Ask HN: What are your arguments in favor of end-to-end encryption?

[+] diffeomorphism|6 years ago|reply

Politicians propose to forbid all buildings from having doors. After all "bad people/stuff etc." could lock the doors and hide behind them. Anyone arguing against that is obviously against safety.

Counterpoints:

- Do we currently have a big door problem?

- Wait, don't doors also serve an important function?

- Won't that make everybody much more insecure and basically do nothing against "bad stuff"?

- What if I put a wooden plank in front of the hole in my building? Wouldn't that be a "door"? Making doors illegal is not going to stop people from making "doors".

Now, people like to spin this analogy further and revise their proposal and say "Fine, keep your doors, but I get a spare key for every door made".

Problems with this:

- Yes, you and everyone in your office can grab the spare key and steal all my stuff (see TSA locks and basically any time in history that was tried).

- Remember the wooden plank above? That guy will not give you a spare key and can still hide "bad stuff".

- Fine, we will just use magical (blockchain) keys that nobody can steal and not make things insecure, but have an officer visit and inspect every room you have every 5 minutes. You have nothing to hide, do you?

[+] jdsnape|6 years ago|reply

I'm not sure this is a great analogy as yes, we permit people to have doors and locks but society also provides a mechanism for the government to lawfully get access to them. If the Police have a legit reason to access a property they go to court and get a warrent, and if they need to they'll kick the door in to get in.

The current government requests to be able to access encrypted info with a warrent are an extension of what currently happens in physical space.

[+] forgotmypwd123|6 years ago|reply

> (see TSA locks and basically any time in history that was tried).

For anyone unaware, the TSA lock master key was leaked by including a photo of an actual master key in a newspaper article about said locks. I don't think encryption keys shared with police/govt. will be any safer.

[+] szermer|6 years ago|reply

Reminds me of the concept of 'Perfect Security' from the 1800s

https://99percentinvisible.org/episode/perfect-security/

The pursuit of lock-picking is as old as the lock, which is itself as old as civilization. But in the entire history of the world, there was only one brief moment, lasting about 70 years, where you could put something under lock and key—a chest, a safe, your home—and have complete, unwavering certainty that no intruder could get to it.

This is a feeling that security experts call “perfect security.” Since we lost perfect security in the 1850s, it has remained elusive. Despite tremendous leaps forward in security technology, we have never been able to get perfect security back

[+] untog|6 years ago|reply

To counter that metaphor, what would the objection be to doors that lock, but the police are given a master key?

There are a few obvious issues with centralisation and the possibility of bad actors on the police, but I’m not sure how persuasive it is against “think of the children!!”

[+] squarefoot|6 years ago|reply

I support it 100%, because I have everything to hide as my life is mine and doesn't belong to anyone else, including governments or improbable divinities. If for some people in power this mean I'm either a murderer, a rapist, a drug dealer, a pedophile, a terrorist, or whatever, they're free to spend taxpayers money to find out how wrong their assumptions were, then get voted out of their seats. Anyone using the "if you have nothing to hide" argument is just pushing you into relinquishing your privacy rights to gain power over you. Just try asking them their own passwords and hear the very predictable reply.

Intelligence does exist for the purpose of catching people doing nasty things even when they do it behind the curtain. Making curtains illegal would be the obvious stupid response which would harm everyone. Nobody ever said that democracy is either free or easy; a bunch more criminals at large sometimes somewhere is a price we have to pay to have billions of people, including us, enjoying what remains of their freedom.

Just to avoid the most predictable counter argument: I'd keep defending this principle even in case one of those criminals would exterminate my entire family.

[+] andrei_says_|6 years ago|reply

“ If for some people in power this mean I'm either a murderer, a rapist, a drug dealer, a pedophile, a terrorist, or whatever, they're free to spend taxpayers money to find out how wrong their assumptions were, then get voted out of their seats. ”

They don’t believe this; it’s an argument framed in a bad faith so that they can strip peoples rights and jam laws down our throats. Their mastery is in framing. Never use Or repeat their frame.

