,
29 tweets,
12 min read
Read on Twitter
1/ Some sunday-morning thoughts on the #FBIGWA end-to-end encryption story, extracted and edited from a conversation thread elsewhere:
<QUOTE>
<QUOTE>
2/ There should also be consideration of what Civil Society would like to achieve - like, more crypto? If so, it behooves Civil Society to frame its concerns and challenges carefully, lest it ends up making its opponent's arguments for them.
3/ Facebook are going to be giving end-to-end encryption to 2+ billion people, and in the process they will be:
4/ [because combined metadata] making a lot more money from advertising, which of course all civil-society anti-capitalists consider to be a bad thing.
5/ [because free e2e] making it a lot harder to break into the competitive space around paid-for messenger services; which of course all anti-capitalists may consider to be an anti-competitive, monopolistic move.
6/ It's not like Civil Society is short of knee-jerk anti-capitalists; from past experience I am not convinced that Civil Society is capable of dealing with this overall level of nuance without regressing to its default state…
7/ …without regressing to its default state of "ZOMG FACEBOOK EVIL PLZ STOP THEM REGULATORS UR ARE ONLY HOPE" - thereby allying themselves with everyone who wants to inhibit the adoption of encryption.
8/ Don't believe me? Remember when Facebook offered baseline free internet to ~everyone in India ("internet.org") and was accused of "market distortion" and shouted down?
9/ Now Facebook will be offering a free secure communication space to everyone in the world. Think how many states, regimes, censors, law-enforcement agencies and do-gooders ("please, think of the children") will fear that.
10/10 If we want encryption and privacy then the people implementing this will need our carefully considered, critical and constructive assistance — for which we can demand some transparency in return.
But it will not survive postmodernist, cynical, thoughtless dismissal.
But it will not survive postmodernist, cynical, thoughtless dismissal.
</QUOTE>
Restoring Older Thread: I've written above that UK Civil Society needs to think carefully about what it wants to achieve, perhaps suppress its "ZOMG FACEBOOK EVIL" reflexes a little, regarding privacy; todays @Guardian "Comment Is Free" blogpost is a classic of the genre: 
@guardian The source is John Naughton (@jjn1) — Professor of the Public Understanding of Technology at the Open University; I think we may have actually met, when I was invited to OU to talk about @torproject Onion Networking.
Blogpost: theguardian.com/commentisfree/…
Blogpost: theguardian.com/commentisfree/…
@guardian @jjn1 @torproject The above thread (unrolled at: threadreaderapp.com/thread/1089483…) explores my initial thoughts on the matter, and they remain unchanged; but given recent events I feel they are worth revisiting to underline the perspectives:
@guardian @jjn1 @torproject Both the left, and the right, simultaneously praise and revile "privacy" when it suits them; to play stereotypes for the moment:
left privacy good: if protecting/enabling liberal political discourse, gender, sexuality, …
left…bad: protecting/enabling fascists
right…bad: protecting/enabling terrorists
right…good: protecting/enabling conservative political discourse, commerce, individuality, …
left…bad: protecting/enabling fascists
right…bad: protecting/enabling terrorists
right…good: protecting/enabling conservative political discourse, commerce, individuality, …
They can generally further agree upon various extents of:
both…bad: protecting paedophiles, exploiters, serious criminal activity
But I feel like nobody every gets around to the "both…good" aspect of privacy, BUT THAT'S THE REALLY IMPORTANT ONE, BECAUSE IT SCALES.
both…bad: protecting paedophiles, exploiters, serious criminal activity
But I feel like nobody every gets around to the "both…good" aspect of privacy, BUT THAT'S THE REALLY IMPORTANT ONE, BECAUSE IT SCALES.
The thing is — a lesson that I learned in ~1991 when releasing some open-source security software* to the general public — THERE ARE A LOT MORE GOOD PEOPLE IN THE WORLD THAN BAD PEOPLE, AND GIVING HELPFUL TOOLS TO GOOD PEOPLE IS A NET "WIN" FOR HUMANITY.
*en.wikipedia.org/wiki/Crack_(pa…
*en.wikipedia.org/wiki/Crack_(pa…
Unfettered private communication is "a tide which lifts all boats" — a popular metaphor where the speaker usually is not inclined to admit that this includes the boats of terrorists, exploiters, abusers & criminals; but the same can be said of: public transport, public services…
If you, like me, are a techno-utopian-humanity-optimist, you will probably have heard the story about SMS being a transformative technology for fishermen checking prices before landing their catch.
It may/may-not be true, but there's an underlying truth:
It may/may-not be true, but there's an underlying truth:
If you are operating at scale - at the "billions of people" scale - and you give more communications assurance to all of them, then the net "goodness" which the world benefits will vastly outweigh the "harm" which a "pitiful few million" bad-guys can cause.
End-to-End Encryption is like "better roads", and we should have it. Yes, there are some downsides to the architectural shift, and for some people any kind of change to how their technology works is a reason for panic.
Not to mention the:
"Who Voted For You To Change How Your API Works?!?"
…and the:
"All this would be better in XML"
…brigades.
"Who Voted For You To Change How Your API Works?!?"
…and the:
"All this would be better in XML"
…brigades.
But gradually we're shifting from "Someone Hacked Into My Email Account" to "All My Messages Are On My Phone, So Unless It Gets Stolen I'm Reasonably Hack-Proof".
The threat model shifts from "someone hacked my account" to "I accidentally dropped my entire life down the toilet."
The threat model shifts from "someone hacked my account" to "I accidentally dropped my entire life down the toilet."
So, per a comment elsewhere, if you've become "conditioned" to see the words "Facebook have announced…" and to attack whatever follows … please, for all of our sakes, take a moment to step back and reappraise.
I'm not saying "don't be critical", I am saying "don't dismiss."
I'm not saying "don't be critical", I am saying "don't dismiss."
What's my personal experience of this? I used to work at Facebook, launched the Facebook Tor Onion-site, and then sat and watched people trying to work out how to say something bad about it:
Fortunately, when all was said and done, it all came down to "Facebook is making it easier…for people to communicate with Facebook" — which it turned out was REALLY HARD for people to make fly in a "hate facebook" context.
However: remember the @Guardian, that newspaper which tried to attack WhatsApp for supposedly not providing _enough_ privacy in end-to-end encryption? theguardian.com/technology/201…
@guardian Well, now they're hosting blogposts by people who are trying to find ways to twist the provision of what they were implicitly demanding, as a bad thing.
Hypocrites. <FIN>
theguardian.com/commentisfree/…
Hypocrites. <FIN>
theguardian.com/commentisfree/…
