The list of bad legislation relating to the topic of encryption and privacy is long and inglorious. Usually, these legislative stinkers only affect those unfortunate enough to live in the country that passed them. Still, one upcoming law from the British government should have us all concerned. The Online Safety Bill started as the usual think-of-the-children stuff, but as the EFF notes, some of its proposed powers have the potential to undermine encryption worldwide.
At issue is the proposal that services with strong encryption incorporate government-sanctioned backdoors to give the spooks free rein to snoop on communications. We imagine that this will be of significant interest to some of the world’s less savoury regimes, a club we can’t honestly say the current UK government doesn’t seem hell-bent on joining. The Bill has had a tumultuous passage through the Lords, the UK upper house, but PM Rishi Sunak’s administration has proved unbending.
If there’s a silver lining to this legislative train wreck, it’s that many of the global tech companies are likely to pull their products from the UK market rather than comply. We understand that UK lawmakers are partial to encrypted online messaging platforms. Thus, there will be poetic justice in their voting once more for a disastrous bill with the unintended consequence of taking away something they rely on.
Header image: DaniKauf, CC BY-SA 3.0.
Just out of personal curiosity, does that law also include a clause in which the British government provides unlimited compensation in case of abuse by a government-approved backdoor?
If it makes sense, then it will never be included in a bill scribbled out by legislature.
They don’t have to.
Pfft, compensation for abuse of power?
Not a chance in hell unless your pockets and time are limitless.
The government are perfect and will never abuse the privilege ….
Sorry, I can’t keep a straight face as I type this. They pass the buck until it disappears or dies of old age.
Why would they do that? The abuse is the point with one of these, anybody should know that by now
Don’t worry we will just make using the goverment backdoor illegal if you are not the goverment! -UK probably
Quite so. In reality us UK “citizens” are, in reality, mere subjects. Hundreds of years of conditioning at play here. Hey-ho.
Well some of you were Roman citizens once, I suppose. Since then ….
But, what have the Romans ever done for us eh?
“But, what have the Romans ever done for us eh?”
It’s somewhat similar to what the Europeans brought to North America.
HAHAHAHA! Stop it, I’m gonna pee!
Next all door locks will be illegal unless you place a camera in every room. Don’t worry it’ll only be used to make sure you don’t abuse children, promise.
Not illegal but will be openable with a top secret TSA key.
Top Secret TSA Key: a bent paperclip.
Got a bent paperclip eh? Only hackers have bent paperclips.
and the harshest of criminals! i saw them use the paperclip for malicious purposes! “Ban The Paperclip and the Tools that Allow to Bend Them!” its for the good of all! And to save the queenieweenie
Starting to seem like projection on the part of power isn’t it
The simple solution is that all application deployed in the UK encrypt everything twice. Once with the end to end communication and once with the personal encryption key provided by the UK to everyone in the UK and one copy is sent to the intended recipient and a second copy is sent for permanent storage at a GCHQ facility, or an NSA facility or any of the five eyes/six eyes/five eyes plus/nine eyes/fourteen eyes countries around the world. Because that is where they will end up.
That way the people of the UK can have the highest level of private encryption of any citizens within the UK, but of course a system like this should be tested before such a massive roll out, i would suggest at least two centuries and only applied to a small group of users say the entire UK government.
This is the way.
Also deep fake extreme porn of younger king chuck with Sir James Wilson Vincent Savile OBE KCSG.
Never say/type the name ‘Jimmy Savile’ without all the titles and letters. So the peerage knows we know who they are.
I’m surprised he didn’t have at least one honorary PhDs. Quick search reveals he did. So it’s Sir Dr James Wilson Vincent Savile OBE KCSG or at least Sir James Wilson Vincent Savile OBE KCSG PhD. I truly digress.
Two honorary degrees in law, of all things. Since rescinded so no more PhD.
You can’t take away one’s knighthood or OBE once they’re dead, but there was a bit of talk about changing the law to “fix it” in good ol’ Jimmy’s case.
