Link

The So-Called Privacy Problems with WhatsApp

(Photo by Anton on Pexels.com)

ProPublica, which is typically known for its excellent journalism, published a particularly terrible piece earlier this week that fundamentally miscast how encryption works and how Facebook vis-a-vis WhatsApp works to keep communications secured. The article, “How Facebook Undermines Privacy Protections for Its 2 Billion WhatsApp Users,” focuses on two so-called problems.

The So-Called Privacy Problems with WhatsApp

First, the authors explain that WhatsApp has a system whereby recipients of messages can report content they have received to WhatsApp on the basis that it is abusive or otherwise violates WhatsApp’s Terms of Service. The article frames this reporting process as a way of undermining privacy on the basis that secured messages are not kept solely between the sender(s) and recipient(s) of the communications but can be sent to other parties, such as WhatsApp. In effect, the ability to voluntarily forward messages to WhatsApp that someone has received is cast as breaking the privacy promises that have been made by WhatsApp.

Second, the authors note that WhatsApp collects a large volume of metadata in the course of using the application. Using lawful processes, government agencies have compelled WhatsApp to disclose metadata on some of their users in order to pursue investigations and secure convictions against individuals. The case that is focused on involves a government employee who leaked confidential banking information to Buzzfeed, and which were subsequently reported out.

Assessing the Problems

In the case of forwarding messages for abuse reporting purposes, encryption is not broken and the feature is not new. These kinds of processes offer a mechanism that lets individuals self-identify and report on problematic content. Such content can include child grooming, the communications of illicit or inappropriate messages or audio-visual content, or other abusive information.

What we do learn, however, is that the ‘reactive’ and ‘proactive’ methods of detecting abuse need to be fixed. In the case of the former, only about 1,000 people are responsible for intaking and reviewing the reported content after it has first been filtered by an AI:

Seated at computers in pods organized by work assignments, these hourly workers use special Facebook software to sift through streams of private messages, images and videos that have been reported by WhatsApp users as improper and then screened by the company’s artificial intelligence systems. These contractors pass judgment on whatever flashes on their screen — claims of everything from fraud or spam to child porn and potential terrorist plotting — typically in less than a minute.


Further, the employees are often reliant on machine learning-based translations of content which makes it challenging to assess what is, in fact, being communicated in abusive messages. As reported,

… using Facebook’s language-translation tool, which reviewers said could be so inaccurate that it sometimes labeled messages in Arabic as being in Spanish. The tool also offered little guidance on local slang, political context or sexual innuendo. “In the three years I’ve been there,” one moderator said, “it’s always been horrible.”

There are also proactive modes of watching for abusive content using AI-based systems. As noted in the article,

Artificial intelligence initiates a second set of queues — so-called proactive ones — by scanning unencrypted data that WhatsApp collects about its users and comparing it against suspicious account information and messaging patterns (a new account rapidly sending out a high volume of chats is evidence of spam), as well as terms and images that have previously been deemed abusive. The unencrypted data available for scrutiny is extensive. It includes the names and profile images of a user’s WhatsApp groups as well as their phone number, profile photo, status message, phone battery level, language and time zone, unique mobile phone ID and IP address, wireless signal strength and phone operating system, as a list of their electronic devices, any related Facebook and Instagram accounts, the last time they used the app and any previous history of violations.

Unfortunately, the AI often makes mistakes. This led one interviewed content reviewer to state that, “[t]here were a lot of innocent photos on there that were not allowed to be on there … It might have been a photo of a child taking a bath, and there was nothing wrong with it.” Often, “the artificial intelligence is not that intelligent.”

The vast collection of metadata has been a long-reported concern and issue associated with WhatsApp and, in fact, was one of the many reasons why many individuals advocate for the use of Signal instead. The reporting in the ProPublica article helpfully summarizes the vast amount of metadata that is collected but that collection, in and of itself, does not present any evidence that Facebook or WhatsApp have transformed the application into one which inappropriately intrudes into persons’ privacy.

ProPublica Sets Back Reasonable Encryption Policy Debates

The ProPublica article harmfully sets back broader policy discussion around what is, and is not, a reasonable approach for platforms to take in moderating abuse when they have integrated strong end-to-end encryption. Such encryption prevents unauthorized third-parties–inclusive of the platform providers themselves–from reading or analyzing the content of the communications themselves. Enabling a reporting feature means that individuals who receive a communication are empowered to report it to a company, and the company can subsequently analyze what has been sent and take action if the content violates a terms of service or privacy policy clause.

