Going Dark: The war on encryption is on the rise

State mass surveillance

Under the slogan ‘Think of the children’, the European Commission tried to introduce total surveillance of all EU citizens. When the scandal was revealed, it turned out that American tech companies and security services had been involved in the bill, generally known as ‘Chat Control’ – and that the whole thing had been directed by completely different interests. Now comes the next attempt. New battering rams have been brought out with the ‘Going Dark’ initiative. But the ambition is the same: to install state spyware on every European cell phone and computer.

On May 11, 2022, EU Commissioner Ylva Johansson presented a legislative
proposal under the official name ”Regulation of the European Parliament
and of the Council laying down rules to prevent and combat child sexual
abuse
.”

Ylva Johansson made a point of this being her bill: it was she who had
devised it – no one else – and if it had not been for her, Europe’s
justice system would “go blind” in the hunt to track sexual abuse of
children. In Ylva’s world, the EU would “turn into a pedophiles’
paradise” if she didn’t get her way. It was easy to marvel at how, on
almost every occasion, Ylva Johansson was keen to point out that this
was her proposal. A touch of narcissism? Maybe. But perhaps there was
something else behind this self-centered proclamation. Because it would
eventually emerge that in fact Ylva Johansson was not alone behind the
scenes. Right from the start, there were others involved – actors who
would benefit from the bill being passed, but who preferred it not to be
known that they were involved in designing it.

The rhetoric was clear from day one: it was all about the children, and
when it comes to children, there’s nothing we can’t imagine doing to
keep them safe. So Ylva Johansson put forward a proposal that meant
total surveillance of all EU citizens and as soon as someone opposed it,
she pulled out the think-of-the-children card. But those who could see
through the bluff quickly gave the proposal (those parts of the bill
that dealt with internet surveillance) a shorter and more appropriate
name: Chat Control.

In brief, Chat Control essentially meant that the communications of
every EU citizen would be monitored. Every call, every message and every
chat, all the emails, photos, and videos saved in cloud services – all
of it would be filtered in real time via artificial intelligence and
then checked in a newly established EU center, in close cooperation with
Europol.

Since the bill was in violation of the European Convention on Human
Rights, the EU Charter and the UN Declaration of Human Rights, Chat
Control was rejected by one legislative body after another. Both the
Council of
Ministers

and the European Commission’s own legal
service

warned against the proposal, as did the European Parliament’s Data
Protection
Board
.
The UN Human Rights Council described Chat Control as incompatible with
fundamental human rights and stated that the proposal would lead to
mass surveillance and
self-censorship
.
Former judges at the European Court of Justice said that the proposal
was in breach of the EU Charter of
Rights

and 465 researchers joined forces to warn of the
consequences
.

Faced with massive criticism, Ylva Johansson defended herself. According
to her, everyone else had misunderstood the bill. Chat Control was
certainly not about mass surveillance and everyone making that claim was
simply out to discredit her.

Chat Control – total monitoring of all EU citizens.

Chat Control is sometimes also called Chat Control 2.0, since existing
legislation already makes it possible for tech companies such as Google
and Meta to scan their users’ accounts for child pornography material.
The fact that there was already a law that allowed tech companies to
scan for illegal content – if they chose to – was something Ylva
Johansson was not slow to mention. She explained that her draft bill was
nothing but an extension of the scanning that had already been going on
for ten
years
.
She also referred to the existing legislation when she said that the EU
would become a free zone for pedophiles unless her bill went through –
as that legislation would expire in the summer of 2024.

