Alec Muffett Profile picture
everybody deserves good security. see also: @alecmuffett@mastodon.social

Jul 21, 2022, 17 tweets

All Watched Over By Filters Of Loving Grace: GCHQ's Holistic, Sociotechnical , "Thoughts on Child Safety on Commodity Platforms" #ghostProtocol #ghost #NCSC
alecmuffett.com/article/16236

This still stands:

THE NEW GHOST PROTOCOL PAPER'S UP!

tl;dr —

* @GCHQ like client-side filters

* …and ghost chat participants

* …and would like everyone else to buy into them defining what E2EE means

* …because they *don't* like simple definitions of E2EE

arxiv.org/abs/2207.09506

Pro-Tip: the paper comprises huge blocks of LaTeX ComputerModern text in single-column blocks, which are hard on the eyeballs.

I found it a lot easier to read after doing `pdftotext` on it, BUT the resulting document has omissions/bugs.

Guardian coverage of the GCHQ / NCSC "Child Safety on Commodity Platforms" Ghost-Protocol v2.0 paper: theguardian.com/uk-news/2022/j…

One is forced to ask: wherever *have* they been looking for reasons, because I'm sure we on Twitter could supply several?

how it started → "societal problem" → "sociotechnical" → "client-side scanning & ghosts" → "global surveillance backdoors" ← how it's going

Societal Problem.
Societal Harm.
Societal Issue.
Societal Mitigations.
Societal Interactions.
A: "Let's add wiretaps to everybody's phones!"

I have to hand it to @GCHQ and @NCSC for bravely expressing their underlying doubt and the implausibility of their position by framing it in the style of "Betteridge's Law":

lawfareblog.com/it-possible-re…

"Is It Possible to Reconcile Encryption and Child Safety?" — "no", as explained previously, because Encryption is an external benefit to many different pursuits, whilst "child" safety is but a single pursuit:

alecmuffett.com/article/15940

I've updated the related #ReadyMadeTwitterSearch to include the blogpost and paper.

> End To End Encryption: GCHQ & NCSC "Ghost" Protocol

…see the latest Twitter discussion at:

github.com/alecmuffett/re…

One of the more interesting bits of the GCHQ/NCSC anti-encryption paper is where they argue the *benefits* of CSS / client-side-scanning / allowing the spooks to proactively spy on message content.

Notably this bit, on page 47: possession of CSAM is a "strict liability" offence, so even if someone "just sent it to you", you're a criminal.

« /sotto voce:/ "Can't think where they got the inspiration from…" »

theguardian.com/uk-news/2021/j…

It's unclear from context whether they see CSS as removing the content from the sender-side of the ecosystem or if it providing a "firewall" to the recipient, or both?

From a legal perspective (@neil_neilzone?) the latter would be far more interesting: "GCHQ shoulda stopped it!"

But again, in a nod to my previous writing elsewhere, perhaps the actual issue is "strict liability for receiving data unsolicited in an internet age" & how we approach prevention & enforcement, rather than there being something wrong with messenger apps?

alecmuffett.com/article/16236

ps: Strict Liability: en.wikipedia.org/wiki/Strict_li…

Share this Scrolly Tale with your friends.

A Scrolly Tale is a new way to read Twitter threads with a more visually immersive experience.
Discover more beautiful Scrolly Tales like this.

Keep scrolling