Share this page!

Alec Muffett Profile picture
Twitter logo
May 10 45 tweets 25 min read
Well, this is some interesting reading for the afternoon.

alecmuffett.com/alecm/tmp/eu-c…
"We want a backdoor, but we don't want just *anyone* to be able to use it. Only us good guys."
May be of interest to, oh, I dunno, @alexhern @jamesrbuk @tim @lorenzofb @josephfcox @MikeIsaac
@alexhern @jamesrbuk @tim @lorenzofb @josephfcox @MikeIsaac Apparently I am slightly late to the party, but that's okay.
@alexhern @jamesrbuk @tim @lorenzofb @josephfcox @MikeIsaac So: When building Facebook Messenger Secret Conversations, as I've explained before I was asked whether it would be able to be "backdoored" in order to fight "Organised Crime"; the proposal being that <various narcos> would NOT REALLY be using E2EE.

The answer was no, BUT…
…amongst many of the reasons for "NO" was simply: where and how do you distribute the list of "bad people" in a secrecy-preserving manner?

It's not like you can/should check the list of phone numbers of FBI's Most Wanted, into the codebase and/or app configuration infra.
Hey Everybody - it's okay!

The EU will *give* you the technology to wire into your apps.

What could possibly go wrong?
Whilst we're here, the matter of "false positives" sent to Law Enforcement would be improved if @MissingKids stopped pushing vastly inflated statistics with duplicate and other forms of non-critical content.

alecmuffett.com/article/15902
Yep, it looks like the EU will want to be scanning your baby's remote bathtime singalong for potential child sexual abuse.

If you're a parent and you have to travel for work, you should be concerned who's gonna spy on your family traditions.

Unsurprisingly the conclusion amongst the politicians is that "We need to spy on all content & activity in order to establish whether it is (C) CSAM, or (D) potential CSAM, and also we have to (E) monitor contact metadata to identify grooming"

Or spies. Whistleblowers. Whatever.
I concur with Ed on this, except that I think they will try to take the E-SIM approach of a tamperproof and opaque machine-learning model to inject into a predefined and obligatory app API.

Enables per-state, per-user customisation.

The EU mindset—something that leaks out in the #DSA which (e.g.) @1Br0wn & @RDBinns are so fond of—is that enabling the world to be more open & connected is a societal & political pollution problem, and that "the polluter should pay"; ergo: bill GAFAM for enabling communications:
At least this proposal + the #DSA contains the seeds of [one means of] its own doom — that #interoperability will require/permit/enable the re-adoption of "OffTheRecord" (OTR) superencryption on top of existing platforms, thereby making all this useless:
alecmuffett.com/article/14656
For those who are unaware, OTR is at otr.cypherpunks.ca and is the painful, clunky but effective analogue of "PGP over Email", but instead is E2EE superencryption on top of most of the popular contemporary instant messenger platforms.

I predict a retro comeback.
Ergo: once again the backdoors will only really impact *innocent* people, and the actual miscreants will be harder, ever-harder to detect. By incessantly focusing upon content signatures and matching, all CSAM content will be driven even FURTHER underground.
Time for a new #ReadyMadeTwitterSearch:

> End-to-End Encryption: European Union Backdoors — EU initiatives to mandate encryption backdoors

...located at:

github.com/alecmuffett/re…


Aside: it'd be extraordinarily foolish for EU authorities to (e.g.) block DNS lookups for alecmuffett.com because of this document, but just in case such were to happen, it's also available on an unblockable onion site:

…rgmsmo56szaaighyjurp4ccuj63zkad.onion/alecm/tmp/eu-c…
So, following this argument, in the EU:

