Kutcher's answer is something called "#FullyHomomorphicEncryption" (#FHE) which is a theoretical - and enormously cool - way to allow for computing work to be done on encrypted data *without* decrypting it. When and if FHE are ready for primetime, it will be a revolution in our ability to securely collaborate with one another.
But FHE is nowhere *near* the state where it could do what Kutcher claims. It just isn't, and once again, wanting it badly is *not enough*.
18/
Writing on his blog, the eminent cryptographer @matthew_d_green delivers a master-class in what FHE is, what it could do, and what it can't do (yet):
As it happens, Green also gave testimony to the EU, but he doesn't confine his public advocacy work to august parliamentarians. Green wants all of us to understand cryptography ("*I think cryptography is amazing* and I want everyone talking about it all the time").
19/
Rather than barking "stay in your lane" at the likes of Kutcher, Green has produced an outstanding, easily grasped explanation of FHE and the closely related concept of #MultiPartyCommunication (#MPC).
This is important work, and it exemplifies the difference between *simplifying* and *being simplistic*. Good science communicators do the former. Bad science communicators do the latter.
20/
While Kutcher is presumably being simplistic because he lacks the technical depth to understand what he doesn't understand, technically skilled people are perfectly capable of being simplistic, when it suits their economic, political or ideological goals.
One such person is #GeoffreyHinton, the so-called "father of AI," who resigned from Google last week, citing the existential risks of #RunawayAI becoming superintelligent and turning on its human inventors.
21/
Hinton joins a group of powerful, wealthy people who have made a lot of noise about the #ExistentialRisk of AI, while saying little or nothing about the ongoing risks of AI to people with disabilities, poor people, prisoners, workers, and other groups who are *already* being abused by automated decision-making and oversight systems.
22/
Hinton's nonsense is *superbly* stripped bare by @Mer__edith, the former Google worker organizer turned president of @signalapp, in a @fastcompany interview with #WilfredChan:
The whole thing is *incredible*, but there's a few sections I want to call to your attention here, quoting Whittaker verbatim, because she expresses herself *so* beautifully (sci-comms done right is a joy to behold):
23/
> I think it’s stunning that someone would say that the harms [from AI] that are happening now—which are felt most acutely by people who have been historically minoritized: Black people, women, disabled people, precarious workers, et cetera—that those harms aren’t existential.
24/
> I think we need to dig into what is happening here, which is that, when faced with a system that presents itself as a listening, eager interlocutor that’s hearing us and responding to us, that we seem to fall into a kind of trance in relation to these systems, and almost counterfactually engage in some kind of wish fulfillment: thinking that they’re human, and there’s someone there listening to us.
26/
> It’s like when you’re a kid, and you’re telling ghost stories, something with a lot of emotional weight, and suddenly everybody is terrified and reacting to it. And it becomes hard to disbelieve.
Whittaker sets such a high bar for tech criticism.
27/
I had her clarity in mind in 2021, when I collaborated with @eff's #BennettCyphers on "Privacy Without Monopoly," our white-paper addressing the claim that we need giant tech platforms to protect us from the privacy invasions of smaller "rogue" operators:
https://www.eff.org/wp/interoperability-and-privacy
This is a claim that is most often raised in relation to #Apple and its #AppStore model, which is claimed to be a bulwark against commercial surveillance.
28/
Update, June 11, 2021: Today, we updated this paper with a new appendix, "The GDPR, Privacy and Monopoly," which analyzes the legal benefits of interoperability under the GDPR, where a regional privacy law creates a sturdy privacy backstop for interoperability remedies. This appendix is also...
That claim has some validity: after all, when Apple added a one-click surveillance opt-out to #Ios, its mobile OS. 96% of users clicked the "don't spy on me" button. Those clicks cost Facebook *$10b* in just the following year. You *love* to see it.
But Apple is a #GamekeeperTurnedPoacher. Even as it was blocking Facebook's surveillance, it was conducting its own, nearly identical, horrifyingly intrusive surveillance of every Ios user.
29/
It spied for the same purpose as Facebook (ad targeting) and lying about it:
https://pluralistic.net/2022/11/14/luxury-surveillance/#liar-liar
Bennett and I couldn't have asked for a better example of the point we make in "Privacy Without Monopoly": the thing that stops companies from spying on you isn't their moral character, it's the threat of competition and/or regulation.
30/
If you can modify your device in ways that cost its manufacturer money (say, by installing an alternative app store), then the manufacturer has to earn your business every day.
That might actually make them better - and if it doesn't, you can switch. The right way to make sure the stuff you install on your devices respects your privacy is by passing privacy laws - not by hoping that Tim Apple decides you deserve a private life.
31/
Bennett and I followed up "Privacy Without Monopoly" with an appendix that focused on a territory where there is a privacy law: the EU, whose (patchily enforced) #GeneralDataProtectionRegulation (#GDPR) is the kind of privacy law that we call for in the original paper. In that appendix, we addressed the issues of GDPR enforcement:
https://www.eff.org/wp/interoperability-and-privacy#gdpr
32/
Update, June 11, 2021: Today, we updated this paper with a new appendix, "The GDPR, Privacy and Monopoly," which analyzes the legal benefits of interoperability under the GDPR, where a regional privacy law creates a sturdy privacy backstop for interoperability remedies. This appendix is also...
More importantly, we addressed the claim that the GDPR crushed competition, by making it harder for smaller (and *even sleazier*) ad-tech platforms to compete with Google and Facebook. It's true, but that's OK: we want competition to see who can respect technology users' rights - not competition to see who can violate those rights most efficiently:
https://www.eff.org/deeplinks/2021/06/gdpr-privacy-and-monopoly
33/
In Privacy Without Monopoly: Data Protection and Interoperability, we took a thorough look at the privacy implications of various kinds of interoperability. We examined the potential privacy risks of interoperability mandates, such as those contemplated by 2020’s ACCESS Act (USA), the Digital...
Around the time Bennett and I published the EU appendix to our paper, I was contacted by the *#IndianJournalOfLawAndTechnology* to see whether I could write something on similar lines, focused on the situation in #India. Well, it took two years, but we've finally published it: "Securing Privacy Without Monopoly In India: Juxtaposing Interoperability With Indian Data Protection":
34/
The Indian case for interop incorporates the US and EU case, but with some fascinating wrinkles. First, there are the broad benefits of allowing technology adaptation by people who are often left out of the frame when tools and systems are designed. As the saying goes, "nothing about us without us" - the users of technology know more about their needs than any designer can hope to understand.
35/
That's doubly true when designers are wealthy geeks in Silicon Valley and the users are poor people in the #GlobalSouth.
India, of course, has its own highly advanced domestic tech sector, who could be a source of extensive expertise in adapting technologies from US and other offshore tech giants for local needs.
36/
India also has a complex and highly contested privacy regime, which is in extreme flux between high court decisions, regulatory interventions, and legislation, both passed and pending.
Finally, there's India's long tradition of ingenious technological adaptations, locally called #jugaad, roughly equivalent to the English "#MendAndMakeDo."
37/
While every culture has its own way of celebrating cleverness this kind of ingenuity is elevated to an art form in the global south: think of #JuaKali (Swahili), #gambiarra (Brazilian Portuguese) and #bricolage (France and its former colonies).
It took a *long* time to get this out, but I'm really happy with it, and I'm extremely grateful to my brilliant and hardworking research assistants from #NationalLawSchoolOfIndiaUniversity: #DhruvJain, #KshitijGoyal and #SarthakWadhwa.
38/
I don't claim that any of the incarnations of the "Privacy Without Monopoly" paper rise to the clarity of the works of Green or Whittaker, but that's okay, because I have another arrow in my quiver: *fiction*. For more than 20 years, I've written science fiction that tries to make legible and urgent the often dry and abstract concepts I address in my nonfiction.
39/
One issue I've been grappling with for *literally* decades is the implications of #TrustedComputing, a security model that uses a second, secure computer, embedded in your device, to observe and report on what your main computer is doing. There are *lots* of implications for this, both horrifying and amazing.
40/
For example, having a second computer inside your device that watches it is a theoretically unbeatable way of catching malicious software, resolving the conundrum of malware: if you think your computer is infected and can't be trusted, then how can you trust the antivirus software running on that computer.
41/
Back in 2016, @bunnie and #EdwardSnowden released the #IntrospectionEngine, a separate computer that you could install in an Iphone, which would tell you whether it was infected with spyware:
https://www.tjoe.org/pub/direct-radio-introspection/release/2
But while there are some really interesting *positive* applications for this kind of software, the negative ones - unbeatable #DRM and tamper-proof #bossware - are genuinely horrifying.
42/
My novella "Unauthorized Bread" digs into this, putting blood and sinew into an otherwise dry abstract and skeletal argument:
43/
Then there are applications that are somewhere in between, like #RemoteAttestation (when the secure computer signs a computer-readable description of what your computer is doing so that you can prove things about your computer and its operation to people who don't trust you, but do trust that secure computer).
Remote attestation is the McGuffin of *Red Team Blues*, my latest novel, a crime-thriller about a #cryptocurrency heist.
44/
The novel opens with the keys to a #SecureEnclave - the gadget that signs the attestations in remote attestation - going missing.
When Matt Green reviewed *Red Team Blues* (his first book review!), he singled this out as a technically rigorous *and* significant plot point, because secure enclaves are designed so that they can't be updated (if you can update an enclave, then you can update it with malicious software):
https://blog.cryptographyengineering.com/2023/04/24/book-review-red-team-blues/
45/
This means bugs in secure enclaves can last forever. Worse, if the keys for a secure enclave ever leak, then there's no way to update all the secure enclaves out there in the world - millions or billions of them - to fix it.
Well, it's happened.
The keys for the secure enclaves in #MicroStarInternational (AKA #MSI) computers, a massive manufacturer of work and gaming PCs - have leaked and shown up on the "#ExtortionPortal" of a notorious crime gang:
46/
As a security expert quoted by @arstechnica explains, this is a "doomsday scenario." That's more or less how it plays in my novel. The big difference between the MSI leak and the hack in my book is that the MSI keys were just sitting on a server, connected to the internet, which wasn't well-secured.
47/
In *Red Team Blues*, I went to enormous lengths to imagine a fiendishly complex, incredibly secure scheme for hosting these keys, and then dreamt up a way that the bad guys could defeat it. I toyed with the idea of having the keys leak due to rank incompetence, but I decided that would be an "idiot plot" ("a plot that only works if the characters are idiots"). Turns out, idiot plots may make for bad fiction, but they're happening around us all the time.
48/
In my real life, I cross a lot of disciplinary boundaries - law, politics, economics, human rights, security, technology. I'm not the world's leading expert in any of these domains, but I am well-enough informed about each that I'm able to find interesting ways that they fit together in a manner that is relatively rare, and is also (I think) useful.
49/
I admit to sometimes feeling insecure about this - being "one inch deep and ten miles wide" has its virtues, but there's no avoiding that, say, I know less about the law than a real lawyer, and less about computer science than a real computer scientist.
50/
That insecurity is partly why I'm so honored when I get to talk to experts across multiple disciplines. 2023 was a very good year for this, thanks to #UniversityCollegeLondon. Back in Feb, I was invited to speak as part of #UCL #InstituteOfBrandAndInnovationLaw's annual series on technology law:
https://www.ucl.ac.uk/laws/events/2023/feb/recording-chokepoint-capitalism-can-it-be-defeated
And next month, I'm giving #UCLComputerScience's annual #PeterKirstein lecture:
51/
Getting to speak to both the law school and the computer science school within a space of months is *hugely* gratifying, a real vindication of my theory that the virtues of my breadth make up for the shortcomings in my depth.
I'm getting a similar thrill from the domain experts who've been reviewing *Red Team Blues*. This week, @mariafarrell posted her #CrookedTimber review, "When crypto meant cryptography":
https://crookedtimber.org/2023/05/11/when-crypto-meant-cryptography/
52/
Farrell is a brilliant technology critic. Her work on "#ProdigalTechBros" is essential:
https://conversationalist.org/2020/03/05/the-prodigal-techbro/
So her review means a lot to me in general, but I was overwhelmed to read her describe how *Red Team Blues* taught her to "read again for joy" after #LongCovid "completely scrambled [her] brain."
53/
That meant a lot personally, but her review is even more gratifying when it gets into craft questions, like when she praises the descriptions as "so interesting and sociologically textured."
54/
I love her description of the book as "Dickensian": "it shoots up and down the snakes and ladders of San Francisco’s gamified dystopia of income inequality, one moment whizzing up the ear-poppingly fast elevator to a billionaire’s hardened fortress, the next sleeping under a bridge in a homeless encampment."
55/
And then, this kicker: "it’s a gorgeous rejection of the idea that long-form fiction is about individual subjectivity and the interior life. It’s about people as pinballs. They don’t just reveal things about the other objects they hit; their constant action and reaction reveals the walls that hold them all in."
Likewise, I was thrilled with #PeterWatts's review on his "No Moods, Ads or Cutesy Fucking Icons" blog::
https://www.rifters.com/crawl/?p=10578%22%3Ehttps://www.rifters.com/crawl/?p=10578
56/
Cory Doctorow
mariafarrell