Ask HN: What are your arguments in favor of end-to-end encryption?

190 points by rahuldottech ↗ HN
Also, how do you respond when someone brings up concerns of E2EE platforms being used for child sexual abuse imagery or terrorism?

Keep in mind that these arguments have to be made to laypersons who aren't necessarily from the United States, and who don't usually have a lot of technical knowledge.

254 comments

[ 3.1 ms ] story [ 255 ms ] thread
Just because someone can abuse a thing doesn't make the thing bad, it makes the person who commits the abuse bad. We don't ban cars to fight drunk driving and we shouldn't eliminate the spirit of the 4th Amendment to go after child pornographers, terrorists, money launderers and drug dealers. Even with E2E encrypted communications the fact that user A is communicating with user B, when, and for how long is knowable, and that metadata alone can be sufficient to get the warrants necessary to effect legal, invasive searches without disturbing the rights of everyone else.
American liberals are perfectly fine with wanting to ban guns just because of some bad actors. Why does their defense of E2E encryption somehow cover child abusers? Don’t legal, law-abiding gun owners deserve better than pedophiles?
Guns are directly linked to the actions of those bad actors. A private tunnel of communication is not so directly linked to the actions of child abusers (nor the images they share on these platforms).
If you use E2E as a means to sell or auction a person against their will, wouldn't that directly link the technology to their illegal action?

Also, distributing child porn is itself a crime, separate from the abuse. So you would be directly using E2E in a crime that way. Are you implying that some laws hold less moral or legal value? If so, what are the differentiating factors in that decision?

(Don’t) Try to use the sole function of a gun on yourself without harming yourself. Now use WhatsApp on yourself and see what happens. Do you do nothing because you have to think up something to write? The act of writing up the auction is the first part of the crime. Even if you don’t go through with selling a human you may or may not have, you may still be charged for having written that message and sharing it somehow.
I don't see the point you are trying to make.

Using the function of a gun on oneself is not a lawful use case, just as selling a human is not a lawful use case for WhatsApp. A more apt comparison using your example of not writing anything to encrypt would be the possession of a firearm compared to the possession of an E2E system. Both have lawful as well as unlawful uses.

On the part about writing the message being the first part of the crime and comparing that to committing suicide with a gun, the gun is the means by which the crime was committed, just as the means for the crime of selling the person would have been the medium through which it was transacted - WhatsApp in this case.

Perhaps you where trying to explain something else?

I see these comparisons made so, so frequently and it bothers me. Guns are not the same as encryption or cars. Yet they're so often made in apples to apples comparisons that it's mind boggling to me.

Weapons are uniquely special in that they are specifically designed to maim and kill. Via defense or justified actions is irrelevant; it's a tool of war. Arguably, if there was E2E software that was specifically designed to maim and kill it might be received in a similar manner as guns.

I'm not saying guns don't have legitimate uses or the right to ownership in the hands of legal, sane owners.

You don't think if people started using impaling spike strips for the front of cars that there might be similar discussions about banning said strips?

Many who advocate for tighter gun control make exceptions to hunting rifles. Those very clearly have a use other than the death of humans. Could they be abused? Certainly. But tools can be abused all over the place.

However when someone takes a weapon, designed for slaughtering, and slaughters with it.. well, can you blame people for questioning the validity of owning these items?

"Those very clearly have a use other than the death of humans."

"Via defense or justified actions is irrelevant; it's a tool of war."

Your two statements above conflict. All types of firearms have been used in war, yet you want to make exceptions for hunting rifles. How do you explain this? Also, how do you differentiate a weapon designed for slaughtering versus a tool as you use both in relation to firearms?

They're not designed to maim or kill, just to accelerate a piece of mass. Police regularly use beanbags and target shooting is an olympic sport. Designing firearms spans all of STEM and keeps people employed well.

If the US government wanted to reduce the lethality of firearms, they would ban calibers, not accessories. Even so, a .22LR olympic pistol is enough to take down a bodybuilder with one critical hit. So olympic shooters could become murderers overnight, or have their weapons stolen. If not, why suspect that average people would instead?

You can do the same with e2e encryption. It’s not secrecy, it’s literal 1s and 0s.
If the encryption was successful and 'unbreakable' it better be just 1s and 0s.
This line of argument is disingenuous.

