The relevant bits I got from it were that there are a bunch of bad actors who create new Zoom identities and host meetings a few times before moving on, and Zoom needs a means by which they “can, if they have a strong belief that the meeting is abusive, enter the meeting visibly and report it if necessary.” Their E2EE design will make it impossible for Zoom employees to enter E2EE meetings without permission, so giving E2EE to the free tier will enable people to use Zoom meetings to facilitate abuse.
Looking back on this comment now I realize it can be construed as condoning Zoom’s decision here. I was not intending to pass judgement with that comment, but perhaps I should:
I think Zoom is wrong.
End-to-end encryption should be available to everybody no matter who they are. This means making it available to bad actors too. Expanding the scope of human communication should not be used to justify state surveillance. Privacy is a fundamental human right and one we should not be forced into giving up because it annoys the government.
I so want to be on the same side of this discussion but the argument is nuanced.
The reason "think of the kids" works so well to justify blocking E2E all the time is because child abuse happens literally all the time.
When someone solves this problem, and I don't think any of us really believe it to be solvable, we can move on. I don't want the government in my private conversations, but I don't want my kids in someone elses either.
To extend this - we recognise a duty of care to our users and their privacy when we build these systems, but if those users plan and carry out an act of terrorism did we not also have a duty of care to their victims to not aid their killers in planning their murder?
We can't shunt this responsibility forever, the public will not take our side down the road - because we are ignoring the counter-argument even if we wedge our fingers in our ears.
Child abuse, terrorism, drug trafficking and professional crime in general is a needle in a haystack compared to boring petty crime let alone normal communication.
Law enforcement entities that try to prosecute these kinds of crimes doesn't do it by building haystacks of data and then combing through looking for needles because that's a waste of their resources relative to the amount of results obtained. They do it by attacking the endpoints where the abuse or terrorism, or other professional crime has to actually happen. They find a terrorist, or a child abuser or a drug trafficker or they find evidence of their handiwork and then work from there. They see where they get their money, their bombs, their drugs, etc, etc and follow the links as much as they can. When law enforcement is actually trying to target crime they don't go fishing, digitally or in meatspace because that's not an efficient way to obtain results if the goal is to go after some genre of professional/organized crime.
Running a mass operation with no specific target (like speed traps in meat-space or dragnet operations in the digital world) is great for padding stats because you can say "look, we got X pounds of meth off the street" or whatever but it doesn't actually do much to target the professional crime because professional criminals take steps to avoid being caught in lowest common denominator type policing.
Neutering encryption (so that cops can continue to run surveillance dragnets) doesn't do anything to help the cops catch real criminals, that's just a talking point made up by the people who want the government to have the ability to put any arbitrary person under a microscope.
Users choose their technology. Technology doesn't choose its users. There's no way to make it impossible for criminals to use some communications service. The same technology that protects the lawful person will protect the terrorist and drug dealer. There's no solution available that doesn't also involve sacrificing the safety of upstanding citizens.
In case anyone doubts the above fact: government agents abuse their surveillance powers to spy on their loved ones.
There's no reason to believe the government is any better than these criminals. Cryptography must be strong enough to defeat even intelligence agencies as well as ubiquitous so that it'll be hard if not impossible to enforce legal limitations or bans.
> child abuse happens literally all the time... I don’t want my kids in someone elses [private conversations] either
93% of the time, the perpetrator knows the child. If you’re seriously worried your children might be victims of abuse, then your first line of defense should be against your own family and friends.
You will always be able to communicate with someone else in an encrypted manner, if you both want to do so, and no legislation that forces popular platforms to go unencrypted can change that. So, no illegal activity will be harmed.
Apparently it's okay for Zoom to shunt this responsibility for its paid users? Even if I were to accept your premise that omitting E2EE is a legitimate trade-off to detect abuse, Zoom's choice to selectively apply this standard for its free users suggests that this is NOT why Zoom chose to do this.
on the other hand, zoom has a vested interest in identifying the people in the call (say to allow linking to a linkedin profile or other revenue-generating reasons).
I think you are wrong. The reason is, people seem to continue extrapolating reasonable privacy laws that were originally meant for the physical world to the virtual world. In the physical world, however, there's always reasonable workarounds to break into these privacy barriers if there's a suspicion of crime. In the virtual world, often, there's no possible way to break strong encryption barriers even if everyone agrees there needs to be a check on what's inside for the public good.
As an illustration, if we get reasonable evidence suggesting that someone is growing marijuana in their ranch, we can get a warrant and go inside. There's not too much the owner can do to stop it. However a perfectly encrypted iphone cannot be broken into, no matter if the entire world agrees that there's evidence of crime in it.
