When Automation Becomes Enforcement

What we talk about when we talk about interoperable end-to-end encryption

Cory Doctorow
OneZero
Published in
9 min readApr 3, 2022

--

I was wrong about Snapchat, but I was also kinda right.

When I first encountered the idea of disappearing messages, I was both skeptical and alarmed.

Skeptical because disappearing messages have an obvious defect as a security measure: If I send you a message (or a photo) that I don’t want you to have, I lose. You can remember the contents of the message, or take a screenshot, or use a separate device to photograph your screen. If I don’t trust you with some information, I shouldn’t send you that information.

I was wrong.

Not wrong about sending information to untrusted parties, though. I was wrong about the threat model of disappearing messages. I thought that the point of disappearing messages was to eat your cake and have it too, by allowing you to send a message to your adversary and then somehow deprive them of its contents. This is obviously a stupid idea.

But the threat that Snapchat — and its disappearing message successors —was really addressing wasn’t communication between untrusted parties, it was automating data-retention agreements between trusted parties.

Automation, not enforcement

Say you and I are exchanging some sensitive information. Maybe we’re fomenting revolution, or agreeing to a legal defense strategy, or planning a union. Maybe we’re just venting about a mutual friend who’s acting like a dick.

Whatever the subject matter, we both agree that we don’t want a record of this information hanging around forever. After all, any data you collect might leak, and any data you retain forever will eventually leak.

So we agree: After one hour, or 24 hours, or one week, or one year, we’re going to delete our conversation.

The problem is that humans are fallible. You and I might have every intention in the world to stick to this agreement, but we get distracted (by the revolution, or a lawsuit, or a union fight, or the drama our mutual friend is causing). Disappearing message apps take something humans are bad at (remembering to do a specific task at a specific…

--

--

Cory Doctorow
OneZero

Writer, blogger, activist. Blog: https://pluralistic.net; Mailing list: https://pluralistic.net/plura-list; Mastodon: @pluralistic@mamot.fr