Europol Becomes Latest Law Enforcement Group To Plead With Big Tech To Ditch E2EE

Yet another international cop shop has come out swinging against end-to-end encryption - this time it's Europol which is urging an end to implementation of the tech for fear police investigations will be hampered by protected DMs. The Register: In a joint declaration of European police chiefs published over the weekend, Europol said it needs lawful access to private messages, and said tech companies need to be able to scan them (ostensibly impossible with E2EE implemented) to protect users. Without such access, cops fear they won't be able to prevent "the most heinous of crimes" like terrorism, human trafficking, child sexual abuse material (CSAM), murder, drug smuggling and other crimes.

"Our societies have not previously tolerated spaces that are beyond the reach of law enforcement, where criminals can communicate safely and child abuse can flourish," the declaration said. "They should not now." The joint statement, which was agreed to in cooperation with the UK's National Crime Agency, isn't exactly making a novel claim. It's nearly the same line of reasoning that the Virtual Global Taskforce, an international law enforcement group founded in 2003 to combat CSAM online, made last year when Meta first first started talking about implementing E2EE on Messenger and Instagram.

Lead By Example

[Vytalon]

Let's see the people who want to see an end to End to End Encryption give it up first.

Re:

[jsonn]

The hyperbole is that traditional communication mechanisms are intercepted a lot more selective. Once a backdoor into E2E is created for one purpose, it can be considered broken for everyone. Or to put it a different way: guess where a lot of industrial espionage starts? At the "lawful" interception mechanisms.

Re:

[christoban]

I don't see it. For example, cell phone records are only recorded and accessible via warrant, and by presenting that warrant to a provider directly. Same could be done with E2EE data if forced through the cell phone provider's networks.

That would mean an end to E2EE APIs on cell phones and other devices, which may be practically impossible at this point.

Re:

[SvnLyrBrto]

Awww... It's cute that you actually think that. [wikipedia.org]

Re:

[christoban]

I said voice cell phone records. This data, and is also illegal, and also didn't require a warrant. I have been clear that warrants are essential.

Re:

[Lord Kano]

I don't see it. For example, cell phone records are only recorded and accessible via warrant, and by presenting that warrant to a provider directly. Same could be done with E2EE data if forced through the cell phone provider's networks.

That would mean an end to E2EE APIs on cell phones and other devices, which may be practically impossible at this point.

Edward Snowden showed that this is not as true as you seem to think it is.

LK

Re:

[jsonn]

Cell phone records exist for payment purposes. Cell phone interception uses existing routing interfaces. Phone interception in the POTS was done in central dispatch points. Intercepting letters is also done in the distribution centers based on the metadata. The point is that E2EE communication has no meaningful interception point and the only ways to do it meaningful either require access to one end point (at which point it no longer matters) or breaking the protocol in a way that does not require consent o

Re:

[mysidia]

Intercepting letters is also done in the distribution centers based on the metadata.

That only works for letters delivered with the Postal service. I can have a private courier personally carry a lockbox containing a letter to you at point B from point A, and it will never hit the distribution center.

Furthermore, in case the person mailing the letter encrypts it before sending it in the mail; you won't be able to tell what the letter you intercepted contains. I mean: I can AES encrypt some text and

Re:

[christoban]

Yeah. What the Europiggies are asking for is a "legal" way to do this, which would spook criminals into resorting to less secure means of communication. Most of them are really not smart.

The exact means really doesn't matter, and it doesn't have to work perfectly. They could explore various options (again, only when a warrant is provided), such as forcing providers to root a phone or capture traffic, confiscating phones, requiring suspects to provide passwords or keys, install a key logger, or as someone

Re:

[jsonn]

They already have all those options, especially if they involve one of the three letter agencies. But they all involve some form of physical access and that's difficult for the mythical child abuse Pentagon bombing group. At least that's what they tell us to justify destroying one of the few secure means of communication and storage we did manage to build in the last few decades.

Re:

[ewibble]

Of course there is an interception point, place software on either end, or get a warrant to disable E2EE for a particular customer to it says its E2EE encryption but its not, and record the conversation. How would anyone know unless its being encrypted unless the auto updating app tells you.

What you loose is the ability to intercept any call, or record every call and decrypt it later without huge effort.

Re:

[DarkVader]

You've got it backwards. We should be stopping them from accessing other forms of communication, not destroying everybody's security with backdoors in encryption.

Re:

[Erioll]

Should all Locks have Keys [youtu.be] and I, Phone [youtu.be]. From the first "No matter how much we might wish it, there is no way to build a digital lock that only Angels can open, and Demons cannot."

Re:

[christoban]

That's what would worry me, the technical feasibility.

Re:

[suutar]

There's also the little matter of there being no way to keep bad actors from using encryption. They just may not use big tech's apps to do it.

Re:

[sjames]

If they can access it. I am permitted to write my diary in code. I can send a letter the same way. Why should email be made less convenient?

Siblings are allowed to continue using their invented words into adulthood if they like. We are allowed to have private conversations in an un-bugged room. Phone call: "Meet me at the other place. Bring that thing we talked about.".

Police have never had the RIGHT to access all of our communication. They may be granted permission to TRY if a judge signs off on that but t

Re:

[christoban]

A warranted search is a legal search. It gives law enforcement the right to do that search. And they've always had that.

My main worry here is the technical feasibility of trying to end E2EE. Though, even if it's still possible for some criminals to bypass monitoring, you really don't need perfect solution that will catch everyone all the time. You probably just need a legal solution that criminals won't be able to easily predict or track the implementation.

Re:

[suutar]

The information needed to set up encrypted communications is available to everyone and has been for a long time. LEO may be able to detect it exists, or even block it, depending on how the cipher-text gets transported, but there's no way to force everyone to use something LEO can read.

Re:

[christoban]

Sure, but you can make such apps not easily available. And app stores can ban the use of E2EE, provide root access to law enforcement on a person's phone with warrant, lots of options I've mentioned elsewhere.

Re:

[suutar]

I'm not seeing how an app store is going to be able to definitively say that an app doesn't do encryption. Isn't that akin to the halting problem?

Re:

[christoban]

They have an automated verification process that looks at the APIs used. And they also have a human process to check the functionality. If it claims to do E2EE, it can be kicked back.

Re:

[sjames]

Like I said, they have a right to search. They do not have a right to find or to be able to make anything of what they might find.

If you ban E2EE, you render many law abiding citizens vulnerable to all manner of fraud and other financial crimes.

Amusingly, there was a period of time when the Italian Mafia had access to law enforcement communications in Sicily using a back door designed for "lawful intercept". That is, the police and prosecutors hoist by their own petard.

Re:

[christoban]

Like I said, they have a right to search. They do not have a right to find or to be able to make anything of what they might find.

If you hide it, that's a new crime. Refuse to give up a key, and spend lots of time in jail for contempt of court. I'm not sure what your point is.

If you're innocent, are you sure hiding your cell phone is a hill you want to die on?

Amusingly, there was a period of time when the Italian Mafia had access to law enforcement communications in Sicily using a back door designed for "lawful intercept". That is, the police and prosecutors hoist by their own petard.

Yeah, the Sicilian mob was notorious for it's level of power. I saw a documentary about a reporter they killed, which led to a new law that finally broke their power in the country.

Re:

[sjames]

What key? Sibling languages, alternative alphabets, and unconventional word choices don't have a key. If they want to learn shorthand, they can take a course at the community college like everybody else.

I never said anything about hiding my phone. I DO routinely encrypt data going in and out of my phone and some of the data is encrypted at rest. Nothing nefarious there, it just means that I use WhatsApp, Signal, and a web browser. Also SSH.

I guess if they want to go on a fishing expedition, they're SOL. If

Re:

[LazarusQLong]

so, there's this: Law enforcement sent links to youtube video's (ref: https://www.engadget.com/autho... [engadget.com]) and then wanted warrants to search ALL the people that saw those videos for that week... I don't know where you are, but here in my country, law enforcement simply cannot be trusted. They appear more interested in arresting people than in actual justice, much of the time.

Re:

[christoban]

If you live in a country where the government has no respect for the proper application of warrants, then E2EE is not reliable for you anyway, as the government can man in the middle even E2EE.

If you live in a country where judges properly administer warrants, then such a judge would reject such warrants (or will after a legal challenge / clarification).

Either way, this is not a good legal argument against warranted searches. Just make sure the law is well written and properly limited. Our FISA warrants a

Re:

[suutar]

If they can MITM the E2EE, it's not E2EE (or it was implemented incompetently).

