... and everybody who uses a different software not approved by state will be flagged as a criminal. This will make the job of police and spooks easier, we know there was order and security in East Germany or other countries of the Soviet block.
Now consider the cost of such 'solution'. Free speech gets redefined, most of the people get divided into informants,opportunists, naive state suckers and silent fragmented opposition. Is that kind of security and police state an acceptable cost? For preventing small number of violent deaths each year?
There are much bigger problems in Western societies than a bunch of lunatics killing small number of people, but those can't be used so easily to make a power grab.
How do you ensure that what was the reviewed source is what is actually being used? Also, how do you encode in source code who is the correct target to use this against, for now and in the future?
I actually didn't suggest a complete solution. You seem to judge the proposition without any further questions.
I said the monitoring software having access to the data was a solution. But you're probably thinking of a case where there is a master encryption key which we just hand to the government. But have you thought of a solution where we can be sure of the access that the software will have?
Something like a infallible way we can choose only the software can view the data. Sure, you're quick to dismiss it because it doesn't exist. That's why I said it didn't exist
There needn't be centralized way of communication you're thinking of now. It can be public software that people can choose to run.
> Assuming these experts are perfect and infallible
Well, you can have the same skepticism for the end-to-end encrypted software you use. How can you assume that it isn't broken?
Nobody is saying you did. You yourself said "that is a perfect solution actually" in response to vinceyuan, who had a one-liner comment about "the source code of the monitoring software must be reviewed by independent and trusted software engineers/experts."
Maybe we are interpreting this in different ways.
How do you envision this "solution" working? It is a bit vaguely specified.
Who is doing the monitoring? What or who is being monitored? For example are we talking about monitoring the authorities to see if their access is done properly? Or are we talking about something / someone monitoring communications, on behalf of the authorities? Not sure what you had in mind. Can you explain how what you called "perfect" might work, were it to be developed at some point in the future?
I'll say up front that I'm skeptical, but let's see if we are even talking about the same thing. As long as you're being super vague, you don't have a solution at all.
And if you're just saying: there's no solution now but maybe one can be developed, fine (I believe you're wrong) but please clarify how you think it might work.
> That means there are still problems for you and me to solve.
This was my last sentence. With which I tried to say that we have to still solve the problem and come up with the solution. My comment "that's a perfect solution" was about the answer "software that can effectively monitor communications with proper privacy" to the question about properly reconciling privacy and security, in a situation where the people are okay with their communications being monitored.
But are you are expecting a answer to the question, "How will the software work?" from me.
I have no clue as so how it'll exactly work. But since you're so interested, I'll take a stab:
> Who is doing the monitoring?
The software. No humans will ever see the raw communications which haven't been flagged. Now this is obviously the tricky part. This is not a backdoored system with a magic decryption key. What I had in mind was a software possibly in-built with the communications protocol, which will, with near perfect accuracy flag suspicious communications. This is will need a leap of tech in Machine learning with NLP.
> What or who is being monitored?
All the communications (through the node) are being monitored.
> For example are we talking about monitoring the authorities to see if their access is done properly?
'They' have no access. Only the software does. How that is done is up to the "engineers/experts" to figure out. This will obviously need a change in communications architecture. When it comes to properly securing the physical part (the servers), I'm sure something can be figured out there.
> As long as you're being super vague, you don't have a solution at all.
See my first line in this comment. I don't have a solution, but I do believe that a solution exists to a problem. They're very different things.
As an analogy, in mathematics, that's similar to me saying the problem is solvable, but you're talking about the actual solution.
And sure, this is a 'perfect' solution where monitoring communications is even a possibility. I don't even support that possibility. The first comment I replied to does, which said:
"If I have to choose one from end-to-end encryption and security, I will choose security. I don't mind my WhatsApp chats are scanned by police's software, if it can reduce terrorism. Of course, we need to make sure it is used for anti-terrorism only."
