(C) Alec Muffett's DropSafe blog.
Author Name: Alec Muffett
This story was originally published on allecmuffett.com. [1]
License: CC-BY-SA 3.0.[2]


Thread by @ciaranmartinoxf on end-to-end encryption

2021-11-23 23:01:09+00:00

So here, with trepidation, I've ventured into the end-to-end encryption debate with a lecture earlier this month, published by @BlavatnikSchool? & a summary article for @prospect_uk 1/15https://t.co/fJ6YeGW4My — Ciaran Martin (@ciaranmartinoxf) November 23, 2021 https://twitter.com/ciaranmartinoxf/status/1463136190987751430

Unrolled

So here, with trepidation, I've ventured into the end-to-end encryption debate with a lecture earlier this month, published by @BlavatnikSchool? & a summary article for @prospect_uk 1/15

https://www.bsg.ox.ac.uk/research/publications/end-end-encryption-fruitless-search-compromise

The @prospect_uk article is here 2/15

https://www.prospectmagazine.co.uk/science-and-technology/ex-security-chief-ciaran-martin-gchq-government-encryption-plans-facebook-apple

Brief summary of a summary: there is ill-will on all sides rather than a focus on the reasonable objectives of both.

For my part, I do NOT believe that privacy advocates & tech companies are indifferent to horrific online crime, particularly involving children. Similarly… 3/15

…nor do I believe that Govts are using the very real problems faced by law enforcement (& to a lesser extent intelligence services) posed by e2e as some sort of emotive front for the expansion of state power. This is, instead, a really hard problem…4/15

That is why it is more than unfortunate that coverage all too frequently inflames the issue. In this?particular case, it actually misrepresents what the UK Government is actually proposing. More on that in a bit 5/15

https://www.telegraph.co.uk/news/2021/09/08/priti-patel-seeks-encryption-crackers-keep-children-safe-facebook/

It is also weird that the issue has become so focussed on Facebook, mainly because it, unlike so many others, hasn't yet introduced e2e. It's never unpopular to have a go at FB, and much of it is deserved. But it skews this issue completely and unhelpfully 6/15

For a superb thread on the complexities of the Facebook situation, see this yesterday posted by @elegant_wallaby. It's well worth reading his thoughts about the reality of the child protection challenges in this dilemma 7/15

https://twitter.com/elegant_wallaby/status/1462845336288825344

The UK Govt's policy, presented accurately, is to "develop innovative technologies which demonstrate how tech companies could continue to detect images or videos showing sexual abuse of children while ensuring e2e is not compromised" 8/15

https://www.safetytechnetwork.org.uk/government-launches-safety-tech-challenge-fund-to-tackle-online-child-abuse-in-end-to-end-encrypted-services/

This is the technological cakeism: have your lawful access cake and eat your e2e feast. As with all 'cakeist' policies, the question is: can it work? Many will say no: look at this well-known response to the client-side scanning proposal, for example 9/15

https://www.lawfareblog.com/bugs-our-pockets-risks-client-side-scanning

Given this well-evidenced scepticism, the onus surely is on govts like UK who believe that it's possible to maintain e2e whilst allowing targeted lawful access is to set out technical details that will convince at least some doubters. Simply telling tech companies to… 10/15

…go away & fix it, even when experts tell them they're arguing with maths, not Silicon Valley executives, and leaving the threat of legal sanction hanging over them, is the wrong approach. The onus is on the Government to change minds. They deserve a chance to try 11/15

But if they can't, it is time to accept e2e as a reality that users want (including the countless government officials across the world flocking to Signal, for example). Focus on mitigations & other forms of detection. There's often another way in. Not always, but often 12/15

It's hard to argue now (not an e2e case, but relevant), that it would have been better if the FBI in the San Bernadino case had been successful in forcing Apple to develop a generically applicable way of unlocking the device. Same holds true for e2e 13/15

https://en.wikipedia.org/wiki/FBI%E2%80%93Apple_encryption_dispute

Free, open, highly digitised societies will always be better off through better online security and privacy. But that is not to say the difficulties e2e pose aren't real. So if the Govt's plans to find a middle way don't work, then e2e should NOT be restricted. But…14/15

…the focus then should be on helping law enforcement find alternative ways to counter online harm. There is no place for 'think of the children' memes. The problems are real & the issues are complex, & some goodwill & appreciation of legitimate concerns is needed 15/END

Originally tweeted by Ciaran Martin (@ciaranmartinoxf) on 2021/11/23.
[END]

[1] URL: https://alecmuffett.com/article/15580
[2] URL: https://creativecommons.org/licenses/by-sa/3.0/

DropSafe Blog via Magical.Fish Gopher News Feeds:
gopher://magical.fish/1/feeds/news/alecmuffett/

You are viewing proxied material from magical.fish. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.