See George Lakoff’s work in framing. It’s essential in environment of heavy propaganda.

[+] mattrp|6 years ago|reply

I love this argument. I would also add that the individual is sovereign. Meaning, in the US at least, our view of the origin of government is that government is granted its powers by the people. A government cannot inherit a right that it’s citizens don’t possess. Therefore if governments have a right to free speech, bear arms, etc.. so must it’s citizens. Other western democracies do not trace the origin of government power to the people... The UK and the larger British Empire for example trace the origin back to God as manifest in the monarchy. The modern German and French welfare states trace their origins to the state — a nameless collective organized to benefit its citizen’s welfare (with any rights conveyed to citizens a matter of convenience rather than a source of power). Yes I might be expressing a rather neo-con / superior attitude but if you simply equate the origin of individual rights in programming terms - In the US, individual rights are the global variable from which everything originates. The French and German versions are essentially undeclared variables and the UK inherits it’s rights externally from a black box. Now you tell me, from a programming point of view, which is preferred?

[+] sushisource|6 years ago|reply

The "I have nothing to hide" argument is silly, but:

> Just try asking them their own passwords and hear the very predictable reply.

Is equally silly. Having nothing to hide is very different from having nothing to steal.

[+] sdan|6 years ago|reply

> I'd keep defending this principle even in case one of those criminals would exterminate my entire family.

I think that's a bit too far... but I get your point.

When having a discussion around privacy, I had no response to "you shouldn't have anything to hide" because I know privacy should somewhat be a human right (especially given its commoditization) but didn't know exactly why it's so important given that most Gen Z kids are sharing every aspect of their lives on social media.

[+] thefz|6 years ago|reply

> how do you respond when someone brings up concerns of E2EE platforms being used for child sexual abuse imagery or terrorism?

These are only a tiny part of uses of encryption. Ask anyone if he would like to have his bank transfers, or his credit card credentials in plain text. End to end encryption allows the whole internet to act as a commerce platform.

Encryption allows journalists and activists in strict, controlled regimes to let facts out. It allows an abuse victim to safely expose the abuser. It allows at a broader spectrum to maintain secrecy when secrecy is the only way a subject has to distantiate himself from harm.

Disabling end to end encryption requires an implicit good faith on those who look at our communications, and the history is full of abuse from those figures.

[+] amadeuspzs|6 years ago|reply

You are confusing E2EE encryption with encryption in transit/rest in the commerce example. The majority of transactions today are encrypted in transit and (you would hope) encrypted at rest so that the bank and selected parties can access the data (including the customer). There is no bank that would encrypt financial data using E2EE so that only the customer and merchant could access it, which is the analogy here on E2EE with messaging.

Sure, now we are looking at tokenization which reduces the risk merchants store your details insecurely, but commerce will always require a bank to store your information and share it with legislators for anti money laundering purposes etc.

[+] fortran77|6 years ago|reply

They still catch them, usually by posing as a "bad guy" and infiltrating their group. That's how it's been done forever, and it still works that way.

[+] tracker1|6 years ago|reply

Much like crimes using a gun are against the law doesn't stop criminals from using guns. Laws against backdoor-less encryption won't stop criminals from using encryption without a backdoor.

I'd be surprised if most of the "child sex abuse" and "terrorism" traffic isn't already encrypted.

[+] diminoten|6 years ago|reply

Twofold: one, criminals are, generally, stupid. They're not going to be perfect, and when they slip up we'll get them.

Two, people are sex trafficked in cars and in planes as well, should we stop using those? "But we can patrol and monitor planes and cars and catch the bad guys!" Okay, but then why do they still do it? Did any of that stop sex trafficking? No.

[+] atoav|6 years ago|reply

Because encryption is math and knowledge. Banning it will only stop legitimate users while bad actors can still just go ahead and encrypt their stuff.

If politicians consider leaving everybody vulnerable to catch criminals, this is a incredibly high price to pay. I’d argue that the price is so high that even with evidence that this would help catch criminals we should still consider not doing it. However there is no evidence for that and my argument above explains why criminals would still be able to encrypt.

We should really stop implementing any security legislation without checking whether it actually achieves the stated goals.

[+] dublinben|6 years ago|reply

Blackstone's ratio¹ is a cornerstone of our legal system. We forget it at our peril, for that way lies tyranny.

¹https://en.wikipedia.org/wiki/Blackstone%27s_ratio

[+] KerryJones|6 years ago|reply

I agree -- this is my fundamental disagreement with many laws that are in place. When they penalty to the good-actor is so severe to catch a small minority of bad-actors, it's a poor choice.

I do believe we should search for solutions, I don't believe that we should let a small % of bad actors control our lives.

[+] anonymousDan|6 years ago|reply

Counterpoint (playing devil's advocate) - if we ban e2e encryption platforms (or require a backdoor), then anyone found to be using a non backdoored tool is suspicious, reducing the effort required for law enforcement investigations.

[+] est31|6 years ago|reply

* If it's really about few really bad crimes, then nothing needs to change. In addition to the traditional methods, Governments already have ways to hack a few people. It's just that the more people they hack the more likely it is that the hack gets discovered and they want to spy on the masses.

* We leak tons of metadata. Even with encryption it will be available to governments and gives them tons of ways to pin down people. Eg. in some cases police used location information of cell phones to create a list of suspects. A lot of that metadata is very hard to avoid so it's likely going to stay.

* You don't just protect yourself from the government, but also the provider. Recently a report surfaced about a yahoo employee searching his colleauge's yahoo accounts for naked pictures.

* Providers can also get hacked. If the data is in encrypted form at the provider, the hackers would have to issue an update of the client which is usually harder than "just" hacking some servers. Those hackers can even be foreign governments.

* Safe deletion gets much harder when you have to worry about data on your provider as well. There were stories about providers not deleting data that users explicitly wanted to be deleted. There's also the problem of safe hardware decomissioning. Although most big shops are handling this problem more professionally than most individuals who just run format on their laptop's hdd and then offer it on ebay, you still have to take them by their word and rely that they do their job well.

[+] mikece|6 years ago|reply

Just because someone can abuse a thing doesn't make the thing bad, it makes the person who commits the abuse bad. We don't ban cars to fight drunk driving and we shouldn't eliminate the spirit of the 4th Amendment to go after child pornographers, terrorists, money launderers and drug dealers. Even with E2E encrypted communications the fact that user A is communicating with user B, when, and for how long is knowable, and that metadata alone can be sufficient to get the warrants necessary to effect legal, invasive searches without disturbing the rights of everyone else.

[+] maxaf|6 years ago|reply

[deleted]

[+] iandanforth|6 years ago|reply

The only antidote is an emotional connection with history and the reality of oppresion around the world today. No one who feels like they "have nothing to hide" can be convinced of the value of privacy until they have made an emotional connection with the oppressed and see themselves as potential victims.

Anything these people think of as "normal" activities has at one point or another been made illegal by a government, but without 1. Knowledge of specific cases 2. An emotional connection to those who suffered / are suffering and 3. A willingness to go beyond the fantasy of perpetual personal exceptionalism there can be no appreciation of the value of privacy over law, or privacy weighed against inevitable concomitant harms.

[+] Nasrudith|6 years ago|reply

Relatedly is to bluntly tell them "You don't get to decide that you have nothing to hide - they do.". What was legal, expected, or even required is not guaranteed that it won't be judged negatively in the future.

[+] DickingAround|6 years ago|reply

Governments have a long history of doing bad things (e.g. hundreds of millions killed in the last 100 years by USSR/China/Germany but many lesser offenses such as the war on drugs in the US). You often don't get to roll back government powers as a government becomes more corrupt or authoritarian; so once you're in, you're in. Thus; even if giving people privacy allows some crime, it is probably not as bad as all the good that comes from not enabling an authoritarian regime by giving up all your privacy.

[+] diminoten|6 years ago|reply

Cars have a long history of killing people, so do planes, so does AIDS, so does... everything, really. So we make changes, we improve, and now AIDs related deaths have dropped off significantly, we haven't had a fatal plane crash in the US in 10 years, and car related deaths in the US have decreased steadily since the 1960s.

Yes, governments have a history of being unsafe to their citizens, but it's not anything like what it once was, and it's getting steadily better, despite what the MSM wants you to think.

Now I'm not saying it's okay they backdoor all encryption, I just don't think the argument "Government evil" is going to hold water for the average person, nor should it.

A much better argument should come from the, "we prefer guilty people go free than innocent people get convicted, let's apply that policy to privacy" school of thought.

[+] insomniacity|6 years ago|reply

An argument I saw recently that I liked:

“Because a citizenry’s freedoms are interdependent, to surrender your own privacy is really to surrender everyone’s. Saying that you don’t need or want privacy because you have nothing to hide is to assume that no-one should have or could have to hide anything.”

So while I'm not currently rebelling against my government, I'm sure as hell glad the protestors in Hong Kong can get their hands on E2E encrypted chat.

[+] prepend|6 years ago|reply

For me I think we will really get to a world where thought is augmented digitally in addition to just communication. My thoughts and my communications are private and just because it is possible to monitor them doesn’t mean it should. Mostly deontological as it’s wrong to invade privacy, but also utilitarian as to allow creativity and construction privacy is essential.

So I look at this through a lens of what would be allowed on my thoughts and speech. Would it be ok to read everyone’s mind to prevent a terrorist act? No because the damage caused is greater than the damage prevented. Not to mention it would most likely be used to charge for IP infraction or speeding tickets or some other banal infraction.

[+] emilecantin|6 years ago|reply

Compare it to an envelope in the regular mail. How would they feel if every post office along the way opened their mail, made a photocopy, and put it back in a new envelope before passing it on?

Because that's the way things currently are with e.g. Facebook Messenger, Gmail, etc.

E2E is when your envelopes are only opened by their final recipient.

[+] CJefferson|6 years ago|reply

But, I think the government should, with a warrant, be able to open peoples mail in transit. And they currently do. E2E encryption with no backdoor removes this ability from them.

[+] __MatrixMan__|6 years ago|reply

I'm with you, but as a critique for your metaphor:

Does the layperson receive meaningful mail anymore? With the exception of my W-2 and the occasional jury summons, I feel like nothing about my life would change if the post office just threw away my envelopes.

[+] todd3834|6 years ago|reply

Encryption is math. Can we really make a form of math illegal?

I feel privacy is a basic human right regardless of what country you live in.

I’m not fan of punishing the majority because of a screwed up minority.

People who commit illegal acts as horrible as child abuse and terrorism are not going to respect the law when it comes to encryption.

Again, you can’t stop people from doing math. The idea of making it illegal is silly.

[+] esnard|6 years ago|reply

Actually they've already made some numbers illegal in the past [0], and exporting maths had been illegal in the US [1].

[0] https://en.wikipedia.org/wiki/Illegal_number

[1] https://en.wikipedia.org/wiki/Export_of_cryptography_from_th...

[+] mrkeen|6 years ago|reply

Yes, and the silly people are often in power.

"Well the laws of Australia prevail in Australia, I can assure you of that. The laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia."

https://www.theguardian.com/technology/2017/jul/14/forcing-f...

[+] criddell|6 years ago|reply

> Again, you can’t stop people from doing math. The idea of making it illegal is silly.

I don't think anybody is suggesting two individuals should not be allowed to use math to protect their conversations. Even if Facebook adds a way for law enforcement to access communications individuals are still free to talk in code or encrypt their messages before putting it on the wire. With your old telephone, your carrier can wiretap your line but you can still use a scrambler or talk in code and the tap will reveal only metadata.

How is Facebook (or other internet services) being required to provide wire tap access any different from a telecom company?

[+] rileymat2|6 years ago|reply

But using it is applying math, so yes you could make its application illegal, says devil’s advocate because I am pro encryption.

[+] jessewmc|6 years ago|reply

I think one of the simplest arguments is that criminals who need privacy will move to their own platforms. Any law that weakens encryption only weakens the privacy of regular citizens.

People make a variant of this argument about guns, but there is an important distinction with encryption: encryption is purely defensive, doesn't escalate situations, and doesn't accidentally (or otherwise) kill anyone.

This framing makes it abundantly clear that any law against encryption is about one thing only: Spying on law abiding citizens.

[+] taneq|6 years ago|reply

Those who would give up essential Liberty

For a little temporary Safety

Deserve neither Liberty nor Safety

Edit: Also, when you "think of the children" you have to think not only of their immediate safety but to think of their future ability to freely and safely converse with their peers, no matter what the current government deems "acceptable".

[+] natch|6 years ago|reply

The security and safety of almost everything relies on strong, uncompromised encryption.

There’s no way to reasonably draw, much less enforce, a line dividing licit and illicit uses.

If you compromise some subset of messages, illicit uses will just move to a non-compromised technology.

So instead of drawing a line, which is impossible (and also comes down to human judgements about things like whether gay people should be killed) the only choice left, if you insist on being able to decrypt messages, is to legislate the ability to decrypt all of them.

First of all, good luck enforcing that; second, in so doing you will sweep in a lot of legitimate uses of encryption and make people and businesses less safe by endangering their finances, their privacy, and even their physical safety.

Because once you give governments the ability to read messages even assuming key escrow entities can protect the integrity of the system (unlikely) this ability will be abused by bad governments who have records of inflicting human rights abuse on citizens for “crimes” as minor as being gay, being trans, or saying the wrong words about god.

And in addition to being accessed by the bad people in government and the bad people drawn like flies to honey to work in the key escrow organization, the escrow keys will get out and be abused by more bad people which will be an entire other level of problems.

[+] gmm1990|6 years ago|reply

Not sure if this outweighs concerns with E2EE, but governments unfairly discriminate against people with reasonable viewpoints I.e. government isn't perfect. So people with contrarian views should have a way to express views/organize. Historically governments couldn't watch what people were saying/doing at all times and E2EE allows that to continue in a digital world.

[+] shaneprrlt|6 years ago|reply

I always recall that statement Eric Schmidt once made about if you've got nothing to hide, you've got nothing to fear. It's not about fear of having my messages read, it's that you shouldn't have the right to read them. I guess at the end of the day, regardless of anyone else's behavior, I don't want my private communications being readable by outside parties. Should everyone be forced to wear a microphone and video camera so their private face-to-face communications can be monitored by a "trusted authority"? Of the volume of communications going back and forth constantly, I doubt "sexual abuse imagery or terrorism" combined makes up less than 0.01% of messages.

If respecting individuals privacy makes law enforcement more difficult, so be it. I'm sorry you have your work cut out for you.

[+] wslh|6 years ago|reply

You cannot remove your personal data once it is released (except via a time machine...) and your government and state can use this information for political motives that are as questionable as child sexual abuse and terrorism. In particular, you can never discard the rise of terrorist states.

[+] josh2600|6 years ago|reply

Bruce Schneier articulated the backdoor problem best:

‘We can design beautiful locks but we can’t keep the master key safe’.

If we can’t keep other nations from stealing the nuclear bomb plans, how do we expect to keep the master spy key safe?

[+] alkonaut|6 years ago|reply

Encryption is just math. You can't outlaw it. If you do, I'll choose (or make) another chat app that uses the same widely known and secure crypto. If you try to pressure Apple to remove any secure chat from their app store, all you do is make the tiny number of people who still need security use jalbroken phones.

So my argument is: because it's a war that can't be won. The criminals will use secure communication regardless. All we can do is decide on whether we also want to make everyone elses communicastion insecure.

Law enforcement simply have to adjust to a reality where eavesdropping on communication is difficult or impossible.

245 comments