This could be very good for Meta, just get the government to never exercise the law on you and to do it instead on smaller competitors that may threaten you.
Now everyone wanting to make a communications app (or anything implementing that functionality) is risking an expensive lawsuit on the UK. Meta too, but they have the bucks and influence to weather it.
VPN wouldn't work. Whatsapp is tied to a mobile number so they would just blacklist all +44 numbers. No matter where you are, even if your an expat, it won't work....
Meta has multiple server relay nodes in EU. Just shutfown the relay nodes in UK and geolocation block all incoming connections to EU servers coming from UK IP address. The phone number is just at user registration. Back-end they know. Heck, my whatsapp even route my voice call info (likely they transcribe and send to FB adverts processing via chatGPT-like solution) and flooded my FB with related ads derived from my voice call keywords.
If they really don't want to serve the UK market, then they can block +44 but given the prevalence of WhatsApp in UK and rest of the world(except for the US), I can see how people can start shipping EU SIMs to UK for WhatsApp use or create SIM SMS relay service with foreign numbers.
It wasn't long since there was a discussion where some people were arguing that they can't make moral judgements because disobeying the law would put them in a very difficult situation:
The consequence for not obliging with the online safety bill is pulling out from the UK market. The consequence for ignoring legally sound US court orders is Meta executives going to jail.
also as the Meta representative points out the UK is 2% of Whatsapp users. Honestly another reason why Brexit was a shot in their own foot. IF they'd gotten legislation like this through in the EU that'd be a much harder market to opt out of.
The above case was with FB messenger which is (was?) not e2e encrypted and since Meta already had the data they were obliged to comply with a court-issued warrant.
With E2EE, they can legally skirt such demands since they can claim they don't have the data so that's a win for them as well.
“If the company refused to do, it could face fines of up to 4% of its parent company Meta’s annual turnover – unless it pulled out of the UK market entirely.”
Wow. I wonder if it got to that point if Meta would change course and disable end to end encryption for UK users and people messaging UK users, if that would be sufficient to comply. If this lobbying causes the UK to change course, I wonder what impact that would have on other countries’ attempts to weaken encryption, if any other such attempts are happening.
That last bit is exactly right. The UK has proposed all sorts of plainly moronic online restrictions, which never actually get implemented.
They simply don't have the clout to push around enormous American companies. It's a tiny country. If the EU or US were proposing such a law, you should take it seriously, but this is just a joke.
Because these proposals are never intended to be implemented. It is an anchor, which is intentionally ridiculous and outrageous, so that when the next slightly less severe proposal is made it doesn't sound as bad as the previous one.
It's very transparent but also standard operating procedure for the current UK government.
It's a country with 20% of the population of the USA. That's not exactly a tiny country.
> If the EU or US were proposing such a law, you should take it seriously
Judging from a few quick searches, there are more Facebook employees in the UK than in Ireland which is their main base of EU operations. They also have a presence in Switzerland (also not EU). FB apparently have some employees in Germany to comply with local hate speech laws, do marketing and HR work, but it doesn't seem like anything they'd miss much if they had to exit especially as they're laying people off anyway.
Now that said, I think Meta can win against the UK govt if they want to duke it out but the idea that the UK is a "tiny country" vs the EU is not reflective of Meta's actual exposure. The EU is not a particularly attractive place for tech firms to hire.
> Judging from a few quick searches, there are more Facebook employees in the UK than in Ireland which is their main base of EU operations.
Regardless of employee count in the UK office, it's only 2% of the market. I have no doubt about the choice I'd make if were faced with the same choice: especially since companies already have plans to decrease headcount.
They say that 98% of users are outside the UK (and those users very likely won't want reduced encryption), so whatsapp would probably just exit the UK.
I know in some non-US countries, WhatsApp is the default way of communicating (like SMS is in the US). Is that true in the UK? That could put significant pressure on the government
Everyone I know here (UK) uses WhatsApp as their default communication tool. I have a few friends using Signal or Telegram, but I'd say WhatsApp is by and large the default, at least for my social circle.
Signal said they may have to pull out of the UK if the bill is enacted as well. This would be a major setback for communications here. We'd basically have to go back to SMS/MMS and email as far as I can tell.
I don't know this is a fight the UK government can win. Does anyone else remember that the American government tried to ban encryption (back in the 90's I think it was)? They eventually had to give up because people just downloaded encryption products from the internet and used them anyway.
The US said that encryption (well, good encryption) was a munition and so you needed an export license to make it available outside the US, e.g. by putting it on a web site.
Such rules are not unusual for physical objects - why sell your enemies or even potential enemies the rope they will hang you with? But for encryption it doesn't make sense because it's just information, and unlike physical objects, after writing is invented humans can trivially reproduce information, so too bad.
Eventually they whittled the "export license" step to something like a form letter Fax and IIRC Mozilla had a process where you raised a Bugzilla ticket, that caused the appropriate fax to be filled out and sent, so that was part of the release process, making it as painless as possible to comply with the stupid law.
France effectively banned encryption in the 90s and had to backtrack, I can't see this being enacted for any length of time before even the most stupid of politicians realise it's a bad idea.
If the law is enacted, and that seems unlikely, just removing it from app stores doesn’t seem sufficient to comply. Besides side-loading, users will just keep the old version of the app.
WhatsApp can pretty clearly know if a user of the app is in the UK based on their account’s phone number country code and GeoIP. So if they wanted to comply by pulling out of the UK completely they’d probably have to make some attempt to disable WhatsApp messages for those users they’re reasonably expected to know with some confidence are located in the UK.
But as others have said, this all just seems like posturing that’s unlikely to become law.
It is not my responsibility to make sure that citizens of Elbonia aren't able to use my application if I don't operate a business or live in Elbonia.
It comes down to jurisdiction. If you don't have it on the default marketplace for the region, and don't have a physical business presence in the region, it can be argued, you've done enough and aren't subject to the jurisdiction and are not doing business there.
That users may bypass and side-load your application is immaterial. If a user in the UK uses a US based VPN, they can also still use the app even if you added IP blocking, and IP blocking in and of itself is less than perfect often subject to false positive/negatives, and best to be avoided.
What does it mean for Signal to "pull out" of the UK? How can the UK government enforce this law against an app whose makers have no physical presence inside the country? Force phone makers to ban the app from app stores?
I doubt that. Signal themselves say they can't read the content of messages, so the UK prosecutors could argue that they're not being targeted over the content of the messages but the fact of enabling their concealment.
Recall that in the US there is no explicit right to privacy. You might be able to make a 1A argument that manually encrypting a message is itself a speech act, but the government could theoretically ban the distribution tools like Signal and argue they have the authority under the commerce clause, which stands on a equal Constitutional footing to the 1A.
I don't think this is likely, but I could easily see it being offered as the justification to honor a UK ban.
1) are you joking, that will stop 99. some number of 9s % of the population;
2) I'm not making any claims about it being desirable or effective, I'm just explaining what 'exiting the UK' means or what they'd be required to do. The crown won't sue a foreign company because a citizen found a way to workaround it not being available here - that would be like criticising the manufactuter of an illegally dangerous electrical item only rated for and sold in 110V markets that someone imported.
The excuse being used here is the prevention of child pornography. The bill being proposed puts the onus on tech companies to scan all messages going through their systems for evidence of child pornography. Obviously, E2E messages cannot be scanned so would be in breach of the law.
What?? if all your contacts are on messenger X, it's easy for you to switch to messenger Y? and do what there, message yourself? It's exactly as hard as any other social network!
P.S. I'm always shocked how people suggest "just use Signal" or something, it's really not up to me what to pick what to use at all, but up to the people I'm trying to connect with. It seems like a very difficult concept for the "just use Signal" crowd to grasp.
Well that's reciprocal, isn't it? You can either be the guy who accommodates all your friends' networks by having accounts everywhere, or you could instead be the guy who's only using Signal, so anyone who wants to stay in touch with you had better get on Signal!
It's the default way of communicating for politicians that are making this law. Of course, they probably don't see the value of E2E encryption because their messages are inevitably leaked by a defector in the group chat.
I don't know about the UK, but in Italy everyone is on WhatsApp, grandparents included, and without it the country would shut down in a couple of hours. In addition, Italians create WhatsApp group chats for everything. Heck, my sport club has three separate whatsapp groups: a general one, one for the senior's team, and a third one to broadcast official information.
Basically everywhere in Latin America you practically could not survive without using WhatsApp, it is that prevalent. It is used for everything from personal communication to business communication.
No. It's a common way of communicating, as are email and SMS. Telegram and Signal are less common. There is however a peculiar bubble effect whereby WhatsApp users tend to think that because all their friends use WhatsApp to communicate with them, it is more dominant than is actually the case. It's the same effect as "everyone is on FaceBook/Twitter/Instagram....".
I would say that WhatsApp is probably the most commonly used chat app in the UK. But most people are also using at least one other chat service such as Facebook Messenger or Instagram's messages. And of course due to the way WhatsApp uses phone numbers as an id, most people also have people's phone numbers and can fall back to SMS if need be.
Not as default as you might think. I made the attempt to get some non-technical friends on WhatsApp years back, and near as I can tell, none of them are on it at all. In fact, most of them never stopped using Snapchat and iMessage is basically dominant.
Interesting. I live in Texas and I've used it like... once, many years ago (haven't had it installed on my last two phones). Defaults for me and mine are SMS (iMessage when available), Discord, and then I've got a couple people on Signal
Interesting. I'm not in the bay area, but I am in the US. I use whatsapp, but purely to talk with my friends who are in Europe. None of my bay area friends (or anywhere else in the US) are using it.
Yes - especially for politicians - although looking at what’s currently leaking in certain UK newspapers one would think they would already be pushing for /more/ privacy on WhatApp rather than less.
Most of the leaks come from the political community itself of course. Either to gather the response to a particular measure without sticking out their neck to actually propose it, or to thwart opponents.
The US routinely use similar bully techniques against their partners (in Iran for instance, pour EU comptines asked the EU commission for help but ultimately we retracted from Iran as asked by the US). They are powerful enough to do that, we (countries in the EU) are not.
Which entity? I'm not sure the UK would have the mandate to fine a foreign company who's not operating in the UK. They'd just create a company whatsapp UK, license technology, have no other links to meta and have a revenue of about 0.
The UK government can legally fine any company doing business in the UK. It can probably fine any company anywhere. A financial fiction that "WhatsApp UK" had nothing to do with Meta is not going to affect that. It's just collection that is the problem, but I would imagine that they would go after Meta's UK advertising revenue.
As of something like 2015 they allowed you to add your PGP public key to your profile to get encrypted notification messages. They are pretty much encryption hipsters.
They partly don't know that because Signal likes to throw WhatsApp under the bus any chance they get, rather than treating them as an ally; I wish Signal would redirect their efforts to choosing new targets, whether in their current app or in a new different product, taking on the ilk of Snapchat/Telegram or even Discord.
> Signal’s idea was to get users to abandon WhatsApp and switch to Signal, an instant messaging service run by a non-profit foundation, which has proven its commitment to protecting the privacy of its users and that is seeing significant take up, especially after the latest changes to WhatsApp’s privacy policies.
This whole ordeal was doubly-dishonest, as not only were they running ads against one product line (Instagram) with the specific goal of getting people to switch away from a different one (WhatsApp), but the entire thing was just FUD designed to attack Facebook for going out of their way to build something that actually did honor end-to-end encrypted goals: companies wanted to be able to do Facebook Messenger -like company-to-user chat stuff, and so Facebook wanted to provide a way--specifically for companies--to use a portal to access a "hosted" WhatsApp client.
But like, that would mean that Facebook would, for just these specific chats with business accounts, potentially (if the company was using this service) be able to read those messages, so they had to adjust their privacy policy. In some cases, this didn't even involve removing text, but was just a matter of moving some text... but Signal didn't care much about accuracy: they were stoking the flames every way they could and in the process frankly harmed their own mission because a ton of people ended up going in the exact opposite direction, moving to apps like Telegram.
