[michaelmior]

Yes, but this leaves the only way to identify this behavior as by reporting from a minor. I'm not saying I trust TikTok to only do good things with access to DMs, but I think it's a fair argument in this scenario to say that a platform has a better opportunity to protect minors if messages aren't encrypted.

I'm not saying no E2E messaging apps should exist, but maybe it doesn't need to for minors in social media apps. However, an alternative could be allowing the sharing of the encryption key with a parent so that there is the ability for someone to monitor messages.

[danlitt]

> I think it's a fair argument in this scenario to say that a platform has a better opportunity to protect minors if messages aren't encrypted

Would it be a fair argument to say the police have a better opportunity to prevent crimes if they can enter your house without a warrant? People are paranoid about this sort of thing not because they think law enforcement is more effective when it is constrained. But how easily crimes can be prosecuted is only one dimension of safety.

> However, an alternative could be allowing the sharing of the encryption key with a parent

Right, but this is worlds apart from "sharing the encryption key with a private company", is it not?

[michaelmior]

> Would it be a fair argument to say the police have a better opportunity to prevent crimes if they can enter your house without a warrant?

This is a false equivalency. I don't have to use TikTok DMs if I want E2EE. I don't have a choice about laws that allow the police to violate my rights. I'm not claiming that all E2EE apps should be banned.

> Right, but this is worlds apart from "sharing the encryption key with a private company", is it not?

Exactly why I suggested that as a possible alternative.

[danlitt]

> This is a false equivalency.

I'm not making an equivalency. I'm just trying to get you to think how something that is at surface level true is not necessarily a "fair argument".

> I don't have to use TikTok DMs if I want E2EE.

I don't know why you think this is a convincing argument. It is currently illegal to tap people's phone lines, but when phones were invented it obviously was not illegal. It became illegal in part because people had a reasonable expectation of privacy when using the phone. They also have a reasonable expectation of privacy when using TikTok DMs - that's why people call them "private messages" so often!

> Exactly why I suggested that as a possible alternative.

My point is that you are offering these as alternatives when they are profoundly different proposals. It is like me saying I am pro forced sterilization and then offering as an alternative "we could just only allow it when people ask for it". That's a completely different thing! Having autonomy over your online life as a family rather than necessarily as an individual is totally ok. Surrendering that autonomy is not.

[michaelmior]

> Surrendering that autonomy is not.

Then you can avoid using platforms that do not offer E2EE.

[InsomniacL]

> Would it be a fair argument to say the police have a better opportunity to prevent crimes if they can enter your house without a warrant?

Police can access your home with a warrant.

Police cannot access your E2EE DMs with a warrant.

[danlitt]

Not answering my question!

> Police cannot access your E2EE DMs with a warrant.

They can and do, regularly. What they can't do is prevent you from deleting your DMs if you know you're under investigation and likely to be caught. But refusing to give up encryption keys and supiciously empty chat histories with a valid warrant is very good evidence of a crime in itself.

They also can't prevent you from flushing drugs down the toilet, but somehow people are still convicted for drug-related crimes all the time. So - yes, obviously, the police could prosecute more crimes if we gave up this protection. That's how limitations on police power work.

[NoahZuniga]

> What they can't do is prevent you from deleting your DMs if you know you're under investigation and likely to be caught

If you are pretty confident your under investigation then this is might be Obstruction of Justice and that's pretty illegal.

[Tadpole9181]

> But refusing to give up encryption keys and supiciously empty chat histories with a valid warrant is very good evidence of a crime in itself.

Uh, it absolutely isn't? WTF dystopian idea is this?

[danlitt]

It certainly can be - destruction of evidence is a crime. If they can prove you destroyed evidence, even if they can't prove that the destroyed evidence incriminates you, that's criminal behaviour. For instance if it's known by some other means you have a conversation history with person X, but not whether that conversation history is incriminating, and then when your phone is searched the conversation history is completely missing, that is strong evidence of a crime.

[allreduce]

And they shouldn't be able to. Police accessing DMs is more like "listening to every conversation you ever had in your house (and outside)" than "entering your house".

[cucumber3732842]

>Police cannot access your E2EE DMs with a warrant.

Well the kind of can if they nab your cell phone or other device that has a valid access token.

I think it's kind of analogous to the police getting at one's safe. You might have removed the contents before they got there but that's your prerogative.

I think this results in acceptable tradeoffs.

[gzread]

Yes, that is a fair argument and most countries allow the use of surveillance cameras in public for this reason.

[danlitt]

in public is the operative word (and surveillance cameras in public are extremely recent and very controversial, so not as strong an argument as you might be thinking)

[EmbarrassedHelp]

> I'm not saying no E2E messaging apps should exist, but maybe it doesn't need to for minors in social media apps. However, an alternative could be allowing the sharing of the encryption key with a parent so that there is the ability for someone to monitor messages.

The problem with that idea, that you are implying E2E should require age verification. Everyone should have access to secure end to end encryption.

[michaelmior]

> The problem with that idea, that you are implying E2EE should require age verification.

I can understand why might draw that conclusion, but I would not personally support this.

[hogwasher]

Are you suggesting all messaged photos should be scanned, and potentially viewed by humans, in case it depicts a nude minor? Because no matter how you do that, that would result in false positives, and either unfair auto-bans and erroneous reports to law enforcement (so no human views the images), or human employees viewing other adults' consensual nudes that were meant to be private. Or it would result in adult employees viewing nudes sent from one minor to another minor, which would also be a major breach of those minors' privacy.

There is a program whereby police can generate hashes based on CSAM images, and then those hashes can be automatically compared against the hashes of uploaded photos on websites, so as to identify known CSAM images without any investigator having to actually view the CSAM and further infringe on the victim's privacy. But that only works vs. already known images, and can be done automatically whenever an image is uploaded, prior to encryption. The encryption doesn't prevent it.

Point being, disallowing encryption sacrifices a lot, while potentially not even being that useful for catching child abusers in practice.

I'm sure some offenders could be caught this way, but it would also cause so many problems itself.

[michaelmior]

> Are you suggesting all messaged photos should be scanned, and potentially viewed by humans, in case it depicts a nude minor?

No, I was not suggesting that.