Assuming these experts are perfect and infallible (a bad assumption), then what does it prove?
That only an authorized government agent can have access?
Can you not think of any problem with that whatsoever?
I said the monitoring software having access to the data was a solution. But you're probably thinking of a case where there is a master encryption key which we just hand to the government. But have you thought of a solution where we can be sure of the access that the software will have?
Something like a infallible way we can choose only the software can view the data. Sure, you're quick to dismiss it because it doesn't exist. That's why I said it didn't exist
There needn't be centralized way of communication you're thinking of now. It can be public software that people can choose to run.
> Assuming these experts are perfect and infallible
Well, you can have the same skepticism for the end-to-end encrypted software you use. How can you assume that it isn't broken?
Nobody is saying you did. You yourself said "that is a perfect solution actually" in response to vinceyuan, who had a one-liner comment about "the source code of the monitoring software must be reviewed by independent and trusted software engineers/experts."
Maybe we are interpreting this in different ways.
How do you envision this "solution" working? It is a bit vaguely specified.
Who is doing the monitoring? What or who is being monitored? For example are we talking about monitoring the authorities to see if their access is done properly? Or are we talking about something / someone monitoring communications, on behalf of the authorities? Not sure what you had in mind. Can you explain how what you called "perfect" might work, were it to be developed at some point in the future?
I'll say up front that I'm skeptical, but let's see if we are even talking about the same thing. As long as you're being super vague, you don't have a solution at all.
And if you're just saying: there's no solution now but maybe one can be developed, fine (I believe you're wrong) but please clarify how you think it might work.
This was my last sentence. With which I tried to say that we have to still solve the problem and come up with the solution. My comment "that's a perfect solution" was about the answer "software that can effectively monitor communications with proper privacy" to the question about properly reconciling privacy and security, in a situation where the people are okay with their communications being monitored.
But are you are expecting a answer to the question, "How will the software work?" from me.
I have no clue as so how it'll exactly work. But since you're so interested, I'll take a stab:
> Who is doing the monitoring?
The software. No humans will ever see the raw communications which haven't been flagged. Now this is obviously the tricky part. This is not a backdoored system with a magic decryption key. What I had in mind was a software possibly in-built with the communications protocol, which will, with near perfect accuracy flag suspicious communications. This is will need a leap of tech in Machine learning with NLP.
> What or who is being monitored?
All the communications (through the node) are being monitored.
> For example are we talking about monitoring the authorities to see if their access is done properly?
'They' have no access. Only the software does. How that is done is up to the "engineers/experts" to figure out. This will obviously need a change in communications architecture. When it comes to properly securing the physical part (the servers), I'm sure something can be figured out there.
> As long as you're being super vague, you don't have a solution at all.
See my first line in this comment. I don't have a solution, but I do believe that a solution exists to a problem. They're very different things.
As an analogy, in mathematics, that's similar to me saying the problem is solvable, but you're talking about the actual solution.
And sure, this is a 'perfect' solution where monitoring communications is even a possibility. I don't even support that possibility. The first comment I replied to does, which said:
"If I have to choose one from end-to-end encryption and security, I will choose security. I don't mind my WhatsApp chats are scanned by police's software, if it can reduce terrorism. Of course, we need to make sure it is used for anti-terrorism only."
So in the first place, monitoring is something that will be done. Now in that scenario, there's a solution (In retrospect, I don't think I should've said perfect).
I don't think you are going to be happy with this solution. I don't expect everyone to be. I probably will be, because while I want privacy, I'm amenable to a solution I can trust in a situation where there has to be some kind of monitoring.
Since we live in a democracy (I hope you don't live in an oppressive monarchy), it can happen when the majority of the people (senators, actually, because it is a Republic) agree with a situation when monitoring is okay.
Your opinion or my opinion is not enough to change everyone else's opinions. So we might have to learn to live with it.
