The Global War on End-To-End Encryption

Reporting Private Activities to the Government

Recently, there has been a rise in regulations drafted out of concern for exploitation of children, that have advocated measures that can completely erode privacy on the internet. In 2018 the US Congress passed SESTA / FOSTA, which survived legal challenges by free speech advocates like EFF. This month, the UK again published a draft of the Online Safety Bill which “proposes measures to end anonymous browsing by requiring some online service providers to implement age-verification checks for users.” The State of Utah just passed a bill with similar requirements, ostensibly forcing large online social platforms to begin obtaining proof of age from all their users by 2024.

Many of these regulators don’t understand the implications of what’s possible with technology. Their bills, though vague, can be interpreted so broadly as to end internet use as we know it. And while the initial concern may be for children, subsequent governments can use the snooping apparatus for all kinds of things, as we have already seen the NSA unlawfully do because it was easy. This isn’t restricted to authoritarian countries, but even liberal Western democracies have engaged in covert and illegal surveillance for decades.

The War on End-To-End Encryption

Often, regulators would like to subvert end-to-end encryption: the kind that encrypts conversations all the way between the end-users devices. In the US, the EARN IT Act sought to outright ban this kind of encryption, before an even worse LAED anti-encryption bill was proposed. Trump’s attorney general was vocally in favor after Apple refused to unlock iPhones of a shooting suspect. In Australia, an anti-encryption bill already passed in 2018, and its 2021 “Hacking Bill” can jeopardize privacy and security, with warrantless surveillance. Dubai has banned (ostensibly) end-to-end encrypted messengers like WhatsApp and Skype, except the ones that their government secretly has a backdoor to. Here is the situation around the world:


Scanning at the Edge

Advocates of end-to-end encryption say it’s essential and not subject to compromises, but a lot of corporations providing the encrypted messengers have experimented with scanning content on the users’ client software, before it is encrypted and sent from the device. Apple experimented with scanning for Child Sexual Abuse Material (CSAM), but killed the project last year after an outcry. Corporations like Facebook want to read your end-to-end encrypted chats to show you advertising.

These corporations are working together with governments, and advertisers, scanning your conversations whether you know it or not. Much of Big Tech is fueled by ads and have massive incentives to secretly vacuum up your data and even record you without your consent. There is even a name for it: Surveillance Capitalism.

As long as you rely on Big Tech to provide your software, you’ll just have to take their word for it that they don’t have backdoor keys to your encrypted messages, and that they’re not scanning things on the client side. You can do better: with Qbix Platform, you don’t have to trust! People can verify the code does what you expect – or even run it yourself, hosting your own communities with open source software on your choice of computer.

Power to the People

As a company, we’ve spent the last decade building decentralized open source platforms by the people, for the people, which are are independent of Big Government and Big Tech. Empowering any community to choose where to host their social network, even without the internet, goes a long way. It allows communities to get stuff done locally, without permission or rent-seeking behavior from the owners of the infrastructure:

You can see exactly how it works in this video:

Can we balance Privacy and Accountability?

Just because large states and corporations choose the “easy route” of spying on their citizens and users doesn’t mean there aren’t real concerns that communities have about violent crimes and people harming one another. Can a compromise be struck? That is the subject of our feature article:

1 Like

UPDATE: Spain gets in on the game:

@Zak @JonM

1 Like

A very worrying update: the title speaks for itself

And then there is Section 702 enabling the FBI to spy on Americans without a warrant:

we live in a globalized world where U.S. persons regularly communicate with people in other countries. This creates a massive pool of digital communications in which one side of the conversation is an American on U.S. soil. The FBI, investigating crimes in the U.S., has spent the better part of 15 years sifting through these communications without even a warrant. So the fact that they cannot even abide by their own rules, much less the ones set by Congress, is a big deal.

Phone hacking companies want to keep law enforcement from revealing their techniques on phones, as they say:

And the reason why is because we want to ensure that widespread knowledge of these capabilities does not spread. And, if the bad guys find out how we’re getting into a device, or that we’re able to decrypt a particular encrypted messaging app, while they might move on to something much, much more difficult or impossible to overcome.We definitely don’t want that.

We’re also aware that the phone manufacturers are continuously looking to strengthen the security of their products. And the challenge is already so difficult as it is, but we still continue to have really good breakthroughs. Please don’t make this any more difficult for us than it already is.

Things are getting worse in the EU… it may eventually have the same infrastructure as China:

And now this from the UK:

Here is the full text of the bill:

Most of our public forums are extremely centralized, under the control of a single corporation. Thus, these things are possible to compel by governments, both on the app level and app store level:

And this is exactly why decentralization matters, not just for privacy but even the health of public forums. Read the article our sister company Intercoin has written in response to Moxie Marlinspike’s critique of decentralization:

With centralized services, we can see a swift end to online anonymity

Even as they require all your chats to be scanned, the European regulators exempt their own government employees from it:

Probably as a concession to France, the chats of employees of security authorities and the military are also to be exempted from chat control.

The war on end-to-end encryption has really heated up!