Time and time again Ylva Johansson was proven wrong by journalists and
experts. In fact, nothing prevented the EU from extending the existing
law, rather than introducing a new one. And above all: Ylva’s bill was
anything but an extension. The differences between the current law and
the proposed legislation were extreme. In Ylva Johansson’s EU, scanning
would not be voluntary. All messaging services (including encrypted
services such as Signal) would be covered by the law and would be forced
to scan their users’ images, videos and conversations. That would be a
big concern for all those who don’t use Meta or Google to converse
because they are in need of secure communication methods. In other
words, political opponents, whistleblowers, journalists and their
sources, vulnerable people living under secret identities and others,
not to mention people with trade secrets, and those in possession of
sensitive information important for national security. For example, the
European Commission itself uses Signal. Demanding government
transparency (either through so-called backdoors or scanning on the
computer or phone) would open a Pandora’s box to countries with
authoritarian inclinations (and five EU countries have already been
caught

using spyware to monitor political opponents) and would leave the door
wide open for criminals to exploit. But it was not only this that
separated the existing legislation from the draft bill that the European
Commission wanted to introduce.

The previous legislation had only allowed scanning for material that had
previously been stamped and registered as child pornography material.
Now, AI would be used to find ‘new material’ and would also look for
grooming attempts. Quite obviously, Chat Control would therefore send
every other citizen of the EU straight into the filtering system.
Holiday photos from the beach, nude photos sent between partners, dirty
text messages – all the things that no AI system can distinguish
between would risk getting caught in a filter that would inevitably
drown any new EU center with endless digital heaps of evidence to
review. Is this a holiday photo of a child or child pornography? Are
these skimpily dressed youngsters 18 or 14? Is this a dirty text message
from a wife to a husband or a grooming attempt? But above all, Chat
Control would mean a tool that could be used to scan for completely
different things.

When Ylva Johansson was asked whether it would be possible to
communicate safely even after her bill was introduced, she answered
“Yes.” And a whole world of experts asked “How?” Ylva replied that she
had something nobody else had. A digital sniffer dog that could smell
encrypted communication without looking at the content. A sniffer dog
that only reacted to child pornography content – never anything else.

A group of experts tried to hammer the message home: either encrypted
communication is encrypted (so-called end-to-end encryption, which only
the sender and the recipient can see) or it’s not encrypted. There’s no
‘seeing the content’ without reading it. But Ylva stood by her claim.
She came back to the same argument over and over again. She avoided
answering the questions (she obviously didn’t understand how the
technology worked) but instead turned the direction of the discussion,
saying, for example, that a court order would be required to carry out
scanning, which in itself was deliberately misleading. Firstly, her
scanning would not require an order from a court – it could be one from
another judicial body. And secondly, the key issue was that judicial
body making a decision that would force messaging services to monitor
all their users. So in other words, when Ylva proclaimed “it requires a
court order,” she wasn’t talking about courts and their decisions to
monitor people such as suspected pedophiles. She was talking about how a
service would be forced to permit surveillance. What was required for a
service to be subject to surveillance? Merely that there was a
possibility to use the service to spread child pornography or to groom
children. Which of course means every messaging service on the planet.

As soon as Ylva Johansson was shown to be in the wrong, she shifted her
focus. But in the end, she always came back to the final refuge: it’s
all about the children. She related anecdotes and referred to figures
that pointed to an exponential increase in child pornography material on
Facebook, for example – even though Facebook itself stated that 90
percent of all reports come from material previously
distributed
.

The European Commission, led by Ylva Johansson, received criticism from
all directions. Police chiefs pointed out that most of the material they
receive today involves teenagers sending pictures to each
other

and that such reports risk leading the police in the wrong direction.
Scanning tests carried out by European police on existing material
showed that 80-90 percent of all hits were false
positives
.
Now, moreover, ‘new material’ would be scanned – which would obviously
mean an impossible administrative burden merely to distinguish between
illegal images and holiday pictures from family days on the beach. The
error rate would clearly be approaching 100 percent. For a European
justice system that even today is unable to follow up all the
tips

it receives, this would be devastating. And criminals would, of course,
turn to illegal messaging services. No children would be helped. At the
same time, every EU citizen would have spyware installed on their
phones.

How did Ylva Johansson deal with this information? Not at all. Instead,
like a scratched record, she continued urging everyone to “think of the
children.” She also ordered a survey that said 80 percent of the EU
population supports Chat Control. The problem? The European Commission
used its Eurobarometer series of public opinion surveys in way that
opened it to accusations of blurring the line between research and
propaganda. When asked to comment on the Chat Control survey, the Max
Planck Institute for the Study of Societies concluded that it had a
political agenda and consisted of questions that were
biased

to support the Commission’s plans.

Ylva Johansson was employing blatant deception. She used incorrect
figures and biased surveys. In interviews, she was populist and evasive.
But she was forced to resort to these methods. Because it was never
about the children.

American tech companies and security services behind the draft bill

In September 2023, a major investigative article was published by three
journalists: Giacomo Zandonini, Apostolis Fotiadis, and Luděk Stavinoha.
After seven months of trying to get the European Commission to release
public documents, they finally obtained a piece of material that allowed
them to start putting together the puzzle. The puzzle that revealed the
true stakes behind Chat
Control
.
The article, which was published in several European newspapers,
included a letter in which Ylva Johansson wrote to Julie Cordua, CEO of
the American company Thorn: “We have shared many moments on the journey
to this proposal. Now I am looking to you to help make sure that this
launch is a successful one.”

Thorn is an American company, formed by actor Ashton Kutcher, which
develops tools that scan for child pornography material. Thorn had sold
software worth millions of dollars to the U.S. Department of Homeland
Security. Ashton Kutcher himself had held video conferences with
European Commission President Ursula von der Leyen, and had given
lectures in the EU on how new technologies can scan encrypted content
without looking at it. The picture of Ylva Johansson’s digital sniffer
dog suddenly became clear.

For several years Kutcher lobbied the European Commission (until he was
forced to resign as chairman of Thorn’s board after defending his
acting colleague Danny Masterson when he was convicted of rape). He held
meetings with others at the European Commission and had an extra close
relationship with the Commission’s Eva Kaili (until she was convicted
of
bribery
).

So here was an American company in direct contact with the European
Commission. An American company that just happened to sell the
technology that could be used if Chat Control was introduced. In
addition, it was all based on a false premise. The technology Kutcher
and Johansson talked about did not exist. Expert after expert condemned
their talk of sniffer
dogs
.

And here’s yet another seedy aspect to this scandal: in the EU
transparency register, Thorn was registered as a charitable organization
– despite selling the technology they were lecturing about in the EU.
The trick of disguising organizations and corporations as charities
would turn out to be a recurring motif.

Since the draft Chat Control bill was presented, Ylva Johansson has
constantly referred to children’s rights organizations that support her
proposal. She has worked with them in a PR context, as a way to show how
Chat Control has the support of independent, nonprofit organizations
that care about children. A central organization in this work has been
the WeProtect Global Alliance. When Zandonini, Fotiadis, and Stavinoha
published their article, it turned out that the European Commission had
been involved in founding this organization, and that it included
representatives from both tech companies and security services in
different countries. Ylva Johansson’s colleague in the European
Commission, Labrador Jimenez, was on the Board of Directors of
WeProtect, together with Thorn’s CEO Julie Cordua, representatives of
Interpol, and government officials from the US and the UK (the latter
simultaneously pursuing its own monitoring legislation, also using
children as the battering ram). Thorn had put a great deal of money into
WeProtect. The European Commission had contributed one million euros. In
other words, it wasn’t children’s rights organizations that were
supporting Ylva Johansson. It was lobbying organizations set up by the
European Commission to get the bill through.

The Board of Directors of WeProtect also included representatives from
the Oak Foundation, who, in addition to their involvement in WeProtect,
had also been involved in setting up ECLAG (another charity that
supported the Chat Control proposal). ECLAG was launched just a few
weeks after Ylva Johansson’s draft bill was presented, and Thorn was
also represented on this organization’s board. And there was still
another organization: the Brave Movement, an organization formed a month
before the proposed Chat Control bill was introduced. Brave was launched
with $10 million from the Oak Foundation and a strategy paper
discovered by the journalists stated that “once the EU Survivors
taskforce is established and we are clear on the mobilized survivors, we
will establish a list pairing responsible survivors with Members of the
European Parliament – we will ‘divide and conquer’ the MEPs by
deploying in priority survivors from MEPs’ countries of origin.”

The Oak Foundation also appeared in an article carried out by the
Intercept
.
In 2023, an American organization called the Heat Initiative was formed.
On paper, they were a “new child safety group” and the first thing they
did was campaign for Apple to “detect, report, and remove” child
pornography material from iCloud. Apple responded that this would be
something that criminals would be able to exploit and that it could also
lead to a “potential for a slippery slope of unintended consequences.
Scanning for one type of content, for instance, opens the door for bulk
surveillance.”

The Heat Initiative did not like this answer and fought back with
anti-Apple propaganda on large advertising billboards in American cities
under the theme of ‘think of the children.’ But who was behind the Heat
Initiative, besides the Oak Foundation? Heat was led by a former vice
president at Thorn. The Intercept article also referred to the
fact

that Thorn was working with Palantir, the big-data company that helped
the NSA mass-monitor the whole
world

and was involved in the Cambridge Analytica scandal where Facebook
users’ private messages and
data

were used to influence the presidential election on behalf of Donald
Trump in 2016.

In other words, the European Commission was involved in funding and
starting up charities with the aim of exploiting existing victims to
emotionally influence EU parliamentarians. In close cooperation with the
tech company providing the technology that would be used in the
implementation of the monitoring. Together with representatives of
non-European security services. As part of a larger apparatus, where the
same tactics were used to influence developments in the United States.

At the same time, the real organizations working to counter sexual
crimes against children were wondering why the European Commission was
refusing to talk to them. In the same investigative
report
,
Offlimits, Europe’s oldest hotline for vulnerable children, tells how
Ylva Johansson would rather go to Silicon Valley to meet companies
interested in making huge profits than talk to them.

The same is true of the technical experts. Matthew Green, Professor of
Cryptography at John Hopkins University, said: “In the first impact
assessment of the EU Commission there was almost no outside scientific
input and that’s really amazing since Europe has a terrific scientific
infrastructure, with the top researchers in cryptography and computer
security all over the world.”

However, Europol was involved in drafting the law, together with
security services from other
countries
.
In July 2022, Europol wrote that it wanted to be able to use scanning
and surveillance for purposes other than sexual offenses against
children. The European Commission
responded

that it understood the wish but that it had “to be realistic in terms of
what could be expected, given the many sensitivities around the
proposal.” Thorn was also clear in understanding that the scanning
could later be used for other
purposes
:
“When considering regulation or legislation on encryption it should not
be done solely focusing on CSAM. Solutions for detection in encrypted
environments are much broader than one single crime,” the company wrote
in one
document
.

It was later revealed that Europol was looking for unfiltered access to
the scanned
material
:
“All data is useful and should be passed on to law enforcement. There
should be no filtering by the [EU] Centre because even an innocent
image might contain information that could at some point be useful to
law enforcement.”

European Parliament: “the commission wanted mass surveillance.”

So here was the European Commission, working on legislative proposals
together with a Europol that wanted access to all surveillance,
regardless of whether it contained something illegal or not – simply
because it could be useful to have. In other words, it really wasn’t
about the children.

When articles were published about the EU Commission’s horrifyingly
undemocratic approach, Ylva Johansson’s office at the European
Commission responded by advertising on the platform X (formerly
Twitter). They targeted advertisements (pro Chat Control) so that
decision-makers in different countries would see them, but also so that
they would not be seen by people suspected to be strongly against the
proposal. The advertising was also targeted on the basis of religious
and political affiliation and thus violated the EU’s own laws
regarding
micro-targeting
.

Officials at the highest EU level thus used data collected by big tech
to try to create illegal filter bubbles designed to push through a mass
surveillance proposal. The whole thing ended with Ylva Johansson being
summoned to a hearing in the European Parliament. An almost united
European Parliament was massively critical of Ylva Johansson and her
approach. She was grilled about Thorn’s interference and about the
targeted ads and the EU Ombudsman denounced the European Commission’s
unwillingness to share public documents regarding the relationship with
Thorn (the European Commission had assumed these would be classified
because they risked undermining commercial interests …) Ylva
Johansson’s answer? “Think of the children.”

In November 2023, the European Parliament’s final judgment was
delivered
.
In an almost historic consensus, all the groups in the Parliament stood
together and said “No” to the bill. At the press conference,
representatives from the Parliament
said
:
“This is a slap in the face of the Commission, what we’ve tabled. The
Commission wasn’t focusing on protecting children but wanted mass
surveillance.” Patrick Breyer, who has been the most active opponent in
the EU Parliament, called it a victory for the children, adding “They
deserve an effective response and a rights-respecting response that will
hold up in court.”

Breyer was referring to the fact that Chat Control would most likely not
hold up in court if the bill had been passed. Just a few months later, a
ruling from the European Court of
Justice

ruled that authorities do not have the right to demand access to
end-to-end encrypted communications.

But the Chat Control proposal wasn’t completely buried just because the
European Parliament had taken a clear stance against it. In the EU, two
bodies are involved in the adoption of legislative proposals made by the
European Commission: the European Parliament and the Council of
Ministers. But while the European Parliament was extremely clear and
unified in its stance, the Council of Ministers was hopelessly unable to
reach an agreement. When new EU elections approached in summer 2024,
they had not yet managed to come to a consensus. However, the Council of
Ministers also began to hesitate about the technology. Ultimately, it
had become evident to most people that Ylva’s digital sniffer dog
didn’t exist. There was no technology that could scan communication
without looking at it. Parts of the Council of Ministers therefore
proposed

that scanning should be excluded for politicians, the police and
intelligence services, as well as anything classified as ‘professional
secrets.’ Obviously, there were politicians who were afraid that their
secrets would leak, but who had nothing against mass surveillance of the
broader population. Patrick Breyer was clear in his response: “these
people are aware that Chat Control involves unreliable and dangerous
snooping algorithms – and yet they are ready to unleash them on us
citizens.”

Even Ylva Johansson finally realized that she was defeated. Did she then
go public and announce that Europe would now be blind in the hunt for
pedophiles? Of course not. She quickly and easily did what she had
previously been completely unable to do: she extended the previous
legislation.

New attempt at mass surveillance via the Going Dark initiative

The fact that the European Parliament rejected Chat Control didn’t mean
that attempts to introduce mass surveillance were over. During Sweden’s
EU Presidency in spring 2023, a project called Going Dark was initiated.
The idea from the Swedish Presidency was initially that a so-called High
Level Expert Group would be launched. The task of putting together the
group went to the European Commission, which immediately removed the
‘Expert’ label. Instead of a High Level Expert Group, a High Level Group
was formed. As the Netzpolitik
newspaper

put it: “Removing the word ‘expert’ is no small detail: special rules
apply to Expert groups, for example when it comes to transparency. Rules
that do not apply to High Level Groups.”

Once again, the European Commission chose to start the preparatory work
linked to mass surveillance without allowing experts to play a serious
part in the process. When the group met for the first time, it stated
that the group’s purpose was to discuss
methods

to achieve “access to data for effective law enforcement, based on and
guided by the inputs from the EU Member States.”

Some challenges were identified as particularly
pressing
:
access to encrypted material (both stored data and communication), data
storage, location data, and anonymization (including VPNs and Darknets).

Once the group was united, it was divided into three working
groups
:
the first would work with access to data on users’ devices (computer and
mobile), the second group would focus on access to data in the services’
systems (messaging apps, for example), and the third group would discuss
access to data in transit.

According to the minutes of the meeting of the Swedish Parliament’s
Committee on European Union Affairs, the group worked “to present
effective recommendations for the accession of the new Commission in
2024 and for those recommendations to be
implemented.”

Future legislative proposals from the European Commission could thus be
assumed to be about providing access to data on users’ devices and in
the messaging services’ systems, and to data in transit. Patrick Breyer,
who had worked hard to counter Chat Control, said the group was just an
extension of past offensives and that Going Dark was working to
introduce illegal mass
surveillance
.
When he requested documents from the group’s meetings and a list of the
attendees, he received a document with the information blacked out as
if
classified
.
The European Commission had thus put together a working group aiming to
achieve mass surveillance of the broader population while not being
transparent about who was part of the group. It was like a scratched
record. Gone was the old excuse “think of the children”, but the goal
was the same.

However, some transparency was obtained through the Swedish Ministry of
Justice, which at Mullvad VPN’s request provided both meeting notes and
information about the Swedish representatives present at the meetings.

The first Going Dark meeting was led by two people. One was Olivier
Onidi, who is Deputy Director General directly under Ylva Johansson in
the European Commission. Onidi has expressed that the “valuable” thing
about Chat Control is “to cover all forms of communication, including
private
communication”
,
and he defended Ylva Johansson and Chat Control when he
said
:
“I think it’s totally unfair to point this out as a mandatory inspection
of all private communications. That’s not what you have in front of you.
This proposal is a huge improvement over the current situation.”

Onidi has also been questioned for his meetings with the American
company
Palantir

(notorious for its involvement in US authorities’ illegal mass
surveillance).

The second person who led the first Going Dark meeting was Anna-Carin
Svensson, international chief negotiator at the Swedish Justice
Department, who, according to WikiLeaks documents in 2010, allegedly
urged the US State Department and the FBI to continue with the current
informal exchange of information between the countries instead of
signing formal agreements. According to the American representatives at
the meeting, it was about withholding information from the Swedish
Parliament
:

“She believed that, given the Swedish Constitution’s requirement to
present matters of importance to the nation to the Swedish Parliament,
and in light of the ongoing controversy over the newly decided FRA law
[FRA, Försvarets radioanstalt, the Swedish National Defence Radio
Establishment, is a Swedish government signals agency], it will be
politically impossible for the Minister of Justice not to let the
Parliament review any data exchange agreements with the United States.
In her opinion, the publication of this could also jeopardize the
informal exchange of information,” the leaked documents said.

According to the documents, Anna-Carin Svensson asked the FBI if they
could not continue to make use of the strong but informal arrangements.
When the documents leaked, Svensson denied everything and stated: “I
cannot be held responsible for how Americans express themselves.”

From the Swedish side, the Ministry of Justice was represented at the
Going Dark meetings, but so was the Swedish Security Service (Säpo) and
the Swedish Police Authority. Together with representatives from the
other Member States, they used the High Level Group meetings to discuss
how, through legislation, encrypted services could be required to
provide data in readable format. Several Member States argued that “the
working groups needed to look at solutions that involved ‘legal access
through design’.” This was something that pleased American
representatives.

At the Going Dark meeting on November 21, 2023, a former FBI employee
was also present, who said that “solutions for legal access (to data on
device) should be prioritized” and that “companies needed to have a
responsibility and follow the same rules.” As a former FBI employee, he
also expressed “his gratitude for the fact that the issue was being
pursued within the EU.”

European police chiefs: we cannot accept criminals using secure communications.

The Going Dark meetings resulted in an outcry from the assembled police
chiefs of Europe. In April 2024 Europol published the
challenge

“European Police Chiefs call for industry and governments to take action
against end-to-end encryption roll-out.” The declaration was a “direct
extension of the Going Dark
initiative”

and, together, the European police authorities were clear that although
encryption is “a means of strengthening the cyber security and privacy
of citizens … we do not accept that there need be a binary choice
between cyber security or privacy on the one hand and public safety on
the other. Absolutism on either side is not helpful.”

It was as if Ylva Johansson’s sniffer dog had caught the scent again. In
the absence of expertise, the Going Dark initiative tried to magic away
the fact that end-to-end encryption is absolute – either you have
secure communication or you don’t.

