While I know I'm just attracting downvotes, your points, in order:
1)
a: It's really not that hard to think of ways to solve backdoor problems with a mix of technical and social approaches. For example, having shared keys burned onto silicon, making physical access mandatory, and split between both the law enforcement and the company, so that both parties must knowingly engage.
b: Most software already practically backdoored already, and it's really not that big a deal. Microsoft can push whatever updates they want whenever they want. They already have the keys to the kingdom! Google doesn't store everything E2E encrypted. They also already have the keys to the kingdom! Things have mostly worked out regardless.
2) That a measure will be imperfect is not an argument that it will be ineffectual. In fact it's pretty obviously false; making abuse harder on mainstream platforms will make abuse less mainstream.
3) This is like arguing governments shouldn't be allowed to regulate weapons, because it would be hypocritical, given they own weapons themselves, and it might normalize other countries taking away their citizens' weapons, which might prevent them fighting back. That seems like an obviously bad argument.
4) Yes, your platform that makes oversight impossible is not compatible with regulations requiring oversight. That's not an accident, in either direction.
The idea later in the post seems not really honestly engaging with the topic, that it's not about ‘someone who believes birthday cake is undesirable’, but about networks which are systematically and in actuality doing things like trafficking children for sexual abuse, and that there is a moral imperative for governments to deal with this beyond just letting people choose not to engage.
1a - Because that worked out so well for HDMI? It'll be what, maybe 90 days before those "law enforcement keys" are public?
1b - If it's already backdoored then there is no need for such an act, the problem is already solved.
2 - It's ineffective for it's stated goal because the stated goal is not the real goal. The goal is to enable a continued abuse of power, one which is already ongoing, and one which produces no actionable results or meaningful outcomes. Five eyes & co is upset that they're losing some of their toys.
3 - Who says governments should be able to regulate weapons? Likewise these days, who is to say they meaningfully can?
4 - Sex trafficking existed prior to encryption. The government failed to stop it then. I strongly suspect that even if the government gets it's way and breaks encryption, sex trafficking will continue exactly at the same rate. Most sex traffickers are not technology ept, nor do they need to be - the track record for capturing them is atrocious. Epstein anyone?
This is a bad faith argument. "Protecting children" and "stopping terrorists" are the siren's song of every government overreach basically since the dawn of time and yet the government remains terrible at solving either problem. I don't think encryption is really the issue preventing those things from getting resolved. I do think encryption is very inconvenient for a very snoop heavy government.
Sex trafficking is a very difficult problem to address. Even if you were to shutdown an online network, someone could fly to a third world country to personally do it, and there are always going to be takers lining up.
People in third world countries are poor, and may be desperate. A purely technical solution is not going to address this. Rather, we need ways to lift people out of poverty, and improve their standard of living. No one should ever have to live like that to survive.
I don't know if it is possible to stop child pornography (anyone anywhere in the world can create it and anyone anywhere can view it), but it should be able to reduce the amount of sex abuse in the world, if the government were to pursue prevention initiatives to stop it where ever possible.
> Because that worked out so well for HDMI? It'll be what, maybe 90 days before those "law enforcement keys" are public?
This is a completely different context to having one copy (or a small number) of said low-bandwidth silicon held exclusively by an agency vested in keeping it exclusive, plus another copy held by the company themselves, such that both copies would need to be broken for security to be weakened.
> If it's already backdoored then there is no need for such an act, the problem is already solved.
Seriously? Microsoft having the ability to install a keylogger on any random person's machine is not the solution to finding networks of criminal activity.
> [government bad]
I'll debate the technicals but I'm not going to argue politics here.
I'm going to start naming a few major government security breaches:
+ TSA keys
+ OPM (all of it)
+ NSA's hacking tools
Were these incredible skilled sidechannel attacks? Movie esque infiltrations?
+ TSA accidentally published the keys
+ OPM was a master password from a contractor who was bribed for about the cost of an ipad
+ NSA hacking tools was.. an email trojan? A CD walked?
Do you really trust these people with anything?
Putting a backdoor into encryption is less secure than a random Microsoft employee backdooring me. At least I know it's Microsoft who will be doing the backdoor...
This isn't politics, this is history. This is not the first time, nor the last time we've seen these moves. We know 5 eyes have had major incidents of internal abuse because we have their own documentation on it - and we have their own documentation that they decided to do nothing about it.
It requires external oversight for any organization to truly follow compliance, otherwise the incentives to cheat the system are overbearing. If they won't take us at our word, why would we take them at theirs?
> Putting a backdoor into encryption is less secure than a random Microsoft employee backdooring me. At least I know it's Microsoft who will be doing the backdoor...
My point isn't about how much you trust Microsoft, but that Microsoft has keys, which are more easily stolen and in many regards more valuable than the scheme I gave.
> TSA keys
Not remotely comparable. These were never designed to be secure in the sense we're talking here.
> OPM (all of it)
> NSA's hacking tools
Hence the scheme I gave, which isn't vulnerable in the same way.
Basically all your arguments have been proved false in a short amount of time. Agencies could not name a single case where mass surveillance helped. And don't kid yourself, if you have a master key to encryption, it is mass surveillance you try to implement and it will be used as such.
We had security agencies that had the info but didn't act in case of Vienna. Encryption wasn't the issue here, this is an incontinent case of saving face at best, a deliberate attack against civil rights at worst.
> These were never designed to be secure in the sense we're talking here
Encryption today is a protection against access for a limited amount of time. It is an intrinsic rule about every encryption algorithm. It is fundamental property and widely known.
This kind of comment is exactly why I'm avoiding the politics side of things. I don't want to subject myself to this sort of bad faith jabbing, as much as it comes with the topic.
It was not meant as a jab, and certainly not bad faith. I'm just telling you that your comment was of exactly the same character. Either refrain from making a political comment yourself or have it be responded to.
Making a political comment but then trying to shut down discussion of it by stating that you will not participate in political discussions is a double standard, though perhaps you were unaware that you were doing it.
I never said people couldn't respond to them. I said I wasn't going to debate it. Saying “so you admit defeat” (or the many, many variations) whenever someone exits a heated part of a debate is a textbook jab, and has no place in honest conversation.
I think what prompted me to react was mostly your `[government bad]` blurb. It felt like you got to state your political position and caricaturise the political position of the responder while avoiding further discussion. That felt wrong.
> but about networks which are systematically and in actuality doing things like trafficking children for sexual abuse
The state must declare the child to be the most precious treasure of the people. As long as the government is perceived as working for the benefit of the children, the people will happily endure almost any curtailment of liberty and almost any deprivation. --Adolf Hitler
It's also a morally horrific line of argument. Like saying you shouldn't care about shooting civilians because bad people in the past have used human shields as a war tactic.
These are not imagined people being hurt, spun out of whole cloth.
It is a legitimate known translation, not a misquote from the Ralph Manheim translation of Mein Kampf (ISBN 0395078016 / year 1943), page 403. Other translations have similar wording on the page, although not in such a nice succint sentence.
Manheim was known to have gone into great effort to create an exact English equivalent of Hitler's work for Mein Kampf.
> It's also a morally horrific line of argument. Like saying you shouldn't care about shooting civilians because bad people in the past have used human shields as a war tactic.
The point of the quote is to show there are no limits curtailing liberties, not an absolute we shouldn't bother. The attempt to spin the quote into something else, probably because, you wish to "protect the children" is proving the point.
> The point of the quote is to show there are no limits curtailing liberties, not an absolute we shouldn't bother. The attempt to spin the quote into something else, probably because, you wish to "protect the children" is proving the point.
This is not even remotely how you used it. My argument is one where there are obvious checks and balances, where government power is clearly and significantly limited, and little is left exclusively to government trust.
Yet because I mentioned that there are actual people being actually raped, I get Godwin's Law'd. Not because I advocated for Chinese style state control. Not because I took away liberties that most people even care about, given most people are perfectly happy using Google services. But because I dared mention that real people are suffering.
This happens every time on HN, no matter how moderate my position. Anything even remotely compromising the Bottom Line (universal perfect cryptographic security) is Hitler.
1)
a: It's really not that hard to think of ways to solve backdoor problems with a mix of technical and social approaches. For example, having shared keys burned onto silicon, making physical access mandatory, and split between both the law enforcement and the company, so that both parties must knowingly engage.
b: Most software already practically backdoored already, and it's really not that big a deal. Microsoft can push whatever updates they want whenever they want. They already have the keys to the kingdom! Google doesn't store everything E2E encrypted. They also already have the keys to the kingdom! Things have mostly worked out regardless.
2) That a measure will be imperfect is not an argument that it will be ineffectual. In fact it's pretty obviously false; making abuse harder on mainstream platforms will make abuse less mainstream.
3) This is like arguing governments shouldn't be allowed to regulate weapons, because it would be hypocritical, given they own weapons themselves, and it might normalize other countries taking away their citizens' weapons, which might prevent them fighting back. That seems like an obviously bad argument.
4) Yes, your platform that makes oversight impossible is not compatible with regulations requiring oversight. That's not an accident, in either direction.
The idea later in the post seems not really honestly engaging with the topic, that it's not about ‘someone who believes birthday cake is undesirable’, but about networks which are systematically and in actuality doing things like trafficking children for sexual abuse, and that there is a moral imperative for governments to deal with this beyond just letting people choose not to engage.