undefined | Better HN

0 pointswulfstan11mo ago0 comments

Every system of authority carries with it the risk of abuse; but we still accept legitimate authorities carrying out breaches of personal privacy for the sake of law enforcement - the warrant system being the obvious one. That's part of the compromise we make in society.

Good governments ensure that a breach of personal privacy has to travel through a legitimate process with an independent judiciary to limit the risk.

0 comments

inglor_cz11mo ago

Do you think that this can be done without introducing massive security weaknesses into systems that cannot have them?

Also, there is a question if you believe the authorities that without decrypting data, they can't investigate crimes.

Imagine an analogical assertion that without torturing suspects, law enforcement is stymied. Someone might assert that, but we still say no, for all sorts of fundamental reasons. Same with American Miranda rights and others.

Myself, I don't believe in that assertion at all. Most crimes leave a massive real world trace that cannot be encrypted. The ones that don't, maybe should not be crimes in the first place.

wulfstanOP11mo ago

> Do you think that this can be done without introducing massive security weaknesses into systems that cannot have them?

Yes, I do - or rather, that is the point of the discussion. We currently allow central authorities to indicate our permission to do or be something in the root certificate system. Why can't something similar be designed to allow controlled decryption?

> Also, there is a question if you believe the authorities that without decrypting data, they can't investigate crimes.

Clearly there are circumstances in which being able to decrypt the data of a criminal would assist in prosecuting crime. See EncroChat for an example of how this has worked.

> Imagine an analogical assertion that without torturing suspects, law enforcement is stymied. Someone might assert that, but we still say no, for all sorts of fundamental reasons. Same with American Miranda rights and others.

Yes. Clearly there are reasonable limits that need to be applied before we can allow controlled decryption of data. I am not arguing for issuance of a master key. See my original post.

> Myself, I don't believe in that assertion at all. Most crimes leave a massive real world trace that cannot be encrypted. The ones that don't, maybe should not be crimes in the first place.

Some do, and some don't. Things like e.g. cryptocurrency heists have profound effects, and are propping up North Korea. Those are definitely crimes...

j / k navigate · click thread line to collapse