In suggesting that what WhatsApp has implemented is somehow wrong, it becomes more challenging for other companies to deploy similar reporting features without fearing that their decision will be reported on as ‘undermining privacy’. While there may be a valid policy discussion to be had–is a reporting process the correct way of dealing with abusive content and messages?–the authors didn’t go there. Nor did they seriously investigate whether additional resources should be adopted to analyze reported content, or talk with artificial intelligence experts or machine-based translation experts on whether Facebook’s efforts to automate the reporting process are adequate, appropriate, or flawed from the start. All those would be very interesting, valid, and important contributions to the broader discussion about integrating trust and safety features into encrypted messaging applications. But…those are not things that the authors choose to delve into.

The authors could have, also, discussed the broader importance (and challenges) in building out messaging systems that can deliberately conceal metadata, and the benefits and drawbacks of such systems. While the authors do discuss how metadata can be used to crack down on individuals in government who leak data, as well as assist in criminal investigations and prosecutions, there is little said about what kinds of metadata are most important to conceal and the tradeoffs in doing so. Again, there are some who think that all or most metadata should be concealed, and others who hold opposite views: there is room for a reasonable policy debate to be had and reported on.

Unfortunately, instead of actually taking up and reporting on the very valid policy discussions that are at the edges of their article, the authors choose to just be bombastic and asserted that WhatsApp was undermining the privacy protections that individuals thought they have when using the application. It’s bad reporting, insofar as it distorts the facts, and is particularly disappointing given that ProPublica has shown it has the chops to do good investigative work that is well sourced and nuanced in its outputs. This article, however, absolutely failed to make the cut.

Link

Project GUNMAN and the Telling of Intelligence Histories

This story of how the National Security Agency (NSA) was involved in analyzing typewriter bugs that were implanted by agents of the USSR in the 1980s is pretty amazing (.pdf) in terms of the technical and operational details which are have been written about. It’s also revealing in terms of how the parties who are permitted to write about these materials breathlessly describe the agencies’ past exploits. In critically reading these kinds of accounts its possible to learn how the agencies, themselves, regard themselves and their activities. In effect, how history is ‘created’—or propaganda written, depending on how your read the article in question—functions to reveal the nature of the actors involved in that creation and the way that myths and truths are created and replicated.

As a slight aside, whenever I come across material like this I’m reminded of just how poor the Canadian government is in disclosing its own intelligence agencies’ histories. As senior members of the Canadian intelligence community retire or pass away, and as recorded materials waste away or are disposed of, key information that is needed to understand how and why Canada has acted in the world are being lost. This has the effect of impoverishing Canadians’ own understandings of how their governments have operated, with the result that Canadian histories often risk missing essential information that could reveal hidden depths to what Canadians know about their country and its past.

Link

When the Government Decides to Waylay Parliament

Steven Chaplin has a really great explanation of whether the Canadian government can rely on national security and evidentiary laws to lawfully justify refusing to provide documents to the House of Commons, and to House committees. His analysis and explanation arose as a result of the Canadian government doing everything it could to, first, refuse to provide documents to the Parliamentary Committee which was studying Canadian-Chinese relations and, subsequently, refusing to provide the documents when compelled to do so by the House of Commons itself.

Rather than releasing the requested documents the government turned to the courts to adjudicate whether the documents in question–which were asserted to contain sensitive national security information–must, in fact, be released to the House or whether they could instead be sent to an executive committee, filled with Members of Parliament and Senators, to assess the contents instead. As Chaplin notes,

Having the courts intervene, as proposed by the government’s application in the Federal Court, is not an option. The application is clearly precluded by Article 9 of the Bill of Rights, 1689, which provides that a proceeding in Parliament ought not to be impeached or questioned in court. Article 9 not only allows for free speech; it is also a constitutional limit on the jurisdiction of the courts to preclude judicial interference in the business of the House.

The House ordered that the documents be tabled without redaction. Any decision of the court that found to the contrary would impeach or question the proceeding that led to the Order. And any attempt by the courts to balance the interests involved would constitute the courts becoming involved in ascertaining, and thereby questioning, the needs of the House and why the House wants the documents.

Beyond the Court’s involvement impeding into the territory of Parliament, there could be serious and long-term implications of letting the court become a space wherein the government and the House fight to obtain information that has been demanded. Specifically,

It may be that at the end of the day the government will continue to refuse to produce documents. In the same way that the government cannot use the courts to withhold documents, the House cannot go to court to compel the government to produce them, or to order witnesses to attend proceedings. It could also invite disobedience of witnesses, requiring the House to either drop inquiries or involve the courts to compel attendance or evidence. Allowing, or requiring, the government and the House to resolve their differences in the courts would not only be contrary to the constitutional principles of Article 9, but “would inevitably create delays, disruption, uncertainties and costs which would hold up the nation’s business and on that account would be unacceptable even if, in the end, the Speaker’s rulings were vindicated as entirely proper” (Canada (House of Commons) v. Vaid [2005]). In short, the courts have no business intervening one way or the other.

Throughout the discussions that have taken place about this issue in Canada, what has been most striking is that the national security commentators and elites have envisioned that the National Security and Intelligence Committee of Parliamentarians (NSICOP) could (and should) be tasked to resolve any and all particularly sensitive national security issues that might be of interest to Parliament. None, however, seems to have contemplated that Parliament, itself, might take issue with the government trying to exclude Parliament from engaging in assessments of the government’s national security decisions nor that issue would be taken when topics of interest to Parliamentarians were punted into an executive body, wherein their fellow Members of Parliament on the body were sworn to the strictest secrecy. Instead, elites have hand waved to the importance of preserving secrecy in order for Canada to receive intelligence from allies, as well as asserted that the government would never mislead Parliament on national security matters (about which, these same experts explain, Members of Parliament are not prepared to receive, process, or understand given the sophistication of the intelligence and the apparent simplicity of most Parliamentarians themselves).

This was the topic of a recent episode of the Intrepid Podcast, where Philippe Lagassé noted that the exclusion of parliamentary experts when creating NSICOP meant that these entirely predictable showdown situations were functionally baked into how the executive body was composed. As someone who raised the issue of adopting an executive, versus a standing House, committee and was rebuffed as being ignorant of the reality of national security it’s with more than a little satisfaction that the very concerns which were raised when NSICOP was being created are, in fact, arising on the political agenda.

With regard to the documents that the House Committee was seeking, I don’t know or particularly care what their contents include. From my own experience I’m all too well aware that ‘national security’ is often stamped on things that either governments want to keep from the public because they can be politically damaging, be kept from the public just generally because of a culture of non-transparency and refusal of accountability, as well as (less often) be kept from the public on the basis that there are bonafide national security interests at stake. I do, however, care that the Government of Canada has (again) acted counter to Parliament’s wishes and has deliberately worked to impede the House from doing its work.

Successive governments seem to genuinely believe that they get to ‘rule’ Canada absolutely and with little accountability. While this is, in function, largely true given how cowed Members of Parliament are to their party leaders it’s incredibly serious and depressing to see the government further erode Parliament’s powers and abilities to fulfil its duties. A healthy democracy is filled with bumps for the government as it is held to account but, sadly, the Government of Canada–regardless of the party in power–is incredibly active in keeping itself, and its behaviours, from the public eye and thus held to account.

If only a committee might be struck to solve this problem…

Link

Ephemerality in Messaging

Signal announced last week that their users could set a default that messages would auto-delete themselves after a period of time from 30 second to four weeks. The default would apply to all conversations, though could be modified on a per-conversation basis. The company wrote,

As the norms for how people connect have changed, much of the communication that once took place through the medium of coffee shops, bars, and parks now takes place through the medium of digital devices. One side effect of this shift from analog to digital is the conjoined shift from the ephemeral to the eternal: words once transiently spoken are now – more often than not – data stored forever.

I tend to think that the retain-forever approach that digital technologies have imposed on contemporary life is deeply unhealthy, and think pretty highly of the early work done by people like Mayer-Schonberger despite some of my critiques. As I noted when I reviewed his book,

… comprehensive digital remembering collapses history and thus impairs our judgement to act in time, while denying humans the chance to evolve, develop, and learn. This leaves us to helplessly oscillate between two equally troubling options: a permanent past and an ignorant present.

Signal’s approach, while appreciated, is also only a first step as they don’t provide an easy way to also extract and permanently retain some communications outside of their environment. Why does this matter? Because there are, in fact, some conversations that need to be retained for some time, be they personal (e.g., last communications with a loved on) or professional (e.g., government employees required to retain substantive decisions and conversations in archives). The company might introduce a flag where–with the consent of both parties–specific parts of conversations could be retained indefinitely outside of the default deletion times. Adding in the friction of retention would serve to replicate how ‘remembering’ often works in non-digital contexts: it takes extra effort to create facsimiles. We should strive to replicate that into more of our digital environments.

Still, Signal’s approach–enabling deletion by default–is arguably an effort to bend communications closer to their historical norms and, as such, likely for the better. They’re obviously not the first company to think this way–Snapchat famously led the way, and numerous social companies’ ‘stories’ posts are designed delete after 24 hours for ‘privacy’ and also (really) engagement reasons–but I think that it’s meaningful that a text-messaging company is introducing this as a way of easily setting defaults for forgetting.

Link

Economics and Software Bills of Materials (SBOM)

In an article for The Hill, Shannon Lantzy and Kelly Rozumalski have discussed how Software Bill Of Materials (SBOMs) are good for business as well as security. SBOMs more forcefully emerged on the American policy space after the Biden Whitehouse promulgated an Executive Order on cybersecurity on May 12, 2021. The Order included a requirement that developers and private companies providing services to the United States government be required to produce Software Bill of Materials (SBOM).1 SBOMs are meant to help incident responders to cybersecurity events assess what APIs, libraries, or other digital elements might be vulnerable to an identified operation, and also help government procurement agencies better ensure the digital assets in a product or service meet a specified security standard.

Specifically, Lantzy and Rozumalsko write:

Product offerings that are already secure-by-design will be able to command a premium price because consumers will be able to compare SBOMs.

Products with inherently less patchable components will also benefit. A universal SBOM mandate will make it easy to spot vulnerabilities, creating market risk for lagging products; firms will be forced to reengineer the products before getting hacked. While this seems like a new cost to the laggards, it’s really just a transfer of future risk to a current cost of reengineering. The key to a universal mandate is that all laggards will incur this cost at roughly the same time, thereby not losing a competitive edge.

The promise of increased security and reduced risk will not be realized by SBOM mandates alone. Tooling and putting this mandate in practice will be required to realize the full power of the SBOM.

The idea of internalizing security costs to developers, and potentially increasing the cost of goods, has been something that has been discussed publicly and with Western governments for at least two decades or more. We’ve seen the overall risk profiles presented to organizations continue to increase year over year as a result of companies racing to market with little regard for security, which was a business development strategy that made sense when they experienced few economic liabilities for selling products with severe cybersecurity limitations or vulnerabilities. In theory, enabling comparison shopping vis-a-vis SBOMs will disincentivize companies from selling low-grade equipment and services if they want to get into high-profit enterprise or high-reliability government contracts, with the effect being that security improvements will also trickle down to the products purchased by consumers as well (‘trickle down cybersecurity’).

While I think that SBOMs are definitely a part of developing cybersecurity resilience it remains to be seen just how much consumers will pay for ‘more secure’ products given that, first, they are economically incentivized to pay the lowest possible amounts for goods and services and, second, they are unlikely to know for certain what is a good or bad security practice. Advocates of SBOMs often refer to them as akin to nutrition labels but we know that at most about a third of consumers read those labels (and those who read them often experience societal pressures to regulate caloric intake and thus read the labels) and, also, that the labels are often inaccurate.

It will be very interesting to see whether enterprise and consumers alike will be able or willing to pay higher up-front costs, to say nothing of being able to actually trust what is on the SBOM labels. Will companies that adopt SBOM products suffer a lower rate of cybersecurity incidents, or ones that are of reduced seriousness, or be able to respond more quickly when a cybersecurity incident has been realized? We’re going to actually be able to test the promises of SBOMs, soon, and it’s going to be fascinating to see things play out.


  1. I have a published a summary and brief analysis of this Executive Order elsewhere in case you want to read it. ↩︎
Link

Operation Fox Hunt

(Photo by Erik Mclean on Pexels.com)

ProPublica’s Sebastian Rotella and Kirsten Berg have an outstanding piece on the Chinese government’s efforts to compel individuals to return to China to face often trumped up charges. Efforts include secretly sending Chinese officials into the United States to surveil, harass, intimidate, and stalk residents of the United States, and also imprisoning or otherwise threatening residents’ family member who have remained in China.

Many of the details in the article are the result of court records, interviews, and assessments of Chinese media. It remains to be seen whether Chinese agents’ abilities to conduct ‘fox hunts’ will be impeded now that the US government is more aware of these operations. Given the attention and suspicion now cast towards citizens of China, however, there is also a risk that FBI agents may become overzealous in their investigations to the detriment of law-abiding Chinese-Americans or visitors from China.

In an ideal world there would be equivalent analyses or publications on the extent to which these operations are also undertaken in Canada. To date, however, there is no equivalent to ProPublica’s piece in the Canadian media landscape and given the Canadian media’s contraction we can’t realistically expect anything, anytime soon. However, even a short piece which assessed whether individuals from China who’ve run operations in the United States, and who are now barred from entering the US or would face charges upon crossing the US border, are similarly barred or under an extradition order in Canada would be a positive addition to what we know of how the Canadian government is responding to these kinds of Chinese operations.

Link

Alarmist Takes On Chinese Influence Operations Must Be Set Aside

Lotus Ruan and Gabrielle Lim have a terrific piece in Just Security ‌which strongly makes the case that, “fears of Chinese disinformation are often exaggerated by overblown assessments of the effects of China’s propaganda campaigns and casually drawn attributions.”

The two make clear that there are serious issues with how some Western policy analysts and politicians are suggesting that their governments respond to foreign influence operations that are associated with Chinese public and private parties. To begin, the very efficacy of influence operations remains mired in questions. While this is an area that is seeing more research of late, academics and policy analysts alike cannot assert with significant accuracy whether foreign influence operations have any real impact on domestic opinions or feelings. This should call for conservatism in the policies which are advanced but, instead, we often see calls for Western nations to adopt the internet ‘sovereignty’ positions championed by Russia and China themselves. These analysts and politicians are, in other words, asserting that they only way to be safe from China (and Russia) is to adopt those countries’ own policies.

Even were such (bad) policies adopted, it’s unclear that they would resolve the worst challenges facing countries such as the United States today. Anti-vaxxers, pro-coup supporters, and Big Lie advocates have all been affected by domestic influence operations that were (and are) championed by legitimately elected politicians, celebrities, and major media personalities. Building a sovereign internet ecosystem will do nothing to protect from the threats that are inside the continental United States and which are clearly having a deleterious effect on American society.

What I think I most appreciated in the piece by Ruan and Lim is that they frankly and directly called out many of the so-called solutions to disinformation and influence operations as racist. As just one example, there are those who call for ‘clean’ technologies that juxtapose Western against non-Western technologies. These kinds of arguments often directly perpetuate racist policies; they will not only do nothing to mitigate the spread of misinformation but will simultaneously cast suspicion and violence towards non-Caucasian members of society. Such proposals must be resisted and the authors are to be congratulated for directly and forcefully calling out the policies for what they are instead of carefully critiquing the proposals without actually calling them as racist as they are.

Link

Standards as the Contemporary Highway System

Jonathan Zittrain, in remarks prepared a few weeks ago, framed Internet protocol standards in a novel way. Specifically, he stated:

Second, it’s entirely fitting for a government to actively subsidize public goods like a common defense, a highway system, and, throughout the Internet’s evolution, the public interest development of standards and protocols to interlink otherwise-disparate systems. These subsidies for the development of Internet protocols, often expressed as grants to individual networking researchers at universities by such organizations as the National Science Foundation, were absolutely instrumental in the coalescence of Internet standards and the leasing of wholesale commercial networks on which to test them. (They also inspired some legislators to advertise their own foresight in having facilitated such strategic funding.) Alongside other basic science research support, this was perhaps some of the best bang for the buck that the American taxpayer has received in the history of the country. Government support in the tens of millions over a course of decades resulted in a flourishing of a networked economy measured in trillions.

Zittrain’s framing of this issue builds on some writing I’ve published around standards. In the executive summary of a report I wrote a few months ago, I stated that,

… the Government of Canada could more prominently engage with standards bodies to, at least in part, guarantee that such standards have security principles baked in and enabled by default; such efforts could include allocating tax relief to corporations, as well as funding to non-governmental organizations or charities, so that Canadians and Canadian interests are more deeply embedded in standards development processes.

To date I haven’t heard of this position being adopted by the Government of Canada, or even debated in public. However, framing this as a new kind of roadway could be the kind of rhetorical framing that would help it gain traction.

Repurposing Apple Time Capsule as a Network Drive

(Photo by MockupEditor.com on Pexels.com)

For the past several years I’ve happily used an Apple Time Capsule as my router and one of many backup drives, but it’s been getting a big long in the tooth as the number of items on my network has grown. I recently upgraded to a new router but wanted to continue using my Time Capsule, and it’s very large drive, for LAN backups.

A post in Apple’s discussion forums helpfully kicked off how to reset the wireless settings for the Time Capsule and prepare it to just live on the network as a drive. After following those instructions, all I needed to do was:

  1. Open Time Machine Preferences on my device;
  2. Select ‘Add or Remove Backup Disk…’;
  3. Select the freshly networked disk;
  4. Choose to use the pre-existing backup image, and input the encryption password for the backup.

Voila! And now my disk–with all its data–is available on the network and capable of continuing my Time Machine backups!

Link

Which States Most Require ‘Democratic Support’?

Roland Paris and Jennifer Walsh have an excellent, and thought-provoking, column in the Globe and Mail where they argue that Western democracies need to adopt a ‘democratic support’ agenda. Such an agenda has multiple points comprising:

  1. States getting their own democratic houses in order;
  2. States defending themselves and other democracies against authoritarian states’ attempts to disrupt democracies or coerce residents of democracies;
  3. States assisting other democracies which are at risk of slipping toward authoritarianism.

In principle, each of these points make sense and can interoperate with one another. The vision is not to inject democracy into states but, instead, to protect existing systems and demonstrate their utility as a way of weaning nations towards adopting and establishing democratic institutions. The authors also assert that countries like Canada should learn from non-Western democracies, such as Korea or Taiwan, to appreciate how they have maintained their institutions in the face of the pandemic as a way to showcase how ‘peer nations’ also implement democratic norms and principles.

While I agree with the positions the authors suggest, far towards the end of the article they delicately slip in what is the biggest challenge to any such agenda. Namely, they write:

Time is short for Canada to articulate its vision for democracy support. The countdown to the 2024 U.S. presidential election is already under way, and no one can predict its outcome. Meanwhile, two of Canada’s closest democratic partners in Europe, Germany and France, may soon turn inward, preoccupied by pivotal national elections that will feature their own brands of populist politics.1

In warning that the United States may be an unreliable promoter of democracy (and, by extension, human rights and international rules and order which have backstopped Western-dominated world governance for the past 50 years) the authors reveal the real threat. What does it mean when the United States is regarded as likely to become more deeply mired in internecine ideological conflicts that absorbs its own attention, limits its productive global engagements, and is used by competitor and authoritarian nations to warn of the consequences of “American-style” democracy?

I raise these questions because if the authors’ concerns are fair (and I think they are) then any democracy support agenda may need to proceed with the presumption that the USA may be a wavering or episodic partner in associated activities. To some extent, assuming this position would speak more broadly to a recognition that the great power has significantly fallen. To even take this as possible–to the extent that contingency planning is needed to address potential episodic American commitment to the agenda of buttressing democracies–should make clear that the American wavering is the key issue: in a world where the USA is regarded as unreliable, what does this mean for other democracies and how they support fellow democratic states? Do countries, such as Canada and others with high rule-of-law democratic governments, focus first and foremost on ‘supporting’ US democracy? And, if so, what does this entail? How do you support a flailing and (arguably) failing global hegemon?

I don’t pretend to have the answers. But it seems that when we talk about supporting democracies, and can’t rely on the USA to show up in five years, then the metaphorical fire isn’t approaching our house but a chunk of the house is on fire. And that has to absolutely be our first concern: can we put out the fire and save the house, or do we need to retreat with our children and most precious objects and relocate? And, if we must retreat…to where do we retreat?


  1. Emphasis not in original. ↩︎