*** REPORT-print-previous.md 2022-07-06 22:56:18.000000000 +0100 --- REPORT-print.md 2022-07-07 13:04:18.000000000 +0100 *************** *** 28,34 **** ### Version * This report was generated at: ! * 2022/07/06 21:56:18 UTC. * Announcement blog post at: * https://alecmuffett.com/article/16184 * Latest versions of this report are available at: --- 28,34 ---- ### Version * This report was generated at: ! * 2022/07/07 12:04:18 UTC. * Announcement blog post at: * https://alecmuffett.com/article/16184 * Latest versions of this report are available at: *************** *** 200,210 **** track technological developments, seeking to maintain its abilities to intercept and censor communication which takes place over a distance: ! > In Britain, the General Post Office was formed in 1657, and soon > evolved a "Secret Office" for the purpose of intercepting, reading > and deciphering coded correspondence from abroad. The existence of > the Secret Office was made public in 1742 when it was found that in ! > the preceding 10 years the sum of £45,675 (equivalent to £6,724,000 > in 2019) had been secretly transferred from the Treasury to the > General Post Office to fund the censorship activities. > ^[*Source: Wikipedia*: https://en.wikipedia.org/wiki/Postal_censorship#Pre-World_War_I] --- 200,210 ---- track technological developments, seeking to maintain its abilities to intercept and censor communication which takes place over a distance: ! > In Britain, the General Post Office was formed in 1657, and soon > evolved a "Secret Office" for the purpose of intercepting, reading > and deciphering coded correspondence from abroad. The existence of > the Secret Office was made public in 1742 when it was found that in ! > the preceding 10 years the sum of GBP 45,675 (equivalent to GBP 6,724,000 > in 2019) had been secretly transferred from the Treasury to the > General Post Office to fund the censorship activities. > ^[*Source: Wikipedia*: https://en.wikipedia.org/wiki/Postal_censorship#Pre-World_War_I] *************** *** 253,259 **** It's almost as if they were fishing for an acceptable excuse. The matter has come to a head since 1975, after development of ! *public-key cryptography* ^[*public-key cryptography*: https://en.wikipedia.org/wiki/Diffie–Hellman_key_exchange] after which it is no longer sufficient to have *raw* access to the *medium* -- steaming an envelope, listening to radio, --- 253,259 ---- It's almost as if they were fishing for an acceptable excuse. The matter has come to a head since 1975, after development of ! *public-key cryptography* ^[*public-key cryptography*: https://en.wikipedia.org/wiki/Diffie--Hellman_key_exchange] after which it is no longer sufficient to have *raw* access to the *medium* -- steaming an envelope, listening to radio, *************** *** 497,503 **** Taken as a whole, *civil society* have spent so many years praising and defending the trees of *end-to-end encryption* ! ^[*To the UK: An Encrypted System That Detects Content Isn’t End-to-End Encrypted*: https://cdt.org/insights/to-the-uk-an-encrypted-system-that-detects-content-isnt-end-to-end-encrypted/] that we have largely forgotten to explore, proselytise and defend the larger forest of *end-to-end security* -- viz: that which the encryption technology *serves* and which it is meant to *help --- 497,503 ---- Taken as a whole, *civil society* have spent so many years praising and defending the trees of *end-to-end encryption* ! ^[*To the UK: An Encrypted System That Detects Content Isn't End-to-End Encrypted*: https://cdt.org/insights/to-the-uk-an-encrypted-system-that-detects-content-isnt-end-to-end-encrypted/] that we have largely forgotten to explore, proselytise and defend the larger forest of *end-to-end security* -- viz: that which the encryption technology *serves* and which it is meant to *help *************** *** 517,530 **** end-to-end encryption will limit people's privacy. The technology does exist ... able to scan without preventing the encryption of the data. It simply scans for those images and transfers them over ! existing databases. It would have no impact on anybody’s right to privacy..." https://www.theyworkforyou.com/pbc/2022-23/Online_Safety_Bill/08-0_2022-06-09a.326.9#g337.2 ] These proposals are dangerously framed to the media as *"not interfering with end-to-end encryption"* ! ^[*We’re not talking about weakening encryption or defeating the end-to-end nature of the service*: https://www.lawfareblog.com/principles-more-informed-exceptional-access-debate] -- which may or may not be *technically* arguable -- but under such a system every participant in the *field model* would be wearing a state-mandated and potentially abusable listening device, --- 517,530 ---- end-to-end encryption will limit people's privacy. The technology does exist ... able to scan without preventing the encryption of the data. It simply scans for those images and transfers them over ! existing databases. It would have no impact on anybody's right to privacy..." https://www.theyworkforyou.com/pbc/2022-23/Online_Safety_Bill/08-0_2022-06-09a.326.9#g337.2 ] These proposals are dangerously framed to the media as *"not interfering with end-to-end encryption"* ! ^[*We're not