Attorney General Bill Barr, along with officials from the United Kingdom and Australia, is set to publish an open letter to Facebook CEO Mark Zuckerberg asking the company to delay plans for end-to-end encryption across its messaging services until it can guarantee the added privacy does not reduce public safety.
A draft of the letter, dated Oct. 4, is set to be released alongside the announcement of a new data-sharing agreement between law enforcement in the US and the UK; it was obtained by BuzzFeed News ahead of its publication.
The forces are closing in on end-to-end encryption, and with the bizarre constitutional crises both the US and the UK are experiencing, I would be even more worried about this than I’d be under normal circumstances.
1. I wonder how many users Facebook is bleeding for not having it.
2. You have to wonder if it’s a bit of a smokescreen, we’ve heard in the past from Facebook, they aren’t worried, they control the app and they can do whatever they want to get the unencrypted data or the key that way.
I’d be interested to hear what Thom means by “constitutional crises” here in the UK (and in the US). Is it that the masses are voting for the wrong politicians / policies?
WEll as much as that is indeed the case I am sure he means PM/P who are guilty of breaking the law. You know something which should have them removed from office.
What laws have been broken, specifically and by whom?
I assume he means that the respective constitutions’ limits are being tested, either through flagrant violations, lack of enforcement of violations or lackluster enforcement, or simply entering scenarios that weren’t considered in the development of the constitutions.
The UK, US and Australia. Why is it always the English-speaking nations?
I’m pretty sure you can add Russia and China to the list. Probably many more. Maybe it’s just the ones you are paying attention to! How is NZ doing anyway? I’d move if I could!
https://en.wikipedia.org/wiki/Five_Eyes
if their plans fail, they’ll just say end-to-end services are used by paedophiles and such. Because if you are innocent, you have nothing to hide.
The safe assumption with FB, Twitter, Google, Yahoo, et al., is that their “services” include man-in-the-middle exposure of your otherwise “secured” data. Have you ever read an article that was based on a “viral” FB posting? The first time you did that, Facebook tagged you, like a wild animal with an earring or anklet. Same with Yahoo, Twitter, Google. What the heck, throw Apple into that mix as well.
When you use any of their services to communicate with other users of their services, *the services control the communication*. How hard is that to understand?
Do you really think an iPhone app bypasses Apple for communication with someone? Or an Android app bypasses Google?
Just like a bear sh!t$ in the woods, mobile-apps and web-apps leave footprints and droppings for others to follow. Apple, Google, Facebook, Twitter, Yahoo. They all do their best to track you as you browse the web on your iThing/smartDevice/desktop browser.
The second layer of that tracking is for the rest of them that use Apple, Google, et al. When you visit the New York Times, or the Guardian, or the Tokyo Shimbun, or the Sidney Morning Herald, Mark Zuckerberg and his equal CEO’s can trace you there, too. When some “service” is providing that “encryption,” it isn’t end-to-end. It’s only between you and the “service.”
Proving me wrong on this will cost a lot more energy than accepting that I’m most likely right.
Calm down there, I don’t think anyone is disputing what you’re saying. Mostly because that’s not really what the whole thing is even about. The end-to-end encryption this is about is about private messaging and government agencies wanting access to that so they can read the communications of anyone they suspect of illicit activity / whoever they want. It’s not about tracking your public activities online, which is pretty well understood already (not to mention notified on every website in the EU).
As an aside, “Proving me wrong on this will cost a lot more energy than accepting that I’m most likely right” is a pretty poor approach to any discussion and certainly won’t do you any favours.
daedalus,
gus3 may have a bit of tin foil showing, haha, but that’s ok. While some people take it too far, It’s still good to question things especially when it comes to bind trust in government (or even corporations).
On the one hand, the government is mostly not interested in what everyone does. Yet we do have to consider that Edward Snowden revealed that our governments do feel entitled to collect metadata on all of our interactions without a court order and the NSA does run secret programs to data mine these interactions, which included data from yahoo, google, microsoft, aol, facebook, apple, youtube… And anytime the government needed a court order, they went to a secret fisa court specifically setup by the executive branch to rubber stamp government requests. It’s troubling and unconstitutional, but it’s real.
I agree it wasn’t the best way to start a discussion.
Anyways, end-to-end crypto can be well implemented or poorly implemented, for example if the provider controls the encryption keys at either end (as was the case with apple’s end-to-end crypto), then the crypt can effectively be nullified for the purposes of wiretapping.
Reliable crypto can be tough and often corporations will claim their products are totally secure without too much regard for the actual truth. Having witnessed this myself, it’s much more common than people realize. Therefor I don’t think we ought to put much stock in the security of proprietary software/protocols where we must implicitly take the provider at their word. Proprietary = assume it’s insecure. From a practical standpoint, open source software offers more transparency under the hood. Although it too can be bugged, it’s more difficult without leaving a public trail of evidence.
@daedalus > pretty well understood already (not to mention notified on every website in the EU).
And every user *outside* of the EU as well – it’s G@D annoying to have a this website uses cookies” “waring” pop up on (almost) *every single* website I go to. “Dammit, [insert EU bureaucrat’s name here], we KNOW! And we don’t really care!” Who do I complain to to get a provision added to the GDPR to have a website tick-box for “accept all EU-nanny-state-cook-warnings?”
And it’s basically useless – notice it desn’t tell you *what* the cookies are keeping track of – is it just your username and a “logged-in-for-30-days-hashed-timestamp”, or is it a Facebook tracking cookie inserted by some facebook-inserted-s-load-of-eb-sucking-javascript-code?
^^ This.
My reply from two nights ago got kicked out by the WordPress spam filter. But the universe’s karma brought me this better thing from Jimw338.