[dropoutcoder]

(Fully expecting this comment to be destroyed.)

If you give E2EE to the masses, then the endpoints will need to remain vulnerable by design, or LE/IC won't be able to do their jobs fighting criminals.

If the endpoints are designed to be as free of vulnerabilities as possible (which isn't the case anyway - consumer phones and computers are still Mickey Mouse by design), and provide E2EE at scale, criminals will be able to operate with impunity at scale. This isn't a desirable solution.

I'd rather see a trend towards locking down endpoints, but allowing Exceptional Access for communications at scale. Allow the math to exist (code for encrypted comms can exist on GitHub, for instance) but disallow it to be distributed at scale (walled garden App Stores, large Social Networks for instance). Reduce the (growth of) entropy.

Guns aren't sold via the App Store, and Signal shouldn't be given to the masses.

The community here seems more or less unified in the belief that essentially unbreakable E2EE at scale, distributed by GOOGLE, FACEBOOK, and APPLE, is always a good idea. I don't agree with this at all.

Few people in this neck of the woods are willing to argue the counterpoint - the risks of E2EE at scale.

Somewhat related: I'd personally rather see a move towards better cooperation between social network service providers, internet service providers, government agencies, and device manufacturers. Apple, for instance, won't get involved at all if your device is hacked. Rather, it would be nice to see a trend towards designing devices to have automatic cooperation between the various parties to both prevent and investigate hacks.

[imgabe]

> criminals will be able to operate with impunity at scale.

This isn't even remotely true. At some point criminals have to go actually commit crimes that leave a detectable impact in the real world. That is where they can be caught. There is no need to surveil the communication of everyone on the plant just to catch the small minority of people who commit crimes. The cost is not remotely worth the benefit.

[dropoutcoder]

The U.S. Securities and Exchange Commission would disagree with you, just as one example.

[imgabe]

They would disagree that the cost outweighs the benefit?

Of course, they are not the ones bearing the cost of having their privacy invaded despite doing nothing wrong. I'm talking about the cost/benefit to society as a whole, not one particular actor. We don't need to rearrange all of society to make life convenient for the SEC or any other single agency.

I'm sure it would also be convenient for law enforcement if they could conduct warrentless searches and detain suspects indefinitely without access to counsel, but you know there's a reason we don't allow that.

[harry8]

That argument kind of died when we found out we were being surveilled on mass, with all our communications being kept to be used against us at any point in a Stasi fantasy.

You can't claim trust when you've shown yourself to be totally and utterly untrustworthy.

Moreover if the public servants can get your communications so can organised crime.

Law enforcement can do their job without it. Because they've abused it so thoroughly they're going to have to.

[dropoutcoder]

Improving on the design of Exceptional Access systems isn't just about math, nor about considering the problems of key escrow. Rather, it's about considering how to reduce the risks for the issues you've raised.

Fighting on principle is fine, but if the laws are changed to require exceptional access for these systems, it would behoove everyone to work towards a better compromise. Otherwise, your concerns will remain.

[harry8]

No.

Don't do deals with the dishonest. Ever. The end.

[pdonis]

> If you give E2EE to the masses, then the endpoints will need to remain vulnerable by design, or LE/IC won't be able to do their jobs fighting criminals.

I don't buy this argument. Law enforcement still has plenty of other ways of going after criminals. All the E2EE in the world won't stop an informant from turning over decrypted versions of communications to the cops. In fact, E2EE makes that evidence more valuable since it's harder for the person at the other end to claim they didn't send it when they're the only one with that private key.

[dropoutcoder]

Rephrased, LE/IC will have a more difficult time fighting crime, not that they won't be able to fight crime at all.

[pdonis]

> LE/IC will have a more difficult time fighting crime

I'm not even sure that's true. LE/IC will have to rely more on different methods of fighting crime, but it's not at all clear that those methods are less effective than snooping on everyone's communications. Snooping on everyone's communications sounds easy until you realize how tiny the signal to noise ratio is--that is, if you're actually trying to find real criminals instead of just finding reasons to mess with more people in general.

[nullc]

Hey, I looked at some of your other comments and your profile.

I'm sure you're not posting here wanting to pathologize you, but you really seem like you're having a hard time. I doubt my comment will help, but if I were ever in your shoes I'd want someone to at least try...

The idea there is a bright line between sane and not sane is a fallacy. Instead, all our beliefs about the world are approximations-- at best. We make up some line and say beliefs that are consistent enough with observations are sane and others aren't but the position of that line is largely arbritary. Some of these approximations are more helpful than others, some create feedback that can make us less healthy and happy then we could otherwise be even in the same situation.

It seems to me that you have found yourself surrounded by beliefs which make your life more difficult and you're having trouble escaping from them.

You can get help for your problems and you will be happier for it, almost certainly. I really hope you do.

[dropoutcoder]

It's unclear why you've chosen to respond to my comment about my personal situation (which I'm not hiding at all), but I suspect you're trying to conflate something about my credibility with my argument. If that's the case, please stop. In fact, I'd rather you not bring up off topic issues in response to my comment.

We likely have orthogonal life experiences, and I'm simply trying to share my experiences and views. I'd like to stay on topic in doing so for a particular comment. Thanks.

[nullc]

Sorry that I came off that way.

I don't agree with your argument, but I think that disagreement is really entirely unimportant compared to your personal challenges. You're entitled to your views.

HN doesn't have a mechanism for private messages, or I would have addressed you that way.

To the extent that I would want any public effect from my comment being here it would only be to remind other people that you're a human being and should be treated with a modicum of kindness. ... unlike that rude commenters who called you a FBI shill. :)

[RonanTheGrey]

On your way out, so burn it down as you go?

I think even you know the problems with the argument you're making. The problem with power is, it's only good for two things:

1. Using it 2. Using it to get more of it

And its mere existence will make humans do both of those things.

The only solution is not to have it. A weak government is by design, not an accident or an unfortunate side effect. Nothing in the US constitution (or any decently democratic constitution) makes or should make LE's job easy. Why? Because they'll use that power to get more power. That's what humans do.