> why can't we strive for a similar system on the virtual world as well

because any crime in the virtual world can be uncovered by good police work. nobody has perfect operational security, including the government. so the solution to law enforcement is hard work by the law enforcers.

consider: prior to electronic communication, all private discussions were perfectly encrypted, because if you weren't there, you didn't hear what was happening. And society continued to function.

You simply can't trust the government to respect boundaries that they created but have the ability to breach, especially when it can be done completely surreptitiously.

We need to learn the lessons of Snowden, and fight tooth and nail to prevent anything less that complete, unfettered access to private communications by human beings. Anything that falls short of that will eventually be complete, unfettered surveillance, because there is no metastable equilibrium point in the middle.

consider: prior to the internet, /all/ telephone conversations could be monitored by the government. And society continued to function.

The controls on surveillance are not technical, they are political. The technology was the same, yet the Stasi listened to every call they could; other governments did not.

Fix the politics, because it /will/ win in the end. Learn the lessons of Germany and China.

No, they could not monitor all conversations. They could only listen to as many calls as they had agents to listen to them. It was not possible for them to listen to everyone at once, nor could they use this as means of discovery. They had to suspect someone in the first place in order to decide to expend the human resources to listen to their calls.

This is fundamentally different from modern technology where they can have a computer listen to every single call, pick out whatever keywords they're looking for, and flag it for later review. Technology now makes it possible for them to truly listen to everyone at once. This is why end-to-end encryption is necessary for everyone.

Politics is not going to solve this problem. A lot of what America's police and intelligence agencies do is already illegal. They don't care. They're going to do anything they can with the technology.

If you can't fix the politics it's _not going to matter_. The politics will just make the technology illegal. That's what's happening in China.

It's a weirdly blinkered concept to say "America's agencies already do illegal things and their politics is broken but what will save us is American corporations deploying technology".

(The "we need universal E2E to protect our freedoms even if there are downsides" is not, in logical form, a million miles different from 'we need guns everywhere to protect us from the government and damn the negative consequences of having guns everywhere', frankly)

What if we fix the politics and forget about the technology, then the politics later become broken again? We won't be able to take back those private unencrypted conversations that could be used to retroactively incriminate us.

I actually believe that technologies such as strong encryption are creating important checks and balances that make our democracy stronger. They are not subverting it like you are implying.

>The "we need universal E2E to protect our freedoms even if there are downsides" is not, in logical form, a million miles different from 'we need guns everywhere to protect us from the government and damn the negative consequences of having guns everywhere', frankly

I agree, and I agree with both of those. Giving up freedom/privacy for safety is almost always a losing bet.

The actual trade-off is giving up safety to gain the illusion of freedom.

With guns, the state will always outgun you. So the gun-riddled society sees children in its schools murdered staggeringly often, while its (supposedly free) citizens are tear-gassed with impunity by a state for nothing more than a photo opportunity.

That was not a winning bet for that society.

It's similar with E2E. It can't protect you from the government, because the protection is illusory – it protects just you so long as the state wants it to. When it no longer wants it to, it makes it illegal. Administrations are already heading in this direction.

Meanwhile E2E enables a number of proven harms, from lynchings to child abuse. Is that a worthwhile trade-off just for the protections it gives from corporate or illegal privacy invasion? Would it lose all of those benefits if legitimate law enforcement were allowed access? There is at least a debate to be had, there.

I see it as the exact opposite: giving up freedom for the illusion of safety. Using the tear gassed protesters as an example, when there have been protests where a large number of protesters were openly carrying firearms, nobody gets tear gassed. Neither the cops nor the protesters get remotely violent.

The people with the guns aren't attending the current protests, and you can see how that has worked out.

You can't do physical harm with encryption (unless you want to count superficial burns acquired from touching a Bitcoin-mining GPU), though. The presence of guns is a necessary and pretty much sufficient condition for certain classes of physical harm, which in the eyes of many _does_ make or qualitatively different.

One of the defences Facebook uses when confronted with WhatsApp-orchestrated lynchings in India is that e2e encryption means it can't know what people are talking about or help police track the source of the messages.

https://www.wired.com/story/how-whatsapp-fuels-fake-news-and...

Your point? If those lynchings had been orchestrated by people meeting up in person instead, nobody could know what people are talking about or help police track the source of the messages either.

In either case, to actually lynch someone, you still need to go there physically and actually do the deed. WhatsApp chats don't kill; dudes with weapons do.

The point is the scale. Law enforcement was scaled and equipped to meet the challenge of in-person lynch mob formation. In-person meetings are risky, finding like-minded people can be a challenge, etc.

Encrypted comms gives a huge asymmetric scale benefit to those who have these crimes committed. What it hasn't scaled is the ability of law enforcement to respond. And that's a choice, one which is open to criticism.

>No, they could not monitor all conversations. They could only listen to as many calls as they had agents to listen to them. It was not possible for them to listen to everyone at once, nor could they use this as means of discovery. They had to suspect someone in the first place in order to decide to expend the human resources to listen to their calls.

I think you're taking this a bit too lightly. As a side topic, I am surprised to what extent state surveillance was a thing here in the telephone era.

The secret police had about 50k full-time agents, 600k double-agents and about 400k-500k informants. From a population of 18 mil, that's about 1 in 18. Consider an usual family. You have a brother or a sister, two parents, 4 aunts or uncles and 4 grandfathers. Odds were in favor of one of them being at least an informant.

For your community? There definitely was an informant or double agent among them. Just knowing that the threat is there has a massive effect in how people communicate and bond with each other, effects that can still be felt to this day.

You're saying this was in America? Sounds more like Cuba or former soviet states.

You are correct. This is in a former soviet state.

We can work on fixing politics AND fix technology. We don’t have to choose between them.

What stopped the Stasi until politics was technology. And I think the encryption used helped to bring about the political change. If the Stasi had what Zoom is offering then perhaps the wall wouldn’t have fallen for 10,20,30 more years.

Consider: prior to the telephone, to monitor a conversation government had to actually send people to where the conversation happened, and that meant that they could barely monitor any conversations - and yet society continued to function.

The government still can send people to watch people use their phones or computers. On the other hand, it seems hard to dispute that all our most efficient examples of totalitarian states are post-telephone.

> You simply can't trust the government to respect boundaries that they created but have the ability to breach, especially when it can be done completely surreptitiously.

No, but in a functioning democracy we can vote them out. Democratic governments by definition have an large concentration of power, otherwise they can't fulfill their functions.

But this is bound by laws, time, and the ballot box. Surreptitious (warrantless) government surveillance should absolutely be illegal. Searches with a legal warrant (through an accountable, non-abusive, warrant granting judicial system) are absolutely necessary to gather evidence for prosecution of crimes to take place. Without trustworthy investigation and prosecution of crimes, the social contract will fail, and this has already started happening in many areas, as we are seeing in a way right now

However, this goes both ways - the populace should get far more transparency into the functioning of the criminal legal system - especially in to the training and conduct of physical law enforcement (police officers).

I think your analogy fails in many ways.

In the real world one will notice law-enforcement breaking into their ranch, in the virtual world, they won't (and comparing growing marijuana to voice/video over Zoom is wrong).

In the real world law-enforcement wouldn't have access to the complete history of a conversation, in the virtual world they would. Even to anything in the past which is irrelevant to the topic.

The events in the real world are ofthen ephemeral, we don't expect our friendly conversation to last forever, in the virtual world, however, they can be recorded and stored forever.

Basically you should compare spying/wire-tapping in the real world vs. spying/wire-tapping in the virtual world.

I think there is a debate here that we need to have, as a society.

But I think that broader society are not going to understand the technical issues, and are going to be swayed by overly-emotional appeals to "think of the children" and similar.

Therefore I think that we, as engineers - the people who will be asked to implement the results of any such debate, need to have this debate ourselves so we can take responsibility for our actions.

I can see both sides of this debate.

There is a legitimate need in society to gather evidence to discover the guilt or innocence of accused criminals. We cannot have a system of justice that assumes innocence until proven guilty but provides no method for gathering incriminating evidence.

There is also a legitimate basic human right to privacy. We must not be subject to constant surveillance by the state.

We have to find a middle path between the two extremes.

> Given this, why can't we strive for a similar system on the virtual world as well?

Because there is no technical solution that allows something similar, such a solution

1. Must be exclusive to use by lawful authorities, a criminal cannot get a search warrant 2. Must have some reasonable per-instance cost to prevent overreaching

1 is very hard in a tech space if even possible, backdoors can always be used by other parties.

