What are your arguments in favor of end-to-end encryption?

Politicians propose to forbid all buildings from having doors. After all "bad people/stuff etc." could lock the doors and hide behind them. Anyone arguing against that is obviously against safety.

Counterpoints:

- Do we currently have a big door problem?

- Wait, don't doors also serve an important function?

- Won't that make everybody much more insecure and basically do nothing against "bad stuff"?

- What if I put a wooden plank in front of the hole in my building? Wouldn't that be a "door"? Making doors illegal is not going to stop people from making "doors".

Now, people like to spin this analogy further and revise their proposal and say "Fine, keep your doors, but I get a spare key for every door made".

Problems with this:

- Yes, you and everyone in your office can grab the spare key and steal all my stuff (see TSA locks and basically any time in history that was tried).

- Remember the wooden plank above? That guy will not give you a spare key and can still hide "bad stuff".

- Fine, we will just use magical (blockchain) keys that nobody can steal and not make things insecure, but have an officer visit and inspect every room you have every 5 minutes. You have nothing to hide, do you?

I support it 100%, because I have everything to hide as my life is mine and doesn't belong to anyone else, including governments or improbable divinities. If for some people in power this mean I'm either a murderer, a rapist, a drug dealer, a pedophile, a terrorist, or whatever, they're free to spend taxpayers money to find out how wrong their assumptions were, then get voted out of their seats. Anyone using the "if you have nothing to hide" argument is just pushing you into relinquishing your privacy rights to gain power over you. Just try asking them their own passwords and hear the very predictable reply.

Intelligence does exist for the purpose of catching people doing nasty things even when they do it behind the curtain. Making curtains illegal would be the obvious stupid response which would harm everyone. Nobody ever said that democracy is either free or easy; a bunch more criminals at large sometimes somewhere is a price we have to pay to have billions of people, including us, enjoying what remains of their freedom.

Just to avoid the most predictable counter argument: I'd keep defending this principle even in case one of those criminals would exterminate my entire family.

> how do you respond when someone brings up concerns of E2EE platforms being used for child sexual abuse imagery or terrorism?

These are only a tiny part of uses of encryption. Ask anyone if he would like to have his bank transfers, or his credit card credentials in plain text. End to end encryption allows the whole internet to act as a commerce platform.

Encryption allows journalists and activists in strict, controlled regimes to let facts out. It allows an abuse victim to safely expose the abuser. It allows at a broader spectrum to maintain secrecy when secrecy is the only way a subject has to distantiate himself from harm.

Disabling end to end encryption requires an implicit good faith on those who look at our communications, and the history is full of abuse from those figures.

Because encryption is math and knowledge. Banning it will only stop legitimate users while bad actors can still just go ahead and encrypt their stuff.

If politicians consider leaving everybody vulnerable to catch criminals, this is a incredibly high price to pay. I’d argue that the price is so high that even with evidence that this would help catch criminals we should still consider not doing it. However there is no evidence for that and my argument above explains why criminals would still be able to encrypt.

We should really stop implementing any security legislation without checking whether it actually achieves the stated goals.

* If it's really about few really bad crimes, then nothing needs to change. In addition to the traditional methods, Governments already have ways to hack a few people. It's just that the more people they hack the more likely it is that the hack gets discovered and they want to spy on the masses.

* We leak tons of metadata. Even with encryption it will be available to governments and gives them tons of ways to pin down people. Eg. in some cases police used location information of cell phones to create a list of suspects. A lot of that metadata is very hard to avoid so it's likely going to stay.

* You don't just protect yourself from the government, but also the provider. Recently a report surfaced about a yahoo employee searching his colleauge's yahoo accounts for naked pictures.

* Providers can also get hacked. If the data is in encrypted form at the provider, the hackers would have to issue an update of the client which is usually harder than "just" hacking some servers. Those hackers can even be foreign governments.

* Safe deletion gets much harder when you have to worry about data on your provider as well. There were stories about providers not deleting data that users explicitly wanted to be deleted. There's also the problem of safe hardware decomissioning. Although most big shops are handling this problem more professionally than most individuals who just run format on their laptop's hdd and then offer it on ebay, you still have to take them by their word and rely that they do their job well.

Just because someone can abuse a thing doesn't make the thing bad, it makes the person who commits the abuse bad. We don't ban cars to fight drunk driving and we shouldn't eliminate the spirit of the 4th Amendment to go after child pornographers, terrorists, money launderers and drug dealers. Even with E2E encrypted communications the fact that user A is communicating with user B, when, and for how long is knowable, and that metadata alone can be sufficient to get the warrants necessary to effect legal, invasive searches without disturbing the rights of everyone else.

The only antidote is an emotional connection with history and the reality of oppresion around the world today. No one who feels like they "have nothing to hide" can be convinced of the value of privacy until they have made an emotional connection with the oppressed and see themselves as potential victims.

Anything these people think of as "normal" activities has at one point or another been made illegal by a government, but without 1. Knowledge of specific cases 2. An emotional connection to those who suffered / are suffering and 3. A willingness to go beyond the fantasy of perpetual personal exceptionalism there can be no appreciation of the value of privacy over law, or privacy weighed against inevitable concomitant harms.

Governments have a long history of doing bad things (e.g. hundreds of millions killed in the last 100 years by USSR/China/Germany but many lesser offenses such as the war on drugs in the US). You often don't get to roll back government powers as a government becomes more corrupt or authoritarian; so once you're in, you're in. Thus; even if giving people privacy allows some crime, it is probably not as bad as all the good that comes from not enabling an authoritarian regime by giving up all your privacy.

An argument I saw recently that I liked:

“Because a citizenry’s freedoms are interdependent, to surrender your own privacy is really to surrender everyone’s. Saying that you don’t need or want privacy because you have nothing to hide is to assume that no-one should have or could have to hide anything.”

So while I'm not currently rebelling against my government, I'm sure as hell glad the protestors in Hong Kong can get their hands on E2E encrypted chat.

