I think it's pretty clear that unencrypted communication with law enforcement access allows for the discovery of individuals you'd never find via traditional means. Over the years, I've seen this argument brought up a number of times, but oddly seldom explicitly stated:

It seems like law enforcement wants to be able to use digital communication to discover criminals, and

privacy experts want law enforcement to rely on HUMINT, a traditional warrant, and physical access.

I believe the second method is far more just, but I seldom see anyone acknowledge that it's almost certainly less effective.

Does it need to be acknowledged? I consider it to be a priori knowledge.

The distinction is between targeted and untargeted surveillance.

Digital communication is so easy to monitor, particularly by a state-level actor, that if it's unencrypted, it's pretty much all being hoovered up by someone by definition.

That's not the case for physical security, even if everyone leaves their doors unlocked, their windows open, and their notes on the kitchen table; everyone is not automatically a suspect, so most people aren't being put under the microscope.

The government likely has the ability to know, instantly, within milliseconds, everything I've ever done on the Internet that's unencrypted.

By contrast, they will likely never see the contents of the love note on my kitchen table. Well, if that pinhole camera isn't there, anyway. ;)

All of the approaches applicable to physical communications apply to digital communications too.

It's just that the _additional_ level, which in the physical world would be equivalent to knowing the contents of all of the conversations/interactions that people are having in person, is something that people wish to fight against and prevent from becoming normalised.

> Does it need to be acknowledged? I consider it to be a priori knowledge.

I think you have a good point. The reason I'd like to see it acknowledged is because the two sides of the argument often talk past each other. Police power should not be unlimited, and it's clear that our constitution intended for the power of the state to be limited, with the intent of maximizing liberty.

However, for years people made the claim that the "liberty vs. security" argument was a false premise. ie, that ultimate liberty and ultimate security are both possible. I don't believe this is correct. (Broadly I think liberty is more important than security, but everyone has their set of exceptions to this rule) I might just be dating myself. People had this debate constantly in the years after 9/11. Maybe this argument is not getting made any longer?

In either case, I often hear these two sides talking past each other. I wish instead that both sides were more overt. Digital information can make police work more broad and effective, but we should treat it with quite a bit of cautious. We don't want police effectiveness to encroach on liberty in most cases.

> but oddly seldom explicitly stated

In democratic societies, law enforcement usually has no right to run "criminal discovery" processes like those. That's why they don't cite their intentions, because it's illegal (more often than not, a crime).

Notice that limits on crime policing are a very important factor on maintaining a democracy.

Which also explains why they keep trying to classify encryption as prohibited munitions, making users of it automatically criminal.

Is it less effective, though? From what I remember about successes e.g. against organized crime or other groups that operated partially or totally over the internet in the news over the last years, it was mostly the simple and dull ~~physical~~ police work that leveraged mistakes of operational security, but not an evaluation of minable data (even when learned in hindsight that it existed).

E.g. looking at the logs of relevant servers and waiting for someone to login without their VPN at some point.

Of course strong encryption and privacy protections makes surveillance less effective. The problem with mass surveillance is that it's very easy to abuse, and the abuse potential is very scary. The abuse potential is unacceptable. I'd rather get less effective surveillance.

Existing judicial system is calibrated for HUMINT. False accusations are costly, but rare.

Using digital communications to discover criminals can accidentally sweep in many more innocents, who would then have to hire lawyers and carry all kinds of other costs to defend themselves.

Not to mention, the court system in the US is already at capacity, even though the vast majority of cases are settled before reaching a decision. Sweeping in more cases resulting from a flood of new information won't make it any easier to defend oneself.

Then there are the unintended outcomes. What does the correctness look like for those found crimes based on bits from a sea of untapped information when Bayes theorum is applied to an entire populace? And if crimes are prosecuted before being verified using the real world investigation methods already in use?

Youtube generates several minutes of video per wall clock second. Now many of those videos are innocuous, but one must assume that occasionally someone uploads a video of a street fight or something more grotesque that is of interest to law enforcement or intelligence apparatuses.

That's public. You can analyze all of those. The NSA is free to pull them just as much as you and I.

And they don't as far as we can tell. Is it the cost of analyzing that much content? Is it that the NSA doesn't care? Is there something difficult about stripping audio off a video for keyword spotting?

Well I have a theory, and the theory is based off what little comes out of that side of the community. The theory is that the NSA can't meaningfully process the data it ingests. There's too much, it's too hard to query and they hit the same roadblocks of telling the difference between an actual crime and a videogame or fiction story.

So then we must ask, why do they want more? They have more data than they can analyze, why even bother ingesting more? It's not because it helps their mission, it's not because there's some value to it.

Well, why do we see, regular businesses fall into this trap? A billion points of analytics data that they can't make sense of. When I see it, it's because it's easier to blame a lack of data than to explain the difficulty of the problem. You can always say "Well I just don't have enough data" but it's much harder to explain that a bunch of crappy error-filled data isn't good for anything except wild goose chases. Adding more bad data doesn't improve the quality of your data, it just adds more of it.

I think it would feel pretty good to have a database of potentially incriminating evidence against a wide swath of the population that could be used if a person became a high-profile target. For example, if you're in one of those videos and then run for public office 10 years later you better hope the intelligence agencies like your positions and don't want to tank your chances.

So, no, they can't process all of it. But they can more easily trawl it for specific data they need. Especially 10 years from now.

It's a fine supposition, but these suppositions often get passed around as if they're true and self evident. The reality is you don't have distinct information about what the government is collecting. Instead, what you have is information about what's probably possible.

From that standpoint it makes sense to err on the side of caution, and assume it's all being collected. But, while this is an effective risk calculus, it's different from having access to the ground truth.

> And they don't as far as we can tell.

That's wishful thinking which you have no evidence for. But let's assume that you're correct - eventually they will have a way to analyse it en masse.

There are, then, two things we need to bear in mind:

- is the time horizon likely to be close enough that data currently collected will be relevant then - if we allow the collection now, will it be easy to roll back that collection later when the threat is on the horizon

The answer to both of those questions is yes. Similarly, we use high strength encryption now, even if we think 128-bit is fine, because in time it won't be.

The above is theoretical. The next bit isn't - they will _always_ be able to decide that agent A should look at video B from N years ago.

They can't do that for a letter on the hypothetical table, or a message stored with strong encryption that stands the test of time - it won't exist in N years.

> The above is theoretical. The next bit isn't - they will _always_ be able to decide that agent A should look at video B from N years ago.

Unless they didn't collect and store it, as the parent suggests.

Why in the world would the NSA care about a street fight?

I have the opposite opinion: it is trivial and inexpensive to create and store an indexed archive of text from speech in audio, and to run image recognition models on video and pictures. There's value in having that data archived, so that they can go back and go through it should whoever created the data become a target in the future.

However, I doubt the NSA would waste resources investigating a street fight, but I'm pretty sure the video would be mined of any valuable data that could be gleaned from it.

>So then we must ask, why do they want more?

How do you know they want more?

[edit] Or was this meant as a rhetorical? ie, "who would want more in this case?"

I cannot quite discern whether you intended it, but "law enforcement wants to be able to use digital communication to discover criminals" sounds quite ominous, even if someone has never read 1984.

That is primarily a problem even at the best of times that law enforcement wants to create criminals whenever it fits their fancy; Even more ominously, if police had any greater command of the voluminous criminal codes and the incentive structure is changed, they could basically be charging/locking up most people they ever come across for any number of arbitrary violations of convoluted laws.

Maybe it is being a bit anxious, but with the full on surveillance state unfolding right before our eyes where wrongthink has you "cancelled", we seem to be racing, headlong into something not all that different than what Orwell envisioned would be the consequences of self-righteously benevolent tyranny … for our own good, of course.

Without warrants, and thus probable cause, searches are highly discriminatory.

This is evidenced by stop-and-frisk, which was effective only in finding criminality among select individuals.

I think that's reductive. I agree that it causes control, and may even be motivated by control, but there's clearly a law enforcement incentive here.

I think the evidence disagrees. I mean I get the on the face justifications, which in Aspen Institute type circles revolves around the fall of the nation state as the threat actor and the move towards a reality where a single non-state actor can be a viable threat, but thats just the surface level justification that makes it palatable to the average person and policy maker.

I think we just have to look at the history of surveillance not just since 9/11 to understand this. Forest and trees and all that.

If someone is a high value target, LE needs a warrant to bug their homes and to listen to their conversation, which implies they should have some indication of a wrong doing after which a judge grants them a warrant. With digital communications being non encrypted, it could increasingly be used for just surveillance in the name of national security, and as a way of finding out who is indulging in a crime vs just getting more evidences to prove that someone has committed a crime.

If the same physical system were to work in a digital age, a company could share a special encryption key with LE for the collecting evidence part provided they get a legit warrant for that. Physical security was never perfect, but we aspired it to be as close to perfect as we could. Same applies to digital as well.

I can only break so many physical locks in an hour. My computer can break thousands digital ones at the same time

Operators must go to the premises and covertly install the equipment needed to monitor the target. This fact alone limits the scope of surveillance operations. Usually there's a lot more oversight.

Unencrypted communications will be intercepted by default with no warrant, no oversight, no limitations on its processing and on a world-wide scale.

"If people have a conversation in a pub or on a park bench, then law enforcement can surveil them individually or bug the venues in a targeted manner."

My home internet connection could have spies from 30 different countries all over it and I wont see anything. If I'm sat on a park bench then anyone with a Russian accent asking for directions to Salisbury Cathedral is going to stand out somewhat.

That's not how HUMINT works. Most likely an acquaintance, friend or co-worker would be the one that actually collects the information from you.

In this scenario the person on the park bench with you.

Do you really believe that Russian spies have Russian accent?

I don't, but it's amusing that this comment has a Russian accent.

If you watch enough English language spy movies you will know full well that a Russian spy has a Scottish accent. So do Russian submarine captains. Funnily enough a British spy and a Russian submarine captain were played by the same actor - Sean Connery. Russian spies are played by less posh Scots.

Hollywood and co. doesn't get out much or something.

The 256 bit encryption is no good when they zip tie you to a chair and cut off body parts until you give up the passphrase.

Precisely. This is about mass surveillance vs targeted surveillance, not obtaining evidence on known criminals.