Re:

[Lord Kano]

Oh dear lord, the hyperbole. We allow law enforcement access to all other forms of communication with a lawful warrant. So should this particular technology be exempt from that?

Then, let them serve the warrant.

What is different is that for the first time in human history, it's not only possible but it's practical to have encrypted communications that no one can access except for the intended recipient.

All of "the most heinous of crimes" take place in the real world, there is some physical action that can be detected and punished. I don't care if this makes the job of law enforcement harder. I want law enforcement to be a difficult and time consuming job. Idle and bored cops tend t

Re:

[christoban]

And what if that one detectable act in the real world is hundreds of terrorists attacking a small American town, killing everyone with their legally purchased firearms on a certain date, like October 7th? Do you really think this is impossible, with millions of illegals simply allowed to slip into the U.S. in the last few years?

How about a mother selling her child to a pedophile ring in Europe? Happens all the time. There are survivor testimonies on YT of women who escaped after years of daily rape, watc

Re:

[ewibble]

Throughout most of history people mainly talked directly, if you where not present at the time then there was no way to know what was said.

Now it is possible to monitor most communication, on mass and pretty soon get AI to flag anything. Many cities now have cameras watching at any time.

We have lost most of our privacy, E2EE only gives us back as small fraction. If you where committing a crime you would have had to been stupid to send messages in clear text by letter as documentation.

Police are now have bec

Re:

[Zak3056]

We allow law enforcement access to all other forms of communication with a lawful warrant. So should this particular technology be exempt from that?

Let's say I write you a letter (on paper) and I encrypt this letter using a cypher that only you and I know. The government intercepts this letter and asserts it contains evidence of a crime. Are you or I compelled to assist in the decryption of that letter? No? Then why should electronic communications be any different?

Beyond that, how does preemptive invasion of the privacy of all persons (which is exactly what backdoors in encryption amount to) so that, at some future time, the government can sift th

Re:

[christoban]

That's why you need a warrant.

Re:

[ewibble]

A criminal does not need a warrant, nor does anybody else who knows the back door. Spy agencies or anybody who cries think of the children will get around that.

Re:

[christoban]

Those entities can't do that if you write the law to require a warrant. The problem in the past was weak privacy due a lack of oversight.

Re: Lead By Example

[RazorSharp]

If they can snoop then we are talking about a different technology.

Re:

[Kernel Kurtz]

Oh dear lord, the hyperbole. We allow law enforcement access to all other forms of communication with a lawful warrant. So should this particular technology be exempt from that?

I basic premise that "you can never keep a secret from the government" is really not something you want to hold up as some sort of fundamental principle of justice. Historically it does not end well.

Re:

[wyHunter]

This, exactly!

They are wrong

[MpVpRb]

You can either have strong security or no security
All of online commerce and banking requires strong security
Some believe the fantasy that it's possible to restrict security so that only the good guys can have it

This is absurd for several reasons
First, it's difficult to define who the good guys are or to ensure that they will remain good
Second, the bad guys are often smart and well practiced at finding workarounds
The only ones who will suffer are inept criminals and honest citizens who are victimized by smart scammers

Re:They are wrong

[Baron_Yam]

I worked with cops a lot for a while. I like to think the ones I worked with were good, or at least not bad. I still read about them from time to time in the news, and not in a good way.

A cop is a tool, you trust them when you have to, but always keep in mind they are people and not machines. They have their own motivations that may not align with your best interests or even the law, and sometimes those motivations overrule what they should do.

If you trust cops with a backdoor, it is only a matter of time before that backdoor is compromised.

Re:

[jacks smirking reven]

Very true about cops but we have to remember that even though these are people these are people the rest of us trust with authority and abilities the rest of us cede to them so a higher standard of conduct is warranted, expected and necessary. The big issues with law enforcement, like this very story, are systemic.

There are probably quite a few cops who understand the importance of something like E2EE but the question is why are they not the voices that are setting the rules?

Re:

[Baron_Yam]

Cops are trained to an us vs them mindset and continually retrained that they always have to assume the public is out to kill them.

