[vinceyuan]

If I have to choose one from end-to-end encryption and security, I will choose security. I don't mind my WhatsApp chats are scanned by police's software, if it can reduce terrorism. Of course, we need to make sure it is used for anti-terrorism only.

Update: One solution of 'make sure' is the source code of the monitoring software must be reviewed by independent and trusted software engineers/experts.

PS. Downvoting my post doesn't solve any problem. If you have any better idea, welcome to post it out. Thanks

[ktta]

> Of course, we need to make sure it is used for anti-terrorism only.

See that's the problem everyone is talking about. The thing, is, turns out you can't. That's was the ENTIRE point of the Snowden revelations.

No sane person is okay with terrorism, but at what point are you going to stop relinquishing your rights?

First, texts with Whatsapp. Then your phone calls. Then your bags and notes when you go through airport security. Then bugs in your house. All of these will help curb terrorism. But where will you stop? Will you lose all your private life in the name of law?

[vinceyuan]

One solution in my mind is the source code of the monitoring software must be reviewed by independent and trusted software engineers/experts.

[effie]

... and everybody who uses a different software not approved by state will be flagged as a criminal. This will make the job of police and spooks easier, we know there was order and security in East Germany or other countries of the Soviet block.

Now consider the cost of such 'solution'. Free speech gets redefined, most of the people get divided into informants,opportunists, naive state suckers and silent fragmented opposition. Is that kind of security and police state an acceptable cost? For preventing small number of violent deaths each year?

There are much bigger problems in Western societies than a bunch of lunatics killing small number of people, but those can't be used so easily to make a power grab.

[AsyncAwait]

How do you ensure that what was the reviewed source is what is actually being used? Also, how do you encode in source code who is the correct target to use this against, for now and in the future?

[ktta]

That's a perfect solution actually. But sadly, we aren't there just yet. There are nuances with these things that software can't (yet) pickup.

So humans have to do it till then. We were maybe born too early. But I think it makes things interesting.

That means there are still problems for you and me to solve.

[natch]

Actually it's a horrible non-solution.

Assuming these experts are perfect and infallible (a bad assumption), then what does it prove?

That only an authorized government agent can have access?

Can you not think of any problem with that whatsoever?

[ktta]

I actually didn't suggest a complete solution. You seem to judge the proposition without any further questions.

I said the monitoring software having access to the data was a solution. But you're probably thinking of a case where there is a master encryption key which we just hand to the government. But have you thought of a solution where we can be sure of the access that the software will have?

Something like a infallible way we can choose only the software can view the data. Sure, you're quick to dismiss it because it doesn't exist. That's why I said it didn't exist

There needn't be centralized way of communication you're thinking of now. It can be public software that people can choose to run.

> Assuming these experts are perfect and infallible

Well, you can have the same skepticism for the end-to-end encrypted software you use. How can you assume that it isn't broken?

[natch]

>I actually didn't suggest a complete solution.

Nobody is saying you did. You yourself said "that is a perfect solution actually" in response to vinceyuan, who had a one-liner comment about "the source code of the monitoring software must be reviewed by independent and trusted software engineers/experts."

Maybe we are interpreting this in different ways.

How do you envision this "solution" working? It is a bit vaguely specified.

Who is doing the monitoring? What or who is being monitored? For example are we talking about monitoring the authorities to see if their access is done properly? Or are we talking about something / someone monitoring communications, on behalf of the authorities? Not sure what you had in mind. Can you explain how what you called "perfect" might work, were it to be developed at some point in the future?

I'll say up front that I'm skeptical, but let's see if we are even talking about the same thing. As long as you're being super vague, you don't have a solution at all.

And if you're just saying: there's no solution now but maybe one can be developed, fine (I believe you're wrong) but please clarify how you think it might work.

[tankenmate]

Freedom and openness comes at a cost; this applies just as much to individuals as it does to countries. So then the ends of the spectrum are "I can take anything that comes at me, let the chips fall where they may"; and "Mummy make the bad man go away".

Unfortunately maths doesn't work that way, there is not much in the way of a spectrum when it comes to encryption, there is a very steep cliff from secure to insecure.

So then you are faced with a very stark contrast; the security afforded by a surveillance state, or freedom with the possibility of terrorism. Personally I prefer the latter.

The trick is there is no spoon, just like there is no control; only influence.

[natch]

The better idea is to achieve security by encouraging people of different cultures to get along with each other. So, don't give free housing and support to people who fight against harmony and promote anger.

Two questions for you.

>One solution of 'make sure' is the source code of the monitoring software must be reviewed by independent and trusted software engineers/experts.

What does that help with? (Because trusted expert aren't perfect, right?)

And second question, what if the police and government are evil, then how does your plan help?

[GordonS]

> if it can reduce terrorism It can't. If these supposed hoards of terrorists have half a brain cell between them, they'd simply communicate using something else.

> Of course, we need to make sure it is used for anti-terrorism only Hah, not likely in the UK - if sweeping powers exist, there will be a creeping escalation of their use by different government bodies, and for purposes not related to terrorism.

[andai]

How are you going to make sure?