[tptacek]

This seems far-fetched. Encryption has historically had zero effect on law enforcement, but collection of electronic evidence has made thousands of felony cases. Meanwhile, the issue isn't simply what criminals encrypt today, but the fact that everything they do will be encrypted in 15 years.

[Alupis]

> the issue isn't simply what criminals encrypt today, but the fact that everything they do will be encrypted in 15 years

Everything everyone does will be encrypted in 15 years -- and that's a good thing. It makes it harder for the bad guys to be, well, bad.

Identity theft happens to far more Americans every year than the number that have been involved in a terrorist attack since the founding of our nation.[1] Backdooring/weakening/banning encryption will literally make stealing people's identities far easier. We want to make the government's job marginally easier to spy on everyone at any time, but we're ignoring the major side-effects of doing just that.

[1] http://www.techjuice.pk/a-data-scientist-explains-odds-of-dy...

[tptacek]

I'm confused as to why you keep bringing terrorism up. I haven't brought it up once. I am not especially concerned with terrorism, and I'm not especially concerned about identity theft --- at least, not to the point where I think we need to address it with regulation on consumer devices.

[dragonwriter]

> Meanwhile, the issue isn't simply what criminals encrypt today, but the fact that everything they do will be encrypted in 15 years.

No, everything they do will not be encrypted in 15 years. Most relevantly, except when the crime at issue itself is an act of communication, the crime won't be encrypted, or even subject to encryption, so all the usual police work that enables solving crime based on the actual criminal act and the evidence naturally attaching thereto will remain available.

[tptacek]

I'm not sure what this has to do with my argument, which is that electronic evidence definitely plays a nonzero role in law enforcement today.

[Alupis]

The argument being laid out is that electronic surveillance, in whole, has played a very minimal (close to zero) role in law enforcement. None of the NSA programs can be attributed for stopping some plot on their own[1] - the few they did lay claim to already had mountains of other kinds of evidence collected through regular law enforcement means.

Coming back to the encryption debate - if we cannot stop plots and crimes from taking place that were orchestrated over clear-text communications[2][3][4] - then there is practically zero hope of success by forcing everyone to not encrypt communications.

To say that better - if we can't stop crimes that are communicated in clear-text, then having the ability to decrypt messages does not change our probability of success.

Yes, encrypting all the things will provide some level of convenience for the "bad guys", but it also provides immense levels of security for the "good guys", as well as us regular people. Going back 15 years - we did not have capabilities to intercept and decrypt mass communications - yet we still caught the "bad guys". September 11th happened, and now we're all still whipped into a frenzy thinking somehow if we could just backdoor encryption, we would have prevented that attack (which is absurdly false).

The big point I'm making - backdooring/weakening/banning of encryption makes nobody more safe. Maybe we catch one or two plotters before they do something - but we also expose all citizens to online attacks on their identity, finances, privacy, and more.

[1] http://www.nbcnews.com/news/other/nsa-program-stopped-no-ter...

[2] https://theintercept.com/2015/11/18/signs-point-to-unencrypt...

[3] https://www.privateinternetaccess.com/blog/2015/11/after-par...

[4] http://arstechnica.com/tech-policy/2015/11/paris-police-find...

[tptacek]

Please stop doing this. My argument isn't that bulk electronic surveillance has been valuable for law enforcement. I don't think it is. I don't think most law enforcement agencies do either, because relative to the enormous amount of foreign SIGINT work the US does, it does virtually no evidence collection for domestic cases through dragnet surveillance.

My issue is that universal default unbreakable encryption doesn't just break dragnet surveillance, but also breaks discovery and evidence recovery done under a warrant in routine investigations. It is in fact hard to break dragnet surveillance without harming routine law enforcement, and I think people should be clearer about that tradeoff.

It also isn't my contention that harming routine investigations means that crypto should be backdoored. Despite what you said upthread, I'm going to hazard that I've done more work to help foil attempts to break crypto than you have. My bona fides here are established, no matter how you choose to misread my comments. It really bothers me when people erroneously suggest that I support crypto backdoors. It doesn't help that the first thing I wrote on this very thread said exactly that.

[dragonwriter]

> My issue is that universal default unbreakable encryption doesn't just break dragnet surveillance, but also breaks discovery and evidence recovery done under a warrant in routine investigations.

