Apple’s Nonsensical Attack On Beeper For Making Apple’s Own Users Safer

(Mis)Uses of Technology

from the weakening-security-to-lock-up-users dept

Apple has spent the past few years pushing the marketing message that it, alone among the big tech companies, is dedicated to your privacy. This has always been something of an exaggeration, but certainly less of Apple’s business is based around making use of your data, and the company has built in some useful encryption elements to its services (both for data at rest, and data in transit). But, its actions over the past few days call all of that into question, and suggest that Apple’s commitment to privacy is much more a commitment to walled gardens and Apple’s bottom line, rather than the privacy of Apple’s users.

First, some background:

Back in September, we noted that the EU had designated which services were going to be “gatekeepers” under the Digital Markets Act (DMA), which would put on them various obligations, including regarding some level of interoperability. Apple had been fighting the EU over whether or not iMessage would qualify, and just a few days ago there were reports that the EU would not designate iMessage as a gatekeeper. But that’s not final yet. This also came a few weeks after Apple revealed that, after years of pushing back on the idea, it might finally support RCS for messaging (though an older version that doesn’t support end-to-end encryption).

Separately, for years, there has been some debate over Apple’s setup in which messaging from Android phones shows up in “green bubbles” vs. iMessage’s “blue bubbles.” The whole green vs. blue argument is kind of silly, but some people reasonably pointed out that by not allowing Android users to actually use iMessage itself, it was making communications less secure. That’s because messages within the iMessage ecosystem can be end-to-end encrypted. But messages between iMessage and an Android phone are not. If Apple actually opened up iMessage to other devices, messaging for iPhone users and the people they spoke to would be much more protected.

But, instead of doing that, Apple has generally made snarky “just buy an iPhone” comments when asked about its unwillingness to interoperate securely.

That’s why Apple’s actions over the last week have been so stupidly frustrating.

For the past few years, some entrepreneurs (including some of the folks who built the first great smartwatch, the Pebble), have been building Beeper, a universal messaging app that is amazing. I’ve been using it since May and have sworn by it and gotten many others to use it as well. It creates a very nice, very usable single interface for a long list of messaging apps, reminiscent of earlier such services like Trillian or Pidgin… but better. It’s built on top of Matrix, the open-source decentralized messaging platform.

Over the last few months I’ve been talking up Beeper to lots of folks as the kind of app the world needs more of. It fits with my larger vision of a world in which protocols dominate over siloed platforms. It’s also an example of the kind of adversarial interoperability that used to be standard, and which Cory Doctorow rightfully argues is a necessary component of stopping the enshittification curve of walled garden services.

Of course, as we’ve noted, the big walled gardens are generally not huge fans of things that break down their walls, and have fought back over the years, including with terrible CFAA lawsuits against similar aggregators (the key one being Facebook’s lawsuit against Power.com). And ever since I started using Beeper, I wondered if anyone (and especially Apple) might take the same approach and sue.

There have been some reasonable concerns, about how Beeper handled end-to-end encrypted messaging services like Signal, WhatsApp, and iMessage. It originally did this by basically setting up a bunch of servers that it controls, which has access to your messages. In some ways, Beeper is an “approved” man-in-the-middle attack on your messages, with some safeguards, but built in such a way that those messages are no longer truly end-to-end encrypted. Beeper has taken steps to do this as securely as possible, and many users will think those tradeoffs are acceptable for the benefit. But, still, those messages have not been truly end-to-end encrypted. (For what it’s worth, Beeper open sourced this part of its code so if you were truly concerned, you could also host the bridge yourself and basically man in the middle yourself to make Beeper work, but I’m guessing very few people did that).

That said, from early on Beeper has made it clear that it would like to move away from this setup to true end-to-end encryption, but that requires interoperable end-to-end encrypted APIs, which (arguably) the DMA may mandate.

Or… maybe it just takes a smart hacking teen.

Over the summer, a 16-year-old named James Gill reached out to Beeper’s Eric Migicovsky and said he’d reimplemented iMessage in a project he’d released called Pypush. Basically, he reverse engineered iMessage and created a system by which you could message securely in a truly end-to-end encrypted manner with iMessage users.

If you want to understand the gory details, and why this setup is actually secure (and not just secure-like), Snazzy Labs has a great video:

Over the last few months, Beeper had upgraded the bridge setup it used for iMessage within its offering to make use of Pypush. Beeper also released a separate new app for Android, called Beeper Mini, which is just for making iMessage available for Android users in an end-to-end encrypted manner. It also allows users (unlike the original Beeper, now known as Beeper Cloud) to communicate with iMessage users just via their phone number, and not via an AppleID (Beeper Cloud requires the Apple ID). Beeper Mini costs $2/month (after a short free trial), and apparently there was demand for it.

I spoke to Migicovsky on Sunday and he told me they had over 100k downloads in the first two days it was available, and that it’s the most successful launch of a paid Android app ever. It was a clear cut example of why interoperability without permission (adversarial interoperability) is so important, and folks like Cory Doctorow rightfully cheered this on.

But all that attention also seems to have finally woken up Apple. On Friday, users of both Beeper Cloud and Beeper Mini found that they could no longer message people via iMessage. If you watch that YouTube video above by Snazzy Labs, he explains why it’s not that easy for Apple to block the way Beeper Mini works, but, Apple still has more resources at its disposal than just about anyone else and devoted some of them to doing exactly what Snazzy Labs (and Beeper) thought it was unlikely to do: blocking Beeper Mini from working.

So… with that all as background, the key thing to understand here is that Beeper Mini was making everyone’s messaging more secure. It certainly better protected Android users in making sure their messages to iPhone users were encrypted. And it similarly better protected Apple users, in making sure their messages to Android users were also encrypted. Which means that Apple’s response to this whole mess underscores the lie that Apple cares about users’ privacy.

Apple’s PR strategy is often to just stay silent, but it actually did respond to David Pierce at the Verge and put out a PR statement that is simply utter nonsense, claiming it did this to “protect” Apple users.

At Apple, we build our products and services with industry-leading privacy and security technologies designed to give users control of their data and keep personal information safe. We took steps to protect our users by blocking techniques that exploit fake credentials in order to gain access to iMessage. These techniques posed significant risks to user security and privacy, including the potential for metadata exposure and enabling unwanted messages, spam, and phishing attacks. We will continue to make updates in the future to protect our users. 

Almost everything here is wrong. Literally, Beeper Mini’s interoperable setup better protected the privacy of Apple’s customers than Apple itself did. Beeper Mini’s setup absolutely did not “pose significant risks to user security and privacy.” It effectively piggybacked onto Apple’s end-to-end encryption system to make sure that it was extended to messages between iOS users and Android users, better protecting both of them.

When I spoke to Eric on Sunday he pledged that if Apple truly believed that Beeper Mini somehow put Apple users at risk, he was happy to agree to have the software fully audited by an independent third party security auditor that the two organizations agreed upon to see if it created any security vulnerabilities.

For many years people like myself and Cory Doctorow have been talking up the importance of interoperability, open protocols, and an end to locked-down silos. Big companies, including Apple, have often made claims about “security” and “privacy” to argue against such openness. But this seems like a pretty clear case in which that’s obviously bullshit. The security claims here are weak, given that from the way Beeper Mini is constructed, it seems significantly more secure than Apple’s own implementation, which puts less security on iOS-Android interactions.

And for Apple to do this just as policymakers are looking for more and more ways to ensure openness and interoperability seems like a very stupid self-own. We’ll see if the EU decides to exempt iMessage from the DMA’s “gateekeeper” classification and its interop requirements, but policymakers elsewhere are certainly noticing.

While I often think that Elizabeth Warren’s tech policy plans are bonkers, she’s correctly calling out this effort by Apple.

She’s correct. Chatting between different platforms should be easy and secure, and Apple choosing to weaken the protections of its users while claiming it’s doing the opposite is absolute nonsense, and should be called out as such.

Filed Under: adversarial interoperability, blue bubbles, end to end encryption, green bubbles, imessage, interoperability, messaging, open source, protocols, pypush, silos
Companies: apple, beeper

2023: The Year ‘Cord Cutting’ Became The Majority Norm

Culture

from the that-thing-you-said-wasn't-happening-definitely-happened dept

It wasn’t that long ago that cable TV execs were trying to claim that “cord cutting” was either outright fiction, or a fad that would end once Millennials started procreating. The willful denial among cable execs was downright palpable for the better part of the last decade. Now they all just pretend like they never made those claims or predictions.

