Edit: another choice quote from that article, from the Home Office itself in 2012:
"The Home Office defined the legitimacy of policing, in the eyes of the public, as based upon a general consensus of support that follows from transparency about their powers, their integrity in exercising those powers and their accountability for doing so."
My view is that wide access to strong encryption carries non-obvious trade-offs, in particular with regards to organized crime. And I don't particularly mean paedophile rings, scooter gangs in London and professional burglars are organized crime too.
It's not that I have nothing to hide, therefore want the government to have unfettered access to everything. I want to ensure that properly overseen law enforcement and justice have access to normal info they need to prosecute crime, and if I have to give up a bit of privacy for it, so be it.
> How to measure "lack of crime" if depends mostly on people responsibility than policing?
The thing is, a holistic approach to policing is key, and it's not just about putting bobbies on the street, it's far far FAR more what's needed to create a healthy society.
You need a social safety net for the unemployed, decent housing to prevent homelessness and its associated side effects (such as people taking dumps on the sidewalk), an accessible and affordable system of physical and mental health care, accessible options for education (not just of children but also for adults who need to switch careers for whatever reason), assistance programs for released convicts to find stable employment and a place to live, "third places" for the needs of all generations from young to old...
Police as an institution is absolutely needed, but in a healthy society it should be a matter of last resort, not a routine tool that kills or otherwise hurts people. When you as a government have to resort to hiring ever more (and ever more dumb, because the supply of smart people is limited) police to keep the peace, something has gone very wrong at the foundations of the stack that we call society.
Measuring this relatively simple -
sociologists take a survey, sample appropriately, and find out how many people are victims of crime, including ones not reported to police.
There must be a healthy middle ground between mass untouchable criminal communication networks on the one hand, and full panopticon 24x7 for every civilian on the other. Or I don't know, maybe there isn't. But at least the debate should be public.
Surveillance of even just one participant in these communication networks will give the police access to everything they see. And technology massively helps police in this surveillance - hidden microphones (or a laser reading vibrations off a window), cameras, and telescopic lenses and drones can reveal the contents of a screen, the password being typed, every word said out loud. The device can even be fitted with a hardware backdoor, or sabotaged, and its replacement intercepted and backdoored, as the NSA did.
But it can't be done en-masse, against every citizen.
That mere encryption makes communication immune from surveillance, or that there is anything remotely approaching the "going dark" problem, is a naked lie by the surveillance state to scare us into giving away even the tiny scraps of privacy we have left. The truth is law enforcement has far greater abilities to surveil even people trying to hide (to say nothing of the data they get from people sharing their thoughts and social networks on Facebook, or carrying phones with them that let the phone company triangulate them at any moment) than at any point in history. In light of that, we should be talking about further limiting their authority, not increasing it.
The problem is that weakening encryption in public services only hurts law abiding citizens.
The criminals per definition don't care what they use, as long as it's unbreakable, so in the event that strong encryption is outlawed, they'll just switch to illegal encryption, or any other form of secret communication.
If you implement a backdoor in iMessage, criminals will stop using that, and switch to Signal (they probably already have long before this), or setup private message services, or anything in between.
Governments falsely claim that they've always had the right to pry in your private data, but while they've always had the option (provided proper paperwork from courts) to tap your phone and read your mail, they've never been able to simply dig through everything you ever wrote at any point in time. All the so called privileges they had were reactive, going forward in time after they had proven in a court that you should be the target for investigation. If they purposely weaken encryption, they will have unrestricted access to everything you've ever said or written.
Worst case, Weakening encryption for the average user only leads to "minority report" style arrests, where you can be arrested for "thoughtcrime" for something you're written and never published, but because it's no longer a secret, "anybody" can read and interpret on it.
The only healthy "middle-ground" with secure communication is fully secure, non-negotiable. The fact that some criminal enterprises can use it and aren't trivially exposed to random searches/fishing trips isn't worth abandoning that principle. Normal effective human policing, collecting physical and digital forensic evidence (once through the secure pipe), whistleblowers etc are all sufficient by themselves, but are expensive and require officers not to be lazy. And politicians hoping to trawl for 'thought crimes' and politically expedient criminalisation of free speech becomes much harder and more expensive if secrets are secure, again: just as it should be.
In the olden days, when law enforcement wanted to intercept a letter, they would locate the sender, nab the letter before it got whisked away, and read it. (If the letter was sealed, they would copy the seal, so they could convincingly re-seal the letter after reading.) Law enforcement wasn't able to do this with whispered conversations, nor easily identify disguised people without following or arresting them. Things still got done.
I don't understand why computer-mediated communication means we have to choose between a panopticon, or the end of law enforcement. It seems to me that good old-fashioned detective work is still perfectly possible. Sure, there are cyber-enabled crimes, and new classes of cyber-dependent crimes, but each of those is a crime because of an interaction with the physical, human world. Those interactions haven't gone away, and are still amenable to investigation. (At a basic level: how do you know a crime has happened in the first place?)
The problem is that the cats out of the bag when it comes to encryption.
Let’s just say we can wave a magic wand and make every phone manufacturer include a way that allows only lawful decryption with court orders and the like.
What stops the criminals spinning up their own service that doesn’t? Sure you could make such services illegal, but when has something being illegal stopped criminals from doing it?
All backdoors do is weaken security for everyone else while those who really want secure communications/ storage for their ill gotten gains will still find a way.
Refusing to decrypt is already a crime in the UK (iirc up to 2 years, 5 if the underlying suspicion is terror related).
Fighting encryption in my opinion is like treating the symptoms not the root cause of the problem.
Either there are ways of intercepting information or there aren't. If there aren't then even criminals can keep their conversations secret. If there are then even criminals can intercept your conversations.
If all of this surveillance made the UK a safe place maybe you could argue it’s worth it. But it doesn’t. Phones are getting snatched, you’ll never see it again. Cars are being stolen in broad daylight. Burglars are getting months in jail. It’s pointless filing a police report for any reason other than for your insurance.
I live in Japan at the moment and the difference is night and day. There are unattended shops here. People feel comfortable leaving their belongings in public. It feels like a massive weight off my shoulders not having to worry and watch constantly.
The problem is that in the past you could rely on laws protecting privacy. You send a letter to someone, and it was illegal to open it. You couldn't eavesdrop on a phone call without breaking the law.
You could thus have a judicial system allowing the invasion of that privacy.
Reasonable people don't have a problem with the court system issuing say 200 wiretaps a year when provided with appropriate levels of evidence on a specific person. People don't have a problem with searching reasonable suspects either.
Even when you ignored the law you couldn't do it at scale. The CIA might plant an illegal wiretap, but that will cost them significant resources, they can't do it to a thousand people for a year, let alone indefinitely to a billion people.
Thus it was limited. The police have always been able to assign 50 people in performing a tail on a suspect. That doesn't scale.
Today though you can scale up. If you spoke on a phone, 99.999% of the time nobody will have heard it, despite it being in the clear, you can track people by following their phone signals. Everyone is tracked all the time, and you just need the warrant to pull the tracking detail - including data from before the warrant.
The next step is using that data and feeding it into AI. Currently the bottleneck is analysis - you can track a billion people. but you can only look at 1,000 of them. Feed that into an AI engine and you can analyse everyone.
With wiretapping, today if you send something without end-to-end encryption, your message is read, possibly modified, by trillion dollar companies designed to extract value from your message, so you need end-to-end encryption.
The problem society has is that judges can't then authorise wiretapping, which society agreed was a reasonable action 30 years ago, and 300 years ago. Even in the US with the optional constitutional amendments, allows for
> Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized
End to end encryption removes this possibility, there's no middle ground, because you either have
* fully encrpyted and thus immune to warrants
* encryption with backdoor and thus leakable and thus used against you (by corporations or foreign security agencies)
The problem is the scale that modern technology allows, and that means we need new understandings on what's possible. But public debate doesn't do that, it's still routed in the "nothing to hide".
I think it's worthwhile to point that if you're using "panopticon" in the literal sense (rather than shorthand for "boy that feels too far to me") then any surveillance that relies on 3rd parties [1] and gag orders to avoid making the target aware is, in fact, already the full panopticon scenario.
In that case the bounds on your middle ground make what is between obvious: information is obtained by warrants served directly to one or more participants in the communication.
As others point out, the technology by its nature tends to exclude the middle. This has some very disruptive effects.
Similar to electronic cash schemes vs physical cash. There's a limit to how much crime you can do with physical cash before the bulk becomes a problem, but the same doesn't apply to electronic schemes.
Through history and experience from other countries, there is a lot of data that let us correlate criminality with other variables that people would let the Government control (quality of children education, access to jobs, housing, healthcare, safety networks, punishments to deter crimes, etc).
The fact that the Government prefers to spy everyone with the excuse of stopping crime instead of improving any of those variables (specially housing) makes me think that the people in charge are either stupid in the best case or criminals in the worst.
