site banner
PaperclipPerfector  3mo ago (text post)   18438 thread views

Culture War Roundup for the week of January 29, 2024

This weekly roundup thread is intended for all culture war posts. 'Culture war' is vaguely defined, but it basically means controversial issues that fall along set tribal lines. Arguments over culture war issues generate a lot of heat and little light, and few deeply entrenched people ever change their minds. This thread is for voicing opinions and analyzing the state of the discussion while trying to optimize for light over heat.

Optimistically, we think that engaging with people you disagree with is worth your time, and so is being nice! Pessimistically, there are many dynamics that can lead discussions on Culture War topics to become unproductive. There's a human tendency to divide along tribal lines, praising your ingroup and vilifying your outgroup - and if you think you find it easy to criticize your ingroup, then it may be that your outgroup is not who you think it is. Extremists with opposing positions can feed off each other, highlighting each other's worst points to justify their own angry rhetoric, which becomes in turn a new example of bad behavior for the other side to highlight.

We would like to avoid these negative dynamics. Accordingly, we ask that you do not use this thread for waging the Culture War. Examples of waging the Culture War:

  • Shaming.

  • Attempting to 'build consensus' or enforce ideological conformity.

  • Making sweeping generalizations to vilify a group you dislike.

  • Recruiting for a cause.

  • Posting links that could be summarized as 'Boo outgroup!' Basically, if your content is 'Can you believe what Those People did this week?' then you should either refrain from posting, or do some very patient work to contextualize and/or steel-man the relevant viewpoint.

In general, you should argue to understand, not to win. This thread is not territory to be claimed by one group or another; indeed, the aim is to have many different viewpoints represented here. Thus, we also ask that you follow some guidelines:

  • Speak plainly. Avoid sarcasm and mockery. When disagreeing with someone, state your objections explicitly.

  • Be as precise and charitable as you can. Don't paraphrase unflatteringly.

  • Don't imply that someone said something they did not say, even if you think it follows from what they said.

  • Write like everyone is reading and you want them to be included in the discussion.

On an ad hoc basis, the mods will try to compile a list of the best posts/comments from the previous week, posted in Quality Contribution threads and archived at /r/TheThread. You may nominate a comment for this list by clicking on 'report' at the bottom of the post and typing 'Actually a quality contribution' as the report reason.

6
Top Bottom New Old Controversial
Jump in the discussion.

No email address required.

Like, you scoff at impenetrable end to end encryption. But the realities of the internet are that any back-door or security flaw that allows end to end encryption to be penetrated exposes literally everything to literally everyone.

[...]

Not so with anything on the internet. Either it's impenetrable, even to legitimate law enforcement (but especially illegitimate law enforcement), or virtually every criminal on Earth already has access to it. There is very little in between.

This is grandiose. On Facebook without E2E encryption (but with TLS), your messages are only exposed to Facebook and whoever hacks them, which is a very remote possibility. Adding E2E encrypted messaging with a law enforcement decryption key that can only be used with a warrant does not increase the risk further than the non-E2E case, even if that key is ultimately compromised.

Then you decide to stan for cloud computers. Because a friend of yours is an idiot and didn't fix his NAS when it had a problem. But the fact of the matter is, the cloud is still only someone else's computer. And they can revoke access to your data just as capriciously as a RAID array might fail.

Somehow it never occurs to people making this argument that it's trivial to make off-site backups from cloud providers, if you're that worried about them revoking access.

Adding E2E encrypted messaging with a law enforcement decryption key that can only be used with a warrant does not increase the risk further than the non-E2E case, even if that key is ultimately compromised.

...

law enforcement decryption key that can only be used with a warrant

How exactly are you enforcing this? Magic? This is, technologically, an explicitly unsolvable problem. You may as well propose a defence system that relies on a diviner performing tarot readings to determine when missiles are incoming.

This is a common talking point, but it's never really made sense. People go down the route of saying, "Well, you can't have a mathematically provable way of verifying the validity of warrants," but that's not really relevant to the typical digital threat vectors that are normally relevant (I.e., a 400lb guy in a bed in Russia attacking your device over the internet thousands of times in the middle of the night). You can pretty easily have FB keep a private key in an HSM locked in a vault somewhere, not connected to the internet, and after their legal department has fully vetted the warrant request, they could take the encrypted blob of messages into the vault and use the purpose-built hardware to decrypt it. Sure, add some qualifier about, "..can only be used with a warrant, up to the accuracy with which FB's legal team can determine the validity of said warrant," but then your only objection fades away.

Of course, this method would also be subject to the possibility of abuse by the small number of FB insiders who are tasked with this warrant service, but that, by the terms of the argument made above, "does not increase the risk further than the non-E2E case," because in the non-E2E case, FB can also trivially abuse their access to your messages. The question here is to what extent you think FB is, itself, a threat actor, but I think the terms of the argument above stipulated that they weren't. The appropriate criticism (seen elsewhere here) is that they are.

