apply encryption and information hiding themselves. Plus creating your own chat app is extremely easy, so why even rely on the big and obvious ones, just DIY.
I mean, really, isn't this kind of a moot point from a dedicated criminal's perspective? Does the government actually have any power? Sure, you'll catch the idiots operating over a compromised channel, but it doesn't matter what laws you pass wailing about "the children" and "criminals" if the criminals are rolling their own or even just using PGP.
It should not be presumed that criminals are in any way smarter when it comes to technology. They may be more motivated, but when the options are less mainstream, they will make more mistakes.
Backdooring mainstream encryption will substantially decrease security for criminals. What is often brushed over by proponents is that it will weaken security for all of us.
Exactly. Also, crimes against children didn't happen before 1995?
This is an easy problem to solve with a proper whistleblower program. There are people adjacent to these criminals and they may be dependent or fearful of repercussions for coming forward. Treat them with witness protection and appropriate and large (millions) in monetary incentives. Like most things in life, you get what you incentivize. But this issue is about total surveillance not about protecting children.
Whistleblowing is incompatible with current child porn laws.
In several countries (Brazil, where I am from included), the law is that possession of child porn, for ANY reason, is a crime.
It means that trying to give evidence to the police, will get you in jail, even if the police doesn't want to arrest you, they have to, because that is what the law says.
Things get worse in certain countries that went along US child porn laws and ignored local culture and laws regarding related areas (for example, in Brazil age of consent is 14, and in some Brazillian regions marriage at that age still makes sense, usually due to harsh geography of the area that make it necessary, cue lots of young couples surprised when their personal photos are considered a crime...)
> In fact, we were never able to view the contents of his phone
They were also never able to learn what was said in the van before the London Bridge attack [1]. Are we okay with Renault providing a law-free space inside their vehicles? All cars should be equipped with always-on microphones. But don't worry! The audio will be encrypted, and only accessible with a warrant.
Edit: Just to make sure - this is satire, and the logical extension of believing people shouldn't be allowed to keep any secrets.
Responding in edit due to posting limit (way to make sure downvoted comments can't explain or defend themselves):
They can also record the person typing in their password, or recording the screen with cameras, or hardware or software bugs once they have a password to access the phone.
The analogy works perfectly, and while they may say the will not "treat an encryption backdoor like a universal bug", that's exactly what it is.
This isn’t a fair response. If law enforcement knows that some specific person is doing a crime, they can and do plant always-on microphones on their car. The law enforcement concern is that they can’t do that at all in this context. Even if you know for sure someone’s planning a serious crime, there’s no way to spy on their E2E encrypted communications.
Most law enforcement agencies argue (with varying degrees of believability) that they will not treat an encryption backdoor like a universal bug they can just listen in on whenever.
How would a warrant give them the ability to see what’s said in an encrypted chat? You can’t instal a camera on someone’s shoulder like you can put a bug in their car.
Nobody said their job was "easy" in the hiring advertisement!
When you get a Judge to agree that their is adequate reason and gain a warrant, you use your resources to surveil the target in public/private, using your considerable means as a law enforcement agency. Drones, bugs, malware, other espionage techniques.
This is nothing more or less than these agencies complaining that free peoples are making their jobs harder.
One big problem is cowardice: it is easier and safer to attack the liberties of law abiding citizens (because they won't shoot you in the face), in the hopes that, by sacrificing your citizen's liberties you might pick up a few more incompetent bad guys. Its way more dangerous to actually go out, do your job, and surveil a dangerous bad guy, who will shoot you in the face.
If that's a problem -- then the law enforcement complainers need to go get a new, safer job, and leave the heavy lifting to their braver counterparts.
I’m not saying end to end encryption should be forbidden, just that it’s a toxic argument to go “haha, stupid law enforcement doesn’t realize there are already places that are hard to spy on!” Of course there are, nobody thinks otherwise.
So what makes E2E encryption different, that the same arguments don't apply to other difficult-to-spy-on places? I think people should be made acutely aware it's not an assault on encryption - it's an assault on their right to keep secrets at all.
The difference is that, unlike forests and private spaces, (easy and consumer-grade) E2E encryption is new. Law enforcement is concerned that adding this new thing to society will change things for the worse. That's a reasonable concern in general, even if we don't think it's true in this specific case.
You don't have a general right to keep secrets from law enforcement. With a warrant, they can spy on you to try and get your secrets in ways that would otherwise be scandalous or downright illegal. If you don't think law enforcement should be allowed to steal people's secrets at all, fair enough, but that's a very radical view and I don't think most people supporting E2E encryption share it.
Cameras and phone surveillance and miniature microphones are also new. When technology encroaches upon privacy, "that's just the way things are!", but when it protects it, "it's new and different and must be restricted!".
More to your point, I do think law enforcement should be allowed to spy on people when necessary (by whatever definition of 'necessary'). But that's a far cry from saying that people should be compelled to assist in the spying.
There's no warrant to compel someone to knowingly carry a bug.
It's time for a careful analysis by a qualified cryptographer of how key escrow weakens the protections encryption is supposed to afford.
Schneier does conclude his post with a general "weakening encryption does more harm than good", but the title still uses the term backdoor. No one who's learned a bit about crypto (omitting Lindsey Graham here https://www.politico.com/news/2019/12/10/tech-companies-bipa...) is advocating for a "master key," short key lengths or backdoors that use obscurity to keep bad actors from exploiting them.
My guess to how key escrow weakens protections is through implementation mistakes. Are there also mathematical weaknesses that effectively shorten the key length making brute force more feasible??? Why is the discourse on the anti-lawful-intercept side so imprecise?
Key escrow doesn't change the fundamental mathematics behind the key. It's entirely an implementation detail / matter of trust. You're sharing what would otherwise be a secret with a new party. If they are untrustworthy or get compromised, it's no different than if you got compromised directly. But now you have roughly 2x the exposure.
> The third party should be permitted access only under carefully controlled conditions, as for instance, a court order. Thus far, no system design has been shown to meet this requirement fully on a technical basis alone. All proposed systems also require correct functioning of some social linkage, as for instance the process of request for access, examination of request for 'legitimacy' (as by a court), and granting of access by technical personnel charged with access control.
The social issue is a significant problem. How do you make sure court officials are not bribed? Who has access to the key escrow service, and what sort of checks make them trusted? Employees snoop on things all the time [2, 3, 4]: how are you going to ensure this does not happen with all communications for an individual?
Law-enforcement agencies in the UK, to name one relatively liberal country, had no qualms about using their anti-terrorism tools to track and arrest minors during, after, and even before climate change protests. "Think of the children," indeed.
> In fact, we were never able to view the contents of his phone because of this gift to sex traffickers that came, not from God, but from Apple.
Thanks to the poor state of U.S. education, inscrutable nature of encryption, and the failure of secure software developers to protect nearly anything at all, this sentence remains unintelligible to most Americans.
Given the above three, God created the universe knowing he was creating it in a way that said sex traffickers would come into being, and that they would get access to said phones/encryption.
It is literally impossible for the first three items to be true and the consequence to be false. As such, "this gift to sex traffickers" did, indeed, come for God (and Apple).
It depends on what you think omnipotence is; if you believe that it is constrained by consistency (God cannot create a square circle) then it could be the case that any world created would have some evil. Then a benign God could create the "best possible world" in which bad things happen.
Even given that, He chose to create this world, with these people. Choosing between 2 evils doesn't mean you chose evil, but it does mean you chose an evil.
