I find this question tough. Catching criminals is great but what about breaking encryption?

  • poVoq@lemmy.ml
    link
    fedilink
    arrow-up
    13
    ·
    edit-2
    3 years ago

    Given the (good) state of encryption it is basically never “breaking” encryption, but rather somehow circumventing it. Sadly this usually means installing some trojan on the devices exploiting a OS vulnerability.

    This is a really bad idea for two reasons:

    1. It gives law-enforcement an incentive to buy exploits and keep quiet about them afterwards and thus making devices much less secure and bugs are intentionally not fixed.

    2. Once such a trojan is installed on a device it can not only be used to search for evidence, but just as easily to plant false evidence, which is sadly not as unlikely to happen as it sounds at first.

    • the_tech_beast@lemmy.mlOP
      link
      fedilink
      arrow-up
      1
      ·
      3 years ago

      Planting of false evidence is something that we will have to worry about. It will probably be more common.

  • adrianmalacoda@lemmy.ml
    link
    fedilink
    arrow-up
    6
    ·
    edit-2
    3 years ago

    Do you trust that the state will have your best interests at heart 100% of the time? Do you trust that the state will use its power solely against “criminals” and that the set of behaviors labelled criminal will remain acceptably restricted? Even if such were the case now, in the present, you can’t guarantee that it will be in the future, and states are loath to relinquish power once given.

    TL;DR: You should presume any power given to the state will, inevitably, be abused in some way.

  • onlooker@lemmy.ml
    link
    fedilink
    arrow-up
    5
    ·
    3 years ago

    A back door for the good guys can also be a back door for the bad guys. This shouldn’t even be a discussion.

  • snek_boi@lemmy.ml
    link
    fedilink
    arrow-up
    5
    ·
    edit-2
    3 years ago

    This is a great question. I also find it hard to navigate.

    Here’s a take based on Bruce Schneier’s Click Here to Kill Everybody.

    To start off, data should be considered toxic, and incentives should be set up so that data collection is minimized. This should happen both at the level of companies, so that surveillance capitalism cannot work with its massive data-collection approach, and at the level of State agencies, so that the NSA cannot surveil the world as it does now.

    Beyond that, we should recognize that, tactically, it doesn’t make sense to defend one’s internet-related practices and infrastructure while attacking theirs (whoever this ‘other’ is). The reason is technical: the internet and mass consumer goods make it practically impossible to assure this previously tenable tactic (protect my stuff while destroying theirs); we all use the same stuff. The result is a decision where its either security for everyone or insecurity for everyone. Schneier clearly thinks security for everyone is better.

    But this doesn’t mean spying and targeted law-enforcement stops doing its job. Spying, apprehensions, or (as was the case with Bin Laden) State-sponsored assassinations are still possible in an internet-safer world. The way this works is to think of an internet-safer world as raising the costs of surveillance. Rather than surveil the world, law enforcement becomes selective as to who to go after.

    This last point sounds as if I was justifying these actions. I dislike the idea of State-sponsored spying and assassinations. But the concrete problem that we’re dealing with (widespread surveillance) can be dealt with in the same way that slavery, death penalty, women’s rights, and the achievements of the labor movement (8-hour working day, insurance, safety regulations): citizens demand changes in institutions. I am aware that this is a proposal to improve our life conditions within liberalism, rather than propose a broader change. But the historical changes we’ve had in our lives regarding these non-trivial issues show that even within a system full of gross inequalities and suffering, there are ways in which we, as a whole, can improve our human experience.

    And this doesn’t mean that liberalism works as a stand-alone system. As I said before, it is through citizen mobilization that these improvements in the human experience have appeared. A State responds to its citizens. And law enforcement is no exception. Institutions should be set up in such a way that if we, as citizens, decide it’s okay to break encryption to catch criminals, it is done in such a way that there’s accountability. Public officials and workers are no exception to accountability.

    Personally, I’d want a State that not only deals with criminals, but prevents it. For example, we know that economic inequality is tied to crime. We know that childhood trauma is linked to crime. We know that lack of life-path opportunities (e.g. “Do you want to run your own farm? Do you want to become a Human Rights lawyer? Do you want to program? Do you want to write?”) is linked to crime. That should be dealt with now so that tomorrow breaking encryption is not necessary.

    So, to summarize, we should treat data as toxic and regulate/mitigate its recollection and usage. We should make the the internet, the devices, the services, and everything related to its usage as safe as possible. This is where your encryption comes in. This merely increases the cost of surveilling, making law enforcement have to make thoughtful choices regarding its activities. Finally, law enforcement should be accountable to its citizens; public officials and workers are not immune to justice.

    Edit: To be clear, “breaking encryption” here cannot practically refer to actually brute-forcing or phishing encryption keys. This is not how it generally goes, as @poVoq@lemmy.ml points out. Rather, “breaking encryption” refers to getting data that was otherwise meant to be private, generally involving encryption.

    • CHEF-KOCH@lemmy.ml
      link
      fedilink
      arrow-up
      1
      arrow-down
      1
      ·
      3 years ago
      • How do you know they are criminals if you not already broke the encryption to gather evidence…
      • This is not about criminals, it is about the question if Internet should be a - room - without laws and total anarchy and anonymity.
      • There is no answer to this question because no one solved this problem, solving this would maybe require introducing a total police state, since you need more police on the streets to gather hard evidence to come to a conclusion if someone is a criminal or not in the first place.
      • Abusing the encryption system is widely-known in the malware and pedo scene and those are the first together with alt-right people hiding behind this.

      To somewhat give my opinion on this…

      • Breaking or backdoor-ing encryption is not the answer, you even then need surveillance and even then we have a justice system which everyone should obey.
      • The internet should not be a virtual room without laws.
      • Do I have a solution, … nope, same like most people this is something which always will one way or another break something… our privacy … Our anonymity or our encryption system, it depends on what we are willingly to trade for more security. It is giving up something to gain something in return on the other side, at least that would be the concept, which I am not a fan of.
  • Elbullazul@lemmy.ml
    link
    fedilink
    arrow-up
    3
    ·
    3 years ago

    If you know someone’s doing some sketchy stuff, you can probably incriminate them without having to seize the device/data and bruteforce the encryption

  • 3arn0wl@lemmy.ml
    link
    fedilink
    arrow-up
    3
    arrow-down
    1
    ·
    3 years ago

    I don’t find this one tough at all : we all have a right to privacy.

    (I find it increasingly uncomfortable living in a world where I’m constantly being spied on.)