(1) speculative "freedom from" risk of abuse & degradation

…is more important than…

(2) concrete "freedom to" have privacy and confidentiality

…even where all parties in (2) — including the victims from (1) — are impacted.
Elsewhere I am currently working my way through @jon_rauch's audiobook "Kindly Inquisitors", and I feel this is closely aligned to his chapter regarding "speech as harm".
amazon.co.uk/Kindly-Inquisi…
@jon_rauch Oh, this is a twist:
> [content] scanning is often the only possible way to detect [grooming] and…the technology used does not ‘understand’ the content of the communications but rather looks for known, pre-identified patterns that indicate potential grooming

These people have not read @Riana_Crypto
@Riana_Crypto Not to mention elsewhere:

HOW TO IDENTIFY PATTERNS OF BAD BEHAVIOUR WITHOUT BREAKING THE PRIVACY OF END-TO-END ENCRYPTED DATA.

FROM WHATSAPP. IN 2017. FIVE YEARS AGO.

Oh, I had missed this. This is just shoddy work, props to @PrivacyMatters for pointing it out:
@PrivacyMatters > End-to-End Encryption: European Union Backdoors — EU initiatives to mandate encryption backdoors

…see the latest Twitter discussion with a #ReadyMadeTwitterSearch at:

github.com/alecmuffett/re…
I still reckon that this is the funniest and most ironic part of the entire @EU_Commission #CSAM document — and it's on the front page.

I wonder if they would ever discuss it amongst themselves over a messenger app?

Cited link is: ec.europa.eu/info/sites/def…
One key observation for EU citizens — and indeed for people everywhere — to take from the ongoing "abortion" debates in the USA, is that your Government cannot & should not be excluded from the "threats" against which privacy is a necessary defence.
Social problems [like child abuse, grooming, even racism & hate speech] are not solvable via technical means; this is what #RanumsLaw has taught us for literal decades.

It's not like "cleaning up pollution".

It's about addressing *people*.

Slightly off-topic, in case you missed it, there is even more Illiberal and misconceived internet messaging legislation under discussion in Belgium:
Good Morning! In case you missed it, today is the day that the European Union declares war upon end-to-end #encryption, and demands access to every persons private messages on any platform in the name of protecting children:

HEADSUP: about 40 (?) minutes until the official announcement.

If you want to track sentiment about European Union initiatives to stop #privacy and mandate #backdoors to "fix" #CSAM, you can see the latest discussion with a #ReadyMadeTwitterSearch at:

github.com/alecmuffett/re…
Article: ifun.de/eu-will-chat-k…
Article: imore.com/leaked-eu-plan…
Article: berliner-zeitung.de/news/chatkontr…
So: the official draft has been published at ec.europa.eu/commission/pre… along with all the expected framing material; a basic check with diffchecker.com/pdf-diff/ shows that the leaked draft is very accurate, apparently missing only a couple of sets of costings plus some renumbering.
Curiously (see diff in previous tweet) Article 83 in the final copy, appears to be missing? Or perhaps it has been abstracted elsewhere?
Here is some creative spin for the proposal:

. @EU_Commission @EUHomeAffairs — tell us more about these "strong safeguards", other than that you will demand them?
@EU_Commission @EUHomeAffairs 🧵Thread from @EDRi:
The Cambridge University security research group chime it:
Article:
arstechnica.com/tech-policy/20…
Article: protocol.com/bulletins/eu-c…
Article: nrkbeta.no/2022/05/11/ny-…
OMG #MUSTREAD - this is an important & *different* analysis thread on why the EU #CSAM #ChatControl draft legislation is misconceived and has clearly been drafted without input from diverse civil society viewpoints.

TLDR: "magical thinking" regarding #AI

"the technology does not work like you think it works" - the @EU_Commission should have sought more input from civil society.



cc: @rossjanderson
@EU_Commission @rossjanderson Article: eff.org/deeplinks/2022…

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Alec Muffett

Alec Muffett Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @AlecMuffett

Alec Muffett Profile picture
May 11
Elsewhere in EU regulatory pipe-dreams authored by people who apparently have more good intention than understanding, the #DMA means that @WhatsApp and @signalapp should both adopt #XMPP and thereby deliver a unified "inbox" of messages.
@WhatsApp @signalapp Not making this up: ImageImage
> With a constant onslaught of messages pinging our phones and computers, who wouldn’t want that?

Well, for one, "people who use different applications to deliver different functionality and security profiles"

WhatsApp: family
Messenger: neighbours
Signal: infosec nerds
Read 5 tweets
Alec Muffett Profile picture
Mar 8
This is possibly the most important and long-awaited tweet that I've ever composed.

On behalf of @Twitter, I am delighted to announce their new @TorProject onion service, at:

…zg5vztmjuricljdp2c5kshju4avyoid.onion
I'm delighted to have assisted @Twitter engineers in their adoption of #OnionServices & #OnionNetworking from @TorProject — providing greater privacy, integrity, trust, & "unblockability" for people all around the world who use @Twitter to communicate.

help.twitter.com/en/using-twitt…
I am also honoured that they've chosen to adopt EOTK (the Enterprise Onion Toolkit) to power their onion platform, albeit with considerable though reasonable modification to meet their extraordinary production requirements:

github.com/alecmuffett/eo…
Read 16 tweets
Alec Muffett Profile picture
Oct 25, 2021
1/ Oh this is glorious: *NOW* Frances Haugen says that she supports end-to-end encryption… buuuuut:

2/ …but: now she wants to enforce a

"1 Human Being" = "1 Instagram Account"

...real-name, real-identity policy, in order to "protect the children" by stopping them doing and seeing bad things.

3/ …and that if you cannot prevent something, you are therefore encouraging it:



Frances Haugen apparently wants to kill online anonymity, and require us all to have fixed and singular online identities.
Read 13 tweets
Alec Muffett Profile picture
Oct 25, 2021
1/ So @StevenLevy has written at length about the "Badge Posts" - the goodbye, final messages posted for other employees to read as they leave the company.

You'll find his article here:

wired.com/story/facebook…
2/ But these are not just "human interest" stories; some are meant to achieve something, and in my case the goal was to move Facebook away from implementing national identities & censorship within the Facebook platform.

I wrote a response to Steven:

alecmuffett.com/article/14994
3/ But I felt that that was not enough to explain what was going on, how Facebook may be changed, and the critical importance of fostering frank and constructive engagement in order to make effective change.
Read 5 tweets
Alec Muffett Profile picture
Oct 24, 2021
> My interview with @StevenLevy of Wired re: @FrancesHaugen leaking my Facebook Engineering “Goodbye Post”

I'm posting this with password-embargo until Steven's @WIRED article is posted; but I have a message for Frances Haugen in this screencap extract.

alecmuffett.com/article/14994 Image
Frances is talking to @CommonsDCMS tomorrow, so she should have opportunity to bring this message of privacy and safety to people who would benefit from it.

/cc @DanMilmo

theguardian.com/technology/202… Image
Oh dear, oh dear:

>Facebook whistleblower warns ‘dangerous’ encryption will aid espionage by hostile nations

>Ex-employee has taken aim at Sir Nick Clegg and warns new encryption plans are an attempt to cover-up harmful online material

Read 15 tweets
Alec Muffett Profile picture
Oct 24, 2021
> LOOK

It is dark.

> GET LIGHT

You flip the switch on the nightlight. You are in bedroom. You can see:

Wailing Baby, Pot of Sudocrem, Size 2 Nappies

> GET MILK

You can't do that yet.
> FIX BABY WITH CREAM

You slather the baby with the creamy unguent. The baby slips through your fingers onto the bed, and wails more loudly!

> FIX BABY WITH NAPPIES

You'll need a mat for that.

> SMELL BABY

The baby smells clean, with a hint of cheese. Roquefort?
> OUT

You go out. You are in Kitchen. You can see:

Fridge, Sink, Kettle, Milk Powder, Empty Bottle

> EXAMINE FRIDGE

The Fridge contains a cold bottle. The bottle contains: icy water.
Read 6 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(