from the nuance,-nuance,-nuance dept
Mike Masnick:
"Over the weekend, the Telegraph (not the most trustworthy or reliable in a batch of UK news organizations that have long had issues with accuracy in reporting) claimed that the latest (and most high profile) Facebook whistleblower, Frances Haugen, was prepared to come out against encryption.
This (quite rightly) raised the hackles of multiple encryption experts.
As people were getting pretty worked up about it, the Telegraph (silently, and without notice) changed the headline of the piece (from "Facebook whistleblower warns ‘dangerous’ encryption will aid espionage by hostile nations" to "Facebook whistleblower warns company's encryption will aid espionage by hostile nations") as well as the actual text of the story, to suggest a slightly more nuanced (but still not great) view --
effectively saying she supported encryption, but was concerned that Facebook would use encryption as a "see no evil" kind of blindfold to problems on its platform.
Ms Haugen said that she is generally pro-encryption, which enhances users’ privacy. However, she added that Facebook’s plan was also way for the company to “sidestep” harmful content happening on its platform rather than address it. She said: “End-to-end encryption definitely lets them sidestep and go ‘look we can’t see it, not our problem’.”
Of course, context and motives matter here, and the Telegraph -- which tends to be quite supportive of the current UK government, seemed to be twisting Haugen's (admittedly confused) statement in support of UK Home Secretary Priti Patel's positively dangerous plan to get rid of end-to-end encryption in the UK.
It sure looks like the Telegraph went looking for a way to support that argument, and used Haugen's words to that effect.
A few hours later, Haugen actually testified before a UK Parliamentary committee and claimed her words were taken out of context.
She said that she's strongly pro-encryption... but then tried to claim that her comments to the Telegraph were more about how she doesn't trust Facebook to actually implement encryption. Which is... a strange and almost nonsensical claim.
“I want to be very, very clear. I was mischaracterised in the Telegraph yesterday on my opinions around end-to-end encryption,” she said.
“I am a strong supporter of access to open source end to end encryption software.
“I support access to end-to-end encryption and I use open source end-to-end encryption every day. My social support network is currently on an open source end-to-end encryption service.” [....]
“Facebook’s plan for end-to-end encryption — I think — is concerning because we have no idea what they’re doing to do. We don’t know what it means, we don’t if people’s privacy is actually protected. It’s super nuanced and it’s also a different context.
On the open source end-to-end encryption product that I like to use there is no directory where you can find 14 year olds, there is no directory where you can go and find the Uighur community in Bangkok. On Facebook it is trivially easy to access vulnerable populations and there are national state actors that are doing this.
“So I want to be clear, I am not against end-to-end encryption in Messenger but I do believe the public has a right to know what does that even mean? Are they really going to produce end-to-end encryption? Because if they say they’re doing end-to-end encryption and they don’t really do that people’s lives are in danger
. And I personally don’t trust Facebook currently to tell the truth… I am concerned about them misconstruing the product that they’ve built — and they need regulatory oversight for that.”
But... here's the thing: Haugen may be a wonderful data scientist. 
And, she may have done the world tremendous good by leaking tons of internal Facebook documents, giving the world some insight into what's going on at the company.
But that doesn't make her an expert on encryption.
And, it shows. As Alec Muffett, a security expert who actually used to work on encryption at Facebook, noted in a detailed thread, what Haugen is asking for here is dangerous and shows a real lack of understanding about encryption.
> First, she claims that there should be a government review of any Facebook end-to-end encryption to make sure it's legit. And, yes, there are many reasons to not trust Facebook, but introducing the idea that government needs to review and approve encryption is worse. Is she completely unaware of the government's history of constantly trying to undermine and backdoor encryption? I mean, it's not exactly secret. And the US government has been trying to undermine and backdoor encryption pretty aggressively lately. Suggesting that there needs to be some government entity blessing the encryption opens the door to all sorts of mischief.
> The separate issue is claiming that end-to-end encryption for Facebook is somehow different because you can use Facebook for more than just messaging, and it's bolted on to other services. Again, as Muffett explains, this kind of thinking is dangerous as well. It suggests that encrypted chat needs to be silo'd and kept distant from tons of internet services, when the reality is often that many more internet services should be embracing encryption much more widely to protect their users. . .
[. . .] Again, Haugen has likely done the world a great benefit in leaking a bunch of internal documents (I'll have more on those soon). But it's important to remember that just because she blew the whistle regarding Facebook research, it doesn't make her an expert on everything else. She's not an expert on content moderation, or antitrust, or encryption. She may be a useful source for exploring what Facebook's research showed, or some of Facebook's decision making, but it's depressing how quickly eager politicians looking to gain support for their already existing plans are exploiting her to argue for their position on topics she's really not qualified to comment on. Indeed, it's also dismissing the hard work of tons of actual experts on these topics, from practitioners in the field to the academics who study these issues.
Filed Under: encryption, frances haugen, going dark, tech policy, uk
Companies: Facebook
=========================================================================
ONE EXTRACT FROM THE TELEGRAPH STORY
". . .Former Deputy Prime Minister Nick Clegg, who is now Facebook’s head of policy and communications, has also previously defended how the company’s algorithms work.
In a blog post in March entitled ‘it takes two to tango’, Sir Nick argued Facebook users were not “the playthings of manipulative algorithmic systems”, but actively influence what the app shows them by deciding what they click on.
Ms Haugen rejected Mr Clegg’s argument.
She said: “That article, it is almost like a domestic abuser saying ‘if you didn’t make me so angry I wouldn’t hit you so much’.
“He said it takes two to tango, but no. If you go and follow pretty innocuous things just following the algorithm you get led to more and more extreme things because engagement based ranking is dangerous.”
No comments:
Post a Comment