Notices by Matthew Green (matthew_d_green@ioc.exchange), page 2

Things have been relatively quiet on the “crypto wars” front, which makes me think we’re going to see something dramatic soon. Maybe not here in the US, but probably from another US-allied country.

Local device encryption seems to be ubiquitous now. It’s really hard to see a country demanding that phones become unencrypted. There would be huge pushback globally. So again, where is the weak link that governments can push on?

The question is *what*. Encrypted messaging seems to be proliferating and there are now many alternatives, from Apple, Meta, Signal. Many of those companies have threatened to leave countries that ban it. I have a hard time seeing any US-aligned country wipe that out.

The one place where end-to-end encryption is “weakest”, ie where deployment rates are lowest, is *cloud backup*. This is, coincidentally, one of the best places for governments to obtain data.

I wrote a post about how AI will interface with end-to-end encryption. TL;DR maybe not so well! https://blog.cryptographyengineering.com/2025/01/17/lets-talk-about-ai-and-end-to-end-encryption/

Re: ChatControl. There is a rumor that an attempt to get Poland to change its position is under way. This would give the pro-ChatControl side a majority and make mass scanning of encrypted private messages the law in Europe.

Technical question: does anyone know of (open source) LLMs that have been trained or fine-tuned to speak various binary network protocols?

Looks like Hungary will bring the CSAM reg (“chat control”) — a plan to mass-scan all private messages — back for another vote in the EU Council this Wednesday and Thursday. They’ve picked up support from Italy this time.

In a very short timespan it’s going to be expected that your phone can answer questions about what you did or talked about recently, what restaurants you went to. More capability is going to drive more data access, and people will grant it.

I absolutely do believe that (at least initially), vendors will try to do this privately. The models will live on your device or, like Apple Intelligence, they’ll use some kind of secure outsourcing. It’ll be required for adoption.

One of the things we need to discuss is that LLMs listening to your conversations and phone calls, reading your texts and emails — this is all going to be normalized and inevitable within seven years.

The question is: what do governments and law enforcements do when they realize every single person has a little agent on their phone that can answer literally *any* question about their activities, in simple human language? The “crypto wars” are going to look quaint.

The temptation to legislate government access to this agent will be enormous. It’ll start with heinous crimes like child sexual abuse or terrorism, and it will appear tightly targeted. But it will be applied at massive scale, to millions of people.

Do people who live in Europe ever have to grapple with this insanity? I’ll move tomorrow if the answer is “no”.

@jawnsy @filippo And Java!

@jawnsy @filippo Fortunately there will always be C.

It’s been a while since we had a good 512-bit RSA key controlling anything important, and I’m here for it. https://arstechnica.com/security/2024/08/home-energy-system-gives-researcher-control-of-virtual-power-plant

This is getting out of hand.

Apple, unlike most other mobile providers, has traditionally done a lot of processing on-device. For example, all of the machine learning and OCR text recognition on Photos is done right on your device. 2/

So Apple has introduced a new system called “Private Cloud Compute” that allows your phone to offload complex (typically AI) tasks to specialized secure devices in the cloud. I’m still trying to work out what I think about this. So here’s a thread. 1/

But if you send your tasks out to servers in “the cloud” (god using quotes makes me feel 80), this means sending incredibly private data off your phone and out over the Internet. That exposes you to spying, hacking, and the data hungry business model of Silicon Valley. 4/

The problem is that while modern phone “neural” hardware is improving, it’s not improving fast enough to take advantage of all the crazy features Silicon Valley wants from modern AI, including generative AI and its ilk. This fundamentally requires servers. 3/