Blades are, at one level of abstraction, designed to sever fibers and occasionally other materials. A straight razor is designed for a human to use to shave hair. A nakiri is designed for a human to use to slice vegetables. An executioner sword is designed for a human to use to kill another human by decapitation.

Likewise, many firearms are designed primarily to be good for shooting other people to incapacitate or kill them. I do believe most people should be able to obtain such weapons, but I don't find it difficult to imagine why someone might think otherwise.

If that's the case why do such laws exist as foldable knives and switchblades being illegal to carry but sturdy full-length ones are fine, in some countries? Why is banning pistol grips considered having prevented or hindered lethality?
I think bans on types of weapons, and on tools that can be used as weapons tend to be based on public perception of who uses them, and for what purpose. Politicians do not consult masters of knife-based martial arts or designers of fighting knives when drafting legislation about knives. Politicians backing gun restrictions in the US famously tend to be unable to explain the function of features banned by their legislation.
It is exactly the same with guns. Mind you i come from country with relatively hard to get gun licenses.

What about sports shooting? Collecting? Personal defence in dangerous areas? Hunting(which because we fucked up ecosystems in some areas, culling is necessary)?

Also over here modern black-powder guns are legal, without license. And they are both VERY dangerous(way more dangerous in a crowds) and relatively cheap. There is a legal requirement that you have to load the bullet as separate parts(gunpowder, bullet etc).. but what's going to stop a criminal from going on rampage and from preparing them in advance?

Gun violence is a symptom of a worse issue in the society, banning guns will just hiding the symptom of the issue. Why they go on rampage? Why some people need it for personal defence(dangerous neighbourhoods? work-related?)? Why do we need to cull the wild animals from time to time?

Heck, if someone wants to go on rampage people they don't need guns, in a big crowd chef knife will be as deadly. And you can legally buy a machete too, or chainsaw, or axe, or whatever.

Bombs can be made from household items and there are plenty of instructions online. There is a schematic of timed detonator on Wikipedia on Casio watch page (google Casio terrorist watch).

It all boils down to proper culture of handling weapons, and not treating them as toys.

The difference between impaling strips and guns is simple: one is used, legally, in specified areas(shooting range, countryside for hunting, at home for defence etc.), while other is mounted permanently and used in public space. One shouldn't keep the gun assembled while transporting it - except if it is for personal defence.

I seriously have no issue with people using impaling spikes in wreck racing, as long as they are within regulation of the race. but on public road? hell no.

In a perfect would we wouldn't need guns at all, as there would be no reason for them to exist.

Can you explain why a black-powder gun would be more dangerous? I don't see what would make them so much more dangerous than a typical rifle.
You basically load the cartridge in by hand every time. If you leave some space between the powder and projectile, you risk the gun blowing up.
> What about sports shooting? Collecting? Personal defence in dangerous areas? Hunting(which because we fucked up ecosystems in some areas, culling is necessary)?

I covered that in hunting rifles. Various types of rifles have legitimate uses. However, it's an argument not in good faith to say that anything with a possible sport should be legal.

I can't make a rocket launcher sport and demand that rocket launchers become ~freely~ fully legal because it has a sport. This is a bad argument.

> Gun violence is a symptom of a worse issue in the society, banning guns will just hiding the symptom of the issue.

I agree entirely. You can have both however, mental health and restrictions. See: most first world countries other than the US.

The funny thing in these discussion is we already do have tons of regulation. The line is already drawn, we're not discussing drawing it, we're discussing whether or not we should move it.

Your arguments could be made about various rocket launchers or, hell, missiles and bombs. The line is already drawn there however, and the same argument for and against various rocket launchers (some legal and some illegal I believe), missiles, bombs and etc could be used in both cases.

Neither argument for or against guns inherently wins the argument; there's subtly in both. However it is my belief that the same reason we don't let people own larger scale weapons of destruction is valid for the larger scale automatic / semiautomatic weapons.

I am in full support of hunting rifles. Less so AKs and the like. I don't care if you have a sport around AKs - in the same way that I wouldn't care if you had a missile "sport".

edit: words

AKs and ARs are used for hunting and use the same rounds as other non "assault rifle" weapons. There is no ballistic difference. Both are just as deadly. Moreover, many more people are killed with knifes than rifles[1].

1. https://ucr.fbi.gov/crime-in-the-u.s/2017/crime-in-the-u.s.-...

