> We are writing to request that Facebook does not proceed with its plan to implement end-to-end encryption across its messaging services without ensuring that there is no reduction to user safety.
Oh, so you’re asking for more end-to-end encryption?
> While the letter acknowledges that Facebook, which owns Facebook Messenger, WhatsApp, and Instagram, captures 99% of child exploitation and terrorism-related content through its own systems, it also notes that "mere numbers cannot capture the significance of the harm to children."
Isn't that right based on the statement though? The implication is 99% of the identified cases on Facebook are caught by Facebook's systems, the 1% not caught by Facebook's systems are tracked by other means. 100% of identified cases, not 100% of all cases.
Still very misleading if that is the case, what other means are there realistically to catch something if not by FBs systems, on FB? Self-reporting in the groups? Is that counted towards the FBs 99% or the 1%?
Reported directly to the police or other authorities? It's probably quite realistic in those scenarios for something that Facebook's systems have missed for it to be found by someone eventually and escalated.
There's a little ambiguity in there, but I wouldn't go so far as to say it's "misleading".
Is it made up? I thought they meant "Of content identified on Facebook, 99% was identified by Facebook's own systems". Not that Facebook captures 99% of terrorists. Just that it does the bulk of capturing terrorists _on Facebook_.
Image filtering is now trivial even using simple transfer learning, leading to >99% accuracy. It's just the training datasets might be super disgusting and question one's will to live when confronted with the savagery that is going on around the world.
Should be simple enough to have the government/LEAs posses the training data and have a standard harness/workflow you integrate your training program to. Then you send your training peogram and get the resulting trained model files back.
AFAIK large companies have deals with the government and have special units that deal with that type of content (nobody survives longer than 12 months there).
You can get legal datasets for sick pr0n or warzone stuff you would like to keep off-platform that might have the same psychological effect on you.
I assume that's capturing 99% of the child exploitation that is captured, not that's estimated to exist on their platform. It might be good for them, or bad for the government, or par for the course.
And what's the false positive %. How do you even define a genuine hit for "terrorism-related". Depending on how broad you go that can mean a lot of things, including very innocent stuff. The problem with terrorism is that everyday things that are legal on their own when used as intended can be used to commit those acts.
How can they know they capture 99% of such content given that WhatsApp is (if I understand correctly) encrypted fully end to end such that Facebook cannot access the messages passing through it?
A third party observer cannot read the messages as they pass through the whatsapp network, but Facebook can read the messages at both ends.
Facebook has said that they don't do this outside of Australia, where it is required by law, but come on, are we really going to take Zuckerberg's word for it?
This is why I believe that end-to-end encryption is not truly useful unless the source code of the clients is public, or the protocol is open.
Any closed source client can read messages at the ends, or be forced to do so by an evil government.
At the very least, they could open up XMPP compatibility again so that people could write their own open source clients for it. Australia wouldn't be able to do anything about the propagation of such open source software.
I was able to have end-to-end encryption running on top of MSN, AOL, ICQ, QQ, Facebook, Gtalk, Yahoo, and several others about 10 years ago with Pidgin and simple plugins that encrypted/decrypted messages on the fly. It's too bad they all moved selfishly to closed source walled-garden mobile apps -- it's a big step back in privacy.
The only chance at security is if you can tap your network connection at the dumb wire layer, and verify that it's encrypted with your own private key.
I've been bouncing around the idea of a fully decentralized end-to-end encrypted chat protocol for exactly this reason, but I've been afraid to work on it for precisely the reason this thread is being discussed. I know that if my name were attached to the project, I'd be facing all kinds of unwelcome scrutiny from the government and news agencies. I'd lose the very privacy I want to maintain by designing privacy-protecting software.
I would take a look at Matrix[1], which is basically what you're describing (it's a federated replacement from group chats that has Signal-like E2EE and has an open protocol) and it's already implemented.
There's a lot I'm not explaining, in part because I don't (yet) understand crypto well enough to know if my idea even makes sense, let alone is feasible.
Matrix is close, but not what I'm describing. It's far more centralized than I'd like to see.
Not exactly. I rather dislike XMPP's design, and what I'd like to see is something not only decentralized (relying at most on a DHT seed), but supporting group chats with trivially-expirable keys. My limited exposure to OTR suggests it only reliably supports one-on-one exchanges.
I tried to read data transmitted between the facebook messenger app (on iOS) and facebook server but it's encrypted and if you set up a mitm proxy it refuses to transmit. Even if you trust the mitm proxy certificate in the OS settings.
Open source doesn't guarantee that the compiled source running on your device is the same as what you can view on, for example, GitHub. That is also a trust problem.
It is much easier to trust that `apt-get install pidgin` will run the published Pidgin source code, than it is to trust that Messenger or WhatsApp will only do the (undocumented) things that I expect them to do.
This is what I find so fascinating. Yes, it cannot be intercepted in transit. But nothing is stopping the keyboard on which I type or the text box in which I type from collecting all the things and sending those things where ever they want. In-transit interception, in this context, seems like a fruitless threat model when compared to the keyboard/text box vector.
With respect to facebook in particular, they have had the means of reading the messages on either side for ages, even before it was required by law. iOS and Android both have "leaky sandboxing", where certain apps from the same publisher can read each other's data and memory, and Facebook added WhatsApp to its sandbox almost immediately after acquiring it, allowing the main Facebook and Messenger apps to read all the messages received by WhatsApp.
> And when tech companies cooperate fully, encryption and anonymization can create digital hiding places for perpetrators. Facebook announced in March plans to encrypt Messenger, which last year was responsible for nearly 12 million of the 18.4 million worldwide reports of child sexual abuse material
> Data obtained through a public records request suggests Facebook’s plans to encrypt Messenger in the coming years will lead to vast numbers of images of child abuse going undetected. The data shows that WhatsApp, the company’s encrypted messaging app, submits only a small fraction of the reports Messenger does.
> Note, this article is recent and highly relevant..
Talk about fear mongering, that article is horrible. It's the same old argument. "Child abuse is bad therefore you can't have any privacy", they position you as being against protecting children when your stance is actually pro security & privacy.
Great points. It definitely seems to me that those two are fundamentally opposites. Suppose we champion (1), then with perfect privacy gives a lot of leeway for criminals to commit crimes such as those you stated and more without being able to detect that they did them.
However, without perfect privacy, every world citizen would be subjected to such monitoring, and we'll basically be exactly what 1984 is, with the metaphorical "telescreen" functionality spread across pretty much every device that's connected to a network.
They’re not complete opposites, since criminals don’t always have perfect privacy: they leave other evidence that can be discovered with a warrant. On the flip side, mass surveillance will just create selective enforcement.
Very unconvinced it's lead to an explosion is child abuse.
Child abuse has always been happening (several of the older members of my family were abused), it just wasn't broadcasted. Even today I bet 99% of child abuse is never caught on camera. The increase from child porn is probably negligible.
If you actually read the article above, you can see that there's actually now lots of new evidence that viewing child porn makes people more likely to commit abuse, and that it seems to be a causal relationship, not a "marijuana is a gateway drug" relationship.
I couldn't find that in the article and would be immensely skeptical of such a claim (how on earth would you establish causation as opposed to common cause?).
The article never makes the argument you're objecting to. It merely states that E2E is likely to allow certain crimes to avoid detection. That seems both plausible as well as empirically correct considering their whatsapp/messenger comparison.
Exactly. I see it from those exact same perspectives.
The USA took steps to actually protect property in its founding, something the Supreme Court has interpreted to include privacy as well. From this perspective, the rights of citizens wither away when the government is allowed to take the smallest step towards mass surveillance. For that reason I am very much against it.
My other perspective is from a security standpoint. I believe that if companies are not doing everything in their power to protect themselves and their users from data loss / hacking / theft, they put everyone at risk. Intentionally lessening the security of a product at the request of the US government means giving a potential thief or hacker more attack vectors to exploit.
If this article is for real, then it's certainly not being pushed mainstream.
> The Times’s reporting revealed a problem global in scope — most of the images found last year were traced to other countries — but one firmly rooted in the United States because of the central role Silicon Valley has played in facilitating the imagery’s spread and in reporting it to the authorities.
Clearly the NYT is laying the problem at tech's feet, and we are the best ones able to thwart this. Many times I've scoffed at the government's continual removal of privacy, but this is the first time it's sunk in. Perhaps they have a case.
These aren't new images, they're the same images that have been around the web for decades, that's why they are able to be flagged (via hashing, unless companies are training neural networks to know what child pornography is vs regular pornography). You need to benchmark those numbers versus the increase in regular images sent over the web in general. If it's increasing faster than that increase then there is an argument, if it's increasing slower then the opposite argument is the truth.
The NYT article refers to "both recirculated and new images" and states that "in some online forums, children are forced to hold up signs with the name of the group or other identifying information to prove the images are fresh." Isn't it just common sense that the proven existence of online paedophile communities that explicitly encourage the "production" of new child abuse material, in fact results in some net increase in the number of abused children, even if that increase is a small proportion of the total number of victims? Isn't it worth asking what can be done about it?
It is not surprising that creating automated reporting systems increases the number of reports. The article simply gives no way to make an informed opinion.
There are two things I would point out:
1) I would be surprisesd that the ease of communication the internet brought did not benefit to criminals
2) The article describes several problems that won't be fixed by encryption ban (e.g. the lack of means for report clearing houses) and also gives exemples of cases solved despite encryption. I would like to understand why encryption is described as the problem here.
I didn't read the article as blaming tech. The main takeaway for me was the astonishing under-resourcing of investigation and prosecution of these crimes. If the government can't be bothered to investigate 98% of the child sex abuse cases it already knows about (per Flint Waters's testimony -- which dates from a time when the problem was far less severe than it is now), why does it need to prevent encryption to possibly learn about a handful more cases?
Not to mention:
Congress has regularly allocated about half of the $60 million in yearly funding for state and local law enforcement efforts. Separately, the Department of Homeland Security this year diverted nearly $6 million from its cybercrimes units to immigration enforcement — depleting 40 percent of the units’ discretionary budget until the final month of the fiscal year.
Or in other words, in order to fight the imaginary rapists that Mexico is allegedly sending us, DHS is diverting money originally allocated to investigate actual child rapists.
Since WhatsApp is proprietary on both client and server side, it can't be proven that OpenWhisper wasn't tampered with. And chances are always against users when we speak of proprietary.
It's disgraceful that Signal hailed WhatsApp's announcement to use it almost like a second coming of a religious figure.
> "The proponents of this process use fear tactics to win support, what the four cypherpunks dub "The Four Horsemen of the Info-pocalypse: child pornography, terrorism, money laundering, and the War on Some Drugs." In other words, laws passed to go after child pornographers, terrorists, money launderers, and drug dealers end up chipping away at everyone's privacy. The classic example is the PATRIOT Act, passed to prevent terrorism but soon used to expand wiretapping and National Security Letter powers in other contexts."
It was specifically "war on some drugs". Americans love drugs, and we even love dangerous or mind altering drugs. But some drugs, for various socioeconomic reasons, we have declared evil.
Sure, for marijuana. But not all substances are the same. If you've ever gone through the hell of having a family member or close friend being addicted to heroin or coke or other physically-addictive "hard" drugs, you'll see that they're not in the same risk category at all.
But then you also had the whole "coke vs crack" thing in the 1980s - where crack was a predominantly used drug by ethnic minorities, and cocaine was more likely to be used by "high rollers" who could afford it - usually white and rich, yuppies, etc. Wall Street types and the like.
But rarely did you see or hear about any of those people landing in jail or prison for long periods. If you heard anything it was more or less laughed about, and society forgot about it. The perps maybe would spend a day or two in jail, get bailed out, and have their lawyers negotiate and plead down to a misdemeanor or something like that. Rich guy goes back to party and life.
Crack users? Well - they all ended up in prison for super long stretches and/or died there. Nobody cared or cares. Certainly not the above cocaine users and abiders.
It wouldn't surprise me to learn that the people abusing the cocaine and making deals like that weren't also in on the production and selling of the crack made from a portion of that same cocaine...
I'm not denying the double standard, just reiterating that some drugs are extremely harmful to people and their use should be discouraged/banned/whatever, no matter who is using them.
I'm not entirely sure how those four examples are supposedly invalidated by giving them a clever nickname.
I'll take the privacy side in most any discussion of privacy-vs-security, but categorically denying the possibility that some crimes could be aided by encryption seems a step to far.
It's also bad PR strategy: anybody not already on your side will be put off by your apparent lack of reasoning skills.
Instead, acknowledge the possibility and show them why you consider the benefits outweighing the risks.
Some crimes can also be aided by whispered in-person conversation. Should we require all in-person conversation to be shouted near a government office?
The societal default used to be that substantially all conversations were inaccessible to the government except through testimony. Encryption does nothing to change the availability of information through testimony.
Previously, remote conspirators could collaborate through the post, and their conversations could only be accessed with a warrant specifically targeting those communicators. End-to-end encryption does little to change the availability of information in a targeted investigation; it just means it's a little more difficult to access the information than entering a phone number into XKeyscore. Investigators can install malware on the device, or microphones and video cameras in the suspect's home to hear or see what is being communicated.
Forbidding end-to-end encryption, in combination with our mass surveillance apparatus, changes the societal default to be that substantially all conversations are trivially and automatically accessible to the government.
Do you regularly run into child porn on the internet? I don't.
I don't see those kids getting hurt any further unless they happen to be the sort of people that go out of their way to seek out child abuse material. It's hard to imagine anyone ever accidentally running into images of themselves being abused. You can't possibly be re-victimized if you don't know.
I don't mean to sound heartless, obviously these are horrific acts which hurt people deeply. I simply don't think banning encryption or otherwise eroding our rights to go after distributors and consumers is really going to have much practical effect on how the victims end up feeling.
E: HN doesn't let me reply to selectodude below
>the mere knowledge that pictures of you being abused on the internet is extraordinarily difficult to deal with
I absolutely agree with this. I just know that nobody can ever go tell the victim that now those pictures are forever gone off the internet.
I don't disagree. We catch child pornographers all the time and they are on the bleeding edge of encryption. There's no practical benefit to banning encryption. The .gov just doesn't feel like going through the effort and would rather enjoy, say, the ancillary benefits to being able to read all of our messages forever.
But yes, the mere knowledge that pictures of you being abused on the internet is extraordinarily difficult to deal with. Maybe not the best direction to go in when arguing.
If you don't see a reply link below on the main comments page try clicking their comment link which looks like "7 seconds ago" and you should find a reply to link there. I think hacker news is designed to make it harder to have a quick back and forth discussion for some reason.
How many thousands of people would you kill to save your own child? For many people the answer might well be all of them. Turns out emotional response isn't a reasonable way to come to a logical conclusion for how we ought to order society.
I'm sympathetic to those people's plight but ultimately I place a very high valuation on not only my privacy but everyone's privacy, A much lessor but still very great valuation on preventing such evil happening to the victims, and only a small valuation on preventing the ultimate sharing of those images between perverts except insofar as it serves to lead us to people doing the wrong.
I believe that via a substantial effort we can work to reduce the abuse of children, I think we can via a lot of work take down the groups of people sharing such data by infiltrating such groups and taking down the people participating. I believe that outright stopping all such sharing is probably impossible and I'm unwilling to implement 1984 to try.
The sharing creates demand. Producers increase supply. You should read more about this issue. NYT just did a bunch of great articles that will give you perspective.
Sharing only creates demand if money or other videos (or other things of interest to the original perpetrator) are given in exchange. And honestly, I expect the vast majority of abusers to be doing it either for fun (so they'd stop sharing videos, but keep raping) or for the money. Sometimes I wonder if what people really want is just to stop the transmission of child porn so they can go back to pretending it doesn't exist...
Child porn piracy is an essentially victimless crime.
Note: In the above I am considering the generic example of "child porn" to be broadcasting the forcible rape of prepubescents, not 17 year olds sending each other naughty pictures, which is what most content matching the US legal definition is (the UK one is just stupid as it includes drawings).
>And honestly, I expect the vast majority of abusers to be doing it either for fun (so they'd stop sharing videos, but keep raping) or for the money.
This runs contrary to the fact that people share things not just for monetary profit, but for other videos/pictures in exchange, and voyeuristic/exhibitionist reasons.
I think your point is very important. Forbidding e2e encryption only enables mass surveillance. It does not affect traditional investigative work. There are other existing tools for the job.
Anyone remember the FBI and Apple case a few years back? How quickly the FBI hacked the phone after Apple wouldn't cave? Other tools exist to do targeted surveillance and targeted attacks. Only authoritarians want mass surveillance.
I'm not saying anything bad about Apple here... I'm not sure what your comment is about. I'm actually saying (as an anti-Apple person) "good job Apple".
"The societal default used to be that substantially all conversations were inaccessible to the government except through testimony"
Sure. Before the telegraph was invented. And even before that people used security measures, such as wax seals on letters to prevent tampering or at least have an ability to detect whether or not the message has been tampered with.
You seem to think of messaging systems as if they were spoken conversations in private. They are not. Just because you are chatting with someone from the privacy of your own home, doesn't negate the fact that your words are traveling through a lot of wires and boxes belonging to all sorts of private and public entities.
During WW2, American federal government established Office of Censorship whose sole purpose was to review and censor all communications coming into and out of the country. Now imagine them finding that someone is mailing letters written in an unbreakable code. How long do you think it would take for the FBI to break down that person's door?
I am not saying we should not have end to end encryption. I am saying that government spying on citizens is nothing new, it is not something that was ever limited to totalitarian dictatorships and it should not be surprising to anyone that the government is trying to fight it. The news is not that the government wants to keep an option to read your communications. The news is that first time in history there is a chance people might want to and be able to stop them.
During WW2, American federal government established Office of Censorship whose sole purpose was to review and censor all communications coming into and out of the country. Now imagine them finding that someone is mailing letters written in an unbreakable code. How long do you think it would take for the FBI to break down that person's door?
It wasn't done that way. Envelopes were opened, and stamped "Opened by Censor". Material was cut out of letters. Censorship was not concealed at all.[1][2]
> End-to-end encryption does little to change the availability of information in a targeted investigation
A secure E2EE system must resist even targeted, legally authorised attacks. Are you suggesting that secure, practical E2EE systems do not currently exist? Would a world in which law enforcement must install physical listening devices and exploit unpublished software vulnerabilities to surveil suspects be more private than our current world, where E2EE is available but often disabled by default, and trusted intermediaries like Facebook and Google can be legally compelled to disclose non-E2EE messages?
> Forbidding end-to-end encryption, in combination with our mass surveillance apparatus, changes the societal default to be that substantially all conversations are trivially and automatically accessible
That is not (publicly acknowledged to be) the case today, even though non-E2EE platforms like Facebook are widely used. While Facebook could currently comply with laws authorising mass surveillance, and implementing secure E2EE would prevent them from doing so, the warrants under which they currently hand over non-E2EE messages are at least somewhat targeted. This controversy is not about a proposal to relax the need for warrants, it's about asking Facebook to preserve their ability to comply with them.
The clever nickname is not to invalidate them, it is to address the invalidation the government does by misusing these laws to make its job easier when it comes to lesser crimes.
I am a hardcore privacy advocate, but if these laws had a provision that they won't be used for other crimes, and if misuse such as parallel construction would be seriously punished, I'd have nothing against them.
> I'm not entirely sure how those four examples are supposedly invalidated by giving them a clever nickname.
They're not. A number of horrible things will happen as a result of pervasive end to end encryption.
However.
