(C) Alec Muffett's DropSafe blog.
Author Name: Alec Muffett
This story was originally published on allecmuffett.com. [1]
License: CC-BY-SA 3.0.[2]


Resource for Journalists: How best to frame your article criticising @ElonMusk for adding #Encryption to @Twitter DMs. Questions to ask, resources to consult.

2023-04-30 08:55:04+00:00

Note: this is a “living” document. Check back for updates.

Last updated: 5 May 2023 around 0800h London time.

Hi! Thank you for reading this!

If you’re a journalist and you’re going to write something about Twitter adopting Encryption for Twitter Direct Messages, it’s really easy to adopt the frame that:

“Elon is doing it, so it must be bad.”

or

“Some people are saying that Encryption enables Child Abuse!

Therefore Elon is enabling Child Abuse!”

…but the reality is a lot more complex than that. There are great questions you can ask, and there are assurances which you can demand from Elon and Twitter.

Why are these frames suboptimal?

Twitter is a huge platform, used by millions of people, and it primarily enables two forms of communication:

Nearly-Broadcast (Tweets) One-to-One and One-to-Several (Direct Messages)

…plus some other niche/experimental mechanisms like audio chats.

The encryption announcement impacts the Direct Messages feature, and it’s all about giving more privacy to all the people who use Direct Messages.

Yes, but isn’t Privacy a bad thing?

What really? Is privacy a bad thing? Certainly there exists a minority of bad people — even in the USA less than 1% of the population is in prison, so arguably there are 99% “good” people out there — and “privacy” is an enabler for everyone, including the bad people.

But that doesn’t mean that we need to avoid privacy, in much the same way that we don’t need to avoid creating public infrastructure like “roads” just because they might be used by a getaway vehicle in a bank heist.

A different perspective is that we need more privacy, everywhere, and in theory (note: foreshadowing) Elon will be providing this.

But why does Encryption need adding to Twitter DMs? Couldn’t “they” (people who need privacy) just use Signal?

Consider: if you are fortunate enough to live in a part of the world where the entire household water supply is “drinkable” quality, how nice your life is as a result.

Having a 100% drinkable water supply means that it doesn’t matter which tap you use to wash food, that if your kid gets a cut you probably don’t need to boil and cool water just to wash it out as part of the treatment, if they drink from a hosepipe (or the bathtub, ick) it’s not a huge deal, and you can largely forget about the stress and self-discipline necessary to save your family from getting sick. Of course it’s a tremendous waste of resources to use drinkable water to flush a toilet, but overall the provision is an enabler of so much public health.

Ditto, for end-to-end privacy.

It’s utterly normal for a conversation which started trivially to become much more sensitive, for instance a discussion with your parents which suddenly includes them sending credit-card information to you.

Do you want that data to be at risk of theft by hackers? No.

Do you want to scold your parents for not stopping that Twitter DM conversation to use Signal to send you the sensitive stuff? No.

Do you want to live your life with the stress and self-discipline necessary to stop hackers from walking off with your sensitive messages?

No. Of course not. Irrespective that the 1% bad people might use that privacy to do bad things.

Shouldn’t Elon build a “back door” into the encryption to access DM content, for Law Enforcement?

So here’s a story (Deutche Welle) regarding Saudi spies who worked at Twitter and who (BBC) went trawling through the personal information and (Bloomberg, archived) Direct Messages of Saudi dissidents for that Government, leading to dissidents being arrested.

Twitter (like all platforms) is not in a position to security-vet all of its employees, and even then the question would be “vetted by/for which governments?” — so it’s overall wiser (foreshadowing again) for Twitter to cut itself entirely out of the conversations which DMs enable, so that only the participants can see the content of the conversation.

So is this — making access to DMs “participant only” — is this what End-to-End Encryption actually does?

Yes, although it’s probably better to talk about “end-to-end security” or “end-to-end privacy” because the “encryption” is merely the clockwork which enables it to happen.

If you want to know more about the goals and mechanisms of end-to-end security, there’s a good white paper from Privacy International (context blogpost, report PDF) which helps as an explainer.

So how do we make a story out of this?