> Moreover, many more people are killed with knifes than rifles

I'm sure. Just like I expect cars to be more dangerous than guns, too. But you're drawing odd conclusions. My point was that tools have a place. A car is a tool. A knife is a tool. A hunting rifle is a tool.

A rifle with the capability of mowing down herds (or people) with a high rate of fire has little merit in my mind. I speak generally, because I don't explicitly mean automatic/semi/etc because that's a whole other debate. Hunting rifles don't need "mow down herds" capability. Likewise, if you can walk into a store and shoot 50 people with ease, I question if you really need that capability for hunting.

How many people in a crowd do you think you can kill with bolt action hunting rifles? Likewise, how many people in a crowd do you think you can kill with a knife?

I despise these arguments of "but I have sports with X guns!" or "but I use X gun to hunt!". You can fish with explosives but it's not needed nor is it legal in many places.

I support rifles for hunting, but there are limitations on the types of rifles, rate of fire, real use cases and etc.

"I support rifles for hunting, but there are limitations on the types of rifles, rate of fire, real use cases and etc."

Can you explain what those limitations are? Your mention of use cases and what is neccessary may conflict with others'. For example, quick follow up shots are necessary when hunting multiple feral hogs to reduce their environmental impact.

guns have legitimate uses such as defense and hunting.
Maybe you missed the part where I discussed defense and hunting.
The argument is: If you (USA) accept that kids are harmed due to lack of gun control, then do not use harm to kids as an argument against E2E encryption. It is hypocritical.
Just because the victim is the same class of people does not make those equivalent or make us hypocritical.
> Weapons are uniquely special in that they are specifically designed to maim and kill. Via defense or justified actions is irrelevant; it's a tool of war. Arguably, if there was E2E software that was specifically designed to maim and kill it might be received in a similar manner as guns.

This is nothing more than a politically motivated lie.

You cannot escape the fact that guns are overwhelmingly used for peaceful purposes that do not include maiming and killing. If this were not the case, Americans would all be dead or maimed by the guns that outnumber people in our country.

Even where the evidence strictly supports your claim, it counters the intent you imply. FBI standards for selecting ammunition, for example, test penetration through clothing and material designed to simulate a human body, but the intent is to stop lethal threats with a minimum of collateral damage. Quite opposite to being "designed for slaughtering", they are designed to minimize harm, while serving a defensive purpose.

> Via defense or justified actions is irrelevant

I think you'd find the opposite to be the case if a person were threatening your own life.

I'm against most restrictions on gun ownership as I assume you are, but I can't agree with your analysis here.

Though I'm currently living somewhere it's not legally possible, I have carried a pistol for self defense in the past. I never had to draw it or fire it at anybody. Nobody is dead or maimed because of my pistol. When carrying a pistol, I was always especially careful to try to de-escalate any potential conflicts, because I do not want to maim or kill anyone.

Its designed purpose, however is 100% to maim or kill other people. I carried it in case I needed to maim or kill someone (or more likely, use the threat of doing so) to prevent harm to myself. It isn't a piece of sporting equipment that's only incidentally deadly, like a target pistol, but a purpose-built defensive weapon.

Claims that the subset of firearms designed primarily to be antipersonnel weapons are something else come across as disingenuous to neutral observers. I hold pro-gun positions because I believe individual armed self-defense is a good thing, not because I think we should consider guns primarily as sporting equipment and only incidentally as weapons.

Even then... outlawing guns won't stop criminals from using them.
I love this devil's advocation. I certainly don't agree with it but it makes a great conversation.

Stir that pot.

> I certainly don't agree with it but it makes a great conversation.

Does it though? It seems like a fallacious comparation for reasons that other comments have already explained. And as such, it makes a confuse, meaningless conversation.

Yeah I guess that's fair. It's a fairly shallow attempt to evoke a response.

At the same time, I still enjoy it because it did create a lot of responses.

I find discussions these days end up being an echo chamber of the same opinion. Something different and something to argue against is more interest than everyone just confirming each other.

Guns can be controlled without eliminating them from the hands of the public. E2E encryption cannot be "controlled" without undermining it's nature and purpose.
What if the government decided that you can use E2E encryption, but only using encryption protocols they are capable of cracking? Like, you could only use DES for your E2E encryption. That'd be similar to how gun control is now; you're allowed to have them, but only if the government approves them. If you need stronger than DES, you have to send in an application to the federal government, just like people who want automatic weapons or suppressors.
For me I think we will really get to a world where thought is augmented digitally in addition to just communication. My thoughts and my communications are private and just because it is possible to monitor them doesn’t mean it should. Mostly deontological as it’s wrong to invade privacy, but also utilitarian as to allow creativity and construction privacy is essential.

