Yesterday, the NYTimes published an op-ed saying Signal (the end-to-end messaging app) was unethical. In the cybersecurity community, this has made many people angry. I thought I’d explain.
The op-ed isn’t actually about ethics but politics. I can’t see that it touches any ethical questions at all — he just pretends his political desires are objective ethical arguments.
When a technology is created, whether it be Facebook or Bitcoin or the Internet itself, it creates winners and losers. The losers with end-to-end encryption are law enforcement who can no longer eavesdrop on conversations by tapping wires or requesting the data from service providers. The entire point of “end-to-end” is that nobody in the “middle” can read the messages — not even the company providing the service.
It’s often expressed in Fourth Amendment terms. On one hand, people have an interest in the privacy of their homes and personal effects. On the other hand, the state has an interest in investigating crimes (meaning, the people have an interest that crimes against them be solved). The compromise allows the state to invade privacy when it can show the court good reason.
The op-ed describes the competing interests by how Signal protects journalists communicating with confidential sources but also protects criminals evading law enforcement. For an example of criminals, it cites the “Oath Keepers” who were among those planning an insurrection at the Jan6 Capitol protests.
The op-ed implicitly takes the side of law enforcement. It doesn’t describe why law enforcement interests are good so much as attack all the justification for Signal as being bad. It describe a strawman version of the Signal politics “The privacy of individuals must be respected above all else, come what may”.
The reality is that Signal doesn’t care about “privacy”, it cares about “revolution”.
What the activists care about is protecting dissidents living under repressive regimes, such as the recent protests in Iran, resistance to Russia’s war, resistance to China’s takeover of Hong Kong, and so on. These countries spy on their citizens and jail them for disagreeing with the rulers.
Yes, yes, the technologists do talk about “privacy”. It seems to be the main message on Signal’s website, for one thing. This is because if only revolutionaries use Signal, then the easiest way to round up the all revolutionaries is to look for anybody using Signal. Average people need to be using it for everyday things for it to be safe for exceptional people to use it for exceptional things. End-to-end encryption needs to be the default in all messaging apps. And thankfully, most popular apps do use some form of it. The biggest chat app that doesn’t use end-to-end encryption is WeChat, the most popular messaging app in China — precisely so the Chinese government can suppress dissent.
The technology can’t work one way in America and another way elsewhere. You can’t have backdoors for American FBI without backdoors for Russian, Chinese, and Iranian secret police.
Thus, the two sides aren’t American citizens vs. American law enforcement, but all citizens of the world vs. all law enforcement. The thing lost by outlawing end-to-end tech isn’t American’s privacy but world-wide dissidence.
Note this isn’t to say law enforcement is inherently evil. Even as an an Iranian woman protests against being forced to wear the hijab, she’ll still want the police protecting her from getting robbed. The police already have plenty of tools to solve these crimes. We live in the Golden Age of Surveillance — the Jan6 rioters were rounded from GPS monitoring on their phone and all those videos posted to Instagram. World-wide law enforcement won’t be struck a fatal blow if it can’t eavesdrop on communications and will continue to be useful in stopping crime.
Even in America, we should care about dissidence. The op-ed mentions the Oath Keepers using Signal to plot insurrection in America. Well, if you support them and Donald Trump, then this is obviously an argument for Signal.
But if you hate Donald Trump it’s even more of an argument for Signal. Trump was steadily eroding our institutions that guard against despotism. He kept firing Attorney Generals in order to create a justice department that does his bidding, as the Jan6 committee documents. There’s a good chance he’ll win re-election in 2024 by “finding an extra 11k votes in Georgia” and continue corruption of the Department of Justice. At this point, I will be using Signal to plot insurrection and I damn well hope that you will, too.
Or, you can outlaw end-to-end so that Trump can happen here.
So far, I’ve been trying to discuss the main arguments, but what really irritates technologists is that the op-ed writer seems not to have any competence in the subject. He’s an ethicist and there are no ethical questions here. He doesn’t understand the technology.
It seems a mystery to him how the FBI got the Oath Keeper messages even though they used Signal. That’s because it protects everything between the ends and not the ends itself. If you (on one end) send a message to an FBI informant (on the other end), then obviously there’s no technology that can protect you from what the informant tells the FBI. In the case of Oath Keepers, it was “group chat” with many ends. Maybe they had an informant in the group. Maybe one of the members plea bargained. Maybe somebody didn’t lock their phone properly. Regardless, technologists know why group chats get compromised.
Another tedious argument is that if we can’t trust Big Tech and Big Government, what makes us think we can trust these Small Technologists any better? The answer is “open-source”: the code is freely available to all. We don’t have to take their word for it. We can see that Signal is trustworthy even it were written by the Chinese or Russian spy agencies. The most they can do is record metadata, like what IP addresses we use to access it — which is something the secret police know within their own borders anyway (tracking IP addresses on the Internet backbones).
Lastly, the op-ed complains that the technologists created the technology without accountable to anyway, that nobody elected them to do it. Well, yes, that’s how all invention works. It’s how the Internet was created, far more radically ideological than Signal. It’s how Facebook happened. It’s how Google happened. It’s how Apple happened. He’s an outsider to tech who can’t create anything but feels very strongly that ivory tower types like himself need to be involved somehow.
In short, this op-ed provides no new angle to the major debate that remains undecided, and stumbles around with minor things that have been well settled.