With encryption backdoors only regular people lose their privacy. Criminals move to something else. But hey, maybe you will get your wishes in the EU soon (the rest of the world will follow):
Unfortunately, I don't see there is any healthy middle ground with even existing tech, let alone future tech.
--
From the perspective of tech, secrets are mandatory and impossible:
Mandatory for the functioning of identification, of logging in with a secure password that remains secure. The modern world would just stop functioning if passwords were not secure, if online orders or banking could be intercepted by criminals, and there's no way to limit encryption to "just the people who need it", because that's approximately everyone on approximately all economically relevant websites.
Impossible, because surveillance tech is already powerful, and also improving so fast. Drones with telephoto lenses to watch you type your password, or duplicate every key on your physical keyring. WIFI used as wall-penetrating radar. Laser microphones to hear your conversation. Side-channel attacks from Van Eck phreaking onwards. The attacks are increasingly affordable, I have to assume at this point that organised crime uses them.
(For future tech, I think we're only a few years from "smart dust" that's actually dust-sized).
--
From politics, it's no better:
We all know about our own secrets, the importance of keeping them. Many of us are familiar with the lessons of history, where governments use secret police to engage in covert ops against a political, ideological, or social opponents and dissidents — even the term "secret police" is a shorthand for authoritarian and totalitarian regimes. And the CIA and FBI (and some US state entities like the Mississippi State Sovereignty Commission[0]).
But.
Internationally, between governments, these forces battle each other. The CIA needed to be secretive and have the power to snoop, to be able to intercept the KGB agents trying to influence things.
As the MSSC (which I only learned about while writing this comment) shows, one polity's idea of unwanted political interference is another polity's idea of natural justice. (Indeed, the whole cold war has been described as a "friendly debate over which economic system is good and which one is an evil virus of Satan"[1]).
To a government, there's no important difference between outsiders who want change because they themselves are the barbarians at the gate and those who want change because they're a fifth column. States group together everything that might be a threat from unarmed students fatally shot by an Ohio National Guardsman for daring to protest against the draft, to whoever it was that shot up some power transformers a few years back[3], to MS-13, in the same way your immune system goes against all things that might cause illness regardless of if that's a common cold, COVID, or an infection that tries to pretend to be pancreatic cells and thereby triggers type-1 diabetes.
You, personally you, (and me) need some kind of intelligence agency that goes around and infiltrates all the groups that think we shouldn't be able to do ${insert liberty here}. For me, that includes freedom to be bi, freedom to not be a Christian, and freedom to not be a Muslim — there's people in this world today who want to end each of these things, and in the past also people who wanted to ban left-handed writing (another freedom relevant to me).
"Freedom to swing your fist ends at someone else's nose" and all that. But paradox of tolerance, how do you stop someone else who wants everyone to be free to swing a fist into ${outgroup}'s noses, how do you stop them rising to power? Who watches the watchers?
There's more freedoms that I'd like to have and don't, freedoms that other people would be horrified by. People in power in many places would not want me to be able to organise to become free in those ways, they would see it as a threat. One of the freedoms that I want and which powerful people see as a threat was my preference for the EU over the UK, especially with regard to the Human Rights Act and associated courts (but also, I'm not a royalist), where some commentators during the Brexit wanted to leave the human rights courts as part of Brexit, and the only thing I could do to remain confident about it in light of the uncertainty was to leave the UK myself — many in positions of power in the UK, were talking about people like me who like the EU in such terms, calling us "Quislings" and similar.
--
I think this is a U-shaped problem: the only two stable conditions are (1) a horrifyingly omnipresent surveillance state that enforces whatever social norms it happened to coalesce out of, or (2) a nearly anarchic system, in an economy that's either post-money or hard-cash-only (no digital), where nobody even has the capability to organise groups because everyone can see the attempt immediately.
As I’ve gotten older and more moderate in my political leanings I’ve unsurprisingly revisited some of my earlier absolute positions (usually but not always very liberal) in light of real world considerations.
Encryption and communications privacy is a position I’ve actually gotten more “extreme” on. No, I don’t think the government should get to see anyone’s communication if they don’t want it to. Yes, I know that will allow criminals of the worst kinds to communicate secretly. I’m okay with that. The alternatives are all worse.
The thing I think a lot of people don't want to acknowledge is that unlike so many issues with grey areas and middle ground, this one is binary: either criminals can have secure communication, or nobody can.
I don't want a world in which nobody can have secure communications, so I must accept that criminals will have it, and police will have to work a little harder to catch them.
