I don't understand your response. Why is the balance of risk from government vs risk from bad actors changed by whether I know about encryption?
Firstly, widely available, unbreakable encryption is a new thing (especially when you consider ciphers considered strong even 5 years ago are now breakable).
Any new thing has the power to disrupt the status quo (resulting in possible net gains or losses for all of us).
Like every other major disruption in history, it has to be controlled to ensure the good outweighs the bad (eg cars, planes, computers, medicine, guns, whatever... all have some level of control to ensure they provide a net benefit to society)
So with this new thing you have to ask, do I prefer the option of uncontrolled technology and the possible risks, or do I prefer some level of control to try and ensure a net gain for me, my family, and maybe society too?
And ultimately you have to trust someone. And I trust the criminal gangs slightly less than the democratically elected government variety.
The implication is simply that encryption ought to be ubiquitous and easy to use if it is to be effective. That's kind of where the tech industry has been pushing.
. Yes and the tech industry, just like any other (auto, tobacco, food, drug etc) don't always have your best interests at heart, as proven by history.
Who exactly is it that you think is more at risk from a terrorist than someone stealing their data? A grandma?! Surely you yourself don't actually believe that.
Encryption won't save granny from data thieves, we know this because the bad guys simply ring up and pretend to be Bill Gates and she hands over the keys.
But we also know that wide-spread uncrackable encryption will lead to less convictions as savvy crims learn how to hide their tracks better. Less convictions mean more crims on the streets, and more crime. This is not an acceptable outcome either.
That will require either holding that code permanently (a major security risk) or re-making it continuously (a huge waste of time and effort for some of the company's most critical engineers, and still no real mitigation of the security risk, as those engineers will over time inevitably learn the methods required to develop the software from all the repetition and thus be susceptible to compromise by bad actors).
They aren't the only options, and I'm surprised that this being a tech forum it's the only ones we keep getting hammered with.
Anyway, enough of this. Why don't you explain what you're proposing? Is it:
I'm not offering solutions, I'm asking for them. We are techies, first we must accept that uncontrolled cryptography presents a real risk to our rule of law (ie convictions mostly hinge on information gathering, cryptography has the potential to disrupt this massively), then we try and come up with solutions. I think this is all our politicians are trying to say.
However since you asked I will offer some ideas (I'm no expert so feel free to offer constructive criticism).
One option I see is restricting types of encryption allowed to be used. An independent technology forum could establish what is considered 'adequate' levels of public cryptography. The public are free to use this, and it is strong enough to protect against casual attack, but still able to be brute forced by Govt level processing power. Sure the real bad guys still exist, but most laws aren't designed to get everyone. Stopping the casual threats is a large part of most law enforcement strategy.
Another possibility is an independent key store accessible only by the courts. Using HSM type technology you can lock down private keys to only be accessible by certain parties with certain approval. A bit like how nuke keys are handled. With enough procedure this could be secured as much as anyone could expect.
Another option is some sort of rolling key that expires, ie a key that lasts say 3 years, and if you don't renew it, the key becomes public or something. So any casual data can be protected, and if not under investigation kept secure, while crucial evidence can be exposed after key expiry.
I'm sure there are holes in these, but as I said I'm no expert. But I'm sure there are people out there who are who can think of a system more useful than just 'backdoor' or 'no encryption'. The point I'm making (and I think our administrators are asking for) is that we should at least try and come up with a some sort of viable solution to deal with the very real risk that is widely available unbreakable encryption.