Asklemmy

Given the (good) state of encryption it is basically never "breaking" encryption, but rather somehow circumventing it. Sadly this usually means installing some trojan on the devices exploiting a OS vulnerability.

This is a really bad idea for two reasons:

1. It gives law-enforcement an incentive to buy exploits and keep quiet about them afterwards and thus making devices much less secure and bugs are intentionally not fixed.

2. Once such a trojan is installed on a device it can not only be used to search for evidence, but just as easily to plant false evidence, which is sadly not as unlikely to happen as it sounds at first.

Who watches the watchmen?

Do you trust that the state will have your best interests at heart 100% of the time? Do you trust that the state will use its power solely against "criminals" and that the set of behaviors labelled criminal will remain acceptably restricted? Even if such were the case now, in the present, you can't guarantee that it will be in the future, and states are loath to relinquish power once given.

TL;DR: You should presume any power given to the state will, inevitably, be abused in some way.

A back door for the good guys can also be a back door for the bad guys. This shouldn't even be a discussion.

This is a great question. I also find it hard to navigate.

Here's a take based on Bruce Schneier's Click Here to Kill Everybody.

To start off, data should be considered toxic, and incentives should be set up so that data collection is minimized. This should happen both at the level of companies, so that surveillance capitalism cannot work with its massive data-collection approach, and at the level of State agencies, so that the NSA cannot surveil the world as it does now.

Beyond that, we should recognize that, tactically, it doesn't make sense to defend one's internet-related practices and infrastructure while attacking theirs (whoever this 'other' is). The reason is technical: the internet and mass consumer goods make it practically impossible to assure this previously tenable tactic (protect my stuff while destroying theirs); we all use the same stuff. The result is a decision where its either security for everyone or insecurity for everyone. Schneier clearly thinks security for everyone is better.

But this doesn't mean spying and targeted law-enforcement stops doing its job. Spying, apprehensions, or (as was the case with Bin Laden) State-sponsored assassinations are still possible in an internet-safer world. The way this works is to think of an internet-safer world as raising the costs of surveillance. Rather than surveil the world, law enforcement becomes selective as to who to go after.

This last point sounds as if I was justifying these actions. I dislike the idea of State-sponsored spying and assassinations. But the concrete problem that we're dealing with (widespread surveillance) can be dealt with in the same way that slavery, death penalty, women's rights, and the achievements of the labor movement (8-hour working day, insurance, safety regulations): citizens demand changes in institutions. I am aware that this is a proposal to improve our life conditions within liberalism, rather than propose a broader change. But the historical changes we've had in our lives regarding these non-trivial issues show that even within a system full of gross inequalities and suffering, there are ways in which we, as a whole, can improve our human experience.

And this doesn't mean that liberalism works as a stand-alone system. As I said before, it is through citizen mobilization that these improvements in the human experience have appeared. A State responds to its citizens. And law enforcement is no exception. Institutions should be set up in such a way that if we, as citizens, decide it's okay to break encryption to catch criminals, it is done in such a way that there's accountability. Public officials and workers are no exception to accountability.

Personally, I'd want a State that not only deals with criminals, but prevents it. For example, we know that economic inequality is tied to crime. We know that childhood trauma is linked to crime. We know that lack of life-path opportunities (e.g. "Do you want to run your own farm? Do you want to become a Human Rights lawyer? Do you want to program? Do you want to write?") is linked to crime. That should be dealt with now so that tomorrow breaking encryption is not necessary.

So, to summarize, we should treat data as toxic and regulate/mitigate its recollection and usage. We should make the the internet, the devices, the services, and everything related to its usage as safe as possible. This is where your encryption comes in. This merely increases the cost of surveilling, making law enforcement have to make thoughtful choices regarding its activities. Finally, law enforcement should be accountable to its citizens; public officials and workers are not immune to justice.

Edit: To be clear, "breaking encryption" here cannot practically refer to actually brute-forcing or phishing encryption keys. This is not how it generally goes, as @poVoq@lemmy.ml points out. Rather, "breaking encryption" refers to getting data that was otherwise meant to be private, generally involving encryption.

If you know someone's doing some sketchy stuff, you can probably incriminate them without having to seize the device/data and bruteforce the encryption

I don't find this one tough at all : we all have a right to privacy.

(I find it increasingly uncomfortable living in a world where I'm constantly being spied on.)

In addition to what /u/onlooker said here, can I interest you in a discussion about what can make one a criminal ?