This article about end-to-end encryption and authorities’ desire to perform real-time content scanning is very well written and I hope you’ll read it. It also makes me pretty angry.
https://twitter.com/mattburgess1/status/1392458419970486275
For nearly a decade, technologists have been engaged in a good-faith debate with policymakers about the need for “exceptional access” — basically a way to bypass encryption when police get a warrant. 1/
This is a really hard problem. How do you build a system that can keep your data encrypted against hackers, but still allows (even local) police to decrypt it when they want. Some co-authors wrote about this. mitpress.mit.edu/blog/keys-unde… 2/
But without solving that question , policymakers have shifted their “ask” to something much less reasonable. Now they want a system that can do real-time surveillance against every piece of data sent through an encrypted messaging system. 3/
There is no acknowledgment that this is an insane escalation and poses a massive risk to civil liberties, let alone an even more unsolved technical problem. We have to look at *all* of your messages now and this is a more reasonable ask? 4/
What makes this problem particularly challenging is that the scanning process involves a database of *secret* content. Nobody is allowed to see what governments want to scan for (for obvious reasons: it’s disturbing and private.) 5/
So now we’re trying to build a system that’s end-to-end encrypted but also has a master database of prohibited content. When you send anything that matches (including false matches) the encryption is undone, and government agents get to see it. 6/
While I’m sure that the intentions behind this idea are good, it is hard not to notice the *extreme* interest that national law enforcement agencies are suddenly showing it. They didn’t invest much in CSAM scanning before, but encrypted scanning is a national priority. 7/
I want to stress that once these content scanning systems are in place (for child abuse imagery) their usage will expand. They will be retasked by governments all over the world to scan for speech we consider “protected”. This is the infrastructure of authoritarianism. 8/
Even in democratic countries there will be constant pressure to add content to the list. The UK already implements a nationwide censorship regime at the ISP level. Do you think they won’t take advantage of this technology to push that into private messaging? 9/
I want to conclude by saying one thing to the folks involved in this debate. Many people who were vociferously against unsafe crypto backdoors are scared to wade into this debate, or are even enthusiastic to help build these systems. “Because of the children.” 10/
I’m a parent too. But for my kids’ sake I’m unwilling to help governments build the surveillance infrastructure of the future, until governments explain precisely how they will keep that infrastructure from being abused. I don’t think they have a plan. //
• • •
Missing some Tweet in this thread? You can try to
force a refresh
