I have to hand it to @GCHQ and @NCSC for bravely expressing their underlying doubt and the implausibility of their position by framing it in the style of "Betteridge's Law":
"Is It Possible to Reconcile Encryption and Child Safety?" — "no", as explained previously, because Encryption is an external benefit to many different pursuits, whilst "child" safety is but a single pursuit:
One of the more interesting bits of the GCHQ/NCSC anti-encryption paper is where they argue the *benefits* of CSS / client-side-scanning / allowing the spooks to proactively spy on message content.
Notably this bit, on page 47: possession of CSAM is a "strict liability" offence, so even if someone "just sent it to you", you're a criminal.
« /sotto voce:/ "Can't think where they got the inspiration from…" »
It's unclear from context whether they see CSS as removing the content from the sender-side of the ecosystem or if it providing a "firewall" to the recipient, or both?
From a legal perspective (@neil_neilzone?) the latter would be far more interesting: "GCHQ shoulda stopped it!"
But again, in a nod to my previous writing elsewhere, perhaps the actual issue is "strict liability for receiving data unsolicited in an internet age" & how we approach prevention & enforcement, rather than there being something wrong with messenger apps?
A big part of the the reason for the existence of that API was because the European Union wanted to enable people to access their data; so they created the problem, complained when the inevitable leaks happened, and are now reinventing it
Could be the attached, but my suspicion is that this is going to be another CYBER! DARKWEB! CYB3R! SYBER! CAMBRIDGE ANALYTICA‼️BRAIN CONTORL! YOU SAW AN ADVERT AND SO A RUSSIAN ARTIFISHIAL INTELLIGENCE APP MADE YOU VOTE FOR UKIP! … thing.
Plucky spooks in Cheltenham but dressed for speed-dating in 2015-era Shoreditch, battle "Russian influence operations" that Nadine Dorries will soon cite as rationale for the #OnlineSafetyBill.
Token American subplots help sell the series to the US.
Back in 1991 I published an open-source password cracking tool which defined the state of the art for the next 5+ years, so much so that echoes of it can be found in all major password crackers of today.
Some folk criticised me for doing this, choosing words like these to do so:
I know that in general it's bad form to take a single quote out of context and use it to critique an entire essay (concerned.tech) — but I do feel that this time it's deserved.
The concerned-dot-tech essay has had extensive technical debunking, e.g.:
Elsewhere in EU regulatory pipe-dreams authored by people who apparently have more good intention than understanding, the #DMA means that @WhatsApp and @signalapp should both adopt #XMPP and thereby deliver a unified "inbox" of messages.
I'm delighted to have assisted @Twitter engineers in their adoption of #OnionServices & #OnionNetworking from @TorProject — providing greater privacy, integrity, trust, & "unblockability" for people all around the world who use @Twitter to communicate.
I am also honoured that they've chosen to adopt EOTK (the Enterprise Onion Toolkit) to power their onion platform, albeit with considerable though reasonable modification to meet their extraordinary production requirements: