[bwaldrep]

I don't think such an admission necessarily follows. It has always been possible for determined criminals to invest enough time and caution to make their communications prohibitively expensive to intercept. The vast majority do not do so. Everyone (criminals included!) have to make decisions about the tradeoffs in time, effort, and convenience they're willing to make for security. Changing the default level of security enabled out of the box on commercial devices changes that calculus. It's possible to simultaneously believe that the FBI should not surveil normal citizens all the time, criminals do have the ability to secure their communications to an arbitrary degree if they make the effort, and the default level of security your iPhone provides should be less than "requires nation-state level resources in order to comply with a lawful search warrant."

[jessaustin]

Let us stipulate that dumb (unsophisticated, foolish, intemperate, whatever) criminals exist. Is it now your argument that LEOs especially need help catching these dumb ones, who would actually be coordinating their criminal activities via cheapest-commercially-available non-burner smartphones with original ROMs? Are they just forgetting entirely the smart criminals who have hired someone to root their equipment? Know your limits, I suppose.

That's nonsense, of course. They'll continue to catch the dumb ones the way they always have: when the criminal screws up and a cop whose shift is still young just happens to be around. They'll continue to catch the smart criminals only very rarely, when someone with enough clout gets pissed off enough. They'll continue to "catch" innocents all day every day, only now they'll have more circumstantial "evidence" of the "this guy googled TVs last month; he was obviously trying to decide which TVs to steal" variety. This is why the Founders wrote the Fourth Amendment.

[tptacek]

Yes: I believe the overriding concern is that smartphone vendors have defaulted people who don't ever think about comsec to extremely strong comsec.

[jessaustin]

Sort of like automobile manufacturers, who with all their airbags and crumple zones have defaulted drivers who don't ever think about safety to extremely strong safety. It's really disheartening, to read security professionals hoping to deny security to regular people. I guess I'm somewhat mollified that you've stopped pretending this is about catching criminals.

[idlewords]

Some of the people getting this unbreakable security by default are really, really bad people, and we want the police to be able to catch them.

[jessaustin]

Oh yeah, what are their names? If these really really really bad people who can only be caught by ignoring 4A actually existed, one or more of them would have been prosecuted in the last decade. This is movie-plot threat analysis. Despite the ironclad logic to the contrary upthread, you cling to the idea that this is about catching criminals. Because you trust what the enforcement-industrial complex tells you about crime and the security of personal computing devices. Why is that? I can't imagine you'd believe what they tell you about crime and ideal incarceration rates...

[tptacek]

No, horrifying crimes are not movie plots, sorry. Some of the crimes we're talking about are issues virtually everyone on HN seems to care about (for instance: securities and banking fraud) and are already extremely difficult to prosecute without the kinds of evidence we're discussing.