Skip to main content

Buffalo and Uvalde shootings set to rekindle arguments about end-to-end encryption

Discussions about the role of social networks in the wake of the deadly mass shootings in Buffalo, New York, and Uvalde, Texas, look set to rekindle arguments about end-to-end encryption of private messages.

Politicians weighed in after it was discovered that both Buffalo and Uvalde alleged killers used social media apps to discuss their plans with online groups …

Role of social media in Buffalo and Uvalde shootings

The Washington Post notes that the alleged Buffalo shooter posted his plans on Discord, starting months before the terror attack.

In the Buffalo grocery store shooting, the alleged gunman, Payton Gendron, sent an invitation to an online chatroom on the instant messaging platform Discord that was accepted by 15 users, who were then allowed to scroll back through months of Gendron’s voluminous writings and racist screeds, The Post has reported. Users who clicked through to the room also could view an online video stream, where footage of the Buffalo attack was broadcast. That attack was also broadcast on Twitch, a live-streaming service popular among video game users.

However, these posts were only made semi-public around half an hour before the shootings began, as Discord explained.

The suspect kept a personal diary of his plans within a private Discord server, which was visible only to him. This private server and personal diary within were not visible or accessible to other Discord users prior to the afternoon of May 14, 2022.

During the 30 minutes leading up to the attack, the suspect shared invitations to view his private server with this personal diary within a small number of other private servers and direct messages (DMs). The invitations were only available in these servers and DMs and were not accessible to the broader Discord community.

15 users clicked on the invitation and would have had access to his private server and its content. No one else joined. We did not receive any reports about his activity or the contents of his private server at any point prior to the attack.

We are aware that the suspect was active elsewhere on Discord, but we have not found any references to his attack plans outside of his private server.

The Post reports that the Uvalde school district used AI systems to scan social media for this type of material, but cannot scan private messages.

In the wake of high-profile mass shootings in recent years, communities, school districts and tech companies made major investments in safety systems aimed at rooting out violent screeds in the hopes of preventing attacks. The Uvalde Consolidated Independent School District used an artificial intelligence-backed program to scan social media posts for potential threats years before the attack, although it’s unclear whether it was in use at the time of the shooting.

But these tools are ill-equipped to address the surging popularity of live video streaming and private or disappearing messaging that are increasingly used by young adults and teens. Those messages are then closed off to outsiders, who might be able to spot the warning signs that a troubled individual might be about to inflict harm on themselves and others.

Calls for investigations

Two states attorneys general have launched investigations into the role of social media in the Buffalo attack, and both announcements appear to be condemning social networks for failing to moderate content to which they had no access. New York’s Letitia James:

“It has been reported that the shooter posted online for months about his hatred for specific groups, promoted white supremacist theories, and even discussed potential plans to terrorize an elementary school, church, and other locations he believed would have a considerable community of Black people to attack. Those postings included detailed information about plans to carry out an attack in a predominantly Black neighborhood in Buffalo and his visits to the site of the shooting in the weeks prior.”

New Jersey’s acting AG Matthew Platkin:

“The suspect in the May 14 attack reportedly used the social media platforms to plan and publicize the mass shooting, which authorities are calling a racially-motivated hate crime. The investigation will examine if lax content moderation and policy enforcement on the part of Discord and Twitch allow the platforms to serve as hubs for extremist and violent networking and community building, and as entry points for children to come into contact with extremist ideologies.”

While neither is currently launching direct attacks on end-to-end encryption, this is the clear implication of complaints about social networks being unable to monitor threats made in private messages. We have of course seen this on many previous occasions.

9to5Mac’s Take

It’s inevitable that emotive events like terrorist attacks, school shootings, and child abuse will be used to call for backdoors to both encrypted devices like iPhones, and end-to-end encrypted messages.

These calls are well-intentioned, but technically illiterate. We’ve debunked this idea on numerous occasions.

First, privacy is as much a right in the digital world as it is in the physical one.

We could fit CCTV cameras on every street, in every home, in every building. We could all have trackers embedded beneath our skin. We could force everyone to provide both fingerprints and DNA samples to hold in a global database. We could make it illegal to fit curtains or blinds to windows. And so on. We don’t do any of these things because we value freedom and privacy, and we consider that the risks involved are a price worth paying for the ability to live our lives free from tyranny and surveillance.

Second, any backdoor to an end-to-end encrypted messaging system means that it is, by definition, no longer end-to-end encrypted (and this includes the use of clever ways to cheat).

You cannot have an encryption system which is only a little bit insecure any more than you can be a little bit pregnant. Encryption systems are either secure or they’re not – and if they’re not then it’s a question of when, rather than if, others are able to exploit the vulnerability.

Third, it won’t stop terrorists, child abusers, or other bad guys using E2E encryption.

Steganography, for example. It’s technically trivial to embed hidden messages inside what appears to be a perfectly ordinary family photo in such a way that it’s almost impossible to detect. There are literally scores of apps to do that, and that’s just a single method. There are almost endless numbers of ways to disguise messages.

It’s important not to conflate private messages with public posts, however. It’s absolutely the case that many people have been radicalized by exposure to hate speech and other extremist messages online, and it is neither unreasonable nor a First Amendment violation to expect social networks to reduce this threat.

Photo: Neelabh Raj/Unsplash

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Ben Lovejoy Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!


Ben Lovejoy's favorite gear

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications