The service provider, in most cases, is also the application provider which decrypts the message and holds the keys.

Most "lawful access" scenarios are met if the service/application provider requests/obtains the plain text and/or keys from the application.

Example: Police is investigation John Doe for involvement in child porn. Police has his phone number so requests a warrant for his chat apps message contents. Gets a warrant so sends a request to Facebook. Facebook sends request to all apps to send last month decrypted content. Facebook provides that to the police.

Do you not see how that is effectively identical to any other backdoor? Just because the mechanism you describe is slightly different -- it's not a third-party master key, nor a clipper chip, but instead some kind of protocol to request to the application requesting the message history -- doesn't change that the end result is the same: unilaterally being able to obtain any message sent by any user retrospectively. Privacy activists are objecting to the end result, not the technical mechanism by which it is implemented.

Also such an active mechanism would be quickly thwarted by even moderately sophisticated criminals, either by not using backdoored communication software or by simply blocking requests for the keys. And if the goal is to only capture unsophisticated criminals, surely old fashioned police work is more than sufficient.

  Do you not see how that is effectively identical to any other backdoor?

Yes but it's not the same as "a backdoor to which the authorities have a secret key, letting them view communication on demand.". I oppose the notion that "lawful access" is the same that a backdoor/secret key that decrypts all E2EE.

  the end result is the same: unilaterally being able to obtain any message

It's not the same since restricts scope (monitoring all communications vs specific users, indefinite decryption vs history chat). Keep in mind that some will monitor if they are getting those "send decrypted chat please" so if weird stuff is being request, word will get out. The E2EE backdoor is worse because allows silent decryption of all communications for ever.

  Privacy activists are objecting to the end result, not the technical mechanism by which it is implemented.

Many "Privacy activists" actually oppose with the argument that it's impossible to have E2EE and also "lawful access" which is not true.

And I agree with all your concerns, I just thing a middle ground (favouring more the privacy) is possible.

  Also such an active mechanism would be quickly thwarted by even moderately sophisticated criminals, either by not using backdoored communication software or by simply blocking requests for the keys. And if the goal is to only capture unsophisticated criminals, surely old fashioned police work is more than sufficient. 

That all might be true but the considerations is also, will E2EE by default create unnecessary difficulties for police? Are we willing to increase expenditures in police forces to keep the same level of protection? How much crimes are we willing to let go to keep E2EE (crimes where the timing matters)? I would be fine if the discussion was that.

---------------

Side note regarding this, be aware that OS Updates and App updates are already the mechanism I examplified. An App update can be installed which decrypts everything and sends it to somewhere. We're already trusting that the app/service provider is not doing that or being mandate by the courts to do that.

You are confusing policy with mechanism. There is no good solution right now for lawful access to E2EE messages, but the blanket opposition to it prevents are work on finding such a solution.

There is no solution because by definition any solution must be some kind of backdoor -- the explicitly stated goal is to allow retrospective access to encrypted communication without the consent or knowledge of the parties involved. To me, that is almost a textbook definition of a backdoor in an encrypted communication protocol.

The blanket opposition isn't out of stubbornness and lack of understanding, it's because there is no way to simultaneously satisfy people who want a backdoor in every E2EE communication protocols and those who don't.

The two are inextricably intertwined.

Only the sender or recipient can provide lawful access to an end-to-end encrypted message. That's the whole point of end-to-end encryption. e.g. an informant can take screenshots or copy the message text or a defendant can be compelled to provide their fingerprint by subpoena.