The assembled police chiefs claimed there were two key factors for
achieving online
security

– which turned out to be direct repetitions of the reasoning in the
Going Dark discussions. Number 1: so-called legal access to the tech
companies’ stored data. Number 2: real-time scanning of illegal activity
in tech companies’ services. Naturally, they said, all this would be
done under strong protection and supervision.

Stefan Hector, a representative of the Swedish Police Authority, said
that “a society cannot accept that criminals today have a space to
communicate safely in order to commit serious
crimes.”

A week later, it was revealed that the Swedish police had been
infiltrated and were leaking information to
criminals
.

Although the UN classifies encryption as a human
right
,
the Going Dark initiative and the European police force are fighting to
smash end-to-end encryption. Their first move came as a reaction to
Meta rolling out exactly such
encryption
.
The echoes from the Chat Control debate are clear. But it is also an
echo of an older battle.

The Going Dark initiative is really just an extension of the so-called
crypto war (the war against encryption) that US authorities have been
involved in since the internet began. As Signal’s CEO Meredith
Whittaker said in a keynote
speech
:

“Encryption was essential for the commercial internet. But law
enforcement and security services saw any network resistant to
government surveillance as a threat and a problem.”

The US authorities have already tested the backdoors that the European
Going Dark initiative is now seeking. Edward Snowden revealed that the
NSA spent $250 million a
year

getting tech companies to install backdoors in their services, which
also exposed the risks of backdoors. In 2010, Chinese hackers managed
to use a Google
backdoor

to get into Gmail. The same thing happened in 2005, when state
surveillance of Vodafone was
exploited
by outside
actors to bug the Greek Prime Minister, his Foreign Minister, Justice
Minister, and a hundred other government officials.

And when it comes to client-side scanning, it’s also doomed to fail.
Apple, one of the world’s most technologically advanced and wealthy
companies, has poured incredible resources into figuring out if it can
be done in a secure and private way. But when Apple made its effort
public, it took hackers just two weeks to break in. Apple abandoned the
attempt and continue to say no to anyone who asks them to try this again
simply because it’s too easy to hack systems where client-side
scanning is
involved
.

Snowden’s revelations changed the internet in many respects. Encrypted
websites (https) became standard. End-to-end encrypted messaging
services like Signal saw a widespread increase in popularity. Apple
started using strong encryption in its operating systems. From having
virtually free access to people’s internet traffic (if they didn’t use a
trustworthy VPN, that is) and from having been able to read people’s
messages in plain text, the internet now became more difficult for US
authorities to mass monitor.

In her lecture,
Meredith Whittaker points to an important point: “Strong encryption was
an important win. But the result of this win was not privacy. Indeed,
the legacy of the crypto wars was to trade privacy for encryption – and
to usher in an age of mass corporate surveillance. Because the power to
enable – or violate – privacy was left in the hands of companies, not
those who relied on their services. Companies that were incentivized to
implement surveillance in service of advertising and commerce.”

For more than twenty years, so-called commercial mass surveillance has
created some of the richest companies in the world. The fact that Meta
is rolling out end-to-end encryption doesn’t mean they have abandoned
their business model. But it was still sufficient for the European
police chiefs, cheered on by the US authorities, to make a joint
declaration demanding legal access to the content in secure and private
communications. Meredith Whittaker again:

“In my view, the ferocity of the current attack on end-to-end
encryption, and other privacy-preserving technologies, is very much
related to a desire by some in government to return to the less fettered
access to surveillance that they see as having lost post-Snowden.”

We can see the attack coming in Europe right now. But the movement is
based in the United States. Back in 2014, just a year after Snowden’s
revelations, FBI Director James Comey
spoke

of how “the challenges of real-time interception threaten to leave us in
the dark, encryption threatens to lead all of us to a very dark place.”

The US authorities, which in 2014 had recently been caught spying on the
entire world, used a particular expression when they began lobbying to
regain access to easily controlling everything and everyone. FBI
Director Comey talked about “Going Dark.”

Read More

Gaylene Lupo