If a largish group of users could create end-to-end encryption not with a single company but with "readily available materials", then stopping it could be harder.
So it's a combination of state dictate and the practical ability of users to defy that. This isn't saying I'm optimistic, I'm rather pessimistic on any ability of a wide home-grown encrypted-messaging milieu to appear - if few are aiming for this, those few can easily be picked-off. But I don't think we should just give up on any part of this.
Possession of encryption software could be treated the same as possession of drugs. On the next stop and search you would only had to handover your phone. If police password will not work it will be confiscated. If encryption software is found you go in the dock. It is the future. Society accepted ridiculous laws to jail people for having a plant, they'll accept jailing for programs. Only terrorists, thieves and adulterers encrypt their messages ;-)
The War on Drugs is considered a failure and in parts of the world like NSW, Australia made prostituion legal in 1979 in both cases because criminalising things most people use generally doesn't work and all you do is randomly jail people for doing the exact same thing as a large proportion of the population.
I fail to see the point, without encryption, there's no modern web, no e-commerce, no smartphones, absolutely everything relies on it like water. Unless you want to go back to pre-2000's technology of course.
Of course e-commerce will be fine, because browser vendors will obtain licenses to ship TLS modules and as a condition of such will include the .gov root cert.
It's trivial when you can pass arbitrary legislation.
Back in the 90s we had to deal with US gov restrictions on encryption export. Software companies and organisations fell into line. It was a big deal when 128-bit keyed Netscape became available globally in 1997, per State Dept approval, but even then the full-strength server-side SSL was still restricted to 'approved' entities.
And even 56-bit server SSL was only exportable with us.gov key escrow.
I used to use Apache with the 40-bit SSL option. Pathetic strength but no-one was going to risk jail-time by breaking laws.
The difference being that there's way too much necessary legitimate use of cryptography to stop now, and as the traffic is encrypted, you can't tell what traffic isn't legitimate. Plus steganography and plenty of places accessible on the net that aren't the United States.
This isn't meatspace, the dynamics are quite different.
There is nothing you cannot legislate for. For example use of encryption could be licensed, just as drugs are. If you don't have prescription, you go down.
Possession of encryption software could be treated the same as possession of drugs.
Well, then clearly it would quickly become ubiquitous. I mean, if a war on encryption that was just like the war on drugs were to be launched, why my local stream bed might "place burned passwords here" on the tin-can that currently reads "used needles here." (put there by the other homeless people).
There's a difference between running a Tor exit node and encrypting a personal conversation.
At least in the US, if a US citizen is part of a potentially incriminating conversation, the government's going to have a hard time forcing a court to force the citizen to decrypt the conversation.
Lawyers, correct me if I'm wrong, but it seems like a conversation wouldn't be subject to the vagaries of "combination to a safe"-production loopholes.
If a largish group of users could create end-to-end encryption not with a single company but with "readily available materials", then stopping it could be harder.
So it's a combination of state dictate and the practical ability of users to defy that. This isn't saying I'm optimistic, I'm rather pessimistic on any ability of a wide home-grown encrypted-messaging milieu to appear - if few are aiming for this, those few can easily be picked-off. But I don't think we should just give up on any part of this.