For me I think we will really get to a world where thought is augmented digitally in addition to just communication. My thoughts and my communications are private and just because it is possible to monitor them doesn’t mean it should. Mostly deontological as it’s wrong to invade privacy, but also utilitarian as to allow creativity and construction privacy is essential.

So I look at this through a lens of what would be allowed on my thoughts and speech. Would it be ok to read everyone’s mind to prevent a terrorist act? No because the damage caused is greater than the damage prevented. Not to mention it would most likely be used to charge for IP infraction or speeding tickets or some other banal infraction.

Compare it to an envelope in the regular mail. How would they feel if every post office along the way opened their mail, made a photocopy, and put it back in a new envelope before passing it on?

Because that's the way things currently are with e.g. Facebook Messenger, Gmail, etc.

E2E is when your envelopes are only opened by their final recipient.

Encryption is math. Can we really make a form of math illegal?

I feel privacy is a basic human right regardless of what country you live in.

I’m not fan of punishing the majority because of a screwed up minority.

People who commit illegal acts as horrible as child abuse and terrorism are not going to respect the law when it comes to encryption.

Again, you can’t stop people from doing math. The idea of making it illegal is silly.

I think one of the simplest arguments is that criminals who need privacy will move to their own platforms. Any law that weakens encryption only weakens the privacy of regular citizens.

People make a variant of this argument about guns, but there is an important distinction with encryption: encryption is purely defensive, doesn't escalate situations, and doesn't accidentally (or otherwise) kill anyone.

This framing makes it abundantly clear that any law against encryption is about one thing only: Spying on law abiding citizens.

Those who would give up essential Liberty

For a little temporary Safety

Deserve neither Liberty nor Safety

Edit: Also, when you "think of the children" you have to think not only of their immediate safety but to think of their future ability to freely and safely converse with their peers, no matter what the current government deems "acceptable".

The security and safety of almost everything relies on strong, uncompromised encryption.

There’s no way to reasonably draw, much less enforce, a line dividing licit and illicit uses.

If you compromise some subset of messages, illicit uses will just move to a non-compromised technology.

So instead of drawing a line, which is impossible (and also comes down to human judgements about things like whether gay people should be killed) the only choice left, if you insist on being able to decrypt messages, is to legislate the ability to decrypt all of them.

First of all, good luck enforcing that; second, in so doing you will sweep in a lot of legitimate uses of encryption and make people and businesses less safe by endangering their finances, their privacy, and even their physical safety.

Because once you give governments the ability to read messages even assuming key escrow entities can protect the integrity of the system (unlikely) this ability will be abused by bad governments who have records of inflicting human rights abuse on citizens for “crimes” as minor as being gay, being trans, or saying the wrong words about god.

And in addition to being accessed by the bad people in government and the bad people drawn like flies to honey to work in the key escrow organization, the escrow keys will get out and be abused by more bad people which will be an entire other level of problems.

Not sure if this outweighs concerns with E2EE, but governments unfairly discriminate against people with reasonable viewpoints I.e. government isn't perfect. So people with contrarian views should have a way to express views/organize. Historically governments couldn't watch what people were saying/doing at all times and E2EE allows that to continue in a digital world.

I always recall that statement Eric Schmidt once made about if you've got nothing to hide, you've got nothing to fear. It's not about fear of having my messages read, it's that you shouldn't have the right to read them. I guess at the end of the day, regardless of anyone else's behavior, I don't want my private communications being readable by outside parties. Should everyone be forced to wear a microphone and video camera so their private face-to-face communications can be monitored by a "trusted authority"? Of the volume of communications going back and forth constantly, I doubt "sexual abuse imagery or terrorism" combined makes up less than 0.01% of messages.

If respecting individuals privacy makes law enforcement more difficult, so be it. I'm sorry you have your work cut out for you.

You cannot remove your personal data once it is released (except via a time machine...) and your government and state can use this information for political motives that are as questionable as child sexual abuse and terrorism. In particular, you can never discard the rise of terrorist states.

Bruce Schneier articulated the backdoor problem best:

‘We can design beautiful locks but we can’t keep the master key safe’.

If we can’t keep other nations from stealing the nuclear bomb plans, how do we expect to keep the master spy key safe?

Encryption is just math. You can't outlaw it. If you do, I'll choose (or make) another chat app that uses the same widely known and secure crypto. If you try to pressure Apple to remove any secure chat from their app store, all you do is make the tiny number of people who still need security use jalbroken phones.

So my argument is: because it's a war that can't be won. The criminals will use secure communication regardless. All we can do is decide on whether we also want to make everyone elses communicastion insecure.

Law enforcement simply have to adjust to a reality where eavesdropping on communication is difficult or impossible.

Crime is a people problem which needs a people solution — officers on the beat, detectives securing convictions, courts bringing justice.

The fight against E2E is a political red herring to win votes. Politicians abrogate their responsibility to uphold law and order by playing with emotions instead. The current news cycle is absolutely symptomatic of that.

It’s a positive message: funding real police work instead can actually solve important crimes, if you recruit and train them. Let’s focus on that instead of a digital dragnet. I’d rather have real detectives on the streets cracking people trafficking gangs, than a database cluster.

The short answer: "None of your god damn business", which is the point.

The only counterpoint to end-to-end is "we want to be able to access your private conversations", which isn't really a counterpoint unless you agree with spying on citizens and would like to also allow the government to come into your house and place listening devices as they please, listen to your phone calls whenever they please, open up your mail whenever they please, so on. Hell, actually require you to wear a device at all times so all conversations can be recorded. No, just no.

There are already existing E2EE encryption services (Telegram, Signal, etc). Those engaged in illegal activities would switch or continue to use those if you degrade the security of other services.

You don't stop child abusers etc. They move to a different platform and you make everyone else less safe.

You can't tell criminals not to use confidentiality, they won't listen, but if you deny lawful people to use confidentiality, you effectively punish lawful people and not criminals.

How about the 4th amendment? Or even the principle of it if you aren’t in the US. No other argument is needed. If you argue against this you seriously need to re-evaluate your motives.

Ridiculous question.

You can kill someone with a hammer or a chair. Doesn’t mean we shouldn’t have them.

My main reason to use end-to-end encryption is to protect people whose life might depend on it: Journalists and their sources, activists etc.

If everyone uses encryption by default, those people can not that easily be picked out from the sea of information and targeted in other ways.

Funny how the same people who argue that "you can't ban guns, bad people will get guns anyway" are now in favor of banning encryption.

Pre-telephone, almost all real time conversations were not available to law enforcement. That is the historical default. There was a brief time where phone and internet conversations were easily accessible to law enforcement. With the implementation of reasonable privacy provisions that is no longer the case and things have returned to the normal state of affairs.

Just as E2EE can be used for crime, channels without E2EE can also be utilized for crime - mostly for blackmail, and especially if it gets compromised.

Even if you trust all actors involved in non-E2EE communication channel you can never assume that:

* This channel won't be compromised(hacking, wiretapping etc)

* That all actors involved(ISP, VPN host) will always stay trustworthy

Latter part is also related to laws - if you cannot prove that law cannot be abused by a bad actor then it shouldn't be a law.

Also banning encryption won't change the fact that it will be used. Criminals will still use it to hide their action, plus there is always steganography.

Also one of basic rules of law is "Innocent until proven guilty", banning E2EE basically reverses that.

I love the "nothing to fear, nothing to hide" argument, just reverse it and instead of applying to general populace - apply it to government as whole. Rules should work both ways - if citizens have nothing to fear if they have nothing to hide, the same should apply to all politicians and all government agencies.

The most compelling reason I've heard, yet one I rarely use due to its complexity is about unrecoverable government capture. It goes like this:

In the past, governments could be overthrown by internal revolutionaries or external forces.

In the near future, governments will be able to surveil and anticipate their citizenry so as to make revolution impossible. They will do this because governments (political parties) have a self-preservation instinct. And with nuclear weapons in play, external overthrow is increasingly suicidal (excepting small countries).

Furthermore, that internal surveillance department can be turned on the government staff itself, leaving a small group of (unelected) officials with power over the rest of the government. Eventually one of them will gain the upper hand.

That means there could come a point of stasis, where governments become unassailably entrenched that humankind is stuck in a local maximum with whatever governments existed then.

Let's hope our current dictator for life is beneficent.

> how do you respond when someone brings up concerns of E2EE platforms being used for child sexual abuse imagery or terrorism?

The majority of criminals caught in transit doesn't warrant me giving up my privacy. They will still be caught in the same manners they are now, and it still offers them little protection over what law enforcement typically does.

I believe the federal government's concern (and those of various law enforcement agencies, etc.) is not with E2EE in general but with their desire for a specific (and, in my opinion, deeply flawed) implementation where they have an ability to read these messages. While law enforcement might be happy with a system that requires a warrant or some other paperwork, the US federal government appears to be demanding unfettered access to these messages.

In my opinion, the federal government's unfettered access to people's messages is entirely new with the advent of the internet. They didn't enjoy this level of access when people communicated by written letters nor when they spoke to each other over analog telephones. I believe the questions is less about the mechanism (E2EE) and more about the reach of the federal government and law enforcement and how comfortable we, as citizens, are with them having this kind of access to all of our communications.

In terms of people who are willingly breaking the law, they will always have access to communication methods that the federal government and law enforcement cannot easily surveil. Right now many E2EE mechanisms are the easiest way for these people to communicate privately. If the federal government gets their way and gains access to their communication, and starts to crack down on these crimes then these people will move to another communication medium. Perhaps even back to traditional letters.

There are many reasons to oppose an E2EE system where the federal government and law enforcement have a "backdoor" that lets them read all of these messages. For instance, it won't be long before another organization (perhaps even foreign) figures out how the mechanism works and gains access to every person's communications; the security provided by such a system will have a limited term and we may not know when that terms ends.

In my opinion, the most important issue is granting this level of power to the government and law enforcement. I think this could really be an existential threat to democracy in the US.

If the right to bear arms is required for protection against a potentially corrupt or abusive federal government, then so is the right to use end-to-end encryption.

An argument propping child abuse as the reason to strip everyone of their right to private conversations (which are essential in the need to balance assymetry in a government’s powers and knowledge and an important tool for activism, organizing and keeping government in check) is not made in good faith.

It creates a false dichotomy framing the argument in order to predetermine its outcome.

When made by the very powers who are known to seek to punish And remove the people seeking accountability and change, it is very suspicious.

If the government wanted to prevent sexual abuse of children, they would address such abuse everywhere, including among its own ranks. This is not the highest priority of governments. Their higher priority seems to increase their powers.

Encryption is intangible, but it's a tool like many other objects surrounding us. Let's compare it to a hammer.

You can use it to do good things (hammer down nails to create a building to shelter people) or bad things (hurt people with it, smashing toes, etc). If someone does bad things with it, banning it stops people to do good things with it, and everyone lose.

Encryption ensure everyone can speak their mind freely, without worrying that someone with unclear motives can snoop around and read legitimate, but private discussions between two persons.

Not having this ability to speak freely hurts everyone, simply to remove a tool that could be used for bad things. Don't fight the tool, fight the bad actors with all the means at your disposition.

What are your arguments in favor of knives? How do you respond when someone brings up concerns of knives being used to stab people?

Curious if I choose to publish pictures of myself as a child when I was naked. For example bathtub pictures my parents might have taken, etc. Would I have committed a crime? Who exactly is the victim? I frankly wouldn’t have a problem with it. How does it harm me? I’d even be willing to release naked pictures of my children (suitable anonymized, faces blurred it heads cropped, etc.) Why do I care what a stranger is doing with an image of my kid? Go to town if it’s your thing. Just don’t actually harm real children and you’re fine.

The reason for using end-to-end encryption, instead of encryption which is not end-to-end, it to protect against the service provider. That is, if Whatsapp's encryption is really end-to-end, you don't have to fear that the Facebook servers might have been invaded by evil hackers intending to leak your most private communications to the whole world; the evil hackers would have to invade your personal device directly (and they can't invade everyone's personal devices, since that risks exposing their evil misdeeds to security researchers).