The mindset sticks, I picked up a bit of it by osmosis and it took a couple of years to decompress and become objective again. Luckily, I have no ethical concerns about any of the coding and systems support I did for them - I was never responsible for anything that would be used to erode rights, and I worked an awful lot on stuff that was meant for police oversight.

Re:

[jacks smirking reven]

Totally understand that and cops are right, a simple traffic stop can turn into a life-or-death situation, hell there was a terrible video last week or so with a traffic stop and another car stops, gets out and guns the cop down.

But it's harsh but you kinda assume that risk with the job. A roofer risks falling, a fireman risks burning cops risk life or death but they also hold the ability distribute justice and death.

absolutely more and better training is a top issue for US law enforcement.

Re:

[Pinky's Brain]

They aren't asking for a backdoor, the clipper fever dream is dead.

They "just" want AI mass surveillance for CSAM only, pinky promise, and lawful intercept. The keys wouldn't be escrowed with independent access by law enforcement through a backdoor, but entirely under the control of the private companies.

Re: They are wrong

[drinkypoo]

"I like to think the ones I worked with were good"

If you have 1 bad cop and 10 more that let them get away with it, what you've got is 11 bad cops.

Re:

[gweihir]

If you trust cops with a backdoor, it is only a matter of time before that backdoor is compromised.

Indeed. Same with anybody. The NSA, FBI, regular cops, judges, etc. All have examples of corruption and selfish illegal acts. That is why no backdoor will ever be secure.

Re:

[Pinky's Brain]

Most Apple users don't use Advanced Data Protection, but I'd say the cloud storage is still relatively secure.

Re: They are wrong

[drinkypoo]

But why would you say that? Have you reviewed the sources? If not, you're just making things up to believe. Your religious beliefs about Apple are not relevant.

Re:

[Anne Thwacks]

I'd say the cloud storage is still relatively secure.

In that case, I have a part-used flying pig you might want to buy.

Re:

[dbialac]

It wasn't long ago where the direct messages were via snail mail. It was difficult to find things back then. Even with email, leaving a USB drive makes transmitting information to others easy and difficult for LEOs to find.

Re:

[gweihir]

Indeed. I mean, even the NSA has had attack code stolen now and that did quite a bit of damage. There are no harmless or "safe" backdoors and not fixing vulnerabilities is always bad for everyone. No idea why this needs to be re-stated time and again.

Re: They are wrong

[DivineKnight]

Simple minds prefer simple solutions.

Re:

[AmiMoJo]

To play devil's advocate for a moment, most people don't know how to do more than use WhatsApp or iMessage, so whatever encryption they use is what they get.

Most criminals don't think about this stuff either. They don't plan their crimes and carefully manage their op-sec. Look at how often they openly discuss stuff on chat apps, or just send some random person a dick pic.

Which is the biggest argument against limiting E2EE. The data can be read off the sender or recipient's devices. They have other, more tar

Seriously?

[bradley13]

Police forces are supposed to protect citizens. Dropping E2EE would open the doors to all sorts of crime.

Unbelievable.

Re:

[gweihir]

Naa, police forces are there to keep the rich safe against the unwashed masses. All that "serve & protect" stuff is just the marketing narrative.

Police = Lazy

[Cpt_Kirks]

How in the world did cops ever catch bad guys before the advent of the mobile phone?

Olden Times

[JBMcB]

To be fair, in the olden days, the police would grab someone, say "You are guilty of xyz" take you in front of a judge, say "He's guilty of xyz" the judge would go "Yep!" and you'd be in prison.

Nowadays they have to come up with actual evidence, which is just exhausting. Phones have made it somewhat easier, as they can just subpoena the GPS info for anyone who was near a crime and you have an instant suspect. You don't even have to leave your desk, shoot off some emails and you get a suspect.

Re:

[sound+vision]

You can find statistics to support the assertion you're more likely to get railroaded now than 50 years ago. I haven't seen any to suggest the opposite.

Evidence is great, if you can manage to present it. Chances are you won't get a trial.

Interestingly, that Kohberger serial killer dude, who was studying criminal justice, has now popped out with what his lawyers call an airtight cell phone alibi. I usually don't follow stories like that, but I get the feeling the cops will be studying that one closely for a

Re:

[jacks smirking reven]

Going back and watching some of "The Wire" again it's interesting to see just due to when it was filmed that the show takes place at a time when things like "texting" and "burner phones" were like the cutting edge and some of the plots involved the cops having to stay one step ahead with new technology. Show absolutely holds up but even then it touches on the themes of all the new tech combined with the drug war mania ruining the skill of policework.

Re:

[F.Ultra]

If I'm not mistaken national statistics have shown, at least here locally, that the crime solving rate took a dive after police where given the right to perform cell tower dumps and once explanation was that if they couldn't immediately find the perpetrators data in the dump then they gave up instead of doing the old school police work.

Re:

[christoban]

I'd rather rely on the validity of that statistic, or someone's interpretation of it.

Re:

[F.Ultra]

the criminals didn't communicate over phones before the phones where invented either, still police where able to do their jobs. Heck most sane criminals don't communicate electronically at all, e.g Hells Angels sends messages via people on bikes and have a strict no cell phone policy at all their meetings.

Re:

[christoban]

Ok let's not pretend criminals still operate like Tony Soprano, only talking in person in their basement and through a chain of surrogates. They use E2EE. It's as easy as downloading an app, and it lets people more than a few blocks apart do business. Or pleasure.

And yeah, even the smart ones get lazy eventually. That's usually when they get caught.

Re:

[suutar]

Yeah, but even if Europol et al convince Big Tech to not let their apps do E2EE, it's a bit harder to ensure that no other apps do E2EE, and sideloading is a thing on almost any platform.

Re:

[christoban]

You can defeat sideloading with security precautions during the process of sideloading an app, analysis of APIs. But yeah, that's a technical issue.

Other options are better, not banning E2EE but allowing them to rootkit with a warrant, among other things.

If you want to control law enforcement

[Anonymous Coward]

You have to elect better legislators. Doesn't matter if you're in Europe or the US. The police will always do what they we let them get away with. It's all pretty straight forward. We are the power

3/4 of the world

[Impy the Impiuos Imp]

Without such access, cops fear they won't be able to prevent "the most heinous of crimes" like terrorism, human trafficking, child sexual abuse material (CSAM), murder, drug smuggling and other crimes.

The most heinous of all crimes is dictatorship, based on number of deaths, rapes, child trafficking, and so on.

Dictatorship is maintained with terror and murder and growing technological panopticons.

E2EE is just what the doctor ordered to thwart this, the most heinous of crimes. It's tough enough as it is. We, the free west, should lead the way, not offer ready-made tools with ready-made patter for dictators to spout.

Re:

[strikethree]

The most heinous of all crimes is dictatorship, based on number of deaths, rapes, child trafficking, and so on.

Dictatorship is maintained with terror and murder and growing technological panopticons.

E2EE is just what the doctor ordered to thwart this, the most heinous of crimes. It's tough enough as it is. We, the free west, should lead the way, not offer ready-made tools with ready-made patter for dictators to spout.

This is probably the most insightful post EVER posted to Slashdot. This is the only +100 Insightful post I have seen on this site.

The Panopticon is only partially useful in keeping people's behavior within reason. The entire reason for the Panopticon is to control business and social outcomes... or in other words, a Dictatorship.

Police argues for police-state

[gweihir]

What else is new? These people are a threat, nothing else.

Re:

[F.Ultra]

well to be fair, it is ofc in their interest as a law enforcement agency to get to sift through peoples data, it would significantly simply and help their work. It's a whole different question if we society should give them what they want, trouble ofc is that politicians (and some people) tend to think that if the police wants it then it must be good.

Government is not the good guys

[schwit1]

They have proven time and again that their goal is power, not justice and not the law.

How you know you're doing the right thing

[dgatwood]

When so many spooks come out against it, that's how you know you're doing the right thing. Let's unpack their statements a bit.

... Europol said it needs lawful access to private messages, and said tech companies need to be able to scan them (ostensibly impossible with E2EE implemented) to protect users. Without such access, cops fear they won't be able to prevent "the most heinous of crimes" like terrorism, human trafficking, child sexual abuse material (CSAM), murder, drug smuggling and other crimes.

You're not realistically going to magically prevent any of those things with more spying. At best, you might catch the occasional low-hanging fruit, and even then, only if you do incredibly invasive levels of widespread spying on everyone. The right way to prevent those things is by infiltrating the relevant community. People who say otherwise are kidding themselves.