So I look at this through a lens of what would be allowed on my thoughts and speech. Would it be ok to read everyone’s mind to prevent a terrorist act? No because the damage caused is greater than the damage prevented. Not to mention it would most likely be used to charge for IP infraction or speeding tickets or some other banal infraction.

(comment deleted)
It's the same fear mongering that you hear from gun control people. Facts and statistics say otherwise, sneaker liberals believe you are too stupid.
An argument I saw recently that I liked:

“Because a citizenry’s freedoms are interdependent, to surrender your own privacy is really to surrender everyone’s. Saying that you don’t need or want privacy because you have nothing to hide is to assume that no-one should have or could have to hide anything.”

So while I'm not currently rebelling against my government, I'm sure as hell glad the protestors in Hong Kong can get their hands on E2E encrypted chat.

You can kill someone with a hammer or a chair. Doesn’t mean we shouldn’t have them.
A computer can be used as a weapon.

Just ask anyone who has been hit over the head with a laptop.

Ban all computers.

Freedom. Nobody, and least of all a government, should be able to decide what software you use. If their will stands above yours, you are a slave. Do you like slavery? Do you love yourself?
> If their will stands above yours, you are a slave.

I'm not making an argument about encryption, but you know there are these things called "laws", right?

Yes Mr. Kissinger. Those are an attack on the freedom of individual.
Is this about adding E2EE to the common platforms?

Pedophiles and terrorists are already using E2EE I would think, so this is really about government being able to spy on everyone.

They don't have that ability IRL, why should they online?

More importantly, what are the macro consequences of government access to everyone's private communications, and especially, the oppressive effect on free speech etc when everyone is aware they are being monitored (I do sometimes wonder if Snowden was more 'deliberate leak' than 'whistleblower').

What are your arguments in favor of knives? How do you respond when someone brings up concerns of knives being used to stab people?
(comment deleted)
In my country knives are heavily restricted. They are not for sale to young people, and having a blade in a public place without a good reason is a crime. (And no "for self defence" isn't a good reason)

I was literally sat in a Crown Court on Wednesday for a trial where two guys were on trial for knives and GBH. Cops chased one and he had a blade in his back pocket when they caught him. Why? Well based on the call to the police and the witness evidence I expect if I'd spent a couple more days in court the story would be that he'd just stabbed somebody and so that's why - but even if he'd been caught on his way to stab somebody and never got there it's the same story. Nobody who'd come to play PS4 needed a knife. Nobody who'd come to play hide the sausage, or watch TV, or just sit around and get drunk needed a knife. They had knives so they could "defend themselves" when shit kicks off, which is why shit kicks off, which is why we have a law so they get locked up before they kill each other. Among the witnesses I didn't miss (because they refused to say anything) were the stabbing victims. Code of the streets see, it's OK to try to murder one another, but you mustn't tell the cops anything, this massive slit in my stomach must have been from being clumsy with nail scissors. (The medics unsurprisingly take the view that wounds are instead consistent with getting stabbed by somebody with a bladed weapon...)

The calculus for knives probably looks pretty different if the majority of nearby large mammals are Starbucks employees versus if they're Grizzly bears, or indeed Sheep, and so I don't pretend to think these laws make sense everywhere.

But the calculus for encryption is the same everywhere. We definitely don't want most people to be able to attack this stuff. But it turns out "Not most people" wasn't on the menu. "Nobody" and "Basically any motivated bad guy" are our available options, so let's pick "Nobody" and deal with the social consequences of that.

> how do you respond when someone brings up concerns of E2EE platforms being used for child sexual abuse imagery or terrorism?

These are only a tiny part of uses of encryption. Ask anyone if he would like to have his bank transfers, or his credit card credentials in plain text. End to end encryption allows the whole internet to act as a commerce platform.

Encryption allows journalists and activists in strict, controlled regimes to let facts out. It allows an abuse victim to safely expose the abuser. It allows at a broader spectrum to maintain secrecy when secrecy is the only way a subject has to distantiate himself from harm.