I’m glad I don’t live in a Socialist country like that.
Oh sweety, the UK is extremely neoliberal – which means right wing, often laced with conservative values like government supervision. Liberal does not mean left wing!
There is no planned economy in place, the social security is being destroyed, higher education is not paid for by the government, health care is still available but every year, there’ll be more right wing politicians doing an attempt to destroy it and turn it into a more USA-like system.
There hasn’t been a left wing, social (not socialist) PM in more than a decade.
They pull people out of homes for free speech violations. ohf, that isn’t “right” at all.
“free council flats”? Have you been at the lead paint? There’s literally no such thing as “free council flats” in the UK or “checks” for that matter.
Add extra u’s and q’s as needed.
You know exactly what I mean. Pedantic comments about checks prove you’re just defensive about your favorite tit.
There is such a chronic shortage of housing in the UK and thanks to selling off the council houses to their existing tenants decades ago and not building replacements there are very few council properties… Not saying they don’t exist, but to get a free abode out of the UK government these days it helps to be anything other than a native Briton it seems…
There are still problems with the stuff now called ‘Universal Credit’, but on the whole there you do have at least a hint of truth still, if you are reliant on it you won’t want to bite the hand that feeds. But it really isn’t very generous, especially if you don’t have family/freind with a spare room/sofa as with stupidly high rent and house prices the housing aid element is usually rather pittiful really. Though perhaps overall at times a little more than really required and sometimes the same or worse the other way around, as when economic conditions change the aid doesn’t tend to keep up.
I do agree with the sentiment on this encryption issue though, and as it really won’t be enforceable anyway it really is a stupid idea… There is just far too much data bouncing back and forth in various forms of garbled, even if its not deliberate encryption just the nature of this particular video games netcode – you really can’t catch them all even with the relatively effective firewall of China the outside world gets in. And Brits might not be like the French to get out and protest passionately and clash with riot police over almost anything but push us too far there is a strong stubborn streak.
Foldi:
4.4 million ‘Social housing sector stock’ currently in England alone.
Population of England 56 million. English household count 24.8.
18% of English households firmly latched to the government tit.
That’s a problem. That assumes the average parasite doesn’t have more kids than the average grownup. I bet that’s a bad assumption.
cite: https://www.gov.uk/government/news/social-housing-sector-stock-and-rents-statistics-for-202122-show-small-net-increase-in-social-homes
You do realise that much ‘social housing’ in the UK just means your local council (or their representative) is your landlord. While yes the rent tends to be slightly less insane, and has slightly different tenant rights it is not really different to any other rental property. If anything it seems to be worse as the lack of proper maintenance seems to be more endemic in these places.
Actual genuinely pure social welfare ‘free homes’ are really quite rare with waiting lists so long you probably won’t get one as the stock of ‘social housing’ is already rented by somebody else who won’t be able to afford to move out even if they wanted to…
It’s like section 8 here.
The tenant pays a token amount, based on how well he’s hidden his/her cash income.
It’s by no stretch ‘regular rent’. 21% of English working age people are ‘economicaly inactive’ (bums). They don’t count as unemployed because they are fat dumb and happy on the tit and aren’t looking. Right in line with the % of housing, funny that.
Really isn’t a fair assessment HaHa, lots of folks who work damn hard through their working lives also end up in ‘social housing’ for all that time, and they often have to because the housing market is entirely insane in their area so there is no chance the lower wage worker can actually find a place they can afford. £500 and over a month for a single room in a shared house in some places, often with none of the services included at all, so when you are working for £10 an hour you need to spend a heck of alot of your hours every month just to keep a small room and pay your share of the bills, then you have to actually eat…
In many places in the UK the landlords are making stupid money as they can hike rent pretty freely and the ‘value’ of their buildings has gone up 5-10x (maybe even more) in the last 20 odd years. They don’t actually need to put the rent up nearly as much as they do to make a profit as their mortgage values haven’t gone up with the house prices. But they can, so they do as the demand for housing is so high. All the social housing tends to work out to is a tiny bit more space than a single room in a shared house with a landlord that isn’t so excessively greedy, can’t so easily throw you out to get another £100 a week out of the next tenant and seemingly cares less about doing the maintenance…
Also a great many folks that are claiming benefits end up living just about anywhere but social housing – they’d take it if they could get it probably, but many of them end up living with family/friends until they manage to find another job – not saying there are no folks that make no effort to work but it really isn’t 20% not working and 20% with social housing matching up… Especially as the unemployment rate is usually more like 4-8% than 20%….
