On Mon, 31 Jul 2023 at 12:13, John Curran <jcurran@xxxxxxxxxx> wrote:
> On Jul 31, 2023, at 6:38 AM, Keith Moore <moore@xxxxxxxxxxxxxxxxxxxx> wrote:
>
>> On Jul 31, 2023, at 4:21 AM, Andrew Campling <andrew.campling@419.consulting> wrote:
>>
>> In the interest of trying to understand your point of view, it would be helpful if you could expand on your comment to include your rationale.
>
> I simply don’t believe that it is technically possible to build a back door to encryption, that will not result in increasing, pervasive, and intolerable invasion of people’s privacy, and with it, authoritarian rule and drastic loss of freedom. Separately, I do not believe it is even possible to build a CSAM detector into apps and/or platforms and/or infrastructure that will not produce significant numbers of both false positives and false negatives, ruin many innocent people’s lives, fail to effectively reduce CSAM production or transmission, AND be repurposed into a more general surveillance mechanism.
Keith -
You may indeed be correct.
Although as a thought exercise, hypothecate for a moment that there exists at least one public policy obligation of government (i.e., a duty which we collectively as a society place on the function of government rather than individuals, and expect government to fulfill in a competent manner) that is both valid and cannot be satisfied with optimum encryption practices – what should then occur?
Based on recent history, I believe that much of the Internet technical community focuses on either discounting the validity of the obligation – or simply responding that it cannot be technically satisfied (and that the consequences of such are not their problem.)
In the case of an actual valid public policy obligation of governments and conflict with optimum encryption, what should occur?
(I note that we vest in governments have the unique ability of regulation and enforcement, and failure to engage constructively to help them address their obligations in some manner may not produce desired outcomes – e.g., governments instead seeking and mandating technology standards from bodies of lesser calibre but that are more responsive to their requirements.)
Thoughts?
How about looking at the actual situation, which is that governments claim two policy obligations, one is around strong encryption (necessary for security, commerce, etc) and the other is around lawful access? The technical issue is that these cannot both be satisfied.
/John
p.s. Disclaimer(s): my thoughts alone; contents may be hot - use caution when opening; this email composed of 100% recycled electrons.
