Fuck ChatControl
Table of Contents
This is going to be a damn pain to write. It appears that in the EU, it may soon be illegal to send end-to-end encrypted messages. The privacy that Signal, Element or WhatsApp (yes, that one) afford us may soon be illegal. Now, this proposal did not yet specify exactly how they want to accomplish this, but they want something that the US was solving decades ago. If you want to see more, check out The Crypto Wars.
The short and sweet is that strong encryption systems were considered munitions. This meant that encryption was subject to the same export laws that missiles had. Phil Zimmerman was actually investigated in the 90’s for munitions export without a license! Since then, PGP has become a standard way to encrypt data, and it still works today!
But enough about the history of encryption, let’s talk about the future.
Your proposal is bad and you should feel bad
The EU wants to propose something that is mathematically impossible, or hugely illegal. Let’s put on our thinking hats for a minute and talk about the options in turn:
Backdoors in encrypted chat solutions
One way to get access to the messages is to simply stop using end-to-end. The message is encrypted in your device with the server’s key, decrypted on the server, then encrypted again for the recipient and sent off. This would allow anyone to read the messages while they’re being sent, do analysis on them, anything.
The issue is the same: this would allow anyone to read messages while they’re being sent. It also makes message tampering very very very easy, putting “encrypted” messages right on par with text messages, so fuck-all useful. If the message server is compromised, some guy is going to have access to anyone’s messages until they are removed. Or in the case of the EU, they will have all access all the time.
On-request encryption disabling
An apparent “more sensible way” would be to disable encryption for chats which are flagged as potentially inappropriate. The issue here is: How do we determine when to disable the encryption? If it’s E2EE by default, you cannot tell from looking at the encrypted stuff if it’s something you may be interested in, so this way gives you no information to know what’s bad and good! Of course, this would not work, because the EU will be trigger-happy.
Spyware on every device
The last option I can think of off the top of my head is that a keylogger on your device to log everything you type. This bypasses encryption completely, but then the information would have to be transferred, causing a pain on your data plan. But how do they get this spyware on devices? Will it be shipped with Android sold in the EU? I hate to break this news to you, but some devices can be reinstalled to remove most of the original OS.
These are the potential solution. But one more thing I forgot to mention one thing: the exceptions. You might think that all people in the EU should be supervised, right? If it’s to protect the children, as they sell it, it should concern all the people who may abuse children. If the current scandals are anything to go by, politicians should be the first ones to get snooped on.
Secondly, we have the new NIS2 legislation coming in, and that expands the national security concerns to thousands of companies and entities. This would mean that all employees of these companies should be exempt in order to keep the supply chain secure! Which is more important, protecting children, or exempting thousands of people who may be dangerous for children, but cannot be snooped on because they work for a critical infrastructure supplier?
How this is broken on birth
In the beginning, I discussed PGP. This system does not rely on any central entity to generate public/private keypairs, and your public key can be shared in any way you desire. If you want, you can share it via snail mail (which still has some protections on it). The public key will be useless to an attacker, and the encrypted text can be sent via any “state-allowed” method (e.g. e-mail, whatsapp, whatever).
What does this mean? Even if any of the above methods are implemented, they could still be bypassed with some solid maths. Of course, there are other methods of encryption, but I like PGP for an example. If you wish,you can use OMEMO or any other encryption system, but the fact of the matter is that PGP is the most cross-platform encryption system and it’s system-agnostic. The fact that the EU wants to limit something that has been proven to be unbreakable if used properly is like putting the genie back in the bottle. We already have the technology, targeting Signal and Messenger will not make these technologies go away.
SHIT: Self-Hosting Is Transformative
The proposal itself only appears to target the big boy messaging services, like Messenger, Signal, or Discord. But there are a whole group of applications which do not adhere to the centralized model, such as Element or XMPP.
(NOTE: I will be partial to XMPP, since that’s the one I’m familiar with and that I actually used before.)
If you take something like XMPP, you can choose basically everything, since it’s not an app only, it’s a standard. It incorporates encryption, file sharing, and not only can you pick an app of your choice (my choice is Conversations, but you can also self-host it. This means that you do not need to touch any commercial solution! Next, it’s not that difficult to host! In terms of resources, a reasonably sized server can run on a bloody Raspberry Pi. And to top it off, the XMPP stanard is decentralized-by-default, so if your system can be reached by another server, you can chat with other people. Imagine e-mail, but encrypted by default, on your own hardware. If you want to test it out, there are public servers, and if you’re ready to jump in, just put it on a server somewhere in the world and chat away!
If you want to go the mainstream way, you can host an Element node. There are now multiple server versions you can run (Synapse, Dendrite, etc.), which offer the same basic functionality, but with different system requirements. Overall, the system is much more resource-heavy than XMPP, but still, it is an option. Again, there are public Element servers, but those may very soon be targeted by the EU investigation as well. As opposed to a penis, here it’s “the smaller, the better.”
Should it pass, we can drown it.
Let us now imagine the worst-case scenario. All messages, self-hosted or otherwise, will be intercepted and saved on some EU server to be investigated at the authorities’ whim. What can we do then?
NSA is already running this program called PRISM which does a similar things. Think we forgot? No, we didn’t. The thing is: When this system started, there were much fewer messages regularly sent on these platforms. Nowadays, the amount of data would probably melt any single point. Imagine all this data from millions of people flowing into a single point in the EU. There isn’t enough storage to do all this, and the AI they will inevitably implement (come on, we all know it’s going to happen) will burn megawatts to ingest and investigate all the information.
Sure, the EU can estimate how much data will flow into the system per day and scale their ingestion system accordingly. Now, that’s fine, they can do that, after all, they know how many people are in the EU and how many messages will be sent. Now, it would be a shame if there were suddenly… many more messages being sent on these services, right?
The great bot-burn
If we consider communication online, we see it all too often. Messages, comments, entire websites are now commanded by bots, not humans. The dead Internet theory is real, unfortunately.
Now, the issue is the amount. If you get a chat server where 100% of the messages are human, you want them all. But how would you determine who’s a human and who’s not? In today’s age of AI, that is more and more difficult to determine. Now imagine a chat server where 99% of the messages are trash. For every message you want to investigate, there is 99 filled with absolute trash from a bot that will be discarded.
This technology already exists, and is quite easy to run. I can create tons of bots and let them loose on a public chatserver, chatting in real time, discussing bullshit or just scraping public messages on message boards or just Twitter. What would happen to the EU saving servers and processors indexing these messages? Not much, probably. Not with one server. Now imagine the same server running dozens, hundreds, thousands of bots sending messages randomly. This can be thought of as “poisoning the well,” where you have the information, but you have no way to easily tell real stuff from the bad. If you want to do more, you can also include some stupid encoding, making the text harder to see, but that could tell the systems that this is probably trash. An in-user encoding-decoding (which is not technically encryption) might obfuscate this. So now the AI will not only have to make sense of your messages, but for every message you send, you get thousands of similar messages that are trash. What use would this system be? And remember, this will cost money, and the company doing this (there will be a public tender, most likely) will not do this out of the kindness of their heart. It’s not their problem to sort out wheat from chaff, so they will happily take the increased traffic and pass on the cost to the customer, in this case the EU and the taxpayer.
So if you want to help, I’ll probably someday start a project with the goal to create a system that does the following:
- Set up accounts on public chat servers (or create its own chat server)
- Creates hundreds of bot accounts
- Have those bot accounts chat with each other and real users of the system, which the users can safely ignore
- Diluting valuable information on the server with tons and tons of trash.
This system, if run on enough devices and all funneled into the ChatControl system could really be “the rust upon their gears.”
In closing
This proposal is horrenoudly ineffective at doing what it set off to do; we can tell as much already. If Signal is blocked, a new alternative will spring up. If that is shut down, someone will create a new overlay for stuff that already exists to make it more user-friendly. In short, they’re fucked.
If encryption is outlawed, I will be the first to hang. This is a hill worth dying on. Maybe next time, I’ll write some more about the Google Android situation, but for now, this has to do.