From what I can see, no one argues against warranted search of personal property in the physical world, except maybe some sovereign citizen crazies. Given this, why can't we strive for a similar system on the virtual world as well? I too agree warrantless or unfettered govt surveillance of technology is bad, but that's a policy failing not a technology one. We should try to focus on how we can hold governments responsible instead of making fully protected crime caves for anyone who cannot whip up a conscience.
I agree privacy should be a right, but not at the expense of many people enduring a life of hell in these cordoned spaces for that cause.
> why can't we strive for a similar system on the virtual world as well
because any crime in the virtual world can be uncovered by good police work. nobody has perfect operational security, including the government. so the solution to law enforcement is hard work by the law enforcers.
consider: prior to electronic communication, all private discussions were perfectly encrypted, because if you weren't there, you didn't hear what was happening. And society continued to function.
You simply can't trust the government to respect boundaries that they created but have the ability to breach, especially when it can be done completely surreptitiously.
We need to learn the lessons of Snowden, and fight tooth and nail to prevent anything less that complete, unfettered access to private communications by human beings. Anything that falls short of that will eventually be complete, unfettered surveillance, because there is no metastable equilibrium point in the middle.
consider: prior to the internet, /all/ telephone conversations could be monitored by the government. And society continued to function.
The controls on surveillance are not technical, they are political. The technology was the same, yet the Stasi listened to every call they could; other governments did not.
Fix the politics, because it /will/ win in the end. Learn the lessons of Germany and China.
No, they could not monitor all conversations. They could only listen to as many calls as they had agents to listen to them. It was not possible for them to listen to everyone at once, nor could they use this as means of discovery. They had to suspect someone in the first place in order to decide to expend the human resources to listen to their calls.
This is fundamentally different from modern technology where they can have a computer listen to every single call, pick out whatever keywords they're looking for, and flag it for later review. Technology now makes it possible for them to truly listen to everyone at once. This is why end-to-end encryption is necessary for everyone.
Politics is not going to solve this problem. A lot of what America's police and intelligence agencies do is already illegal. They don't care. They're going to do anything they can with the technology.
If you can't fix the politics it's _not going to matter_. The politics will just make the technology illegal. That's what's happening in China.
It's a weirdly blinkered concept to say "America's agencies already do illegal things and their politics is broken but what will save us is American corporations deploying technology".
(The "we need universal E2E to protect our freedoms even if there are downsides" is not, in logical form, a million miles different from 'we need guns everywhere to protect us from the government and damn the negative consequences of having guns everywhere', frankly)
What if we fix the politics and forget about the technology, then the politics later become broken again? We won't be able to take back those private unencrypted conversations that could be used to retroactively incriminate us.
I actually believe that technologies such as strong encryption are creating important checks and balances that make our democracy stronger. They are not subverting it like you are implying.
>The "we need universal E2E to protect our freedoms even if there are downsides" is not, in logical form, a million miles different from 'we need guns everywhere to protect us from the government and damn the negative consequences of having guns everywhere', frankly
I agree, and I agree with both of those. Giving up freedom/privacy for safety is almost always a losing bet.
The actual trade-off is giving up safety to gain the illusion of freedom.
With guns, the state will always outgun you. So the gun-riddled society sees children in its schools murdered staggeringly often, while its (supposedly free) citizens are tear-gassed with impunity by a state for nothing more than a photo opportunity.
That was not a winning bet for that society.
It's similar with E2E. It can't protect you from the government, because the protection is illusory – it protects just you so long as the state wants it to. When it no longer wants it to, it makes it illegal. Administrations are already heading in this direction.
Meanwhile E2E enables a number of proven harms, from lynchings to child abuse. Is that a worthwhile trade-off just for the protections it gives from corporate or illegal privacy invasion? Would it lose all of those benefits if legitimate law enforcement were allowed access? There is at least a debate to be had, there.
I see it as the exact opposite: giving up freedom for the illusion of safety. Using the tear gassed protesters as an example, when there have been protests where a large number of protesters were openly carrying firearms, nobody gets tear gassed. Neither the cops nor the protesters get remotely violent.
The people with the guns aren't attending the current protests, and you can see how that has worked out.
You can't do physical harm with encryption (unless you want to count superficial burns acquired from touching a Bitcoin-mining GPU), though. The presence of guns is a necessary and pretty much sufficient condition for certain classes of physical harm, which in the eyes of many _does_ make or qualitatively different.
One of the defences Facebook uses when confronted with WhatsApp-orchestrated lynchings in India is that e2e encryption means it can't know what people are talking about or help police track the source of the messages.
Your point? If those lynchings had been orchestrated by people meeting up in person instead, nobody could know what people are talking about or help police track the source of the messages either.
In either case, to actually lynch someone, you still need to go there physically and actually do the deed. WhatsApp chats don't kill; dudes with weapons do.
The point is the scale. Law enforcement was scaled and equipped to meet the challenge of in-person lynch mob formation. In-person meetings are risky, finding like-minded people can be a challenge, etc.
Encrypted comms gives a huge asymmetric scale benefit to those who have these crimes committed. What it hasn't scaled is the ability of law enforcement to respond. And that's a choice, one which is open to criticism.
>No, they could not monitor all conversations. They could only listen to as many calls as they had agents to listen to them. It was not possible for them to listen to everyone at once, nor could they use this as means of discovery. They had to suspect someone in the first place in order to decide to expend the human resources to listen to their calls.
I think you're taking this a bit too lightly. As a side topic, I am surprised to what extent state surveillance was a thing here in the telephone era.
The secret police had about 50k full-time agents, 600k double-agents and about 400k-500k informants. From a population of 18 mil, that's about 1 in 18. Consider an usual family. You have a brother or a sister, two parents, 4 aunts or uncles and 4 grandfathers. Odds were in favor of one of them being at least an informant.
For your community? There definitely was an informant or double agent among them. Just knowing that the threat is there has a massive effect in how people communicate and bond with each other, effects that can still be felt to this day.
We can work on fixing politics AND fix technology. We don’t have to choose between them.
What stopped the Stasi until politics was technology. And I think the encryption used helped to bring about the political change. If the Stasi had what Zoom is offering then perhaps the wall wouldn’t have fallen for 10,20,30 more years.
Consider: prior to the telephone, to monitor a conversation government had to actually send people to where the conversation happened, and that meant that they could barely monitor any conversations - and yet society continued to function.
The government still can send people to watch people use their phones or computers. On the other hand, it seems hard to dispute that all our most efficient examples of totalitarian states are post-telephone.
> You simply can't trust the government to respect boundaries that they created but have the ability to breach, especially when it can be done completely surreptitiously.
No, but in a functioning democracy we can vote them out. Democratic governments by definition have an large concentration of power, otherwise they can't fulfill their functions.
But this is bound by laws, time, and the ballot box. Surreptitious (warrantless) government surveillance should absolutely be illegal. Searches with a legal warrant (through an accountable, non-abusive, warrant granting judicial system) are absolutely necessary to gather evidence for prosecution of crimes to take place. Without trustworthy investigation and prosecution of crimes, the social contract
will fail, and this has already started happening in many areas, as we are seeing in a way right now
However, this goes both ways - the populace should get far more transparency into the functioning of the criminal legal system - especially in to the training and conduct of physical law enforcement (police officers).
In the real world one will notice law-enforcement breaking into their ranch, in the virtual world, they won't (and comparing growing marijuana to voice/video over Zoom is wrong).
In the real world law-enforcement wouldn't have access to the complete history of a conversation, in the virtual world they would. Even to anything in the past which is irrelevant to the topic.
The events in the real world are ofthen ephemeral, we don't expect our friendly conversation to last forever, in the virtual world, however, they can be recorded and stored forever.
Basically you should compare spying/wire-tapping in the real world vs. spying/wire-tapping in the virtual world.
I think there is a debate here that we need to have, as a society.
But I think that broader society are not going to understand the technical issues, and are going to be swayed by overly-emotional appeals to "think of the children" and similar.
Therefore I think that we, as engineers - the people who will be asked to implement the results of any such debate, need to have this debate ourselves so we can take responsibility for our actions.
I can see both sides of this debate.
There is a legitimate need in society to gather evidence to discover the guilt or innocence of accused criminals. We cannot have a system of justice that assumes innocence until proven guilty but provides no method for gathering incriminating evidence.
There is also a legitimate basic human right to privacy. We must not be subject to constant surveillance by the state.
We have to find a middle path between the two extremes.
> Given this, why can't we strive for a similar system on the virtual world as well?
Because there is no technical solution that allows something similar, such a solution
1. Must be exclusive to use by lawful authorities, a criminal cannot get a search warrant
2. Must have some reasonable per-instance cost to prevent overreaching
1 is very hard in a tech space if even possible, backdoors can always be used by other parties.
But even if 1 is possible, by the nature of digital surveillance it is very cheap and relatively easy to do mostly secretly, leading to things like NSA literally inspecting all internet traffic.
Yes, theoretically you could the seconds this if it is the overwhelming political will, but it isn't, and the general public doesn't care.
You make a good point, but finally encryption is just a tool. The virtual and the physical spaces are both domains, whose different nature offers different tools at their disposal. I don't think you can protect anything in the physical domain with the same certainty and mathematical elegance that's available to digital files, but if there were I wouldn't be opposed to it.
Imagine if there were a safe that couldn't be opened by anyone but the owner without destroying its contents. Would you be opposed to that? What if the design mechanism of this safe were as easy to implement as the encryption protocols are? Yes, one day some expert safe-cracker might break it. And in the even farther future the advent of "quantum safecracking" would perhaps make the safe as secure as a luggage lock. In the meantime the police would have to resort to their traditional methods.