I will actually grant that I'm not sure making an actual secret backdoor key in those lines is technologically impossible - I thought it was, but I'll freely grant that I may have been wrong there.

You can pretty easily have FB keep a private key in an HSM locked in a vault somewhere, not connected to the internet, and after their legal department has fully vetted the warrant request, they could take the encrypted blob of messages into the vault and use the purpose-built hardware to decrypt it. Sure, add some qualifier about, "..can only be used with a warrant, up to the accuracy with which FB's legal team can determine the validity of said warrant," but then your only objection fades away.

But you depart from reality here.

Think about how many law enforcement requests for this kind of data are made all over the world, every single day. Every single time a person in the UK makes a problematic tweet, that vault is getting opened. Every single minor crime or drug dealer that the police go after? That vault is getting opened. This kind of law enforcement key/bypass would have to be so easily accessible that the idea it wouldn't be leaked is just not viable.

How would it be leaked? It's buried in an HSM that is not connected to the internet and housed in an access-controlled vault. Just assuming a breakage of the first of those conditions (extracting a key from an HSM) utterly breaks all device security guarantees you have for all the devices you own. If step one of your plan to "leak" this key is to be able to break all device security guarantees for all devices everywhere, then we can probably conclude that this thing doesn't constitute a meaningful additional risk over the status quo. Like, mayyyyybe an epsilon increase, maybe. But that epsilon is sooooo small that it would be dwarfed by a literal billion other security improvements we could make in every other aspect of our digital computing.

How would it be leaked? It's buried in an HSM that is not connected to the internet and housed in an access-controlled vault. Just assuming a breakage of the first of those conditions (extracting a key from an HSM) utterly breaks all device security guarantees you have for all the devices you own.

This just isn't true. Microsoft can keep the signing keys for some important elements of the OS private, and those keys are only accessed extremely rarely and in specific circumstances. But the threat that I'm talking about is from actors who have legitimate access to the vault.

This super skeleton key that unlocks all encryption and allows you to bypass all security on financial transactions, privacy, government documents, military assets... not only is this going to be the most valuable key in the world with thousands of motivated parties trying to get access to it, there are going to be law enforcement and government requests for it on a constant basis. Think about how many warrants are served in the USA and then remember that every single one of them is going to involve someone getting access to this key. Then remember that this key is also in use everywhere else in the world - it has to be the same otherwise you've completely broken the internet and global economy by making encrypted communication between different nations impossible (it'd be illegal to have communications that don't allow access via this master key after all). So that means that every single time a Chinese, Russian, Brazilian or South African cop wants access to some communications, that vault is getting opened right back up again.

THAT is what makes it so likely to leak - this key is going to have to be accessed by millions of law enforcement officers and government officials every single day, and it is the most valuable key in the world given that it can defeat all encryption used in financial transactions and would make fraud and financial crime as easy as pie, let alone privacy invasion and surveillance. If you think that the Chinese (or American for that matter) government is going to use this access responsibly (or just not keep their word when they say they're not making copies of the key), lmao.

This conversation is about E2EE of Facebook messages, not bank transactions. Law enforcement/government can just subpoena your bank to get your bank transactions.

this key is going to have to be accessed by millions of law enforcement officers and government officials

Also BZZZZT. As I said, the only people that ever access this key are a small number of approved Facebook insiders. Law enforcement/government make requests (with warrants) to Facebook, but they never even touch the handle to the door of the vault that contains the computer with the HSM with the key.

But the threat that I'm talking about is from actors who have legitimate access to the vault.

This is why I had said:

Of course, this method would also be subject to the possibility of abuse by the small number of FB insiders who are tasked with this warrant service, but that, by the terms of the argument made above, "does not increase the risk further than the non-E2E case," because in the non-E2E case, FB can also trivially abuse their access to your messages. The question here is to what extent you think FB is, itself, a threat actor, but I think the terms of the argument above stipulated that they weren't. The appropriate criticism (seen elsewhere here) is that they are.

This conversation is about E2EE of Facebook messages, not bank transactions.

Oh, my mistake then - I was under the impression that we were talking about a more general system where all encrypted communications require a law-enforcement decryption key, with Facebook being given as a specific example. If you just want to boil it down to a single company then this discussion is an uninteresting and pointless aside to the broader discussion about banning all encryption without law enforcement decryption keys.

Yeah, I don't think this conversation was ever about entirely banning all encryption. Just about major companies like Facebook, Google, Apple, who the OP was claiming have better security than you anyway. A more general encryption policy discussion would have to encompass the more varied details of smaller organizations, their capability to do security in the first place, and the respective values of the information that goes across their wires. Plus obvious economic questions like regulatory entrenchment and such.

and whoever hacks them, which is a very remote possibility

Would you consider Microsoft making a configuration mistake giving read access to every Office 365 account to a test account that was then trivially hacked more or less likely than Facebook making a similar mistake? I work in IT too, and I would have considered Microsoft more serious than Facebook regarding security. Maybe I'm wrong and Microsoft is just unserious about security while Facebook is serious. Maybe. But personally I still adjusted my estimation of the likelihood of this kind of serious breach from all of FAANG(O)/big tech upwards.