Fast forward to 2023, and streaming subscriptions are poised to pass traditional cable TV subscriptions for the first time ever. According to new analysis by research firm Insider Intelligence, by the end of this year, the number of cable TV subscribers will drop 10.2% to 121.1 million, while non-pay TV customers (streaming, antenna) will soar 12.5%, to 144.1 million.

By 2027, the firm estimates that 182.4 million Americans will be streaming TV customers while “just” 91.3 million Americans will subscribe to cable TV:

“Regardless of how one defines pay TV, there is an unmistakable attrition in the number of people who are willing to pay upwards of $100 a month for a live TV bundle,” Paul Verna, vice president of content at II, said. “The cord cutters have won.”

Organizations like Nielsen indicate that the Rubicon already technically crossed back in June, when the firm reported that 38% of all television viewing was now being done via streaming, compared with 31% for traditional cable. In 2023, broadcast TV viewing accounted for 20.8% of total TV watching, a new low point.

It’s all fairly impressive for a trend that executives spent the better part of a decade trying to pretend wasn’t happening. Even sports leagues, the last major reason to retain a traditional cable connection, have slowly been beefing up their direct-to-consumer live streaming options (see: NFL+).

Now that’s not to say there isn’t trouble in paradise. We’ve seen ample indication that streaming executives have learned absolutely nothing from history, and, as they try to deliver improved quarterly returns to Wall Street, are engaging in many of the same behaviors (nickel-and-diming users, relentless price hikes, an unyielding thirst for consolidation) that gave us Comcast in the first place.

Filed Under: competition, cord cutting, market trends, pay tv, streaming, tv, video

Funniest/Most Insightful Comments Of The Week At Techdirt

Techdirt

from the back-and-forth dept

This week, our first place winner on the insightful side is Thad, expanding on the fact that Iowa’s book ban demonstrates hatred of LGBTQ people:

Or women. Denying information on the HPV vaccine is more inline with the notion that women who are sexually active deserve to get STDs.

In second place, it’s Toom1275 responding to the same old stuff about moderation being censorship:

The illiterate “moderation is censorship because it suppresses speech!” lie originates solely from both entitlement and irrationality.

Let’s say a person’s unrestricted ability to speak is defined as a baseline “speech value” of 1.0. By being offered the privilege of borrowing another’s speech platform a speaker can, let’s say, expand their speech value to 5x. Have multiple platforms open? Let’s say your speech value is 25x.
The entitled and irrational believe that any withdrawal of these conditional privileges whatsoever (e.g. A platform saying “You broke our rules so you’re no longer allowed on our private property.”) so as to bring one’s current speech value value under this maximum potential, even say 24x, is “suppression” of speech.
In reality, free speech remains fully intact and unsuppressed until it drops below that baseline value of 1.0 (i.e. the government saying “You are not allowed to say this anywhere.) Matthew, Koby, Benjamin, Hyman, BDAC, etc. lying that moderation is censorship is a malicious, disingenuous twisting of language that misleadingly conflates loss of privileges with loss of a hallucinatory “right to post” the sole intent behind which being to support the loss of the actual Constitutional and free speech rights held by platforms.
It is impossible to truthfully claim to support free speech rights while simultaneously opposing moderation.

For editor’s choice on the insightful side, we start out with one more comment from Thad, this time on our post warning against using copyright to fight AI:

Anyone who thinks expanding copyright will help individual creators rather than corporate publishers hasn’t been paying attention the last…every single time we’ve ever tried that.

Next, it’s Stephen T. Stone with a comment about the latest example of how you don’t own the content you buy:

Piracy can’t be stealing if buying doesn’t mean owning.

Over on the funny side, our first place winner is an anonymous reply to someone whining about how much they hate Techdirt:

“I hate this website so much that I return every day and force myself to read articles I don’t like and comment about how much I don’t like them because that is definitely a sign of a healthy individual.”

In second place, it’s another anonymous comment, this time about a particularly clunky line from a bad libel lawsuit:

That sentence, realizing it was stuck in a hopeless and stupid case, suffered a seizure and glossolalia. Have pity upon it. It is now undergoing therapy and we are hopeful that it will resume conveying information in the future.

For editor’s choice on the funny side, we start out with a comment from Ron Currier, riffing on the notion that you can’t be confident you’ll be able to use hardware (like cars) you buy “going forward”:

Sorry, the standard model only goes in reverse. If you also want to go forward, that’ll be $100/month extra.

Finally, it’s blakestacey with a comment about the Hawley/Blumenthal AI bill and its circular definition stating “the term ‘generative artificial intelligence’ means an artificial intelligence system”:

Brexit means Brexit!

That’s all for this week, folks!

This Week In Techdirt History: December 3rd – 9th

Techdirt

from the chapter-by-chapter dept

Five Years Ago

This week in 2018, we looked at the utter failure of FOSTA as more lives were put at risk, while we learned more about why Facebook changed its priorities to support the bill, and then one of the most high-profile impacts happened with Tumblr banning sexual content (and then Facebook unveiled new rules about the words you can use). There was a push to use the lame duck session of Congress to pass an awful plan to politicize the Copyright Office, and ongoing fights about Article 13 of the EU Copyright Directive. Meanwhile, the FCC tried to bury a report showing many broadband users don’t get the speed they pay for, an FCC Commissioner accused the agency of a net neutrality coverup, and the telecom lobby was undermining the industry’s own claims about net neutrality.

Ten Years Ago

This week in 2013, a lobbyist was insisting that his meeting about “TPP IP Issues” was not in fact about that at all, the European Commission was trying and failing to justify the inclusion of corporate sovereignty in the TPP, we balked at how many countries were supporting a Life+70 copyright term, and even the Holy See came out with criticism of the TPP. Canada, for some reason, was changing its laws to support the recently-dead ACTA agreement, and also rolling out new cyberbullying legislation that quickly expanded in scope. Meanwhile, the MPAA “settled” another “victory” against Hotfile, and we got one of the funnier entries in the Prenda saga when Paul Duffy responded to a reporter by saying he couldn’t comment because he was devastated by Nelson Mandela’s death.

Fifteen Years Ago

This week in 2008, a UK law firm running a settlement letter scheme was in hot water and losing clients as Atari backed away from it and a porn company said it had been lied to about the details of the plan (while the UK released a bunch of confusing guidelines about legal and illegal porn). Widespread protests confronted Australia’s latest internet censorship campaign, the European Council was standing behind its push for a three strikes rule, Warner Music was trying to get universities to pay a music tax, and the MPAA was trying a new argument in its attempts to require selectable output controls. Also, we saw a major event in an ongoing legal drama when a judge banned Bratz dolls, and the beginning of another noteworthy intellectual property fight when Joe Satriani sued Coldplay.

Filed Under: history, look back

The FTC Is Trying To Get Back Into The Ring With Microsoft Over Activision Deal

Legal Issues

from the probably-too-late dept

Uh, well, okay then. I really thought we were done with the whole Microsoft buying Activision Blizzard saga. Hell, I even wrote what I thought was a final post on the matter, called the post a curtain call, and discussed how the deal had passed all the regulatory barriers and had been consumated. That happened after the FTC lost in court on its request for a TRO to block the deal and then subsequently paused on its suit entirely, clearing the way for the deal to move forward. At the time, the FTC made some noises about appealing the lower court’s decision, but then didn’t.

Until now. Nearly five months later, the FTC has appealed the court’s decision, arguing that the lower court essentially just believed whatever Microsoft said at face value.

The US government told a federal appeals court Wednesday that Microsoft’s recent purchase of Activision should not have been cleared by a lower-court judge, because the judge had been too deferential to Microsoft’s promises about the future of “Call of Duty,” a popular first-person shooter game.

District Judge Jacqueline Scott Corley went too far, the Federal Trade Commission argued, when she ruled in July that 11th-hour contracts Microsoft signed with Nintendo, Nvidia and other gaming companies concerning “Call of Duty” would resolve anticompetitive concerns related to the blockbuster deal.

Even if you think that the FTC’s argument is valid, which I very much do and wrote about at the time, I will be completely surprised if this gets any traction. Too much has progressed in too many places, especially in the European markets, to imagine the courts somehow coming back 2 months after this deal was completed and unringing the bell.

The only shred of hope I could see this having is the part of the FTC’s argument in which it claims that Microsoft’s decision to go around inking a bunch of 10 year deals to bring certain titles, namely the Call of Duty series, to non-Microsoft platforms altered the landscape the FTC was analyzing so significantly that it didn’t have the time dig into the details and build an argument against that new landscape.

“I fail to understand how giving somebody a monopoly of something would be pro-competitive,” said Imad Dean Abyad, an FTC attorney, in the argument Wednesday before the appeals court. “It may be a benefit to some class of consumers, but that is very different than saying it is pro-competitive.”

Abyad said that Microsoft’s flurry of licensing agreements in response to regulator scrutiny altered the economic picture in ways the FTC did not have an opportunity to fully review but that courts are now forcing it to accept.

“What the district court relied on, mostly, are contracts that were entered into after the [FTC] complaint was filed,” Abyad said. “The facts were changing all along. Even after the district court decided the case, Microsoft went ahead and entered into yet another contract [to restructure the cloud licensing rights].”

We said at the time that Microsoft was clearly taking the complaints from various regulatory bodies as some sort of paint by numbers prescription as to what deals to make to get around them. And I very much can see the FTC’s point on this. It brought a complaint under one set of facts only to have Microsoft alter those facts, leading to the courts slamming the deal through before the FTC had a chance to amend its arguments.

But ultimately it won’t matter. This last gasp attempt will almost certainly fail. American regulatory bodies have dull teeth to begin with and I’ve seen nothing that would lead me to believe that the courts are going to allow the agency to unwind a closed deal after everything it took to get here.

Filed Under: antitrust, call of duty, ftc, mergers
Companies: activision blizzard, microsoft

Another State Lawmaker Wants To Criminalize Porn Through Age Verification

Free Speech

from the the-first-amendment-does-still-exist dept

Here we go again, everyone. Another far-right state lawmaker has introduced a bill requiring age verification in order to access porn sites from within state limits. This time it is Tennessee state Rep. Patsy Hazlewood who introduced yet another extreme age verification proposal that essentially makes it a crime to own a legally operating porn website protected by the First Amendment – regardless of whether the material protects certain regional regulations.

Referred to as the Protect Tennessee Minors Act, her bill takes a few notes from other far-right lawmakers in Ohio and Indiana. Both state legislatures have bills that levy misdemeanors and felonies on companies that own adult entertainment websites that fail or choose not to follow age verification requirements. The proposal in Ohio makes it a crime for users to circumvent an age gate through legally available means, like a VPN. The act, or House Bill 1614, is a pre-filing for 2024’s legislative session, and it adopts a new Class C felony for failure to comply with the law.

While the official bill language has yet to be published, House Bill 1614 is what we in the adult entertainment industry press call a “copycat” of mandatory age verification first adopted in the state of Louisiana. Throughout this year, proposals targeting adult entertainment websites with age-gating rules have grown exponentially extreme. Rep. Hazlewood’s bill fits this clear mold.

In a statement to a local news station, Rep. Hazlewood said, “I think we all have a responsibility as a society to protect our children.” A grandparent herself, Hazlewood told the news station that she’s received input from parents in her legislative district that inspired her to propose this bill – nowhere else. It is hard to believe when every conservative lawmaker with a savior complex is buying into fascistic lawmaking trends set forth by select groups, such as Project 2025, Heritage Foundation, National Center on Sexual Exploitation, and the even crazier American Principles Project, among others. Minors shouldn’t view porn by any means. But we have to be realistic.

Rep. Hazlewood’s bill — and virtually every age verification proposal in state legislatures and Congress — certainly lack input from adult entertainment industry members, consumers, law enforcement, and actual anti-trafficking groups. Why are the Patsy Hazlewoods of the world so focused on digital content that is already heavily age-restricted? I’m well aware of the lawsuits against Meta Platforms and their social networks, Facebook and Instagram. I am also aware of the anti-LGBTQ+ Kids Online Safety Act and parents begging the government to do their jobs.

However, a significant volume of sexual abuse imagery isn’t tied to the online adult industry, and mandatory age verification for end users isn’t the answer to fighting against these heinous acts.

New Mexico Attorney General Raúl Torrez argued in a new lawsuit that platforms like Pornhub and OnlyFans do more to counter CSAM and non-consensual intimate imagery (revenge porn) than platforms like Facebook and Instagram. National Center for Missing & Exploited Children’s (NCMEC) CyberTipline data overwhelmingly confirms this fact. Age gates on porn sites – or even social media networks – will not curtail CSAM online. Admittedly, the parent companies that own the mentioned platforms are involved in programs that locate, remove, and report cases of CSAM and non-consensual intimate imagery (e.g., NCMEC’s TakeItDown program). The age verification hypothesis certainly doesn’t solve this problem, and it shouldn’t come at the expense of the First Amendment rights of adults who are not breaking laws or imposing harm on others.

Michael McGrady covers the legal and tech side of the online porn business, among other topics. He is the politics and legal contributing editor for AVN.com.

Filed Under: adult content, age verification, csam, patsy hazlewood, tennessee

The Copia Institute Tells The Copyright Office Again That Copyright Law Has No Business Obstructing AI Training

Copyright

from the yes-we're-serious dept

A little over a month ago we told the Copyright Office in a comment that there was no role for copyright law to play when it comes to training AI systems. In fact, on the whole there’s little for copyright law to do to address the externalities of AI at all. No matter how one might feel about some of AI’s more dubious applications, copyright law is no remedy. Instead, as we reminded in this follow-up reply comment, trying to use copyright to obstruct development of the technology instead creates its own harms, especially when applied to the training aspect.

One of those harms, as we reiterated here, is that it impinges on the First Amendment right to read that human intelligence needs to have protected, and that right must inherently include the right to use technological tools to do that “reading,” or consumption in general of copyrighted works. After all, we need record players to play records – it would do no one any good if their right to listen to one stopped short of being able to use the tool needed to do it. We also pointed out that this First Amendment right does not diminish even if people consume a lot of media (we don’t, for instance, punish voracious readers for reading more than others) or at speed (copyright law does not give anyone the right to forbid listening to an LP at 45 rpm, or watching a movie on fast forward). So if we were to let copyright law stand in the way of using software to quickly read a lot of material to it would represent a deviation from how copyright law has up to now operated, and one that would undermine the rights to consume works that we’ve so far been able to enjoy.

Which is why we also pointed out that using copyright to deter AI training distorted copyright law itself, which would be felt in other contexts where copyright law legitimately applies. And we highlighted a disturbing trend emerging in copyright law from other quarters as well, this idea that whether a use of a work is legitimate somehow depends on whether the copyright holder approves of it. Copyright law was not intended, or written, to give copyright owners an implicit veto over any or all uses of works – the power of a copyright is limited to what its exclusive rights allow control over and fair use doesn’t otherwise justify.

A variant of this emerging trend also getting undue oxygen is the idea that profiting from a use of a copyrighted work used for free is somehow inherently objectionable and therefore ripe for the copyright holder to veto. But, again, such would represent a significant change if copyright law could work that way. Copyright holders are not guaranteed every penny that could potentially result from the use of a copyrighted work, and it has been independently problematic when courts have found otherwise.

Furthermore, to the extent that this later profiting may represent an actual problem in the AI space, which is far from certain, a better solution is to instead keep copyright law away from AI outputs as well. Some of the objection to AI makers later profiting seems to be based on the concern that certain enterprises might use works for free to develop their systems and then lock up the outputs with their own copyrights. But it isn’t necessary for copyright to apply to everything that is ever created, and certainly not by an artificial intelligence, so we should therefore also look hard at whether it is itself appropriate for copyright to apply to AI outputs. Not everything needs to be owned; having works immediately enter the public domain after their creation is an option, and a good one that vindicates copyright’s goals of promoting the exchange of knowledge.

Which brings us back to an earlier point to echo again now, that using copyright law as a means of constraining AI is also an ineffective way of addressing any of its potential harms. If, for instance, AI is used in hiring decisions and leads to discriminatory results, such is not a harm recognized by copyright law, and copyright law is not designed to address it. In fact, trying to use copyright law to fix it will actually be counterproductive: bias is exacerbated when the training data is too limited, and limiting it further will only make worse the problem we’re trying to address.

Filed Under: ai, copyright, right to read, training

Meta Finally Launches Default End-To-End Encryption In Messenger

Privacy

from the finally dept

For many, many years we’ve been calling on companies to enable end-to-end encryption by default on any messaging/communications tools. It’s important to recognize that doing so correctly is difficult, but not impossible (similarly, it’s important to recognize that doing so poorly is dangerous, as it will lead people to believe their communications are secure when they are most certainly not).

So, over the years we’ve been hopeful as Meta made moves towards implementing end-to-end encryption in Facebook Messenger. However, over and over during the past decade or so, those working on the issue have told us that while Meta really wants to set it up, the practical realities of doing it correctly are way more complex than most people think. And that’s ignoring the fact that law enforcement, intelligence agencies, and, even random shareholders, have tried to get Meta to move away from its encryption plans.

And, now, finally, Meta has announced that Facebook Messenger is end-to-end encrypted by default.

Today I’m delighted to announce that we are rolling out default end-to-end encryption for personal messages and calls on Messenger and Facebook, as well as a suite of new features that let you further control your messaging experience. We take our responsibility to protect your messages seriously and we’re thrilled that after years of investment and testing, we’re able to launch a safer, more secure and private service.

Since 2016, Messenger has had the option for people to turn on end-to-end encryption, but we’re now changing private chats and calls across Messenger to be end-to-end encrypted by default. This has taken years to deliver because we’ve taken our time to get this right. Our engineers, cryptographers, designers, policy experts and product managers have worked tirelessly to rebuild Messenger features from the ground up. We’ve introduced new privacy, safety and control features along the way like delivery controls that let people choose who can message them, as well as app lock, alongside existing safety features like report, block and message requests. We worked closely with outside experts, academics, advocates and governments to identify risks and build mitigations to ensure that privacy and safety go hand-in-hand.

The extra layer of security provided by end-to-end encryption means that the content of your messages and calls with friends and family are protected from the moment they leave your device to the moment they reach the receiver’s device. This means that nobody, including Meta, can see what’s sent or said, unless you choose to report a message to us. 

It’s extremely rare that I’d offer kudos to Meta, but this is a case where it absolutely deserves it. Even if some of us kept pushing the company to move faster, they did get there, and it looks like they got there by doing it carefully and appropriately (rather than the half-assed attempts of certain other companies).

I am sure that we’ll hear reports of law enforcement and politicians whining about this, but this is an unquestionably important move towards protecting privacy and private communications.

Filed Under: encryption, end-to-end encryption, facebook messenger, messenger
Companies: facebook, meta

NY Appeals Court Says Law Enforcement Can’t Withhold Misconduct Records Containing Only ‘Unproven” Allegations

Legal Issues

from the law-says-what-it-says,-law-enforcers dept

New York law enforcement agencies have always considered transparency to be something to be foisted on other government entities. The NYPD spends a lot of its time screwing over public records requests, in one notable case rejecting a Freedom of Information Law (FOIL) request for a copy of its FOIL response guidelines.

For years, these agencies were blessed with statutory opacity. A state law known as 50-a presided over police misconduct records for more than four decades. That law exempted most of these from FOIL requests. This law was finally taken off the books in 2020, partially in response to calls for more transparency and accountability being made around the nation following the murder of unarmed black man George Floyd by Minnesota police officer Derek Chauvin.

But taking the law off the books didn’t immediately make law enforcement agencies more responsive to FOIL requesters. It has taken a lot of litigation to force agencies to do what everyone else who isn’t a cop is expected to do: obey the law.

More litigation is involved here. The Nassau County Police Department (NCPD) was sued by Newsday, a Long Island-based newspaper, for its refusal to turn over records requested by its journalists: namely, misconduct records involving officers merely accused of misconduct.

The NCPD claimed files containing nothing more than unsubstantiated allegations were off-limits, protected by other state privacy laws and FOIL exemptions. The NCPD is wrong. It has lost this lawsuit, creating precedent that will hopefully discourage other local law enforcement agencies from engaging in the same bad-faith interpretation of public records laws.

