Skip to Content

I* Newsletter: Moderating content in E2EE systems, challenges of exceptional access

“I*: Navigating Internet Governance and Standards” was a monthly newsletter distributed by the Center for Democracy & Technology (CDT), and compiled by the Public Interest Technology Group (PITG), a group of expert technologists who work across a complex landscape of internet standards development (“I”) organizations that convene in the public interest.

The newsletter highlighted emerging internet infrastructure issues that affect privacy, free expression, and more, clearly explaining their technical underpinnings.

# How to moderate content in E2EE without breaking it: Not all proposals to moderate content on end-to-end encrypted systems are created equal. In a new paper out in August, the Center for Democracy & Technology (CDT) assesses existing technical proposals for content moderation in end-to-end encrypted (E2EE) services. First, it explains the various tools in the content moderation toolbox, how they are used, and the different phases of the moderation cycle, including detection of unwanted content. Then, it presents a working definition of encryption and E2EE, including privacy and security guarantees for end users. Finally, the paper assesses the current technical proposals that have been put forward to detect unwanted content in E2EE services against those guarantees.

“Spoiler: Only a couple of proposals achieve content moderation goals and provide privacy and security assurances to end users in end-to-end encrypted messaging. We should point out that those proposals are also features that enhance the user experience, rather than center solving the intermediary’s or platform’s liability problems,” says Mallory Knodel, co-author of the paper and CDT’s CTO.

# Apple hasn’t solved the hardest problems in exceptional access to E2EE: About the recent news that Apple is making changes to iOS to stem child sexual abuse materials online, University College London professor of computer science Steven Murdoch says, “Apple has promised their scanning system will stay limited to child-abuse images, but can they withstand legal demands to look for other types of content?”

He goes on, in a blog post, to point out that governments are likely to demand expansions to the system and other systems that follow, which will make Apple’s designs even more complicated than they already are. At the same time, he says, “Some of the hardest challenges of exceptional access remain unsolved.” These include cultural and jurisdictional differences, making closed-source software trustworthy, and mitigating implementation flaws.

His post is a good explainer for folks still seeking to understand the nuanced changes Apple is proposing. It grounds the discussion in a debate about content moderation in end-to-end encrypted (E2EE) systems that goes back more than a decade.

# UN Human Rights Council resolution requests reports on human rights and technical standards: On July 8, at the 47th session of the United Nations Human Rights Council (HRC), a resolution was passed on promoting and protecting human rights in the development of new and emerging digital technologies. The resolution cites a report, out earlier this year from the HRC Advisory Committee, on the impacts and challenges of issues such as data protection, mass surveillance, and cybersecurity.

In the resolution, the list of HRC signatories “Requests the Office of the High Commissioner to convene two expert consultations, to discuss the relationship between human rights and technical standard-setting processes for new and emerging digital technologies and the practical application of the Guiding Principles on Business and Human Rights to the activities of technology companies, and to submit a report thereon.”

This recent resolution presents an important opportunity to reconnect human rights standards with technical standards. 

# Subdomain takeovers and web advertising create the perfect storm: After the domain registration for former YouTube competitor Vidme expired, a porn website bought it — and now, thanks to link rot, pornographic images appear wherever Vidme links are embedded across the internet.

Ephraim Kenyanito, of ARTICLE 19, says, “The lapse of Vidme’s domain and subsequent resale to another third party shows that there are still major gaps in engagement between domain registries or registrars and registrants, which impact the free expression of both companies and individuals.”

“Domain registries and registrars must provide user notification and meaningful opportunities for timely appeal of their decisions regarding matters such as account suspension or removal. These refinements would bring the domain name registration process in line with the Santa Clara Principles, the Manila Principles on Intermediary Liability, and the Necessary and Proportionate Principles.”

# What we can learn about the dangers of the tech industry-driven Space Race from the internet’s history: When we compare the early narratives about the internet and the ones billionaires are wielding about their space race, it becomes clear that both suffer from the same flaws. From its inception, proponents of the internet invoked metaphors of outer space to suggest that humanity would experience a “disembodied, race and gender-free” future online.

Yet, this overly utopian and naive view of technology’s ability to act as a great equalizer has left us with an unregulated communication infrastructure that perpetuates extractive data practices, rewards white supremacy through algorithmic amplification, and frequently exploits and harms the most vulnerable people in society. The internet was not the great equalizer its boosters promised, nor is the private space industry. 

# We are not prepared for the post-quantum future: “[If] workable quantum computers … get built, the internet as we know it is in big trouble,” says Eric Rescorla, Mozilla CTO, in a recent blog post. He makes the case that, if powerful computing were to become ubiquitous, today’s internet would effectively no longer be secure.

In the post, Rescorla presents a brief overview of quantum computing, or supercomputers, and then dives deep into what he thinks are the possible ways for network cryptography to keep our online communications, from our banking transactions to our social media logins, secure.