1/ It's tempting to be darkly snarky about this article, along the lines of
"Met Commissioner Cressida Dick calls for more terrorists to be 'known to the police' before committing atrocities"
…the allusion being that (continued)
telegraph.co.uk/news/2021/09/1…
2/ The allusion being that Security Services are already swamped in more "data" than they are "intelligence".
Evidence? INHOPE, the global Child Safety Hotline umbrella organisation, are swamped with old & stale reports, so develop "triage" tools:
inhope.org/EN/articles/wh…
3/ However it seems egregious of Ms Dick to raise this on the anniversary of a event which was clearly not enabled by E2E-Encryption - because there was hardly any of it in 2001.
Hell, the Paris attacks 14 years later, were arranged via plaintext SMS:
arstechnica.com/tech-policy/20…
4/ The truth is that this is all part of a campaign to stop Facebook deploying E2E Encryption in (specifically) Facebook @messenger, the intention being to prove state power over encryption, and to dissuade innovation elsewhere:
theregister.com/2021/09/08/uk_…
5/ If that sounds a bit narrow or paranoid — "only Facebook?" — other journalists have noted that of the big messenger solutions:
- WhatsApp
- iMessage/FaceTime
- Telegram
- Signal
- only @messenger is NOT YET default-end-to-end-encrypted
9to5mac.com/2021/09/09/csa… HT @benlovejoy
6/ …and others are noting that @pritipatel is being awfully quiet about iMessage's existing end-to-end encryption whilst openly cheering Apple's privacy-disastrous on-device CSAM surveillance:
phonearena.com/news/uk-govern…
7/ So this is actually a "political game" - the world's governments want to hinder adoption of cryptography, and if they can visibly and embarrassingly stop Facebook — if they can MAKE AN EXAMPLE of Facebook — then (the thinking goes) they can stop anyone.
What happens then?
8/ If this happens, a massive chill will pass over the Internet:
Developers and startups will need to employ lawyers to tell them what code they may/may-not write.
Architectures which strongly protect data will be avoided, in favour of ones that speculatively support snooping.
9/ How do I know this? Because I lived through it in the 1990s. If you want to see lingering echoes of it, go look at this page:
oracle.com/uk/java/techno…
10/ You needed a software "key" from the Java website, to be able to use cryptography in Java.
Export controls and other legal tools were employed by Governments to inhibit your ability to keep data safe, secure and private.
11/ The consequences echoed in security bugs for the next 20 years, with downgrade attacks and other weaknesses brought on by this obligatory nightmare.
digicert.com/blog/freak-att…
en.wikipedia.org/wiki/FREAK
en.wikipedia.org/wiki/Logjam_(c…
12/ SUMMARY: We need real cryptography, to protect data, to protect users, to protect people.
We need the freedom to design solutions & write code without a lawyer checking it for compliance with "legally maximum permitted privacy".
We need End-to-End Encryption to be "normal".
13/13 In order to get this, Civil Society will need to support Facebook in building End-to-End Encryption in Facebook Messenger.
This will doubtless be hard for many, in light of many "hot" issues that Facebook have caused. But if we want encryption, we have to do this 1 thing.
If you want to read this unrolled:
The Telegraph & Cressida Dick's article on End-To-End Encryption, is part of a deeper political project
alecmuffett.com/article/14926
Share this Scrolly Tale with your friends.
A Scrolly Tale is a new way to read Twitter threads with a more visually immersive experience.
Discover more beautiful Scrolly Tales like this.