(C) Alec Muffett's DropSafe blog.
Author Name: Alec Muffett
This story was originally published on allecmuffett.com. [1]
License: CC-BY-SA 3.0.[2]


GENERIC TEMPLATES FOR CIVIL SOCIETY CALLS TO REDUCE RISK AND IMPACT OF END TO END ENCRYPTION IN MESSENGER SERVICES

2024-10-21 05:30:34+00:00

I’ll be blunt: I have seen dozens, possibly scores, of civil society and human rights organisations who were late to the bandwagon for the techlash, now publishing various manifestos to reduce <whatever they consider to be badness> as might be enabled or amplified by <billions of people having the freedom to talk to one another privately over messenger apps>.

My eternal criticism of these things is that few (none?) of them start with a rigorous and justifiable cost/benefit analysis, for instance questioning how impactful it would be to fix “election interference” in one place without it popping up somewhere else, not to mention whether the “election interference” actually works (at least the aspects performed over messengers) nor whether the path towards addressing “election interference” really is best served by messing with global communications infrastructure and all of the downsides which may come with doing that.

The attached is fairly typical: it starts by conflating Telegram with WhatsApp as “encrypted messenger apps” when the former most assuredly is not one such; because it does so it does not ask whether “platform being owned by an intransigent Russian” is better or worse than end-to-end encryption. Nor does it contrast against other forms of communication including unencrypted platforms like SMS, presumably believing that that is a problem already solved by security services?

If you are going to write a report like this there are generally two approaches you can take, although you can mash them up together a bit, if you like.

There is the authoritarian approach which looks like:

Platforms must impose a “Know Your Customer” (KYC) obligation to prevent multiple signups and to attribute abuse reports to actual human beings

…even though this will globally destroy online anonymity and replace it with pseudonymity, massively putting at risk various communities

…not to mention it will disenfranchise anyone who is incapable of passing the KYC checks for whatever reason, for instance homelessness or being a refugee

Platforms must choke communications so that people cannot share content “too quickly”

…nor forward content “too often”

…nor share videos that are “too long”

…because it is wicked to permit people to speak in private at all, and therefore it is less wicked if you can prevent them speaking very much

…especially at times of national crisis, like elections

…but let’s ignore people’s need for mass communication during natural disasters like hurricanes and earthquakes, because those hardly ever happen

The general term for this is “friction”, and it is a desirable property for preventing people spreading badness, because it is an effective and privacy-respecting means to prevent people spreading anything at all, at speed or otherwise

If anyone argues against this, point at them and shout the word “BILLIONAIRE” at the top of your voice

Platforms must respect people’s human rights BUT ALSO platforms must work to protect people (especially children) because of those same human rights

Therefore we must immediately remove the rights to privacy from children in order to protect them, and then we can have a public debate about possibly giving privacy back to them when they are 18. Or maybe 21. Perhaps 30.

Privacy is great but enables badness to be shared, therefore platforms should be obliged to separate those who need protection OF privacy from those who need protection FROM privacy

Therefore: People who should be protected by a duty of care (imposed upon the platform) should have privacy removed from them, e.g. children, and anyone who ever talks to them

So we can talk about “bifurcating the platforms” into “private” (e.g. encrypted) vs: “safe” (e.g. unencrypted or monitored by client side scanning) spaces, and we should make sure that the relevant people are put into each space

…because nobody would ever need to have a group chat BETWEEN such spaces, for instance parents (using the private messenger) would never need to talk to children (using the safe messenger)

…and we can ignore that adding a single minor-owned account to a large group chat would remove all privacy from all future conversation

Platforms should be obliged to build tools (client side scanning, nudity scanning, child abuse imagery scanning, voter fraud scanning, political mockery scanning, national security scanning, fact-checking, …) into their end-to-end encrypted apps and other platforms

It is not a problem if these scanning tools serve to automatically leak message content or attachments to authorities such as third parties. It is for the collective benefit and therefore there should be no “friction”

In the same vein, users will not understand or will possibly fear these tools, so these tools should be switched on by default, or possibly they cannot be switched off, again to avoid “friction”

…etc

I will be writing more on this in the next few days; but I also mentioned that there are two templates. The second (liberal, privacy and human rights preserving?) one looks like this:

Platform features which nudge people towards safer habits

Emphasis towards user reports of abuse, encouraging these and making them easier

Metadata sharing amongst platforms to amplify the benefits of user abuse reporting and appeals processes

State-funded media literacy campaigns in schools and in public to educate people away from various forms of danger including sharing and proliferation of personal, even intimate information

Here’s a link. Read it and compare and contrast to the above.

NYU Stern Center for Business & Human Rights: Covert Campaigns: Safeguarding Encrypted Messaging Platforms from Voter Manipulation

https://bhr.stern.nyu.edu/publication/safeguarding-encrypted-messaging-platforms/
[END]

[1] URL: https://alecmuffett.com/article/110471
[2] URL: https://creativecommons.org/licenses/by-sa/3.0/

DropSafe Blog via Magical.Fish Gopher News Feeds:
gopher://magical.fish/1/feeds/news/alecmuffett/

You are viewing proxied material from magical.fish. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.