Help me on this...
https://www.bbc.co.uk/news/technology-6005527 0">BBC News - Facebook Messenger: The battle over end-to-end encryption
Why has the battle over end-to-end encryption been reduced to a battle against paedophiles?
Surely the simple answer to the "child safety" concerns is don't give your kids un-restricted access to social media? Do parents not spot check what their kids are up to on social media?
(I don't have kids. Only a dog. And he needs me to unlock his phone 😂)
(For the record, before the arrival of the "why do you need end to end encryption if you've got nothing to hide" brigade, I personally have nothing to hide but my employer and my employers clients take data security VERY seriously. I hope your employer is also serious about my data security if you happen to handle it!)
Surely the simple answer to the “child safety” concerns is don’t give your kids un-restricted access to social media?
That's that one solved then. The police will be relieved.
Why has the battle over end-to-end encryption been reduced to a battle against paedophiles?
Because the battle over end-to-end encryption being reduced to a battle against terrorists didn't work so they needed a new excuse.
The long-form answer to this question is not something I'm going embark on at half past midnight. I'll pick it up tomorrow. Don't believe the lies, encryption isn't bad, it is critical to the operation of the modern world.
TL;DR - it's a PR stunt being run at the taxpayer's expense. Can't imagine why they might need a diversion right now.
And, in other news, attendees at the Winter Olympics (well, US attendees at least) are being recommended to use burner phones whilst in China. Presumably, this wouldn't be needed if end-to-end encryption was more widely available...
Because the battle over end-to-end encryption being reduced to a battle against terrorists didn’t work so they needed a new excuse.
Certainly feels that way.
I dont want to sound like the conspiracy theorist, but many of these new laws seem to promote that ideal.
Throwing a "dead cat on the table" - surprisingly hurling out something controversial and attention grabbing - has long been a government tactic when they want to divert public attention away from something embarrassing or corrupt. Not that anything like that has happened lately of course.
That's not conspiracy theories, that's just 21st Century politics.
Surely the simple answer to the “child safety” concerns is don’t give your kids un-restricted access to social media? Do parents not spot check what their kids are up to on social media?
You obviously don't have kids. They are born with The Devil in them. It's a never ending battle to lead them on the path towards The Light. They learn shit from their friends really fast too.
I just enjoy watching the government squirm when in one instance they throw the terrorist/paedophile excuses around and then say "but China/Iran/Russia/North Korea...." and no one has a solution to hacking.
Is it any wonder that individual citizens want to prevent bad actors accessing their data and that tech companies are interested in supplying a solution to their users.
I'm not an Apple fan boi but I do admire their stance on privacy.
Whilst I'm in favour of citizens having access to end-to-end encrypted communication there's definitely some downsides (mostly criminality related) but yeah trying to justify having backdoors or banning it by putting out stories about it enabling paedophilia etc. isn't a good approach
Link seems to be broken, but I can guess the content.
Another classic example of policy makers not understanding what they are talking about.
I’m not an Apple fan boi but I do admire their stance on privacy.
Well..... mostly!
https://www.bbc.co.uk/news/technology-60004257
Encryption like espionage is only unfair when the other guy is using it.
sharkbait
Free MemberI’m not an Apple fan boi but I do admire their stance on privacy.
Well….. mostly!
https://www.bbc.co.uk/news/technology-60004257/blockquote >“Other trackers are available” (and they don’t tell you when someone has left one about your person.
Another classic example of policy makers not understanding what they are talking about.
... is about the size of it.
I said I'd come back to this but really it's hard to know where to start. So in no particular order:
1) Make no mistake, this is a PR exercise. I mean, there is a literal advertising campaign behind it. Who doesn't want to make children safer, right? What are you, some sort of prince?
2) Related to 1) there is an element of deadcatism as I said last night. Cos there's nothing else of interest going on right now that we should be paying attention to, is there.
3) Our government has previous form with Big Data mining. The Investigatory Powers Act, Cambridge Analytica, now they want to be able to read your messages? this alone should give you the fear.
One of the things that sounds tinfoil-hat conspiracy-theory levels of crazy but came out in the Snowdon / Wikileaks is that neither the UK nor the US is allowed to perform mass surveillance on its populations. Solution, we tapped each other's backbones and then exchanged the data. Today, secure encryption has mostly kyboshed that.
4) Weakening encryption is a really really retarded idea. "Let's make everyone safer by reducing security!" said no-one with even the most basic grasp of security concepts, ever. I spend half my life telling people that they need to disable known-compromised protocols.
FW argued "there are some downsides" - there aren't. There simply aren't. You're putting regular users at greater risk but the criminals will simply circumvent it. Reckon terrorists and nonces are going to use communications media that they know their governments are listening to?
5) Who do you trust to keep the keys to a known vulnerable system safe? The NSA tried this, the result was devastation on a large scale. Remember when like a third of the NHS went dark? Are we learning yet?
6) How can you possibly implement it? Encryption is known technology, the genie is long out of the bottle. Our junior analysts know how public key infrastructure works. I'm neither a crypto specialist nor a programmer but I could likely spin up a rudimentary encrypt/decrypt system in an afternoon. You cannot uninvent technology which is already in the public domain, it'd be like trying to ban French.
7) As I touched on above, this is all likely to be trivially circumvented. Three clicks of a mouse button and as far as anyone watching me can tell, I'm in Tel Aviv. Now what, we ban VPNs? That's everyone working from home scuppered. Ban TLS? Sure, online shopping and banking is totally going to be safe over regular http.
8) Probably less of a direct issue for end users but there is a MASSIVE issue around compliance as soon as we start dicking about with encryption protocols. One example, there's a thing called PCI-DSS, it's a security standard you have to adhere to if you're handling credit / debit cards. A PCI failure means you cannot take card payments. We run scans for our PCI customers on a regular basis and vulnerable security protocols would fail PCI. Our customers could no longer then legally accept card payments. Result: we lose customers. Result if this is country-wide: businesses move their operations out of the UK. Well at least that's not happened before in recent history, hey?
9) For context, as a friend of mine posited: "We're not the first country to [propose / do] this, but we're not in great company. North Korea; Russia; China; Khazakstan; Iran; Columbia; etc etc etc"
I could go on but you get the idea I hope. It's a publicity stunt, it'll almost certainly never happen and it would be an act of gross self-harm if it did. Eh, good job we don't have any previous form there, either...
FW argued “there are some downsides” – there aren’t. There simply aren’t. You’re putting regular users at greater risk but the criminals will simply circumvent it. Reckon terrorists and nonces are going to use communications media that they know their governments are listening to?
It's not that simple though. Yes the bigger OCGs and some terrorists with a lot of money behind them will be using networks like EncroChat but the vast majority of comms related to criminality will be on stuff like Whatsapp
Everything Cougar said, and would add:
"I have nothing to hide, but have nothing I wish to show you".
You obviously don’t have kids. They are born with The Devil in them
One of my neighbours refers to his youngest son quite openly as 'The Devil's child' normally after apologising for whatever unaceptable behaviour has just occured.
You cannot uninvent technology which is already in the public domain, it’d be like trying to ban French.
This is such a big one it can't be understated, you can't undiscover the maths, that is decades old, can been implemented thousands of times. The bad guys will not be "disarmed".
Everything Cougar said, and would add:
“I have nothing to hide, but have nothing I wish to show you”.
Adds name to the list.., checks telescreen.
It’s not that simple though. Yes the bigger OCGs and some terrorists with a lot of money behind them will be using networks like EncroChat but the vast majority of comms related to criminality will be on stuff like Whatsapp
Will it? "Yo bro, jump to Telegram"
Broadly I can see two scenarios here.
First, it's used to target people 'known' to the powers that be. These are likely the big players who as you say are going to use something other than whatever we're watching.
Second, mass spying on a grand scale. You'll probably catch some low-hanging fruit. Whoopee.
In any case, that's not what this is about. We had the 'terrorism' discussion the last time this came around. From the BBC link:
According to the US National Center for Missing and Exploited Children (NCMEC), 21.7 million reports were made in the US in 2020 about child sexual-abuse material being exchanged on social media.
The campaigners say 14 million of these reports could be lost every year if end-to-end encryption is rolled out more widely.
So they claim 65% of all reported cases were as a result of intercepting unencrypted messages from nonces?
Bull.
Shit.
“I have nothing to hide, but have nothing I wish to show you”.
That's a nice way of putting it.
This argument crops up regularly in these sort of discussions, and it falls down at the slightest whiff of scrutiny. If anyone believes they have nothing to hide, let me know and I'll pop round and install a publicly-streaming webcam in your shower room.
One of my neighbours refers to his youngest son quite openly as ‘The Devil’s child’
So is it him or his wife who is the Devil?
you can’t undiscover the maths, that is decades old, can been implemented thousands of times.
As an aside, if anyone is even remotely interested in this stuff, I can thoroughly recommend Cory Doctorow's "Little Brother" book. It's "young adult" level of writing and as well as being a great, thought-provoking story it goes into a lot of privacy concerns and cryptology tech in a really, really easy to digest way. IMHO it should be essential reading for everyone before they're let loose on the Internet.
It's available in the usual dead tree variants or can be downloaded for free in a hundred different formats from his website.
Saw a tiktok on this (I know) on this the other day. Guy was making an argument that not enforcing e2e on messenger was actual more likely to promote harm to children. I forget his reasoning now...
It's basically BS anyway - all of the governments recent indiscretions were flagged via e2e comms anyway, they just don't want us to use what they use...
Why has the battle over end-to-end encryption been reduced to a battle against paedophiles?
Because by calling on the four horsemen of the infopocalypse, no one can possibly disagree with your argument (/sarcasm). Everyone hates pedos, terrorists, organised criminals and drug dealers, so saying that your new approach will prevent these bad people from doing bad (possibly true, but probably not) is a good way to hide the fact that it will also affect everyone else negatively (almost certainly true).
Recent news of a ****stani sentenced to death for sharing an image over WhatsApp provide a grim but revealing indication of how this ban on encryption will be used by some. (for those who can't be bothered to click - the woman shared an image of the prophet).
9) For context, as a friend of mine posited: “We’re not the first country to [propose / do] this, but we’re not in great company. North Korea; Russia; China; Khazakstan; Iran; Columbia; etc etc etc”
Plus, for context, the US, Canada, Australia, New Zealand and the EU, so the debate is not going to go away, particularly now that the primary justification has moved on from terrorism to assuming everyone's a paedophile ("won't somebody think of the children"). I suspect the encryption backdoor approach will die as most people now realise how important encryption is, but in its place end-device scanning seems to be gaining traction, such as Apple's now delayed CSAM scanning implementation that seemingly came out of nowhere.
You obviously don’t have kids. They are born with The Devil in them
I don't think anyone's doubting that kids are awful, but I don't think it's end to end encryption that makes them like that!
Plus, for context, the US, Canada, Australia, New Zealand and the EU,
In honesty, I probably broke that statement. I added "propose" because we haven't done it yet and that was a mistake. What I meant was: "We wouldn't be the first country to do this".
First, it’s used to target people ‘known’ to the powers that be. These are likely the big players who as you say are going to use something other than whatever we’re watching.
Second, mass spying on a grand scale. You’ll probably catch some low-hanging fruit. Whoopee
Again - that's over-simplifying things. There is a HUGE part in the middle where investigations are mapping out everyone in OCGs or trying to identify victims etc. Communications that assist with this are more frequently being done these days over end-to-end encryption using widely available apps and it makes this vital part of an investigation much more challenging. Whilst you can still make connections between devices/people it's much harder to add context or determine it's relevance if you can't see what was actually communicated. There are a lot of very nasty people in jail (or attacks prevented) as a direct result of this sort of intelligence work.
Just to re-iterate, I don't think (even if it were possible) that the above is a good enough reason to ban end-to-end encryption for citizens - but there is very much a downside from a law enforcement and anti-terrorism perspective. If you think government agencies are only intercepting communications for shady reasons like population control or to compile information to sell on to companies/other governments you're mistaken.
Surely the simple answer to the “child safety” concerns is don’t give your kids un-restricted access to social media? Do parents not spot check what their kids are up to on social media?
(I don’t have kids. Only a dog. And he needs me to unlock his phone 😂)
Do you have any idea how much shite the average teenager sends? Do you have any idea how crafty kids are if they think there's a channel their parents are watching they will use a different app, device etc.
The answer is totally not banning end to end encryption. But thinking that any parent could really police their child on-line activities in 2022 without interfering with their ability to thrive in a digitally dependant world is naive. More importantly even if that is what "responsible" parents do - then not all parents are responsible so who protects those children (who might well be the most vulnerable).
It’s not that simple though. Yes the bigger OCGs and some terrorists with a lot of money behind them will be using networks like EncroChat but the vast majority of comms related to criminality will be on stuff like Whatsapp
Its really not difficult. I'm not a professional software developer and could make you an end to end encrypted chat service in a week if I had nothing better to do. There's probably multiple open source projects you could use off the shelf in less than that. Building it with the infrastructure to handle millions of chats per minute - would require expertise I don't have but producing something which was privately circulated amongst only my dodgy circle of users would be simple. The reason that's not common is WhatsApp etc provide a very robust, no hassle platform FOC - but have no doubts if you ban WhatsApp - its like alcohol prohibition, people will find a way. You can maybe make it an offence to be in possession of software that is capable of this - but it wouldn't be difficult to hide this within some legitimate looking system.
Christ that Open Rights Group video is laughable.
Interesting there is a lot of scorn thrown at the government when it seems at face that a lot of child protection charities are pushing for it not to be implemented.
Again – that’s over-simplifying things.
Oh sure. My target audience here is a cycling forum not a Blue Team, and it was mostly a stream-of-consciousness grumble.
You're correct of course, maybe I could've worded that better; targeted vs non-targeted perhaps.
If you think government agencies are only intercepting communications for shady reasons like population control or to compile information to sell on to companies/other governments you’re mistaken.
"Only"? No, I don't think that's the only reason. I rather feel that it might be naive to think it not to be a contributing factor.
You can maybe make it an offence to be in possession of software that is capable of this – but it wouldn’t be difficult to hide this within some legitimate looking system.
They tried with assymetric encryption, but PGP (Pretty Good Privacy) was released open source and after that it was impossible to but the genie back in the bottle.
Remember when 128-bit encryption in IE was classed as a weapon and required an export licence? Halcyon days.
Its really not difficult. I’m not a professional software developer and could make you an end to end encrypted chat service in a week if I had nothing better to do. There’s probably multiple open source projects you could use off the shelf in less than that. Building it with the infrastructure to handle millions of chats per minute – would require expertise I don’t have but producing something which was privately circulated amongst only my dodgy circle of users would be simple.
Building it in a secure way not just having the ability to scale is difficult, very difficult. So it depends who your client is - there's a reason well-funded OCGs aren't using Whatsapp (mostly due to the device security it's running on and the human element in the equation). But it's secure enough that it takes a massive amount of additional effort during intelligence gathering, likely to a degree it means that intelligence gathering can only focus on a handful of individuals rather than everyone that's relevant to it so a lot of stuff will slip through the net.
Meanwhile, elsewhere on the government's website:
https://www.ncsc.gov.uk/information/secure-default
Square those circles, square them!!
Data or actually access to data creates power (politicians like power)
This data will be abused, sold and form the launch pad for more invasion monitoring.
History tells us this.
Remember when 128-bit encryption in IE was classed as a weapon and required an export licence? Halcyon days.
Would that be PGP? The manual was a good read!
As for the rest of it, computer scanning is cheap but proper surveillance and investigations need boots on the ground and that's expensive and may catch the 'wrong sort of people' (Tory Donors and the like).
I find the one sidedness of this thread weird. Yes governments are going to do stuff we might not like but is everyone here just pretending there aren't massive paedophile rings on the darkweb and that having encrypted Facebook messaging services might be quite handy for those people?
Grum its not that simple, however Facebook could use their internal search engines/content management to find that content type and hoof people off and report to the authorities (vital interest)
The problem i have is that the government will abuse access and part of this is Facebook burying its responsibility
is everyone here just pretending there aren’t massive paedophile rings on the darkweb
No.
and that having encrypted Facebook messaging services might be quite handy for those people?
So might toilet roll, shall we ban that too?
Well….. mostly!
https://www.bbc.co.uk/news/technology-60004257/a >
Funny that it’s Apple getting all the ‘SHOCK, HORROR, PROBE’ clickbait headlines over a device that was already available from at least two other companies, one being Google, the other Tile, (Apple being late to the party), and getting flak from Tile for intruding into their perceived territory - yet Apple are the only company who’ve put in place the means for anyone being tracked by another party to receive alerts; Tile have announced that they intend to do something similar in 2022. Google, to my knowledge, have said nothing about setting up a warning system for their tracker.
FWIW, I use VPN’s, along with browsers like Firefox, Brave, DuckDuckGo and Ghostery, with DuckDuckGo as search with all of them. Pretty sure that if I went to China, I’d take a cheap burner phone, there’s no way I’d let an authoritarian government start poking around in my phone - just in case they found something they considered against the Chinese State and threw a hissy fit. People have vanished for such things. Republicans and Tories I’m sure would never consider going down that route…
I find the one sidedness of this thread weird.
I am finding it a pleasant surprise, my perception is that there would have been lots of people saying that banning it is proportionate. Hopefully this weird attempt at marketing a law will fail.
And, in other news, attendees at the Winter Olympics (well, US attendees at least) are being recommended to use burner phones whilst in China. Presumably, this wouldn’t be needed if end-to-end encryption was more widely available…
Many UK companies have the same policies when travelling to the US…
Many UK companies have the same policies when travelling to the US…
Many US companies (mine at least) have similar.
@grum You might find the monthly Schneier newsletter enlightening. There's a whole lot of security theatre used by governments to suppress their populaces. It can be a depressing read when one realises what abuses are enacted by the nation's leaders.
I'm aware of the abuses Sandwich I'm just saying privacy is a double edged sword. I tend to lean towards favouring the privacy side but lots of you seem very blasé about the potential consequences.
As mentioned already it isn't just the NCA making warning noises about this.
https://tfn.scot/news/childrens-charity-calls-for-debate-on-how-private-messaging-is-encrypted
Maybe the NSPCC are in on the conspiracy.
So might toilet roll, shall we ban that too?
That's a really dumb flippant comparison about a pretty serious topic.
Flippant, yes. Dumb, no. This is my day job.
Anyone can make "warning noises," what's that even supposed to mean? You saw the date on that article you linked to, right?
Your day job is what? Being blasé about child trafficking and sexual exploitation?
Yes, yes that's absolutely my day job. Totally what I meant.
I've known you a long time Grum, I never had you down as a berk. I might be winging it on politics and legal threads and I totally hold my hand up there, but I'd like to think I kinda know a bit about computers.
I was doing flippant too, you started it.
I still don't get why none of you are even slightly concerned for the potential abuse of this.
Have you not seen what happens on Telegram already? It's full of Nazis and people selling quack supplements and all sorts of awful shite.
He, FB already has groups where people trade advice on how to give their autistic kids bleach enemas to try and 'fix' them. This will make it much easier for them.
I am not saying your opinion is wrong grum, just different to mine. But please believe me I am not blasé about the consequences, I have just come to a different conclusion to you.
Heh. Point.
I am not saying your opinion is wrong grum, just different to mine.
I don't really know what the answer is but I think some people are deluded thinking there are no downsides to privacy.
Are you actually trolling? That's out of character if so.
If you're serious then I'll pick this up tomorrow, it's been a long day.
We can do away with secure interactions in the name of making it harder for criminals, but all that will do is empower criminals by giving them access to our transactions. It’s like saying kids will be safer if we all leave our front doors open, as people will have less privacy in which to do harm to children. That’s fine ‘till you find people in your home, taking your passports, your payment cards, your daughter’s diary… and the criminal will just get a second hidden closed and locked door fitted in their house to hide behind anyway.
Have you not seen what happens on Telegram already? It’s full of Nazis and people selling quack supplements and all sorts of awful shite.
He, FB already has groups where people trade advice on how to give their autistic kids bleach enemas to try and ‘fix’ them. This will make it much easier for them.
I get tons of junk emails every day but none of what your telling us is relevant to the availability of E2E encryption....and who are you to be the arbitrator of what "content" is "acceptable"...
The ICO, which oversees the protection of people’s data in the UK, believes that end-to-end encryption is one of the most reliable ways of protecting the data of people who use large messaging platforms. Bonner said encryption protects children by preventing criminals and abusers from accessing their pictures – which could expose them to the risk of blackmail – and their location.
This morning The Register has an opinion piece about encryption. This acknowledges that there is potential harm to children but also points out you wouldn't chat to HMRC on unsecured links and the money being spaffed on Saatchi and the campaign would be better spent on direct assistance to children at risk of harm.
EDIT The comments on the linked article gave a link to Schneier that lays it all out quite nicely though it's a bit of a long read. This is one of those times we need to listen to the experts as our political class don't know about this stuff.
Also from your article TJ
Responding to the ICO, the NSPCC said end-to-end encryption offered privacy benefits but put children at risk if it was poorly implemented. “That’s why the NSPCC wants companies to risk assess end-to-end encryption and balance the privacy and safety requirements of all users, including young people, to ensure it is rolled out in the best interests of the child,” said Andy Burrows, head of child safety online policy at the charity.
Just doesn't seem very dastardly or unreasonable to me. 🤷♂️
Will check out your links Sandwich.
Do we recognise the NSPCC as world-leading authorities in cryptography and encryption?
What does "poorly implemented" mean here I wonder? "If you do something poorly then it won't be very good" is something of a tautology.
Do we recognise the NSPCC as world-leading authorities in cryptography and encryption?
Do we recognise FB and other tech nerds as experts in child protection?
You seem to think that techies are the only people who should be allowed an opinion on this. You really do work in IT don't you.
I'd also be very surprised if the NSPCC don't have tech experts on staff or at the very least as consultants.
What does “poorly implemented” mean here I wonder? “If you do something poorly then it won’t be very good” is something of a tautology.
Why not engage with what they are actually saying rather than trying to nitpick over phrasing?
Ah, you added this after I replied.
I still don’t get why none of you are even slightly concerned for the potential abuse of this.
Because, fundamentally, the pros massively outweigh the cons. There is no scenario where weaker security is a good idea because, why then have security at all? Would you have a plastic link in the middle of a bike lock in case the lock jammed? The notion that a backdoor would only be used by the good guys is fallacious as I explained on the previous page, one of the primary cybersecurity threats today is a bunch of exploits that the NSA accidentally lost control of. And you want to hand this sort of weapon - because make no mistake, that's what we're describing here - over to Boris? I wouldn't trust him with the keys to a Nissan Micra.
"Yes but terrorists and paedophiles" is a compelling appeal-to-the-heart but if we're not just a little bit careful it quickly goes all Brasseye. Terrorists use a specific model of Casio digital watch (the F-91W, aka "the sign of Al Qaeda") to synchronise their attacks and control time bombs, is anyone suggesting that Casio should make them less accurate? No? Why do we think that might be?
It would surely be ludicrous to even consider that the solution to preventing time bombs might be to make everyone with a Casio watch not know what time it is properly. I feel like I've just dropped a couple of IQ points just typing that! Even if we were to implement it, it likely wouldn't affect the thousands(?) of watches already out there and in any case the net result wouldn't be that the bombers would go "oh well, guess we can't do that any more" and take up macramé, but rather that the terrorists would just use a different watch and a lot of regular people wouldn't be able to trust that their watch was telling the right time.
So, why are we having the same argument about secure messaging?
I do get your points Cougar but I don't think it's as simple as you're making out We aren't talking about hamstringing a Casio watch. We're talking about introducing new features to a Casio watch to make it easier to trigger bombs and telling everyone who worries about this a dumby/fascist.
“Yes but terrorists and paedophiles” is a compelling appeal-to-the-heart but if we’re not just a little bit careful it quickly goes all Brasseye.
Yes this threat is obviously overused and in a manipulative and disingenuous manner but does that mean it's always completely untrue? The Register article admits there's the potential for increased risk to children but then just kind of glosses over it.
Surely there's always going to be a sliding scale or balancing act between freedom/privacy on one hand and state control/intervention/security on the other. I don't have much time for absolutism in either direction.
Do we recognise FB and other tech nerds as experts in child protection?
But that's not the same thing.
Say Finance need a new accounts package. I would expect them to evaluate what's on offer and decide what is suitable for their needs. I would not expect them to start dictating to IT the CPU cores, RAM and disk space requirements.
Turning that around, equally I wouldn't expect IT to go to Finance saying "we've chosen you a hew Accounts package." They've no idea what Finance actually require for their job any more than Finance knows what IOPS and gigaflops are. And neither of them really needs to if they trust the other to know what they're talking about.
IT don't need to be experts in child protection. They need to provide responses an solutions to concerns.
You seem to think that techies are the only people who should be allowed an opinion on this.
No. What I think is that we should recognise fields of expertise. "We need to make messaging safer" is an opinion you take to people who know how to make it safer. "We need to start installing backdoors in software" isn't an opinion, it's putting a random solution ahead of a hypothetical problem. Compare:
We think end-to-end encryption is a problem, so we need to break it.
We think end-to-end encryption is a problem, how do we improve it?
You really do work in IT don’t you.
No, I don't.
I’d also be very surprised if the NSPCC don’t have tech experts on staff or at the very least as consultants.
Neither you nor I have any idea whether they do or not. As above, if they trust the experts then I'm not entirely sure why they'd need to.
Why not engage with what they are actually saying rather than trying to nitpick over phrasing?
I'm not nitpicking. Rather that entire quote says nothing. It says they're concerned - and rightly so - and then pushes responsibility straight back on to companies to "assess risk." We already do that, we do it daily.
We think end-to-end encryption is a problem, how do we improve it?
I think there's a danger that tech people are so focussed on making the tech work brilliantly that all other considerations fall by the wayside. The way you and others talk about encryption almost make it sound like a cult that cannot be questioned.
And neither of them really needs to if they trust the other to know what they’re talking about
What's your level of trust when it comes to FB as a company? I put them in a similar category to Pol Pot or Hermes.
We’re talking about introducing new features to a Casio watch to make it easier to trigger bombs
But it's easy for them already so what does that gain?
does that mean it’s always completely untrue?
Of course not. Just because the vast majority of conspiracy theories are of the flat earth variety doesn't mean that MKUltra impossible. JHJ will be the first to tell you when one of his fire-hose theories actually gets a hit.
The Register article admits there’s the potential for increased risk to children but then just kind of glosses over it.
Because El Reg is many things but it's not silly. Let me give you another example. Actually, I'm going to post this and then type that up because I have actual work to do. I'll be back shorty.
The way you and others talk about encryption almost make it sound like a cult that cannot be questioned.
It's not that it cannot be questioned. It can and absolutely should be questioned. It's critical that these things are questioned, even.
You're just not listening to the answer.
The way you and others talk about encryption almost make it sound like a cult that cannot be questioned.
Or that it is an essential core part of the way we all communicate and do business in 2022.
Or that it is an essential core part of the way we all communicate and do business in 2022.
Including paedophiles, terrorists and drug traffickers.
https://www.vice.com/en/article/3aza95/how-police-took-over-encrochat-hacked
How will making encryption better/more prevalent not make operations like this impossible?
If we use the example of roads: yes criminals use roads too and no-one suggests banning roads. But we do put restrictions on their use like you have to be licensed, there are speed limits, cameras, MOTs etc. Explain to me how this is different.
You’re just not listening to the answer.
Your answer isn't necessarily the answer.
I like your road example. Now what do you propose for end to end encryption... we're all ears...
How will making encryption better/more prevalent not make operations like this impossible?
From a cursory read of the article, it seems the exploit used to gain access to the message network required initial physical access to a phone.
I like your road example. Now what do you propose for end to end encryption… we’re all ears…
I dunno I'm not a techy 😛
But are we really saying there's literally nothing that can be done to mitigate the extraordinary opportunity this represents for criminals - we just shrug our shoulders and say 'oh well'?
Can I also just ask why people think FB (sorry, Meta) are doing this? Is it a commitment to privacy for users? 🤣
I'm not really sure what's being debated anymore but as I see it:
End-to-end encryption has upsides and downsides
It's a personal opinion if you think the upsides out-weigh the downsides (I do)
Anyone saying there are no downsides to end-to-end encryption is wrong (this is the point I've been trying to make, and I work in a team providing IT services to a government agency I can't name :p )
Earlier I said: "Let me give you another example."
Let's change out a couple of your questions and look at vaccines:
The way you and others talk about
encryptionvaccination almost make it sound like a cult that cannot be questioned.
I'm sure most of us will agree that vaccination is a benefit to society, it's a mature science and proven to be highly effective. Yet some people are still sceptical and worried about potential harm. Which, y'know, is good, as above people should be asking questions.
but does that mean it’s always completely untrue?
Here's the rub. No-one is saying that it is completely untrue. Of course sometimes things go wrong, you're absolutely correct. People can have allergic reactions, sometimes severe ones.
What do we do about that? Do we undertake a risk analysis (which, let us not forget, is exactly what the NSPCC spokesman was asking for above), or do we slam the brakes onto the vaccination programme?
Spoiler: that vaccination risk analysis? It's already been done, many times over, decades ago. We know what we're doing these days, the only people arguing against vaccination today are people who either don't understand it or don't want to understand it.
Spoiler #2: The same is true of encryption. Folk may be screaming "why won't you think of the children?" but the answer is, we already have. See Kelvin's excellent post near the top of this page - putting an intentional vulnerability in encryption will not make them safer, it will do the opposite. This is not my "opinion," this is fact and one which has been proven many times over.
If you take nothing else away from this, please believe me on one point: if we compromise security, the bad guys will exploit it. It really is that simple. It's low-hanging fruit, it would just a matter of when. Pinky promise.
Your answer isn’t necessarily the answer.
I'm rather afraid that it is.
Can I ask why people think FB (sorry, Meta) are doing this? Is it a commitment to privacy for users?
Messenger will lose market share to one of the other platforms that they own (WhatsApp).
Messenger requires a Facebook account, and they don't want to lose Facebook accounts.
Anyone saying there are no downsides to end-to-end encryption is wrong
Don't think anybody is saying that.
As I've understood it, they are saying that systems exist in the wild already, and bad guys are already using them.
Not implementing it for widely used platforms just means ordinary people are less protected that criminals from other criminals...
What’s your level of trust when it comes to FB as a company?
You know what, this is a great question. Let's say "somewhere between slim and none."
Would you rather have a scenario where Facebook could potentially read all your messages, silently use them for targeted advertising, maybe sell them to the highest bidder? I wonder what, say, Emerdata would give for that? And what they'd do with it?
Or, would you rather have a scenario where Facebook absolutely could not access your messaging, even if they -really- wanted to? That's what E2EE brings to the table.
If we use the example of roads: yes criminals use roads too and no-one suggests banning roads. But we do put restrictions on their use like you have to be licensed, there are speed limits, cameras, MOTs etc. Explain to me how this is different.
Do speed limits prevent terrorism? Does licensing stop criminals without licenses from driving? Remember that time we busted a paedophile ring at the local MOT centre?
I hear that criminals use the third lane of the motorway to try to outrun the police so
But are we really saying there’s literally nothing that can be done to mitigate the extraordinary opportunity this represents for criminals – we just shrug our shoulders and say ‘oh well’?
we should, what, close the third lane? Shrug our shoulders and say ‘oh well’? Something else?
You don't know, you're not a traffic officer (and aren't prepared to listen to one)?