[jchw]

Indeed, E2EE will enable criminals to go undetected. And this is a real problem. However, it’s an arms race that will end with criminals having proper, strong E2EE anyways. Trying to reverse this is like trying to reverse entropy, the toothpaste does not go back into the tube. It may seem like it is still doable now, but I’d be willing to place bets that feeling will evaporate shortly.

Of course, criminals are ordinary people too. They care about convenience and network effects as much as anyone. Which is why I think it’s insane that governments want to jeopardize the trust people have in proprietary, huge E2EE platforms that actually have the means to aid them in investigations. Yes, breaking the crypto may not be an option, but at least collecting useful metadata for use in investigating, and potentially ethical hacking, is an option.

I fear the day when the trust is gone because there is a very real possibility that some day many will be using decentralized E2EE chats, maybe even P2P. It’s not just conjecture of course, Matrix exists today and is already very impressive (in my opinion) in terms of usability.

The internet is opening up the concept of having nearly private communication with pretty much any individual in the world. It isn’t free of implications, but also, as more of our lives move online I feel its absolutely crucial that every day people can feel confident they’re not being monitored. The problem of CSA and other criminal behavior existed before the internet and it will certainly exist after. It’s absolutely past time to re-evaluate laws surrounding child protection, which seem to me to mostly be reactionary at this point (in that many of them are spawned as a result of a specific incident.)

[javagram]

> Indeed, E2EE will enable criminals to go undetected. And this is a real problem. However, it’s an arms race that will end with criminals having proper, strong E2EE anyways.

Individual child abusers aren’t part of a monolithic organization with training on how to secure their comms and practice OpSec.

The number of criminals who still create evidence against themselves on unencrypted platforms (SMS, phone, etc) is significant, despite E2EE options already being available. People are even being arrested for rioting after admitting on public TikTok videos to participating.

I think the only way criminals will standardize on E2EE is if every platform and communication mechanism is E2EE by default. Otherwise they will continue to make mistakes or think they can slip under the radar.

[jchw]

> I think the only way criminals will standardize on E2EE is if every platform and communication mechanism is E2EE by default. Otherwise they will continue to make mistakes or think they can slip under the radar.

FWIW, I believe this is the future if lawmakers don’t prevent it. A look at some E2EE software today:

- WhatsApp

- Matrix

- Signal

- iMessage

- Firefox Send

- MEGA

- ...

The list will grow.

In my opinion, E2EE today is like TLS 10 years ago. TLS was once a nice-to-have when it came to communication that was not strictly necessary to encrypt. Today, TLS is more sophisticated, stronger, and easier to implement than ever, and damn near a necessity for anything, even toys.

Granted... E2EE is necessarily harder, since it requires application-level implementation of crypto primitives, things definitely get complicated. Still, I believe the state of the art will continue to improve and tooling with it. Eventually there will probably be defacto libraries and maybe even OS frameworks to deal with E2EE key management, trust, etc.

To be clear, I view this as strictly a good thing and an inevitability. I don’t think transport encryption and encryption-at-rest are good enough anymore for private communication. Of course for public sites like Twitter or Tiktok it’s all you would logically get, but for any group or direct communication I now believe E2EE is slowly becoming the new baseline, and it’s mostly the complexity of it that hampers adoption.

Now that iMessage and WhatsApp are E2EE though, there is a lot of messages flowing that, exploits notwithstanding, are “truly” private, today, and I think the number will only go up. The only real question in my mind is, who’s next?

As far as criminals making slip-ups, this is guaranteed; even the best make mistakes obviously. But assuming all criminals are foolish and stupid is a mistake; I believe there’s a lot of selection bias in there, since we don’t get to find out those who truly never get caught. Time will tell if any of this really matters, or, if, as usual, it’s just another panic that has no tangible effects. I vote on the latter, but I still do believe proliferation of E2EE will change the game in ways we can’t really anticipate 100%.

[baybal2]

> Indeed, E2EE will enable criminals to go undetected. And this is a real problem.

This is not the problem. The argument is hollow.

People need to take child protection laws out of political discourse, as it's now approaching silly.

[jchw]

If you think this strengthens the case against encryption laws, I suggest you rethink. There’s plenty of valid arguments against banning strong encryption and this isn’t one. You can’t simultaneously argue that E2EE keeps people’s conversations private to eavesdropping and then suggest that it doesn’t prevent eavesdropping for law enforcement purposes- at face value it does, and image hash databases to prevent the spread of known CSAM exist today; see, for example, Project Arachnid. And yes, law enforcement eavesdrops for law enforcement purposes. That’s why wiretap warrants exist. Whether its a good thing is another argument entirely, but it is indeed the status quo.

[suizi]

Wiretap is a misnomer. Undermines security.

Put plainly, there will always be crimes you won't be able to catch. You prioritise resources on the most pressing ones and build up resources in the real world to tackle them in other ways. Dystopian lists on the client to control what you're allowed to say or think or report your thoughts back to the government still violates the principle E2EE is built upon.

There is no middle-ground. You either are secure or you are not. The genie is out of the bottle either way.

[baybal2]

> There’s plenty of valid arguments against banning strong encryption

There are no valid arguments against encryption

> And yes, law enforcement eavesdrops for law enforcement purposes

Lawful eavesdropping is an oxymoron

[6AA4FD]

Do you think there is no situation where it can be lawful for a law enforcement agency to perform a wiretap?

[baybal2]

Yes

[6AA4FD]

Well this is probably not the case if you are an American. See US code title 18 section 2516 paragraph 1.