End-to-end encryption, in which only the sender and recipient have access to a message, is the saving grace of the online world, the last little bit of privacy most of us can expect to have in this era of near-ubiquitous surveillance. Tens of billions of encrypted messages are sent every day between users of WhatsApp, Signal, Apple’s iMessage and many other apps.
The central importance of encryption to privacy is described in an amicus brief by the American Civil Liberties Union, the Center for Democracy and Technology, the Electronic Frontier Foundation, Mozilla, and several other activist groups and corporations. They stand in opposition to a preliminary injunction request by Nevada Attorney General Aaron Ford in his lawsuit to stop Meta from launching a new encrypted version of its Messenger app, ostensibly because it would pose a new threat to the safety of children. The facts are on Meta’s side. End-to-end encryption has been an optional feature of Messenger for eight years. Attorney General Ford ignores the host of other encrypted services millions of Americans use, singling out Meta as a test case. If he were to succeed in breaking open Messenger’s encryption, the attorney general would in essence be setting a precedent for the nation, maybe even for the world. The clear and passionate language of the civil liberties amicus brief gets to the heart of what is at stake: “Society has long recognized that people thrive when we have the ability to engage in private, unmonitored conversations. Sharing confidences enables people to form friendships and intimate relationships, obtain information about sensitive matters, and construct different identities depending on the audience. We know this from our own lives, whether engaging in pillow talk, meeting a friend for a walk, or forming an invitation-only club. Important, human things happen when we can be confident that no one is listening in.” Nothing about end-to-end encryption prevents law enforcement from accessing the message from either the recipient or the sender. But preventing companies from providing security, as the Nevada AG seeks to do, creates security risks from bad actors, including both criminals and government officials who would abuse their power by illegally accessing messages. The brief quotes respected child protection organizations that encrypted channels protect children from violent family members, stalkers, and predators, and in parts of the world where there is armed conflict. Hackers in 2015 stole five million customer details from a children’s technology and toy firm, including sensitive information. Because these chats between parents and children were unencrypted, the leak gave criminals the names, ages, and addresses of millions of children. The amici also write of just how onslaughts against privacy, like that of the Nevada Attorney General, break with American tradition. They write: “In any other era, a claim that government may obligate us to record and preserve our conversations, just in case investigators wanted to review them later, would be laughably ridiculous. It would simply have been beyond the pale to suggest that people could be required to record their conversations in a language that law enforcement could readily understand and access. Basic conversational privacy was assumed, and rightly so.” Legal precedent is also on the side of civil liberties. The Ninth Circuit recognized encryption’s importance “to reclaim some portion of the privacy we have lost” 25 years ago in rejecting the U.S. government’s export restrictions on strong cryptography. (See EFF on Bernstein v. Department of Justice) While advocates of privacy have a solid chance of prevailing in state court in Las Vegas, encryption is endangered across the pond by Section 122 of the United Kingdom’s Online Safety Act, passed in late 2023. The law requires companies to use technology that would scan users’ messages to make sure they are not transmitting illegal content, like Child Sexual Abuse Material. Doing this without breaking end-to-end encryption is currently impossible. The UK’s internet regulator, Ofcom, has relented in requiring content monitoring, for now, for the simple reason that such technology does not yet exist. With developments in AI, however, it might come sooner than we think. Matthew Hodgson, CEO of Element, told WIRED, that such scanning tech would undermine encryption and provide “a mechanism where bad actors of any kind could compromise the scanning system in order to steal the data flying around the place.” Anti-encryption regulators only to need to win in one jurisdiction to threaten the viability of encryption globally, from women and children hiding from abusive situations to dissidents living in dictatorships. From London to Las Vegas, encryption – and privacy – are at risk. Comments are closed.
|
Categories
All
|