Even if we (dubiously) assume that the FBI's proposed solution is technically impeccable, and can't be comprised, what solutions exist to prevent people from social engineering their way to the data? Heck, what prevents corrupt FBI agents and federal IT staff from just accessing the data themselves?
Of course, the same worry exists for the data at each individual company, but at least those breaches are limited to a single company's data. And, from what we've seen, externally, it seems like at least some companies are more interested in protecting privacy than covering things up. When Google found that an engineer was using his access to stalk someone, he was fired, and the indecent wasn't covered up. It's not uncommon for companies to tell users about security breaches in their own product that would otherwise have gone completely unnoticed (e.g., Pinterest announced a security flaw they had rather than just silently fixing it).
Conversely, in most cases of police and government corruption I hear about, the news breaks after a failed cover-up. No doubt I don't even hear about most cases, because they're swept under the rug. I don't have a particular fondness for Google's employees or process, but, given their track record, I trust them with my data a lot more than I trust some random government employee.
Moreover, if this law gets passed, why would serious criminals continue to use any of these services? This strikes me as having the same impact as most anti-piracy measures: highly inconvenient to non-criminals (in this case, when data gets leaked to actual criminals), but completely ineffective against real criminals. Not to mention the effect on the companies themselves -- I'm certainly not going to use a Chinese email service, because I don't want the Chinese government reading my email. What's an EU citizen going to do if this law is passed?
This is why I always laugh at NSA or FBI proposing ideas such as this because they need this to defend the country against "cyber threats". If anything a centralized solution like this where NSA has access to a lot of private companies's data would only make national security weaker and the country more vulnerable to attacks because of such single points of failure.
On the other hand, the FBI and NSA aren't full of total idiots. They must realize that centralized solutions have these huge problems. Do they believe they can secure against the potential universal data breeches, or do they have some overriding ulterior motive that allows them to accept the risk?
But it doesn't take much idiocy to make a mistake (keep passwords in cleartext in a database, leave unpatched machines open to the wild, allow SQL inject attacks, etc.).
Security needs to be taken seriously at a practically fractal level. Historically the FBI has not been good at this.
> why would serious criminals continue to use any of these services?
For the same reason they use cell phones which are easily monitored - it's how the bad guys you're dealing with are already accustomed to communicating.
You have to get pretty high up on the chain before encountering a criminal who's taking any real steps at counter-surveillance.
However, an issue for the FBI is that while the big telcos have back doors in place, companies like Tango, Text+, etc do not, making it a pain in the ass to monitor/identify those criminals who at least take that step to duck law enforcement.
Of course, the same worry exists for the data at each individual company, but at least those breaches are limited to a single company's data. And, from what we've seen, externally, it seems like at least some companies are more interested in protecting privacy than covering things up. When Google found that an engineer was using his access to stalk someone, he was fired, and the indecent wasn't covered up. It's not uncommon for companies to tell users about security breaches in their own product that would otherwise have gone completely unnoticed (e.g., Pinterest announced a security flaw they had rather than just silently fixing it).
Conversely, in most cases of police and government corruption I hear about, the news breaks after a failed cover-up. No doubt I don't even hear about most cases, because they're swept under the rug. I don't have a particular fondness for Google's employees or process, but, given their track record, I trust them with my data a lot more than I trust some random government employee.
Moreover, if this law gets passed, why would serious criminals continue to use any of these services? This strikes me as having the same impact as most anti-piracy measures: highly inconvenient to non-criminals (in this case, when data gets leaked to actual criminals), but completely ineffective against real criminals. Not to mention the effect on the companies themselves -- I'm certainly not going to use a Chinese email service, because I don't want the Chinese government reading my email. What's an EU citizen going to do if this law is passed?