Unfortunately all kinds of damning evidence have been lost to time. Fire is older than paper.
If police has suspicion that they are commiting a crime it can request a warrant to install listening device and only then they can listen.
In Zoom like scenarios any third party (like technological companies using law as excuse) can listen without warrant (and they will say something like "no one is listening" as training AI is not considered "someone")
As such communications should be encrypted with asymetrical cryptography where only warrant giver can decrypt them (not warrant giver giving the private key to law enforcement, but decrypting the symetrical per session key and give that to the law enforcement). And this goes as phones too.
And quite frankly I dont care if police with warrant is listening to my conversations. I dont want to any company listen to them as they are not doint it for law enforcement but for profitting on my data (quite possibly against my interest) and this is something completely different.
This is the scenario where technology gives people MORE privacy, prevents police illegal wiretaps (without warrent giver consent), prevents technology provider wiretaps and on the other side still allows legal wiretapping based on warrent-giver.
But interesting, no one has any interest doing it, guess why?
Do you see a fundamental difference between Zoom and telephone companies here? Or do you think how we've handled telephony over the past century has been a clear failure? If the latter, do you think most people would agree?
I dont really care for telephone companies as heads would roll if they would dare to intercept my phone calls without court order. We had one case just 2 weeks back where one of mobile phone/internet installed some security "firewall" that was doing mitm on https, they are now under investigation and under consideration of criminal persecution. They had system in place for less then 1 week. I am protected regarding those by laws.
So to answer your question, telephone companies are a failure in USA (wild west and lawlessness), in my country they need to obey laws. Corporations doesnt obey any laws outside their country (which they select based on inneficient laws) and need to be harshly regulated.
My personally favorite would be legislation that would mandate e2e encryption that must not be backdoored by anyone else except law enforcement getting warrent but private keys are staying under judge supervision without possibility to give it away (in pkcs#12 manner) and can be only used to decrypt communication when he presses the big red button. Quite frankly you want to be able to wiretap organized crime.
So open source solutions should be banned? I should not be allowed to use or create a program that allows me to talk with e2e encryption? Finding someone in possession of undisclosed keys should be a crime?
Care to see what happens then? Check China. They are implementing this very thing. For the children, I suppose.
Those are not simple debates and you are just taking them as black and white and then offer one solution (e2e) and making huge issues on the other side (organized crime, corrupted politians (If I understand you correctly, you are most worried about them - China?). The "think of the children" and "terrorists" are the least problematic topics here).
The judge only access prevents mass data gathering of law enforcement agencies and three letter agencies (at least in my country). And enable control of further institutions. Secret and hidden backdoors (Crypto AG, Dual_EC_DRBG,...) or corporations bribed by government deals are the worse solution here as it doesnt prevent the access to the data to either corporations or secred agencies while it might hold away law enforcement or also not. And surely enables mass data gathering from all without any supervision or control. What the real issue here is that no one is mentioning any court orders. Everyone would just want to have access to everything. Now THAT IS an issue.
I was talking about legal entities operating in same manner as telcos were. Also in real world you can invent your own one time pad encoded speaking and no one will understand you even if they wiretap the communication. And actually mafia historically has been using slang to cover up the communication. Same as you can do it in open source.
Anyway, do you communicate over the "secret encryted communication channel" covered with rag, to prevent recording your lips, recording with laser measuring shaking of window glass, you face muscles, IR recording and probably next 100 methods I am not even aware of. As this are the issue you also have with warrant being issued. Guess not. So the police looks like is not an issue for you (or warrant).
Then the three letter agencies, except for "warrant" methods they will use rubber hose cryptography to break you and any of your e2e communication and actually you might wish they would be able to read from your communication without contacting you in person. So e2e doesnt change anything for you here either.
I refuse to handle open source solutions that you install on your server to use them in same manner as corporation entities that use their solutions to wiretap the communications of everyone so they can earn more money from informations they gather.
And I also think that "encrypted Apple" phones (and everyone else doing any business with government) and the whole FBI story is just a sharade to bait people that are hiding something in ecosystem where the can simply access the information by agencies that CAN issue gag order. The whole story surely looks like counter-espionage operation from 1970. Time will tell if I am right.
It's not black and white. And I am not offering e2e as THE solution to privacy and freedom, but as a part of it and an important metric of whether a solution is actually working right. Just because encryption does not protect me from EVERYTHING, like physical surveillance, that does not mean we should abandon it - THAT is black and white thinking.
Having the law being able to access encrypted communications at any time will trample at the examples I brought up, which are examples that came up with zero effort, no matter what you try to put into your proposed solution - if the goal is to prevent crime, and there are available solutions out there that allow for e2e communication, the goal does not stand. You can't have a corporation banned from e2e, but allow any random dude spin up a secure communication platform without any keys compromised - what are you even banning then.
It amazes me that "corrupt politicians" is shrugged off just like that, while corrupt officials of any kind is exactly what everyone need defenses against with ANY means. In China, they are in the process of legislating exactly what you propose - no private encryption key to be withheld from the law, and yes, you did not misunderstand, it's at the scale this implies, total control and ability to observe over all traffic and restive data at any time - even forgetting all that is happening now, that leaves little unattended by law there.
Now, what, China is a "bad example"? An "exception"? I'd say this attitude coming from governments is the norm around most the world. Where people are at real risk from what say say over the net.
Out of all such countries, let's take China. Do you believe China should reverse its course and allow encrypted communication for its citizens? Based on your words and thoughts, I say you would answer "no". It's doing exactly what you propose after all - now, the only tiny step to totally suit your proposal is to use their powers for "good"! Right? And they indeed using it for good, according to their own legislation.
Because, if you nonetheless said "yes, China should allow e2e in favour of its citizen's rights", you would in essence be saying that "Freedom loving Western countries" should give the law total access to any information (they will always do it only when needed, of course!), but the same countries should pressure "totalitarian regiments" to maintain their citizens rights including encryption. That's contradictory, at least by thinking about it only for a bit.
There's a correlation between these things. Any power given is sure to be abused. If that is not prevented and pushed back, it will not stop but worsen. Trying to find a formula to give absolute power and restrict it at the same time is just fooling around, it's the core assumptions that matter. Unless you really think that some governments are somehow immune to becoming corrupt ant totalitarian when meeting no resistance - their people must be saints indeed! - in which case, I am sorry to say, but I can only chuckle.
Read what my proposal was and stop beating the strawman (i wont attribute this to malice as you clearly havent read any of it).
With my proposal law enforcement can access to the unencrypted data far less that they can do it now (under the rag) and when they access they are under scrutiny of judges while it prevents corporations accessing it.
Maybe do take time to think about what country is, what government is and to who it serves, what corporation is and to who it serve, maybe ask yourself what the law enforcement is and who does it serve, if you dare go into further, what if there would be no law enforcement? Do you have the muscless for that?
Or chuckle mindlessly on. I think your whole statement is demanding advantages in system where someone else takes care for you to allow you to not think about dissadvantages.
> As an illustration, if we get reasonable evidence suggesting that someone is growing marijuana in their ranch, we can get a warrant and go inside. There's not too much the owner can do to stop it. However a perfectly encrypted iphone cannot be broken into, no matter if the entire world agrees that there's evidence of crime in it.
These examples are talking about a different thing, we should be careful to not mix them up since the arguments for and against can be different.
The discussion prior to your comment was about protecting data in transit (end-to-end encryption); both your examples are about data at rest (full disk encryption).
With encrypted data in transit, not only can it be broken into by intercepting at the endpoints (in the case of video or audio calls, even through the physical world by pointing a camera and a microphone at the user's device), but also the end result of an end-to-end encrypted connection is much closer to a physical world private conversation (can be "broken into" only by intercepting the endpoints, that is, pointing a camera and a microphone at the persons involved).
With encrypted data at rest, the best physical analogy is a diary written in code; even if the whole world agrees that it contains evidence of embezzling, it cannot be decoded without the help of its owner's mind.
With regards to security analysis the only difference between the physical world and digital word is proximity (hops) between agents, or evidence, in a conversation and convenience of access. Software developers tend to think purely in terms of controls and exploits, which is a tiny subset of security. Even conversations in the physical world can be encrypted, for example if two people are speaking Pashto I would have no idea what is said. If it isn’t recorded for later translation it’s encrypted forever.
Those few distinctions are important from a legal perspective where agents of digital concerns are more likely operating across political boundaries at any given moment.
> There's not too much the owner can do to stop it.
They can make available fail safes to store the evidence in a physical safe with tamper proof mechanics. Breaking such a safe would destroy the contained contents in the process much like attempting to break an iPhone with supposedly perfect encryption.
Since you are talking about surveillance another common misconception I have noticed many software developers make is equating the terms: security, privacy, anonymity which are all distinct. Privacy and anonymity are both aspects of confidentiality but privacy is concerned with hiding the contents of a message where anonymity is concerned with hiding the agents of the message. Those two do not overlap. Confidentiality is one of three aspects of security, though from a legal perspective privacy is available in many contexts without application of security controls.
I don't think that any of the surveillance powers that the state is demanding with respect to electronics actually map that neatly to what was possible before electronics emerged. We're talking about conversations rather than physical effects, and it's not like you could obtain a warrant to retroactively obtain the contents of a conversation a marijuana dealer had with his client yesterday: once the vibrations were gone from the air, that data has been erased irretrievably. To listen in on the conversation you actually had to go there, which naturally forces you to be judicious with your surveillance powers by virtue of limited resources, whereas the electronic version scales indefinitely. On the other hand, as long as the people who are of interest to law enforcement still exist in meatspace themselves, everything that used to be possible is still possible: just as you could obtain a warrant to bug someone's room to listen in on a conversation, you can obtain a warrant to bug someone's room to observe their phone (or bug the phone itself, with physical access! Maybe that would be one rationale to finally force Apple to make its phones "repairable" by individuals :)).
> As an illustration, if we get reasonable evidence suggesting that someone is growing marijuana in their ranch, we can get a warrant and go inside. There's not too much the owner can do to stop it. However a perfectly encrypted iphone cannot be broken into, no matter if the entire world agrees that there's evidence of crime in it.
Is that a terrible thing? It's not like they are hiding guns in their iphone. While there could be evidence in there, at some point there is physical evidence in the real world. Just making it easier to convict them is not a solid argument for weakening protections for everyone.
I think this argument makes me more sympathetic to law enforcement’s desire than any other I’ve heard.
I can really flip my brain around and see how this desire for non encrypted communication to be the standard could come from a good place.
That said, I still come back to my default stance: crimes need to be exist outside of the private communication, to be a crime. At least under US law, where it’s very hard for just pure communication alone to be a crime.
So go investigate whatever it is that is an actual crime and causing actual harm. Making communication not private has tremendous potential chilling effects on actual thought, because people think by talking!
> Given this, why can't we strive for a similar system on the virtual world as well?
1. Encryption is an indispensable part of pretty much everyone's life. I can't imagine there's many people in our society that go more than a few days without using it.
2. If encryption can be broken by the police, it can be broken by other actors. Full stop.
2.1. It is been shown impossible for our government to keep a secret like a master key.
> As an illustration, if we get reasonable evidence suggesting that someone is growing marijuana in their ranch, we can get a warrant and go inside. There's not too much the owner can do to stop it. However a perfectly encrypted iphone cannot be broken into, no matter if the entire world agrees that there's evidence of crime in it.
let's wait until something like a "perfectly encrypted" phone actually exists before we go down this road. AFAIK, the feds have eventually been able to break into the phone in every high profile case where the issue has come up. it's not impossible, they just don't want to pay what it costs.
Speaking more broadly, surely there is a point between zero privacy and 100% surveillance that we can all move to. If we take the encrypt (E2EE) approach to everything and all aspects of our lives, i.e. we should be able to protect our faces from video recording when walking into banks, then surely the system would be more open to abuse by bad actors. Accountability in society is what drives good behavior....if we take that away then chaos reigns. Therefore there must be a balance which is why the whole 'let's encrypt everything and protect everyone' feels like sometimes it goes too far and borders on zealotry...Yes I feel that personal freedoms are important but so is the state in mantaining peace.
I think it's fine to have cameras in a shop or in a bank or whatever the virtual equivalent becomes because they serve a clear security purpose.
The problem with not end to end encrypting private communications is during a lockdown people now have nowhere they can go for a private conversation. If you invite someone over to your house for drinks or for dinner you feel you can talk freely because the government doesn't have cameras in your house, that would be an invasion of privacy. Where is the virtual equivalent of that once zoom is not longer private?
Remember your freedom will be taken an inch at a time. Not all at once.
I'm not completely sure what the answers are here yet, but I do agree that it can be very psychologically reassuring to know that the only people involved in a conversation are the genuine invitees.
That said, abusive people do exist and are a legitimate problem, given the damage they can cause. Their abuse may be overt (threats, violence, noise, etc), or it can be subtle (for example, manipulation over long periods of time).
Some of that abuse may come from prior anger and frustration outside their control, and perhaps it's good to allow people to let that out -- as long as it doesn't end up harming other people in the process.
Would the situation be improved if the service provider could only step into the meeting when explicitly requested by participant(s)?
To follow your analogy, that could be seen as the equivalent of someone experiencing a medical emergency during dinner at your house and requiring outside assistance.
All these options would be gamed and misused, as they are during existing use cases in real life. Some people over-react, many people under-react, and society itself changes so it's important to build in flexibility for transparent and accountable change.
If you somehow accidentally invited an abusive person to dinner and they started acting abusive you would ask them to leave. Then when they don't leave you call the police. Really a stretch to imagine that happening more than once a lifetime.
In video calls you don't even have to do that, you can just kick them from the call. You don't need Zoom to step in you just kick them.
I really don't understand what you are getting at with the abusive people thing. What sort of situation are you imagining exactly?
Phishing is already handled by email. Don't click the zoom meeting link in the email from a Nigerian Prince and you will be fine. In general I don't see this being a problem with Zoom but rather a problem with clicking links from dodgy sources, zoom meeting links just happen to be one of many.
If there are others please list them because I'm struggling to understand the overarching thing you are getting at and examples would help with that.
True, and I don't support Zooms decision. You said:
> Where is the virtual equivalent of that once zoom is not longer private?
What I meant by my comment is that there are good alternatives that are E2E and free, like FaceTime (ok you need an iPhone or Mac), WhatsApp, Signal etc. So people can just use that if they don't want to pay for Zoom (again, I don't think they're making the right decision either).
People will choose convenience over privacy when they can't see the threat. Zoom is convenient for video calls because it allows you to see all the people in the call on one screen, you can schedule meetings, the connection quality is good, it supports screen sharing and it's fully cross platform.
You already disqualified Facetime because realistically some of your friends and family have Android and Windows. WhatsApp connection quality is flaky, same with Skype. Does signal support group class? If it does maybe it could replace Zoom. Maybe. But all these options existed before lockdown and people still settled on Zoom because it's more convenient.
Either some massive scandal has to happen to make the public more privacy conscious or there needs to be e2e encryption by default, as a standard. With or without invisible state surveilled cameras shouldn't factor in to which dining table I buy.
>that are E2E and free, like FaceTime (ok you need an iPhone or Mac), WhatsApp, Signal etc. So people can just use that if they don't want to pay for Zoom (again, I don't think they're making the right decision either).
https://twitter.com/alexstamos/status/1268199863054811136
2) None of the major players offer E2E by default (Google Meet, Microsoft Teams, Cisco WebEx, BlueJeans). WebEx has an E2E option for enterprise users only, and it requires you to run the PKI and won't work with outsiders.
Actually, the government already has, and has always had, stasi-like tendencies, they just happen to mostly target people who are not given a platform to talk about it.
Police and other law enforcement are already using legal powers to infiltrate and monitor 'radical' political groups such as Black Lives Matter, just like they have in the past with civil liberties groups. In fact, as we discovered in the COINTELPRO leaks, they were going way beyond the legal limits, having been complicit in the assassination of Malcolm X, and having tried to blackmail MLK into committing suicide.
Of course, it could be that such things don't happen anymore. Or, seeing how the police in Minneapolis are actively targeting journalists, it is significantly more likely that we just don't know about it yet.
No large state has ever tolerated real dissent to any great extent. The state doesn't have to be as paranoid about dissent as China or the USSR (which almost require(d) enthusiastic support) for police powers to eb abused against the legitimate interests of citizens.
Fair point with regards to government overeach. I feel like this is both a practical and political question we would need to answer as a society. What level of surveillance would be acceptable? Zero? Some? Maybe when for temporary accounts with no identity attached?
Inheritly in society, there was always some form of surveillance. When we left our homes, people around us could see and hear what we are doing and there in report suspicious behavor. Now we are adjusting to a new way of life with new forms of surveillance which are harder to detect. I completely get it and I more for encryption then for not. I guess I am also challenging myself to see both sides and think about a middle ground.
While Western governments could be better behaved, I'm feel like comparisons with the stasi are somewhat extreme and out of wack. I live in the UK and generally speaking I'm happy with the government here when it comes to surveillance. Maybe the US has a greater focus on security but they are a long way from stasi.
They might be long away from stasi now but you don't get there in a big leap you get there slowly, justifiable inch by justifiable inch until the surveillance is enough you don't have to justify it anymore because people are too afraid to protest.
If you want to discuss surveillance then yes of course it's a matter of degree. Putting cameras in a bank vs putting cameras in a pub vs putting cameras in your home. As you can tell in the real world it's clearer when it's a step too far. In the digital world we need to be more careful because it's unmapped territory.
You need to think hard about why it's an invasion of privacy to put cameras in your home. It may seem obvious but it's not. Once you understand the reasons why that is an invasion of privacy then you can start to draw analogies to the digital world and understand what is going too far and what is not. The problem is people don't have a deeper understanding of the reason we need privacy so they are easily sold security in the form of digital surveillance without understanding the eventual consequence.
I don't think it's practical to focus on the amount of surveillance as it is its nature and whether or not it can justify itself.
We already live in a society where widespread aggressive authoritarian surveillance that doesn't justify itself is commonplace. Snowden proved this. Your emails are read. Your naked selfies looked at. Personal data is used frequently to crack down heavily on legitimate dissent. These are unquestionable and it's getting worse and more entrenched, not less and it hasn't caught a single act of terrorism like it was set up (ostensibly) to do. The question is, how do we personally react to the unchecked growth of stasi-friendly surveillance infrastructure?
I think arguing that western governments could be better behaved is a fair point. The stasi also could have been better behaved. Frequent appeals to moderation didn't make them behave though and they haven't and won't make western governments behave either, though.
