Alec Muffett Profile picture
Jul 21 17 tweets 7 min read
All Watched Over By Filters Of Loving Grace: GCHQ's Holistic, Sociotechnical , "Thoughts on Child Safety on Commodity Platforms" #ghostProtocol #ghost #NCSC
alecmuffett.com/article/16236
THE NEW GHOST PROTOCOL PAPER'S UP!

tl;dr —

* @GCHQ like client-side filters

* …and ghost chat participants

* …and would like everyone else to buy into them defining what E2EE means

* …because they *don't* like simple definitions of E2EE

arxiv.org/abs/2207.09506
Pro-Tip: the paper comprises huge blocks of LaTeX ComputerModern text in single-column blocks, which are hard on the eyeballs.

I found it a lot easier to read after doing `pdftotext` on it, BUT the resulting document has omissions/bugs.
Guardian coverage of the GCHQ / NCSC "Child Safety on Commodity Platforms" Ghost-Protocol v2.0 paper: theguardian.com/uk-news/2022/j…
One is forced to ask: wherever *have* they been looking for reasons, because I'm sure we on Twitter could supply several?
how it started → "societal problem" → "sociotechnical" → "client-side scanning & ghosts" → "global surveillance backdoors" ← how it's going
Societal Problem.
Societal Harm.
Societal Issue.
Societal Mitigations.
Societal Interactions.
A: "Let's add wiretaps to everybody's phones!"
I have to hand it to @GCHQ and @NCSC for bravely expressing their underlying doubt and the implausibility of their position by framing it in the style of "Betteridge's Law":

lawfareblog.com/it-possible-re…
"Is It Possible to Reconcile Encryption and Child Safety?" — "no", as explained previously, because Encryption is an external benefit to many different pursuits, whilst "child" safety is but a single pursuit:

alecmuffett.com/article/15940
I've updated the related #ReadyMadeTwitterSearch to include the blogpost and paper.

> End To End Encryption: GCHQ & NCSC "Ghost" Protocol

…see the latest Twitter discussion at:

github.com/alecmuffett/re…
One of the more interesting bits of the GCHQ/NCSC anti-encryption paper is where they argue the *benefits* of CSS / client-side-scanning / allowing the spooks to proactively spy on message content.
Notably this bit, on page 47: possession of CSAM is a "strict liability" offence, so even if someone "just sent it to you", you're a criminal.
« /sotto voce:/ "Can't think where they got the inspiration from…" »

theguardian.com/uk-news/2021/j…
It's unclear from context whether they see CSS as removing the content from the sender-side of the ecosystem or if it providing a "firewall" to the recipient, or both?

From a legal perspective (@neil_neilzone?) the latter would be far more interesting: "GCHQ shoulda stopped it!"
But again, in a nod to my previous writing elsewhere, perhaps the actual issue is "strict liability for receiving data unsolicited in an internet age" & how we approach prevention & enforcement, rather than there being something wrong with messenger apps?

alecmuffett.com/article/16236
ps: Strict Liability: en.wikipedia.org/wiki/Strict_li…

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Alec Muffett

Alec Muffett Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @AlecMuffett

Jul 20
I've been saying stuff like this for ages, maybe if @alexstamos says it too then people will listen? #DMA
Inevitably the response is something glib like "Use Matrix"
A big part of the the reason for the existence of that API was because the European Union wanted to enable people to access their data; so they created the problem, complained when the inevitable leaks happened, and are now reinventing it
Read 4 tweets
Jun 10
Could be the attached, but my suspicion is that this is going to be another CYBER! DARKWEB! CYB3R! SYBER! CAMBRIDGE ANALYTICA‼️BRAIN CONTORL! YOU SAW AN ADVERT AND SO A RUSSIAN ARTIFISHIAL INTELLIGENCE APP MADE YOU VOTE FOR UKIP! … thing.

READING BETWEEN THE LINES:

Plucky spooks in Cheltenham but dressed for speed-dating in 2015-era Shoreditch, battle "Russian influence operations" that Nadine Dorries will soon cite as rationale for the #OnlineSafetyBill.

Token American subplots help sell the series to the US.
Read 4 tweets
Jun 2
Back in 1991 I published an open-source password cracking tool which defined the state of the art for the next 5+ years, so much so that echoes of it can be found in all major password crackers of today.

Some folk criticised me for doing this, choosing words like these to do so: Image
I know that in general it's bad form to take a single quote out of context and use it to critique an entire essay (concerned.tech) — but I do feel that this time it's deserved.
The concerned-dot-tech essay has had extensive technical debunking, e.g.:

1/ prestonbyrne.com/2022/06/01/deb…

2/

…but that's not what bothers me.
Read 12 tweets
May 11
Elsewhere in EU regulatory pipe-dreams authored by people who apparently have more good intention than understanding, the #DMA means that @WhatsApp and @signalapp should both adopt #XMPP and thereby deliver a unified "inbox" of messages.
@WhatsApp @signalapp Not making this up: ImageImage
> With a constant onslaught of messages pinging our phones and computers, who wouldn’t want that?

Well, for one, "people who use different applications to deliver different functionality and security profiles"

WhatsApp: family
Messenger: neighbours
Signal: infosec nerds
Read 5 tweets
May 10
Well, this is some interesting reading for the afternoon.

alecmuffett.com/alecm/tmp/eu-c…
"We want a backdoor, but we don't want just *anyone* to be able to use it. Only us good guys."
May be of interest to, oh, I dunno, @alexhern @jamesrbuk @tim @lorenzofb @josephfcox @MikeIsaac
Read 45 tweets
Mar 8
This is possibly the most important and long-awaited tweet that I've ever composed.

On behalf of @Twitter, I am delighted to announce their new @TorProject onion service, at:

…zg5vztmjuricljdp2c5kshju4avyoid.onion
I'm delighted to have assisted @Twitter engineers in their adoption of #OnionServices & #OnionNetworking from @TorProject — providing greater privacy, integrity, trust, & "unblockability" for people all around the world who use @Twitter to communicate.

help.twitter.com/en/using-twitt…
I am also honoured that they've chosen to adopt EOTK (the Enterprise Onion Toolkit) to power their onion platform, albeit with considerable though reasonable modification to meet their extraordinary production requirements:

github.com/alecmuffett/eo…
Read 16 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(