I don't think it affects discovery at all: discovery relies on turning over responsive materials, not breaking encryption.

Anytime evidence doesn't exist or is difficult to interpret because it hasn't been deliberately created in a form which is readily interpreted by uninvolved third parties, it can impair the utility of search and seizure warrants to collect evidence. But this is unavoidable, and compelling affairs to be conducted in a manner which provides the most convenience for law enforcement after-the-fact is simply untenable in pretty much every area of life (encryption is not special this way.)

In the case of data/communications, if an untrusted third party can access your data/communications without your consent, many untrusted third parties can. A ban on secure end-to-end encryption (whether it take the form of mandatory MitM/backdoors, restrictions on parties that can be endpoints in secure end-to-end links, or whatever other form) means exposing everyones data to many potential attackers, just so that law enforcement might have convenient access later.

The development of pervasive electronic communication and data storage/consumption technology means one of two things, either:

(1) people are far more exposed to both criminal exploitation and government abuse of power, but routine, rights-respecting law enforcement is not burdened and, in fact, somewhat eased, or

(2) people are able to do far more without additional vulnerability, and perhaps with a net less vulnerability, to various forms of criminal exploitation and government abuse, but routine, rights-respecting law enforcement is made more difficult.

And the former option requires curtailing substantially the freedom of speech in electronic media (or perhaps all media) in ways it never was curtailed in other media.

[Alupis]

I risk getting a little too "meta" here, but I feel it will be constructive for us all, and I hope it's ok this one time.

> Please stop doing this

Most of your responses to myself and others begin with a line similar to this. It's meta in itself, but also puts people a little off. We're debating things here, and we seem to disagree on some points... but that's OK since that's really what we're here for. You can't ask people to stop disagreeing with you, but if you feel strongly, you may choose not to respond.

> It really bothers me when people erroneously suggest that I support crypto backdoors.

You have stated this several times, and I do believe you. The problem here is that we're not (and the government's not) just discussing backdoors, but other means such as purposefully weakening encryption, outright bans, or other methods of subverting strong encryption. Stating you don't support backdoors is only one small component of what's at stake here. It's almost a level of misdirection or a half-statement to throw this in whenever someone attacks your argument. In addition - you have made good arguments which seem to illustrate the problems with having universal default unbreakable encryption. This leads one to believe you are in opposition of such.

> My issue is that universal default unbreakable encryption doesn't just break dragnet surveillance, but also breaks discovery and evidence recovery done under a warrant in routine investigations.

This is an example of one argument that seems to favor subverting strong encryption by some means. If you do not support universal default unbreakable encryption, then you must be against it on some level. If you're against it on some level, then the logical conclusion is you support one or many of the government suggested solutions, such as banning/backdooring/weakening. As mentioned, you do not support backdooring, but that leaves two other options that are being actively pursued by the government.

> I'm going to hazard that I've done more work to help foil attempts to break crypto than you have. My bona fides here are established

This is largely irrelevant information. I am aware of your background - however one's professional view is not always the same as one's personal view. Being a security professional and thoughts on encryption are not mutually exclusive.

> no matter how you choose to misread my comments

I think this issue isn't really a misread, but rather the half statements about backdooring. I probably didn't articulate that difference properly, but I submit you failed to do the same.

In any event, it seems we mostly agree on this subject really, although we both argue it differently.

[tptacek]

My meta argument is that we will all fare better in the policy debate to come if we are honest and careful about the opposing side's arguments. Our arguments should be honed to beat their best arguments, seen in their best possible light.

I'm not making half-statements about backdoors. There is no daylight that I can perceive between "backdoor" and "weakened encryption". When I say "universal default unbreakable crypto", that is exactly what I mean.

[schoen]

I think tptacek's views were already made pretty clear earlier in the thread and his meta point is something quite like

http://lesswrong.com/lw/gz/policy_debates_should_not_appear_...

It's fair to argue that he overstates the benefit of surveillance to law enforcement or that it wouldn't be bad if law enforcement got harder or more expensive in various ways or that it's unfortunate that law enforcement ever came to rely on electronic surveillance in the first place, but I think he made very clear that he did not support limits on encryption, which makes it kind of unfair to challenge him on that aspect. He has been saying that he wishes fellow opponents of crypto restrictions would be more sympathetic to the view that easy availability of crypto has some disadvantages to society, so maybe it would be more helpful to engage on that point. :-)