I'm in agreement with the conclusion but not sold by this explainer.
How do you sort jurisdiction, and how do you ensure Signal employees can't snoop are problems, but if I was intent on trying to find a solution to allow governmental snooping I would not just throw my hands up at them. It's not actually fundamentally impossible to make compromises here.
First, "how do you sort out jurisdiction?" isn't really a fundamental argument, it just sounds hard. And "Signal employees would necessarily be able to snoop" is plain wrong, a snoopable copy of each message could be encrypted such that it requires cooperation between parties to snoop: Signal itself plus sender's local and/or federal authority.
Sender's rough location or origin is compromised here, but Signal employees can't snoop.
You could also require multiple agencies with potential jurisdiction to cooperate in order to decrypt. If a federal agency claims jurisdiction they would need to convince both Signal and the local authority to unlock a message that the federal authority can then decrypt.
I have lots of concerns with such a scheme and I hate it a lot! But I think it I would not be at all convinced by this explainer if I felt we should strive for snoopabilty.
The problem is that if it is snoopable, someone that should not have access to the messages can get it. There is no perfect security but adding a backdoor on purpose makes it oh so much harder.
I agree with you, but if you're trying to convince someone who strongly feels governments should be able to snoop, you're not going to convince them by imagining the worst version of the backdoor that allows that and arguing against it.
How do you sort jurisdiction, and how do you ensure Signal employees can't snoop are problems, but if I was intent on trying to find a solution to allow governmental snooping I would not just throw my hands up at them. It's not actually fundamentally impossible to make compromises here.
First, "how do you sort out jurisdiction?" isn't really a fundamental argument, it just sounds hard. And "Signal employees would necessarily be able to snoop" is plain wrong, a snoopable copy of each message could be encrypted such that it requires cooperation between parties to snoop: Signal itself plus sender's local and/or federal authority.
Sender's rough location or origin is compromised here, but Signal employees can't snoop.
You could also require multiple agencies with potential jurisdiction to cooperate in order to decrypt. If a federal agency claims jurisdiction they would need to convince both Signal and the local authority to unlock a message that the federal authority can then decrypt.
I have lots of concerns with such a scheme and I hate it a lot! But I think it I would not be at all convinced by this explainer if I felt we should strive for snoopabilty.