You have to run the numbers here. On the one hand, perhaps a bit more crime, some of which horrible. On the other hand, the privacy of everyone.
It's a hard sell. Just picture a politician on live television having to choose between having this cute little child being raped for years before they commit suicide (letting the perpetrators off the hook), or ramp up the surveillance a bit. Picture them choosing rape.
Nevermind the false dichotomy. The horrible fact is, the value of human life is not infinite. A mere inconvenience, suffered by enough people, is worth killing a few. Such situations rarely present themselves. (We rarely condone murder in the name of the betterment of humanity: some tried, didn't go so well.) End to end encryption (and metadata hiding while we're at it), is such a situation. The harm, though hard to perceive, is significant, affects everyone, and can potentially grow into full blown totalitarianism (possibly enforced by incentives rather than violent policing).
Preventing that is totally worth killing a few children… or at least spend resources on properly policing the problem, like going undercover.
Still, go say that on TV. I'm not even sure I'm safe writing it here.
It is not that simple. Two potential unintended consequences of this no-encryption rule come to mind that might actually not just not help, but in fact make it worse for the victims.
1. They said that FB captures 99% of those illegal activities by themselves. What makes us think that government will be able to capture that last 1% on their own?
2. Encryption gets removed, potential perpetrators move to another platform that uses encryption and doesn't have the capability to catch those illegal activities that FB already catches using their internal systems. Congrats, now those perps that would have been caught (even if FB implemented the encryption) won't be caught at all.
And with the uncertainty that comes to mind with both of those points, one thing that is definitely guaranteed to come is further erosion of personal privacy.
> 1. They said that FB captures 99% of those illegal activities by themselves. What makes us think that government will be able to capture that last 1% on their own?
To stress even more on this point (I have to also FULLY agree with the second), what evidence is there that lack of encryption will even make it easier to capture this 1% more. Pareto is a real thing. I'm not convinced there's an easy answer to capturing the last 1% and that it can be done with minimal resource allocation. That's where I start being suspicious. The back of the envelope math doesn't work out.
I agree, but many will not. So I figured we should address the central problem: increasing privacy automatically means increasing the ability for people to do whatever they want (that's the whole point). We'd be stupid not to anticipate bad consequences. It's just that the benefits are much greater, and we should be able to argue as much, even on TV in front of a potentially hostile journalist.
Facebook relies on the fact that most Facebook messages are not end-to-end encrypted to detect illegal activity. Forget the last 1% – how would Facebook continue to detect the 99% without access to decrypted message contents?
Client-side detection. You can probably argue that it can be evaded easily because it is client-side, but most people won't bother + it isn't like FB has an open API with a ton of third party FB clients.
I spent less than a minute thinking about this, but there are probably tons of other strategies they can employ. People familiar with the domain, I would actually love to hear your takes on this, as the topic is fairly fascinating.
It's an interesting idea. Assuming it's feasible, I wonder whether people would actually want to use a messaging service that's private, except where it thinks it detects illegal activity, in which case messages are copied to the police (and end-to-end encrypted on the way there, of course). That seems practically and logically equivalent to a messaging service which is not end-to-end encrypted but run by a trusted operator.
I think the two key things to remember are that "failure will happen" and Blackstone's principle. We have to, as a society, decide which direction we want to fail (modes of failure). We also have to decide what amount is acceptable (having 0 crime is a good goal, but we will never get there and need to be realistic). I think it is clear which way the founders of the country wanted failure to happen, which is Blackstone's principle. "A hundred guilty men should go free before a single innocent man is is deprived of his freedom."
I think everyone here is familiar with Pareto. Capturing 80% of criminals is easy. Catching the next 10% is harder than catching that first 80%. Catching that last 1% takes significant amounts of resources, way more than the previous 90%. So it just isn't economically viable to stop it all (exponential curve and we don't have infinite resources).
So I'm not sure that saying
> A number of horrible things will happen as a result of pervasive end to end encryption.
But I don't think it is necessarily wrong either. I think encryption enables it, but this sentence implies causation (which is the rhetoric of those that want to remove encryption: causation).
How I read the horsemen comment is that these topics are used as boogie men. Because what sane person wants that stuff to exist? OF COURSE we want 0%. How can you be against stopping child trafficking? (practically) No one is against that! These are also topics we care VERY much about. Because frankly we should do everything we can to stop child exploitation. But we know the goal is unobtainable and to get only a handful more than we currently get (which is almost all of them!) requires huge violations of privacy and significantly more resources to be allocated. The horsemen are being used to get us on board and make us not ask if these methods are meaningfully effective or ask what the costs are. It also says that anytime you hear officials talk about the horsemen that you should perk your ears up and start asking serious questions. How effective is this? Does it actually help? What are the costs? The Patriot Act is a good example. It is not clear that it meaningfully reduced terrorism in any way and yet we gave up a significant amount of privacy (I can quote founding fathers on this too).
So it boils down to "if giving up the privacy does not do an effective job at making any meaningful reduction in actual child trafficking <insert horseman>, why should we give that privacy up? There's clearly benefits to privacy. So is this issue really about child trafficking or is something else at play here and are they just feeding off my emotions?"
My first comment alluded to the torture vs dust speck dilemma. Horsemen vs privacy is nowhere near as extreme (especially at the dust speck end), but it has the same structure. If lay people realised this, the horsemen would not convince anyone.
I agree with much of your argument, but what makes you say so confidently that we capture or punish almost all of the people who engage in child exploitation?
I'm going off of what is said in the article and determining if what is said matches what I expect (which is based off of Pareto). Also consider that the statement that the AG said is not countering FB's claim. So that's what gives me confidence. One side says "we capture 99%" and the opposition says doesn't disagree and uses a desperate statement. I think if FB was wrong then the AG would counter on that point.
Why does my point have to depend on immutables? I'm really pointing out Pareto, which is still going to exist if you add or remove crimes. The only way I can see your counterpoint being an actual rebuttal, and not just pedantic, is if you redefine crime to be something meaningless. But if we're allowed to change definitions then we can't really have any conversation about anything. But language is imprecise and we can quibble over things that are in that imprecision or we can argue over what was the clear intent of statements.
It was not meant as a rebuttal of your overall point, which I agree with.
I'm adding to your point by saying that I don't consider "0% crime" as a desirable goal since crime is something defined by people and people are fallible, hence the definition is also fallible.
The problem is not in removing meaning from the word "crime". We all have an imprecise, handwavey meaning of the word in our minds when we use it. We usually mean something like "undesirable behaviour which benefits a single individual while harming others". The problem arises when you try to operationalize this loose notion into laws since this process frequently results in errors. Another way this can go sour is due to overreach by groups currently in power in an effort to stay in power, leading to loss of freedom (which is more applicable in this case).
In other words, some crime is actually people breaking the law because for good reason, like rebelling against an unjust, inefficient or overreaching law.
Therefore, it's better to strive for a low crime rate than a zero crime rate. This is also the conclusion you arrive at through the application of the Pareto principle.
> The horrible fact is, the value of human life is not infinite. A mere inconvenience, suffered by enough people, is worth killing a few. Such situations rarely present themselves.
If you consider "not saving while you could" the same as "killing", it's very common. So much in fact that it has its own WikiPedia page:
With a cosy link to a letter by the Department of Transportation:
> this guidance identifies $9.6 million as the value of a statistical life to be used for Department of Transportation analyses assessing the benefits of preventing fatalities and using a base year of 2015
All such value of life logic and cost figures go out the window with cars and alcohol. For our driving and drinks, we’re pretty much A OK with daily carnage.
Our society at large acts just fine with drunk driving deaths; looks like killing people while drunk is less abhorrent to us than trading photos of a teen.
I’m guessing it has to do with sense of purposefulness, malevolence vs. negligence, or identifiability with the commission of the crime?
Anyone decently intelligent and motivated can utilize end-to-end encryption in myriad ways with relative ease. If anyone is going to organize a sufficiently dangerous security threat, they're not going to do it through unencrypted Facebook messages.
Sure, idiots do stuff like this all the time. Sure they get caught. But idiots usually get caught by other means, too. And you never catch all the idiots, there's just too many of them.
>It's a hard sell. Just picture a politician on live television having to choose between having this cute little child being raped for years before they commit suicide (letting the perpetrators off the hook), or ramp up the surveillance a bit. Picture them choosing the rape.
But the argument doesn't even make sense. It makes the horrible assumption that pedophiles will continue using a service they know to be insecure. That's literally a provably false assumption. The second they realize it's insecure (which will take exactly one raid), they'll switch to something else.
And ALL of the above assumes that there are no criminal programmers and thus they have no ability to just write their own tools if there isn't something sitting on the shelf. We know with 100% certainty this is also a false assumption.
>But the argument doesn't even make sense. It makes the horrible assumption that pedophiles will continue using a service they know to be insecure. That's literally a provably false assumption. The second they realize it's insecure (which will take exactly one raid), they'll switch to something else.
It's not an assumption at all. The fact that people engaged in child pornohraphy have had decrypted communications used against them in court demonstrates this to be true.
Ephemeral conversation is not new and implicit in a right to privacy assuming it extends beyond your actual corpus.
The only way I understand your arguments to be a justification to break encryption is if you believe we should not have freedom to share privately.
That's literally a provably false assumption.
The second they realize it's insecure (which
will take exactly one raid), they'll switch
to something else.
It is trivial to prove that the second a criminal realizes a given communication mechanism is insecure they do not stop using it if it is convenient.
Has every criminal in the world stopped using the phone after the first phone was ever tapped?
And ALL of the above assumes that there
are no criminal programmers and thus they
have no ability to just write their own tools
But we know there are more than 0 non-programmer criminals who will not be writing their own tools.
You need better arguments than "if we can't stop all crime with an action it has no value" because it is a silly argument.
I feel like, to ensure privacy, we need an equivalent of Mutually Assured Destruction: the strategic introduction of a secondary Nash equilibrium that's so bad that it makes it obvious that we should choose the primary equilibrium. Right now, people have no clear sense on what "a gradual erosion of privacy at the hands of the government" really means. We haven't seen a 100% solid example of what any country would do with that power, yet (though China is getting close.)
But imagine if some crazy billionaire set up some sort of autonomous decentralized system that constantly attempted to MITM all the same systems the government likes wiretapping; and then, if it managed to extract any data from that attack, it would find names in that data, and put bounties out on those people on assassination markets (paid from anonymous accounts previously set up by the billionaire.)
Now the choice is between some people dead, and a lot of people dead! Everyone get on board the privacy train!
That is-- pick an insanely fast development cycle where piecemeal/baroque security approaches simply cannot keep up. Eventually you arrive at a place where the whole endeavor become a giant tinder box just waiting to go down in flames. But that forced browser vendors to say, "Ok, let's just assume everything is constantly on fire, cordon everything off into flame retardant boxes, and improve our response time by many orders of magnitude."
If anything ever gets too hot from the thousands of strangers I casually let in the front door I simply move to another building and recycle the burning one.
Meanwhile I treat my Debian install like a prized piece of Shaker furniture. You'd have to be a goddammned 19th century furniture historian with your credentials showing before I let you anywhere near my brittle little museum.
But we aren't "ensuring" privacy; we're inventing whole new forms of privacy. There has never been a private and secure channel to communicate with thousands of strangers across the world. Simply acting like this brand new thing is an obvious and unquestioned good is naive.
At a point in time, simply writing in your villages native tongue and posting it around the world could have afforded the same benefits. Private communication has been the cornerstone of civilisation for many hundreds and thousands of years and will do for many more to come.
I should not be vilified for my want of privacy.
This "never before seen" argument cuts both ways, though. There has also never been a full, verbatim record of all of one's communications, personal notes, searches of the equivalent of the world's largest encyclopedia, precise location over time, and myriad other details, carried in one's pocket and/or magically copied to a central location at which someone can perform instantaneous bulk keyword searches. The raw data and processing power over that data that governments have, now, is completely unprecedented in the history of the world.
We used to be protected by the ephemeral nature of 99% of life and by the inability for anyone to centrally view or mechanically process the other 1% (letters, diaries, etc). This is just as much argument for strong protection as your argument goes against strong protection.
> It's a hard sell. Just picture a politician on live television having to choose between having this cute little child being raped for years before they commit suicide (letting the perpetrators off the hook), or ramp up the surveillance a bit. Picture them choosing rape.
We see politicians regularly choosing to not enact overwhelmingly popular positions like universal background checks in the face of mass murders of children.
How many politicians have done anything to stop the Catholic church from hiding child rapists? This is a much more direct harm and no one who isn't a child rapist would lose anything if we fixed it.
Politicians are already choosing rape and murder when the stakes are much lower.
> You have to run the numbers here. On the one hand, perhaps a bit more crime, some of which horrible. On the other hand, the privacy of everyone.
It's not just a matter of "many small harms > few large harms" though. Not having privacy can lead to severe harms.
If the bad guys break into a system that allows them to effectively wiretap everybody, now they can snoop around and find blackmail targets. "I know what you did, have sex with me or everyone will know. Or send money. Or give me your employee access badge."
Results: Rape, financing child sex trafficking, facilitating an act of terrorism. Or any of the less visceral but nonetheless widespread and significant consequences like major financial fraud or corporate espionage.
And that's just blackmail. What about the suicides of people who get doxxed? Or the people in violent relationships whose abuser is in law enforcement or in a criminal enterprise that has compromised the surveillance apparatus? Or the mental health epidemic which results when people know their communication is exposed to people they don't trust to see their true selves and then self-censor into performance-art conformists riddled with anxiety and loneliness?
Privacy is about keeping perverts in law enforcement from reading the sexting that should only be between you and your spouse, but it's also about keeping the country and the people safe from terrorists and foreign powers, keeping victims safe from abusers and allowing people to satisfy the human need to be themselves in communications with people they trust.
Privacy isn't a trade off against security, it's a necessary component of having security.
Still, go say that on TV. I'm not even sure I'm safe writing it here.
FWIW, I applaud your willingness to make such a statement. (And no, this is not sarcasm!) Self-censorship is a horrible thing, and I feel like I die inside a little bit every time I catch myself doing it. But more and more these days it begins to feel like even hinting at a willingness to engage in "thought-crime" is exceedingly dangerous. I mean, shit, a woman got passed on for a job because she had a picture of herself in a bikini on her Instagram. Imagine if a prospective employer find a comment online which could even remotely be twisted into saying that some child deaths are a sacrifice that may be inevitable in order to protect an abstract principle like Freedom, or "Free Speech". Zoinks!
Do you say you want to apply a dictatorship state of global surveillance because criminals are going to use the internet? What about other tech available to them? Are we going to set up a surveillance mechanism in those as well? Scooters? Cars?
Who's going to compile all that data? How is it protected?
It's about the Governance of Information,
and guess what,
I want to be Governing my Data, not some shady politician that got elected for a 5 or 7-year term in some other country.
Every actor in those systems have access to the data of every person that got their info collected.
And yet we are still here with that pedophilia and terrorism argument that, while they are very true, have still evolved and expanded. Even with the Cloud Act and all of the shady agreements
It's an evolution of our sick society, we had that kind of criminality rampant in 2000, we saw that evolve with the net,
But just like the young gangsters that evolve with stolen scooters,
Criminality will always have its sick way.
But dictatorship and global surveillance?
We didn't accept that in the 2000.
And we should never accept that at any cost,
even if it falsely promises to resolve the problem of pedophilia, terrorism, and criminality on those spaces by applying weird unknown algorithms
Technology will always be used by criminals because these are part of the society we build and evolve. They will change their behavior just like all of us; We cannot give up on our freedom and ethics to help catch the few.
And that's what's the problem. I don't care about police retrieving the data of a criminal once a judge has agreed to that, I care when we give them the entire web information and allow them to dictate the behavior of those networks
Not sure why this reply is to what I posted, since it seems to be making a different point. But FWIW, I almost completely agree with what you said there.
> It's a hard sell. Just picture a politician on live television having to choose between having this cute little child being raped for years before they commit suicide (letting the perpetrators off the hook), or ramp up the surveillance a bit. Picture them choosing rape.
This was tried by a Canadian Minister at one point to sell surveillance in this extreme way:
> In February 2012, as Minister, Toews introduced the Protecting Children from Internet Predators Act (also known as Bill C-30).[118][119] The bill, which made no mention of children or "Internet predators" outside of its title,[120] would have granted police agencies expanded powers, mandate that internet service providers (ISPs) provide subscriber information without a warrant and compel providers to reveal information transmitted over their networks with a warrant. When criticised about privacy concerns, Toews responded that people "can either stand with us or with the child pornographers."[121]
This argument is so unbelievably stupid, that I don't even know where to begin.
First of all, encryption in WhatsApp is targeted towards consumers. You won't catch terrorists by limiting encryption. If terrorists and other criminals are not using encryption anyway, then they are so stupid that they deserve to be caught.
The only thing a lack of privacy does is throwing us further into dictatorship. Just imagine a madmen, like uhm... say Trump, with the full power of the secret service behind him and limited to privacy for end-users. Well this is just great. All the dirt he can dig up about his opponents. He asks foreign governments to dig up dirt, okay, that means right now the NSA isn't too much inclined to help this guy out, but what if they were?
If you water down privacy you are robbing the people of their only chance to organize protests and rise up to authoritarian governments.
Last but not least, the crimes prevented by not using encryption are absolutely negligible. The numbers are so freaking low that each day more people will die in car accidents in the US alone than would die globally because of pervasive usage of unbreakable encryption.
This analogy of `Uh a person could be prevented from getting raped is more important than preventing a fall into dictatorship` is so contrived that I don't even understand how anyone can eat this shit. Bad things happen all over the place and you are buying this sham argument that is preying on human psychology.
I used to have an opinion, but recently realised that I simply don't know the subject well enough. But I can see the tradeof: on the one hand, guns facilitate accidents and murders. On the other hand, arming the population could ensure they can effectively rise up against their government if that's really needed. Not that they will actually, do it, but the mere possibility likely changes the way things are done.
There's also personal defence, but that one has disadvantages too (there might be false positives, were a presumed mugger would get shot). Plus, from what I hear, guns have different effects in different countries.
It's a complicated subject. My opinion right now is not informed enough to be trusted.
I didn't really want to derail the discussion, it was just really striking how similar the arguments here in favor of privacy really are to the arguments in favor of gun control- but many people I have known are in favor of one and not the other.
This whole privacy thing is pretty mute if the lack of privacy doesn't come with its own danger. The wider princple is likely based around a simpler question.
Who is more of more danger to you. A cabal of rich drug dealing terroist pedophiles or your own Government? The argument then becomes one of statistics and then of the lesser harm.
I imagine the answer is obvious with the Government being sigificantly more harmful. You're likely comparing a few hundred deaths of tens of thousands.
You'll always find a subset of the population who thinks the death of citizens or harm is justified in some way, because they took some action that broke the law.
But find enough examples where the offernder did no direct harm to anyone else and I suspect you'll give most reasonble people pause for concern.
And if the facts don't match your gut, then maybe you're wrong and privacy isn't all that important.
> Still, go say that on TV. I'm not even sure I'm safe writing it here.
The thing to point out is that we all make the implicit choice to let people die for convenience every single day: Almost all of us could choose to pay a bit more to charity to save a life, almost no matter how much we're currently giving or what we're currently doing, or could choose to take jobs that would do more to make the world a better place.
We just rarely have to face what choosing differently would have meant, so we get to pretend it doesn't have much to do with us. And granted, most of the time the consequences are many steps removed from our choices.
> A mere inconvenience, suffered by enough people, is worth killing a few.
Wow. I can't agree with that one even a little bit. The real concern is totalitarian abuse. But being inconvenienced allows us to kill? That rings as downright pathological.
Honestly, on HN I feel there is much more disdain for my position. Given the world we're in, Facebook being able to assist law enforcement around child abuse, sexual slavery and human trafficking provides a lot of value. I feel people on HN are underestimating the extent of these issues, underweighting their severity, and overstating the dangers of letting Facebook store private data.
Estimates say there are something like 20-40 million slaves in the world, and that 50,000 people are trafficked per annum in the USA. Something like 20% of slaves are sold for sex. Facebook is believed to be a common platform to facilitate this, though I haven't been able to find numbers.
In contrast, despite the occasional news post of a particularly incompetent company leaking a database of plaintext passwords, Facebook's data storage is pretty safe, and encryption does still afford a lot of protection. The idea that hundreds of thousands of people are going to have their private data extracted from Facebook through individual attacks against the servers is not well corroborated.
Totalitarianism is an important long-tail risk, but I don't think it's reasonable to suggest that these programmes are a path to it. Overall privacy rights quite plausibly are, but that issue exists primarily as a matter of policy and law, not as a matter of technology. If the laws are bad, Facebook illegally preventing protection of trafficking victims will not help those laws change to a more moderate position, and if the laws are reasonable, cooperating to prevent trafficking victims would not be harmful to positive political outcomes.
The scale of abuses would have to be multiple orders of magnitude smaller, or detection mechanisms incredibly ineffective, before this tradeoff made sense to me.
> The horrible fact is, the value of human life is not infinite. A mere inconvenience, suffered by enough people, is worth killing a few.
I think this kind of dark-sounding reasoning only holds up when you phrase it not as “a mere inconvenience” but as tyranny, which is what encryption and privacy in general protect against.
I support personal rights to privacy, and believe that we should find ways to enforce laws without violating privacy. Representative governments need the ability to alter their own power structure in order to function, and yet human power structures naturally resist change, including by spying on those who conspire against them: therefore, privacy is essential for representative government. Representative government’s alternative is tyranny, which we know creates incalculably-large-scale suffering.
Human nature is at the root of why privacy is costly and also why it is necessary; however, much evidence suggests that the set of aspects of human nature we express is mutable and dependent on environment.
While I would never argue that we can remove those aspects of our nature, I believe we can alter our environment to reduce how frequently we express the more sinister ones.
In short, I’d rather work on reshaping our environment, including and especially our culture, to make privacy less necessary and costly, than to debate whether it is either. It is both, and it will always be both, but we can make it less of both, or more of both, with our culture. Same for guns.
> I'm not entirely sure how those four examples are supposedly invalidated by giving them a clever nickname.
It's not supposed to invalidate the reality of the matters concerned. It's supposed to suggest that that they're not actually the issues at hand, with CP and Drugs and Terrorism being used as stalking horses because being in a position of being seen to defend the privacy rights of terrorists makes for terrible PR.
There are ways for them to investigate via warrants. That covers all use cases for FBI/CIA/cops. They don't need any other techniques. It's the only logical interpretation of the US constitution to modern electronic communications. Otherwise you become what China is currently.
The controversy is about Facebook's proposal to implement E2EE on Messenger, thus ending Facebook's ability to comply with warrants ordering them to disclose Facebook messages. Due to the lack of E2EE, Facebook can currently detect and report a lot of crime to law enforcement; some of this crime may go unpunished if E2EE is implemented.
To go for the nuclear option, are you prepared to support Auschwitz to stop child porn?
China already has the concentration camps, it's one step away from extermination camps, all empowered by the same surveillance tech we in the west are creating.
It's not necessary to prove that the benefits outweigh the risks. It's trivial to show that in a free country where people are allowed to control their own devices and create and install software of their choosing its trivial for bad guys to communicate in such a fashion as to be 100% immune to any sort of dragnet style surveillance while being equally vulnerable to targeted surveillance whether end to end encryption is banished from mainstream platforms.
There is no benefit to outweigh. For there to be benefits one must convince oneself that we will actively prosecute bad actors via intelligence gathered via holes we will publicly announce we are drilling into previously secure platforms and drug dealers and terrorists will never figure out how to embrace free open source p2p software that doesn't share these disadvantages. There isn't even one smart person among the bad guys or even among the good guys who will create a platform one can connect to with a few clicks amenable to even techno morons. What could possibly go wrong.
Implementing end to end encryption in these messaging apps won't make any of these issues worse. The criminals this will supposedly help already have easy and convenient ways to do the same thing. The government has not caught anyone of any importance this way, so encryption of Facebook messages won't hinder any real investigation methods.
This won't increase the number of people affected or reduce the number caught. The only thing encryption can do in this case is make it more difficult for the government or foreign governments to read personal messages.
Not implementing encryption here can only help people violate people's privacy, it cannot help the government do its job.
> The government has not caught anyone of importance this way
The letter specifically describes an offender who was sentenced to 18 years' imprisonment, detected when Facebook read his non-E2EE communications with a child victim. Are you suggesting this was an unimportant or unrepresentative case?
Basic human rights prevent people being jailed on sight. Some of them are criminals. Some of those rights are constantly challenged, yet no one questions their general value. Privacy, thus end to end encryption is a basic human right. There shouldn't be any reason to require proof of this. What we have here is simply the fear of the loss of an extremely powerful tool.
Privacy is a basic right; it is even constitutionally protected in the United States by the Fourth Amendment. However, it has always been accepted that gross invasions of privacy can be authorised in appropriate cases – for example, warrants to search houses, or warrantless searches of immigrants and prisoners. Why must the right to use end-to-end encryption, unlike the right to privacy in your home or at the border, be accepted without proof as inviolable?
Those four examples are not sufficient reason to deny good encryption to anyone...and denying good encryption to anyone is denying good encryption (privacy) to everyone.
Unfortunately vast swathes of the population are not able to process nuance. Even if you gently point out that North Korea is probably one of the few "crime free" societies they don't seem to parse that a world of total security cannot coexist in a nation that values freedom.
Child pornography - Politicians and priests.
Terrorism or Freedom Fighters?
Money laundering - Capitalists .. harmless in the large scheme of things.
Drugs - Yeah right.
How about 24x7 surveillance for politicians and priests and no surveilance for normal folks.
They did such a great job with Epstein too. Letting him go free for all those years and protecting him and then he suddenly dies when he is gonna name people in Government and the Royal family.
You boldly claimed that the government is observing me in my home through my devices, and I want you to show your work.
PRISM happens at the ISP level, and doesn't mention directly using iPhones, Macs, HomePods or tv as surveillance endpoints... So, where's your proof showing that they're surveilling US Citizens through those specific devices?
>Specifically Apple-related and North American examples?
That's an oddly narrow goalpost. Apple shares user encryption keys with the Chinese government, for example, giving the Chinese government access to all iCloud pictures, messages, documents, videos, etc.
Do they? Shit, I thought that they’d set things up that sharing the key was extremely difficult if not impossible without access to the device? That’s disappointing if true, is there a good article on this?
Yep, Chinese users only. The odd part is that the internet blew up at Google for even proposing it and later cancelling it with project Dragonfly (also only for Chinese users), but Apple quietly went ahead and just did it without many people noticing.
Apple does business in China the way they have to do business in China. I don't agree with that, but I'm also quite sure they have not given my iCloud keys to China.
And you missed the point where I said that it was an oddly narrow goalpost.
Also, how exactly was what I said "not accurate at all"? I accuarately said Apple was sharing iCloud data and encryption keys with the Chinese government.
>"Apple shares user encryption keys with the Chinese government, for example, giving the Chinese government access to all iCloud pictures, messages, documents, videos, etc."
Is the full sentence with context, meaning access for all the iCloud data for the encryption keys being shared. Don't mince words because you misunderstood the sentence.
I didn't want to get accused of moving it later. Also, I'm only interested if there's evidence that applies to me. I'm 100% Apple and 100% USA-based, so if there's proof that "the government is listening!" then I want to see it.
Call me crazy but I'm thinking of buying one. The fact it has a camera cover and a microphone switch is enough to make me comfortable. I'm just waiting to find out if it's a software switch or hardware switch.
Doesn't everyone want to catch guys like this [1]?
If not, you're a bad guy and we can discount any argument you put forth am I right?
Am I right?
High five? Anyone?
Anyone?
Point being that the enemies privacy have been waging an extremely successful propaganda war against our position for longer than most privacy advocates have been alive. A campaign that is at once massive and specially calibrated to go unnoticed. (How many connect the 'Telescreen' to the example in [1] in their minds?) They have the power to ensure that hand picked, specific examples, calibrated to inflame, are used as flag bearers in the zeitgeist. They have a long game of very specific goals, coupled with an army of natural language, behavioral psychology, and media experts all dedicated to that singular purpose. They have decades of experience at manipulating populations at scale, and a track record replete with successes.
Meanwhile, we sit on HN and social media talking to each other about how our side will be proven right in the end. You know, 'cuz "freedoms".
We have to start addressing the legitimate points that government and law enforcement types are making, because not doing so cedes more and more ground in public behavior and public opinion to those enemies of privacy. The great irony here is that we ourselves have helped them manage to cast themselves in the public eye as the "champions of safety", due largely to the poorly chosen nature of our bedfellows. We need to start getting out in front of a lot of the legitimate arguments that law enforcement is making, and we need to push back against professionally subtle narratives in the national media that attempt to attach us to yet more unsavory bedfellows.
100%. There is no convenience that would ever convince me to have an always on listening device in my home.
PRISM was proof that governments pressure tech companies to become sources.
How to build a program to retain power:
1) Make new tech that is very convenient but has potential to become surveillance vector.
-> e.g, Phone with voice recordings, fingerprint Face ID, location data, network of friends. Smart TV, smart watch, smart locks, Alexa, etc.
2) Support consumer adoption.
3) Keep public attention on the evils of foreign states and domestic terrorism.
4) Convert devices into active surveillance sources citing home security, public safety and the classic “what do you have to hide?”.
5) Do so as fast as possible without creating a revolt.
6) Have such pervasive surveillance that it becomes increasingly difficult to discuss, assemble and revolt.
7) Continue to introduce more controls, reduce freedoms, increase work week, taxes.
I do see some difference. Home, always on, always capable of transmitting, unlimited power means they can listen as much as they want.
The phone has to cherry pick phrases and capture times. With the right codex, the phone could keep recording for a long time after the right phrase or your IMEI is targeted. Still sub-optimal, but not as easy as Alexa. My bigger concern around phones is GPS data. That's why I've not had a phone in my name in the last twenty years and never owned a smart phone.
Now put the data sets from your phone, Alexa, your credit/debit card together and that paints quite a full picture.
The Ring device is very interesting. It faces the street. I mean, the house on the other side of the street. A network of those can track the movement of anyone that lives near one.
Doesn't even have to be a smartphone. Every telco is compromised and they can deploy whatever software they or their overlords want to the baseband processor.
We need to put them to homes of politicians, judges, lobbyist, diplomats etc since they are the biggest threat to national security. Also their close ones that might be even greater target.
There are laws authorising this, and they are frequently used to investigate serious crimes (like murder). They are not used for less serious crimes which do not warrant such a serious invasion of privacy.
That is indeed a lazy argument.
The proper angle for the public argument is what's the tradeoff?
What do you lose by trading privacy?(as you're clearly not impacting child safety by dropping privacy related to a digital asset).
And second: is encryption the number one fix for the actual concern? - i.e. if (physical) child safety is the most important concern for you (the citizen) what has the largest impact on that?
I mean, I agree with you on the argument completely, but I disagree that it’s a lazy argument.
It’s an extremely effective argument, relative to its factual content. The west is culturally conditioned to accept terrorism as justification and child abuse justifiably gets people riled up.
What’s lazy is people who can’t be arsed to look at complex things from multiple angles.
In light of all the Epstein stuff, it sure sounds like "were raping children, so don't implement end to end encryption, or someone might rape your children." I'd say it's ballsy, but with how publicly they executed Epstein right under our noses, it seems like they just don't face punishment for breaking the rules and want to rub it in our faces. It's not like any of us would get away with that. Fucking pathetic. The best anyone will do is tug on their leash a bit. Back to the treadmill, and pump out money for your masters you fucking sheep.
Wrong. It's a substantiated theory, because there's lots of evidence suggesting this theory is correct. But it is not a fact, you're right there's stil la possibility it was an actual suicide, but I'm right in calling it a substantiated theory that Epstein was "suicided"
> And I’m not sure what the AG has to do with Epstein’s crimes. Did you get some people mixed up?
The AG is a loyalist to and subordinate of the President, who was an associate of Epstein and who was also at one point accused of having had Epstein procure an underage girl for sex.
The AG's father, Donald Barr, also [may have] hired Epstein as a math and science teacher at the Dalton School where Donald Barr was Prinicpal, despite Epstein seemingly lacking appropriate credentials [1]. William Barr was either a student there or attended in some capacity. Note the linked article at the bottom shows it is not clear whether Donald Barr had a personal role in the hiring of Epstein.
Coincidentally, the same day HN gets this story ABC News is reporting that...
Congress was provided “encrypted text messages [the top US diplomat in Ukraine] exchanged with two other American diplomats in September regarding aid money President Donald Trump ordered to be held back from Ukraine.”
"Think of the children!" The most ridiculous, stupid argument that US politicians have loved for decades, maybe longer. What a bunch of bullshit. I can't believe that I'm siding w/ Zuckerberg on something. Then again, we're talking about the AG. I hope Zuck stands firm on this and gives them the middle finger. That's the only response to something like this. Have them pass a fucking law or shove their fucking open letter up their own asses.
"Facebook, which owns Facebook Messenger, WhatsApp, and Instagram, captures 99% of child exploitation"
Reminds me of this story:
"Back during World War II, the RAF lost a lot of planes to German anti-aircraft fire. So they decided to armor them up. But where to put the armor? The obvious answer was to look at planes that returned from missions, count up all the bullet holes in various places, and then put extra armor in the areas that attracted the most fire.Obvious but wrong. As Hungarian-born mathematician Abraham Wald explained at the time, if a plane makes it back safely even though it has, say, a bunch of bullet holes in its wings, it means that bullet holes in the wings aren’t very dangerous. What you really want to do is armor up the areas that, on average, don’t have any bullet holes. Why? Because planes with bullet holes in those places never made it back."
How does this analogy apply to the competing goals of protecting privacy vs. detecting and preventing crime by monitoring private conversations? Which one corresponds to a plane getting shot down?
"captures 99% of child exploitation"
The majority of bullet holes are in the wings, so those need armor; the majority of child exploitation is through Facebook, so they need access to the content of the messages. It's an assumption made on incomplete information. The engineers only saw bullet holes in the planes that returned. And law makers only have information about the criminals who get caught. At least that's my understanding of the analogy.
The wrong assumption is in BuzzFeed's reference to "99% of child exploitation." The letter, which they deserve credit for quoting in full, says that "more than 99% of the content Facebook takes action against – both for child sexual exploitation and terrorism – is identified by Facebook's safety systems" (which rely on Facebook being able to automatically analyse unencrypted messages), "rather than by reports from users" (which could still be submitted if Facebook implemented E2EE by default).
Assuming you discover child exploitation on Facebook, why would you report it to Facebook, rather than the police? The police can actually arrest people.
Criminal activities are exacerbated by the internet it would be a lie to say no. But just like with cars, scooters, or any tech that's sufficiently democratized.
They need a permit for a car? Why not just steal it?
I need an identity to do shady stuff on the internet?
Why not steal it?
We cannot reason with malevolent forces, there is always going to be away,
And by that time, we compiled the data of everyone, centralized it all, and let govs that don't understand the implication collect those as if it was mere petrol or gold.
We are putting everyone's life at risk doing so, just wait until it leaks out or it starts getting sold. (ahem, oh wait !)
"We are writing to request that Facebook does not proceed with its plan to implement end-to-end encryption across its messaging services without ensuring that there is no reduction to user safety."
Isn't the entire point of E2E Encryption for user safety, as in safety from the government reading your message?
True E2E Encryption would also mean the platform(FB, Telegram, Google, Apple, etc.) also can not read the messages and thus the law enforcement can not force them to reveal what a user said because it would be impossible for them to know.
You are partially right but the issue is that E2E isn't even enough. E2E doesn't matter if they force a patched binary that also sends the data to the government. This is EXACTLY what the Australian laws saws they must do, oh and it is a gag order so they can't disclose it.
I'm starting to wonder if this is a smokescreen. Eventually give in to E2E because you know you have got app store signing keys for the apps so you can upload a patched one with backdoors.
> You are partially right but the issue is that E2E isn't even enough. E2E doesn't matter if they force a patched binary that also sends the data to the government. This is EXACTLY what the Australian laws saws they must do, oh and it is a gag order so they can't disclose it.
> I'm starting to wonder if this is a smokescreen. Eventually give in to E2E because you know you have got app store signing keys for the apps so you can upload a patched one with backdoors.
Is there no way to prevent auto-updating of apps? If the app blocks access barring upgrade it may be suspicious. Though I guess the upgrade would probably be veiled in new features.
How would letting people continue to use what's been working for them cause a "broken user experience"?
Users should have to power to decide when and if to update. If their old version causes them technical problems or exposes them to security issues that is their business. Software can (and often should) offer auto-updates to make things easier for most users but it should respect a user's choice not to update. Especially when updates often introduce anti-features and/or disable existing features.
This is a good point. E2E is better then not, but you still can't trust FB. Anybody who seriously cares about privacy will still use something open source.
But its not about those couple people, its about rolling out better security to billions of people. Even a 0.01% increase in secuirty is an incredible benefit if it runs on a platform like Facebook.
It also totally changes how government has to force Facebook into giving them something. They can't just request access to some server anymore.
The main way to defeat a state is to make mass survailance difficult enough that it doesn't scale well.
Apple has true E2E encryption with iMessage if you don't turn on iCloud backup of your messages. It's encrypted when it leaves your device and decrypted on the receiving device. Furthermore the messages on your device are locked via passwords from the Secure Enclave.
They’re talking about national security. They want to read your messages so they can see if you’re a potential terrorist. They are not talking about users security. They don’t give a fuck about that as evidenced by the equifax debacle.
> They want to read your messages so they can see if you’re a potential terrorist.
That is their stated reason. If given access they will also read your messages to determine if you are a drug dealer, or a drug user, or have committed financial crimes, or if you're organizing disfavored political activity, or...
Even the capability of mass surveillance means that the public can be abused by the powers that be without much worry of backlash. It takes fear of the public out of the policy making equation, along with having a chilling effect. I don't think a representative democracy is really representative or a democracy anymore with a power imbalance that steep. Nevermind Citizens United.
"We are writing to request that Facebook does not proceed with its plan to implement end-to-end encryption across its messaging services without ensuring that there is no reduction to user safety."
I don’t get it. How could end-to-end encryption reduce user safety?
It's even a poor version of that argument. The victims of whatever crimes this would allegedly prevent aren't necessarily users of the platform. In that type of scenario, the perpetrators are the users.
Why should Facebook guarantee that it won't lead to security concerns? That's not their job. Is the AG going to go around asking all companies not to do E2E encryption until they can each make that guarantee?
> While the letter acknowledges that Facebook, which owns Facebook Messenger, WhatsApp, and Instagram, captures 99% of child exploitation and terrorism-related content through its own systems, it also notes that "mere numbers cannot capture the significance of the harm to children."
Ah yes, "think of the children!" This is so tired, I'm (just a bit) surprised they fell into this argument.
The joke is on "them" in our current day and age. The overwhelming majority that care about children are far more interested in gun safety than backdoors for the NRA backing party.
If they don't do E2E, users will abandon Facebook for platforms that do support it (and already are). And they aren't doing this to commit crimes, but to prevent advertisements from targeting every conversation they've ever had.
It shows that in every message thread, so I'd say everyone; how many understand that and realize the consequences of having or not having E2E encryption is another matter.
I used the wayback machine to read the older version of this article, it took specific aim at WhatsApp and Sigal, indicating that (in so many words) it disapproved of the apps providing a notice of Safety Numbers changing instead of the app flipping its wig and making the user take affirmative action to continue communications, otherwise it wasn't true TOFU.
I have about 30+ contacts on Signal, and I almost __never__ get Safety number changes. I certainly don't think making the user click through yet-another-dialog-they-wont-read will be a big security improvement.
I suppose I disagree with the 'not true TOFU' argument.
Honest question: We all know FB won't give up their targeting data, but if it's done locally on-device and we have access to see & modify it, would you support it as a better business model?
Obvious false equivalence. Just because we protect collecting/using certain data in certain contexts where we believe it does more harm than good doesn't mean we have to ban all data collection/use.
You specifically stipulated that the data optimization was bad - then why is data optimization of ads harmful? Doesn't serving relevant ads have more utility?
I made no such claim. You acted like tracking users was required to run an ad-based website, I pointed out that running ads does not require tracking users.
I am not sure if I'd be willing to make the argument we should ban (as in make illegal) collection of user data, but acting like such data is required to run ads is ridiculous.
As if this were the only way to support such a service...
How about we techies stop kissing ass to the advertising execs and stand up to them for once??
They want more data, more relevant ads, more more more more more. Their ask is impossible without massive invasions of privacy. Fuck them, I say
Return to scattershot ads, they can understand me as an audience without having to mine every ounce of my life for it. That approach will produce more relevant ads for me anyway
I'm not going to answer this in regard to Facebook specifically, because I can't imagine a circumstance where I would be willing to use a Facebook product.
But since this idea has been brought up by a number of ad companies (Google, most notably), I can answer in the more general sense.
I would not support ad targeting done that way. It is a bit less objectionable, but it doesn't really address my objections to the entire practice.
>users will abandon Facebook for platforms that do support it
Assuming someone already has knowledge of Facebook's past activities, then they are likely already gone. If they are still using the service, it's unlikely this will make a difference.
Cheap and convenient is just too much of a draw for some folks. Especially when it involves "staying connected" with friends and family (irrational behavior driven by emotion).
People are so much on board with govt surveillance, and so indifferent to privacy technology that it is now the duty of tech to teach people the tools they should use. If , of course, tech is on the side of true privacy
No they won't drop Facebook. They will keep using facebook as long as it's useful to them or the next big thing comes along. 90% of people don't care if the government spies on everything they do.
Sometimes I can understand the willingness to reduce the privacy of self and others in order to ensure that the law is able to prosecute those involved in heinous crimes. Our current political environment though involved a president openly calling on foreign governments to investigate his political opponents. What is to stop them from going after the private communications of those same opponents in the name of targeting "Corruption".
Encrypt it, end to end, the government does not need to be able access all private communications of private citizens. There are other means of investigating potential crimes.
On top of that, so these crimes didn't exist before mobile phones? They just want to sit in the ivory tower and see everything. I'll also agree to this the day after Barr hands me his unlocked personal phone. I promise not to disclose anything I find.
You may be radically underestimating the degree to which the Internet has made it possible for people who abuse children to share content. In some cases, these crimes truly couldn't be perpetrated without the anonymity of the Internet, and the existence of these clustered communities of pedophiles encourages further abuse/exploitation.
I love the Internet, and my career is in security. But we as a security/privacy/technology community truly need to look hard in the mirror about how we are allowing and perpetuating lifetime harms to children and women.
Terrorism exceptions, like San Bernardino, don't ring with as much impact as the CEP argument.
Encryption or not, if "bad" people can access illegal content "good" people can too. It might take actual work instead of passively reviewing the private communications of every person innocent or otherwise, but it's not made suddenly impossible.
Indeed the "anit-corruption" drive is widely considered President Xi's method to consolidate his power in China ("Flies and Tigers"). It's an only slightly more subtle version of double speak, accuse your opponents of exactly what it is that you are doing, so if it ever leaks you can point and say "see what he's doing too!".
Forget the hypothetical. Our last administration used wiretapping on it's political opponent. Now that there is precedent that that is not illegal or 'dirty politics', what is to stop the current administration from doing it from it's political opponents?
Ultimately there's nothing stopping criminals from using any number of E2E alternatives. Short of banning open source software, there's nothing the US government can really do here. Forcing Facebook to leave in a government backdoor will just send all the criminals to other services or even to roll their own.
Under the Constitution the government doesn’t have a leg to stand on to either ban crypto or ban open source software. Certainly no more than it can ban algebra, Elvish or volunteer work.
I don't recall that happening, although I do remember the Obama administration being concerned that the Trump campaign was being targeted by / cooperating with the Russians. Seems that looking into that is a legitimate use of government power but I guess that is going to depend on where you fall on your view on Trump.
But if it was true, seems to be another reason to allow End 2 End.
Unless this was essentially a "but her emails" post.
> Encrypt it, end to end, the government does not need to be able access all private communications of private citizens.
Law enforcement and security agencies need to be able to access any communication. This does not mean that they should monitor all communications.
They can eavesdrop on any phone call. They do not eavesdrop on all phone calls.
The problem with E2E encryption is that it prevents eavesdropping even with the standard legal safeguards (warrant, etc), while not being required for the privacy of users. It is only effectively a marketing tool to convince people to use services from providers they don't trust, although, of course, since they control the app they can still in principle access the data.
One of the points of eavesdropping is that the target is unaware of it, which enables the police to gather more evidence about more people.
E2E is not required for privacy. There is also a difference between privacy and the right to privacy, and a guarantee that no-one will ever be able to know what I'm doing.
There is no absolute, including absolute right. It's all about balance: We have a right to privacy but the police may search our homes and eavesdrop on our communications in strict, specific circumstances because that's in the public interest. The idea is simply to have the same online.
If someone could magically build a system that allows for the communication to be eavesdropped only by the allowed government agency, my objections would be dramatically reduced. But that's not the way tech works. Building one backdoor makes the entire system, and all users, vulnerable to a whole host of other malicious actors, including hostile foreign nations and unscrupulous hackers. We live in a world today where anyone can be hacked, even major institutions and corporations like NYTimes, Yahoo and Sony. We desperately need systems that are more secure, not less.
Backdoors are needed because a system uses E2E encryption.
If the system uses only P2P encryption then no backdoor is needed, which actually makes the system more secure to external threats. It is then for the provider to allow access to data only to "allowed government agencies" according to the law, which is how mobile phone networks work.
The solution to this would be to compel the company to push an updated version of the app to the target device, and thereby intercept traffic only from the target of the warrant, while maintaining E2E encryption for everyone else. (Of course, some will complain that even this ability to surveil is too much, and all encrypted messaging should be open source to avoid this possibility, but to me it's far preferable to leaving open the potential of hoovering up everyone's communications.)
Facebook isn't doing it because they believe in it. WhatsApp added E2EE after being acquired by Facebook but before FB fully took control, a parting gift of sorts.
I hate these requests for government back doors into tech communication software in the name of "the children". Let the parents worry about and protect their own children. Let the government mind its own business and stay out of ours.
And if the parents are the abusers, then it's okay?
I am still pro E2E encryption, especially given the Snowden revelations (the US gov cannot be trusted to be responsible), but it does come at a high cost.
"It is better that ten guilty persons escape than that one innocent suffer."
If you start thinking that parents "can be" the criminals then you've decided that parents are automatically guilty and must be proved innocent. This goes against the very moral fiber of the entire western world theory of law, the presumption of innocence.
How is the idea that we can remove all crime faulty? Blackstone is just saying that we shouldn't try to remove all crime because it's more harmful to society to try than to let some crimes go unsolved. His main argument is that there might be an ambiguous situation where someone appears guilty but actually is not guilty.
It's definitely possible to eliminate all crime with total surveillance with a high degree of accuracy.
We probably shouldn't, especially not without being able to quickly update our laws, but it could be done. Imagine if anyone going over the speed limit was instantly charged a fine. We can do that today with complete accuracy, but we choose not to do enforcement that way.
> It's definitely possible to eliminate all crime with total surveillance with a high degree of accuracy.
Unless the state itself is criminal. Not only can law stray from morality, authorities of the state can even violate the laws of that state itself. If you can imagine an extreme authoritarian state with a constitution, can't you also imagine that the leaders of that state choosing to ignore that constitution?
But before even getting into the above, you've assumed the possibility of perfect surveillance. Who or what and how could that ever be possible?
The only way I can conceive of perfect law enforcement is to have very few if any laws. Everything else is an excuse for the personal fancies of authoritarians.
All phones could be mandated to record audio/video at all times and stream it to government servers for archiving and processing, for example.
And you could set up society so that you'd be useless without carrying your phone, as we're most of the way there already. Not streaming your complete data to the government would become a crime.
All public places could be recorded in a similar way.
If you combined it with satellite tracking of the whole planet, you could even identify people that have chosen to go off the grid for some period of time, so you could solve crimes that happened in the forest if you want.
That's pretty close to perfect surveillance.
I can't think of a crime that couldn't be solved this way, but it's not a society where I'd want to live.
Who watches the watchers? Who prevents the watchers from deleting footage/recordings? Unless you're genetically engineering humans to no longer have any desires, anyone can be bribed or blackmailed for the right price.
Other watchers would watch those watchers. Government officials would not be exempt from data collection. People would eventually learn that you can't bribe or blackmail because it's impossible to do without having it recorded and detected by surveillance. That's how our system of government works today, but the only people who get caught are those that leave evidence behind. If you use technology to ensure everyone creates tons of evidence, then everyone doing something illegal can be caught.
I'm not sure why I'm being so heavily downvoted, the only difference between the dystopian future that I describe and the system we have currently, is that the government isn't collecting and processing data on such a wide scale. If they collect more data, we will have more crimes solved and more privacy forfeited. If you take that to its logical extreme, we have full surveillance, no privacy, and no crime. I'd rather live in a world where we have some crime, but privacy and no surveillance, but I think it's far more likely we'll head in the opposite direction.
How would E2E encryption help catch parents who abuse their kids? It might help in a minority of cases where they stupidly discuss it or share images but that's a small fraction of abusers. Certainly not enough to justify blocking encryption.
As a parent, I reject this disingenuous pretense of concern for "the children". Folks are eager to invoke children to justify the surveillance state while conveniently forgetting the plight of children when it comes to concentration camps, poverty, and climate change. Secondly, children themselves have frequently been the victim of surveillance abuses and there is no reason to suspect that this instance will be any different.
Yeah considering the profoundly terrible conditions in the concentration camps this administration is holding children in, this seems a littlllleeee disingenuous.
I'm not interested in getting into a slapfight about who was worse, but I think it's pretty clear that _The Trump Administration_ is treating Southern American migrants purposefully poorly.
I know you're trying to point out some supposed hypocrisy for not criticizing Obama or Clinton or something, so I'll let you know I think they too enacted unforgivable political violence. Happy?
People exist outside the Republican/Democrat spectrum.
You scoff, but history is full of democracies that did things like that. Recent history. Governments can go bad, and we should be especially wary in an age when technology gives then extra leverage. I wonder if there will come a day when it's impossible to overthrow your government - or if we're already there.
Edit: actually thinking you might be seriously talking about conditions for illegal immigrants detained in the US. Hyperbole, but still not a nice situation.
I'm married to a Latina and spent ten years in Latin America. I think the current situation is deplorable, but these are the times we live in. I hope it gets better after this next election.
Question for those more knowledgeable than I in this space: a huge value prop for iMessage is E2E encryption, correct? Why hasn't that gotten similar response from the AG? (OR has it already, and I may have missed it?)
As for Facebook, it is more likely because Facebook is in "progress" of enabling E2E and they have more users than Apple right now. It is easier to hit Facebook now than later unlike in the case of Apple that already implemented it from the start; it would go into court litigation for several years and most likely end up in Supreme Court.
Barr is just assuming FB will cave in.
PS: No, a huge value prop for iMessages is that it's built into iOS and any iPhone user can talk to another iPhone user, not because of E2E. Most users aren't aware of what E2E is.
Most likely because a) it happened well before current administration and AG, and b) because Apple didn't saying anything until after it had already been done, rather than declaring intentions and giving the AG plenty of time to draft ridiculous letters.
> Question for those more knowledgeable than I in this space: a huge value prop for iMessage is E2E encryption, correct? Why hasn't that gotten similar response from the AG?
Because when Apple was preparing it, it wasn’t public about it, and the then-sitting AG wasn't looking to generate news articles with his name that weren't attached to his role in acts fueling an imminent Presidential impeachment, so no similar warning note.
I'd like to contrast with the other responses here by offering my suspicion that Apple is cooperating with governments to quietly swap out keys for users upon receiving a court order. It would explain why Skype was banned by China and iMessage was not.
This. Apple cooperates a lot with law enforcement than they let out. While they make a big deal about on-device security, iCLoud which most users turn on is the loophole. Apple turns in backup content when asked much more willingly.
Sometimes I think that things like this is a problem related to age. Older people (often those is charge) is not any where near as tech-savvy as younger people. They just don’t understand. Ignorance.
In time it will all be alright...
"While the letter acknowledges that Facebook, which owns Facebook Messenger, WhatsApp, and Instagram, captures 99% of child exploitation and terrorism-related content through its own systems, it also notes that "mere numbers cannot capture the significance of the harm to children." "
> Risks to public safety from Facebook’s proposals are exacerbated in the context of a single platform that would combine inaccessible messaging services with open profiles, providing unique routes for prospective offenders to identify and groom our children
So the government not having access to private communication is a threat to public safety, and won't somebody think of the children!
The claim of catching 99% of activity is really hard to justify. In many detection systems you cannot know your true number of false negatives. It's inherently unknowable in this case. A better metric would be mean time to detection for a given CEP sharer or perhaps a metric around how much CEP is shared before detection, or perhaps a metric for network size of CEP and how well FB can clean up an entire network at once.
This NYTimes article https://www.nytimes.com/interactive/2019/09/28/us/child-sex-... is quite good. I don't want to punish FB for doing a good job of detection by turning around clutching my pearls at them. Stamos tweeted that every hosting platform has these challenges and I believe him.
There has to be some nuance from the absolute privacy folks on this one. How do we balance the need to fight child abuse with privacy?
That's still not an especially resounding success, or an especially relevant metric for us to understand the efficacy of FB's detection systems, and doesn't help us understand whether encryption of content is going to hurt hunting CEP.
For example, they might be spotting a large fraction via network analysis, or other metadata approaches. Alternatively, they might just hash every image sent over messenger and match those to known CEP. Encryption screws up one avenue, but not the other.
All it says is that the cops are terrible at finding this kind of content on FB, which is to be expected since they have only a very limited view into the platform. The only stuff the cops are catching that FB isn't is when they knock down someone's door and grab their FB password to look for stuff the filters missed.
> encryption of content is going to hurt hunting CEP.
Aren't we putting the cart before the horse? The problem is the exploitation of children, the secondary problem is that this exploitation is sometimes photographed and shared.
I don't believe that a strong solution the latter problem will have any impact on the former.
I mean, you could always do an audit and see what percent of a thing your automated system catches. That definitely doesn't seem inherently unknowable.
You measure accuracy of detection via a training set of definitely known examples, and comparing it to the detections reported by your system.
You can say with certainty that their system catches 99% of your training data set, but that doesn't mean it Will generalize to "all permutations of child abuse ever".
That's two totally different things. In the end their use of that statistic illustrates an attempt to lie with statistics more than anything else.
By this standard, no system could ever say that it generalizes to all permutations. Especially when the definition of the measurement outcome (child abuse) varies.
You are now the thorn in the side of every AI salesman trying to pitch you his Neural Net based wonder machine, or politician trying to sell you on giving up rights because they need to be able to violate everyone's privacy because statistics.
If you understand the actual nature of these measurements, it becomes quite a bit more difficult to let the "zomg neato" factor run away with you.
Alex Pinto gave a phenomenal DefCon talk several years ago that really highlights this issue, "Secure Because Math". It gets into how modern ML/AI/Voodoo IPS systems essentially can't work because the training data or baseline is so impossible to accurately come up with.
If I say 15% of cars in San Francisco are Subarus, are you going to say that's impossible to know? Sure it may be true in my dataset, "but that doesn't mean it will generalize to all possible permutations of [traffic] ever." Well, no shit. But that's not the statement being made.
If I wanted to know the accuracy of an important system. I'd do continual audits. Take a (stratified) sample of all things, get ground truth labels for whether they should have been detected, and see what percent were in fact detected. Then I could estimate how much my systems did and didn't catch at any point in time.
>If I say 15% of cars in San Francisco are Subarus, are you going to say that's impossible to know?
No, I'd ask you what your methodology was when you measured. For instance, going to the DMV and getting a list of all registered vehicles, and using that as a representative dataset to reason from is fine. (Depending on your definition of cars in San Francisco, and whether or not that is meant to include cars transiently moving through or not.)
Now if you told me you were using a Neural Network to recognize all Subaru models that drove by a particular camera, I'd start asking you questions, and want to see your training data, output, etc.
>Sure it may be true in my dataset, but that doesn't mean it will generalize to all possible permutations of traffic ever. Well, no shit. But that's not the statement being made.
That generally is the statement being made when people make claims about the accuracy of neural networks. Particularly the marketing people. You can only measure their accuracy within a constrained dataset, and overfitting is a thing.
>If I wanted to know the accuracy of an important system. I'd do continual audits. Take a (stratified) sample of all things, get ground truth labels for whether they should have been detected, and see what percent were in fact detected. Then I could estimate how much my systems did and didn't catch at any point in time.
Which, again means you're operating off things you know a priori to be the case. You don't know the full extent of everything to begin with, which phrasing in this article implies.
I'm not saying audits can't be useful; it'll get you a number, and sometimes that's all you need. You just need to be clear about what the numbers actually mean.
There's lies, damn lies, and statistics after all.
> There has to be some nuance from the absolute privacy folks on this one. How do we balance the need to fight child abuse with privacy?
There isn't. This is a logical fallacy. Violating everyone's privacy is not the way to fight child abuse, not even one of the ways that can do anything to prevent it.
I'm not sure what the logical fallacy is you're referring to. I'm not advocating that we backdoor encryption. I'm asking what's the nuance in privacy vs crime prevention. I guess your position is one of an absolute, and therefore, to me, not especially interesting.
I am curious what you think are the ways we can fight child abuse. It seems to me we have some obligation as technologists to see that our works aren't used to harm the most vulnerable.
I believe the trade-off for privacy has traditionally been done on a case-by-case basis through the use of search warrants. I don't see anything wrong with the use of warrants. If there is reasonable suspicion the police can investigate further, it's sensible.
Now we are seeing multiple instances where scapegoats and boogeymen are being used to systematically strip our rights away. The worst part of the whole thing is that when I attempt to fight for my privacy, I would be seen as supporting child pornography. It is an insidious tactic that is unreasonably effective.
> I'm asking what's the nuance in privacy vs crime prevention.
This is the whole problem. There _is_ nuance. Users can still report content, even if it's private. Automated detection systems can still run client-side. Public forums like Facebook itself are still targetable, and we can increase funding and counseling for moderators in those public spaces to reduce turnover.
Barr is the one here saying that, "mere numbers" aren't enough to talk about the problem. How exactly are we supposed to compromise with that? What exactly is a 'nuanced' response to the argument that any system that allows even one child to be abused is unacceptable?
Barr isn't going to be happy unless law enforcement can read every single message. And he's going to trot out the same arguments every single time. And every time we respond, somebody is going to be jumping in to say, "but why can't we just have a little nuance? Why are all of you so dogmatic about this?"
> I guess your position is one of an absolute, and therefore, to me, not especially interesting.
Every position is absolute. Either you have 100% user privacy, or you 100% don't have user privacy. People pretend that the latter option can potentially include "checks and balances" and whatnot, but Snowden showed us how that plays out in reality...
> I'm asking what's the nuance in privacy vs crime prevention.
If someone has an idea that can help prevent abuses and protect privacy without enabling abusive governments, I'm all ears. Unfortunately, to date all we've seen are proposals like the Clipper chip which amount to a backdoor to everything. Understandably, experts are somewhat skeptical of replaying the experience.
> I am curious what you think are the ways we can fight child abuse. It seems to me we have some obligation as technologists to see that our works aren't used to harm the most vulnerable.
You are absolutely right. Absolutely, complete, perfectly correct in every way. Yet, might it be possible that cryptography is not the right context for this discussion? Perhaps there are other tools better suited to the question at hand that do not have the same ugly record of pervasive invasions of privacy? I would love to discuss those! Do you have any suggestions as to where we might start?
This seems like a question best posed to the people on the front lines of this effort - what do they think they need? The rest is so much second-guessing.
The ability for the citizenry to oversee and monitor the government should be required to be higher then the ability for government to oversee and monitor the citizenry. Do away with the veil of secrecy over government entirely (no NSA, no CIA, so secret ongoing investigation, no privacy for meetings among politicians, etc); that would slow abuse to the point where maybe we could trust the government to keep an eye on us.
I would personally even go one further and say that anyone or anything beyond a certain level of power should be radically transparent, and privacy should be reserved for the weak. If you want some privacy, step down from power and influence, and donate your money, because transparency is the only way we can even start to wield democracy properly and prevent the gross abuses of power we see in our society.
Meetings need to be private, otherwise everyone will self-censor all the time and no meaningful discussions are possible anymore. Like, thinking through the opposite point of view for example. Quotes will be taken out of context and published by the media.
> I'm not advocating that we backdoor encryption. I'm asking what's the nuance in privacy vs crime prevention. I guess your position is one of an absolute, and therefore, to me, not especially interesting.
What's your point? We can either give governments backdoor access, or we don't. It's disingenuous to suggest that there's some sort of "middle ground" and pretend to care about privacy.
> I am curious what you think are the ways we can fight child abuse. It seems to me we have some obligation as technologists to see that our works aren't used to harm the most vulnerable.
How about traditional targeted investigations requiring a warrant? I don't see any reason for technologists to enable mass surveillance.
The sources in that article who lead these anti-child-trafficking/image organizations complain about cripplingly inadequate budgets and lack of human resources (employees). They do NOT complain about end-to-end encryption. They ask for more people, and more money, which the government is apparently consistently unwilling to grant them. Instead, the govt foists this absolute horseshit about limiting/backdooring e2e on us, while screaming THINK OF THE CHILDREN.
WFIW I didn't advocate backdooring either, I'm just asking how we, as technologists, balance what I think are reasonable and compelling goals: protect user data, and protect children.
One reasonable answer is that FB/Google/etc. should donate or donate more (Google is called out as donating already) to these organizations. I think another reasonable answer is that technologists donate our time, perhaps as 20% projects or as sabbaticals to these orgs and help them modernize.
It does seem Congress (per the NYTimes article I linked above) isn't doling out as much funding as we would like to see.
And, in fairness, children are being harmed here, and at an incredibly alarming rate. Please do read the NYTimes article. The Times is, IMO, a fairly responsible actor in truth telling.
I did read the article, though I think I may now see your point: this technology has greatly enabled abusers, perhaps more than it has helped finders-and-punishers-of-abusers. Your question is a good one: "how we, as technologists, balance what I think are reasonable and compelling goals: protect user data, and protect children."
"How do we, as postal workers, balance the reasonable and compelling goals: get people their mail, and protect children."
One is our job that we are directly and morally responsible for (like a civil engineer being responsible for having a bridge not collapse at a load of >2 cars), the other is not. Call me callous, call me cold, but that is not explicitly up to us, we can't be under the delusion that we are the one key to everything and anything. It wouldn't make sense to have a "quick-release" button forcibly installed on all bridges that would cause an instant collapse if triggered "because countless children that are victims of human trafficking are taken over bridges everyday."
I'm not saying online systems for catching child abuse can't be implemented. But is it really where our efforts would be most effective?
The question should be: how do you combat child abuse?
For that, we need:
1- Strong reporting systems that connect the people who in contact with children (doctors, teachers, social workers) and centralize and distribute that information. Right now, a social worker doesn't know about the doctor or teacher reports very easily.
2- Then, we need strong systems for handling the situation: i.e. social workers with effective systems for intervention.
3- Then, we need strong systems to take the children that are removed from at risk situations and place them in safe places where they can recover and grow in a healthy environment. This is the foster care system and the national health care system (or lack thereof) that will provide mental health counseling for the affected children.
Given that 1, 2 and 3 of these systems are terribly dysfunctional if not mostly broken, I'm always skeptical when people talk about social media and child protection. The situation gives me a feeling of leaders justifying the erosion of privacy and those who are authoritarian inclined supporting them, rather than people really caring about protecting children.
The tension between privacy and child abuse is laid out in the linked NYT piece (which I also recommend reading): many of the images and videos of child sex abuse are created because they can be shared. They can be shared because the creators have some confidence they can do so without getting caught. Once the content is discovered, the authorities also have a difficult time finding that child, who may still be in danger. This situation is orthogonal to the (very necessary) steps you outlined.
Maybe I'm missing something, but it clearly states that the main issues saving children are a lack of enforcement availability (i.e. the 3 points mentioned in my comment) and the lack of timely cooperation of existing orders.
Then they talk about how 'some criminals' hide behind encryption.
So... we have a situation where many cases are reported but aren't followed up on. Yet we focus on getting more reporting by undermining the right of non criminals? Doesn't seem very logical to me.
The whole piece even undermines their own arguments. They mention the 'case of the Love Zone'... which was cracked by investigators finding clues the old fashioned way. Not drag net surveillance.
The article also places many issues that aren't tech related as tech problems. It says "Bing was said to regularly submit reports that lacked essential information, making investigations difficult"
Let's compare that line to offline: If I own a pizza parlor where pedo's hang out sometimes, and I find a picture of CP in a restroom and hand it in to the authorities or call them up, would you blame the Pizza Parlor for the lack of fingerprints on the pictures? Would you think it's ok then to make wearing gloves illegal? I mean, if people use gloves, pedos can use gloves and hide their fingerprints. Why not target gloves?
There is a real issue: Child Abuse. There are real solutions that are complex and extremely resource intensive. A report doesn't create a case. Focusing on tech and the lack of having MORE drag net surveillance seems absurd. This is coming from someone who grew up with abuse.
When I go to forums to discuss abuse (it helps me deal with what happened) almost everyone tells of times that the abuse was reported but not well investigated. In fact, I've known people who work in CPS and they almost universally say the system is broken. A child in my city was recently beat to death by his step dad... an CPS had been called on them multiple times.
We could be focusing on fixing that (you know, the things the people on the front line say are wrong). But no. Drag net surveillance is the thing we should focus on apparently (even though in the very article you mention it states we have more current reporting than we have resources to deal with it)
I know a number of teachers, and there are quite strict mandatory reporting policies for when child abuse is even suspected.
The reality is that the organizations responsible for looking into these reports of abuse only have enough resources to investigate those where the child's life is in immediate danger.
The venn diagrams of "internet chat surveillance" and 'solutions to the problems of child abuse" are mutually exclusive.
Politicians are grossly morally corrupt to use child abuse as an argument against encryption when they're the ones controlling the purse strings for Child Services-type organizations. Feathering their own nests at the cost of actual, real progress on protecting children from abuse.
It's easy to detect a vast amount of child porn, simply because the vast majority of child porn sharing is just a few thousand different files, shared over and over again. A few hundred thousand files if you count the non-nude and nude "child modelling" stuff, too.
You can catch a majority of such content just by running a dumb hash over the bits, even though the detection rate suffered a little thanks to dumb smartphone users who will screenshot everything instead of sharing the files, thus creating "new" content.
If you add some simple "content hashing", like https://pypi.org/project/dhash/ or Microsoft PhotoDNA https://www.microsoft.com/en-us/photodna you can catch an astounding number of content shares, something which really looks great in press releases. My guess would be that the vast, vast, vast majority of those 18M reports that letter mentions came from automated engines detecting the "common" content with dumb bit or content hashes. But you really didn't do much except annoy and scare some online pedophiles* who shared the same 10, 20, 40 year old content* and maybe even put a few of them away for good or caused them to kill themselves. And yet, you almost never actually prevented ongoing child rape and other abuses.
The problem however is that you absolutely cannot catch new content that way. Content that isn't widely shared but shared between two people or in rather small groups. These small groups have elaborate vouching and proving systems in place, and are hard to infiltrate, going as far as having to prove yourself by sharing a picture of you victim holding a sign with a time stamp and some passphrase.
facebook aimed their AI at porn so they might catch some of this new content by accident; it's porn after all. Then again, my hopes aren't that high, seeing Microsoft's bing fucked up even removing the known child abuse content from search results even as the company runs the PhotoDNA database I mentioned before. And google's AI is "clever" enough to think black teens are gorillas, but they are supposed to catch child porn?
Also, those dedicated child abuse content producers do read the news and know not to use facebook or twitter. Most of them do, anyway.
There is essentially three types of pedocriminals I have observed: the aforementioned part time online pedos who share the same old child abuse content but do not actually produce it or abuse children in the real world, a group of active pedophiles who do not care about getting caught because they live in places where they do not actually have to fear the police investigating them, and a cautious group who might use common public services to make initial contact and talk a little in code but will immediately exchange tox ids etc or at least link to "how to setup qtox over tor"* guides (I saw a few "groomers" do just that), and never share anything incriminating over a public service. My guess is that they are be behind tor or a VPN even when using those public services.
And there is a small number of dumb fucks too who will get caught easily and who end up in the press, and, of course, a probably quite large group of pedophiles who just abuse children but do not tell anybody about it, especially not on the internet.
The majority of people you'd actually want to neutralize because they engage in ongoing child abuse you will not catch on facebook or twitter or whatever. I sometimes liken it to catching a lot of drug users, but not the dealers let alone the drug producers.
Not that my experience dealing with the police is much better. The average time for them to get back to you is a few months if they are from the West, and usually never in other parts of the world, even if they have dedica...
> There have been a few studies that found that the group of people consuming child abuse media and the group that actually molests and rapes children doesn't have too much overlap, contrary to what one might expect.
Do you have some links for this? I've anecdotally heard it both ways.
There has to be some nuance from the absolute privacy folks on this one. How do we balance the need to fight child abuse with privacy?
This doesn't seem like a valid line of reasoning to me. Just because there are pros and cons to encryption does not mean that the right answer must be a nuanced balance where individuals cannot have completely private communication.
The nature of encrypted messaging is that you don't really have a middle ground. Either there is a way for two entities to privately communicate, or all communications are inspected for content by a central party. I believe that allowing private communications is the option that is more suited to the American tradition of free speech.
> There has to be some nuance from the absolute privacy folks on this one. How do we balance the need to fight child abuse with privacy?
I'll try my hand here:
You're talking about this as "preventing child abuse" versus "privacy". The former is pretty concrete, while the latter is pretty abstract. But allowing government to invade everyone's privacy has concrete effects. Let's be clear here: in 2013, 2.2 million people were incarcerated in the US.[1] 1 in 5 is locked up for a nonviolent drug offense[2]--that's 440,000 people. And 540,000 people are incarcerated because they can't afford bail. It's unclear from the graphs on that page how many are locked up for child abuse, but the total incarcerated for rape and sexual assault convictions is 163,000 people in state jails, which by all accounts is where most rape and sexual assault convicts end up. It's unclear how many of those rape and sexual assault cases were convicted due to evidence from surveillance, but I think we can assume that it wasn't all of them. And in case it's not clear, quite a few of those unethically incarcerated will be raped[3]. In short, unethical incarceration is a much larger threat, by the numbers, than child abuse.
We've seen time and time again that violations of privacy are publicized as being used to prevent terrorism and child abuse, but immediately are then used to prosecute nonviolent drug offenders.
What it comes down to for me is that I trust average citizens to do the right thing more than I trust the law. The vanguard of law enforcement is average citizens picking up the phone and calling the police when they see something wrong, and I want to keep it that way. I trust the average person to call the police when they witness a crime like murder, rape, or child abuse, and not call the police when they witness drug possession. I do not trust law enforcement to enforce the law as ethically. Pervasive surveillance takes that power out of the hands of citizens and puts it in the hands of law enforcement who has time and time again shown themselves to be untrustworthy with that power. It's dangerous to be right when the government is wrong.
And that's in the current US. In the past, US law has been even more wrong. For example, US law enforcement was used to suppress, for example, civil rights activists. That time may come again. It has always been beneficial to let illegal behavior slide under the gaze of law enforcement when that illegal behavior wasn't unethical behavior.
>How do we balance the need to fight child abuse with privacy?
Well, one place to start is with the realization that 99% of molestation comes from people the child knows. Encryption doesn't affect that pipeline at all, so the gov't shouldn't be worried.
I'd also remind that probably effectively 100% of physical child abuse and violence also comes from people the child knows.
Surveilling strangers can't have anything to do with dealing with any form of child abuse, except the extremely rare case where strangers have been able to find each other and create a subculture with which to provide evidence that exists on Facebook's servers. That's a pretty specific and narrow set of conditions.
I'm not saying Facebook allowing government surveillance on their wires can't produce some hits, but I'd be extremely curious to learn of wider implications and costs that are proportional.
> "We are writing to request that Facebook does not proceed with its plan to implement end-to-end encryption across its messaging services without ensuring that there is no reduction to user safety."
Seems easy for FB to comply with this: they are adding encryption specifically to improve user safety.*
The later extract in the article body talks about "public" safety, which is the classic false dichotomy that has been brought up by law agencies for the past 30 years.
Much as it sticks in my craw to say something supportive of either of that meretricious duo Barr and Patel, I have to admit I am glad that they are using an open letter rather than trying for a backroom deal or quiet threats. Perhaps they tried those already and have been rebuffed.
I have seen some friends of mine outraged by social media's inability to do wholesale censorship, spurred by some NYT articles on child abuse from last week. I wonder if that was coordinated?
* OK, they are a corporation doing it to encourage people to use their service, but they are trying to accomplish that by improving user safety.
It's really amazing how often tyranny is justified on the basis of "safety". It's why the "trust and safety" team moniker ubiquitous in the tech industry sounds so Orwellian.
I think tech companies would have a stronger basis for refusing to monitor and censor user traffic if they hadn't volunteered to monitor and censor some user traffic. Doing anything some of the time makes you vulnerable to pressure to do more of that thing.
Carrying all legal content and refusing any cooperation with the government without a warrant is the only sustainable path.
591 comments
[ 4.2 ms ] story [ 283 ms ] threadOh, so you’re asking for more end-to-end encryption?
> While the letter acknowledges that Facebook, which owns Facebook Messenger, WhatsApp, and Instagram, captures 99% of child exploitation and terrorism-related content through its own systems, it also notes that "mere numbers cannot capture the significance of the harm to children."
This is such a lazy argument :/
Credit where it's due, good on them building such effective systems to catch this content.
There's a little ambiguity in there, but I wouldn't go so far as to say it's "misleading".
You can get legal datasets for sick pr0n or warzone stuff you would like to keep off-platform that might have the same psychological effect on you.
Facebook has said that they don't do this outside of Australia, where it is required by law, but come on, are we really going to take Zuckerberg's word for it?
This is why I believe that end-to-end encryption is not truly useful unless the source code of the clients is public, or the protocol is open.
Any closed source client can read messages at the ends, or be forced to do so by an evil government.
At the very least, they could open up XMPP compatibility again so that people could write their own open source clients for it. Australia wouldn't be able to do anything about the propagation of such open source software.
I was able to have end-to-end encryption running on top of MSN, AOL, ICQ, QQ, Facebook, Gtalk, Yahoo, and several others about 10 years ago with Pidgin and simple plugins that encrypted/decrypted messages on the fly. It's too bad they all moved selfishly to closed source walled-garden mobile apps -- it's a big step back in privacy.
https://signal.org/
[1]: https://matrix.org/
Matrix is close, but not what I'm describing. It's far more centralized than I'd like to see.
They want a fishing net so they can catch these people by the thousands.
i.e., of the illegal stuff that goes through their system, some of it is captured, and the majority of that is caught by Facebook's own system.
Note, this article is recent and highly relevant: https://www.nytimes.com/interactive/2019/09/28/us/child-sex-...
> And when tech companies cooperate fully, encryption and anonymization can create digital hiding places for perpetrators. Facebook announced in March plans to encrypt Messenger, which last year was responsible for nearly 12 million of the 18.4 million worldwide reports of child sexual abuse material
> Data obtained through a public records request suggests Facebook’s plans to encrypt Messenger in the coming years will lead to vast numbers of images of child abuse going undetected. The data shows that WhatsApp, the company’s encrypted messaging app, submits only a small fraction of the reports Messenger does.
Talk about fear mongering, that article is horrible. It's the same old argument. "Child abuse is bad therefore you can't have any privacy", they position you as being against protecting children when your stance is actually pro security & privacy.
1. Privacy is important and good
2. It has almost certainly contributed to an explosion in the production and sharing of child pornography and abuse
The question is what is the moral way to reconcile the two, not to deny that either exists.
However, without perfect privacy, every world citizen would be subjected to such monitoring, and we'll basically be exactly what 1984 is, with the metaphorical "telescreen" functionality spread across pretty much every device that's connected to a network.
Child abuse has always been happening (several of the older members of my family were abused), it just wasn't broadcasted. Even today I bet 99% of child abuse is never caught on camera. The increase from child porn is probably negligible.
The USA took steps to actually protect property in its founding, something the Supreme Court has interpreted to include privacy as well. From this perspective, the rights of citizens wither away when the government is allowed to take the smallest step towards mass surveillance. For that reason I am very much against it.
My other perspective is from a security standpoint. I believe that if companies are not doing everything in their power to protect themselves and their users from data loss / hacking / theft, they put everyone at risk. Intentionally lessening the security of a product at the request of the US government means giving a potential thief or hacker more attack vectors to exploit.
> The Times’s reporting revealed a problem global in scope — most of the images found last year were traced to other countries — but one firmly rooted in the United States because of the central role Silicon Valley has played in facilitating the imagery’s spread and in reporting it to the authorities.
Clearly the NYT is laying the problem at tech's feet, and we are the best ones able to thwart this. Many times I've scoffed at the government's continual removal of privacy, but this is the first time it's sunk in. Perhaps they have a case.
> 1998 - 3k cases. 2008 - 100k. 2014 - 1M. 2018 - 18.4M.
These figures from a total of 45M images flagged.
Again, is this for real, or this this propaganda?