The state appeals court covering portions of New York City and the surrounding suburbs has issued a landmark ruling promoting public access to police discipline records.

The Second Department of the Supreme Court’s Appellate Division ruled last week that police agencies cannot automatically withhold records of police discipline involving unproven allegations. In many departments, only a small fraction of misconduct allegations result in a proven finding of guilt.

That’s why it’s important the public have access to these documents. Since law enforcement agencies rarely sustain allegations or discipline officers, this paper trail tends to evaporate rather quickly. But just because allegations aren’t sustained doesn’t mean the public shouldn’t know about them. An officer with lots of allegations, even if few are sustained, is probably someone who abuses rights and regulations frequently.

The state appeals court ruling [PDF] says these records are subject to the law following the repeal of 50-a. And it’s not even a close question. The state legislature made its intent extremely clear when it took that law off the books.

With respect to unsubstantiated complaints, in each of the three requests, the NCPD merely asserted in a conclusory fashion that it could withhold the documents “based on considerations of privacy.” In denying two of the requests, the NCPD opined that the recent legislative amendments were not intended to affect disclosure of such records. This opinion plainly is at odds with the legislative action. Upon repealing Civil Rights Law § 50-a, the Legislature amended the Public Officers Law to specifically contemplate the disclosure of “law enforcement disciplinary records,” which it defines to include “complaints, allegations, and chargesagainst an employee” (Public Officers Law § 86[6][a]).

If the Legislature had intended to exclude from disclosure complaints and allegations that were not substantiated, “it would simply have stated as much” (Matter of Friedman v Rice, 30 NY3d at 478). It did not, and instead included “complaints, allegations, and charges” in its definition of disciplinary records, along with “the disposition of any disciplinary proceeding” (Public Officers Law § 86[6][d]), without qualification as to the outcome of the proceeding. Furthermore, the Legislature directed the types of information that shall and may be redacted from law enforcement disciplinary records prior to disclosure (see id. § 87[4-a], [4-b]). Notably, unsubstantiated allegations or complaints are not among either the mandated or the permissible redactions (see id. § 89[2-b], [2-c])

The other argument made by the NCPD — that the repeal of 50-a and the amendment of FOIL law is not retroactive — is even worse. According to the NCPD, no FOIL requester should be able to request any records created prior to the law’s repeal in 2020. This is obviously absurd.

The petitioner made the subject FOIL requests in July 2020, after the legislative amendments were enacted, and, thus, the petitioner is not seeking retroactive application of the statutory amendments to a pending FOIL request. To the extent that the NCPD contends that the Legislature intended to exclude from disclosure any law enforcement disciplinary records that were created prior to June 12, 2020, it has offered no support for this proposition. By their nature, FOIL requests seek records that were generated prior to the request date. In amending the Public Officers Law to provide for the disclosure of records relating to law enforcement disciplinary proceedings, the Legislature did not limit disclosure under FOIL to records generated after June 12, 2020, and we will not impose such a limitation ourselves.

So simple a cop could understand it… if they wanted to. The repeal of 50-a put these records back in the pool of documents that can be obtained by the public. It did not say “all of these, except…” The alteration of the law definitely did not create a diverging timeline where records created prior to June 2020 are subject only to laws enacted prior to this date. That the NCPD would assume so suggests it’s willing to blow tax dollars on presenting wishful thinking to multiple courts and judges. While that sort of thing is definitely a waste of public funds, then end result here ensures fewer dollars will be wasted on similar stupidity in the future.

Filed Under: allegations, foil, nassau county police, nypd, transparency

Daily Deal: The Complete MATLAB Programming Master Class

Deals

from the good-deals-on-cool-stuff dept

MATLAB allows matrix manipulations, plotting of functions and data, implementation of algorithms, creating of user interfaces, and interfacing with programs written in other languages. That’s all well and good, but it means nothing if you don’t have a firm grasp of the data types used within MATLAB. In the Complete MATLAB Programming Master Class, you’ll cover not just data types, but also dive into their functions and how to perform conversions to make analysis and programming a greater experience. It’s on sale for $30.

Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.

Filed Under: daily deal