"Our societies have not previously tolerated spaces that are beyond the reach of law enforcement, where criminals can communicate safely and child abuse can flourish," the declaration said. "They should not now." The joint statement, which was agreed to in cooperation with the UK's National Crime Agency, isn't exactly making a novel claim. It's nearly the same line of reasoning that the Virtual Global Taskforce, an international law enforcement group founded in 2003 to combat CSAM online, made last year when Meta first first started talking about implementing E2EE on Messenger and Instagram.

First, their claim isn't even true at a superficial level. Since at least 1961, we have been compelled by law to recognize diplomatic couriers and the contents of their bags as beyond the reach of law enforcement.

Second, our societies have always tolerated spaces that are at least by default beyond the reach of law enforcement, which allow law enforcement to peer into those spaces only after establishing probable cause.

Recent behavior by law enforcement agencies has thrown out the entire notion of probable cause, creating mass spying programs that sniff all the traffic going into and out of various organizations en masse. That, combined with parallel construction and courts being lax at enforcing the fruit of the poisonous tree doctrine, has resulted in substantial violations of the public's right to privacy.

End-to-end encryption is necessary entirely because law enforcement has repeatedly shown an unwillingness to respect the bounds of privacy that a free society requires. And the fact that law enforcement's irrational "slurp everything up and sort through it later" approach has resulted in everyone encrypting everything is not the fault of the "everyone encrypting everything". It is the fault of law enforcement being utterly egregious and unscrupulous in their behavior.

There are consequences for actions, and when governments show that they are untrustworthy on an ongoing basis, people stop trusting them. Welcome to the real world, kids.

Re:

[DarkOx]

So much this. The Intel lobby practically just burnt down congress, (it sure as-f**k looks like they blackmailed the speaker of the House) to defeat having to even get a warrant for spying from their special FISA court, when the 'F' (foreign) part is deeply in question.

That does suggest to me its time to 'trust them' more and just hand over the keys to all communications privacy. They basically finished throwing a tantrum and screaming about how they can't do their jobs AND respect the Constitutional right

Where did they get that idea?

[laird]

Where did they get the idea that "Our societies have not previously tolerated spaces that are beyond the reach of law enforcement, where criminals can communicate safely"? One-time pads have been completely secure since they were invented in 1882. And, of course, people have always been able to go somewhere isolated and talk with each other face-to-face without any police around. The idea that police have a right to monitor all communications between anyone anywhere isn't reality-based. Are they going to require criminals to record all private conversations just in case police want to listen in?

And no matter what the police demand, criminals could just use end-to-end secure communications anyway, because there are many end-to-end encryption systems already, and nothing the police demand will change that, once software exists, it'll continue to exist. Heck, PGP exists, so criminals could just use that, and ignore whatever the police do to destroy global security, and the criminals would still be secure from the police, it'd just screw things up for everyone else using the insecure communications channels the police prefer, so they can destroy secure global commerce, but not impede the criminals at all.

if they stopped abusing yhe acess they take

[Growlley]

then maybe we wouldnt be so keen on not granting them any,

Working as intended

[quietwalker]

... or did they not realize that "government agencies" was one of the biggest reasons to have E2EE?

Too late now. It's public knowledge.

[devslash0]

Encryption is public knowledge these days. Even first-year software engineering students can build their own end-to-end encrypted communicators. If we banned E2EE, we'd only harm regular users since criminal parties would write their own chat apps in a day.

Euopol thinks they're clever

[NotEmmanuelGoldstein]

... tech companies need to be able to scan ...

Everyone missed the real goal of dumbing-down encryption: Not so the police can spy on anyone, anytime, anywhere. It's so Google/Apple/Microsoft/Meta/X can spy on everyone. Europol might think they're clever, sneaking this into a 'think of the children' rant but they, themselves are victims of propaganda. Remember, the USA just passed an amendment (Section 702) where the CIA/NSA/FBI/DHS/ATFE can order any corporation to collect 'evidence' for them.

With 90% of the UK government run by Microsoft Azure,

Previously tolerated

[Meneth]

No law of Congress can place in the hands of officials connected with the Postal Service any authority to invade the secrecy of letters and such sealed packages in the mail; and all regulations adopted as to mail matter of this kind must be in subordination to the great principle embodied in the fourth amendment of the Constitution.

https://en.wikipedia.org/wiki/Secrecy_of_correspondence [wikipedia.org]

The cure is worse than the disease

[upuv]

Putting a back door into encryption is the same as removing it. Worse actually. A back door implies there is some level of trust with the encryption.

The problem is that once a back door has been compromised the ones using it are not the trust worthy.

Back doors are implemented in code. Code that is burned into systems and often never updated. So the belief that it will be patched if the back door is discovered is false. The back door will remain forever. This is increasingly a problem as more and more

THe US Mail has always been private

[RossCWilliams]

As far as I know the post office does not allow police to read people's snail mail to be read even though it can be used for illegal purposes. But the issue here is actually different. It is a claim that the post office shouldn't allow mail to be sent in envelopes.

Re: Just require a warrant

[bradley13]

You're trolling? Please say you're trolling?

Look, if the police can get a warrant, they can get a warrant to spy on one of the endpoints. Encryption becomes irrelevant.

Compromising encryption for everyone goes far, far beyond that. It endanger s everyone, and enables whole new levels of criminality.

Re:

[Pinky's Brain]

In theory they can get a warrant on the end points, in practice that's a significant technological undertaking which if implemented would have been public knowledge by now.

I'm actually surprised law enforcement don't just force Apple/Google to pown phones through auto-update. Maybe they think as long as they don't, it makes it easier to push for mass surveillance instead?

Re:

[Ed Tice]

They can get a warrant on the endpoint. But that doesn't let them see messages. They then have to physically confiscate the end point which they can (and have) done. But it's not analogous to any of the other intercept warrants that are available and it notifies the suspects.

Re:

[Pinky's Brain]

The message I replied to talked about "spy on one of the endpoints", confiscation isn't really that.

To spy on the endpoint they need to remotely pown the phone, NSO Pegasus type software but developed and pushed on the phone by Apple&Google. Plus a little help from the mobile operators, so the increased data traffic isn't a dead give away.

Re:

[christoban]

It's even harder when all evidence of the message being sent or received is immediately destroyed, like with many of those apps. So even if you log in successfully and open the app, there's nothing there, on either end.

So the only solution is to eliminate E2EE altogether, I think. WiFi makes this much harder since the traffic doesn't go through a single point. Maybe could keep E2EE by telling the device to start saving all decrypted messages once a lawful warrant is receivedit's a technical challenge.

Re:

[Pinky's Brain]

If Apple/Google remotely roots the phone for them, they can simply screen scrape.

Re:

[christoban]

When? Repeatedly, constantly? That's a lot of data to save and send around.

Re:

[Pinky's Brain]

Well screen scrape is last resort, Skia scrape should get plain text for almost any app without needing specific app hacking.

Re:

[omnichad]

telling the device

If it's your device, you should still be in control of what it does. We've already lost that for the most part, but it doesn't change the argument.

Re:

[christoban]

"Should" be in control. Uh huh.

A warranted search is a lawful search, and it supersedes your property rights.

Re:

[omnichad]

A warrant is a right to search and they can serve that to the messaging provider. The phone is yours - properly written software should require your consent to change functionality unless you were served the warrant directly.

Since this command wouldn't be an update in the app store, it means that the backdoor would have to be a permanent part of the software. Not good for the other 99.99% of the time the software is in use.

Re:

[christoban]

A warrant could also be served to you.

Re:

[omnichad]

Yeah, demanding that I retain messages. And then I wouldn't be sending any more.

Re:

[christoban]

No, a warrant saying "gimme that phone!"

Re:

[omnichad]

I'm talking about your own quote:

Maybe could keep E2EE by telling the device to start saving all decrypted messages once a lawful warrant is received

Re:

[christoban]

Ohhh that. Yeah, that may be impractical.

Re:

[christoban]

How exactly do they get a warrant to look at an endpoint when they don't have the ability to decrypt (or get through the layers protecting the key to do so)?

Re:

[Bahbus]

No, they don't. They can police all of those things by doing the work. However, they're all lazy and tasked to do things police shouldn't ever be near to begin with.

Re:

[christoban]

What is "doing the work?" Waving a wand?

Re:

[christoban]

I it's as easy as reading the decrypted message at either end, you should have no problem with giving them the ability to read it (with a warrant).