[ryandrake]

> I will say that personally I have fewer concerns about programs to monitor public content on the Internet, than programs that seek to access, monitor, and store content that people intended to be privately communicated to other people.

This distinction is disappearing quickly in the current Internet, where conversations are increasingly company-mediated and facilitated. There's no such thing as a "private" conversation on Facebook or similar hosted platforms. You might address a message to your friend, but you are sending it to Facebook, and they ultimately get to decide how private it is. It's likely a single "is_private" bit in a database!

I'm more and more defaulting to a very strict rule: Never send anything to the Internet that I intend to be private. Whether it be a forum post, a message board, an E-mail, or a chat message. Keep my private pictures off of "secure, private" cloud storage. Don't do anything on a web site that I wouldn't want talked about in my local newspaper. Consider it all public knowledge because it's one leak or subpoena away from actually being public knowledge.

[Thorentis]

Yes, but I think OP is saying that the law should protect intent. Just like with the physical mail system. It is illegal to open a letter addressed to somebody else (though, warrants can override this). But I am fine with the principle.

On the other hand, if you stick a huge banner out the front of your house, that information is fair game. Just like posting on your Twitter profile or blog. The intent was never for it to be private.

[ArnoVW]

Not a correction, but I'd like to add a small precision to that because I've seen the same argument used in other contexts.

For Twitter and Facebook I tend to agree, as there is an active intent (as you say) of publication. However, I've seen people reason in the same way with respect to licence plate or face recognition: "but the information is public".

The fact that technology now allows us to treat licenceplates or faces information globally, in very cheap way, means that a fundamental new capacity is created.

[snowwrestler]

I agree, the impact of automated scale is definitely worth considering.

[dredmorbius]

Unfortunately, with the Internet increasingly being used to conduct business, government, education, and even religious services, that option is rapidly becoming less tractable.

(I say that as one who shares the general sentiments.)

[jcrites]

WhatsApp (which is owned by Facebook) employs end-to-end encryption between individuals for its 1on1 and group conversations, and no one else in the world besides those parties (or possibly backup companies those parties decide to use) has access to the message contents that WhatsApp says are protected by E2EE. It uses the Signal Protocol.

Facebook has started efforts to roll out end-to-end encryption for its Messenger as well, using the same protocol as WhatsApp, which Signal blogged about: https://signal.org/blog/facebook-messenger/#:~:text=Facebook....

Posts and other content on your "wall" or "timeline" are intended to be relatively public, according to whatever privacy settings you have set up on your account, and won't be similarly encrypted; but the content will only be available to the people that you allow to see your account and post. That's more of a permission set described by a database like you describe. But you can share different posts with different groups of people you define; or participate in public or private/secret/invite only groups where content is only accessibly by those people.

Yes, that content would be accessible as plaintext by certain FB employees, just like your Gmail account's contents could be accessed by certain employees at Google. However, there are very strict policies around not accessing user content at FB by employees unless required for the function of the employee's job (e.g. investigating spamming, child pornography, and other abuse like that I would imagine; or assisting law enforcement with subpoenas or court orders for the content).

Notably WhatsApp has no ability to hand over message contents between individuals whose conversations are protected by end-to-end encryption even if it receives a court order to do so, because the encryption keys protecting that content truly live only on the user's devices, and the plaintext content never touches WhatsApp servers today. As long as you don't back up your message history outside your device in plaintext (and what WhatsApp stores on the device might be encrypted now too; I'm not sure), the only way for anyone to obtain the message history is to get their hands on your phone and the encryption keys & message history it contains. So if your phone is protected by a strong passcode and a security vendor hasn't found a way to bypass iPhone login security, as long as your iPhone is locked even the US government won't be able to get at your data.

I believe their was a court ruling that passwords to your phone are protected by the 5th Amendment against testifying against yourself, so I don't believe a court can compel you to reveal the phone password, but I'm not up to speed on the current case law. So if you lock your phone before an attacker seizes it, they can't get the contents even if the attacker is a government (unless they're willing to use physical coercion as in XKCD 538 [1], or indirect physical coercion such as ordering revelation of the password under threat of contempt of court, if that's permissible).

WhatsApp is also allowing businesses onto the platform, to use it to communicate with those customers, and some of those conversations may be regularly encrypted, not end-to-end encrypted. Those conversations are displayed differently in the UX of WhatsApp when the conversation begins, to clarify that they're not protected by E2EE. (It's arguably impractical to have real E2EE between a customer and a large business with, e.g., many customer service agents. What would that really mean? I personally think E2EE is most meaningful between individual people who personally know each other, not between people and businesses which are anonymously-defined, constantly-changing groups of people.)

I'm not a spokesperson for any company and these are my own opinions based on what I've read from public news sources.

[1] https://xkcd.com/538/