If you want to attack Elon make a decent story out of this product launch, here are the questions that you should be asking:

Is the Encryption credible? Does it use “recognised algorithms” or is it some homebrew thing which the world has never seen before and which is a cause for concern? Telegram uses weird homebrew encryption and it’s a matter of concern amongst experts. Has Twitter been transparent? Are they publishing the code/algorithms they use? Is there a white paper describing operation? Aside: There’s this thing in security called Kerckhoffs’s Principle which means that if they say something like “We can’t tell you how it works for security reasons,” they are fibbing and you can burn them Is the Encryption truly end-to-end secure? Are the conversations truly participant-only? Are Twitter employees entirely incapable of retrieving message content? Is there an e2e-breaking mechanism which enables non-participants (including: law enforcement) to ever access, filter, or block message content? Do bits of messages leak into logfiles and then get sent back to Twitter, even by accident? Is the Encryption on by default? If not, why not? Are there plans to address this? The problem of non-default encryption afflicts both Telegram and Facebook Messenger, but at least Facebook has plans to address this. Are there good abuse-reporting mechanisms? If you’re using a tool to message someone, there should at least be a convenient mechanism to block them, and (ideally) a means to credibly report their (alleged) abuse to authorities. Happily, this can entirely be done by means which preserve the end-to-end privacy of communication.

These are all good questions to ask, and they need to be asked of any solution.

Who can I trust to act as a resource?

I would recommend following / asking the following people for quotes; they have somewhat more public bandwidth than I do:

Security & Safety, Journalism Perspective: Runa Sandvik at Granitt Cryptography: Professor Matt Green at Johns Hopkins; Matt writes pithy, critical but overall sane and exceptionally well-informed stuff, although he does have a habit of speculating about worst-case scenarios, which technically is fair but may cause confusion Matthew Garrett seems to be doing a solid job of reverse-engineering the Twitter Encrypted DM functionality on his Twitter timeline, and is frank about the limits of his/our understanding — an important aspect to consider when reporting. It’s a work-in-progress, so follow him for details Privacy International (Global) Electronic Frontier Foundation (US) Open Rights Group (UK) …more to come

What if I want to read more?

Some good resources on End-to-End Security; the first two links from Privacy International are heavily based around the (third link) primer which I wrote on the topic.

But don’t Twitter hand over data to the US Government? Wouldn’t this be included?

You’re actually asking two questions here; one is about how each of the world’s governments handles the issue of requesting content — under warrant — from the world’s various platforms, and I have previously written an article at Medium on how that works for the US Government.

The second is “wouldn’t Twitter still be able to share message content with Governments if end-to-end security is being used?” — and the answer is: no, not if it’s done properly (i.e.: see the questions above)

The next question is “wouldn’t that make Governments rather angry?” and the answer to that is “assuredly yes, but it’s not illegal to give people privacy… yet. And sometimes it’s absolutely necessary.“

It would be a strange world where only people who lived in conflict zones were “permitted” by “authorities” to have strong privacy.

But isn’t it “notable” that Twitter will have Encryption?

Certainly it’s a change, and arguably (see above) a change for the better; but this just means that Twitter DMs are joining an ecosystem which includes:

WhatsApp (with more than 2 billion users exchanging encrypted messages)

iMessage from Apple (billions of users)

Signal (millions of users)

(some) Facebook Messenger (millions from billions?)

(some) Telegram (some from millions)

Threema (millions)

Wire

Viber

Element / Matrix

(some) Instagram

(images) Snapchat

So what is important here is not “wow! encryption!” but instead:

“…is Twitter’s Encrypted DM offering actually credible, when set against the competition?”

— for which Signal and WhatsApp are arguably the gold standards of purity and mass-deployment, respectively.

What if Twitter will be able to see “metadata?” Will that be a problem?

Not necessarily; some people would even call that a “feature”, but it’s a matter of taste. End-to-end security means that message access is restricted to chat participants, but it’s an entirely different ball game to (attempt to) prevent other people seeing which people are talking amongst themselves.

For more on this, see the Privacy International paper linked above (section: “Metadata Analysis”) and likewise the Primer linked above. See also this blogpost which covers some of these comparative aspects, including the difference between “scanning metadata” vs: “scanning content.”

Why would “Law Enforcement Access” mean it’s not end-to-end secure?

I’ve written an entire primer on this definition of end-to-end security (summary: “Law Enforcement are not an explicit participant”) but for brevity regarding this question, the bigger issue is: which Government’s Law Enforcement do you mean?

Not all governments are benign; see the Saudi examples above, and look also at the trajectory of illiberality in the rest of the world.

Does Twitter Direct Messaging have to implement “Disappearing Messages” in order to be end-to-end secure?

Strictly, no, but I would say that disappearing messages are a very desirable feature.
[END]

[1] URL: https://alecmuffett.com/article/60757
[2] URL: https://creativecommons.org/licenses/by-sa/3.0/

DropSafe Blog via Magical.Fish Gopher News Feeds:
gopher://magical.fish/1/feeds/news/alecmuffett/

You are viewing proxied material from magical.fish. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.