But even if 1 is possible, by the nature of digital surveillance it is very cheap and relatively easy to do mostly secretly, leading to things like NSA literally inspecting all internet traffic.

Yes, theoretically you could the seconds this if it is the overwhelming political will, but it isn't, and the general public doesn't care.

So in the end it's better to encrypt everything

You make a good point, but finally encryption is just a tool. The virtual and the physical spaces are both domains, whose different nature offers different tools at their disposal. I don't think you can protect anything in the physical domain with the same certainty and mathematical elegance that's available to digital files, but if there were I wouldn't be opposed to it.

Imagine if there were a safe that couldn't be opened by anyone but the owner without destroying its contents. Would you be opposed to that? What if the design mechanism of this safe were as easy to implement as the encryption protocols are? Yes, one day some expert safe-cracker might break it. And in the even farther future the advent of "quantum safecracking" would perhaps make the safe as secure as a luggage lock. In the meantime the police would have to resort to their traditional methods.

Unfortunately all kinds of damning evidence have been lost to time. Fire is older than paper.

I beg to differ at some point.

In physical world two people are talking.

If police has suspicion that they are commiting a crime it can request a warrant to install listening device and only then they can listen.

In Zoom like scenarios any third party (like technological companies using law as excuse) can listen without warrant (and they will say something like "no one is listening" as training AI is not considered "someone")

As such communications should be encrypted with asymetrical cryptography where only warrant giver can decrypt them (not warrant giver giving the private key to law enforcement, but decrypting the symetrical per session key and give that to the law enforcement). And this goes as phones too.

And quite frankly I dont care if police with warrant is listening to my conversations. I dont want to any company listen to them as they are not doint it for law enforcement but for profitting on my data (quite possibly against my interest) and this is something completely different.

This is the scenario where technology gives people MORE privacy, prevents police illegal wiretaps (without warrent giver consent), prevents technology provider wiretaps and on the other side still allows legal wiretapping based on warrent-giver.

But interesting, no one has any interest doing it, guess why?

Do you see a fundamental difference between Zoom and telephone companies here? Or do you think how we've handled telephony over the past century has been a clear failure? If the latter, do you think most people would agree?

I dont really care for telephone companies as heads would roll if they would dare to intercept my phone calls without court order. We had one case just 2 weeks back where one of mobile phone/internet installed some security "firewall" that was doing mitm on https, they are now under investigation and under consideration of criminal persecution. They had system in place for less then 1 week. I am protected regarding those by laws.

So to answer your question, telephone companies are a failure in USA (wild west and lawlessness), in my country they need to obey laws. Corporations doesnt obey any laws outside their country (which they select based on inneficient laws) and need to be harshly regulated.

My personally favorite would be legislation that would mandate e2e encryption that must not be backdoored by anyone else except law enforcement getting warrent but private keys are staying under judge supervision without possibility to give it away (in pkcs#12 manner) and can be only used to decrypt communication when he presses the big red button. Quite frankly you want to be able to wiretap organized crime.

So open source solutions should be banned? I should not be allowed to use or create a program that allows me to talk with e2e encryption? Finding someone in possession of undisclosed keys should be a crime?

Care to see what happens then? Check China. They are implementing this very thing. For the children, I suppose.

Those are not simple debates and you are just taking them as black and white and then offer one solution (e2e) and making huge issues on the other side (organized crime, corrupted politians (If I understand you correctly, you are most worried about them - China?). The "think of the children" and "terrorists" are the least problematic topics here).

The judge only access prevents mass data gathering of law enforcement agencies and three letter agencies (at least in my country). And enable control of further institutions. Secret and hidden backdoors (Crypto AG, Dual_EC_DRBG,...) or corporations bribed by government deals are the worse solution here as it doesnt prevent the access to the data to either corporations or secred agencies while it might hold away law enforcement or also not. And surely enables mass data gathering from all without any supervision or control. What the real issue here is that no one is mentioning any court orders. Everyone would just want to have access to everything. Now THAT IS an issue.

I was talking about legal entities operating in same manner as telcos were. Also in real world you can invent your own one time pad encoded speaking and no one will understand you even if they wiretap the communication. And actually mafia historically has been using slang to cover up the communication. Same as you can do it in open source.

