Absolutely, which is why "pull out" is another option if they feel they can't comply. My real point is that attempting to subvert the law is probably not going to be the choice they make. Taking that tack is a lot of risk for very little payoff, which may be worthwhile for political reformists but less so for businesses.

Though that brings up a more interesting issue -- what happens if they decide to comply in some way other than "no encryption?" Do they now have to figure out ways to generate separate key sets for every government? What happens when the UK decides that they don't want China being able to snoop on their communications, but China demands this same kind of back dooring that they're demanding? Encryption keys don't give two craps about the global political situation.. never mind figuring out how to later add or revoke keys as that political situation changes.

As for complying with laws in different countries.. its not THAT hard -- for communication that's purely within the one country. It becomes extremely difficult for communication that leaves the country (and then the whole issue of messages that just happen to bounce to a foreign router even though both the source and the destination are local -- an issue we have great interest in here in Canada since most of our traffic still goes through US routers. We have no control over what they do and they have no interest in protecting non-American rights, so we get the worst of both worlds and essentially have no digital privacy rights at all thanks to that border hop.)

I'm not a journalist, but I'm going to assume that in most cases, if I think something's up.. probably my competitor will be thinking something's up as well. Sure there's the occasional deep investigative effort that requires months or years of sifting through clues and evidence to find facts but the vast majority of the news is just "hey look something happened and we managed to be first to print."

Sure under the current system chances are both parties will file their own FOIA requests, but it becomes a bit of a first-mover race at that point and that's where the problem lies. It would be like nVidia publishing their preliminary chip design that won't be completed for 2 years and then hoping AMD doesn't take it and beat them to the punch. Sure they're a bit ahead of the game at that point but if they get slowed down for some reason and AMD doesn't, they're still going to lose. Why take that risk when there's no benefit to yourself for doing so?

Uhhh no? Even if copyright applies to public documents, selling a use of the document does not imply selling the copyright. We wouldn't have all the issues with RIAA/MPAA that we do if the world worked like that!

Uhhh no? There's nothing stopping somebody else filing their own FOIA request for the same document.

Yes it does. It matters if "nobody" is paying to gather them together, which is what you'll see happen (or at least a lot closer to it) if there's no chance for a return on investment. The only people making FOIA requests without an ROI opportunity is public advocacy groups, and they tend to have limited resources to work with.

The problem is that if I have to pay to get something released, and I'll see no ROI, then I'm not going to pay for it.

I agree it would be grand if the government would just release all public documents on their own dime. But they don't. And if this stops investigators putting in their dime as well, the result will be NO documents being released to anybody, which is not an improvement over the current system.

Doing this but implementing say, a 1 month moratorium on public release rather than immediate, would probably be a good tradeoff. Of course that only helps the general public without doing much for either the government or the investigators (in comparison with the current system) so why would they bother?

Snooper's Charter sounds even more ominous to be honest. At least a "firewall" has some implication of protection even if everyone knows its true purpose.

"Snooping" on the other hand has pretty much purely negative connotations since early grade school for most people.

Then again, its kind of refreshing that the government is at least being honest about the purpose of the program. If it was in the US it would be called PINKUNICORN or some other absurd backcronym created purely to sound "nice" in print without giving away its sinister underpinnings (see: USA PATRIOT.. and a whole lot more listed here.)

Fax?

Other than that.. hand-waving and magic. Government officials (in every country) that come up with these plans seem to be under the impression that its possible to have a government back door while still being generally secure against everybody else.

Its dreadfully obvious that these people don't know the first thing about computer security, but unfortunately only to people who DO know the first thing about computer security. The Dunning-Kruger effect is in full force when it comes to politicians creating computer security legislation.

Of course, it doesn't help that they're "right" in the technical sense that you can build secret-sharing encryption schemes. But they tend to overlook two serious issues here:
1) The secret will get out with probability approaching 1 given enough time. Of course if that amount of time is "50 years" as is the case with, for example, many military operation secrets, then maybe that's OK. Chances are it will be a lot less though given that the digital secret will have to be fairly wide-spread amongst government and telecom employees (who are generally a lot less disciplined than military personnel) in order to be useful.

2) Secret sharing schemes are a completely different type of encryption. You can't just "add" a shared key to an existing AES-encrypted (for example) message. The message would have to be decrypted with the original scheme + key and then re-encrypted with the new shared scheme and new keys. And even if you're only interested in transient communication (so you don't have to worry about pre-existing messages,) the developer will have to rebuild their product (and force-distribute it) to handle the new schemes. Might be plausible for the majors like Facebook but pretty insane to think everybody who operates in your country could pull that off.

Which they won't do. They'll either comply (probably by just disabling the encryption layer,) or pull out completely.

Remember, WhatsApp (and other such companies) aren't in the business of social reform. They're in the business of making money. The only way they would go to the effort of decentralizing their software (or any significant change) is if they thought it would provide a reasonable ROI (which may be in the form of stifling losses as opposed to producing profits.)

I have significant doubts that a single country would provide those incentives, especially for something like decentralizing which would make it much more difficult to monetize the product in the first place.

Never underestimate the stupidity of politicians. Especially if they're being bribed, coerced or threatened (I don't know how UK politics works but here in Canada, going against the party line is a good way to get yourself backbenched.)

Its not that we don't trust the technology, its that we don't trust the people implementing and operating the technology.

They don't have our best interests in mind, and are far too often either too incompetent or too cheap to properly implement the necessary measures even if they do have good intentions. And even if they manage to pass that test, their replacements in 4 years may not be so noble.

And that's the government. Private companies don't even have to pay lip service to our best interests. I mean they'll do so anyway in some cases (such as Apple pre-enabling encryption) but its not because they have to, and they'll stop as soon as it becomes more financially advantageous to screw us over.

And even if by some miracle, all of that goes in the favor of us average citizens.. somebody, somewhere is eventually just going to make a mistake and leak the keys by pure accident.

And once the keys are out, there's no take-backs. Every single device using those keys must be considered immediately and permanently compromised.

My safe deposit box (well, if I had one..) is most certainly not vulnerable to one person with a good drill.

Its vulnerable to one person with a good drill, who can bypass bank security, can get into the cage, and drill the box out all without anyone noticing (and/or faster than anyone can respond.)

Your average internet-enabled computer is more along the lines of the safe sitting in the middle of nowhere where nobody can hear the drill, nobody is likely to respond, and no other security measures are in place beyond the lock on the box itself.

While from a mathematical point of view, encryption is the strongest security we've ever developed, we're still pretty sloppy on the human side of the equation (ie: not putting the keys somewhere they can be found, which includes everywhere except being a secret known to exactly one person) while we've been figuring that shit out with respect to banks for hundreds if not thousands of years.

There's also the downside that a bank lock is (essentially) unique while an encryption protocol tends to be used everywhere. If someone gets a key to your lockbox, you grumble about whatever got taken and replace the lock. If someone gets a hold of an encryption master key then every device everywhere using that protocol needs to be replaced (PS3 anyone?) Firmware isn't sufficient due to the obvious downside of being able to overwrite it, so its minimally a chip replacement (and even that's questionable.. black blob is more likely if you need it to be actually secure, which generally means entire board replacement.)

That would be.. a hard sell. OpenSSL and many other encryption technologies are open source, already exist, and are already used by many many people and companies (which are more important to the govt these days.)

Even if you convinced the OpenSSL team to implement a back door.. its open. Someone would just remove the back door. And someone else would simply read the code to find the back door and use it nefariously. So they'd not only have to figure out how to ban or enforce restrictions on new software, force old software to be upgraded to restricted newer versions.. they'd also have to blanket ban all open source products that include any sort of encryption layer, regardless of compliance.

Given the flurry of government breaches over the past year or so, I'm not sure they're using either backdoored or real encryption to any great extent at the moment.

The idea isn't to sell them to European (or Asian or whatever) countries. The idea is to produce overseas and sell locally. Which is already happening in most cases anyway so its mostly a matter of including the changes in the next round of fab blueprints (or whatever they use) that you fire off to the factories in China.

Of course the next step by the govt would be an import ban on such devices.. but they'd have a hard time punching that through when the devices you're talking about are things like iPhone7 and whatever Google calls the next Nexus product.

People might not understand/care about back doors, but they sure as hell care about not being able to buy the newest gadget and if the manufacturers of such gadgets understand/care about back doors, the government will find themselves in a bit of a pickle.

And exactly the opposite of what MS wants:
1. Open sourcing it completely is pretty unlikely. There's still a lot of proprietary code in there, even with the various shared source programs, and much of it is licensed from other vendors and even MS is in no position to just arbitrarily release other peoples' code.

2. MS wants people to keep up to date. Every time someone gets a virus or an incompatible driver update or some other BS, they blame Windows for being crappy. In many cases, the issue they're having has already been patched long ago. Sure 0-day exploits are thing, but most people don't pick them up on day 0. Even at internet speeds, those things take a while to spread around. Charging people for updates is a very very good way to make them not bother updating. (And the extreme of "tip-top" shape is entirely impractical for so many reasons, regardless of any discussion of updates. Way way way too many variables involved to offer that level of support to anyone willing to pay a measly $10.)

Stability wasn't Win8's problem. I doubt it'll be Win10's problem either.

Win8's problem was Metro, which most people hate with a passion. Win10 still has Metro (backward compatibility) but its kind of jammed into a Win7 style UI in a Jekyll/Hyde type hybrid abomination.

It'll probably be fine though. People will learn to ignore the Metro half of the start menu and life will go on in Windowsland.