> Seems to be an ironic mischaracterisation of the parent’s point, which was precisely that one coubtry’s terrorism is another’s gay rights activist or high ranking foreign official.
My point was that issues like this should be mediated by courts and existing legal systems, not the unilateral decision of technologists.
And that society is going to insist that be the case, hence the most effective way to protect those persecuted minorities is via cooperation and steering how that process happens — not fighting a losing battle.
Finally, that the way to increase the effective security is stop fighting ideological battles on the issue, and find a politically workable compromise which still prevents remote exploitation — the main danger of encryption bypasses.
Which courts? Which legal systems? Legal systems and courts of nations who believe political speech is a crime and that alternative lifestyles are capital offenses?
Are you forgetting that time that the spy agency collected call records on millions of Americans through a secret court? [1]
As the other commenter points out, this only adds an attack vector and does not do anything to eliminate any.
The same incentives exist on all sides to find exploits regardless of an additional “legal” channel to crack the encryption. Particularly because your political enemies use the same devices and you can’t get a court order to tap their phones (usually).
Providing deliberate backdoors to the legal system does not preclude the discovery of other exploits, and the sale of those exploits to whoever has money.
It does not, but it changes the set of people looking to buy them and the way in which they’re used, both of which impact the general market for vulnerability sales — and additionally, re-aligns some present attackers to defenders.
Security researchers, strangely enough, seem to care who they sell to. If the NSA stopped buying and only the UAE was interested, I expect we’d see some firms move to other business models or targets for “research”.
> "It does not, but it changes the set of people looking to buy them and the way in which they’re used, both of which impact the general market for vulnerability sales"
There is no shortage of oppressive regimes with incredible amounts of money at their disposal. People who are in it for the money don't honestly give a shit who pays them. You cannot eliminate the market for this stuff. The only option is to create better software.
My point was that issues like this should be mediated by courts and existing legal systems, not the unilateral decision of technologists.
And that society is going to insist that be the case, hence the most effective way to protect those persecuted minorities is via cooperation and steering how that process happens — not fighting a losing battle.
Finally, that the way to increase the effective security is stop fighting ideological battles on the issue, and find a politically workable compromise which still prevents remote exploitation — the main danger of encryption bypasses.