Well, I read that and then started eating some books on personal security, encryption etc. Now I have just installed Surfshark VPN, Tor browser, SuckDuck browser (I made that up) and Veracrypt. Bird is currently being well and truly flipped. Enough of this now, if they want to decrypt me then they can bloody decrypt the whole lot, s/w downloads, weather reports, youtubes and all. Drown em in data I say.
Coming for my privacy?
https://www.politics.co.uk/reference/cctv/
A little late aren’t they?
Does this mean HTTPS will be illegal without giving them your private certs?
Root ca is already theirs. https://https.cio.gov/certificates/
I hope you weren’t relying on that.
That’s….. not what that link says lol. Like at all.
“Does the US government operate a publicly trusted certificate authority?
No, not as of early 2016, and this is unlikely to change in the near future.”
IIRC all you have to do is accept a cert from the network provider and HTTPS will happily let the infrastructure decrypt, read and re-encrypt your data.
How corporate BB works on HTTPS pages.
You actually think that HTTPS is secure ?
You do know that it was designed with legal intercept as a key requirement.
Client side certificates secures the network transmission. But of course the best hack is the owed system admin.
That’s it. I’ve had enough. I’m going back to using Snail Mail.
My letters will be sealed with wax and I alone will have the stamper.
Single use pad for encoding messages sent via semaphore tower.
Conversations and revelations with ancient deities via dreams
“We imagine that this will be of significant interest to some of the world’s less savoury regimes, a club we can’t honestly say the current UK government doesn’t seem hell-bent on joining.”
European democracy is dying, how can europeans not see it? All that “Freedom & Democracy” has been BS all the time. Now they can just go for it and not even pretend anything anymore.
I expect open source software will be safely immune from all this. Open source projects don’t cave to government demands the way big corporations do. And openly available source code means code can be audited to ensure it isn’t infected by backdoors. Also, the very few corporations who still have any decency (Signal’s backers for example), have stated they won’t comply with UK demands and will still make their products accessible to UK users by whatever proxying methods are necessary to evade censorship. Clearly the “crypto-wars” of the 1990s are back, techies will just have to roundly beat governments all over again.
Well, that thread went downhill pretty darned quick.
Penny wise, pound foolish.
There’s a been a whole pile of these bills lately. https://www.badinternetbills.com/
Warning, this website is advocating for no age limits on social media.
As someone working in tech who has seen what a lot of it consists of… there is no good reason that young kinds should be sitting on tiktok and the like.
Yeah theater.
No child has ever clicked on ‘I am 18’, that would be dishonest.
Government has no business telling anyone what web sites to browse. No power either.
Let the parents manage their brats. Their odds are low, but better than anybody else’s. IMHO Little kids don’t belong on the net in any way. Especially not the mouse’s, ‘child friendly’, site. But parents call. They should let them on when they are old enough for porn.
Good luck implementing a technical measure for age restriction, short of requiring someone’s government ID. Let kids’ parents police that.
Remember and take to heart the golden rule of working “in tech”:
There are no technical solutions to social problems.
“Warning, this website is advocating for no age limits on social media.”
Oh no!
Anyway,…
Meanwhile I’m still wondering how UK regulators even have jurisdiction to impose restrictions of ANY kind on non-UK (or even non-EU for that matter) entities in the first place. “Comply or you can’t do business in our borders” is one thing, basically every country in the world does that, but I still haven’t found a satisfactory answer as to how they can:
* Be an absolute-veto on the merger of two companies that were neither founded in nor incorporated in the UK (Microsoft and Activision-Blizzard)
* File paperwork on behalf of, acting as if they WERE the company in question, to undo the legal acquisition of a non-UK company by another non-UK company (Meta having their Giphy acquisition forcibly undone by annulment paperwork filed in their name by a UK regulatory body, as if Zuck himself had signed it)
It would at least make _slightly_ more sense if it was the FTC doing it, as American law de-facto defines worldwide internet law (especially in the case of copyright, no matter what Nintendo thinks, Japanese copyright law does NOT define how the rest of the world works), but how did the UK even get to the point where they think they’re allowed to legislate what other nations’ corporations do?
Where a company was founded or puts it global headquarters matters practically nill in the age of international companies. And the UK is a big enough market for their products which speaks on its own, as the companies want all the money – you want to play in our sandpit you better play by our rules… Which is the same reason the more legitimate producers genuinely get the CE mark and practically everything is stamped with it anyway. Or even Apple will probably end up putting USB-C on all the things because the EU says so – far easier to make one product that can be sold in all applicable markets and sell it to everyone wealthy enough to want it than make a billion versions to only just meet every variation of local laws.
And that is not to mention the UK still has a solid high tech and computing sector no doubt still including more than a few on the payroll of those rather giant conglomerates and their many satellite company. It might be possible to uproot all the talent and build new offices for them in Seattle (etc), but it would be ruinously bad for productivity and the short-mid term profit numbers…
Or in short you have jurisdiction mostly because nobody wants to fight you on it – it would be too darn painful.
(Not saying I agree with all the decisions that get made that way, but it is in effect international politics and that is never a particularly sane environment, at least since globalisation. (Probably not before either – but really ancient history perhaps has some examples where the scope of the known world for those peoples was limited enough and those that ruled them actually did make sense somewhere.))
I mean, on the one hand, I get it. A law with no teeth is not a law, and conversely, a not-written-down-as-a-law that no one bothers to Um Actually against is effectively a de-facto law. On the other… it’s a really scary precedent for a regulatory body in one country to declare themselves an acting representative of a company in another country, and to /make business decisions in their name/. Imagine if the CCP went, “yo, we’re acting on Google’s behalf and installing the Great Firewall in all Android devices worldwide, you’re welcome”…
If you can define a government in any better way I’d love to hear it. Jurisdiction because nobody wants to fight you on it. Yep, perfect.
On the internet nobody knows you’re a limey. Until you post a picture showing your smile anyhow.
Not your sandpit, the sandpit is the internet, not the UK.
Do you want the UK to build a Chinese style great firewall? Because that’s the only way to wall it off, and it’s not even close to 100% effective.
You’d be insane to move a crypto company to the USA though. Export restrictions. Many better options. Big sandpit lets you vote with your feet. IMHO Go someplace where you can afford your own politician. Not like the coders have to live there, just a mail drop.
“how did the UK even get to the point where they think they’re allowed to legislate what other nations’ corporations do”
By following the standard set by the USA who think it’s ok for them.
https://www.reuters.com/article/uk-usa-trade-antigua-idUSKBN1JI0VZ
We all know that the USA defines which global laws it thinks are valid and which it chooses not to enforce or simply to ignore, or which countries to invade…
I think that’s what China and the BRICS specifically are highlighting might not quite be “fair” to have one country dictating the law as they interpret it for the rest of us, for their own benefit.
Or perhaps one sided extradition laws which see foreign citizens sent to the USA to suffer for so called crimes commited on the internet which happen to be on USA based servers but are not crimes in their own country and they never set foot in the USA.
Are they supposed to know before hand the laws for countries they never plan to visit ?
Thank goodness we dont have an extradition agreement with countries that actually put people to death; like China, Saudi, Iran, Nigeria, Pakistan, oh wait…
No problem, let’s open cryptography backdoor into the politicians communication first. They surely want to lead by example.
There should be a reciprocity principle built into the Constitution. A backdoor for government’s control over the public is fine as long as there’s a backdoor for the public to control the government.
“”as long as there’s a backdoor for the public to control the government””
It would never happen; “they don’t like it up em”
Fine, I’ll encrypt my data myself.
Surprised revk.uk hasn’t picked up on this yet…
Parliament should stop listening to Sunak and start listening to Orwell.
After they kicked themselves out of the EU a big hole appeared on the west side of the North Sea, and now ships have to sail around it in order to prevent too much dust from being kicked up into the air.
Bureaucrats pretending to know what they are talking about, invariably leads to poor policy.
This is just the latest in an almost infinite list of such poor decision making.
What on earth makes Sunak believe that black hat hackers, be they foreign powers, organised criminal enterprises are going to fall in line with the requests of poorly thought out policy makers. All that will happen is that these state operated and privately run, but well organised criminal gangs will gain access to these self same back doors and use them for their own nefarious activities.
Open your wallet United Kingdom, and repeat after me… “Help Yourself”.
I’ll just leave this spare “or” here. Feel free, to insert it into my previous rant at whatever position makes the most sense. I would edit the thing myself, but I seem to have temporarily misplaced the Edit button. It must have slipped behind the pop up message from the Russian Haxorz that are chomping away on the “Grace Hopper” cable at Bude.
So the British Government is doing what the U.S. NSA has been doing since forever.
They’re trying to do what the NSA/CIA has tried numerous times, but failed to do every time so far — prevent people from using encryption at all.
https://en.wikipedia.org/wiki/Crypto_Wars
Note the last entry in this (very-US-centric) list is the EARN IT act of 2020, which failed, was re-drafted in 2022, failed, and is again live in a third form.
Here in Germany, it seems to be on a five-year cycle. The legislators pass something despite public outcry against it, it goes up for review in the courts and is found unconstitutional, and then they start drafting the next attempt.
Point is: the folks who want to destroy encryption for everyone keep trying and trying. I hope that the public doesn’t get tired fo saying “no”.
Thankfully we have organizations like the EFF to keeping an eye open for such shenanigans. Just need to remember in keeping up funding.
I doubt the public as a whole ever will get tired, the old timers run out of the energy/will to protest and generally start to care less as they won’t be around long enough for the very predictable dystopia to become realised, and the youngest don’t understand the issues yet. But there are always more folks reaching the right level of maturity to really not want such snooping into their lives…
The real question is will such a thing ever sneak though because nobody noticed it.
So seriously, you all think the issue is that hackers would ALSO use it? Not that the fucking thought police is getting a stranglehold on a whole population? That’s is not an issue to so many of you?
Anyway, don’t forget to renew your thought-license every month Jenny. Assuming it’s approved of course.
One of the sections under discussion seems to require that: Companies must be able to install backdoors into a users software without the users knowledge. If the user keeps a hash of the software then complying with the law becomes IMPOSSIBLE!
It also seems that a massive loophole exists in this legislation around open source software: A tech savvy user can simply remove the backdoor. The developers could also copy what Netscape did in having a US / Export version and have a UK / non-UK version switched by a SINGLE compiler flag!
Ironic that UK military personnel have been directed to use Signal and Signal only for Individual and group messaging for coordination.
Does anyone know what’s actually happening with the Bill, the article doesn’t really shed any light on it, and I can’t find any recent news articles on the passage through the house of lords.
If by some miracle this comes in to being then VPN’s are going to solve the problem pretty quickly.
Even the distopian nightmare regimes around the world which the UK may become, VPN’s are still possible and still legal under many circumstances. hint: Or western businesses wouldn’t operate there.
Do you even know what a VPN is? How the hell is a VPN going to help if the government puts backdoors in the software? Especially on smartphones where a VPN is 100% useless anyway since the device sends a DRM ID on freaking hardware level.