Your proposed solution is an insecure system that can and almost certainly will be hacked. That’s the point. You could make insecure encryption pretty easily. What you can’t do is make something that is secure and yet also has a key that gets handed out all over the place. In the last decade alone, there have been all sorts of examples of exactly these kind of security keys being leaked.
There is no key that gets handed out all over the place. Numerous people are trying to explain that on this thread. Even a purely textbook cryptography setup would involve the private keys being generated inside an HSM and never leaving it. Only the public key would be widely distributed. A public key lets you encrypt a message but not decrypt it.
The hard part here isn't key leaks. System critical keys are commonplace in our society and virtually never leak, exactly because they don't tend to leave dedicated hardware. For example e-Passports are signed with long term government keys, they don't leak all the time. The US DoD runs a large scale private PKI, no problem. Our society has even got pretty good at physically giving people private keys in such a way that they still can't access them: credit cards, SIM cards, games consoles. The hard part is the workflows around them. Ensuring the HSM only decrypts messages for authorized users and things.
Even if you assume HSMs are constantly getting ransacked, governments don't care. They don't even necessarily want to have their own key management to deal with at all. A web portal that employees log in to, type in a phone number and then see the logs is perfect for them. Make it be dedicated hardware supplied by Facebook itself if you want, with login systems as secure as they use for their own employees. Governments just do not care about these details. Type 1 Nos, to use your lingo.
The hard part of such a system is defining your precise security goals and then implementing it in ways that all the goals are met simultaneously. So called "E2E encryption" isn't really, we all know that, so there's lots of flex to define systems that meet the same goals in different ways especially if you're willing to roll with good-enough type solutions e.g. assume a trusted client (which e2e messengers do already for things like their forwarding counters).
Thea's a lot of rhetoric, so let's get really specific about how these laws are supposed to work.
You do a search. You get ten blue links. One of them is to a newspaper website. Google has to pay that website - but not any of the other 9 websites.
You see a cool web page. You post a link on Facebook for your friends and say 'hey, read this!" If it's a link to a newspaper, but not to any other kind of website, Facebook has to pay them.
Google and Facebook not 'co-opting their content.' You need to be really clear about this - we are talking about links. In Meta's case it might be a link posted by the newspaper itself.
Let's extend the principle here: someone posted a link to my website on Hackernews - so Hackernews has to pay me. Really? They post it on Reddit and Reddit has ads, so I get a percentage of the ad revenue. Really??
All of this is arguably true, but conveniently forgets Google News and FB’s algorithmic feed, among other products.
There is so very much wrong with the way search works - its opacity, the enormous reach of Google advertising, the way Facebook manipulates sentiment to sell advertising.
This law may be clumsy, but lazy rhetoric is still bullshit.
Google News is tiny and irrelevant - that's not what the law is about.
Again - do you really think that if you do a web search, and one of the results goes to a newspaper, then the newspaper should get paid? And none of the other links?
It is much larger than WAPO, and not far behind NYT. Which makes it significantly larger than any news provider anywhere else in the world.
So maybe I'm weird but that hardly seems "tiny and irrelevant".
> do you really think that if you do a web search, and one of the results goes to a newspaper, then the newspaper should get paid? And none of the other links?
From the context, I doubt that you're arguing that everyone should get paid, so I'm not sure what your point is, because I don't see why they shouldn't.
If you do a web search and one of the results goes to a newspaper, and you click the result, then the newspaper can monetise that. I don't have a problem with that.
If you do a web search and it presents enough information that the user can answer their question without clicking, well, that's an interesting problem. The answer would not exist if not for the provider, yet the search engine makes money and the provider of the result does not. This is particularly true when the search engine pops up a news box as a result.
So if a search result provides useful information to a user, and the search engine makes money from providing that answer despite it being sourced from elsewhere - why shouldn't the source of that information be compensated?
As I said above, this law may be clumsy - it might not even be possible - but my objection is to the lazy rhetoric surrounding the issue, which is still bullshit.
Originally, the EU had one paragraph on this. That paragraph literally said that you had to let 'any' third party interconnect. That turned into a separate 50 page draft once messaging people explained that 'any' meant spam farms and Chinese intelligence agencies, and a bunch of other stuff besides.
If you give the key to every government that demands it (USA, UK, France, Germany, Japan... ), and every agency (CIA, NSA, FBI, DHS, DEA...) then how long will that remain secure? The key will leak and then you have no security.
You only give it to the government entities your country is asking you to. Heck, you could even encrypt each user's data with their own government's key.
I am not a cryptographer, but the standard objection to this is that the NSA key will leak, either generally or be stolen by a Russian/Chinese agent.
