Bottom Line Up Front: Frances, if you read this, do please tell the DCMS committee up front (and don’t let them distract or dissuade you) that people need the privacy which end-to-end encryption can bring to them, and that keeping people “safe” does not require their communications to be interfered with by platforms or governments.

Context

I received a DM from Steven Levy alerting me to the fact that my “Goodbye” posting – an essay that I wrote and shared internally before leaving Facebook in 2016 – had been leaked by the latest Facebook “whistleblower”, in contravention of my wishes.

After proving his access to the document, Steven shared that he was writing an article on “badge” (i.e. “goodbye”) posts, and sought some perspectives from me regarding what I had written, touching especially on “Project Aldrin” (Facebook’s enabling Chinese censorship) and other matters.

He shared what he had read-into the essay, framing my text as a question whether FB leadership truly believed in their original “make the world more open and connected” mission statement. That was a big theme of my essay, yes, and I have covered it on Twitter before. (THREAD)

Steven kindly agreed to go on the record. The transcript is mildly edited for flow and typos, and an apology about my sporadic typing availability.

How I feel about this…

I feel weird, in a “Frances Haugen may have messed-up my legacy” kind of way.

What I have not previously discussed (though I have subtweeted the impact) is that my departure essay was quite a big part of stopping Project Aldrin — I was later told that the Aldrin development team “suddenly for some reason” found it hard to get the help and resources they needed in order to “ship”, and the secretive nature of the project was seen as a betrayal of company culture.

Certainly more influential than my essay was the impact of President Trump (“…an illiberal president”) poisoning the well of relations with China for years to come — but in constructively and transparently quitting I provided space for self-reflection amongst the Facebook engineers.

Constructive? Yes. My essay was still available five years later to many engineers, including Frances Haugen. I feel that supporting long-term self criticism and introspection is a sign of good company culture. Facebook could have taken it down.

But now comes a brave new generation of whistleblowers who either do not understand or do not care that their calls to “keep people safe” are playing squarely into the hands of despots, censors, and corrupt politicians — those who want to break the Internet into parochial “splinternets” that foist local mores onto a global audience.

Intuitively that may sound a good idea and respectful of diversity — “but why not enable the UK, EU, India, or Germany to regulate user speech in the same way that it does in the real world, to keep people safe?” — but in actuality the consequences will be one of:

1. regional censorship will be applied at a network level — e.g. upon “Indian IP Addresses” or “Indian Phone Numbers” — which is not a good solution because the Internet does not respect national boundaries, nor does it work that way: e.g. VPNs exist and are already used to bypass these approaches.
2. regional censorship will be applied at a human level — e.g. upon “Indian Users” — which is not a good solution because it assumes that (a) online anonymity should and can be effectively stopped, (b) national identity is straightforwardly applicable to humans (how about “dual nationals?”) and (c) platforms must know the nationality of their users merely to function, e.g. to send cat pictures.
3. global censorship will be applied blindly as the union of regional censorships — so people in the USA will not be able to critically discuss Indian politics, and absolutely nobody would be able to discuss China. This would be highly illiberal and destructive of public discourse.

I do not believe that there are other solutions which would scale. If you can see a viable liberal means to keep people safe other than “the status quo, only moreso” then do please let me know.

What most disappoints me is how Steven reached for “clearly you are not a lover of the press” — yet several of my best friends are journalists, I was a subeditor on my university magazine (managed by now-CNN’s Rachel Clarke) — and for several years I was a volunteer bartender for the London Hacks/Hackers Community, a respected role.

I am a writer and I love good journalism… but I don’t like blinkered, partisan journalism such as the “techlash” we are experiencing from so many outlets at the moment, ignoring the benefits that we obtain from social networking and other innovation. The situation has become so toxic that even some of the critics are beginning to notice.

Steven assures me that he’s trying to bring some nuance to this discussion.

Perhaps Steven’s instant reaction may have been Trump-led — there are plenty of Trumpers railing about “MSM”, he may have mistaken me for one — but I’m in the UK and in specific I am seeing a clique of politicians, journalists and safety advocates railing at their blue social-media bugbear, yet never stopping to consider whether they too might be one of the extremist echo-chambers which they claim to abhor.

The world is a far less bad place than people credit. The impact of speech is still not the same as that of sticks and stones, and guns, knives, or fists must still be wielded by people, not Youtube videos. Generations have been wrongly certain that children needed legislation to keep them safe from the evils of crystal-set radios, comic books, video nasties, satanism, “dungeons & dragons”, and Kate Moss’ “heroin chic” — let alone Instagram.

Yet in spite of our numerous precedents, some amongst us are clamoring for legislation to build that other horror — the one painted in Orwell’s 1984. That’s not good a good outcome, and the data scientists and others who are feeding this fear should stop and think — just like I asked in my “goodbye” essay — about what they are proposing to build, and how it might be used.

The end result might not be as beneficial as their imagination proposes.

Addendum

This is tremendously disappointing:

https://twitter.com/AlecMuffett/status/1452309133928054799

Transcript

AM: Question for you is: am I on the record? I would hope so, but I my quid-pro-quo for interviews is that I post either my raw words, and/or a transcript. I don’t like being selectively quoted. This is not an accusation, merely a comment about myself.

SL: you can post the transcript starting now — I don’t have a problem with it. just hold it until the story appears next week please!

AM: So, in Halloween 2014 I conceived, prototyped, built a team, and launched the Facebook Tor Onion site, which was well received.

---

https://www.wired.com/2014/10/facebook-tor-dark-site/

---

AM: This gave me leverage. It was the first Facebook security story for a long time, that was actually, almost unassailably, positive. I was part of a team charged with improving the security of the means by which people access Facebook services, thus the relevance.

AM: A few months later, after the dust settled my director of my cross-cutting “horizontal” organisation (important) challenged me to go add end-to-end encryption to Facebook Messenger… which was, of course, an entirely other massive “vertical”, or “product” organisation

AM: Long story short: it took me 18 months, but I did it… although I could only “crack the ice” because – again, importantly, AT THE TIME, there was no taste for end-to-end encryption by default, not least because projects of that sort were assumed to be anathema to Project Aldrin, a semi-secret “moonshot” project (thus the joke) to get Facebook into China. Mike Isaac later discovered this project and leaked it:

---

https://nytimes.com/2016/11/22/technology/facebook-censorship-tool-china.html

---

SL: ah. that’s helpful.

AM: I became aware of Aldrin and I didn’t like it, but I was also doing something too important to quit regarding, plus also I have different and much longer-term experience of how corporations think, compared to some of the more recent “whistleblowers”.

AM: Also, I was doing something which I personally considered to be important for … humanity? Which was (again) cracking the ice for Facebook-the-Service to be doing End-to-End Security

SL: You left before the 2016 election, when many of the problems of Facebook began to hit the public. I wonder what you think of the company now. You may know I have spent a few years talking to many people at FB and think my view is more nuanced. But since your post there have been a number of departures where people cite moral reasons for leaving, some of which are more public. I would like to know if you feel your impulse to leave was prescient.

AM: Re: “I wonder what you think of the company now.” – Coming to that.

AM: Over the course of the 18 months, it gradually became apparent to me that End-to-End Encryption for Facebook Messenger was something of a tickbox feature, so that David Marcus’ Messenger organisation was not perceived to be lagging behind WhatsApp. This was Early-2015 to mid-2016, hence the “Greenwashing” comment. [AM 2021 note: at the time I was concerned regarding lacklustre commitment towards end-to-end encryption in Facebook products, since rectified.]

AM: I built a great team, built the product, and unlike the current crop of whistleblowers I submitted my resignation and fostered strong relationships with my soon-to-be-ex-colleagues, because there is a lot more impact to be had through constructive engagement than in rage-quitting.

AM: I built a legacy, and so I was delighted when a few years later / early 2019, it became apparent that the organisation had “seen the light” and announced the intention to end-to-end-encrypt everything. Which, then, I subsequently watched a large corpus of the mass media pursue every potential avenue to spin negatively against Facebook.

AM: With me so far?

SL: yep

---

A little less than 3 years after I left, Facebook announced their intention to end-to-end-encrypt all the things.

---

AM: So you ask what my current feelings are. It’s obviously complex.

AM: I don’t think Facebook is “good” or “evil” — I think it’s a corporation. I think that it helps people connect and communicate with each other, and that society is still rising to the challenges that that raises. We are at least a couple of generations away from being a society which is “born to” this level of instantaneous communication and/or the need to appraise what we read in an appropriately critical manner.

AM: I strongly want Facebook to finish delivering the project that I started – the world already has billions of people using end-to-end encryption to protect communications between people, rendering conversations “closed to non-participants” and protecting the data from hacking and/or intercept by governments.

AM: I believe that the pushback we are seeing from Governments against Facebook for pursuing this goal, is substantial and aimed squarely at making an example of FB to discourage further adoption of end-to-end encryption.

AM: Are Facebook pursuing some product goals which I would rail against? Oh, I am certain that I they are, and I would, yes.

AM: Do I feel that they deserve to be “broken up” or are “too big”, no I do not.

AM: Do I feel that Facebook need to “do more” to protect people from varying forms of harm? Well, I actually feel that most people asking that question lack a metric of how much is already being done. At least I worked as part of the team which used to deliver anti-abuse, and I understand the challenges, and am aware of who they are hiring to look at these hard questions and address them. So, often when I see people demanding that Facebook “do more” my first instinct is to wonder who is asking, and why?

SL: You think that the government scrutiny on things like antitrust and child safety are a way to thwart end-to-end?

AM: Re: “Do I think that ‘government scrutiny on things like antitrust and child safety is a way to thwart end-to-end?'” — that’s a question which begs the same “fallacy of focus” (?) towards the Government, which people also apply to Facebook.

AM: Comparison in the USA – the @TorProject receives significant state funding, yet was praised by Snowden and reviled by the NSA/FBI. After 30+ years in industry, I have learned not to expect consistency from any organisation, especially government.

AM: One of the events which gave me vast hope about Facebook, was a deeply personal one. Some might call it corny, but it’s true.

AM: I was working late at the office one night, then went out for drinks with friends, and ended up queueing for a night bus back to my flat in London. A small family – Italian tourists – walked up to the bus shelter, started to chat. They asked me what I did … which, as you read in my my goodbye post, I had learned sometimes to be circumspect about. But I chanced it and just said that I worked for Facebook, expecting the usual barrage of questions about “Can you see all our data?” or “Have you met Mark Zuckerberg?”

AM: For once, though, I got a warm reception, and practically embraced. Apparently their Nonna had been in hospital for a few weeks, and the family around the world was using Messenger to coordinate, communicate, and to keep her spirits up. They gave me popcorn as a thank-you. I won’t lie, I was shocked. And I cried a bit. Still makes me well up.

SL: thanks for sharing that story

AM: People don’t tell those stories any more, because stories like that do not sell column inches.

AM: I see the same where people don’t talk about the benefits of [end-to-end encryption] any more, when they can talk about nightmarish downsides; and this is a space that I have been working in – normalising the benefits of greater access to cryptography – since 1991. Even the TorProject has benefitted – it’s hard to criticise the “Dark Web” as a place of evil when Facebook, the BBC, and the NYT are all on it.

SL: clearly you are not a lover of the press

AM: I have many friends in the press, and I wanted to be a journalist at University, and I worked on the UCL Newspaper/Magazine. Where I have problems is: only telling one side of the story.

SL: in defense of my colleagues sometimes it difficult to get the other side particularly when the “other side” isn’t candid. I have been lucky enough to get access in my work so I could present a nuanced version of events. This exchange is helpful in that sense and I hope I preserve your POV.

AM: Late 1996, by comparison:

---

Pointlessly hostile coverage in the Daily Telegraph about an Open Source project I wrote.

---

AM: Chap from the Daily Telegraph who wrote the cited article, regards my v5.0 update of some code which I had been circulating on USENET since 1991 and which was the category-killer in its space. We had a debrief-chat and he told me that the nature of Daily Telegraph content required him to write a fright-piece for the expected reader demographic.

AM: Nowadays I have quit work to be a full time daddy, which offers me tremendous freedom to work on public understanding of security.

SL: well, thanks for your help, especially your willingness to go on the record. I’ll ping you if I have further questions. Otherwise good luck. Crypto means cryptography!

AM: That it does. Have a good evening.

SL: YT!

AM: ps: I don’t know if your “dump” includes a “Like” count for my goodbye post, but where Mike [Isaac] says: “Internally, so many employees asked about the project and its ambitions on an internal forum that, in July, it became a topic at one of Facebook’s weekly Friday afternoon question-and-answer sessions.” …the “internal forum” they are referring to, is my post. Apparently Mark got questioned about Aldrin for the next 2 weeks of internal all-hands.

SL: I saw the comments about it, that’s why I asked what it was.

AM: A tip for anyone writing a good goodbye post: be constructive, and post it a couple of days before you actually leave so that you can add errata and answer questions. Draft the text accordingly.

AM: [There is some] Past commentary from 2018 if you want to check whether my story matches up: https://twitter.com/AlecMuffett/status/979482375234170880

AM: And perhaps finally: one observation:

AM: I left in 2016. I posted my “badge post” and it’s still there, and you are reporting on it more than 5 years later. Facebook left it up. It has been read by, and maybe influenced thousands of engineers, to nudge them a little more towards thinking of the impact of what they write and how it might be used.

AM: And it was left up. Some companies might have taken it down. Some engineers might have made a brief splash in the headlines and a bunch of bad feelings by blowing whistles and stoking furiously underwhelming political sentiment.

AM: But still it got left up. I think that speaks well of Facebook’s internal culture, don’t you?