Attorney General Bill Barr is having an ongoing public debate with facebook over whether it’s in the public interest for platform companies to be unable to read messages sent over their platform.

Both players are missing two points:

  1. People can operate their own encryption, either by operating their own server technology or sending encrypted blobs over FB.
  2. Encryption technology can hide content, but won’t hide the parties to a communication without a lot of extra work

The social cost of enforcing a self-managed encryption ban will be disastrous

Yes we have laws enforcing atomic secrecy. Yes we had laws restricting the export of high grade encryption.

This isn’t that. The technologies we’re talking about have been open source for decades. Is the AG really talking about banning software in constant use on billions of devices?

Even if he makes that the law – and good luck, both congress and the courts are friendlier to consumer privacy as the culture changes – how would you ever prevent normal people from sharing encryption software with each other?

You’d have to inspect every packet on the internet to make sure it wasn’t using strong encryption keys. You’d have to ban every kind of decentralized network.

You’d essentially have to ban any communication that isn’t subject to automatic monitoring by the government. You would essentially have to ban privacy. You’d have to ban the open source movement.

You can’t just ban platform encryption

Maybe, one might say, you can create a distinction between encryption enabled by default by a platform vs encryption deployed by an expert user or corporation to protect their internal communication.

Too many funny edge cases here. Do you then have to ban encryption plugins? Do you have to ban alternative chat clients that send encrypted messages over the API? You’d have to lock down too much stuff to draw this distinction.

If an individual consumer sends an encrypted message over a platform, have they broken the law?

Consumers are getting wise about privacy in authoritarian states

People in Hong Kong are using mesh networks. Every group of people who are subject to tracking and censorship will switch to decentralized technology. It’s a no brainer.

‘Why does privacy matter’ if you live in Hong Kong is an easy question to answer. ‘Why does privacy matter if you’re not planning to break the law’ is a harder question to answer, or it was until the last decade or so.

The answer now is that platforms and institutions have various laws that punish their users without much due process. This is things like taking down user content, blocking their access to the platform, refusing refunds, shadow-banning.

Also consider platforms’ behavior around competition. Amazon treats their 3rd-party sellers as a business idea farm. Facebook has a line in their developer TOS saying that they’ll probably use your stats to compete with you. Nike just dropped amazon because of shenanigans like this and also bootleg products.

Tons of companies are using consumer demographic data for price discrimination (tinder got in trouble for this in California and are probably still doing it in other states).

Also there are so many data breaches by people who in a sane world would have a fiduciary obligation to protect what they collect. These breaches directly expose consumers to the risk of crime.

The argument for privacy against the government has always been corruption / tyranny / protection against future laws, and some people aren’t willing to debate those points because they view the government as axiomatically trustworthy. But the argument for privacy against platforms and private institutions is very real and non-hypothetical. It requires zero imagination.

Every platform user is living in an authoritarian state if you believe that platforms are state-like entities.

Legislators who don’t get the importance of consumer privacy are on the wrong side of history and will lose their seats. Even the AARP crowd is super-sensitive to fraud online – they’re a major target.