(C) Alec Muffett's DropSafe blog.
Author Name: Alec Muffett
This story was originally published on allecmuffett.com. [1]
License: CC-BY-SA 3.0.[2]


“Mercury Shrugged” — how can it be that end-to-end encrypted messenger platforms threatening to take their ball home, is a threat to the Westphalian nation state? #MercuryShrugged @SignalApp @WhatsApp

2023-03-09 20:39:21+00:00

I detest Rand, but the pun is just too fun…

Over the past two weeks we have seen both Signal, and now WhatsApp, threaten to withdraw their service from the UK because (and let’s be precise about this) the Online Safety Bill, as drafted, empowers OFCOM to demand that client-side-scanning technologies must be deployed in the client applications, which breaks the end-to-end security promise that literally defines the value proposition of the software.

And then you see tweets like this, from the former policy guy at NSPCC who clearly is still attempting to grind an axe:

Secondly, are we comfortable watching a clearly co-ordinated industry push to assert, through threats, their primacy over nation states? Nuanced, independent regulatory safeguards are legitimate & necessary to uphold fundamental human rights. Tech accountability is long overdue. — Andy Burrows (@_andyburrows) March 9, 2023 are we comfortable watching a… industry push to assert… their primacy over nation states

The thing is: it’s not an “industry push” — end to end security in communications software has been coming since 1991 (with the publication of PGP) if not 1975/ish with the paper which kicked-off the development of public key encryption.

And the notion that Signal is somehow a huge corporation, defies both belief and reality.

But here’s a question for you: is Meta / WhatsApp / Facebook — or any other company — obligated to offer a service within a country on anything other than their own terms? Should they be forced not merely to submit to the surveillance whims of each and every nation? Should they be forced to adopt particular protocols in order to support those nations whims?

From where in the nation state primacy handbook, comes the power to require a corporation – or a federated community, or an individual – to offer a service within their jurisdiction, and be forced to offer it on terms which the particular state at hand considers to be desirable?

With the exception of some arguable “anti-tipping-off” statutes (re: ongoing investigations) – I cannot think of any. And I aver that this is because code is speech, and compelled speech is generally revolted-against in all democratic societies.

In any case: it’s food for thought, not least “if some people are presenting this pejoratively, as an argument in favour of the online safety bill, at precisely what point will they stop telling people, services and companies, what they must do and how they must do it?”

Update / Postscript

While I am here, Andy is wrong to conflate WhatsApp’s malware detection with the proposals for client-side scanning which the Online Safety Act proposes;

Hi Rich! I'm not Will, but I think I can help with your understanding here.



There's a blogpost about it at the attached link, but if you want to discuss specifics feel free to message me back about how this can work. Also, see the attached YouTube video.https://t.co/t8w3XSa013 — Alec Muffett (@AlecMuffett) March 9, 2023

Draft Extract
[END]

[1] URL: https://alecmuffett.com/article/41337
[2] URL: https://creativecommons.org/licenses/by-sa/3.0/

DropSafe Blog via Magical.Fish Gopher News Feeds:
gopher://magical.fish/1/feeds/news/alecmuffett/

You are viewing proxied material from magical.fish. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.