Imagine saying: two people should never be able to whisper to each other. To whisper something to someone prevents the police from having the ability to know if you’re possibly planning to do something dangerous. Something that is dangerous like planning another 911. Or planning to kidnap a child. These are very real possible crimes that affect real people. We must give investigators the tools they need to keep us safe therefore whispering privately should not be permitted.

Is this about adding E2EE to the common platforms?

Pedophiles and terrorists are already using E2EE I would think, so this is really about government being able to spy on everyone.

They don't have that ability IRL, why should they online?

More importantly, what are the macro consequences of government access to everyone's private communications, and especially, the oppressive effect on free speech etc when everyone is aware they are being monitored (I do sometimes wonder if Snowden was more 'deliberate leak' than 'whistleblower').

My go to about a government backdoor is that the NSA hacking tools are now leaked and the leading tool for Crypto Ransoms;

If CIA and NSA can't keep dangerous tools safe and secure from the bad actors; if the FBI (commonly thought of as less cover) or local police have a ready backdoor access to my phone, messages, credit cards, or anything else, then they're practically already in bad actor's hands.

The similar argument is that my state has lost my personally identifiable information in no less than 3 security incidents.

Not all crime is bad and some “crime” is essential for progress.

What is illegal follows fashions. For example in the UK homosexuality used to be illegal. Our hero Alan Turing was imprisoned for it. There needs to be some latitude for people to do illegal things because the state doesn’t always get it right.

A perfect survellience state is not in ideal in this regard.

You probably want fairly good law enforcement to protect us from crimes but just for it not to be too damn good.

Shorter encryption debate:

  Them: Terrible things are terrible

  Us: Yes they are

  Them: Stop the terrible things

  Us: We don't know how to do that without side effects that would be even more terrible.

  Them: Just do it without causing the side effects.

Source: https://twitter.com/mattblaze/status/1180092773975953409

Would not having E2EE platforms remove child abuse imagery and/or terrorism? The answer of course is no. I always get reminded of a story about terrorist using video games to communicate with each other and giggle a little bit.

Currently the government uses E2EE to safe guard themselves, then the American people should also have access to it to safe guard themselves. If the government allows us to purchase guns for our safety, why not encryption? You going to say encryption kills more people then guns?

Plus E2EE isn't some super secret thing the government only has access to. Any one can create a E2EE platform and the government would be hard press to stop it. You might not be able to commercialize it, but it won't stop it from existing.

I believe arguing over if something should be legal/illegal is a pointless distraction. E2EE exist now embrace it or move on, but don't think banning it or making it illegal will some how make it disappear.

I'm not stating that this is my opinion, rather a reasonable position would be based on the 4th Amendment.

>>>The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

Under the 4th, It could be argued that when the government has demonstrated that they have met the standard for reasonable, technology should allow them to have access to that data. Therefore, it's unreasonable that access to data in question is controlled by potential co-conspirators; those with perverse incentives to withhold compliance. It's also unreasonable for entities that operate within the governments jurisdiction to circumvent this constitutional requirement.

Strong cryptography is critical for e-commerce. It is part of what protects your bank and credit card information form others.

Because making it illegal will remove benefits for 99.9999% normal people. Cryminals will keep using it when it's illegal.

It's nice to know that if some information I may send to my spouse, credit cards, accouunt information, photos of my passport or license needed for foreign travel, aren't sitting on some corporate server uunencrypted waiting for a data leak (caused by anything from a hacker to careless disposal of obsolete disk drives).

I worry that this is a case of seemingly good policy having bad effects.

My research indicates that smart criminals tend to communicate in code. Because of the codes used and the frequency at which they change, the existence of communication is often of more probative value than the words used. Companies currently share this meta data with law enforcement.

If the veil of E2EE is lifted, smart criminals will move their communications elsewhere. They will find services owned by foreign companies in regimes that are not friendly to US law enforcement. Or they will move to low tech solutions that make collecting meta data more difficult.

Basically, I’m afraid that changing E2EE will catch criminals who make a myriad of mistakes that will get them caught anyways. Meanwhile, it will drive the intelligent criminals further underground, onto services owned and hosted in hostile (or less friendly) countries.

I'd ask to spell out the particular concerns. It doesn't make much sense to try to respond without the other person giving more details.

Otherwise you're going to be in the role of making propositions and the other side will be shooting them down. Make them argue their case and poke little nagging holes into it.

As an American, we can start with: The People's 4th Amendment rights trump the Government's.

I'm always bothered by the sense of entitlement inherent in governmental campaigns against encryption. A properly-executed warrant allows the government to search for evidence and seize it. It does not create an obligation for the target to tell the government where the evidence is and how to make use of it.

Also inherent in our justice system is the concept that not all criminals get to be caught and convicted. Presumption of Innocence, Blackstone's Ratio, 5th Amendment, etc.

I don't think any of us want to live in a society where every law-breaker can be caught. We all break laws. I've barely left my home for 10 minutes today and am not entirely certain I haven't broken any.

The argument for privacy measures in general that's very convincing to me personally is imagining yourself as someone important. Imagine you were running for president in opposition to current government policies: would you want the government to have all your texts and emails, your entire browser history, the contents of your harddrive? Even if you've done nothing illegal, immoral or socially unacceptable, certainly you can think of something you've privately said or searched for that could be misconstrued to make you look bad.

In a democratic world, information is power. The more you know about someone, the more there is you can use against them; the more ways there are for you to lie.

I like having private conversations. Just because somebody happens to be in a different room during one of these conversations, doesn't mean it's ok for my private conversation to be logged in a db somewhere, mined, searched, leaked, sold and used against me at will.

Because I have a fundamental right to privacy, and encrypted communications are an appropriate way to fulfill that right. While that right can be suspended at times, such as if a person were the subject of a criminal investigation after reasonable suspicion, a blanket prohibition of secure communication is not justified.