My bias is Microsoft is a lot more incompetent at security than Facebook and they regularly prove it. They're getting better, but still have a long way to go. https://srslyriskybiz.substack.com/p/microsofts-security-culture-just

On Facebook without E2E encryption (but with TLS), your messages are only exposed to Facebook and whoever hacks them, which is a very remote possibility.

You obviously haven't heard of the third party doctrine.

If Facebook has your messages, and you haven't encrypted them E2E, the government can look at them any time they want without a warrant. Your statement that they can only be seen by Facebook and by hackers is false; the current legal environment makes them open to the government, no warrant needed.

You're also ignoring that for the government to look in your basement takes some effort. Looking at millions of people's data is trivial.

I responded to this third party doctrine concern you raised on a different comment here: https://www.themotte.org/post/851/culture-war-roundup-for-the-week/183485?context=8#context

But to recap

If Facebook has your messages, and you haven't encrypted them E2E, the government can look at them any time they want without a warrant.

This isn't exactly true. Things that neatly fall into the category of "communication" are protected, like 1:1 messages. Metadata and other content (like documents) are not.

You're also ignoring that for the government to look in your basement takes some effort. Looking at millions of people's data is trivial.

A different commenter also raised this. Addressed here: https://www.themotte.org/post/851/culture-war-roundup-for-the-week/183482?context=8#context

Wholesale surveillance has been criticized as fairly useless to law enforcement by security experts for a long time.

A different commenter also raised this. Addressed here: https://www.themotte.org/post/851/culture-war-roundup-for-the-week/183482?context=8#context

Wholesale surveillance has been criticized as fairly useless to law enforcement by security experts for a long time.

Useless at preventing crime. Fantastic as "Show me the person, and I'll show you the crime." I routinely see the government producing private non-serious conversations they've harvested through whatever means to defame the character of people they are politically persecuting.

Wholesale surveillance has been criticized as fairly useless to law enforcement by security experts for a long time.

  1. It might be useless for legitimate law enforcement purposes but fine and dandy for not-so-legitimate ones.

  2. I would argue that machine learning classifiers have made wholesale surveillance quite a bit more useful, by making it a lot easier. You want to find crimetalk, train a classifier with crimetalk and run everything through it; no need for humans to do all that work.

Fair enough. Eliot Spitzer got brought down because his bank transfers to a brothel were red flagged, they investigated, and they just happened to nail the governor of NY. Obviously what really happened is they brought up all of Eliot Spitzer's records, went over it with a magnifying glass, pieced together the brothel thing, and also noticed it had been red flagged (like a billion other transactions that are never looked at), and worked backwards from there to construct a story where they had cause.

So that's an extreme case. How often does this happen in practice though? Also, even in my extreme case, it doesn't seem actually wrong for this information to have come out about Eliot Spitzer?

So that's an extreme case. How often does this happen in practice though?

The magic of parallel construction -- where law enforcement obtains information from an illegitimate source, fabricates a chain of evidence back to a legitimate source, and then presents the fabricated chain to the court -- says we'll never know.

What is this place?

This website is a place for people who want to move past shady thinking and test their ideas in a court of people who don't all share the same biases. Our goal is to optimize for light, not heat; this is a group effort, and all commentators are asked to do their part.

The weekly Culture War threads host the most controversial topics and are the most visible aspect of The Motte. However, many other topics are appropriate here. We encourage people to post anything related to science, politics, or philosophy; if in doubt, post!

Check out The Vault for an archive of old quality posts. You are encouraged to crosspost these elsewhere.


Why are you called The Motte?

A motte is a stone keep on a raised earthwork common in early medieval fortifications. More pertinently, it's an element in a rhetorical move called a "Motte-and-Bailey", originally identified by philosopher Nicholas Shackel. It describes the tendency in discourse for people to move from a controversial but high value claim to a defensible but less exciting one upon any resistance to the former. He likens this to the medieval fortification, where a desirable land (the bailey) is abandoned when in danger for the more easily defended motte. In Shackel's words, "The Motte represents the defensible but undesired propositions to which one retreats when hard pressed."

On The Motte, always attempt to remain inside your defensible territory, even if you are not being pressed.


New post guidelines

If you're posting something that isn't related to the culture war, we encourage you to post a thread for it. A submission statement is highly appreciated, but isn't necessary for text posts or links to largely-text posts such as blogs or news articles; if we're unsure of the value of your post, we might remove it until you add a submission statement. A submission statement is required for non-text sources (videos, podcasts, images).

Culture war posts go in the culture war thread; all links must either include a submission statement or significant commentary. Bare links without those will be removed.

If in doubt, please post it!


Rules


Recommended Posts And Communities

Recommended Realtime Chats