• RedFox@infosec.pub
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    10 months ago

    @GiddyGap@lemm.ee

    Since I also appreciate EUs privacy mindset, and you guys actually mentioned interesting things about the various populations, I’m going to post devil’s advocate question:

    Is there anything to allow privacy invasion we should do for law enforcement and CSAM? Since that’s all political excuses for it?

    Here’s a story I heard recently that talks about it from a technician cyber crime podcast: https://darknetdiaries.com/episode/131/

    Disclaimer: I cried while on a run in the middle of a populated area.

    My emotions on the topic go from shock and sadness to the punisher style rage, and what vigilante justice.

    There’s also apps like kik, where apparently this shit is unchecked.

    So my question is, can we all have our no data collection privacy, but still give law enforcement a way to hunt these pieces of shit into extinction without them overreaching?

    • Aceticon@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      edit-2
      10 months ago

      As with everything, there has to be Proportionality (are the gains from mandate backdoors on everybody’s software or mandatory taps on every phone out there so great they justify the high risk of massive loss of privacy and security of the general population) and ther has to be Independent Oversight, as in, it has to happen with a Court Order which is the result of a Judge having examined the case of the police and determined that there is sufficient reason to break somebody’s privacy, same as is necessary for the Police to break into somebody’s house to conduct a search, and we’re not talking about “special” surveillance courts with secret proceedings that even the defense attorneys can’t attend such as the US’ FISA courts and the UK’s equivalent (whose name now evades me) - though in the UK there are even surveillance systems which, by Law, the Police does not need a Court Order access as they see fit.

      Given that the smart criminals - read big, dangerous ones - don’t use phones they bought when showing their ID and where they have a contract that they pay from their bank account, and in some cases even use proprietary comms apps rather than the ones common people use (it’s not as if it’s hard to make an encrypted comms app for anybody with even just a bit of mobile development experience: I can make you one with unbreakable cryptography in a week, but it does require periodic transport of harddisks filled with random bytes because the key is as long as the message) things like mandated backdoors on widelly available comms apps only provide a mild improvement in Police effetiveness whilst openning a massive attack vector on millions, tens of millions, or even hundreds of millions (for the whole of the EU) of law-abiding citizens, hence are a massivelly dispropotionate solution versus other options, such as bugging the devices, direct surveillance of the suspects and so on.

      Also for me personally, having lived in the UK, you cannot at all in any way or form trust the Authorities with such power as they will with absolute certainty abuse it. Also even if a country’s authorities are squeaky clean, prim and propper today (most definitelly not so in the UK, were they even had surveillance on the Green Party, but most of Europe is better), there is no guarantee the next ones will still be so (remember, most of Europe was at some point under Fascist or Communist dictatorships), and in this day an age stuff once recorder exists forever and can be later fished out and used against you even when back in the day when you said it or wrote it, it’s was totally legit.

      So it’s the balance of pros and cons (i.e. the fail in Proportionality) that makes mandated backdoors on everybody’s comms apps for the purpose of surveillance, even under proper oversight by a Court of Law in a country with trustworthy Authorities and proper Laws rather than “funny” surveillance Courts, still be an unacceptable option.

      Yeah, you’ll always find cases were you’re told “if only we had backdoors in every comms app we could have stopped it”, same as you would for “mandatory taps in every phone” or “mandatory cameras in every person’s home” (though, “curiously”, they never mention the problem that with so much data it’s way harder to spot those single instances of lawbreaking), but having such things for every single person in a country is still an incredibly disproportinate solution for what it solves.

      • RedFox@infosec.pub
        link
        fedilink
        English
        arrow-up
        1
        ·
        10 months ago

        These are good points, well said.

        I agree. Insert great power/responsibility saying.

        They always seem to go off the rails.

        I would be in favor of mandatory disclosure (though, this would be extremely difficult and costly). I imagine anytime a government privilege was used, especially when behind closed doors, and reviewed by “…the proper oversight officials…”, whoever that means, I would rather like the governments to prove it.

        I would support an idea that by law, it all has to be documented, and after a reasonable amount of time after the prosecution is complete, they have to disclose everything they did, all the snooping, etc. With redacted private information of course for unrelated people.

        This is fairly unreasonable/unrealistic. But for me, if you could see all the cases where a government invaded privacy and link it to all to nothing but legitimate uses, it might help restore some faith/trust in officials.