People act differently when they are being watched. This is not a bad thing, and is not an accusation of immoral behavior. People are more likely to pick their nose while in private. People are also less likely to express morally correct but unpopular beliefs, such as supporting gay rights a few decades ago, if they believe that it will have negative social consequences. By having privacy, social movements can slowly grow over time.

If two people wisphered secret messages between each other,should that be allowed? Should a policeman be privy to all whisperings? E2EE is just wisphering except much more efficient and can happen at large distances.

Should you be allowed to send mesages over snail mail using code words understood by only the recipient and no one else?

These are political questions. Governments having the authority to listen in on all private conversations implies they have that authority. Do you accept that authority where you are unable to express yourself to other humans without government employees logging and monitoring your expressions of thought? Maybe you really have nothing to hide now,but if ever you are given a reason to disagree and dissent with societal norms,your expressions of dissent will be monitored by the very people that have a lot to lose by allowing your thoughts to be expressed. If you can accept regulation of your speech and this authority over your life and liberty then it makes sense to oppose E2EE.

The problem is that the people whose communication is being monitored never accepted this authority,E2EE is just a way of enforcing my expectation that my communication to someone will be read only by that person. Removal of this right or privilege must be done via due process and full transparency without which justice and fairness would be very difficult.

Last point: E2EE prevents mass monitoring of communication. For warrantful intercepts,law enforcement benefits the most out of having access to the whole device. One approach would be to force a transparent backdoor that will side-load rootkits that come with a device specific certificate with a certificate transparency log maintained by a watchdog gov agency that enforces requirement of a warrant for each cert and criminal penalty for mis-issuing of certs or tampeting of CT logs. What if someone roots their phone and removes the backdoor? Make it illegal much like silencers and bullet-proof vests are illegal. It does sound very unpleadant and uncomfortable but much saner than weakening protocols. Like it or not you won't be able to convince elected politicians there is no way to securely gain access to a suspected criminal's phone even with a warrant.

Let's be clear about something, the threats from exposing our information are not hypothetical, the last 10 years of repeated hacks into banks and services that expose people's financial and personal information (CC numbers, SSN numbers, etc) is proof that there are adversarial actors actively trying to get and exploit our information for financial gain. Right now, a database with structured data is useful (and amazing that its not encrypted in a way where it would be useless to steal at rest), but if you were able to get a treasure trove of unstructured messages we may not be far off from being able to extract a ton of information from that too.

And that's just financial stuff. The current generation has repeatedly proven that they want to send revealing photos on these chat platforms. Remember the iCloud leaks of revealing photos? These were done with phishing attacks, but once again proves that there are malicious actors looking to take what most of us would consider to be private personal property. Today it was phishing attacks, but without encryption, tomorrow it might be an actual massive data dump of every photo ever sent on Messenger. Again, we currently have AI models that can do facial recognition and that can do nudity detection (as employed on YouTube, etc.), so access to the data set of photos sent on Messenger could then be analyzed by a computer to extract all nudes of key people (if targeted), or just all nudes (if not targeted). If your response to this is "they shouldn't be using it that way" -- again, consider that you might have second-order exposure to this problem. You may be smart enough to not send compromising information on Messenger, but maybe a close family member isn't and now you can be blackmailed or extorted to prevent revealing something of theirs. Or let's say everyone in your family is smart enough not to use Messenger this way. Your representative or senator's relatives might not though, and now they can be blackmailed too, and there's not much you can do about that since you may not even find out. All these problems similarly exist with respect to corporate privacy as well (trade secrets vs. potentially malicious foreign companies, people trying to get inside information for trading, etc.)

At the end of the day, to me the question of whether the US is trustworthy is besides the point: the lack of encryption exists for anyone trying to get in, and we know there are bad people trying to get in. If you take the lock off the door you might trust your friendly neighborhood policeman but the cat burglar can just as easily turn your doorknob.

I see the need of the police to access personal communication to fight child abuse. However, if the police can access it, then so can NSA, China, Mafia, and random hackers. A backdoor is not restricted for long. I consider this risk higher than child pornography.

Quite simple really. The government is a terrorist crime syndicate that happens to own the monopoly on the legitimate use of violence and no one should give them access to their personal lives, lest they be locked in a cage or treated with pointless violence.

A counter argument for blocking e2ee because of sharing CP/Terrorism can be split in two parts:

1) If you have proof that they are sharing it then you simply do a criminal trial base based on that proof. No need to block e2ee because you already have proof.

2) If you do not have proof then you are assuming guilt without proof, and that is the opposite of how our justice system should operate. Innocent until proven guilty. No need to block e2ee, because you have not shown that any concrete person is breaking the law. And if you did show it, then look at point 1)

And thus we have exhausted both possible options, and in both cases there is no need to block e2ee.

I think that's the wrong question because there are many arguments in favor of e2ee. However, only some against: 1) totalitarian governments (like in China) or governments who want to watch over their citizenz (and non-citizenz) because of 2) criminals, who want do their stuff in secret - you may force whatsapp to stop using e2ee but you can't stop criminals using open source software 3) convenience because it's harder to build e2ee apps in many cases than without e2ee because you can't use some services (like algolia for search etc). At least, there are couchbase and realm.io, but their hosting isn't hat cheap

People committed these crimes before encryption and they'll find a way to commit them after encryption. Being against E2EE means trading your privacy and security but it won't stop these crimes from occurring.

>Also, how do you respond when someone brings up concerns of E2EE platforms being used for child sexual abuse imagery or terrorism?

By not caring. Privacy is worth more than forcing criminals to put a small bit of extra effort.

Guns can be used for crime, including child sexual abuse and terrorism, so why shouldn't we ban them too?

Right to bear arms is in the constitution, and so is the right to unreasonable search/seizure.

E2EE can be banned in ne country but not the whole world. There will always be places that will support it, so criminals will go there and use those networks and we will he left without doors.

Because I'm an anarchist and believe that the only two people that can police communication between me and another person, are me and that other person. Live and let live.

I don't need arguments in favor of it, you need arguments against it. The burden should never be on me to justify my freedom, but on you to justify your oppression.