Disabling end to end encryption requires an implicit good faith on those who look at our communications, and the history is full of abuse from those figures.

You are confusing E2EE encryption with encryption in transit/rest in the commerce example. The majority of transactions today are encrypted in transit and (you would hope) encrypted at rest so that the bank and selected parties can access the data (including the customer). There is no bank that would encrypt financial data using E2EE so that only the customer and merchant could access it, which is the analogy here on E2EE with messaging.

Sure, now we are looking at tokenization which reduces the risk merchants store your details insecurely, but commerce will always require a bank to store your information and share it with legislators for anti money laundering purposes etc.

I think it would be entirely reasonable to have communications between a person and their bank end-to-end encrypted (isn't that the goal of SSL?) as well as communications between a person and a vendor or a vendor and their bank. Wouldn't this cut down on the instances of credit card information and other data being intercepted while in transit?
> You are confusing E2E encryption with encryption in transit in the commerce example

I think he meant to do that. E2EE between two people has the same kind of requirements as E2EE between a person and a server. If you're trying to say point-to-point encryption, where the server is just a relay between the points, and it handles the data unencrypted, then I think all the arguments for E2EE apply here as well.

They still catch them, usually by posing as a "bad guy" and infiltrating their group. That's how it's been done forever, and it still works that way.
Twofold: one, criminals are, generally, stupid. They're not going to be perfect, and when they slip up we'll get them.

Two, people are sex trafficked in cars and in planes as well, should we stop using those? "But we can patrol and monitor planes and cars and catch the bad guys!" Okay, but then why do they still do it? Did any of that stop sex trafficking? No.

Much like crimes using a gun are against the law doesn't stop criminals from using guns. Laws against backdoor-less encryption won't stop criminals from using encryption without a backdoor.

I'd be surprised if most of the "child sex abuse" and "terrorism" traffic isn't already encrypted.

Encryption is math. Can we really make a form of math illegal?

I feel privacy is a basic human right regardless of what country you live in.

I’m not fan of punishing the majority because of a screwed up minority.

People who commit illegal acts as horrible as child abuse and terrorism are not going to respect the law when it comes to encryption.

Again, you can’t stop people from doing math. The idea of making it illegal is silly.

But using it is applying math, so yes you could make its application illegal, says devil’s advocate because I am pro encryption.
Smarter bad actors could still do it without being detected. Hiding an encrypted message in unsuspicious messages isn't that difficult. I really don't see the point of having such a law.
Back to Devil's Advocate, You could say that about most laws, people breaking them will find more clever ways to avoid getting caught. The fact that you can be more clever, does not mean it should be legal.
> Again, you can’t stop people from doing math. The idea of making it illegal is silly.

I don't think anybody is suggesting two individuals should not be allowed to use math to protect their conversations. Even if Facebook adds a way for law enforcement to access communications individuals are still free to talk in code or encrypt their messages before putting it on the wire. With your old telephone, your carrier can wiretap your line but you can still use a scrambler or talk in code and the tap will reveal only metadata.

How is Facebook (or other internet services) being required to provide wire tap access any different from a telecom company?

Such a law would serve no reasonable purpose, though. Criminals can use one-time pads and it's also not hard to make a little encryption program based on existing cryptographic primitives. In fact, drug cartels have specialists for that who could probably even develop and implement their own secure-enough Feistel cipher if they wanted to.

The only purposes such a law seems to serve is to catch clueless idiots who will be caught anyway, and to enable mass-surveillance of law-abiding citizens.

Do the telephone wiretap laws serve any reasonable purpose?
Yes, because hardware devices for encrypting phone calls in real-time are not as easy to produce as text encryption software or stick-it notes with random numbers on them.
What does that have to do with whether or not a wiretap serves a reasonable purpose? Today, it would be incredibly easy for Apple to have encrypted voice calls as well.
A law must be enforceable, otherwise it is useless. A law for wiretapping voice phones is enforceable, because only few criminals have the capability to build their own hardware encryption devices for secure real-time voice scrambling. A law for wiretapping into text chat software is not enforceable, because anyone halfway skilled in cryptography can produce his own encryption layer on top of the wiretapped text chat. The worst inconvenience a criminal would suffer from such a law is that they would need to use the copy&paste function of their device.

A law that by design is not enforceable, serves no reasonable purpose.

Because encryption is math and knowledge. Banning it will only stop legitimate users while bad actors can still just go ahead and encrypt their stuff.

If politicians consider leaving everybody vulnerable to catch criminals, this is a incredibly high price to pay. I’d argue that the price is so high that even with evidence that this would help catch criminals we should still consider not doing it. However there is no evidence for that and my argument above explains why criminals would still be able to encrypt.

We should really stop implementing any security legislation without checking whether it actually achieves the stated goals.

I agree -- this is my fundamental disagreement with many laws that are in place. When they penalty to the good-actor is so severe to catch a small minority of bad-actors, it's a poor choice.

I do believe we should search for solutions, I don't believe that we should let a small % of bad actors control our lives.

Counterpoint (playing devil's advocate) - if we ban e2e encryption platforms (or require a backdoor), then anyone found to be using a non backdoored tool is suspicious, reducing the effort required for law enforcement investigations.
but then how am i going to keep my ssh server safe? i get break-in attempts every second. if ssh gets a backdoor, then i guarantee you it will be exploited.

intruders may not care about my communication, but they do care about being able to access my servers, so you can not force me to use encryption with a backdoor without putting me and my company at risk.

if encryption without a backdoor gets outlawed entirely i'll go out of business because i will no longer be able to run any servers.

This would be only true if this was a international law. In all other cases you will have a ton of people just using what the other side under a different jurisdiction uses without even knowing it has no backdoor in it. The increase in false positives that comes with this will make it an unusable heuristic to identify criminals.
Not sure if this outweighs concerns with E2EE, but governments unfairly discriminate against people with reasonable viewpoints I.e. government isn't perfect. So people with contrarian views should have a way to express views/organize. Historically governments couldn't watch what people were saying/doing at all times and E2EE allows that to continue in a digital world.
> how do you respond when someone brings up concerns of E2EE platforms being used for child sexual abuse imagery or terrorism?

The majority of criminals caught in transit doesn't warrant me giving up my privacy. They will still be caught in the same manners they are now, and it still offers them little protection over what law enforcement typically does.

First of all, break the assumption that encryption is for paranoid people. Ask the opposing side to defend regulation over E2EE.

You're in luck because there are no objective arguments against it. When they inevitably turn to emotionalisms like "terrorism" and "sexual abuse", cite how insignificant of a percentage "terrorists" and "abusers" are of all E2EE usage. Explain that a ban for one is a ban for all, them included, and that encryption in fact protects from people's spying on and planning over one's significant other/children/etc. Ask why politicians like Trump or Clinton can seek protection from aggressors but you, an honest-working tax-paying citizen unentitled to a private security force, should not.

Explain that criminals overtly show their psychological traits every living moment and it is the failure of the authorities to help rectify their behaviour lest they commit a crime; that it is a well-paid police proffession to monitor people for such traits. Such a profession that is gladly and frugally assisted by artificial intelligence which can be tied to any camera that sees you, any website that you visit; that the government and companies can make deterministic psychological profiles from metadata alone and some graph theory.

You can also reference absurdity by stating that, to avoid "terrorism" among E2EE, the government should simply ban "terrorists" from using E2EE. However, the Wars-On-.* have been proven not to achieve the original goal in US history but rather to cause collateral damage, much more drastic than foreign subversion could. So banning or regulating E2EE is an ambiguous goal which will fail.

Suspicious, maybe it was foreign subversion indeed. Would you like E2EE when you pay taxes and go vote? So why not for more close-to-home data such as intimate details that could be used against you by an enemy or in court of law?

And finally, the police force and government authority use and _develop_ E2EE. They ought to have hidden back doors in it. For the hundreds of millions to billions of dollars law enforcement receives in funding, they ought to have. So even if we assume they could catch "terrorists" and "abusers" more efficiently. Well, then they don't need such giant budgets from your wallets. Would you consistently pay dozens of dollars a month for private investigators to aimlessly roam the country, not even saying what they are looking for? So why let the government do it? You could purchase many sources of joy with that money.

* If it's really about few really bad crimes, then nothing needs to change. In addition to the traditional methods, Governments already have ways to hack a few people. It's just that the more people they hack the more likely it is that the hack gets discovered and they want to spy on the masses.

* We leak tons of metadata. Even with encryption it will be available to governments and gives them tons of ways to pin down people. Eg. in some cases police used location information of cell phones to create a list of suspects. A lot of that metadata is very hard to avoid so it's likely going to stay.

