April 17, 2023
An Open Letter in WhatsApp Blog explains:
When we share what we’re working on here it’s usually about new features or products we’re building. Today we’re writing about a troubling development in the United Kingdom that everyone needs to know about.
The UK government is currently considering new legislation that opens the door to trying to force technology companies to break end-to-end encryption on private messaging services. The law could give an unelected official the power to weaken the privacy of billions of people around the world.
We don’t think any company, government or person should have the power to read your personal messages and we’ll continue to defend encryption technology. We’re proud to stand with other technology companies in our industry pushing back against the misguided parts of this law that would make people in the UK and around the world less safe.
Wow! It is Meta (Facebook) talking about privacy rights! You have to be very cautious, it maybe only another commercial trick, publicity. However…
April 19, 2023
Ars Technica, Jon Brodkin reports: FBI and others urge Meta to halt encryption plans, citing child abuse risk:
End-to-end encryption (often called “E2EE”) boosts security and privacy for all users, whether law-abiding or not. But government officials have long opposed plans to make the technology more widely available, citing the risk that terrorists, sex traffickers, child abusers, and other criminals will use encrypted messages to evade law enforcement.
The latest call to abandon encryption plans was made today by the Virtual Global Taskforce, a consortium of 15 law enforcement agencies, including two from the US: the FBI and ICE Homeland Security Investigations. The task force focuses specifically on child sexual abuse; other members include Europol and agencies from the UK, Canada, Colombia, Australia, New Zealand, Kenya, the Philippines, the United Arab Emirates, the Netherlands, and South Korea.
This is serious. National Crime Agency: Global law enforcement coalition urges tech companies to rethink encryption plans that put children in danger from online abusers
The announced implementation of E2EE on META platforms Instagram and Facebook is an example of a purposeful design choice that degrades safety systems and weakens the ability to keep child users safe.
META is currently the leading reporter of detected child sexual abuse to NCMEC. The VGT has not yet seen any indication from META that any new safety systems implemented post-E2EE will effectively match or improve their current detection methods.
Child abuse… There is only just one minor problem.
October, 13 2022
The Register, Thomas Claburn: Scanning phones to detect child abuse evidence is harmful, ‘magical’ thinking:
Laws in the UK and Europe have been proposed that would give authorities the power to undermine strong end-to-end encryption in the pursuit of, in their minds, justice.
If adopted, these rules would – according to a top British computer security expert – authorize the reading and analysis of people’s previously private communication for the sake of potentially preventing the spread of child sex abuse material and terrorism communications.
Ross Anderson, professor of security engineering in the Department of Computer Science and Technology at the UK’s University of Cambridge, argues that these proposed regulations – which, frankly, rely on technical solutions such as device-side message scanning and crime-hunting machine-learning algorithms in place of police, social workers, and teachers – lead to magical thinking and unsound policies.
This is the question (the paper by Ross Anderson distributed ArXiv):
Chat Control or Child Protection?
Governments have long tried to limit civilian use of cryptography to protect their surveillance capabilities. From export controls during the Cold War, policy moved to mandating exceptional access to keys during 1990s (‘Crypto War I’) through supply-chain sabotage in the 2000s2 to law-enforcement demands in 2015 that Apple break iPhone cryptography. The ostensible justification has swung from child protection in the 1990s to terrorism after 9/11 and back to child protection. Since about 2018 the main narrative of law-enforcement and intelligence agencies has been that the end-to-end cryptography in messenger products such as WhatsApp makes life too easy for sexual predators, while the introduction of end-to-end encryption in Facebook Messenger is now claimed to pose an additional risk to children. Draft laws have now been introduced in the UK and EU parliaments to enable government agencies to mandate surveillance technology in the name of child protection, though in both cases terrorism has also been advanced as a justification.
There has been significant pushback from industry, and European civil society groups are campaigning vigorously against “Chatcontrol”, as the proposal has become known in Brussels. There is wide concern that, just as the move to centralised services such as Gmail and Facebook led the agencies to create a capability to search these services, so also the move to edge computing will lead to edge surveillance, and end-to-end encryption will lead to a government search engine in all our devices. A leaked EU document revealed in 2020 that the search for illegal images of children would be the first argument4, although the internal discussion touched on terrorism too. The UK Online Safety Bill also mentions terrorism, while the EU’s Child Sex Abuse Regulation leaves that for later. Both extend the scope of scanning from illegal images to text messages, and from server-based communications to encrypted messaging in the case of child safety. Yet the European courts prohibit pervasive surveillance without warrant or suspicion. The relevant judgments come not just from the Luxembourg court (whose jurisdiction the UK left after Brexit) but from the Strasbourg court (whose jurisdiction still extends to the UK).
Child abuse as an excuse to debunk our privacy is the mother of all cynicisms.
But it is happening HERE, there and everywhere…
May 22, 2023
WIRED, Leaked Government Document Shows Spain Wants to Ban End-to-End Encryption.
In response to an EU proposal to scan private messages for illegal material, the country’s officials said it is “imperative that we have access to the data.”
SPAIN HAS ADVOCATED banning encryption for hundreds of millions of people within the European Union, according to a leaked document obtained by WIRED that reveals strong support among EU member states for proposals to scan private messages for illegal content.
“It is shocking to me to see Spain state outright that there should be legislation prohibiting EU-based service providers from implementing end-to-end encryption,” says Riana Pfefferkorn, a research scholar at Stanford University’s Internet Observatory in California who reviewed the document at WIRED’s request.
“The responses from countries such as Finland, Estonia, and Germany demonstrate a more comprehensive understanding of the stakes in the CSA regulation discussions,” Stanford’s Pfefferkorn says.
The debate is not new, but the truth is that we, the people, are losing our privacy, and therefore our freedom (if we ever had any or the very hope),
Ten years ago Edward Snowden raised the alarm to denounce global surveillance programs, many run by the NSA and the Five Eyes intelligence alliance with the cooperation of telecommunication companies and European governments. Apple has had long-running disputes with the US government over encryption, and Facebook has faced a steady drumbeat of calls to remove encryption the past few years. The balance of power among corporations and governments might be pivoting and they are fighting different battles, but the war is the same. It goes on.
Privacy was in fact one of the very first themes that made me took the time to write about what was going on in this blog, Mind the Post, many years ago. I cannot be very optimist, but we must fight.
____________________
Featured Image. In the change.org petition quoted in the text.
Mind the Post 