And in implementation, how many keys are we talking about? USA, UK, France, Germany, USA, Australia... Every country's law enforcement will demand a key, and how long will that remain secure?
The best argument is simply that you cannot ban e2e encryption because there’s thousands of people who are able to implement it all over the world. Banning E2E just means that everybody who cares about privacy (including the “bad guys” and privacy conscious users) will switch to a banned implementation, and everybody else will have their privacy put at risk for no reason at all.
Devil's advocate: the answer to that is that perfect is the enemy of good. Most "bad guys" are pretty dumb and won't bother using actually secure communication channels especially if messengers keep advertising that they do end-to-end encryption. And even for those who do care enough, most of them aren't all that tech-savvy and will make mistakes.
All that to say that a ban doesn't have to be 100% effective to make a meaningful difference.
> especially if messengers keep advertising that they do end-to-end encryption
That's probably a crime in UK. It is a crime in plenty of countries.
Anyway, the most impactful an anti-e2e law can be is to force people into getting some functional thing from free-droid, instead of naively getting it from the play store. The bar of intelligence required for that is still pretty low.
Firstly, you can just rotate the key if that happens. It's one software update away.
Secondly, protecting keys isn't that hard. That's what HSMs are for. Not only have no secret keys ever leaked from the NSA as far as I know, not even when insiders turned against them and leaked as much as they could, but this isn't a noteworthy achievement either.
Indeed, if the Chinese demand a key under that scheme it is hard to see how the data will be kept secure against the Chinese spy agencies. And they will demand, the system is there and obviously available.
Plus, who would be stupid enough to use that protocol? It is sending bright flashing messages saying "we're reading your emails, mate!". Only people who were legally compelled to use WhatsApp would be reachable, everyone else would more to some other system.
The article speaks more about the "knowledge workers", the CC Baxters of the world performing more or less bullshit jobs [1]. The 2-3 billion unemployables of the next 10-20 years are not knowledge workers and will all be replaced forever by embedded robotics with good enough networks and statistical learning for following given goals while generating sub-goals.
Boston Dynamics' Spot costs $75K today and Atlas is around $150K, once the price gets closer to $10K there is very little reason to ever employ persons as assembly line workers, construction workers, warehouse workers, machine operators, truck drivers, janitors and cleaners, agricultural workers, security guards, food service workers, garbage collectors, and so on.
And even if 3 billion people could be forced to do spreadsheets to "earn" a living, "by the sweat of [their] brow", that would be an even sadder world than our currently sad world.
My argument is that we need a new metaphysics for what work and life means, one where the right of a person to have food and shelter is not tied to the economic value they produce. But I have no hope for this world: the trillionaires of tomorrow will share even less than the billionaires of today.
As I said, sometimes the job goes different people in different places, and there’s always frictional pain in the adjustment
On the other hand, you are correct that I didn’t post data saying that unemployment hasn’t fallen, but then that is self-evident. We do not have 50% unemployment now because machines took half the jobs, and we are all of us vastly more prosperous than we were in 1800 or 1900 - again, I don’t think I need to post a chart to the obvious.
"there's always frictional pain" is a fairly big understatement.
I think the assumption underlying this is that somehow stable on the other end, but I don't necessarily see post-industrial service oriented societies as stable economic realities. Having lived in one(UK), I found it as close to a capitalist dystopia as one can get.
William Gibson described 'capitalist dystopia'. The UK has a very strong, active and centralised state - indeed much more so than the USA. It presumes that healthcare is free, that everyone has access to education, that everyone is entitled to a social security safety net, and a whole bunch more besides.
Children are ranked by intelligence at a very young age, making it so underprivileged kids are told “you’re not going to make it” at a young age and relegated to a “lower” class. London street drug sales are thus dominated by disillusioned teenagers. Entire cities lost their way of life when Thatcher ended their industries and became dead ends where heavy drug addiction is quite rampant. The population is parted into two (as is common in “post-industrial” societies) the folks who take the now exorbitant loans for education and “make it”, and those that don’t and get relegated to receiving a living wage for the rest of their lives. There is an almost palpable feeling of haves and have-nots, around housing and increasingly everything else.
Yes there is some social contract in place but the post-industrial society is not a gentle one that I’ve witnessed. I’ve seen 2/3 (south of Brazil, north of Portugal and industrial England/Scotland). They don’t really compare well to successful industrial countries like Germany.
Vaclav Smil said “with no manufacturing there is no middle class”.
This list is shadow IT, which means the things that the corporate IT department isn't paying for and often doesn't even know about. The tools you mention are in the Productiv (and Okta) data in a different category.
