This feels important to me because a government agency is asking for better privacy in order to prevent chilling effects on their officials. They’re not making a rights argument, they’re making an ‘employees can’t do their jobs well without it’ argument.


Not sure if my normal audience reads, so brief summary of the Kim Darroch affair:

Darroch is (was) the UK ambassador to the US. Circa 2016 he sent a critical message to his team about the Trump administration saying (1) they’re not competent and (2) they can be manipulated by the UK.

This week someone leaked these to the daily mail. Mr Trump responded on twitter with a statement more or less saying ‘we won’t talk to him anymore’. This isn’t Mr Trump’s first statement on the topic – he publicly asked British PM Theresa May to replace Darroch with brexiteer Nigel Farage years ago.

Why this is interesting: every statement I’ve seen from a British official, whether they’re pro- or anti-May, pro- or anti-Darroch, includes a condemnation of the leak.

Darroch’s defenders are making the argument that it’s his job to deliver a frank assessment to his home office. They call the leaks ‘unpatriotic’ and say that diplomats can’t deliver on their duty of frank reporting without the protection provided by private diplomatic channels.

All this from a country that passed something nicknamed the Snooper’s charter that requires some technology vendors to backdoor their encryption.

The circumstances suck but it’s good news that people on both sides of this are making serious chilling effects arguments.

Privacy is hard to argue for

Everyone who thinks of themselves as pro-privacy has had trouble selling this position to their friends. ‘I have nothing to hide’, ‘think about the terrorists’, and ‘child porn’ are some common counter-arguments.

I think these arguments are hard because (1) privacy requires people to acknowledge that society is often in a state of ‘maximum peaceful conflict’, (2) some of these arguments require you to zoom out beyond the individual, and (3) they’re ‘other shoe drops’ scenarios, the consequences aren’t immediate.

Some arguments that I’ve collected:

  • chilling effects are real – hard decisions are full of conflict and people can’t think straight when they’re self-censoring
  • consumer negotiating power is already being eroded – there are stories of companies using demographics for discriminatory pricing. (When this information includes protected class categories, this gets legally dicy for the company)
  • systemic loss of privacy can lead to tyranny-lite, in that various ‘in private’ activities can become crimes because they’re suddenly enforceable. Examples: speech, reading, sodomy, political organization
  • and eventually, tyranny-heavy in that surveillance is the cheapest way to target your enemies. Tyranny-heavy is happening in hong kong now but is driven by political kidnappings, election interference and due process erosion; not by privacy erosion
  • every dictatorship steps up the secret police. This isn’t the same as saying every secret police enables a dictatorship, but it’s close
  • abuses can take the form of blackmail; abuses get covered up; abuses are often invisible. Examples are LOVEINT – most large surveillance systems have public stories of people stalking their spouses / SO. Another example is ‘parallel construction’, a prosecution strategy where crimes are discovered in secret

It’s fascinating and rare to hear a government agency making one of these arguments.

Encryption vs RBAC

This leak is likely not a security flaw. I don’t have any inside information and in fact didn’t finish the daily mail article because their recirc links are so effective; I read about someone’s beach bod or divorce instead. But plausibly this was an authorized insider accessing the document.

Post-Snowden, google & friends became passionate about ‘SSL everywhere’ as a panacea to state surveillance. I’m for this but SSL isn’t the whole answer:

  • SSL is centralized – the webhost still has full access to your activity
  • SSL is only secure if you trust every certificate authority, and there have been cases in the last few years of chrome / mozilla removing CAs for abuse
  • SSL isn’t particularly resistant to censorship – china has no problem blanket-banning wikipedia (although github is apparently trickier. I just found out that GH posts their takedown requests)
  • not sure what the difference is between trusting a nation-state and trusting google

This month people starting writing about ICE use of driver’s license DBs for facial recognition. Once again, a privacy breach that isn’t a security breach.

Without systemic privacy, security isn’t enough.

I’m interested that G has been arguing for SSL everywhere but not for PKI everywhere; PKI removes the vendor’s ability to read contents. Depending on who leaked the Darroch cables and how, PKI everywhere might have prevented it – if for no other reason than by allowing him to more precisely target his message to specific readers, i.e. enforce ‘eyes-only’ at the technology level.

(Until someone prints it out, of course, or takes a screenshot).


Chilling effects are real, now let’s admit that these affect consumers.