It gets worse though. More sophisticated criminals will find ways to do it even if it's illegal, so a law mandating backdoors will hurt the general population and stupid criminals, but not the smart, dangerous ones.
NB. It wasn't Apple who moved to block the secrecy of the hearing. Apple seems content to let UK Apple computer owners mistakenly believe they can trust the company's promises of "privacy". Meanwhile the company was participating in secret hearings with the government concerning computer owners' data.
"The ADP service is opt-in, meaning people have to sign up to get the protection it provides."
Defaults matter. They are intentional. They are chosen by so-called "tech" companies like Apple that interlope as alleged "necessary" intermediaries: "Send us your data and we will store it in our data centres."
Apple's default is "no end-to-end encryption". ADP off.
The judgment referenced in the submission is only the "public" one, a summary. Apple will not publish the "private" one.
The data at issue is not Apple's. But the data owners are absent from these hearings. Their only knowledge of how the "data custodian" Apple advocates, negotiates and capitulates on their behalf comes from vague publicity and the custodian itself.
> Apple seems content to let UK Apple computer owners mistakenly believe they can trust the company's promises of "privacy"
Not as far as I see. To me, Apple have been very clear that their "normal" protection can be accessed by governments, and they have withdrawn ADP completely from the UK (users not already using it: now. users still using it: at some time in future) - to let its UK customers know they have no expectation of privacy from their government.
Apple can't stop the government demanding the removal of user privacy. But it can, and did, let all its users know this is happening.
> Data with standard encryption is accessible by Apple and shareable with law enforcement, if they have a warrant.
> In a statement Apple said it was "gravely disappointed" that the security feature would no longer be available to British customers. "As we have said many times before, we have never built a backdoor or master key to any of our products, and we never will," it continued.
> Existing users' access will be disabled at a later date.
I don't understand people who want to defend Apple in this case. UK is a functioning democracy, and why would you want to put a (foreign) company above that? If you want change, you know the route ...
I don't understand your comment. Apple seems to be engaging with the order in the appropriate way under a functioning democracy, i.e. by challenging it in the courts.
Secret trials to enact mass surveillance on an unknowing population (the original demand gagged Apple from talking about it) doesn't sound like a "functioning democracy" to me.
I think you vastly misunderstand or are oversimplifying the problem here. They actually spoke up against a government mandated privacy violation.
What I am worried about really is Google, Meta etc did not speak up against it and likely have had the same requests. So I am worried about some foreign companies complying with my government. And very surprised that one particular foreign company gives more of a shit about me as an end user than my own government.
Surely you are implying that everything in a "functioning democracy" can be solved by voting... I know a ton of pro-EU people that might want to have a talk with you...
Well it is because the judiciary smacked the secrecy side of it down pretty hard to make sure that it was done in public. That's a pretty strong indicator of a functioning democracy.
We've fallen quite far from the tradition of policing by consent as developed by Sir Robert Peel:
- Whether the police are effective is not measured on the number of arrests, but on the lack of crime.
- An effective authority figure knows trust and accountability are paramount. Hence, "The police are the public and the public are the police."
https://en.m.wikipedia.org/wiki/Peelian_principles
Edit: another choice quote from that article, from the Home Office itself in 2012:
"The Home Office defined the legitimacy of policing, in the eyes of the public, as based upon a general consensus of support that follows from transparency about their powers, their integrity in exercising those powers and their accountability for doing so."
The problem is the people nowadays can be easily convinced that everything should be accessible, because
Ekhm
They have nothing to hide and...
Ekhm
They will be more safe
Thus the arguments about fighting terrorism and paedophilia...
And in reality it has nothing to do with terrorism, nor paedophilia.
19 replies →
I find this argument incredibly frustrating.
My view is that wide access to strong encryption carries non-obvious trade-offs, in particular with regards to organized crime. And I don't particularly mean paedophile rings, scooter gangs in London and professional burglars are organized crime too.
It's not that I have nothing to hide, therefore want the government to have unfettered access to everything. I want to ensure that properly overseen law enforcement and justice have access to normal info they need to prosecute crime, and if I have to give up a bit of privacy for it, so be it.
4 replies →
How to measure "lack of crime" if depends mostly on people responsibility than policing? You cannot put a policeman watching everyone and themselves.
E.g. I believe Oaxaca must have lower crime rates than Tampico simply because one is convenient drug port and other is not, not because better police.
> How to measure "lack of crime" if depends mostly on people responsibility than policing?
The thing is, a holistic approach to policing is key, and it's not just about putting bobbies on the street, it's far far FAR more what's needed to create a healthy society.
You need a social safety net for the unemployed, decent housing to prevent homelessness and its associated side effects (such as people taking dumps on the sidewalk), an accessible and affordable system of physical and mental health care, accessible options for education (not just of children but also for adults who need to switch careers for whatever reason), assistance programs for released convicts to find stable employment and a place to live, "third places" for the needs of all generations from young to old...
Police as an institution is absolutely needed, but in a healthy society it should be a matter of last resort, not a routine tool that kills or otherwise hurts people. When you as a government have to resort to hiring ever more (and ever more dumb, because the supply of smart people is limited) police to keep the peace, something has gone very wrong at the foundations of the stack that we call society.
1 reply →
Measuring this relatively simple - sociologists take a survey, sample appropriately, and find out how many people are victims of crime, including ones not reported to police.
1 reply →
>You cannot put a policeman watching everyone
At least until we cover the planet in advanced technology, of which we are getting closer to every day.
Users want their secrets to be secret.
Apple wants its users' secrets to be secret.
The UK wants the fact it wants Apple to reveal anyone's secrets to be secret.
There must be a healthy middle ground between mass untouchable criminal communication networks on the one hand, and full panopticon 24x7 for every civilian on the other. Or I don't know, maybe there isn't. But at least the debate should be public.
> untouchable
Surveillance of even just one participant in these communication networks will give the police access to everything they see. And technology massively helps police in this surveillance - hidden microphones (or a laser reading vibrations off a window), cameras, and telescopic lenses and drones can reveal the contents of a screen, the password being typed, every word said out loud. The device can even be fitted with a hardware backdoor, or sabotaged, and its replacement intercepted and backdoored, as the NSA did.
But it can't be done en-masse, against every citizen.
That mere encryption makes communication immune from surveillance, or that there is anything remotely approaching the "going dark" problem, is a naked lie by the surveillance state to scare us into giving away even the tiny scraps of privacy we have left. The truth is law enforcement has far greater abilities to surveil even people trying to hide (to say nothing of the data they get from people sharing their thoughts and social networks on Facebook, or carrying phones with them that let the phone company triangulate them at any moment) than at any point in history. In light of that, we should be talking about further limiting their authority, not increasing it.
5 replies →
The problem is that weakening encryption in public services only hurts law abiding citizens.
The criminals per definition don't care what they use, as long as it's unbreakable, so in the event that strong encryption is outlawed, they'll just switch to illegal encryption, or any other form of secret communication.
If you implement a backdoor in iMessage, criminals will stop using that, and switch to Signal (they probably already have long before this), or setup private message services, or anything in between.
Governments falsely claim that they've always had the right to pry in your private data, but while they've always had the option (provided proper paperwork from courts) to tap your phone and read your mail, they've never been able to simply dig through everything you ever wrote at any point in time. All the so called privileges they had were reactive, going forward in time after they had proven in a court that you should be the target for investigation. If they purposely weaken encryption, they will have unrestricted access to everything you've ever said or written.
Worst case, Weakening encryption for the average user only leads to "minority report" style arrests, where you can be arrested for "thoughtcrime" for something you're written and never published, but because it's no longer a secret, "anybody" can read and interpret on it.
5 replies →
The only healthy "middle-ground" with secure communication is fully secure, non-negotiable. The fact that some criminal enterprises can use it and aren't trivially exposed to random searches/fishing trips isn't worth abandoning that principle. Normal effective human policing, collecting physical and digital forensic evidence (once through the secure pipe), whistleblowers etc are all sufficient by themselves, but are expensive and require officers not to be lazy. And politicians hoping to trawl for 'thought crimes' and politically expedient criminalisation of free speech becomes much harder and more expensive if secrets are secure, again: just as it should be.
In the olden days, when law enforcement wanted to intercept a letter, they would locate the sender, nab the letter before it got whisked away, and read it. (If the letter was sealed, they would copy the seal, so they could convincingly re-seal the letter after reading.) Law enforcement wasn't able to do this with whispered conversations, nor easily identify disguised people without following or arresting them. Things still got done.
I don't understand why computer-mediated communication means we have to choose between a panopticon, or the end of law enforcement. It seems to me that good old-fashioned detective work is still perfectly possible. Sure, there are cyber-enabled crimes, and new classes of cyber-dependent crimes, but each of those is a crime because of an interaction with the physical, human world. Those interactions haven't gone away, and are still amenable to investigation. (At a basic level: how do you know a crime has happened in the first place?)
1 reply →
The problem is that the cats out of the bag when it comes to encryption.
Let’s just say we can wave a magic wand and make every phone manufacturer include a way that allows only lawful decryption with court orders and the like.
What stops the criminals spinning up their own service that doesn’t? Sure you could make such services illegal, but when has something being illegal stopped criminals from doing it?
All backdoors do is weaken security for everyone else while those who really want secure communications/ storage for their ill gotten gains will still find a way.
Refusing to decrypt is already a crime in the UK (iirc up to 2 years, 5 if the underlying suspicion is terror related).
Fighting encryption in my opinion is like treating the symptoms not the root cause of the problem.
1 reply →
Either there are ways of intercepting information or there aren't. If there aren't then even criminals can keep their conversations secret. If there are then even criminals can intercept your conversations.
If all of this surveillance made the UK a safe place maybe you could argue it’s worth it. But it doesn’t. Phones are getting snatched, you’ll never see it again. Cars are being stolen in broad daylight. Burglars are getting months in jail. It’s pointless filing a police report for any reason other than for your insurance.
I live in Japan at the moment and the difference is night and day. There are unattended shops here. People feel comfortable leaving their belongings in public. It feels like a massive weight off my shoulders not having to worry and watch constantly.
The problem is that in the past you could rely on laws protecting privacy. You send a letter to someone, and it was illegal to open it. You couldn't eavesdrop on a phone call without breaking the law.
You could thus have a judicial system allowing the invasion of that privacy.
Reasonable people don't have a problem with the court system issuing say 200 wiretaps a year when provided with appropriate levels of evidence on a specific person. People don't have a problem with searching reasonable suspects either.
Even when you ignored the law you couldn't do it at scale. The CIA might plant an illegal wiretap, but that will cost them significant resources, they can't do it to a thousand people for a year, let alone indefinitely to a billion people.
Thus it was limited. The police have always been able to assign 50 people in performing a tail on a suspect. That doesn't scale.
Today though you can scale up. If you spoke on a phone, 99.999% of the time nobody will have heard it, despite it being in the clear, you can track people by following their phone signals. Everyone is tracked all the time, and you just need the warrant to pull the tracking detail - including data from before the warrant.
The next step is using that data and feeding it into AI. Currently the bottleneck is analysis - you can track a billion people. but you can only look at 1,000 of them. Feed that into an AI engine and you can analyse everyone.
With wiretapping, today if you send something without end-to-end encryption, your message is read, possibly modified, by trillion dollar companies designed to extract value from your message, so you need end-to-end encryption.
The problem society has is that judges can't then authorise wiretapping, which society agreed was a reasonable action 30 years ago, and 300 years ago. Even in the US with the optional constitutional amendments, allows for
> Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized
End to end encryption removes this possibility, there's no middle ground, because you either have
* fully encrpyted and thus immune to warrants
* encryption with backdoor and thus leakable and thus used against you (by corporations or foreign security agencies)
The problem is the scale that modern technology allows, and that means we need new understandings on what's possible. But public debate doesn't do that, it's still routed in the "nothing to hide".
2 replies →
The math doesn’t math when it comes to encryption. It’s Pandora’s box. Once backdoors are created encryption may as well not even be enabled.
22 replies →
>healthy middle ground
I think it's worthwhile to point that if you're using "panopticon" in the literal sense (rather than shorthand for "boy that feels too far to me") then any surveillance that relies on 3rd parties [1] and gag orders to avoid making the target aware is, in fact, already the full panopticon scenario.
In that case the bounds on your middle ground make what is between obvious: information is obtained by warrants served directly to one or more participants in the communication.
[1] In the "3rd party doctrine" sense
As others point out, the technology by its nature tends to exclude the middle. This has some very disruptive effects.
Similar to electronic cash schemes vs physical cash. There's a limit to how much crime you can do with physical cash before the bulk becomes a problem, but the same doesn't apply to electronic schemes.
Through history and experience from other countries, there is a lot of data that let us correlate criminality with other variables that people would let the Government control (quality of children education, access to jobs, housing, healthcare, safety networks, punishments to deter crimes, etc).
The fact that the Government prefers to spy everyone with the excuse of stopping crime instead of improving any of those variables (specially housing) makes me think that the people in charge are either stupid in the best case or criminals in the worst.
Either things are encrypted or they are not. Things can't be encrypted for some and unencrypted for others.
With encryption backdoors only regular people lose their privacy. Criminals move to something else. But hey, maybe you will get your wishes in the EU soon (the rest of the world will follow):
"European Commission pushes for encryption ‘backdoors’" https://brusselssignal.eu/2025/04/european-commission-pushes...
2 replies →
Unfortunately, I don't see there is any healthy middle ground with even existing tech, let alone future tech.
--
From the perspective of tech, secrets are mandatory and impossible:
Mandatory for the functioning of identification, of logging in with a secure password that remains secure. The modern world would just stop functioning if passwords were not secure, if online orders or banking could be intercepted by criminals, and there's no way to limit encryption to "just the people who need it", because that's approximately everyone on approximately all economically relevant websites.
Impossible, because surveillance tech is already powerful, and also improving so fast. Drones with telephoto lenses to watch you type your password, or duplicate every key on your physical keyring. WIFI used as wall-penetrating radar. Laser microphones to hear your conversation. Side-channel attacks from Van Eck phreaking onwards. The attacks are increasingly affordable, I have to assume at this point that organised crime uses them.
(For future tech, I think we're only a few years from "smart dust" that's actually dust-sized).
--
From politics, it's no better:
We all know about our own secrets, the importance of keeping them. Many of us are familiar with the lessons of history, where governments use secret police to engage in covert ops against a political, ideological, or social opponents and dissidents — even the term "secret police" is a shorthand for authoritarian and totalitarian regimes. And the CIA and FBI (and some US state entities like the Mississippi State Sovereignty Commission[0]).
But.
Internationally, between governments, these forces battle each other. The CIA needed to be secretive and have the power to snoop, to be able to intercept the KGB agents trying to influence things.
As the MSSC (which I only learned about while writing this comment) shows, one polity's idea of unwanted political interference is another polity's idea of natural justice. (Indeed, the whole cold war has been described as a "friendly debate over which economic system is good and which one is an evil virus of Satan"[1]).
To a government, there's no important difference between outsiders who want change because they themselves are the barbarians at the gate and those who want change because they're a fifth column. States group together everything that might be a threat from unarmed students fatally shot by an Ohio National Guardsman for daring to protest against the draft, to whoever it was that shot up some power transformers a few years back[3], to MS-13, in the same way your immune system goes against all things that might cause illness regardless of if that's a common cold, COVID, or an infection that tries to pretend to be pancreatic cells and thereby triggers type-1 diabetes.
You, personally you, (and me) need some kind of intelligence agency that goes around and infiltrates all the groups that think we shouldn't be able to do ${insert liberty here}. For me, that includes freedom to be bi, freedom to not be a Christian, and freedom to not be a Muslim — there's people in this world today who want to end each of these things, and in the past also people who wanted to ban left-handed writing (another freedom relevant to me).
"Freedom to swing your fist ends at someone else's nose" and all that. But paradox of tolerance, how do you stop someone else who wants everyone to be free to swing a fist into ${outgroup}'s noses, how do you stop them rising to power? Who watches the watchers?
There's more freedoms that I'd like to have and don't, freedoms that other people would be horrified by. People in power in many places would not want me to be able to organise to become free in those ways, they would see it as a threat. One of the freedoms that I want and which powerful people see as a threat was my preference for the EU over the UK, especially with regard to the Human Rights Act and associated courts (but also, I'm not a royalist), where some commentators during the Brexit wanted to leave the human rights courts as part of Brexit, and the only thing I could do to remain confident about it in light of the uncertainty was to leave the UK myself — many in positions of power in the UK, were talking about people like me who like the EU in such terms, calling us "Quislings" and similar.
--
I think this is a U-shaped problem: the only two stable conditions are (1) a horrifyingly omnipresent surveillance state that enforces whatever social norms it happened to coalesce out of, or (2) a nearly anarchic system, in an economy that's either post-money or hard-cash-only (no digital), where nobody even has the capability to organise groups because everyone can see the attempt immediately.
[0] TIL, and WTF, "a permanent authority for maintenance of racial segregation with a full staff and funds for its operations to come out of tax money": https://en.wikipedia.org/wiki/Mississippi_State_Sovereignty_...
[1] 18 minutes into "history of the entire world, i guess": https://www.youtube.com/watch?v=xuCn8ux2gbs
[2] https://en.wikipedia.org/wiki/Fifth_column
[3] https://en.wikipedia.org/wiki/Moore_County_substation_attack
3 replies →
[dead]
As I’ve gotten older and more moderate in my political leanings I’ve unsurprisingly revisited some of my earlier absolute positions (usually but not always very liberal) in light of real world considerations.
Encryption and communications privacy is a position I’ve actually gotten more “extreme” on. No, I don’t think the government should get to see anyone’s communication if they don’t want it to. Yes, I know that will allow criminals of the worst kinds to communicate secretly. I’m okay with that. The alternatives are all worse.
The thing I think a lot of people don't want to acknowledge is that unlike so many issues with grey areas and middle ground, this one is binary: either criminals can have secure communication, or nobody can.
I don't want a world in which nobody can have secure communications, so I must accept that criminals will have it, and police will have to work a little harder to catch them.
It gets worse though. More sophisticated criminals will find ways to do it even if it's illegal, so a law mandating backdoors will hurt the general population and stupid criminals, but not the smart, dangerous ones.
Parent link seemingly doesn’t have the article when viewed on mobile. This was useful https://www.theguardian.com/politics/2025/apr/07/uk-home-off...
Text-only:
https://assets.msn.com/content/view/v2/Detail/en-in/AA1CsokD
NB. It wasn't Apple who moved to block the secrecy of the hearing. Apple seems content to let UK Apple computer owners mistakenly believe they can trust the company's promises of "privacy". Meanwhile the company was participating in secret hearings with the government concerning computer owners' data.
"The ADP service is opt-in, meaning people have to sign up to get the protection it provides."
Defaults matter. They are intentional. They are chosen by so-called "tech" companies like Apple that interlope as alleged "necessary" intermediaries: "Send us your data and we will store it in our data centres."
Apple's default is "no end-to-end encryption". ADP off.
The judgment referenced in the submission is only the "public" one, a summary. Apple will not publish the "private" one.
The data at issue is not Apple's. But the data owners are absent from these hearings. Their only knowledge of how the "data custodian" Apple advocates, negotiates and capitulates on their behalf comes from vague publicity and the custodian itself.
> Apple seems content to let UK Apple computer owners mistakenly believe they can trust the company's promises of "privacy"
Not as far as I see. To me, Apple have been very clear that their "normal" protection can be accessed by governments, and they have withdrawn ADP completely from the UK (users not already using it: now. users still using it: at some time in future) - to let its UK customers know they have no expectation of privacy from their government.
Apple can't stop the government demanding the removal of user privacy. But it can, and did, let all its users know this is happening.
https://www.bbc.co.uk/news/articles/cgj54eq4vejo
> Data with standard encryption is accessible by Apple and shareable with law enforcement, if they have a warrant.
> In a statement Apple said it was "gravely disappointed" that the security feature would no longer be available to British customers. "As we have said many times before, we have never built a backdoor or master key to any of our products, and we never will," it continued.
> Existing users' access will be disabled at a later date.
What a horrible headline. The Guardian's headline reads "UK Home Office loses attempt to keep legal battle with Apple secret".
The Guardian has had the most consistent "no bullshit" headlines of any news org nowadays.
I love that judges are saving society. They’re keeping the government here honest. Let’s hope it continues.
shortened judgement available here: https://www.judiciary.uk/judgments/apple-inc-v-secretary-of-...
I don't understand people who want to defend Apple in this case. UK is a functioning democracy, and why would you want to put a (foreign) company above that? If you want change, you know the route ...
I don't understand your comment. Apple seems to be engaging with the order in the appropriate way under a functioning democracy, i.e. by challenging it in the courts.
Yes, but this is the country that invented the CCTV.
Secret trials to enact mass surveillance on an unknowing population (the original demand gagged Apple from talking about it) doesn't sound like a "functioning democracy" to me.
I don't know of any country with fully open governance.
There are always decisions or information which is kept secret/illegal to publish.
4 replies →
I think you vastly misunderstand or are oversimplifying the problem here. They actually spoke up against a government mandated privacy violation.
What I am worried about really is Google, Meta etc did not speak up against it and likely have had the same requests. So I am worried about some foreign companies complying with my government. And very surprised that one particular foreign company gives more of a shit about me as an end user than my own government.
I don't think it's fair to tar Meta with that brush. WhatApp have said repeatedly they'll leave the UK before disabling E2EE.
2 replies →
Even functional democracies make mistakes. Calling them out is part of the correction process.
"functioning" is a reach.
A functioning justice system is an important part of a functioning democracy.
Surely you are implying that everything in a "functioning democracy" can be solved by voting... I know a ton of pro-EU people that might want to have a talk with you...
Surely you're not saying that leaving the EU wasn't democratic?
The UK is not a functioning democracy, at all.
Well it is because the judiciary smacked the secrecy side of it down pretty hard to make sure that it was done in public. That's a pretty strong indicator of a functioning democracy.
23 replies →
Come on pal.