There is one argument that many people are missing here. End-to-end encryption is really quite widespread in a number of products today. The WebRTC protocol, for example, is commonly used for videoconferencing. It is natively supported by most browsers and provides a connection between two browsers that is end-to-end encrypted.

Since this functionality is so widespread and popular, the onus of proof should be on people who want to forbid it.

Its important that enforcing the law be difficult and expensive. It prevents tyranny by keeping the governments tools of oppression tied up dealing with necessities. It creates a cost for enforcing every new hypothetical restriction.

E2e encryption being prevalent makes law enforcements job much more difficult.

Child sexual abuse and terrorism being completely solved are incompatible with free society. Those kids need to take one for the team.

In public toilets we lock the door. That's dignity.

I don't understand the question. E2E encryption used in what? Consumer social-network software? High-security government communications?

Bad actors will always have access to E2E encryption so any argument which discusses this is misleading. So the question is then should the governments have access to the communications of the general population? No.

Banning any type of mathematical or technological advancement will never bring good things. I don't know why I feel like that, but that's how I feel like. Banning building things like nuclear reactors is fine, but banning people from knowing information relevant to building nuclear reactors can avoid safe technological advancements in energy generation, for example.

That freedom means accepting some degree of injustice but it pales in comparison with the injustice of an unfree society.

It's simple really, everyone has a right to privacy. The argument of having 'nothing to hide' is in bad faith.

Maby if they could actually start acting on intelligence when dozens of people report that a kid is likely to conduct a school shooting I'd believe them. Even then, we all know this type of rhetoric from law enforcement is just posturing to force their way in through the front door. This is still a good exercise (documenting why end-to-end encryption is necessary), but don't kid yourselves. They will whine just like Trump until they get what they want. If nothing changes and they stop whining it's time to start digging, that probably means they got what they wanted in secret.

Sometimes I don't want people to see my stuff. If I use end-to-end encryption, people can't see my stuff. QED

In the spirit of writing a simple and condensed answer, and assuming e2e encryption would remain with a government backdoor, there are three main problems (I don’t see any other):

1. Government abuses their power

2. Government gets hacked and hacker abuses their power

3. You have something to hide

Now we can debate on each of these points. Tell me if I’m missing something.

My main concern isn't the 'Big Bad Government' but just good old fashioned incompetence and corruption.

If law enforcement can read my messages so can engineers at the company, or anyone a hacker or disgruntled employee sells the data to.

Those messages may contain sensitive information like financial details, passwords etc.

Terrorism is a particularly weak argument for e2ee because terrorists can and do exploit systems WITHOUT e2ee.

I think the best argument is that it is impossible to regulate. It's *ing math! Anyone can look up how it works. It will be implemented everywhere and always by the people who need it.

Specifically for politicians: Ask them how important it is that the media not read their texts and emails.

If I were arguing by analogy I would ask why we allow door locks. Door locks let people do bad things inside their houses. Yet we are all safer from criminals because of them, overall. And it also helps keep police honest about getting a warrant first before they disturb your house.

The benefit of cryptography is that you don't need to argue in favor of it to use it.

Argument? Its a trade off freedom vs security. Traditionally patriots have chosen freedom.

CGP Grey's "Should all locks have keys?" says it better than I ever could: https://www.youtube.com/watch?v=VPBH1eW28mo (4m)

I think we should fight for private communication to be a human right, nothing less than that. So if terrorists have right for a fair trial, they should also have a right to communicate privately.

It’s none of your business.

If an encryption back door exists, one can assume that it will be exploited. The same applies to private key encryption where a company holds private keys instead of individuals holding their own.

Besides all the obvious privacy/freedom reasons, banning things NEVER works. Think about how hard we try to ban physical things (drugs, guns, etc). Now imagine trying to limit encryption.

Freedom. Nobody, and least of all a government, should be able to decide what software you use. If their will stands above yours, you are a slave. Do you like slavery? Do you love yourself?

I’d rather have crime than a government that can outlaw math.

My position is that I have a right to privacy, so I don't need an argument. You need an argument for infringing on my right to privacy.

Personal opinions (even ones grounded in science) that run contrary to prevailing norms have become weaponized. Until that goes away, I want my privacy.

What argument in favor? There doesn’t need to be one: it’s the right thing to do. It’s why I use iMessage. It’s why I trust Apple.

One comparison I don't see yet, which is the easiest and most non-technical I know: E2EE communication is just a long-distance version of speech. The usual comparison for E2EE is physical mail, but the entire argument happens over the flaws of the metaphor. The lack of bulk mail analysis or systematic mail fraud means that the good and bad parts of encryption are both mostly hypothetical.

Talking make a much better comparison. When you say something, someone can listen or record you, just like E2EE doesn't protect against shoulder-surfing or a compromised device. But once you've said a thing, it's gone. It's not just inadmissable but inaccessible. No police tactic in the world can physically reconstruct it, and the Fifth Amendment says you can't be forced to confess anything incriminating that you've said. (The comparison for encrypting illegal media is messier, but a spoken threat is a crime composed only of words, so we could compare that to an encrypted picture.)

And vitally, all the things governments warn about E2EE apply to speech. People use speech to plot all sorts of heinous acts. Criminals gravitate towards in-person speech instead of using letters or phone calls. Whether it's clergy covering up child abuse or terrorists plotting bombings, talking is the standard method of coordinating crimes without leaving evidence. There's speech which is itself criminal, like threatening bodily injury, which leaves no evidence after it's said. When people resort to speech instead of calls or letters, the job of the police gets harder. If everyone had to carry a running voice recorder or make phone calls, it would be much easier to convict criminals, and bulk analysis could be used to be proactive about terrorism and abuse instead of investigating after the fact.

