The Debate about End-To-End Encryption and Governments

There is a legitimate debate to be had about a number of INDEPENDENT aspects:

  1. The actual attempts by governments, both regulatory and through chilling effects, to deprive people of access to end-to-end encryption without backdoors are hardly limited to France. They are happy most of society uses centralized platforms, so they can pressure the founders. Here is a global map and the current state of countries around the world:
  1. Decentralization itself. Moxie Marlinspike (founder of Signal) wrote probably the only substantive critique about Web3 technology and ecosystem that I’ve read (that doesn’t conflate it with centralized grifters like FTX or Celsius). He concluded that he’s kinda against decentralization because he likes to “move fast”. But, he missed a lot. We can’t have Moxie and Pavel be our “last line of defense” against the Five Eyes and other spy agencies installing backdoors. By contrast, arresting Vitalik Buterin, Tim Berners-Lee or Linus Torvalds does nothing to Ethereum or the Web or Linux, respectively. That is how things should be. We the People should have the tools to run our own nodes / servers etc.
  1. Control and Societal Health. It turns out that privacy is just one aspect that suffers from software being in the hands of a few massive centralized entities. The platforms have become enshittified over time (Cory Doctorow’s coined term), our online discourse has become completely toxic, angry, and people young and old have record levels of depression and are on medication:

https://www.laweekly.com/restoring-healthy-communities/

  1. Trusted computing base. There is a lot to be said about how you can trust something. I mention SGX extensions and AWS Key Mangement as two examples of sorta limiting your trust surface to a few large corporations like Intel and Amazon, Google and Apple. But it’s still better than, say, trusting Facebook to “pinky-swear encrypto your data”. You can’t seriously argue any centralized app is actually encrypting your data in a way it can’t decrypt on the other side.

Unless you have reproducible builds, which Telegram has for Android and attempts to have for iOS: https://core.telegram.org/reproducible-builds

The powers that be just make it hard for regular people to avail themselves of this technology of reproducible builds. The app store isn’t friendly to it. But in theory, tptacek, you can install a reproducible build of Telegram and be sure it’s end-to-end encrypting things.

  1. Backdoors in algorithms. Many proponents of bitcoin and ethereum prefer to use the Koeblitz curve because its init parameters seem like they weren’t cherrypicked by the NSA. But the rest of the industry (the “powers that be”) prefer the secp256r1 curve instead of secp256k1. I’ve argued here that Ethereum is better off just deploying a precompiled smart contract (as Polygon and Binance Smart Chain recently did) to just verify secp256r1 signatures and let people use everyday technology like webauthn and subtle web crypto, because no one in the mainstream will implement their preferred secp256k1 curve:
  1. On the question of balancing privacy and security, there are in fact solutions, but you have to get away from the idea of a centralized police force / centralized government, and think in terms of a free market of agencies, that can decrypt limited evidence only with a warrant and only if they provide a good reason. The warrant could be due to an AI at the edge flagging stuff, but the due process must be followed and be transparent to all. Who watches the watchers? We all do. Like CSPAN has for Congress.
  1. Finally, we must move to something like #6 because because otherwise you have unaccountable governments causing wars and preventing cooperation on environmental and other initiatives… as much as they like to focus on “watching the public” for terrorism or transfers over $600 for tax evasion, we need to insist on watching the governments, with their secret meetings and negotiations, where they fail to avert wars (I personally spoke to the Ukrainian negotiators who met Russians in Belarus in the early days of the war), or simply don’t even try. Civilians worldwide end up paying for their mistakes, which could have been averted if (let’s have a pipe dream here) all world leaders had to establish a Kennedy-Khrustchev-style direct line to each other and have the negotiations recorded and televised so we could see who is responsible for the breakdown in deescalation and cooperation. Do they work for us? Or what?

My own personal opinion is that end-to-end encryption against state actors is a band-aid to compensate the bigger problem of authoritarian governments. No governments are against cryptographic signatures but increasingly they are against encryption with no back doors.

The conversation should include sociopolitics, not just technology. Here is my recent conversation where I brought Noam Chomsky and David Harvey together to discuss the effects of capitalism on freedom of speech, and we wound up discussing the Ukraine war half the time: