Unbelievable double-think happening here. The UK government is going full-throttle in its war on encryption, with the Online Safety Bill the vanguard in exposing the security of everyone's device.
Encryption protects us from cyber-criminals, keeps our messages private, and stops governments and corporations from spying on us. It is online safety for kids and everyone.
Client-side scanning of private chat messages was top of the Today programme political debate this morning with @Mer__edith and Ciaran Martin, former Head of the National Cyber Security Centre.
Client-side scanning is a technology that intercepts and checks chat messages on mobile phones before being encrypted.
@Mer__edith: these are mass surveillance measures that operate at scale. The government has used sleight of hand to put them in.
Will client-side scanning impact UK’s international reputation?
Ciaran Martin: it’s an unhappy situation. UK could take reputational hit for introducing it in law but then never actually use it. The language of the debate is toxic. We should stop shouting at each other and get around a table.
ORG's Policy Manager, Dr Monica Horten agrees, there needs to be a grown up debate about client-side scanning and other proactive measures in the #OnlineSafetyBill.
Given the increase of delusional/ignorant sentiments in governance groups, leading them to believe that removing encryption will help them fight crime or protect certain groups online (e.g. children), it's definitely time to reach out to your #EU#MEP.
Don't hesitate to point out arguments (even the obvious ones) and facts ranging from technical feasibility all the way to what depends on our ability to safely and securely communicate and remain anonymous online.
In diesem Dokument bestätigen diverse EU-Mitgliedsstaaten, dass die “Slippery Slope” zum Bruch und Zugriff auf #E2EE durch die #Chatkontrolle ihr Ziele ist
Deutschland setzt sich für den Schutz von #E2EE
“die Bundesregierung ist dabei, geeignete Technologien zu erproben. DE hält es für notwendig […], dass keine Technologien eingesetzt werden, die die Verschlüsselung stören, schwächen, umgehen oder verändern.”
🤔 The #EU quite obviously can't do anything about legislation in other democracies, let alone dictatorships, apart from being a positive example for respecting the UN charter for #humanrights (which itself is toothless because now the despots are lobbying for their stooges to run key international organizations!).
The point being that representative democracy must and will address any harebrained attempts to deprive citizens of inviolable right to privacy instead of corporations (or anyone who can afford lobbyists!) deciding a suitable compromise that also appeals to the sharks.
Democracy worldwide in under attack, but the defence against interference must become more sophisticated than denying free citizens' private communications. In fact those very dictatorships hostile to democracy would love to see democracies panic and ban #E2EE (end-to-end-encryption) because that would only help validate their repression.
And wrt. to your initial lobbying battle cry again, #Apple Corp is just about the least qualified nominally western corporation to lobby over any privacy issues in Europe because they've bet their entire corporate body on being in #CCP's good graces for over two decades now.
Holy shit, @protonmail just doubled my base storage to six terabytes for #ProtonMail, #ProtonDrive, etc. I’m only using a little over 16 GB.
Granted I’ve been a paid subscriber since the summer of 2016 (first on their Plus plan, then on Visionary starting the following year). But this is ridiculous.
The Platformer's recent article about Twitter claims that Twitter's encrypted DMs are not end-to-end encrypted:
"These messages are not encrypted end to end, making them vulnerable to so-called man-in-the-middle attacks."
This is wrong. Twitter's encrypted DMs truly are end-to-end encrypted. That is, no one other than the sender and recipient can decrypt the messages. However, Twitter does not provide a mechanism for users to verify the public key of other contacts. And this makes the design vulnerable to man-in-the-middle attacks.
Users negotiate a shared key to start an encrypted conversation using their public keys. After the negotiation phase, both the sender and recipient agree on a shared key to encrypt/decrypt messages in the conversation. Thus, every user has to trust that Twitter delivers the correct public key of the DM counterpart. Otherwise, an attacker can intercept the communication between one user and Twitter and act on behalf of the victim to negotiate the shared key with the DM counterpart. In the end, the attacker obtains the shared key and can decrypt [also alter and re-encrypt] the messages in the encrypted DM.
This major flaw does not disqualify the communication from being end-to-end encrypted. Twitter can easily overcome this flaw by letting users view the fingerprint of their own public keys.
If you've followed my work for a long time, you've watched me transition from a "#linkblogger" who posts 5-15 short hits every day to an "essay-#blogger" who posts 5-7 long articles/week. I'm loving the new mode of working, but returning to linkblogging is also intensely, unexpectedly gratifying:
Kutcher, it seems, has learned nothing from SESTA/FOSTA. Now he's campaigning to ban working cryptography, in the name of ending the spread of CSAM. In March, Kutcher addressed the #EU over the "#ChatControl" proposal, which, broadly speaking, is a ban on #EndToEndEncrypted Messaging (#E2EE):
"Unfortunately, #Converso is not open source and their website is totally silent on cryptographic primitives and protocols, which is highly unusual for a self-proclaimed 'state-of-the-art' privacy application."
"Highly unusual" is the understatement of the century. If anyone believes encryption software can reliably protect their privacy without publishing full source code, I have a bridge they may wish to purchase.