1/ It's tempting to be darkly snarky about this article, along the lines of

"Met Commissioner Cressida Dick calls for more terrorists to be 'known to the police' before committing atrocities"

…the allusion being that (continued)

telegraph.co.uk/news/2021/09/1…
2/ The allusion being that Security Services are already swamped in more "data" than they are "intelligence".

Evidence? INHOPE, the global Child Safety Hotline umbrella organisation, are swamped with old & stale reports, so develop "triage" tools:

inhope.org/EN/articles/wh…
3/ However it seems egregious of Ms Dick to raise this on the anniversary of a event which was clearly not enabled by E2E-Encryption - because there was hardly any of it in 2001.

Hell, the Paris attacks 14 years later, were arranged via plaintext SMS:

arstechnica.com/tech-policy/20…
4/ The truth is that this is all part of a campaign to stop Facebook deploying E2E Encryption in (specifically) Facebook @messenger, the intention being to prove state power over encryption, and to dissuade innovation elsewhere:

theregister.com/2021/09/08/uk_…
5/ If that sounds a bit narrow or paranoid — "only Facebook?" — other journalists have noted that of the big messenger solutions:

- WhatsApp
- iMessage/FaceTime
- Telegram
- Signal

- only @messenger is NOT YET default-end-to-end-encrypted

9to5mac.com/2021/09/09/csa… HT @benlovejoy
6/ …and others are noting that @pritipatel is being awfully quiet about iMessage's existing end-to-end encryption whilst openly cheering Apple's privacy-disastrous on-device CSAM surveillance:

phonearena.com/news/uk-govern…
7/ So this is actually a "political game" - the world's governments want to hinder adoption of cryptography, and if they can visibly and embarrassingly stop Facebook — if they can MAKE AN EXAMPLE of Facebook — then (the thinking goes) they can stop anyone.

What happens then?
8/ If this happens, a massive chill will pass over the Internet:

Developers and startups will need to employ lawyers to tell them what code they may/may-not write.

Architectures which strongly protect data will be avoided, in favour of ones that speculatively support snooping.
9/ How do I know this? Because I lived through it in the 1990s. If you want to see lingering echoes of it, go look at this page:

oracle.com/uk/java/techno…
10/ You needed a software "key" from the Java website, to be able to use cryptography in Java.

Export controls and other legal tools were employed by Governments to inhibit your ability to keep data safe, secure and private.
11/ The consequences echoed in security bugs for the next 20 years, with downgrade attacks and other weaknesses brought on by this obligatory nightmare.

digicert.com/blog/freak-att…

en.wikipedia.org/wiki/FREAK

en.wikipedia.org/wiki/Logjam_(c…
12/ SUMMARY: We need real cryptography, to protect data, to protect users, to protect people.

We need the freedom to design solutions & write code without a lawyer checking it for compliance with "legally maximum permitted privacy".

We need End-to-End Encryption to be "normal".
13/13 In order to get this, Civil Society will need to support Facebook in building End-to-End Encryption in Facebook Messenger.

This will doubtless be hard for many, in light of many "hot" issues that Facebook have caused. But if we want encryption, we have to do this 1 thing.
If you want to read this unrolled:

The Telegraph & Cressida Dick's article on End-To-End Encryption, is part of a deeper political project

alecmuffett.com/article/14926

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Alec Muffett

Alec Muffett Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @AlecMuffett

17 Aug
Apple's on-your-iPhone #CSAM scanning — using your phone's resources to check whether you're a paedophile — is illiberal, misconceived, and dangerously architected. WORSE: they tie the hands even of those who they claim will vouch for Apple's honesty…
Apple's "Appeal to Code Inspection" as a solution for trusting their #CSAM photo scanning is… a fig leaf. It's a PR spin meant to obscure something dirty — if they were serious, why not Open-Source iPhoto with reproducible builds? — but worse it ACTUALLY detracts from the issue. Image
The ACTUAL issue is that "what happens on your iPhone no longer stays on your iPhone"; that promise is broken, and the privacy of your phone will be in constant tension with the iCloud team's ongoing attempts to coerce you to use, and pay for, locked-in cloud storage.
Read 4 tweets
17 Aug
HOW IT STARTED…
WHERE IT WENT…
HOW IT'S GOING…
Read 5 tweets
16 Aug
1/ #Tech in general, and #InfoSec in particular, are obsessed with "work-life balance" and of building public perception that "you can have it all: a career AND a life" — seeing this as essential for filling undersized & inadequately diverse hiring pipelines.

And not JUST this…
2/ And not JUST this… clearly there's a mental health aspect to maintaining work-life balance, because if an employee is overworking, overstressing, or burning out then (frankly) the employer HAS a problem, and likely IS the problem.

So far, so obvious. But…
3/ Then we find those who opine 1/more of:

a) to succeed you MUST work & study in free time

b) working (etc) free time DOES NOTHING for career success

c) HAVING THIS DEBATE is exclusionary / puts people off

A & B are incorrect, and C lacks integrity:
alecmuffett.com/article/14881
Read 4 tweets
13 Aug
2/ So, @ncmec are basically goaled and compensated for their headline "number of reports" metric. The bigger the number, the more govbucks and funding, for instance in their *previous* counterblast to end-to-end encryption: missingkids.org/blog/2019/post… Image
3/ Hardly anyone ever asks about the cost-benefit of doing this, because children. Simply: it would be rude.

So you should totally go read this thread and then come back here:
Read 9 tweets
30 Jun
BREAKING: attached is an extraordinary & electrifying blogpost - one which I *think* should be making major headlines:

magrathea-telecom.co.uk/surcharging-on…

PDF: magrathea-telecom.co.uk/wp-content/upl…
I don't understand this very well, but it's a document describing new, surprise surcharges to phonecalls inbound to the UK - with the charges applied by source CallerID - which may impact/add costs to keeping in touch with relatives abroad.

This is NOT "EU Roaming":
Bullets:

- Surcharge pricing will be effective on all wholesale tariffs from 1st July 2021

- use the Network CLI to determine if a surcharge is applicable

- CallerID that are missing/malformed/invalid/unreadable will be surcharged at the maximum rate!
Read 6 tweets
30 Jun
"Instagram for Kids" makes a lot more sense than "Kids on Instagram" — so why are #onlinesafetybill #childsafety advocates against it?
It is intuitively & obviously easier, safer, & less error-prone to build a cut-down separate Instagram-like application for kids, so that developers don't have to add all sorts of complex checks & validation on "mixed" accesses by adults & kids.

And yet: digitalprivacy.news/?p=9946
Also:

- much reduced up-front data collection
- no advertising at all, not even implemented
- opportunity for stricter content monitoring
- liberate "instagram for adults" to become more private and more secure.

We should build playgrounds, not turn the Internet into one.
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

:(