If we do some of us will do so having learned of the Straight Line fallacy for the first time, reason enough alone in my estimation for the existence of this thread. Love that fallacy! It should be required reading for all would-be legislators.
OK lets try a throw back to the 1970’s as this is a very important topic.
You = Bob
Amazon = Alice
CC clearing house = Carol
CAs = Faythe
Government = Grace
You ask Faythe who both you and Alice trust if Alice is who she says she is. As there is a web of trust everyone works
But if Grace forces Alice and Faythe to also tell you that Grace is Alice the chain of trust is broken.
Because you have to change the process in a way that makes it so you cannot recognize Alice as a trusted individual. And you can now longer rely on Faythe to tell you the truth.
This also opens a pandoras box which will allow Oscar or Mallory to potentially pretend to be Alice because you can no longer recognize her by sight, challenge or trust that Faythe can vouch for her and confirm her identity…
Notice how Carol doesn’t come into the picture, that is because Carol is Alice’s Alice when she is being Bob. You don’t care.
While this may not be clear you can actually google the names above and add “encryption” and it will lead to several good descriptions.
Any mid way stop is a back door, you are implying that the mid way stop (eg WhatsApp) has to store messages in an encrypted format that they have the key to (and which the government can request). Now thousands of WhatsApp employees potentially have access to your messages, any of which can be bribed or compromised. Or WhatsApps servers can be hacked giving black hats or overseas state actors access to everyones messages. Or a state actor can just plant an employee in the company as an undercover agent to ensure access. Etc etc.
I’m not getting how you’re comparing the Amazon transaction to a backdoor. Can you explain the idea in a little more detail?
From the surface, it sounds like you’re saying that the user-Amazon-credit card transaction involves three entities, and a man-in-the-middle attack involves three entities, so they’re equivalent. But I’ll give you more credit than thinking something that simplistic, so I assume there’s an unstated misunderstanding in here somewhere.
There have been many hacks where hundreds of thousands of peoples credit cards have been stolen, a google search easily confirms this. Anyway I run an online ecommerce store for my company so I think I can speak about this with some confidence. There is no two hop system for the way credit card processing currently works. My online shop for my company never sees credit card details or numbers, we use a payment gateway to do that. The payment gateway talks directly to the card processor via strong encryption. All I do is send the order details, the payment gateway is then authorised to charge a specific amount, if they abuse this they get shut down very quickly.
Some online payment systems store the credit card number in an encrypted system, thats true. But if your credit card is compromised, you can call the bank, get a new one and usually the fraud is recompensed to you. If your messages are compromised via a two hop system you will never know it so you never have the chance to “call the bank” and get a new encryption key (equivalent of new cc number).
You’re being facetious, but why? What good have any of those organizations done for anyone? (Besides the NSA – you have to distinguish between the previous “Good guy NSA that helped create strong cryptography” and the current “Bad guy NSA that tries to destroy cryptography”.)
Yes, nor did I suggest anything else. That’s all you need in order to be able to execute a wiretap for a legal warrant.
A wiretap on what? The communication from me to the credit card center doesn’t even exist, so how can anyone get a warrant to wiretap it? Someone might be able to get a warrant to look at Amazon’s records or the credit card center’s records or my records, but that’s not an issue that involves creating a previously absent security hole in the communications infrastructure.
The essential issue is that data should be accessible at those points, and only those points, where access is necessary. Obviously, I need to know what I am ordering on Amazon, Amazon needs to know what to ship to me, and the credit card processor needs to know what to charge me, so all three are parties to the two separate communications links. When Alice sends Bob a message on WhatsApp, the WhatsApp management has no need to know what’s in the message; thus, keeping it inaccessible to them is desirable to avoid an unnecessary risk of leakage.
But, ah, you may say, there are times when the gummint needs to know! Very well; let the gummint go to me, Amazon, or the credit card processor (in the former example) or go to Alice or Bob (in the latter) and serve their warrant.
It seems that the bureaucrat who originally raised the stink is now slinking away after the other people in the room came to an unspoken consensus to pretend that nobody smelled her three-bean-jumbo-burrito fart: