A Rose by Any Other Name Would Smell as Sweet; An Encryption Back Door by Any Other Name Would Still Smell Like Shit

Signal president Meredith Whittaker, responding to a new initiative in the EU to ban end-to-end-encryption (for some reason published as a PDF despite the fact that Signal has a blog):

In November, the EU Parliament lit a beacon for global tech policy when it voted to exclude end-to-end encryption from mass surveillance orders in the chat control legislation. This move responded to longstanding expert consensus, and a global coalition of hundreds of preeminent computer security experts who patiently weighed in to explain the serious dangers of the approaches on the table — approaches that aimed to subject everyone’s private communications to mass scanning against a government-curated database or AI model of “acceptable” speech and content.

There is no way to implement such proposals in the context of end-to-end encrypted communications without fundamentally undermining encryption and creating a dangerous vulnerability in core infrastructure that would have global implications well beyond Europe.

Instead of accepting this fundamental mathematical reality, some European countries continue to play rhetorical games. They’ve come back to the table with the same idea under a new label. Instead of using the previous term “client-side scanning,” they’ve rebranded and are now calling it “upload moderation.” Some are claiming that “upload moderation” does not undermine encryption because it happens before your message or video is encrypted. This is untrue.

Yes, but it’s a great idea to let these same EU bureaucrats design how mobile software distribution should work.

Wednesday, 19 June 2024