There are two things I would point out: 1) I would be surprisesd that the ease of communication the internet brought did not benefit to criminals 2) The article describes several problems that won't be fixed by encryption ban (e.g. the lack of means for report clearing houses) and also gives exemples of cases solved despite encryption. I would like to understand why encryption is described as the problem here.
Not to mention:
Congress has regularly allocated about half of the $60 million in yearly funding for state and local law enforcement efforts. Separately, the Department of Homeland Security this year diverted nearly $6 million from its cybercrimes units to immigration enforcement — depleting 40 percent of the units’ discretionary budget until the final month of the fiscal year.
Or in other words, in order to fight the imaginary rapists that Mexico is allegedly sending us, DHS is diverting money originally allocated to investigate actual child rapists.
It's disgraceful that Signal hailed WhatsApp's announcement to use it almost like a second coming of a religious figure.
> "The proponents of this process use fear tactics to win support, what the four cypherpunks dub "The Four Horsemen of the Info-pocalypse: child pornography, terrorism, money laundering, and the War on Some Drugs." In other words, laws passed to go after child pornographers, terrorists, money launderers, and drug dealers end up chipping away at everyone's privacy. The classic example is the PATRIOT Act, passed to prevent terrorism but soon used to expand wiretapping and National Security Letter powers in other contexts."
edit: ok ok sorry I misread
2) terrorism
3) money laundering
3) war on [edit: some] drugs
But rarely did you see or hear about any of those people landing in jail or prison for long periods. If you heard anything it was more or less laughed about, and society forgot about it. The perps maybe would spend a day or two in jail, get bailed out, and have their lawyers negotiate and plead down to a misdemeanor or something like that. Rich guy goes back to party and life.
Crack users? Well - they all ended up in prison for super long stretches and/or died there. Nobody cared or cares. Certainly not the above cocaine users and abiders.
It wouldn't surprise me to learn that the people abusing the cocaine and making deals like that weren't also in on the production and selling of the crack made from a portion of that same cocaine...
I'll take the privacy side in most any discussion of privacy-vs-security, but categorically denying the possibility that some crimes could be aided by encryption seems a step to far.
It's also bad PR strategy: anybody not already on your side will be put off by your apparent lack of reasoning skills.
Instead, acknowledge the possibility and show them why you consider the benefits outweighing the risks.
The societal default used to be that substantially all conversations were inaccessible to the government except through testimony. Encryption does nothing to change the availability of information through testimony.
Previously, remote conspirators could collaborate through the post, and their conversations could only be accessed with a warrant specifically targeting those communicators. End-to-end encryption does little to change the availability of information in a targeted investigation; it just means it's a little more difficult to access the information than entering a phone number into XKeyscore. Investigators can install malware on the device, or microphones and video cameras in the suspect's home to hear or see what is being communicated.
Forbidding end-to-end encryption, in combination with our mass surveillance apparatus, changes the societal default to be that substantially all conversations are trivially and automatically accessible to the government.
I for one am not willing to give up any freedoms in order to prevent the sharing of such vile material. Perhaps the creation, but not the sharing.
I'm sure some of the kids in those videos would have something to say about that.
I don't see those kids getting hurt any further unless they happen to be the sort of people that go out of their way to seek out child abuse material. It's hard to imagine anyone ever accidentally running into images of themselves being abused. You can't possibly be re-victimized if you don't know.
I don't mean to sound heartless, obviously these are horrific acts which hurt people deeply. I simply don't think banning encryption or otherwise eroding our rights to go after distributors and consumers is really going to have much practical effect on how the victims end up feeling.
E: HN doesn't let me reply to selectodude below
>the mere knowledge that pictures of you being abused on the internet is extraordinarily difficult to deal with
I absolutely agree with this. I just know that nobody can ever go tell the victim that now those pictures are forever gone off the internet.
But yes, the mere knowledge that pictures of you being abused on the internet is extraordinarily difficult to deal with. Maybe not the best direction to go in when arguing.
I'm sympathetic to those people's plight but ultimately I place a very high valuation on not only my privacy but everyone's privacy, A much lessor but still very great valuation on preventing such evil happening to the victims, and only a small valuation on preventing the ultimate sharing of those images between perverts except insofar as it serves to lead us to people doing the wrong.
I believe that via a substantial effort we can work to reduce the abuse of children, I think we can via a lot of work take down the groups of people sharing such data by infiltrating such groups and taking down the people participating. I believe that outright stopping all such sharing is probably impossible and I'm unwilling to implement 1984 to try.
Child porn piracy is an essentially victimless crime.
Note: In the above I am considering the generic example of "child porn" to be broadcasting the forcible rape of prepubescents, not 17 year olds sending each other naughty pictures, which is what most content matching the US legal definition is (the UK one is just stupid as it includes drawings).
This runs contrary to the fact that people share things not just for monetary profit, but for other videos/pictures in exchange, and voyeuristic/exhibitionist reasons.
This is contradicted by the evidence we have to the contrary, in particular the model of supply and demand identified in child porn markets.
Anyone remember the FBI and Apple case a few years back? How quickly the FBI hacked the phone after Apple wouldn't cave? Other tools exist to do targeted surveillance and targeted attacks. Only authoritarians want mass surveillance.
To be fair, Apple is working to ensure FBI won't be able to do that next time.
Sure. Before the telegraph was invented. And even before that people used security measures, such as wax seals on letters to prevent tampering or at least have an ability to detect whether or not the message has been tampered with.
You seem to think of messaging systems as if they were spoken conversations in private. They are not. Just because you are chatting with someone from the privacy of your own home, doesn't negate the fact that your words are traveling through a lot of wires and boxes belonging to all sorts of private and public entities.
During WW2, American federal government established Office of Censorship whose sole purpose was to review and censor all communications coming into and out of the country. Now imagine them finding that someone is mailing letters written in an unbreakable code. How long do you think it would take for the FBI to break down that person's door?
I am not saying we should not have end to end encryption. I am saying that government spying on citizens is nothing new, it is not something that was ever limited to totalitarian dictatorships and it should not be surprising to anyone that the government is trying to fight it. The news is not that the government wants to keep an option to read your communications. The news is that first time in history there is a chance people might want to and be able to stop them.
It wasn't done that way. Envelopes were opened, and stamped "Opened by Censor". Material was cut out of letters. Censorship was not concealed at all.[1][2]
[1] https://www.archives.gov/publications/prologue/2001/spring/m...
[2] https://sparks-auctions.com/SAN/28/281401a.jpg
"Why isn't your desk in front of the telescreen?" - 1984
The day will come when not having an Amazon Echo or Google Speaker will be considered probably cause for a search.
A secure E2EE system must resist even targeted, legally authorised attacks. Are you suggesting that secure, practical E2EE systems do not currently exist? Would a world in which law enforcement must install physical listening devices and exploit unpublished software vulnerabilities to surveil suspects be more private than our current world, where E2EE is available but often disabled by default, and trusted intermediaries like Facebook and Google can be legally compelled to disclose non-E2EE messages?
> Forbidding end-to-end encryption, in combination with our mass surveillance apparatus, changes the societal default to be that substantially all conversations are trivially and automatically accessible
That is not (publicly acknowledged to be) the case today, even though non-E2EE platforms like Facebook are widely used. While Facebook could currently comply with laws authorising mass surveillance, and implementing secure E2EE would prevent them from doing so, the warrants under which they currently hand over non-E2EE messages are at least somewhat targeted. This controversy is not about a proposal to relax the need for warrants, it's about asking Facebook to preserve their ability to comply with them.
I am a hardcore privacy advocate, but if these laws had a provision that they won't be used for other crimes, and if misuse such as parallel construction would be seriously punished, I'd have nothing against them.
They're not. A number of horrible things will happen as a result of pervasive end to end encryption.
However.
You have to run the numbers here. On the one hand, perhaps a bit more crime, some of which horrible. On the other hand, the privacy of everyone.
It's a hard sell. Just picture a politician on live television having to choose between having this cute little child being raped for years before they commit suicide (letting the perpetrators off the hook), or ramp up the surveillance a bit. Picture them choosing rape.
Nevermind the false dichotomy. The horrible fact is, the value of human life is not infinite. A mere inconvenience, suffered by enough people, is worth killing a few. Such situations rarely present themselves. (We rarely condone murder in the name of the betterment of humanity: some tried, didn't go so well.) End to end encryption (and metadata hiding while we're at it), is such a situation. The harm, though hard to perceive, is significant, affects everyone, and can potentially grow into full blown totalitarianism (possibly enforced by incentives rather than violent policing).
Preventing that is totally worth killing a few children… or at least spend resources on properly policing the problem, like going undercover.
Still, go say that on TV. I'm not even sure I'm safe writing it here.
Yep. I'm pretty sure you just torpedoed any hope you may have had at a political career.
sounds like "War" to me.
1. They said that FB captures 99% of those illegal activities by themselves. What makes us think that government will be able to capture that last 1% on their own?
2. Encryption gets removed, potential perpetrators move to another platform that uses encryption and doesn't have the capability to catch those illegal activities that FB already catches using their internal systems. Congrats, now those perps that would have been caught (even if FB implemented the encryption) won't be caught at all.
And with the uncertainty that comes to mind with both of those points, one thing that is definitely guaranteed to come is further erosion of personal privacy.
To stress even more on this point (I have to also FULLY agree with the second), what evidence is there that lack of encryption will even make it easier to capture this 1% more. Pareto is a real thing. I'm not convinced there's an easy answer to capturing the last 1% and that it can be done with minimal resource allocation. That's where I start being suspicious. The back of the envelope math doesn't work out.
I spent less than a minute thinking about this, but there are probably tons of other strategies they can employ. People familiar with the domain, I would actually love to hear your takes on this, as the topic is fairly fascinating.
I think everyone here is familiar with Pareto. Capturing 80% of criminals is easy. Catching the next 10% is harder than catching that first 80%. Catching that last 1% takes significant amounts of resources, way more than the previous 90%. So it just isn't economically viable to stop it all (exponential curve and we don't have infinite resources).
So I'm not sure that saying
> A number of horrible things will happen as a result of pervasive end to end encryption.
But I don't think it is necessarily wrong either. I think encryption enables it, but this sentence implies causation (which is the rhetoric of those that want to remove encryption: causation).
How I read the horsemen comment is that these topics are used as boogie men. Because what sane person wants that stuff to exist? OF COURSE we want 0%. How can you be against stopping child trafficking? (practically) No one is against that! These are also topics we care VERY much about. Because frankly we should do everything we can to stop child exploitation. But we know the goal is unobtainable and to get only a handful more than we currently get (which is almost all of them!) requires huge violations of privacy and significantly more resources to be allocated. The horsemen are being used to get us on board and make us not ask if these methods are meaningfully effective or ask what the costs are. It also says that anytime you hear officials talk about the horsemen that you should perk your ears up and start asking serious questions. How effective is this? Does it actually help? What are the costs? The Patriot Act is a good example. It is not clear that it meaningfully reduced terrorism in any way and yet we gave up a significant amount of privacy (I can quote founding fathers on this too).
So it boils down to "if giving up the privacy does not do an effective job at making any meaningful reduction in actual child trafficking <insert horseman>, why should we give that privacy up? There's clearly benefits to privacy. So is this issue really about child trafficking or is something else at play here and are they just feeding off my emotions?"
Yes they are. And it works because we can't multiply, emotionally. I tend to avoid LessWrong links around here, but this one is appropriate: https://wiki.lesswrong.com/wiki/Shut_up_and_multiply.
My first comment alluded to the torture vs dust speck dilemma. Horsemen vs privacy is nowhere near as extreme (especially at the dust speck end), but it has the same structure. If lay people realised this, the horsemen would not convince anyone.
Actually, please stop there and think about this for a second.
Having zero crime depends extremely strongly on the precise definition of "crime". Much more so than other, non-zero levels of crime.
This is only a good thing if you are absolutely sure that the definition of what constitutes a crime right now is perfect and immutable.
Extreme positions are almost always a bad idea and I think this is one of those cases.
I'm adding to your point by saying that I don't consider "0% crime" as a desirable goal since crime is something defined by people and people are fallible, hence the definition is also fallible.
The problem is not in removing meaning from the word "crime". We all have an imprecise, handwavey meaning of the word in our minds when we use it. We usually mean something like "undesirable behaviour which benefits a single individual while harming others". The problem arises when you try to operationalize this loose notion into laws since this process frequently results in errors. Another way this can go sour is due to overreach by groups currently in power in an effort to stay in power, leading to loss of freedom (which is more applicable in this case).
In other words, some crime is actually people breaking the law because for good reason, like rebelling against an unjust, inefficient or overreaching law.
Therefore, it's better to strive for a low crime rate than a zero crime rate. This is also the conclusion you arrive at through the application of the Pareto principle.
If you consider "not saving while you could" the same as "killing", it's very common. So much in fact that it has its own WikiPedia page:
https://en.wikipedia.org/wiki/Value_of_life
With a cosy link to a letter by the Department of Transportation:
> this guidance identifies $9.6 million as the value of a statistical life to be used for Department of Transportation analyses assessing the benefits of preventing fatalities and using a base year of 2015
https://www.transportation.gov/sites/dot.gov/files/docs/2016...
Our society at large acts just fine with drunk driving deaths; looks like killing people while drunk is less abhorrent to us than trading photos of a teen.
I’m guessing it has to do with sense of purposefulness, malevolence vs. negligence, or identifiability with the commission of the crime?
Sure, idiots do stuff like this all the time. Sure they get caught. But idiots usually get caught by other means, too. And you never catch all the idiots, there's just too many of them.
But the argument doesn't even make sense. It makes the horrible assumption that pedophiles will continue using a service they know to be insecure. That's literally a provably false assumption. The second they realize it's insecure (which will take exactly one raid), they'll switch to something else.
And ALL of the above assumes that there are no criminal programmers and thus they have no ability to just write their own tools if there isn't something sitting on the shelf. We know with 100% certainty this is also a false assumption.
It's not an assumption at all. The fact that people engaged in child pornohraphy have had decrypted communications used against them in court demonstrates this to be true.
Ephemeral conversation is not new and implicit in a right to privacy assuming it extends beyond your actual corpus.
The only way I understand your arguments to be a justification to break encryption is if you believe we should not have freedom to share privately.
It only demonstrates that for some people, it's true. What about cases where they were using secure channels and thus haven't been caught/charged?
Perhaps we should aim for not leaving any piece of space on Earth unsurveilled?
Has every criminal in the world stopped using the phone after the first phone was ever tapped?
But we know there are more than 0 non-programmer criminals who will not be writing their own tools.You need better arguments than "if we can't stop all crime with an action it has no value" because it is a silly argument.
Arguments like "we all need to abandon privacy to maybe, potentially stop some crime somewhere" are equally silly.
Everyone should avoid silly arguments.
But imagine if some crazy billionaire set up some sort of autonomous decentralized system that constantly attempted to MITM all the same systems the government likes wiretapping; and then, if it managed to extract any data from that attack, it would find names in that data, and put bounties out on those people on assassination markets (paid from anonymous accounts previously set up by the billionaire.)
Now the choice is between some people dead, and a lot of people dead! Everyone get on board the privacy train!
That is-- pick an insanely fast development cycle where piecemeal/baroque security approaches simply cannot keep up. Eventually you arrive at a place where the whole endeavor become a giant tinder box just waiting to go down in flames. But that forced browser vendors to say, "Ok, let's just assume everything is constantly on fire, cordon everything off into flame retardant boxes, and improve our response time by many orders of magnitude."
If anything ever gets too hot from the thousands of strangers I casually let in the front door I simply move to another building and recycle the burning one.
Meanwhile I treat my Debian install like a prized piece of Shaker furniture. You'd have to be a goddammned 19th century furniture historian with your credentials showing before I let you anywhere near my brittle little museum.
We used to be protected by the ephemeral nature of 99% of life and by the inability for anyone to centrally view or mechanically process the other 1% (letters, diaries, etc). This is just as much argument for strong protection as your argument goes against strong protection.
We see politicians regularly choosing to not enact overwhelmingly popular positions like universal background checks in the face of mass murders of children.
How many politicians have done anything to stop the Catholic church from hiding child rapists? This is a much more direct harm and no one who isn't a child rapist would lose anything if we fixed it.
Politicians are already choosing rape and murder when the stakes are much lower.
It's not just a matter of "many small harms > few large harms" though. Not having privacy can lead to severe harms.
If the bad guys break into a system that allows them to effectively wiretap everybody, now they can snoop around and find blackmail targets. "I know what you did, have sex with me or everyone will know. Or send money. Or give me your employee access badge."
Results: Rape, financing child sex trafficking, facilitating an act of terrorism. Or any of the less visceral but nonetheless widespread and significant consequences like major financial fraud or corporate espionage.
And that's just blackmail. What about the suicides of people who get doxxed? Or the people in violent relationships whose abuser is in law enforcement or in a criminal enterprise that has compromised the surveillance apparatus? Or the mental health epidemic which results when people know their communication is exposed to people they don't trust to see their true selves and then self-censor into performance-art conformists riddled with anxiety and loneliness?
Privacy is about keeping perverts in law enforcement from reading the sexting that should only be between you and your spouse, but it's also about keeping the country and the people safe from terrorists and foreign powers, keeping victims safe from abusers and allowing people to satisfy the human need to be themselves in communications with people they trust.
Privacy isn't a trade off against security, it's a necessary component of having security.
FWIW, I applaud your willingness to make such a statement. (And no, this is not sarcasm!) Self-censorship is a horrible thing, and I feel like I die inside a little bit every time I catch myself doing it. But more and more these days it begins to feel like even hinting at a willingness to engage in "thought-crime" is exceedingly dangerous. I mean, shit, a woman got passed on for a job because she had a picture of herself in a bikini on her Instagram. Imagine if a prospective employer find a comment online which could even remotely be twisted into saying that some child deaths are a sacrifice that may be inevitable in order to protect an abstract principle like Freedom, or "Free Speech". Zoinks!
Do you say you want to apply a dictatorship state of global surveillance because criminals are going to use the internet? What about other tech available to them? Are we going to set up a surveillance mechanism in those as well? Scooters? Cars?
Who's going to compile all that data? How is it protected?
It's about the Governance of Information,
and guess what,
I want to be Governing my Data, not some shady politician that got elected for a 5 or 7-year term in some other country.
Every actor in those systems have access to the data of every person that got their info collected.
And yet we are still here with that pedophilia and terrorism argument that, while they are very true, have still evolved and expanded. Even with the Cloud Act and all of the shady agreements
It's an evolution of our sick society, we had that kind of criminality rampant in 2000, we saw that evolve with the net,
But just like the young gangsters that evolve with stolen scooters,
Criminality will always have its sick way.
But dictatorship and global surveillance?
We didn't accept that in the 2000.
And we should never accept that at any cost,
even if it falsely promises to resolve the problem of pedophilia, terrorism, and criminality on those spaces by applying weird unknown algorithms
Technology will always be used by criminals because these are part of the society we build and evolve. They will change their behavior just like all of us; We cannot give up on our freedom and ethics to help catch the few.
And that's what's the problem. I don't care about police retrieving the data of a criminal once a judge has agreed to that, I care when we give them the entire web information and allow them to dictate the behavior of those networks
This was tried by a Canadian Minister at one point to sell surveillance in this extreme way:
> In February 2012, as Minister, Toews introduced the Protecting Children from Internet Predators Act (also known as Bill C-30).[118][119] The bill, which made no mention of children or "Internet predators" outside of its title,[120] would have granted police agencies expanded powers, mandate that internet service providers (ISPs) provide subscriber information without a warrant and compel providers to reveal information transmitted over their networks with a warrant. When criticised about privacy concerns, Toews responded that people "can either stand with us or with the child pornographers."[121]
* https://en.wikipedia.org/wiki/Vic_Toews#Federal_Minister_of_...
The legislation in question went down in flames as plenty of people sided "with the child pornographers":
* https://en.wikipedia.org/wiki/Protecting_Children_from_Inter...
This argument is so unbelievably stupid, that I don't even know where to begin.
First of all, encryption in WhatsApp is targeted towards consumers. You won't catch terrorists by limiting encryption. If terrorists and other criminals are not using encryption anyway, then they are so stupid that they deserve to be caught.
The only thing a lack of privacy does is throwing us further into dictatorship. Just imagine a madmen, like uhm... say Trump, with the full power of the secret service behind him and limited to privacy for end-users. Well this is just great. All the dirt he can dig up about his opponents. He asks foreign governments to dig up dirt, okay, that means right now the NSA isn't too much inclined to help this guy out, but what if they were?
If you water down privacy you are robbing the people of their only chance to organize protests and rise up to authoritarian governments.
Last but not least, the crimes prevented by not using encryption are absolutely negligible. The numbers are so freaking low that each day more people will die in car accidents in the US alone than would die globally because of pervasive usage of unbreakable encryption.
This analogy of `Uh a person could be prevented from getting raped is more important than preventing a fall into dictatorship` is so contrived that I don't even understand how anyone can eat this shit. Bad things happen all over the place and you are buying this sham argument that is preying on human psychology.
There's also personal defence, but that one has disadvantages too (there might be false positives, were a presumed mugger would get shot). Plus, from what I hear, guns have different effects in different countries.
It's a complicated subject. My opinion right now is not informed enough to be trusted.
Who is more of more danger to you. A cabal of rich drug dealing terroist pedophiles or your own Government? The argument then becomes one of statistics and then of the lesser harm.
I imagine the answer is obvious with the Government being sigificantly more harmful. You're likely comparing a few hundred deaths of tens of thousands.
You'll always find a subset of the population who thinks the death of citizens or harm is justified in some way, because they took some action that broke the law.
But find enough examples where the offernder did no direct harm to anyone else and I suspect you'll give most reasonble people pause for concern.
And if the facts don't match your gut, then maybe you're wrong and privacy isn't all that important.
The thing to point out is that we all make the implicit choice to let people die for convenience every single day: Almost all of us could choose to pay a bit more to charity to save a life, almost no matter how much we're currently giving or what we're currently doing, or could choose to take jobs that would do more to make the world a better place.
We just rarely have to face what choosing differently would have meant, so we get to pretend it doesn't have much to do with us. And granted, most of the time the consequences are many steps removed from our choices.
Wow. I can't agree with that one even a little bit. The real concern is totalitarian abuse. But being inconvenienced allows us to kill? That rings as downright pathological.
In practice, the tradeoffs are never that extreme.
Estimates say there are something like 20-40 million slaves in the world, and that 50,000 people are trafficked per annum in the USA. Something like 20% of slaves are sold for sex. Facebook is believed to be a common platform to facilitate this, though I haven't been able to find numbers.
https://en.wikipedia.org/wiki/Slavery_in_the_21st_century
In contrast, despite the occasional news post of a particularly incompetent company leaking a database of plaintext passwords, Facebook's data storage is pretty safe, and encryption does still afford a lot of protection. The idea that hundreds of thousands of people are going to have their private data extracted from Facebook through individual attacks against the servers is not well corroborated.
Totalitarianism is an important long-tail risk, but I don't think it's reasonable to suggest that these programmes are a path to it. Overall privacy rights quite plausibly are, but that issue exists primarily as a matter of policy and law, not as a matter of technology. If the laws are bad, Facebook illegally preventing protection of trafficking victims will not help those laws change to a more moderate position, and if the laws are reasonable, cooperating to prevent trafficking victims would not be harmful to positive political outcomes.
The scale of abuses would have to be multiple orders of magnitude smaller, or detection mechanisms incredibly ineffective, before this tradeoff made sense to me.
<braces for backlash>
I think this kind of dark-sounding reasoning only holds up when you phrase it not as “a mere inconvenience” but as tyranny, which is what encryption and privacy in general protect against.
I support personal rights to privacy, and believe that we should find ways to enforce laws without violating privacy. Representative governments need the ability to alter their own power structure in order to function, and yet human power structures naturally resist change, including by spying on those who conspire against them: therefore, privacy is essential for representative government. Representative government’s alternative is tyranny, which we know creates incalculably-large-scale suffering.
Human nature is at the root of why privacy is costly and also why it is necessary; however, much evidence suggests that the set of aspects of human nature we express is mutable and dependent on environment.
While I would never argue that we can remove those aspects of our nature, I believe we can alter our environment to reduce how frequently we express the more sinister ones.
In short, I’d rather work on reshaping our environment, including and especially our culture, to make privacy less necessary and costly, than to debate whether it is either. It is both, and it will always be both, but we can make it less of both, or more of both, with our culture. Same for guns.
It's not supposed to invalidate the reality of the matters concerned. It's supposed to suggest that that they're not actually the issues at hand, with CP and Drugs and Terrorism being used as stalking horses because being in a position of being seen to defend the privacy rights of terrorists makes for terrible PR.
China already has the concentration camps, it's one step away from extermination camps, all empowered by the same surveillance tech we in the west are creating.
There is no benefit to outweigh. For there to be benefits one must convince oneself that we will actively prosecute bad actors via intelligence gathered via holes we will publicly announce we are drilling into previously secure platforms and drug dealers and terrorists will never figure out how to embrace free open source p2p software that doesn't share these disadvantages. There isn't even one smart person among the bad guys or even among the good guys who will create a platform one can connect to with a few clicks amenable to even techno morons. What could possibly go wrong.
This won't increase the number of people affected or reduce the number caught. The only thing encryption can do in this case is make it more difficult for the government or foreign governments to read personal messages.
Not implementing encryption here can only help people violate people's privacy, it cannot help the government do its job.
The letter specifically describes an offender who was sentenced to 18 years' imprisonment, detected when Facebook read his non-E2EE communications with a child victim. Are you suggesting this was an unimportant or unrepresentative case?
Some crimes could be aided by virtually anything. E.g. let's destroy all the roads so criminals won't be able to travel.
It's silly to think that terrorists use Facebook
Very silly
How about 24x7 surveillance for politicians and priests and no surveilance for normal folks.
Specifically Apple-related and North American examples?
And Apple-related? North American? That's not relevant at all.
You boldly claimed that the government is observing me in my home through my devices, and I want you to show your work.
PRISM happens at the ISP level, and doesn't mention directly using iPhones, Macs, HomePods or tv as surveillance endpoints... So, where's your proof showing that they're surveilling US Citizens through those specific devices?
That's an oddly narrow goalpost. Apple shares user encryption keys with the Chinese government, for example, giving the Chinese government access to all iCloud pictures, messages, documents, videos, etc.
https://www.reuters.com/article/us-china-apple-icloud-insigh...
Chinese government nationalized the data centers six months later, gaining access to all the encryption keys and user iCloud data at rest:
https://mashable.com/article/china-government-apple-icloud-d...
Apple does business in China the way they have to do business in China. I don't agree with that, but I'm also quite sure they have not given my iCloud keys to China.
Also, how exactly was what I said "not accurate at all"? I accuarately said Apple was sharing iCloud data and encryption keys with the Chinese government.
Direct quote. Emphasis mine.
Is the full sentence with context, meaning access for all the iCloud data for the encryption keys being shared. Don't mince words because you misunderstood the sentence.
I didn't want to get accused of moving it later. Also, I'm only interested if there's evidence that applies to me. I'm 100% Apple and 100% USA-based, so if there's proof that "the government is listening!" then I want to see it.
https://www.engadget.com/2016/09/23/the-fbi-recommends-you-c...
and, mostly because it's mentioned in the engadget article:
https://twitter.com/topherolson/status/745294977064828929/ph...
https://en.wikipedia.org/wiki/Telescreen
If not, you're a bad guy and we can discount any argument you put forth am I right?
Am I right?
High five? Anyone?
Anyone?
Point being that the enemies privacy have been waging an extremely successful propaganda war against our position for longer than most privacy advocates have been alive. A campaign that is at once massive and specially calibrated to go unnoticed. (How many connect the 'Telescreen' to the example in [1] in their minds?) They have the power to ensure that hand picked, specific examples, calibrated to inflame, are used as flag bearers in the zeitgeist. They have a long game of very specific goals, coupled with an army of natural language, behavioral psychology, and media experts all dedicated to that singular purpose. They have decades of experience at manipulating populations at scale, and a track record replete with successes.
Meanwhile, we sit on HN and social media talking to each other about how our side will be proven right in the end. You know, 'cuz "freedoms".
We have to start addressing the legitimate points that government and law enforcement types are making, because not doing so cedes more and more ground in public behavior and public opinion to those enemies of privacy. The great irony here is that we ourselves have helped them manage to cast themselves in the public eye as the "champions of safety", due largely to the poorly chosen nature of our bedfellows. We need to start getting out in front of a lot of the legitimate arguments that law enforcement is making, and we need to push back against professionally subtle narratives in the national media that attempt to attach us to yet more unsavory bedfellows.
----
[1] - https://www.cnn.com/2019/10/02/us/woman-assaulted-boyfriend-...
PRISM was proof that governments pressure tech companies to become sources.
How to build a program to retain power:
1) Make new tech that is very convenient but has potential to become surveillance vector. -> e.g, Phone with voice recordings, fingerprint Face ID, location data, network of friends. Smart TV, smart watch, smart locks, Alexa, etc. 2) Support consumer adoption. 3) Keep public attention on the evils of foreign states and domestic terrorism. 4) Convert devices into active surveillance sources citing home security, public safety and the classic “what do you have to hide?”. 5) Do so as fast as possible without creating a revolt. 6) Have such pervasive surveillance that it becomes increasingly difficult to discuss, assemble and revolt. 7) Continue to introduce more controls, reduce freedoms, increase work week, taxes.
Many smartphones have this, and will respond to "Ok Google" or "Hey Siri". Do you view this differently?
The phone has to cherry pick phrases and capture times. With the right codex, the phone could keep recording for a long time after the right phrase or your IMEI is targeted. Still sub-optimal, but not as easy as Alexa. My bigger concern around phones is GPS data. That's why I've not had a phone in my name in the last twenty years and never owned a smart phone.
Now put the data sets from your phone, Alexa, your credit/debit card together and that paints quite a full picture.
The Ring device is very interesting. It faces the street. I mean, the house on the other side of the street. A network of those can track the movement of anyone that lives near one.
https://www-m.cnn.com/2019/08/29/us/ring-cameras-police/inde...
But that's exactly how many problems are solved.
Perhaps I should clarify that the only way we are going to solve he healthcare issue in the US is by the government spending money on it.
I mean, I agree with you on the argument completely, but I disagree that it’s a lazy argument.
It’s an extremely effective argument, relative to its factual content. The west is culturally conditioned to accept terrorism as justification and child abuse justifiably gets people riled up.
What’s lazy is people who can’t be arsed to look at complex things from multiple angles.
And I’m not sure what the AG has to do with Epstein’s crimes. Did you get some people mixed up?
FOX off, basically.
It's a dystopian world. Call Phil Collins.
There's still a possibility it was an actual, non-coerced suicide.
The AG is a loyalist to and subordinate of the President, who was an associate of Epstein and who was also at one point accused of having had Epstein procure an underage girl for sex.
[1] https://www.huffpost.com/entry/jeffrey-epstein-math-science-...
https://news.ycombinator.com/newsguidelines.html
Congress was provided “encrypted text messages [the top US diplomat in Ukraine] exchanged with two other American diplomats in September regarding aid money President Donald Trump ordered to be held back from Ukraine.”
Might the AG also want to monitor these messages?
https://abcnews.go.com/Politics/top-diplomat-ukraine-crazy-w...
Reminds me of this story: "Back during World War II, the RAF lost a lot of planes to German anti-aircraft fire. So they decided to armor them up. But where to put the armor? The obvious answer was to look at planes that returned from missions, count up all the bullet holes in various places, and then put extra armor in the areas that attracted the most fire.Obvious but wrong. As Hungarian-born mathematician Abraham Wald explained at the time, if a plane makes it back safely even though it has, say, a bunch of bullet holes in its wings, it means that bullet holes in the wings aren’t very dangerous. What you really want to do is armor up the areas that, on average, don’t have any bullet holes. Why? Because planes with bullet holes in those places never made it back."
Qoute from https://www.motherjones.com/kevin-drum/2010/09/counterintuit...
They need a permit for a car? Why not just steal it?
I need an identity to do shady stuff on the internet?
Why not steal it?
We cannot reason with malevolent forces, there is always going to be away,
And by that time, we compiled the data of everyone, centralized it all, and let govs that don't understand the implication collect those as if it was mere petrol or gold.
We are putting everyone's life at risk doing so, just wait until it leaks out or it starts getting sold. (ahem, oh wait !)
It is a problem, and tbh it saddens me a f* tons.
Good to see that the "think of the children" argument[0] is still in use today. /s
[0] - https://en.wikipedia.org/wiki/Think_of_the_children
1984 rings more true with each passing day.
"It was meant to be a warning, not a manual."
Isn't the entire point of E2E Encryption for user safety, as in safety from the government reading your message?
I'm starting to wonder if this is a smokescreen. Eventually give in to E2E because you know you have got app store signing keys for the apps so you can upload a patched one with backdoors.
> I'm starting to wonder if this is a smokescreen. Eventually give in to E2E because you know you have got app store signing keys for the apps so you can upload a patched one with backdoors.
Is there no way to prevent auto-updating of apps? If the app blocks access barring upgrade it may be suspicious. Though I guess the upgrade would probably be veiled in new features.
Users should have to power to decide when and if to update. If their old version causes them technical problems or exposes them to security issues that is their business. Software can (and often should) offer auto-updates to make things easier for most users but it should respect a user's choice not to update. Especially when updates often introduce anti-features and/or disable existing features.
It also totally changes how government has to force Facebook into giving them something. They can't just request access to some server anymore.
The main way to defeat a state is to make mass survailance difficult enough that it doesn't scale well.
You and whoever you are messaging of course.
That is their stated reason. If given access they will also read your messages to determine if you are a drug dealer, or a drug user, or have committed financial crimes, or if you're organizing disfavored political activity, or...
Eat a bag of dicks, Barr.
I don’t get it. How could end-to-end encryption reduce user safety?
Ah yes, "think of the children!" This is so tired, I'm (just a bit) surprised they fell into this argument.
Kids being shot in schools: the price of freedom.
Private communications means also criminals can communicate privately: outrage.
https://keybase.io/blog/chat-apps-softer-than-tofu
(I have no affiliation with Keybase, I just appreciate their very thorough and public analysis.)
I used the wayback machine to read the older version of this article, it took specific aim at WhatsApp and Sigal, indicating that (in so many words) it disapproved of the apps providing a notice of Safety Numbers changing instead of the app flipping its wig and making the user take affirmative action to continue communications, otherwise it wasn't true TOFU.
I have about 30+ contacts on Signal, and I almost __never__ get Safety number changes. I certainly don't think making the user click through yet-another-dialog-they-wont-read will be a big security improvement.
I suppose I disagree with the 'not true TOFU' argument.
I am not sure if I'd be willing to make the argument we should ban (as in make illegal) collection of user data, but acting like such data is required to run ads is ridiculous.
How about we techies stop kissing ass to the advertising execs and stand up to them for once??
They want more data, more relevant ads, more more more more more. Their ask is impossible without massive invasions of privacy. Fuck them, I say
Return to scattershot ads, they can understand me as an audience without having to mine every ounce of my life for it. That approach will produce more relevant ads for me anyway
But since this idea has been brought up by a number of ad companies (Google, most notably), I can answer in the more general sense.
I would not support ad targeting done that way. It is a bit less objectionable, but it doesn't really address my objections to the entire practice.
I don't think they will be hurt by the fraction that do leave for this reason.
Assuming someone already has knowledge of Facebook's past activities, then they are likely already gone. If they are still using the service, it's unlikely this will make a difference.
Cheap and convenient is just too much of a draw for some folks. Especially when it involves "staying connected" with friends and family (irrational behavior driven by emotion).
Encrypt it, end to end, the government does not need to be able access all private communications of private citizens. There are other means of investigating potential crimes.
I love the Internet, and my career is in security. But we as a security/privacy/technology community truly need to look hard in the mirror about how we are allowing and perpetuating lifetime harms to children and women.
Terrorism exceptions, like San Bernardino, don't ring with as much impact as the CEP argument.
* https://en.wikipedia.org/wiki/Four_Horsemen_of_the_Infocalyp...
bin Salman in Saudi Arabia: https://en.wikipedia.org/wiki/2017–19_Saudi_Arabian_purge
We're just going to completely ignore the last administration spying on their political opponents?
[0] https://www.politifact.com/truth-o-meter/article/2017/mar/21...
But if it was true, seems to be another reason to allow End 2 End.
Unless this was essentially a "but her emails" post.
Law enforcement and security agencies need to be able to access any communication. This does not mean that they should monitor all communications.
They can eavesdrop on any phone call. They do not eavesdrop on all phone calls.
The problem with E2E encryption is that it prevents eavesdropping even with the standard legal safeguards (warrant, etc), while not being required for the privacy of users. It is only effectively a marketing tool to convince people to use services from providers they don't trust, although, of course, since they control the app they can still in principle access the data.
Even with E2E the police can get warrants for the devices which is usually more than enough to access data.
They just want an easier job, it’s not a major roadblock. When police jobs being easy is a good sign that privacy has been completely destroyed.
E2E is not required for privacy. There is also a difference between privacy and the right to privacy, and a guarantee that no-one will ever be able to know what I'm doing.
There is no absolute, including absolute right. It's all about balance: We have a right to privacy but the police may search our homes and eavesdrop on our communications in strict, specific circumstances because that's in the public interest. The idea is simply to have the same online.
If the system uses only P2P encryption then no backdoor is needed, which actually makes the system more secure to external threats. It is then for the provider to allow access to data only to "allowed government agencies" according to the law, which is how mobile phone networks work.
I don't agree with this -- but I think this does strike at the very heart of what the debate is all about.
Why? And while we are at it, why is this such a given that they need it.
COINTELPRO was a thing that actually happened and should be brought up every time privacy rights and government surveillance is discussed
* https://en.wikipedia.org/wiki/Room_641A
* https://arstechnica.com/tech-policy/2013/10/new-docs-show-ns...
I am still pro E2E encryption, especially given the Snowden revelations (the US gov cannot be trusted to be responsible), but it does come at a high cost.
https://www.nytimes.com/interactive/2019/09/28/us/child-sex-...
https://en.wikipedia.org/wiki/Blackstone%27s_ratio
"It is better that ten guilty persons escape than that one innocent suffer."
If you start thinking that parents "can be" the criminals then you've decided that parents are automatically guilty and must be proved innocent. This goes against the very moral fiber of the entire western world theory of law, the presumption of innocence.
It's definitely possible to eliminate all crime with total surveillance with a high degree of accuracy.
We probably shouldn't, especially not without being able to quickly update our laws, but it could be done. Imagine if anyone going over the speed limit was instantly charged a fine. We can do that today with complete accuracy, but we choose not to do enforcement that way.
Unless the state itself is criminal. Not only can law stray from morality, authorities of the state can even violate the laws of that state itself. If you can imagine an extreme authoritarian state with a constitution, can't you also imagine that the leaders of that state choosing to ignore that constitution?
But before even getting into the above, you've assumed the possibility of perfect surveillance. Who or what and how could that ever be possible?
The only way I can conceive of perfect law enforcement is to have very few if any laws. Everything else is an excuse for the personal fancies of authoritarians.
And you could set up society so that you'd be useless without carrying your phone, as we're most of the way there already. Not streaming your complete data to the government would become a crime.
All public places could be recorded in a similar way.
If you combined it with satellite tracking of the whole planet, you could even identify people that have chosen to go off the grid for some period of time, so you could solve crimes that happened in the forest if you want.
That's pretty close to perfect surveillance.
I can't think of a crime that couldn't be solved this way, but it's not a society where I'd want to live.
I'm not sure why I'm being so heavily downvoted, the only difference between the dystopian future that I describe and the system we have currently, is that the government isn't collecting and processing data on such a wide scale. If they collect more data, we will have more crimes solved and more privacy forfeited. If you take that to its logical extreme, we have full surveillance, no privacy, and no crime. I'd rather live in a world where we have some crime, but privacy and no surveillance, but I think it's far more likely we'll head in the opposite direction.
How would you handle corrupt senior police officers covering the tracks for themselves, their fellow officers, and friends in high places?
I know you're trying to point out some supposed hypocrisy for not criticizing Obama or Clinton or something, so I'll let you know I think they too enacted unforgivable political violence. Happy?
People exist outside the Republican/Democrat spectrum.
Stop JAQing off and stuff your crypto-fascist views up your ass you Trump slurping gonorrhea nodule.
inb4 "Leftists can't have civil discussions"
Shut the fuck up you stupid fash.
Edit: actually thinking you might be seriously talking about conditions for illegal immigrants detained in the US. Hyperbole, but still not a nice situation.
What are you talking about? I'm seriously asking. This sounds like something people say without having anything real behind it.
https://www.nytimes.com/2019/07/02/opinion/surveillance-stat...
As for Facebook, it is more likely because Facebook is in "progress" of enabling E2E and they have more users than Apple right now. It is easier to hit Facebook now than later unlike in the case of Apple that already implemented it from the start; it would go into court litigation for several years and most likely end up in Supreme Court.
Barr is just assuming FB will cave in.
PS: No, a huge value prop for iMessages is that it's built into iOS and any iPhone user can talk to another iPhone user, not because of E2E. Most users aren't aware of what E2E is.
Because when Apple was preparing it, it wasn’t public about it, and the then-sitting AG wasn't looking to generate news articles with his name that weren't attached to his role in acts fueling an imminent Presidential impeachment, so no similar warning note.
"While the letter acknowledges that Facebook, which owns Facebook Messenger, WhatsApp, and Instagram, captures 99% of child exploitation and terrorism-related content through its own systems, it also notes that "mere numbers cannot capture the significance of the harm to children." "
So the government not having access to private communication is a threat to public safety, and won't somebody think of the children!
This NYTimes article https://www.nytimes.com/interactive/2019/09/28/us/child-sex-... is quite good. I don't want to punish FB for doing a good job of detection by turning around clutching my pearls at them. Stamos tweeted that every hosting platform has these challenges and I believe him.
There has to be some nuance from the absolute privacy folks on this one. How do we balance the need to fight child abuse with privacy?
For example, they might be spotting a large fraction via network analysis, or other metadata approaches. Alternatively, they might just hash every image sent over messenger and match those to known CEP. Encryption screws up one avenue, but not the other.
Aren't we putting the cart before the horse? The problem is the exploitation of children, the secondary problem is that this exploitation is sometimes photographed and shared.
I don't believe that a strong solution the latter problem will have any impact on the former.
You measure accuracy of detection via a training set of definitely known examples, and comparing it to the detections reported by your system.
You can say with certainty that their system catches 99% of your training data set, but that doesn't mean it Will generalize to "all permutations of child abuse ever".
That's two totally different things. In the end their use of that statistic illustrates an attempt to lie with statistics more than anything else.
You are now the thorn in the side of every AI salesman trying to pitch you his Neural Net based wonder machine, or politician trying to sell you on giving up rights because they need to be able to violate everyone's privacy because statistics.
If you understand the actual nature of these measurements, it becomes quite a bit more difficult to let the "zomg neato" factor run away with you.
https://www.youtube.com/watch?v=TYVCVzEJhhQ
If I wanted to know the accuracy of an important system. I'd do continual audits. Take a (stratified) sample of all things, get ground truth labels for whether they should have been detected, and see what percent were in fact detected. Then I could estimate how much my systems did and didn't catch at any point in time.
No, I'd ask you what your methodology was when you measured. For instance, going to the DMV and getting a list of all registered vehicles, and using that as a representative dataset to reason from is fine. (Depending on your definition of cars in San Francisco, and whether or not that is meant to include cars transiently moving through or not.)
Now if you told me you were using a Neural Network to recognize all Subaru models that drove by a particular camera, I'd start asking you questions, and want to see your training data, output, etc.
>Sure it may be true in my dataset, but that doesn't mean it will generalize to all possible permutations of traffic ever. Well, no shit. But that's not the statement being made.
That generally is the statement being made when people make claims about the accuracy of neural networks. Particularly the marketing people. You can only measure their accuracy within a constrained dataset, and overfitting is a thing.
>If I wanted to know the accuracy of an important system. I'd do continual audits. Take a (stratified) sample of all things, get ground truth labels for whether they should have been detected, and see what percent were in fact detected. Then I could estimate how much my systems did and didn't catch at any point in time.
Which, again means you're operating off things you know a priori to be the case. You don't know the full extent of everything to begin with, which phrasing in this article implies.
I'm not saying audits can't be useful; it'll get you a number, and sometimes that's all you need. You just need to be clear about what the numbers actually mean.
There's lies, damn lies, and statistics after all.
There isn't. This is a logical fallacy. Violating everyone's privacy is not the way to fight child abuse, not even one of the ways that can do anything to prevent it.
I am curious what you think are the ways we can fight child abuse. It seems to me we have some obligation as technologists to see that our works aren't used to harm the most vulnerable.
Now we are seeing multiple instances where scapegoats and boogeymen are being used to systematically strip our rights away. The worst part of the whole thing is that when I attempt to fight for my privacy, I would be seen as supporting child pornography. It is an insidious tactic that is unreasonably effective.
This is the whole problem. There _is_ nuance. Users can still report content, even if it's private. Automated detection systems can still run client-side. Public forums like Facebook itself are still targetable, and we can increase funding and counseling for moderators in those public spaces to reduce turnover.
Barr is the one here saying that, "mere numbers" aren't enough to talk about the problem. How exactly are we supposed to compromise with that? What exactly is a 'nuanced' response to the argument that any system that allows even one child to be abused is unacceptable?
Barr isn't going to be happy unless law enforcement can read every single message. And he's going to trot out the same arguments every single time. And every time we respond, somebody is going to be jumping in to say, "but why can't we just have a little nuance? Why are all of you so dogmatic about this?"
Every position is absolute. Either you have 100% user privacy, or you 100% don't have user privacy. People pretend that the latter option can potentially include "checks and balances" and whatnot, but Snowden showed us how that plays out in reality...
If someone has an idea that can help prevent abuses and protect privacy without enabling abusive governments, I'm all ears. Unfortunately, to date all we've seen are proposals like the Clipper chip which amount to a backdoor to everything. Understandably, experts are somewhat skeptical of replaying the experience.
> I am curious what you think are the ways we can fight child abuse. It seems to me we have some obligation as technologists to see that our works aren't used to harm the most vulnerable.
You are absolutely right. Absolutely, complete, perfectly correct in every way. Yet, might it be possible that cryptography is not the right context for this discussion? Perhaps there are other tools better suited to the question at hand that do not have the same ugly record of pervasive invasions of privacy? I would love to discuss those! Do you have any suggestions as to where we might start?
This seems like a question best posed to the people on the front lines of this effort - what do they think they need? The rest is so much second-guessing.
I would personally even go one further and say that anyone or anything beyond a certain level of power should be radically transparent, and privacy should be reserved for the weak. If you want some privacy, step down from power and influence, and donate your money, because transparency is the only way we can even start to wield democracy properly and prevent the gross abuses of power we see in our society.
What's your point? We can either give governments backdoor access, or we don't. It's disingenuous to suggest that there's some sort of "middle ground" and pretend to care about privacy.
> I am curious what you think are the ways we can fight child abuse. It seems to me we have some obligation as technologists to see that our works aren't used to harm the most vulnerable.
How about traditional targeted investigations requiring a warrant? I don't see any reason for technologists to enable mass surveillance.
One reasonable answer is that FB/Google/etc. should donate or donate more (Google is called out as donating already) to these organizations. I think another reasonable answer is that technologists donate our time, perhaps as 20% projects or as sabbaticals to these orgs and help them modernize.
It does seem Congress (per the NYTimes article I linked above) isn't doling out as much funding as we would like to see.
And, in fairness, children are being harmed here, and at an incredibly alarming rate. Please do read the NYTimes article. The Times is, IMO, a fairly responsible actor in truth telling.
One is our job that we are directly and morally responsible for (like a civil engineer being responsible for having a bridge not collapse at a load of >2 cars), the other is not. Call me callous, call me cold, but that is not explicitly up to us, we can't be under the delusion that we are the one key to everything and anything. It wouldn't make sense to have a "quick-release" button forcibly installed on all bridges that would cause an instant collapse if triggered "because countless children that are victims of human trafficking are taken over bridges everyday."
I'm not saying online systems for catching child abuse can't be implemented. But is it really where our efforts would be most effective?
The question should be: how do you combat child abuse?
For that, we need:
1- Strong reporting systems that connect the people who in contact with children (doctors, teachers, social workers) and centralize and distribute that information. Right now, a social worker doesn't know about the doctor or teacher reports very easily.
2- Then, we need strong systems for handling the situation: i.e. social workers with effective systems for intervention.
3- Then, we need strong systems to take the children that are removed from at risk situations and place them in safe places where they can recover and grow in a healthy environment. This is the foster care system and the national health care system (or lack thereof) that will provide mental health counseling for the affected children.
Given that 1, 2 and 3 of these systems are terribly dysfunctional if not mostly broken, I'm always skeptical when people talk about social media and child protection. The situation gives me a feeling of leaders justifying the erosion of privacy and those who are authoritarian inclined supporting them, rather than people really caring about protecting children.
Maybe I'm missing something, but it clearly states that the main issues saving children are a lack of enforcement availability (i.e. the 3 points mentioned in my comment) and the lack of timely cooperation of existing orders.
Then they talk about how 'some criminals' hide behind encryption.
So... we have a situation where many cases are reported but aren't followed up on. Yet we focus on getting more reporting by undermining the right of non criminals? Doesn't seem very logical to me.
The whole piece even undermines their own arguments. They mention the 'case of the Love Zone'... which was cracked by investigators finding clues the old fashioned way. Not drag net surveillance.
The article also places many issues that aren't tech related as tech problems. It says "Bing was said to regularly submit reports that lacked essential information, making investigations difficult"
Let's compare that line to offline: If I own a pizza parlor where pedo's hang out sometimes, and I find a picture of CP in a restroom and hand it in to the authorities or call them up, would you blame the Pizza Parlor for the lack of fingerprints on the pictures? Would you think it's ok then to make wearing gloves illegal? I mean, if people use gloves, pedos can use gloves and hide their fingerprints. Why not target gloves?
There is a real issue: Child Abuse. There are real solutions that are complex and extremely resource intensive. A report doesn't create a case. Focusing on tech and the lack of having MORE drag net surveillance seems absurd. This is coming from someone who grew up with abuse.
When I go to forums to discuss abuse (it helps me deal with what happened) almost everyone tells of times that the abuse was reported but not well investigated. In fact, I've known people who work in CPS and they almost universally say the system is broken. A child in my city was recently beat to death by his step dad... an CPS had been called on them multiple times.
We could be focusing on fixing that (you know, the things the people on the front line say are wrong). But no. Drag net surveillance is the thing we should focus on apparently (even though in the very article you mention it states we have more current reporting than we have resources to deal with it)
The reality is that the organizations responsible for looking into these reports of abuse only have enough resources to investigate those where the child's life is in immediate danger.
The venn diagrams of "internet chat surveillance" and 'solutions to the problems of child abuse" are mutually exclusive.
Politicians are grossly morally corrupt to use child abuse as an argument against encryption when they're the ones controlling the purse strings for Child Services-type organizations. Feathering their own nests at the cost of actual, real progress on protecting children from abuse.
You can catch a majority of such content just by running a dumb hash over the bits, even though the detection rate suffered a little thanks to dumb smartphone users who will screenshot everything instead of sharing the files, thus creating "new" content.
If you add some simple "content hashing", like https://pypi.org/project/dhash/ or Microsoft PhotoDNA https://www.microsoft.com/en-us/photodna you can catch an astounding number of content shares, something which really looks great in press releases. My guess would be that the vast, vast, vast majority of those 18M reports that letter mentions came from automated engines detecting the "common" content with dumb bit or content hashes. But you really didn't do much except annoy and scare some online pedophiles* who shared the same 10, 20, 40 year old content* and maybe even put a few of them away for good or caused them to kill themselves. And yet, you almost never actually prevented ongoing child rape and other abuses.
The problem however is that you absolutely cannot catch new content that way. Content that isn't widely shared but shared between two people or in rather small groups. These small groups have elaborate vouching and proving systems in place, and are hard to infiltrate, going as far as having to prove yourself by sharing a picture of you victim holding a sign with a time stamp and some passphrase.
facebook aimed their AI at porn so they might catch some of this new content by accident; it's porn after all. Then again, my hopes aren't that high, seeing Microsoft's bing fucked up even removing the known child abuse content from search results even as the company runs the PhotoDNA database I mentioned before. And google's AI is "clever" enough to think black teens are gorillas, but they are supposed to catch child porn?
Also, those dedicated child abuse content producers do read the news and know not to use facebook or twitter. Most of them do, anyway.
There is essentially three types of pedocriminals I have observed: the aforementioned part time online pedos who share the same old child abuse content but do not actually produce it or abuse children in the real world, a group of active pedophiles who do not care about getting caught because they live in places where they do not actually have to fear the police investigating them, and a cautious group who might use common public services to make initial contact and talk a little in code but will immediately exchange tox ids etc or at least link to "how to setup qtox over tor"* guides (I saw a few "groomers" do just that), and never share anything incriminating over a public service. My guess is that they are be behind tor or a VPN even when using those public services.
And there is a small number of dumb fucks too who will get caught easily and who end up in the press, and, of course, a probably quite large group of pedophiles who just abuse children but do not tell anybody about it, especially not on the internet.
The majority of people you'd actually want to neutralize because they engage in ongoing child abuse you will not catch on facebook or twitter or whatever. I sometimes liken it to catching a lot of drug users, but not the dealers let alone the drug producers.
Not that my experience dealing with the police is much better. The average time for them to get back to you is a few months if they are from the West, and usually never in other parts of the world, even if they have dedica...
Do you have some links for this? I've anecdotally heard it both ways.
https://olemiss.edu/depts/ncjrl/pdf/I%20C%20A%20C/2013%20-%2... seems to imply the opposite.
This doesn't seem like a valid line of reasoning to me. Just because there are pros and cons to encryption does not mean that the right answer must be a nuanced balance where individuals cannot have completely private communication.
The nature of encrypted messaging is that you don't really have a middle ground. Either there is a way for two entities to privately communicate, or all communications are inspected for content by a central party. I believe that allowing private communications is the option that is more suited to the American tradition of free speech.
I'll try my hand here:
You're talking about this as "preventing child abuse" versus "privacy". The former is pretty concrete, while the latter is pretty abstract. But allowing government to invade everyone's privacy has concrete effects. Let's be clear here: in 2013, 2.2 million people were incarcerated in the US.[1] 1 in 5 is locked up for a nonviolent drug offense[2]--that's 440,000 people. And 540,000 people are incarcerated because they can't afford bail. It's unclear from the graphs on that page how many are locked up for child abuse, but the total incarcerated for rape and sexual assault convictions is 163,000 people in state jails, which by all accounts is where most rape and sexual assault convicts end up. It's unclear how many of those rape and sexual assault cases were convicted due to evidence from surveillance, but I think we can assume that it wasn't all of them. And in case it's not clear, quite a few of those unethically incarcerated will be raped[3]. In short, unethical incarceration is a much larger threat, by the numbers, than child abuse.
We've seen time and time again that violations of privacy are publicized as being used to prevent terrorism and child abuse, but immediately are then used to prosecute nonviolent drug offenders.
What it comes down to for me is that I trust average citizens to do the right thing more than I trust the law. The vanguard of law enforcement is average citizens picking up the phone and calling the police when they see something wrong, and I want to keep it that way. I trust the average person to call the police when they witness a crime like murder, rape, or child abuse, and not call the police when they witness drug possession. I do not trust law enforcement to enforce the law as ethically. Pervasive surveillance takes that power out of the hands of citizens and puts it in the hands of law enforcement who has time and time again shown themselves to be untrustworthy with that power. It's dangerous to be right when the government is wrong.
And that's in the current US. In the past, US law has been even more wrong. For example, US law enforcement was used to suppress, for example, civil rights activists. That time may come again. It has always been beneficial to let illegal behavior slide under the gaze of law enforcement when that illegal behavior wasn't unethical behavior.
[1] https://en.wikipedia.org/wiki/Incarceration_in_the_United_St...
[2] https://www.prisonpolicy.org/reports/pie2019.html
[3] https://en.wikipedia.org/wiki/Prison_rape_in_the_United_Stat...
Well, one place to start is with the realization that 99% of molestation comes from people the child knows. Encryption doesn't affect that pipeline at all, so the gov't shouldn't be worried.
I'd also remind that probably effectively 100% of physical child abuse and violence also comes from people the child knows.
Surveilling strangers can't have anything to do with dealing with any form of child abuse, except the extremely rare case where strangers have been able to find each other and create a subculture with which to provide evidence that exists on Facebook's servers. That's a pretty specific and narrow set of conditions.
I'm not saying Facebook allowing government surveillance on their wires can't produce some hits, but I'd be extremely curious to learn of wider implications and costs that are proportional.
Seems easy for FB to comply with this: they are adding encryption specifically to improve user safety.*
The later extract in the article body talks about "public" safety, which is the classic false dichotomy that has been brought up by law agencies for the past 30 years.
Much as it sticks in my craw to say something supportive of either of that meretricious duo Barr and Patel, I have to admit I am glad that they are using an open letter rather than trying for a backroom deal or quiet threats. Perhaps they tried those already and have been rebuffed.
I have seen some friends of mine outraged by social media's inability to do wholesale censorship, spurred by some NYT articles on child abuse from last week. I wonder if that was coordinated?
* OK, they are a corporation doing it to encourage people to use their service, but they are trying to accomplish that by improving user safety.
I think tech companies would have a stronger basis for refusing to monitor and censor user traffic if they hadn't volunteered to monitor and censor some user traffic. Doing anything some of the time makes you vulnerable to pressure to do more of that thing.
Carrying all legal content and refusing any cooperation with the government without a warrant is the only sustainable path.
https://twitter.com/hashbreaker/status/709314886384427008
> Fun game to play: Take statements from Comey et al. Replace "smartphones" with "brains"/"memories"/"thoughts". Technology will get us there!
Very on brand for the new versions of this request...