So in the first place, monitoring is something that will be done. Now in that scenario, there's a solution (In retrospect, I don't think I should've said perfect).
I don't think you are going to be happy with this solution. I don't expect everyone to be. I probably will be, because while I want privacy, I'm amenable to a solution I can trust in a situation where there has to be some kind of monitoring.
Since we live in a democracy (I hope you don't live in an oppressive monarchy), it can happen when the majority of the people (senators, actually, because it is a Republic) agree with a situation when monitoring is okay.
Your opinion or my opinion is not enough to change everyone else's opinions. So we might have to learn to live with it.
We live in a world, not a democracy. There are many different countries, with many different systems.
Any proposed solution has to deal with that reality, not with the little bubble of one democracy which may arguably in the questionable opinions of some subset of people have a good government.
The reality includes police states where the police are truly evil.
It also includes police states where the software is written by truly evil people, to do evil things, with evil experts overseeing it all and approving evil behavior in the software they are checking.
Please tell me how you can be confident that there can be a solution that addresses this reality while protecting the privacy of users. Sometimes all the user wants to do is send a message to their boyfriend, without getting thrown off a building, burned, flogged, or killed, possibly having several generations of your family killed as well (see North Korea).
The system has to work for this reality. I'm pretty sure that simply drawing a line and fully protecting the privacy of users' messages, full stop, is a better solution than whatever you and your senators will come up with.
And yes, the security of a crypto system can be verified. If it's designed to be secure. Not if it's designed to be monitored. Even if the experts are perfect angels and absolutely competent, if there is a way to monitor, hackers will find a way to get access to it.
>When it comes to properly securing the physical part (the servers), I'm sure something can be figured out there.
You're dreaming. Remember, the authorities will have full power over that system, and even in countries where the authorities are not evil, the authorities as a rule are inevitably corruptible if not corrupt. This isn't just cynicism, it's reality. Look around.
> And yes, the security of a crypto system can be verified. If it's designed to be secure.
Theoretical security and actual security are two very different things. Once is mathematical which can be verified by equations. Other deals with software and imperfect developers. Software can't be verified for perfect security in a deterministic way, no matter how hard you try. Vulnerabilities pop up all the time. Your expectation that theoretical security translates to real world security is something I believe you need to think about again.
>Not if it's designed to be monitored. Even if the experts are perfect angels and absolutely competent, if there is a way to monitor, hackers will find a way to get access to it.
You seem to miss the part where I said a new protocol, not something which is modified, or backdoored. I'm surprised at you being so sure about the failure of a non-existent protocol. Do you have anything to back up your claim that any such protocol wouldn't work? Remember, it doesn't exist yet.
I honestly didn't find most of your post very coherent. There is no avenue for free speech in North Korea and other authoritarian regimes so it is a waste of time talking about working around the existing government for privacy and free speech rights. The only place where the masses can bring about change is in a democracy.
>not with the little bubble of one democracy
Last time I checked, most countries are democratic. Please show me the case where democratic countries vastly differ in how their government is organized.
> The reality includes police states where the police are truly evil.
Again, I talked about a democracy since we really can't do anything to help them with encryption and code. If there are no rights, strong encryption doesn't really matter. Look up rubber-hose cryptanalysis.
> The system has to work for this reality. I'm pretty sure that simply drawing a line and fully protecting the privacy of users' messages, full stop, is a better solution than whatever you and your senators will come up with.
It is of course is a better solution for individual privacy, I thought I talked about this at the end of my last comment. I don't have much control over my senators.
>>>When it comes to properly securing the physical part (the servers), I'm sure something can be figured out there.
>You're dreaming. Remember, the authorities will have full power over that system, and even in countries where the authorities are not evil, the authorities as a rule are inevitably corruptible if not corrupt. This isn't just cynicism, it's reality. Look around.
Full power? I don't believe you have understood what I said.
At this point it feels like you're arguing for the sake of an argument.
