That's a significantly better explanation, and they're really between a rock and a hard place.
They get to pick between headlines like the current one, and claims that they support child porn rings (he isn't saying it explicitly, but everything I saw looks like that is the problem they're trying to fight).
I think it's perfectly reasonable to have multiple reasons for doing something. Making money and deterring malicious users are both valid reasons. Some forums have paid fees for the purpose of deterring unwanted users (MetaFilter, Something Awful, Bitcoin Wiki in the past), so it's certainly a strategy with a precedent.
Yes, you can have as many reasons as you want, but the more you list them off to the public, the more time you have to spend defending them individually.. was the point that I was making.
There is a damn good reason why good PR people often refuse to comment. People remember stupid responses, but forget that “Zoom declined to comment to this article” very quickly.
The whole CSAM thing is terrible because it provides a great excuse for surveillance at any turn. Even though it's a tiny minority of people participating in the abuse because it is so bad people are willing to give up their own privacy for it.
There are other ways to track these criminals and we should be using those. We know they are smart enough to stop using Zoom once its no longer encrypted. Meanwhile normal people will be left holding the bag of surveillance.
A few bad apples, right? And it’s technologists and privacy advocates that are shielding their behavior.
I don’t think this argument really holds but I think it’s funny how quick we are to downplay our own “bad apples” and say that encryption is more important.
No one is defending child sex offenders. Just find another way to catch them that doesn't involve invading private conversations. It's the first step down a really bad path that you only have to look once at China to see the results of.
No obviously not, but you are creating a system that allows them to operate and shields them from being discovered. And if we're going to turn the political tide on E2EE from being the thing the "bad people" use to "the standard for private communications" then we have to have a better answer to this.
You don't win any political battles by being the preferred tool for child molesters and then telling the gov't to pound sand when they come asking for help finding them.
E2EE plus the client looks up images from the NCVIP database and refuses to send/receive messages would at least be something.
If the FBI comes knocking looking for access to a particular user's messages then have a system that kicks that user off the network until they agree to add the FBI's key into all their chats for a specified time. Make it a bright-line visible action to the user being monitored. You have PFS right, so they can't see old messages, and once the FBI's access is revoked you can prove that all your chats are private again.
This wont work because real child sex offenders would never give the key to the FBI. The reason I don't provide a solution is because there isn't a good compromise. However you slice it normal people will end up getting their communications monitored while the real bad actors will be one step ahead. You also can't effectively ban e2e encryption because there will always be a new software that pops up to do it. The end result is always normal people get surveiled and the real criminals are still shielded. That is why I'm saying it's a red herring. They will not be any closer to catching these people by opening up one app to surveillance. Maybe they catch one or two lazy ones but then it will dry up real quick.
If as a layman I had to guess another way to catch them it would be to go to the source. Follow cases of missing children. Investigate reported child abuse. Once you have caught one of them you are free seize their computer and use it to honey pot all their contacts, with e2e encryption so the contacts believe it's person you just caught.
Right! The point isn’t to ban E2EE it’s the design your chat system in such a way that it’s less effort for the worst actors to go somewhere else and pay lip service to the FBI. I don’t think any of these would actually solve the problem. Just that we might have a popular E2EE chat service that could survive the political fight.
But it's okay if you're passively shielding abusers? I mean that's the crux of the argument here. "Sure, we're the preferred tool for child abusers and sex trafficking but a few bad actors don't invalidate the need for private communications" is an argument I would accept as a technologist but doesn't seem to fly with the public. It doesn't mean that E2EE is DoA it just means that you can't just throw up your hands and say that doing something is impossible.
Have the client check the FBI's CP database and refuse to send pictures that match. Sure it's open source and abusers could recompile it but they wont. In the same way that blocking the default curl useragent stops 99% of spam at my company. Would be attackers could change it, but they don't.
They get to pick between headlines like the current one, and claims that they support child porn rings (he isn't saying it explicitly, but everything I saw looks like that is the problem they're trying to fight).