Anyway, do you communicate over the "secret encryted communication channel" covered with rag, to prevent recording your lips, recording with laser measuring shaking of window glass, you face muscles, IR recording and probably next 100 methods I am not even aware of. As this are the issue you also have with warrant being issued. Guess not. So the police looks like is not an issue for you (or warrant).

Then the three letter agencies, except for "warrant" methods they will use rubber hose cryptography to break you and any of your e2e communication and actually you might wish they would be able to read from your communication without contacting you in person. So e2e doesnt change anything for you here either.

I refuse to handle open source solutions that you install on your server to use them in same manner as corporation entities that use their solutions to wiretap the communications of everyone so they can earn more money from informations they gather.

And I also think that "encrypted Apple" phones (and everyone else doing any business with government) and the whole FBI story is just a sharade to bait people that are hiding something in ecosystem where the can simply access the information by agencies that CAN issue gag order. The whole story surely looks like counter-espionage operation from 1970. Time will tell if I am right.

It's not black and white. And I am not offering e2e as THE solution to privacy and freedom, but as a part of it and an important metric of whether a solution is actually working right. Just because encryption does not protect me from EVERYTHING, like physical surveillance, that does not mean we should abandon it - THAT is black and white thinking.

Having the law being able to access encrypted communications at any time will trample at the examples I brought up, which are examples that came up with zero effort, no matter what you try to put into your proposed solution - if the goal is to prevent crime, and there are available solutions out there that allow for e2e communication, the goal does not stand. You can't have a corporation banned from e2e, but allow any random dude spin up a secure communication platform without any keys compromised - what are you even banning then.

It amazes me that "corrupt politicians" is shrugged off just like that, while corrupt officials of any kind is exactly what everyone need defenses against with ANY means. In China, they are in the process of legislating exactly what you propose - no private encryption key to be withheld from the law, and yes, you did not misunderstand, it's at the scale this implies, total control and ability to observe over all traffic and restive data at any time - even forgetting all that is happening now, that leaves little unattended by law there.

Now, what, China is a "bad example"? An "exception"? I'd say this attitude coming from governments is the norm around most the world. Where people are at real risk from what say say over the net.

Out of all such countries, let's take China. Do you believe China should reverse its course and allow encrypted communication for its citizens? Based on your words and thoughts, I say you would answer "no". It's doing exactly what you propose after all - now, the only tiny step to totally suit your proposal is to use their powers for "good"! Right? And they indeed using it for good, according to their own legislation.

Because, if you nonetheless said "yes, China should allow e2e in favour of its citizen's rights", you would in essence be saying that "Freedom loving Western countries" should give the law total access to any information (they will always do it only when needed, of course!), but the same countries should pressure "totalitarian regiments" to maintain their citizens rights including encryption. That's contradictory, at least by thinking about it only for a bit.

There's a correlation between these things. Any power given is sure to be abused. If that is not prevented and pushed back, it will not stop but worsen. Trying to find a formula to give absolute power and restrict it at the same time is just fooling around, it's the core assumptions that matter. Unless you really think that some governments are somehow immune to becoming corrupt ant totalitarian when meeting no resistance - their people must be saints indeed! - in which case, I am sorry to say, but I can only chuckle.

Read what my proposal was and stop beating the strawman (i wont attribute this to malice as you clearly havent read any of it).

With my proposal law enforcement can access to the unencrypted data far less that they can do it now (under the rag) and when they access they are under scrutiny of judges while it prevents corporations accessing it.

Maybe do take time to think about what country is, what government is and to who it serves, what corporation is and to who it serve, maybe ask yourself what the law enforcement is and who does it serve, if you dare go into further, what if there would be no law enforcement? Do you have the muscless for that?

Or chuckle mindlessly on. I think your whole statement is demanding advantages in system where someone else takes care for you to allow you to not think about dissadvantages.

> As an illustration, if we get reasonable evidence suggesting that someone is growing marijuana in their ranch, we can get a warrant and go inside. There's not too much the owner can do to stop it. However a perfectly encrypted iphone cannot be broken into, no matter if the entire world agrees that there's evidence of crime in it.

These examples are talking about a different thing, we should be careful to not mix them up since the arguments for and against can be different.

The discussion prior to your comment was about protecting data in transit (end-to-end encryption); both your examples are about data at rest (full disk encryption).

With encrypted data in transit, not only can it be broken into by intercepting at the endpoints (in the case of video or audio calls, even through the physical world by pointing a camera and a microphone at the user's device), but also the end result of an end-to-end encrypted connection is much closer to a physical world private conversation (can be "broken into" only by intercepting the endpoints, that is, pointing a camera and a microphone at the persons involved).

With encrypted data at rest, the best physical analogy is a diary written in code; even if the whole world agrees that it contains evidence of embezzling, it cannot be decoded without the help of its owner's mind.

> In the physical world, however

With regards to security analysis the only difference between the physical world and digital word is proximity (hops) between agents, or evidence, in a conversation and convenience of access. Software developers tend to think purely in terms of controls and exploits, which is a tiny subset of security. Even conversations in the physical world can be encrypted, for example if two people are speaking Pashto I would have no idea what is said. If it isn’t recorded for later translation it’s encrypted forever.

Those few distinctions are important from a legal perspective where agents of digital concerns are more likely operating across political boundaries at any given moment.

> There's not too much the owner can do to stop it.

They can make available fail safes to store the evidence in a physical safe with tamper proof mechanics. Breaking such a safe would destroy the contained contents in the process much like attempting to break an iPhone with supposedly perfect encryption.

Since you are talking about surveillance another common misconception I have noticed many software developers make is equating the terms: security, privacy, anonymity which are all distinct. Privacy and anonymity are both aspects of confidentiality but privacy is concerned with hiding the contents of a message where anonymity is concerned with hiding the agents of the message. Those two do not overlap. Confidentiality is one of three aspects of security, though from a legal perspective privacy is available in many contexts without application of security controls.

I don't think that any of the surveillance powers that the state is demanding with respect to electronics actually map that neatly to what was possible before electronics emerged. We're talking about conversations rather than physical effects, and it's not like you could obtain a warrant to retroactively obtain the contents of a conversation a marijuana dealer had with his client yesterday: once the vibrations were gone from the air, that data has been erased irretrievably. To listen in on the conversation you actually had to go there, which naturally forces you to be judicious with your surveillance powers by virtue of limited resources, whereas the electronic version scales indefinitely. On the other hand, as long as the people who are of interest to law enforcement still exist in meatspace themselves, everything that used to be possible is still possible: just as you could obtain a warrant to bug someone's room to listen in on a conversation, you can obtain a warrant to bug someone's room to observe their phone (or bug the phone itself, with physical access! Maybe that would be one rationale to finally force Apple to make its phones "repairable" by individuals :)).

You mean Zoom employees will present a warrant ?

> As an illustration, if we get reasonable evidence suggesting that someone is growing marijuana in their ranch, we can get a warrant and go inside. There's not too much the owner can do to stop it. However a perfectly encrypted iphone cannot be broken into, no matter if the entire world agrees that there's evidence of crime in it.

Is that a terrible thing? It's not like they are hiding guns in their iphone. While there could be evidence in there, at some point there is physical evidence in the real world. Just making it easier to convict them is not a solid argument for weakening protections for everyone.

I think this argument makes me more sympathetic to law enforcement’s desire than any other I’ve heard.

I can really flip my brain around and see how this desire for non encrypted communication to be the standard could come from a good place.

That said, I still come back to my default stance: crimes need to be exist outside of the private communication, to be a crime. At least under US law, where it’s very hard for just pure communication alone to be a crime.

So go investigate whatever it is that is an actual crime and causing actual harm. Making communication not private has tremendous potential chilling effects on actual thought, because people think by talking!

> Given this, why can't we strive for a similar system on the virtual world as well?

1. Encryption is an indispensable part of pretty much everyone's life. I can't imagine there's many people in our society that go more than a few days without using it.

2. If encryption can be broken by the police, it can be broken by other actors. Full stop.

2.1. It is been shown impossible for our government to keep a secret like a master key.

2.2. Math

If zoom doesn't encrypt, bad actors will use (or build) another app, that does. All they are doing is giving a free peek for Chinese or Russian spies.

Maybe they need weaker encryption for the masses who pay nothing, like DES