talking about weakening encryption or defeating the end-to-end nature of the service*: https://www.lawfareblog.com/principles-more-informed-exceptional-access-debate] -- which may or may not be *technically* arguable -- but under such a system every participant in the *field model* would be wearing a state-mandated and potentially abusable listening device, *************** *** 596,602 **** if they have chosen to install tools like Grammarly ^[*Grammarly*: "Can anyone at Grammarly read my text? No, only those who have an approved need to access certain data are given access to that ! data—access is granted via specific, audited permissions, and access to data requires review and approval by the responsible managers." https://support.grammarly.com/hc/en-us/articles/360003835331-Can-anyone-at-Grammarly-read-my-text] ^[*Grammarly*: "... restricts employee access to customer data across our --- 596,602 ---- if they have chosen to install tools like Grammarly ^[*Grammarly*: "Can anyone at Grammarly read my text? No, only those who have an approved need to access certain data are given access to that ! data--access is granted via specific, audited permissions, and access to data requires review and approval by the responsible managers." https://support.grammarly.com/hc/en-us/articles/360003835331-Can-anyone-at-Grammarly-read-my-text] ^[*Grammarly*: "... restricts employee access to customer data across our *************** *** 823,829 **** or *"law enforcement,"* ^[*"law enforcement*: https://www.nytimes.com/2016/05/03/technology/judge-seeking-data-shuts-down-whatsapp-in-brazil.html] or to serve an abstract notion such as *"protection of children,"* ^[*"protection of children*: https://www.theregister.com/2021/12/16/apple_deletes_csam_scanning_plan/] ! *"prevention of terrorism,"* ^[*"prevention of terrorism*: https://en.wikipedia.org/wiki/FBI–Apple_encryption_dispute] or "national security." Often these features are intended to be pervasive and Alice is intended to have no means to avoid them without inviting suspicion. --- 823,829 ---- or *"law enforcement,"* ^[*"law enforcement*: https://www.nytimes.com/2016/05/03/technology/judge-seeking-data-shuts-down-whatsapp-in-brazil.html] or to serve an abstract notion such as *"protection of children,"* ^[*"protection of children*: https://www.theregister.com/2021/12/16/apple_deletes_csam_scanning_plan/] ! *"prevention of terrorism,"* ^[*"prevention of terrorism*: https://en.wikipedia.org/wiki/FBI--Apple_encryption_dispute] or "national security." Often these features are intended to be pervasive and Alice is intended to have no means to avoid them without inviting suspicion. *************** *** 1637,1643 **** > message and tell us the originator for the same as the value is > constant," the official said. "We do not even want to know who all > the message was [sic] forwarded to." ! > ^[*Hash constant: Govt’s solution to tracing originator of viral messages*: https://www.hindustantimes.com/india-news/hash-constant-govt-s-solution-to-tracing-originator-of-viral-messages-101614667706841.html] There are a number of problems with this scheme: hashes are fragile and even the act of saving-and-resending an image may create a new --- 1637,1643 ---- > message and tell us the originator for the same as the value is > constant," the official said. "We do not even want to know who all > the message was [sic] forwarded to." ! > ^[*Hash constant: Govt's solution to tracing originator of viral messages*: https://www.hindustantimes.com/india-news/hash-constant-govt-s-solution-to-tracing-originator-of-viral-messages-101614667706841.html] There are a number of problems with this scheme: hashes are fragile and even the act of saving-and-resending an image may create a new *************** *** 1820,1826 **** *parents who lie about their school catchment area.* ^[*parents who lie about their school catchment area*: https://www.theguardian.com/society/2008/apr/11/localgovernment.ukcrime] Most likely the first step down the slippery slope would be pressure to use the feature *also* to detect copyright infringement ^[*Copyright Filters Are On a Collision Course With EU Data Privacy Rules*: https://www.eff.org/deeplinks/2020/02/upload-filters-are-odds-gdpr] ! ^[*The EU's Copyright Directive Is Still About Filters, But EU’s Top Court Limits Its Use*: https://www.eff.org/deeplinks/2022/05/eus-copyright-directive-still-about-filters-eus-top-court-limits-its-use] -- but this is a topic already extensively explored in Abelson et al's *Bugs in our Pockets.* ^[*Bugs in our Pockets*: https://arxiv.org/abs/2110.07450] ##### E2E and full-device "client-side scanning" --- 1820,1826 ---- *parents who lie about their school catchment area.* ^[*parents who lie about their school catchment area*: https://www.theguardian.com/society/2008/apr/11/localgovernment.ukcrime] Most likely the first step down the slippery slope would be pressure to use the feature *also* to detect copyright infringement ^[*Copyright Filters Are On a Collision Course With EU Data Privacy Rules*: https://www.eff.org/deeplinks/2020/02/upload-filters-are-odds-gdpr] ! ^[*The EU's Copyright Directive Is Still About Filters, But EU's Top Court Limits Its Use*: https://www.eff.org/deeplinks/2022/05/eus-copyright-directive-still-about-filters-eus-top-court-limits-its-use] -- but this is a topic already extensively explored in Abelson et al's *Bugs in our Pockets.* ^[*Bugs in our Pockets*: https://arxiv.org/abs/2110.07450] ##### E2E and full-device "client-side scanning" *************** *** 2158,2164 **** *single* phone's messenger app? There are many precedents for creative private communication where it is not straightforwardly provided. ^[*Petraeus reportedly used draft e-mails to converse with mistress*: https://www.cnet.com/news/privacy/petraeus-reportedly-used-draft-e-mails-to-converse-with-mistress/] ! ^[*Here’s the e-mail trick Petraeus and Broadwell used to communicate*: https://www.washingtonpost.com/news/worldviews/wp/2012/11/12/heres-the-e-mail-trick-petraeus-and-broadwell-used-to-communicate/] ^[*The Terrorist's Tricks and Counter-Measures*: https://www.pbs.org/wgbh/pages/frontline/shows/front/special/techsidebar.html] ^[*How do terrorists communicate?*: https://www.bbc.co.uk/news/world-24784756] --- 2158,2164 ---- *single* phone's messenger app? There are many precedents for creative private communication where it is not straightforwardly provided. ^[*Petraeus reportedly used draft e-mails to converse with mistress*: https://www.cnet.com/news/privacy/petraeus-reportedly-used-draft-e-mails-to-converse-with-mistress/] ! ^[*Here's the e-mail trick Petraeus and Broadwell used to communicate*: https://www.washingtonpost.com/news/worldviews/wp/2012/11/12/heres-the-e-mail-trick-petraeus-and-broadwell-used-to-communicate/] ^[*The Terrorist's Tricks and Counter-Measures*: https://www.pbs.org/wgbh/pages/frontline/shows/front/special/techsidebar.html] ^[*How do terrorists communicate?*: https://www.bbc.co.uk/news/world-24784756] *************** *** 2305,2312 **** > software. If my family is using the *field model* of an E2E app to enable a ! private and safe happy shared toddler's "bathtime funtime" —— rubber ! ducks and all —— something which could (and perhaps, should) be done by billions of people across the world, then what are we to make of calls for "automated reporting of child abuse" which this activity would almost certainly trigger? --- 2305,2312 ---- > software. If my family is using the *field model* of an E2E app to enable a ! private and safe happy shared toddler's "bathtime funtime" ---- rubber ! ducks and all ---- something which could (and perhaps, should) be done by billions of people across the world, then what are we to make of calls for "automated reporting of child abuse" which this activity would almost certainly trigger? *************** *** 2563,2569 **** > Google recently added a caustic warning message when users attempt > to export their Google Contacts to Facebook: **Hold on a second. Are > you super sure you want to import your contact information for your ! > friends into a service that won’t let you get it out?** > -- BusinessInsider: > *The Interoperability of Social Networks,* ^[*The Interoperability of Social Networks*: https://cdixon.org/2010/11/10/the-interoperability-of-social-networks] > November 2010 --- 2563,2569 ---- > Google recently added a caustic warning message when users attempt > to export their Google Contacts to Facebook: **Hold on a second. Are > you super sure you want to import your contact information for your ! > friends into a service that won't let you get it out?** > -- BusinessInsider: > *The Interoperability of Social Networks,* ^[*The Interoperability of Social Networks*: https://cdixon.org/2010/11/10/the-interoperability-of-social-networks] > November 2010 *************** *** 2656,2662 **** sharing data of very limited scope and format. Social networking is not a comparable industry, and the name ! *Cambridge Analytica* ^[*Cambridge Analytica*: https://en.wikipedia.org/wiki/Facebook–Cambridge_Analytica_data_scandal] should quickly remind us all why proliferation and *the free flow of personal data ... between controllers* is not necessarily an empowering experience for users. --- 2656,2662 ---- sharing data of very limited scope and format. Social networking is not a comparable industry, and the name ! *Cambridge Analytica* ^[*Cambridge Analytica*: https://en.wikipedia.org/wiki/Facebook--Cambridge_Analytica_data_scandal] should quickly remind us all why proliferation and *the free flow of personal data ... between controllers* is not necessarily an empowering experience for users. *************** *** 2671,2677 **** > appealing. As consumers, we like the convenience of easily moving > all of "our" stuff to a new service if we so choose. [...] More > generally, data portability can address a "lock-in" or high ! > switching costs problem—users start to use one service, such as > Facebook, and then find it costly or technically difficult to shift > to another service, even if they prefer the other service. [...] > concerns about lock-in and high switching costs have been --- 2671,2677 ---- > appealing. As consumers, we like the convenience of easily moving > all of "our" stuff to a new service if we so choose. [...] More > generally, data portability can address a "lock-in" or high ! > switching costs problem--users start to use one service, such as > Facebook, and then find it costly or technically difficult to shift > to another service, even if they prefer the other service. [...] > concerns about lock-in and high switching costs have been *************** *** 3103,3109 **** > on alternative implementations, how has software like Google Docs > been able to gain such a large user base? Instead of a focus of a > substitutable user experience, Google started with a compelling new ! > capability – real-time user collaboration and change tracking – and > implemented good-enough interoperability using open source tools. > ^[*Document Interoperability*: https://meshedinsights.com/2021/02/16/interoperability/#Document-Interoperability] --- 3103,3109 ---- > on alternative implementations, how has software like Google Docs > been able to gain such a large user base? Instead of a focus of a > substitutable user experience, Google started with a compelling new ! > capability -- real-time user collaboration and change tracking -- and > implemented good-enough interoperability using open source tools. > ^[*Document Interoperability*: https://meshedinsights.com/2021/02/16/interoperability/#Document-Interoperability] *************** *** 3292,3300 **** > dominant network for many years and refused to interoperate with > other networks. Google Chat adopted open standards (Jabber) and MSN > and Yahoo were much more open to interoperating. Eventually this ! > battle ended in a whimper — AIM never generated much revenue, and > capitulated to aggregators and openness.** (Capitulating was probably ! > a big mistake – they had the opportunity to be as financially > successful as Skype or Tencent). > > *November 2010: Chris Dixon: The interoperability of social networks* ^[*November 2010: Chris Dixon: The interoperability of social networks*: https://cdixon.org/2010/11/10/the-interoperability-of-social-networks] --- 3292,3300 ---- > dominant network for many years and refused to interoperate with > other networks. Google Chat adopted open standards (Jabber) and MSN > and Yahoo were much more open to interoperating. Eventually this ! > battle ended in a whimper -- AIM never generated much revenue, and > capitulated to aggregators and openness.** (Capitulating was probably ! > a big mistake -- they had the opportunity to be as financially > successful as Skype or Tencent). > > *November 2010: Chris Dixon: The interoperability of social networks* ^[*November 2010: Chris Dixon: The interoperability of social networks*: https://cdixon.org/2010/11/10/the-interoperability-of-social-networks] *************** *** 3305,3311 **** > that you could connect to your friends and family using any chat > product, making communication as easy as possible. A few years ago, > we announced our partnership with AOL which made it possible for ! > people to chat with AIM users right from inside Gmail. Today, we’re > happy to report that AOL has now made it possible to chat with AOL > contacts across a variety of Google services: not just Gmail, but > also iGoogle, Orkut, and Google Talk on Android phones. [...] --- 3305,3311 ---- > that you could connect to your friends and family using any chat > product, making communication as easy as possible. A few years ago, > we announced our partnership with AOL which made it possible for ! > people to chat with AIM users right from inside Gmail. Today, we're > happy to report that AOL has now made it possible to chat with AOL > contacts across a variety of Google services: not just Gmail, but > also iGoogle, Orkut, and Google Talk on Android phones. [...] *************** *** 3327,3333 **** Instead, solving problems for the user, with great design, reliable execution, rich featureset, simple operation, and low-to-zero user cost, along with serious, long-term commitment from the platform ! ^[*Google’s constant product shutdowns are damaging its brand*: https://arstechnica.com/gadgets/2019/04/googles-constant-product-shutdowns-are-damaging-its-brand/] ^[*Here's why Google kills so many of its projects*: https://www.androidcentral.com/heres-why-google-kills-so-many-its-projects] -- help messaging products succeed. --- 3327,3333 ---- Instead, solving problems for the user, with great design, reliable execution, rich featureset, simple operation, and low-to-zero user cost, along with serious, long-term commitment from the platform ! ^[*Google's constant product shutdowns are damaging its brand*: https://arstechnica.com/gadgets/2019/04/googles-constant-product-shutdowns-are-damaging-its-brand/] ^[*Here's why Google kills so many of its projects*: https://www.androidcentral.com/heres-why-google-kills-so-many-its-projects] -- help messaging products succeed. *************** *** 3391,3397 **** to be acceptable to society? - And the third fundamental question: should third parties ever be ! obliged to *not enable* – or even *actively prevent* – access to the above freedoms? - We now understand that to *actively prevent* E2E would require --- 3391,3397 ---- to be acceptable to society? - And the third fundamental question: should third parties ever be ! obliged to *not enable* -- or even *actively prevent* -- access to the above freedoms? - We now understand that to *actively prevent* E2E would require