Appeals to moderation have a null effect because if the goalposts keep being moved, so does the moderate position. If you want your opinion to never matter at all, always pick the moderate, middle ground opinion.
That's equivalent to saying that there is a point that provides suitable authentication/privacy/… for me to ask my bank about things and instruct my bank to do stuff on my behalf, and also privides little enough privacy that any criminal goings-on can be surveilled.
Since money is key to many crimes and finding out who controls the money is an important way to investigate crimes, this in turn means that that point of agreement has to secure me from surveillance by badguys when I talk to the bank, and permit surveillance of the same badguys when they talk to the same bank in the same way.
This might perhaps be possible but the word "surely" seems inappropriate.
When you actually see the horrors of abuse, helped by internet and you realize that there are voluntary walls to protect these people (encryption for instance, but others too) you may have a different position. I would willingly give up that just to see children (or whoever) saved.
You may not, that's a choice. I would just like to know whether you have seen what actually happens in these circles before making a decision.
Also, I live in a normal country where this concern (state surveillance) is less of an issue.
Sounds as if you could also say that all photos people ever take, should be accessible to the government and police, to protect the children. And things people say in their homes, need to be accessible to the police, to maybe rescue kidnapped children.
> When you actually see the horrors of ...
I heard about someone working as a nurse, in an emergency room, and because of witnessing injuries from traffic accidents, she decide to never be in a car again. I can understand that, I think that decision makes sense.
But not handing over people's communication to people like Trump and Putin etc and their men.
2) None of the major players offer E2E by default (Google Meet, Microsoft Teams, Cisco WebEx, BlueJeans). WebEx has an E2E option for enterprise users only, and it requires you to run the PKI and won't work with outsiders.
The tweet you linked is newer than this discussion. And it's also misleading. The major players in the business world aren't E2EE today, so Zoom is breaking ground in that way, but as far as free offerings go FaceTime is E2EE and that's certainly not a niche service. WhatsApp is also E2EE. And there's a platform called Wire which I'm not particular familiar with but claims to be E2EE. And it's also a paid service, which suggests it's targeting businesses. I guess it just doesn't count as a "major player".
dick flashers for one thing, and the pattern of connections or attempted connections should be a partial indicator of this sort of abuse, perhaps there should be somesort of flag that could be set on such an account for inappropriate behaviour, or even liberally thinking there should be an adults only adult activity flag to set.
this is a hydra that shows up every time someone creates a video chat there is a problem with sausage parties and sextual blackmail that needs work arounds
luring people to invite them as per clickbait methods, using obfusication so they are accidentally invited, straight up blackhat hacking to manipulate the system, early on the public meetings were getting bombed by flashers
these types are handled by identifying and outing them, or chasing them away, internet has to go beyond the "your ip number is" thing and demonstrate that there is a real knowledge of who they are, and that they are bothering people and it isnt going unnoticed.
Even if identifying dickflashers is their primary concern, situation can be helped by improving security, not decreasing it. Non-guessable meeting IDs, passwords, maybe unique invite links so it's possible for meeting orgs to identify who invited the flasher.
If someone sends clickbait invites to abusive meeting, then victims can trivially report it, possibly with screenshots.
> Their E2EE design will make it impossible for Zoom employees to enter E2EE meetings without permission
If this is acceptable to view a meeting without permission under abuse pretense, then it's also possible to do so even if someone's doing nothing wrong.
Even worse, if their system is compromised, a bad actor could monitor free users' meetings without any protections. And what is stopping those bad actors from getting a paid subscription, or maliciously gaining access to a paid account? Or these bad actors could use another system that doesn't compromise (Signal) or host their own.
Security comes in layers and logs. A system without these layers and accountability isn't secure. Zoom isn't secure, and is using law enforcement as a scapegoat and pretense to keep their security low.
Zoom has said that employees can enter a meeting, but there's no way to do that without being seen on the participant list and there is no way to record a meeting secretly. They've also said they wouldn't build these things.
>We also do not have a means to insert our employees or others into meetings without being reflected in the participant list. We will not build any cryptographic backdoors to allow for the secret monitoring of meetings.
I don't get it. So they're fine with abuse, as long as you're paying them for it? Or do they have some sort of E2EE backdoor (probably, since they manage the keys), that they want to selectively apply, but can't do so if people are constantly using burner accounts, and thus want E2EE users to be somewhat anchored to their payment information?
The relevant bits I got from it were that there are a bunch of bad actors who create new Zoom identities and host meetings a few times before moving on, and Zoom needs a means by which they “can, if they have a strong belief that the meeting is abusive, enter the meeting visibly and report it if necessary.” Their E2EE design will make it impossible for Zoom employees to enter E2EE meetings without permission, so giving E2EE to the free tier will enable people to use Zoom meetings to facilitate abuse.