It's hopefully intuitive to most people why "all speech needs to be recorded for police use" is unacceptable. "Nothing to hide" doesn't justify letting the police in on your pillow talk. Bulk analysis of who's talking about what is abhorrent, but warrant-only access isn't tolerable either. The government would abuse the system, private people would try to break into the logs, and the breach of privacy is fundamentally out of bounds regardless. And policing still happens just fine without such a log. Officers listen as people speak, just like they can monitor a device before it sends a message. People who hear bad things said report them. When physical crimes are plotted, the crimes leave evidence. And for speech like threats, we can still collect witness accounts or convict over follow-through. The government doesn't need a log of everything we say.

In the same way that all the horrors of cryptocurrency are grandfathered into cash, the menace of encrypted texts is already present in everyday speech, but the world keeps turning.

My argument is simple: I want it for myself.

I don't think there are multiple arguments here to beat around, despite people going on like it's a many-sided story. It all comes down to two conflicting principles:

- People's privacy is inviolable

- State's right to surveil people's actions must be unlimited

Before now, the balance was kept by surveillance being too expensive. But it was already pretty obvious in the 80s that we're quickly going full cyberpunk: communication and processing of info become dirt cheap, everyone is moving to digital comms for ease of use, and suddenly vastly expanded surveillance is easy, both on the net and in the physical world.

In ten years, net connection will be ubiquitous like electricity, all info about the world will be processed in real time, minds will directly control computers, and the agencies will ask why they should give up vacuuming it all if someone might plan a crime somewhere in there. Why draw the line at the datacenter instead of personal computers if the boundary is barely there? Why must there be a limit? The argument of “there might be something unlawful on there” doesn't have a limit.

If you think that a discussion between people, or their actions, should be private like they were before, you gotta ask where the firm line is. But I don't really see anyone doing a cost-benefit analysis on privacy vs surveillance, since conveniently for the agencies it's a ethics issue, and measuring ethics with numbers is frowned upon. So it's gonna be “X crimes prevented and Y solved” vs some indeterminate inconvenience caused by data leaks and corrupt officials.

As a bonus exercise, ask yourself: if to beat criminals the police has by principle to have criminals' tools―violence and disregard for privacy―then what stops police from turning into criminals on the side? These two markets are for the same skills. For some countries, it's not an idle question. And obviously, if a tool is available to police, it becomes available to criminals too.

But personally, I don't think privacy advocates will ultimately have much weight in the decision on this dilemma. People like to pretend that they highly value personal freedom, but the whole shtick of society is that it has a net benefit for a population by limiting individuals. Band together with other people, lose the freedom to be as gross as you want as loud as you want, have to do favors to keep connections. Pay some organized bullies to defend from other ones, concentrate on your own job instead. Move to the city, be highly visible to many people but have a variety of decent food, and sewers. We were giving up freedom for security and convenience for thousands of years, and I doubt we're going to stop now.

(BTW, afaik the cliché quote about giving up liberty for safety is used completely wrong and originally had exactly the opposite context.)

Why ?

Because Fuck You, that's why.

First of all, break the assumption that encryption is for paranoid people. Ask the opposing side to defend regulation over E2EE.

You're in luck because there are no objective arguments against it. When they inevitably turn to emotionalisms like "terrorism" and "sexual abuse", cite how insignificant of a percentage "terrorists" and "abusers" are of all E2EE usage. Explain that a ban for one is a ban for all, them included, and that encryption in fact protects from people's spying on and planning over one's significant other/children/etc. Ask why politicians like Trump or Clinton can seek protection from aggressors but you, an honest-working tax-paying citizen unentitled to a private security force, should not.

Explain that criminals overtly show their psychological traits every living moment and it is the failure of the authorities to help rectify their behaviour lest they commit a crime; that it is a well-paid police proffession to monitor people for such traits. Such a profession that is gladly and frugally assisted by artificial intelligence which can be tied to any camera that sees you, any website that you visit; that the government and companies can make deterministic psychological profiles from metadata alone and some graph theory.

You can also reference absurdity by stating that, to avoid "terrorism" among E2EE, the government should simply ban "terrorists" from using E2EE. However, the Wars-On-.* have been proven not to achieve the original goal in US history but rather to cause collateral damage, much more drastic than foreign subversion could. So banning or regulating E2EE is an ambiguous goal which will fail.

Suspicious, maybe it was foreign subversion indeed. Would you like E2EE when you pay taxes and go vote? So why not for more close-to-home data such as intimate details that could be used against you by an enemy or in court of law?

And finally, the police force and government authority use and _develop_ E2EE. They ought to have hidden back doors in it. For the hundreds of millions to billions of dollars law enforcement receives in funding, they ought to have. So even if we assume they could catch "terrorists" and "abusers" more efficiently. Well, then they don't need such giant budgets from your wallets. Would you consistently pay dozens of dollars a month for private investigators to aimlessly roam the country, not even saying what they are looking for? So why let the government do it? You could purchase many sources of joy with that money.

In the long term it would cause more harm then good.

It's free speech, plain and simple.

E2E encryption doesn't need an argument for it, it has specific, valuable and demonstrated uses, and I reject the premise of the question that the technical and business use cases for it need an accompanying rhetorical justification. The people asking for the arguments are not people who can be persuaded by argument, they are looking for ways to drive another agenda. It's disingenuous and not a matter of reason.

To respond to the question itself, let's start with what we actually do. We make the stuff people actually want, and thanks to abuses by authorities around the world, today they want privacy and trustworthy tools. We build things that facilitate growth and massive improvements in quality of life for literally billions of people around the world. That growth comes from building the things they both want and trust, and use each day to improve the quality of their own lives and of their families. I would encourage governments to get better at offering the same things.

The extreme cases cited in the OP are abused by people with agendas to use them as levers to assert their narrow interests, and not because they want to solve those particular problems. Parading victims of abuse and violence to bolster a narrow surveillance agenda is the rhetorical equivalent of using human shields. Hardly anyone is actually stupid, and everyone sees it. Further, why would you ask technologists to presume good, altruistic and aligned intentions in governments who want to conduct surveillance, yet not among ourselves and our users of encryption services? We can't make that altruism generalization about our own governments, let alone ones in other markets. I would reject this particular premise in being asked to make an argument "for," as well.

The question, "I need you to justify your view to me, and with it, these objectively terrible things" is disingenuous.

The short answer is technologists do not have the solutions to niche social and political problems any more so than anyone else. Terrorism, abuse, and porn exist independently of tech. The "arguments," against E2E encryption are made by people who don't have responsibility for the outcomes of their efforts, and are using these threats to deflect that and make others responsible for them.

If we all gave up E2E encryption, the value people entrust to networks would be reduced to where it would derail and destroy the economic growth trajectory which that trust facilitates to improve peoples lives. The solution is not for tech to do less of what people demonstrably want and willingly pay for, it's for governments to be smarter about their own roles and responsibilities.

If you want to solve the problems of abuse and terrorism directly, there are a ton of solutions that don't involve destroying the trust people have in each other that has improved our collective quality of life immeasurably in the last 30 years.

I am working on an application that will allow chat and a shared file system (cross-OS). It will feature end-to-end encryption through key exchange and it will be mostly peer-to-peer.

The basic idea is that users should have privacy. Real privacy would disqualify a service in the middle from intercepting and retaining user traffic. There must be some compromise though because the current internet model makes actual peer-to-peer without a middle service incredibly challenging. This is the problem I am attempting to solve, a client-to-client model instead of a client-server-client model. There will likely have to be a service in the middle to provide routing via DNS and tunneling via port 80 to get around things like firewalls and non-routable addressing, but traffic should be encrypted so that the middle service only provides a tunnel for encrypted data.

When I get far enough that I can turn this into a business I would not be able to serve advertisements to users, because their traffic would be encrypted. The disadvantage there is that I would have to find an alternate revenue model. The advantage here is that law enforcement could issue legal requests for user data and the only thing I could give them are account or billing details. I could not give out user contributed data, because you cannot give what you don't have.

I have also thought of a scheme to anonymize users in the system so that users are known to each other, but to everybody else the user ID is just some 128 character hash string bound to a private IP address. I haven't really thought through discovery yet, such as a user looking for their friend to exchange keys. With an anonymous user scheme in place user would have even more privacy. Users should never be anonymous to each other, because should be anonymous to those without access to their encryption. I will solve for this once I get to it.

As a service provider I would retain the power to disallow traffic via certain keys or anonymous IDs provided a proper legal request from a legal authority. If there is evidence of illegal activity gathered from regular police work I should be able to discontinue access to specifically identified accounts in accordance with the law, but it would require evidence I could not provide to law enforcement.

So far the shared file system operations are mostly built. I would like for this work as a Window-like GUI in the browser, which is built, and a command driven application from the terminal which is half built. I haven't started work on the security model or key exchange yet but I have a plan on how these should work. Once I debug copy/paste/delete from a file system on one computer to the file system on another computer from within the browser I will move on from the technical tasks to more revenue worthy tasks. I am almost there, but still have some work to do. This is taking long to write and test than I originally imagined.

1) Because I want it and what is this, soviet Russia?

Dead serious. The mentality that everything you want to have needs to be explicitly justified to society before you are permitted to have it is a sick twisted authoritarian mindset. I thought our society was better than this

2) The same reason I support the second amendment. The government is gigantic and powerful and scary. Even if it acts in the most benevolent way possible, it is gigantic and powerful and that is _intrinsically_ scary. The government can _fuck up_ and destroy ten thousand lives before anyone even notices. Consequently, people need ways to defend themselves from the government proactively. Encryption is one such way.

2b) If someone wants to argue that "what if criminals use it to do crime", remember that marijuana is still a federal crime, and some absurd percentage like 30% of all Americans have smoked it at least once. It is well within the government's power to just spider through all social media to see all references to marijuana, use that as probable cause, and do raids on _MILLIONS_ of people. Will this happen? Almost certainly not. COULD this happen? Absolutely. Unless, of course, all those communications were encrypted such that nobody could access them. I don't think "I pinkie swear I won't do it" is a good enough protection for me against that possibility

3) the cynical answer: we already have ample evidence of actual child sexual abuse rings, but for some bizarre reason the authorities lost interest in following up on that once the ONE guy they got hung himself. If they aren't willing to do the police work on this issue that they already can, I don't see what the argument is to give them full access to all crypto systems.

4) Technical answer: Just because you make a backdoor and give the government the only key, doesn't mean the government is the only people who are going to use that door. Maybe they lose the key. Maybe they give the key to someone who turns out not to be trustworthy. Maybe someone makes a secret copy of the key. Maybe a burglar doesn't actually get the key, but he's really really good at picking locks and so the backdoor makes it that much easier for him to get in. Security is a hard problem and every single compromise increases your risk surface area. The first lesson of security is "assume the worst possible thing happens, and then prepare for something worse than that". Such a back door (or, alternatively, legal prohibition of e2e encryption), dramatically compromises security simply by existing.

5) The tinfoil hat answer: The fact that they want it so badly tells me that they shouldn't have it

6) The current year answer: Do you want Donald Trump to personally have the ability to spy on anything that you, specifically, do? Y'know, if he's bored one day and wants to find something stupid to tweet? Do you want him to have that power? I don't

i'm going to go against the grain here and propose an alternative arrangement

medium term, i don't see how democracy can function if E2EE becomes the norm (esp in the context of cryptocurrency). influence-buying, disinformation, collusion, bribes, bullying, etc become much much easier, and policing would become nearly impossible

instead, ban E2EE but allow each person to have multiple identities (with technical means to prevent them from being tied together or expose personal info - a nontrivial but solvable problem), ie Privacy via Multiple Identity or PvMI

this scheme would provide many of the benefits of E2EE (eg, preventing an employer from punishing your for political speech) while allowing policing of many illegal activities. one exception is that if the people became fed up with the govt and wanted to stage an armed rebellion, PvMI wouldn't help (though it would help get to the point of consensus that rebellion is needed). I'm not sure how practical the concept of armed rebellion is today, but I haven't written it off either. So this is a downside.

Can anyone think of any other not-harmful-to-society activity that E2EE helps with that PvMI wouldn't ?