One the face of it, ‘let’s not backdoor encryption’ is the one thing that FB and I agree on. In private, I suspect FB and AG Bill Barr are actually on the same page, though like all platforms FB benefits from appearing to defend consumers against all threats. Even if private messaging is secure in FB, they’ll still own the envelope data i.e. know who talks to who. Law enforcement & FB have a common interest in keeping the social graph open for business even if contents go away.
Decentralized networks are the missing part of the argument. Facebook presumably dislikes decentralized tech because like most pastoralists, their wealth is measured in cattle. Barr hasn’t talked about it and that’s a hole in his argument.
I’m not talking about far-future technology either. Email is a decentralized network.
To address decentralized networks in Barr’s plan, pick one of:
- Create a double standard where self-hosted / decentralized tools can do what they like but platform-provided certs have to backdoor
- Ban the use of decentralized networks or require network operators to detect and junk the traffic
- Ban all warrant-proof encryption, i.e. ban compiling any encryption library on github now, i.e. ban github
Only case 1 allows decentralized networks to continue existing, but even in that case, it’s unclear if platforms would integrate with decentralized networks. Imagine if gmail and outlook had legal cover for not integrating with new email hosts. It would be the end of open protocols.
Speech press and assembly fit inside a single breath in our legal system because they’re weak points that we target in a crisis. When I hear otherwise reasonable people like Sacha Baron Cohen or Scott Galloway search for daylight between speech & publication in order to fight radicalizing / hate stuff, I hope they’re wrong. Freedom of speech is not freedom of reach sounds to me like ‘say what you like but don’t print it’. SBC is attacking one of the few bright lines in the law that I agree with.
I am, of course, less afraid of SBC than of Barr because SBC doesn’t run the DOJ.
This isn’t the same as the classification of early military encryption tech or atomic secrets. Encryption methods are out & known in the world now. Insert genie / bottle comparison as you like. Will you jail people for using / sharing this?
Private chat logs aren’t something the police have always had. Even courts don’t think so, hence recent precendents excluding cell phone passwords from search incident to arrest. Unless you’re talking about east germany, cops have never had access to people’s private conversations, which is what Barr seems to want. I worked at a place where there were plausible rumors of a middle-manager reading private slack threads, and I can say that ‘leave room for Jesus’ is not a fun time.
Also, the criminals will go somewhere else. The only argument I’ve heard against that is that they’re using FB to recruit trafficking victims, a claim that never comes with numbers or comparison to other channels. I dug through a PDF once and the number was smaller than cancer deaths. Let’s cure cancer first.
If the compromise here is ‘children get backdoored certs’ I might be fine with that. If the compromise is children can’t use dangerous platforms without an adult, I might be fine with that, although it’s anyone’s guess if troubled teens get more benefit than risk from airing their problems. Restrict younger kids to interacting with people they know IRL until they pass a safety test. Make it like a driver’s license.
What are you going to do about decentralized networks? Will you stop people from using or sharing OTS encryption software? How can you have an AG in 2020 who doesn’t understand technology? These are questions I wish people would answer before opening their mouths about security topics.