Exclusive end-to-end encryption (e4)

I saw an article today explaining why the Earn It act in the US is a terrible thing. It focussed on why exclusive end-to-end encryption (I’ll abbreviate this as e4) is absolutely necessary and this Act will open the door to mass surveillance.

I have not yet formed an opinion about the act itself, but I do have a strong opinion about e4.

E4, to be clear, means that once you click “submit” from your web browser or mobile app, the data is no longer readable by anyone but you and the parties for which the data is intended. Not even the service provider has a way to look at the data, ever, even if asked by law; there is no computer algorithm that could decypher your data except if the cypher (your password, say) is weak; there is no way for you to access the data if you lose the password or the key.

This might sound good in theory, but in practice it will make the world a less safe place. The intent of E4 is to prevent hackers and thieves (aka “bad people”) from stealing private data that would give them access to your assets (whether hard like home, money etc, or soft like bitcoins, licenses, etc) either directly or by impersonating you, or making false accusations, etc.

It’s been shown time and again that openness is what makes people accountable. Everywhere, in every human organization. Corruption is possible only behind closed doors. Can you imagine if everything you see was encrypted and you could only decypher it if you had the right password in your brain? Can you imagine how much power that would give to people who don’t have integrity? If this were not true we would not need police forces, income tax audits, coast guards, security guards, etc! The internet is no different, we need policing/auditing there too. And therefore on the internet, as in the real world, you have to balance freedom with responsibility, privacy with community. You don’t do that by allowing everything to be hidden.

It’s been demonstrated that some people (I don’t know the stats, but as the saying goes, it only takes a few rotten apples to spoil the barrel), do the right thing only if they know they are are being watched. The bigger the crime/misdemeanor, the fewer people will try it. How many of you drive below the speed limit? This is not a big crime; it only means that every morning, there is an accident due to speed, and it takes every one else 1 hour to get to work instead of half an hour. There only needs to be one accident from breaking the law; because after that everyone is driving below the speed limit (until the mess gets cleared; and after that the traffic goes down).

Think about it : communication is necessary for organized crime; both to organize, and to sell. The only way to police organized crime on the internet is to have access to the same channels and data to collect evidence. If you’re an honest person and you do your job and contribute to your community, why do you worry so much about hiding *all* your data? If we lived in a country where corruption and abuse of authority were rampant, that would be different. And please don’t say that is true; not if you live in the US or Canada, and many other countries.

E4 (exclusive end-to-end encryption) is simply not a practical option in the long run for the Internet and the world to be a safe place for everyone. Encryption at rest and in transit are critical, but there has to be ways to monitor behavior and therefore data.