* You don't just protect yourself from the government, but also the provider. Recently a report surfaced about a yahoo employee searching his colleauge's yahoo accounts for naked pictures.

* Providers can also get hacked. If the data is in encrypted form at the provider, the hackers would have to issue an update of the client which is usually harder than "just" hacking some servers. Those hackers can even be foreign governments.

* Safe deletion gets much harder when you have to worry about data on your provider as well. There were stories about providers not deleting data that users explicitly wanted to be deleted. There's also the problem of safe hardware decomissioning. Although most big shops are handling this problem more professionally than most individuals who just run format on their laptop's hdd and then offer it on ebay, you still have to take them by their word and rely that they do their job well.

You cannot remove your personal data once it is released (except via a time machine...) and your government and state can use this information for political motives that are as questionable as child sexual abuse and terrorism. In particular, you can never discard the rise of terrorist states.
Maby if they could actually start acting on intelligence when dozens of people report that a kid is likely to conduct a school shooting I'd believe them. Even then, we all know this type of rhetoric from law enforcement is just posturing to force their way in through the front door. This is still a good exercise (documenting why end-to-end encryption is necessary), but don't kid yourselves. They will whine just like Trump until they get what they want. If nothing changes and they stop whining it's time to start digging, that probably means they got what they wanted in secret.
>Also, how do you respond when someone brings up concerns of E2EE platforms being used for child sexual abuse imagery or terrorism?

By not caring. Privacy is worth more than forcing criminals to put a small bit of extra effort.

Those who would give up essential Liberty

For a little temporary Safety

Deserve neither Liberty nor Safety

Edit: Also, when you "think of the children" you have to think not only of their immediate safety but to think of their future ability to freely and safely converse with their peers, no matter what the current government deems "acceptable".

If the right to bear arms is required for protection against a potentially corrupt or abusive federal government, then so is the right to use end-to-end encryption.
The security and safety of almost everything relies on strong, uncompromised encryption.

There’s no way to reasonably draw, much less enforce, a line dividing licit and illicit uses.

If you compromise some subset of messages, illicit uses will just move to a non-compromised technology.

So instead of drawing a line, which is impossible (and also comes down to human judgements about things like whether gay people should be killed) the only choice left, if you insist on being able to decrypt messages, is to legislate the ability to decrypt all of them.

First of all, good luck enforcing that; second, in so doing you will sweep in a lot of legitimate uses of encryption and make people and businesses less safe by endangering their finances, their privacy, and even their physical safety.

Because once you give governments the ability to read messages even assuming key escrow entities can protect the integrity of the system (unlikely) this ability will be abused by bad governments who have records of inflicting human rights abuse on citizens for “crimes” as minor as being gay, being trans, or saying the wrong words about god.

And in addition to being accessed by the bad people in government and the bad people drawn like flies to honey to work in the key escrow organization, the escrow keys will get out and be abused by more bad people which will be an entire other level of problems.

Just as E2EE can be used for crime, channels without E2EE can also be utilized for crime - mostly for blackmail, and especially if it gets compromised.

Even if you trust all actors involved in non-E2EE communication channel you can never assume that:

* This channel won't be compromised(hacking, wiretapping etc)

* That all actors involved(ISP, VPN host) will always stay trustworthy

Latter part is also related to laws - if you cannot prove that law cannot be abused by a bad actor then it shouldn't be a law.

Also banning encryption won't change the fact that it will be used. Criminals will still use it to hide their action, plus there is always steganography.

Also one of basic rules of law is "Innocent until proven guilty", banning E2EE basically reverses that.

I love the "nothing to fear, nothing to hide" argument, just reverse it and instead of applying to general populace - apply it to government as whole. Rules should work both ways - if citizens have nothing to fear if they have nothing to hide, the same should apply to all politicians and all government agencies.

My go to about a government backdoor is that the NSA hacking tools are now leaked and the leading tool for Crypto Ransoms;

If CIA and NSA can't keep dangerous tools safe and secure from the bad actors; if the FBI (commonly thought of as less cover) or local police have a ready backdoor access to my phone, messages, credit cards, or anything else, then they're practically already in bad actor's hands.

The similar argument is that my state has lost my personally identifiable information in no less than 3 security incidents.

Because making it illegal will remove benefits for 99.9999% normal people. Cryminals will keep using it when it's illegal.