Signal’s Meredith Whitaker: Breaking encryption while preserving privacy is a ‘magic thought’

AI Basics


Signal has tens of millions of users worldwide and is one of the leading messaging apps that offers encryption to protect your messages from prying eyes. As a result, it has also become a target for lawmakers seeking to undermine the technology.

Signal’s president, Meredith Whitaker, is tasked with overseeing the 40-strong staff at the small nonprofit that continues to run the app, and has warned the company about its fight against policies that threaten user privacy. has become a spokesperson for And these days, there’s no shortage of risks. Recently, Signal joined critics, including his Meta, in calling for changes to the UK’s online safety bill, which is expected to reach a final vote soon. The bill would introduce client-side scanning, a technology that scans private communications on people’s devices and matches them against databases of potentially objectionable content.

Whittaker, a prominent artificial intelligence researcher who previously worked at Google and helped co-found the AI ​​Now research institute, has also been at the forefront of warnings about the technology’s potential to undermine civil liberties. . Cyber ​​Scoop interviews Whitaker on global threats to cryptography and how governments are trying to circumvent cryptography. Did.

This conversation has been edited for clarity and length.

Some say the crypto wars are entering a new phase. How would you describe this moment we are in?

This threat is very real and imminent. Never in my life have I seen such a great threat. And I think it’s necessary to push it back and clarify the terms. Now, I don’t think you’re going to take this as a war, but I don’t think it’s a war that can be won definitively. Because we’re not dealing with misunderstandings about how technology works, or at least not based on misunderstandings. We are not going to persuade those in power to abandon the pursuit of information asymmetry as a tool of power. In effect, it is asymmetry that creates surveillance of the observer over the observer. The will to centralize power is accompanied by a kind of will to manage, monitor, and socially control people, and I don’t think that kind of core will go away. But I think we are at a very important time right now. It is very important to keep the terms clear and ultimately win the issue. Otherwise, you may face scenarios where your possibilities for private digital communication are mostly limited.

What do you mean by “clarify the terms”?

Technologies like client-side scanning will allow some form of monitoring of everyone’s communications on behalf of the government, allowing several private entities to decide whether those communications are acceptable and take action. There is a magical mindset that claims it can be done. that determination. And somehow do this privately. I think it should be clarified that there is no way to implement a secure backdoor. Artificial intelligence (whatever these companies’ marketing has led you to believe) doesn’t really have magical powers.

Claims made about what this type of surveillance enables are not really grounded in reality. Sometimes it shatters myths, sometimes it deflates the hype that should have arisen. And I think we need to put this in a more grounded historical context that recognizes the dangers of governments building systems that can effectively monitor everyone’s private communications at all times. The pretext for that surveillance may change. But that’s what we really have to stress, how dangerous that kind of regime is.

We are now Post Dobbs. We’ve already seen Jessica Burgess, a mother in Nebraska, charged with a felony for helping her daughter get access to reproductive medicine after the state suddenly banned it. And it was a Facebook message that was provided as evidence leading to her accusation. We see how this can be used in a world where people’s identities matter. It’s criminalized, and so is people’s access to information. It really needs to be a bigger part of the discussion.

What do you see as the most pressing threats to encryption?

I am certainly closely monitoring the encryption provisions of the UK Online Safety Bill. It should be made clear that the bill itself is a kind of omnibus of various provisions, some of which are excellent. I think it’s very useful for researchers to have access to data from tech companies, and we shouldn’t throw it away. But there is one that would give Britain’s telecommunications and competition regulators the power to mandate government-approved scanning technology on everyone’s devices, introduce a mass surveillance regime, and stigmatize people’s communications. It contains a very nasty clause to check before it is done. An opaque database of unacceptable voices that uses some variant of artificial intelligence or machine models to kind of detect unacceptable content and take action based on those detections. And it is absolutely unacceptable. And that would not only set up an extraordinarily costly and impractical regime, but would also completely strip away the right to privacy.

We already mentioned that client-side scanning has received a lot of attention as an encryption workaround. Why do you think it became popular?

The current climate of unsubstantiated AI hype is contributing to this. A tech executive has taken the stage to say he believes these systems have consciousness. So many different companies and so many different “fathers of AI” make completely unrealistic claims about how these systems work. So I don’t understand why someone who isn’t familiar with the important details of these technologies would believe, “Oh, if AI can think better than humans, why can’t it do it on the client side?” creates an atmosphere that is not difficult.Can you do the impossible by privately scanning content?” Distrust is suspended because of the influx of unsubstantiated claims. So why isn’t this other unsubstantiated claim also true?

In the United States, we’re seeing anti-crypto rhetoric, especially regarding Child Sexual Exploitation Material (CSAM). Do you think things are getting worse in the US?

Certainly, there has always been an intention on the part of law enforcement to break or undermine encryption. This is nothing new. I’m tracking the potential reinstatement of the EARN IT Act and Kids Online Safety Act. I think the age verification bill is something that really bothers me. To verify someone’s age, you need information about their identity, and you must be able to verify that identity, effectively creating a surveillance database of sorts.

The focus on the UK means that the UK is the most advanced. And what we know from technology policy is that the precedent is very strong. Regulating new technology is seen as difficult and dangerous, so precedents are quickly copied and pasted by governments around the world.

Part of the backlash against crypto is the idea that it facilitates CSAM. How do you react to such emotional and intuitive arguments for cryptography?

I think you have to face it. It’s not that you can’t avoid it or say, “We’re not talking about that, we’re talking about math.” It doesn’t really solve the problem. But it soon frames itself as if all child abuse is caused online. [activity.] That is, the framework of the problem suddenly becomes technological. So the framework for the solution is naturally technical, right? And all this ignores the fact that there are children in the real world who are suffering and need help.

The majority of abuse occurs within families, and when it does not occur within families, it is almost always carried out by authoritative adults who have some form of responsibility for caring for the child. That’s not happening online. That’s what happens in the real world.

There’s a really, really tight dynamic here that you have to face if you’re going to deal with it. And I think, in a way, abstracting this online and making it a matter of technology and the “tech boogeyman” is actually a way of avoiding facing these dynamics.

Encrypted messaging services have banded together to oppose UK legislation. How would you work with a company like Meta, which has a completely different business model than Signal?

Anomalous threats require anomalous coalitions. Solidarity is a very specific practice. I don’t know if this is solidarity. But at this moment in the face of these threats, we share common interests. At the same time, this does not mean that I am so critical of Meta’s surveillance activities. This doesn’t mean we don’t blame WhatsApp for advertising itself as truly private, even though it continues to collect metadata that can be easily combined with Facebook data. Where we are now is a real threat to our ability to communicate privately. And one of the few good things Meta did was not get rid of the Signal protocol that was integrated into WhatsApp just before it was sold to Meta.

If they are fighting to keep historic privacy standards available for human conversation, even as much of our communication has moved online, we are fighting that battle too. is there. But it doesn’t mean anything else.



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *