Profile picture
, 16 tweets, 3 min read
My Authors
Read all threads
Obviously I don’t think you should have to pay for E2E encryption.
So let me follow this up with some more detail, if you can handle a thread. The thing that’s really concerning me is that there’s a strong push from the US and other governments to block the deployment of new E2E encryption. 1/
You can see this in William Barr’s “open letter to Facebook”. But this is part of an older trend. Law enforcement and intelligence agencies can’t get Congress to ban E2E, so they’re using all the non-legislative tools they have to try to stop it. 2/ justice.gov/opa/pr/attorne…
And, it turns out, this works. Not against the big entrenched providers who have already deployed E2E. But against the new upstarts who want to use crypto to solve trust problems. 3/
And the Federal government has an enormous amount of power. Power over tools like Section 230. Power to create headaches for people. But even without Congressional assistance, the executive branch has vast power to make procurement and certification decisions. 4/
So if you’re a firm that wants to deploy E2E to your customers, even if there’s a pressing need, you face the specter of going to war with an immensely powerful government that has very strong negative feelings about broad access to encryption. 5/
(Fortunately the US executive branch can’t fiddle with DoD procurement to spite a company. We have a strong system of laws and Inspectors General to prevent that sort of abuse. Yes, I’m joking.) 6/ google.com/amp/s/www.vox.…
And this is a huge problem. Because some companies have infrastructure all over the world. Some companies carry incredibly valuable and sensitive corporate data (even at their “free” tiers) and there are people who want that data. Encryption is an amazing tool to protect it. 7/
The amazing thing about this particular moment is that, thanks to a combination of the pandemic forcing us all online, more people than ever are directly exposed by this. “Communications security” isn’t something that only activists and eggheads care about. 8/
Now for companies that are exposed to this corrupt dynamic, there’s an instinct to try to bargain. Split the baby in half. Deploy E2E encryption, but only maybe a little of it. E2E for some users, like paying customers and businesses, but not for *everyone*. 9/
And there’s some logic to this position. The worst crimes, like distribution of child abuse media, happen in the free accounts. So restricting E2E to paid accounts seems like an elegant compromise, a way to avoid getting stepped on by a dragon. 10/
But I personally think this is a mistake. Negotiating with a dragon never ends well. And throwing free-tier users into the dragon’s mouth feels even worse. 11/
But the real takeaway, and why I hope maybe this issue will matter to you, is that if the Federal government is able to intimidate one company into compromising your security. Then what’s going to happen to the next company? And the next? 12/
Once the precedent is set that E2E encryption is too “dangerous” to hand to the masses, the genie is out of the bottle. And once corporate America accepts that private communications are too politically risky to deploy, it’s going to be hard to put it back. 13/
(I realize I’m mixing metaphors here.) 14/
Anyway, this might be an interesting academic debate if we were in normal times. But we’re not. Anyone who looks at the state of our government and law enforcement systems — and feels safe with them reading all our messages — is living in a very different world than I am. 15/15
Missing some Tweet in this thread? You can try to force a refresh.

Keep Current with Matthew Green

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @matthew_d_green see all

Profile picture
Matthew Green
@matthew_d_green
There seems to be some renewed interest in selecting phone passcodes that are difficult to crack. I don’t know why! But here’s a tweet from a while back that might help.
I guess for people who aren’t deeply technical and are just coming to this, it might be helpful to explain the reasoning behind selecting phone passcodes. So here’s a thread. 1/
Modern phones (iPhones and recent Androids) encrypt much of the data on your device. This is done using your phone passcode. I think most people know this part. 2/
Read 9 tweets
Profile picture
Matthew Green
@matthew_d_green
A Federal judge has decided that he disagrees with @jhalderm on the technical details of an electronic voting machine in PA. Let’s see what’s going on. electionlawblog.org/wp-content/upl…
The device is weird in that it produces a voter verifiable paper audit trail, as required by PA. This is a card that looks like this:
What’s obvious is that the machine prints this card and allows the user to verify the human-readable votes. But that these are not what’s tallied. The machine tallies the barcodes, which aren’t human-readable.
Read 11 tweets
Profile picture
Matthew Green
@matthew_d_green
So we live in the oldest house in our neighborhood in Baltimore. It was built in 1897. The basement is terrifying. And today I realized something that freaks me out a little. Story.
So the basement is more a cellar than a basement. There’s no access from inside the house. It’s got stone foundations and stairs that go nowhere, and frankly it’s kind of creepy.
When I first saw the basement, there was this one room that was particularly strange. It was set up like a chapel, except that the pews were bails of hay. And on the wall was this framed picture.
Read 10 tweets

Embed code for your website

×
Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!