Issue 102

Think of the children

Delivered on 02 March 2021 by Justin Pyvis. About a 4 min read.

When someone invokes child welfare as the central part of their argument, there's a good chance they're trying to pull a fast one. On Saturday Dennis Shanahan, The Australian's Canberra Bureau Chief, did exactly that in an attempt to shame Facebook and win over public support for the corporate welfare his employer recently received from the Australian government:

...tens of thousands of pedophiles used open-source messengers, such as Facebook, to create, sell and share the cruel and sadistic sexual material during the COVID-19 pandemic.

Children in poor countries are being sold for Bitcoins to satisfy growing numbers of remote sexual abusers who will be able to “go dark” more easily.

Yet, despite campaigns from advanced countries, national and international police forces, and child protection agencies, Facebook is pressing ahead with plans to provide a cloak of secrecy to such behaviour which it concedes involves thousands of their users.
Allowing subscribers end-to-end encryption — which means people can use the Facebook platform without the existing monitoring and reporting of suspicious behaviour — is the same as its ­attempts to defeat the Australian government’s precedent-setting media bargaining code.
Helen Lovejoy, won't you think of the children?

People smuggling and child abuse are very real issues. But disallowing Facebook subscribers end-to-end encryption will do very little to help the children. It may not occur to Shanahan or Peter Dutton (Australia's Home Affairs Minister), whom he quotes heavily in the article, but criminals will use end-to-end encryption even if it's not used by Facebook (which is probably why he conveniently omit stats about how many of the "20,000 reports of ­potential child abuse" have actually resulted in convictions).

If catching paedophiles is your goal, a far more effective method is to use old-fashioned police work, e.g. honey pots, which get around the fact that most paedophiles already "use encryption techniques and anonymous networks on the Dark Web to hide their amassed inventory of illegal child abuse images".

The laws of Australia, contrary to the views of former 'techie' Prime Minister Malcolm Turnbull, do not override the laws of mathematics. If you ban encryption (or mandate a backdoor), you create a vulnerability that exposes every legitimate user to potential harm in exchange for the chance of catching a small number of not-so-bright criminals, effectively violating Blackstone's ratio.

If Facebook wants to encrypt messaging on its platform – which, contrary to Shanahan's claim, is not open source – that is hardly grounds for "moral suasion, public outcry and consumer pressure". In face, properly implemented end-to-end encryption on Facebook would reduce the amount of data it collects and potentially force Facebook to change its business model from one that puts "profits before people", which is exactly what Shanahan claims he wants!

The only similarity Facebook's potential move to end-to-end encryption has with the "government’s precedent-setting media bargaining code" is the complete and utter lack of subject matter comprehension displayed by the government and commentators such as Shanahan.

Facebook sells out

Facebook surprised no one last week when it did exactly as predicted, following Google by caving to the Australian government's new media bargaining code:

Facebook announced on Friday preliminary agreements with three Australian publishers, a day after the Parliament passed a law that would make the digital giants pay for news.
Australia’s Parliament on Thursday had passed the final amendments to the so-called News Media Bargaining Code.

In return for the changes, Facebook agreed to lift a six-day-old ban on Australians accessing and sharing news.

As I wrote last week [emphasis added]:

With Facebook no longer posting links to Australian news websites, those people are simply consuming less Australian news. That can't be good for media companies' bottom lines and if the trend continues it will strengthen Facebook's bargaining power in its ongoing negotiations with the Australian government.
Corporate welfare, crony capitalism, rent seeking; call it what you will. Everything about this code stinks, but unfortunately Google's capitulation (and I fully expect Facebook to follow - the Zuck's not one to pass up on a buck, even if governments clip the ticket on the way through) means this competition-stifling code will soon be exported around the world in various forms.

The final amendments ensured Facebook could bypass the code by paying off a few large legacy media providers, as Google did the week prior. The sums paid, of course, are confidential and will no doubt be fully tax deductible against their respective Australian earnings.

So the end result of all this drama is Facebook and Google will remain largely unchanged in Australia, with some of their revenue transferred to a few wealthy Australian media oligarchs, partially paid for by the taxpayer and increased barriers to entry for potential competitors. In other words, the opposite of the ACCC's mandate of "promoting competition, fair trading and regulating national infrastructure for the benefit of all Australians".


When in doubt, blame the intern

News of the SolarWinds hack, which involved Microsoft and several US bureaucracies including the Treasury, Department of State, Department of Commerce, Department of Energy and even the National Nuclear Security Administration, broke back in December. Following an investigation, executives at the company have thrown an intern under the bus:

Confronted by Rep. Rashida Tlaib, former SolarWinds CEO Kevin Thompson said the password issue was "a mistake that an intern made."

"They violated our password policies and they posted that password on an internal, on their own private Github account," Thompson said. "As soon as it was identified and brought to the attention of my security team, they took that down."

Neither Thompson nor Ramakrishna [SolarWinds' current CEO] explained to lawmakers why the company's technology allowed for such passwords in the first place.

This isn't the intern's fault. Any corporation worth its salt will have protocols in place to ensure GitHub passwords are only used in conjunction with public-key authentication, so even if the intern's 'solarwinds123' password was never changed it may not have resulted in any harm (their private key(s) would also need to be compromised).

I'm one person with zero revenue, not a 2,700-person strong corporation with $US1 billion in revenue, and that's how I authenticate with my servers. Someone should lose their job but it shouldn't be the intern.

Issue 102: Think of the children was compiled by Justin Pyvis and delivered on 02 March 2021.