[josephg]

Sure; but it raises the bar for criminals. Ie, it makes being an effective criminal require more knowledge and more work. And that makes a huge difference in practice. How many criminals actually have good enough opsec to change the license plates on their car? I bet it’s well under 20%. And I know that an 80% solution kills me as an engineer, but I bet law enforcement sees an 80% solution as a massive win.

Us technologists should know how much this stuff matters from the huge effect good design has on product adoption. (Or dark patterns on user behaviour). This is the same effect in action - changing defaults changes the behaviour of the majority.

Another example: People say that “if you make guns illegal only criminals will have guns”. Yet here in Australia very few crimes are committed using firearms. This is the same effect in action. (I’m not arguing for gun control - just that these laws have an effect)

And with that in mind, I think the reason why we’re finally seeing a big push from the 5 eyes is because finally, finally one of the big chat platforms (WhatsApp) has rolled out end to end encryption. That lowered the bar far enough that privacy from the government is becoming the default.

One implication of this way of thinking is that it changes where the battle lines are. To win, the government doesn’t need to make end to end encryption impossible. They just need to make end to end encryption a bit difficult and non-obvious. Doing that will probably push the % of criminals who use proper encryption back into single digit percentages. After all, if you can research and understand the implications of application and messaging security, you can probably make a better living working at an IT desk somewhere than you can from stealing cars. Law enforcement would probably see that as a huge win, even if all us techies can keep sideloading Signal or whatever.

Personally I don’t consider that good enough - I want a society where everyone has privacy. Not just those who have opted in to it.

[bloak]

I think a lot of petty criminals are driving vehicles which are not correctly registered. (I've heard about cases in which a cyclist has been hit by a white van, gone to the police with the van's number plate and been told: Oh, they don't seem to have registered themselves properly. Since no one's been killed we can't be bothered to investigate any further.) So a lot of this computer-based, large-scale surveillance is more effective against law-abiding political activists than it is against ordinary criminals, who drive second-hand white vans and pay for everything with cash.

From your last paragraph, I think we basically agree.

[ben_w]

> After all, if you can research and understand the implications of application and messaging security, you can probably make a better living working at an IT desk somewhere than you can from stealing cars

I doubt that. I think the main thing keeping cars safe from the 1% or so who don’t care about the law or ethics of theft is that it’s almost impossible to get away with it. Those with the relevant skill and the willingness to be criminals probably just take an easier approach, like card skimming.

This belief is based on how much second hand cars are worth and therefore how few cars a thief would need to steal each month for a very big salary.

[bloak]

I think you can get away with it, if you know what you're doing, but a stolen car is worth a lot less than the same car sold second-hand legitimately. Probably you either have to sell it to someone who knows it's stolen, knows not to take it anywhere near a legitimate service centre, and is prepared to forfeit it if stopped by the police, or you break it up and sell the parts, or you have a way of smuggling it out of the country to somewhere where they don't care about where cars came from.

[josephg]

Right; and this was my point in the first place. The police don't have to make it impossible to get away with stealing a car. They just need to make it difficult and awkward. Thats still enough to massively disincentivized car theft - which in turn has resulted in far fewer cars being stolen.

Likewise if they ban end-to-end encrypted chat apps from the app stores, I bet that would decimate the number of people who used them. Even if anyone could just get an android phone and sideload signal, in practice adoption would still fall low enough to make law enforcement happy. Even amongst criminals.