Last Bastion of Digital Privacy under Threat
Hi friends --
Amidst rampant surveillance capitalism, one bastion of digital privacy remains – end-to-end encrypted messaging apps like Signal and WhatsApp. But dangerous laws are being proposed in US, UK, EU & beyond to force those apps to scan your messages.
My latest piece for New York Times Opinion (gift link) tells a story you may feel like you have read before: the threat to encryption. But last time you heard it, it was slightly different. As you may recall, in 2016 the FBI sought a "master key" to unlock encrypted content with a search warrant. But Apple refused to provide the master key and a luminary lineup of cryptographers and information security experts successfully argued that there was no way to safely provide a master key to unlock all encryption.
This time, law enforcement agencies worldwide are seeking something different and more dangerous: the ability to search everyone's messages without a warrant. They aim to do this by forcing encrypted messaging companies to be liable for content on their systems even if they cannot see it. That would inevitably require companies to scan users' content. In other words a suspicionless search conducted by corporations.
Two years ago, Apple tried to do exactly that when it announced it would begin scanning user devices for known child exploitation images. Apple eventually had to abandon its plan in the face of public criticism. There were two major problems with it:
1) False positives. Apple's matching algorithm that aimed to identify known images could also have flagged innocent images. Princeton researchers Sarah Scheffler and Jonathan Mayer have found that false positive rates for scanning systems like Apple proposed could range from 135 to 4.5 million per day.
2) Opening the door to broader surveillance. As Cryptographer Matthew Green and Information Security Expert Alex Stamos argued at the time, once Apple was in the scanning business “foreign governments will be eager to use this sort of tool to monitor other aspects of their citizens’ lives.”
Although the new plans being proposed don’t solve any of the issues Apple faced, lawmakers are racing ahead. To note just a few of the worldwide efforts: The UK's Online Safety Bill is moving through the UK Parliament and a package of child safety laws has just been proposed in the US.
The regulatory push is part of a worldwide concern about the prevalence of child sexual exploitation images online. Although substantiated cases of child sexual abuse are down 63% since 1990, reports of child images to the National Center for Missing and Exploited Children's CyberTipline soared to 32 million in 2022.
The deluge of online reports is due in part to the fact that online images can be duplicated and shared limitlessly, and also to the addition of images that children and teens share with each other that sometimes end up being circulated, according to David Finkelhor, director of the University of New Hampshire Crimes Against Children Research Center.
The laws are focused on detecting and removing images. But researchers like Finkelhor have been working hard to figure out how to prevent abuse. And it turns out there is something that works: sex education in schools. Last year, the World Health Organization recommended that schools implement violence prevention programs that teach healthy relationship skills with “less emphasis on stranger danger as strangers are not the sole or even the predominant offenders in online violence against children."
Meanwhile, it seems that FBI is doing just fine in solving cases that involve encryption.
In 2016, the FBI managed to unlock the encrypted iPhone of the San Bernardino mass murderer after Apple refused. And it recently convicted members of the Oath Keepers for their roles in Jan. 6 using data from Signal messages.
So there is no reason to accept a worldwide regime of suspicionless surveillance of our phone messages. If law enforcement has reason to suspect us, they should get a search warrant.
Thanks for reading.
Julia