In bulk, as opposed to targeted spying - you can send an agent to hide behind the bushes, or plant a microphone, or infiltrate a group. Which was possible for a long time before computers or electronics (minus the microphone example), but it's not possible to do it at scale - you can spy on a few hundred people this way, but not on a few million.
In fact those techniques have even gotten substantially better with technology. It is fairly easy to create a laser microphone that can pick up sound on the other side of glass. There are even devices that can do it through solid walls, but sensitivity is vastly different between these. These are huge advantages though because you don't need to get close to the target.
We have telephoto lenses and a 50 megapixel camera is only $4k. Imaging has gotten both substantially cheaper and substantially better.
We also now have IMSI-catchers that can easily be deployed. Which makes wire tapping much easier.
By all accounts everything that could be done in the past can be done substantially better and for much cheaper while having a lower risk of an operative being caught by trying to place the spying device (since we can increase the distance). Which also means the term bulk has changed.
I'm sure reading encrypted message would make their job easier too. But I'd need to see some hard data on how effective advancements in other areas have enabled catching terrorists, because I highly doubt they have.
Also, backdoors seem self sabotaging. If you have operatives in another country don't you want them to have easy access to encrypted communication lines? If only spies use SuperSecretCommunicationApp then that's pretty easy to trace. I've understand this to be the whole reason for releasing Tor to the public. Gives a lot of cover. Besides the fact that your enemies are also going to get ahold of any backdoor created.
Targeted spying is limited by manpower, not by technology.
If undercover agents can work mostly from the comfort of their home or office because they operate online, they might be able to spend time on other activities, but not to infiltrate two organizations at once.
If some speech recognition AI finds interesting bits in conversations so that the same analyst is ten times faster at examining wiretapping output, it doesn't mean catching terrorists ten times faster.
Listening to wiretaps is only a small part of the work and Amdahl's law applies; moreover more data and better data analysis tools tend to improve quality, not to reduce effort (in this case, it becomes affordable to snoop on ten times as many people).
> they might be able to spend time on other activities, but not to infiltrate two organizations at once.
This kinda contradicts itself. Maybe the answer isn't 2x but like 1.3x or something. But that's all my point. That it makes it easier.
No one is saying that it's a linear or exponential relationship. I'm sure everyone here would expect the effectiveness to be sublinear.
The problem though is that the number of people being snooped on isn't 10x. Not even 1kx. More like 1e6x. With that much more snooping if we aren't getting terrorists 10x faster (which let's be real, that's poor gain), I don't know how this is even remotely justifiable (maybe a good argument could be made at 1000x catch rate, but that's leaving out moral questions).
If you're going to talk about Amdahl, let's talk about Pareto. We know that catch rate is going to have a logarithmic catch rate compared to energy spent. Most terrorists will be easy to catch. The last 0.001% will take a ton of resources to catch. This is a key part to Amdahl's. You don't just throw more and more resources at the problem. You don't gain at a certain point and are wasting resources. If we're spending all that money, time, and sacrificing all that freedom just to scrape the bottom of the barrel, then I'd argue that this isn't a good use of resources. That's the issue at hand here. Amdahl's Law is the issue. People don't care about targeted surveillance. People care about mass surveillance that doesn't meaningfully improve the catch rate. It's a waste of money and an over reach in control.
But again, if you can show me data to suggest that the catch rate is much better then I'm open to changing my mind. But I'm highly skeptical that this is the case, because it doesn't match the intuition of the above principles.
What about asking companies to voluntarily limit their encryption to bit depths that are crackable with huge resources, but to avoid anything stronger than that? Then you don't even need a backdoor.
This means government can't do it in bulk, and it would out of the reach of an ordinary individual, but it would still be possible.
They don't need backdoors for targeted spying - they can plant hardware bugs or hidden cameras to watch the target type in messages and passwords. So the only reason they'd want them is to use them on scales where targeted spying is infeasible.
How will people know it's not done in bulk? The only thing that the public sees is the client binary. A client binary with a backdoor looks the same whether the backdoor is used one time in a million or thousand times, or a million times. The companies might publish reports on how often they got asked to access the backdoor but they might be compelled to lie or even be hacked and not notice it, or they might even use the backdoor themselves to extract more revenue.
When surveillance is being rolled out, it's always just about a few single cases here and there. And then gradually, silently, the number increases.
The pretext of the meeting (and others like it) notwithstanding, it's not unfair to say that strong encryption renders communication to a state closer to the pre-digital era in terms of the amount of work required to perform individual surveillance. I think that was the point deogeo was making, and it seems like a sound one to me.
This is the line the Australian anti-encryption bill that past last year was trying to walk with its "no systemic backdoors" clause.
The idea/claim was that the bill only allowed targeted spying, and systemic/bulk spying, so it's okay. But that's really only only a small part of it.