A Rose by Any Other Name Would Smell as Sweet; An Encryption Back Door by Any Other Name Would Still Smell Like Shit
Signal president Meredith Whittaker, responding to a new initiative in the EU to ban end-to-end-encryption (for some reason published as a PDF despite the fact that Signal has a blog):
In November, the EU Parliament lit a beacon for global tech policy
when it voted to exclude end-to-end encryption from mass
surveillance orders in the chat control legislation. This move
responded to longstanding expert consensus, and a global coalition
of hundreds of preeminent computer security experts who patiently
weighed in to explain the serious dangers of the approaches on the
table — approaches that aimed to subject everyone’s private
communications to mass scanning against a government-curated
database or AI model of “acceptable” speech and content.
There is no way to implement such proposals in the context of
end-to-end encrypted communications without fundamentally
undermining encryption and creating a dangerous vulnerability in
core infrastructure that would have global implications well
beyond Europe.
Instead of accepting this fundamental mathematical reality, some
European countries continue to play rhetorical games. They’ve come
back to the table with the same idea under a new label. Instead of
using the previous term “client-side scanning,” they’ve rebranded
and are now calling it “upload moderation.” Some are claiming that
“upload moderation” does not undermine encryption because it
happens before your message or video is encrypted. This is untrue.
Yes, but it’s a great idea to let these same EU bureaucrats design how mobile software distribution should work.
★
Signal president Meredith Whittaker, responding to a new initiative in the EU to ban end-to-end-encryption (for some reason published as a PDF despite the fact that Signal has a blog):
In November, the EU Parliament lit a beacon for global tech policy
when it voted to exclude end-to-end encryption from mass
surveillance orders in the chat control legislation. This move
responded to longstanding expert consensus, and a global coalition
of hundreds of preeminent computer security experts who patiently
weighed in to explain the serious dangers of the approaches on the
table — approaches that aimed to subject everyone’s private
communications to mass scanning against a government-curated
database or AI model of “acceptable” speech and content.
There is no way to implement such proposals in the context of
end-to-end encrypted communications without fundamentally
undermining encryption and creating a dangerous vulnerability in
core infrastructure that would have global implications well
beyond Europe.
Instead of accepting this fundamental mathematical reality, some
European countries continue to play rhetorical games. They’ve come
back to the table with the same idea under a new label. Instead of
using the previous term “client-side scanning,” they’ve rebranded
and are now calling it “upload moderation.” Some are claiming that
“upload moderation” does not undermine encryption because it
happens before your message or video is encrypted. This is untrue.
Yes, but it’s a great idea to let these same EU bureaucrats design how mobile software distribution should work.