Here is a comment I had left at the time of this specific particularly-big incident going down, which has then a link to another comment I'd left with more detail on this (as my memory is fading on this stuff) including quotes from both Facebook representatives and their documentation.
Signal is a non-profit whose mission should be to get people to move to encrypted technologies whether or not that decision involves Signal and they should be trying to work with Facebook on the narrative surrounding WhatsApp, not throwing them under the bus any chance they have to get some publicity for Signal. Here's the real question: have you ever seen them publicly go after Snapchat, or Telegram? As far as I can tell--not just from memory, but from doing some searches on the topic--the answer seems to be "no": they go after WhatsApp, because that product is the closest to being a direct competitor to Signal.
(That said, I also want to be clear: the actual part where Facebook didn't allow them to run the ads and the feud there is also not good... but not only are the morals there a bit more murky, it makes both sides look shitty to be sitting around in some epic fight over their market, and all the meanwhile the benefactors were the apps other than Signal and WhatsApp, and Signal should be sticking to their mission and teaming up there to help clarify to prevent those kinds of losses.)
On the other hand, it's not really end to end encrypted. They've inserted a sort of man-in-the-end bit so they can check your content in the app and send out information about the content out-of-band. I don't know if they do this for advertising purposes, but I know they do image recognition to detect for example, specific types of pornography.
i think to expect a multi-billion dollar organisation to make consequential decisions like this based on anything other than cold calculation is naive at best and enormously stupid at the very worst.
I was wondering why can't chat apps be like email apps: i.e., let users point to a private key on their own phone, and publish their public key. Then, just like exchanging secure emails, people transparently chat using the same encrypt-decrypt mechanism? Won't this work?
Now, years after shuttering their XMPP service, Google is complaining about Apple not following "messaging standards" (aka the piece of shit messaging protocol RCS).
Shouldn't have worn that petard if you didn't want to be hoisted by it.
> Britta: Shouldn't have worn that petard if you didn't want to be hoisted by it.
> Jeff: ...What do you think the expression "hoisted by your own petard" is referencing?
> Britta: I guess I just assumed that in the old days a petard was a special outfit like a leotard, with a lot of fancy buckles and loops on it, and that rich people would wear them when they were feeling especially smug, but then poor people would tie a rope through one of the loops, and hoist them up a pole and then let them dangle there as punishment for being cocky.
> Jeff: Never look it up. Your explanation is way better.
Being hoisted by your petard is a well-known phrase from Hamlet by William Shakespeare, indicating an ironic reversal, or poetic justice. [1] Yet, it is somewhat of an ironic reversal [2] for you to write that the saying isn't apt.
The literal meaning of the phrase is that when your own bomb's explosion blows you backwards that leads to the derivative understanding of having experienced an ironic reversal or poetic justice in whatever situation is being experienced.
In todays world we now have the culturally apropos Petard Clothes for custom hoisting. [3] So, we actually have a double entendre [4] that should tell us all not to get hoisted by our own petards when telling HN posters not to wear their bombs.
If E2EE in messaging becomes table stakes and Meta can find a way to inject ads subtly enough not to piss off users into quitting, Meta wins hard since they've been building their AI infra to "get around" Apple's tracking restrictions for a while now and there are reports that it is finally showing good results. They'll be able to dial in their ads way better than any competitors until they catch up in the AI department.
Isn't this a red herrring? I thought the law didn't require the removal of E2E encryption, but rather mandated the addition of a back door that submits some kind of meta data summary to a third party service?
Dark patterns trick WhatsApp users to enable backups to Google and Apple. If you have them disabled odds are good the other side got tricked into them. Even if your backups are encrypted, it's using only a 64bit key. That means Five Eyes have near real-time access to your "encrypted" messages. Hell, I have to decline backups every time I use WhatsApp on my iPhone, yet after a phone reset all my messages were still there. They were gone in Signal for example. Is UK making a stink about it to lure bad people into a false sense of security? We all know why large US tech companies bought Skype (twice) back in the day. It's naive to think WhatsApp was bought for a different purpose.
WhatsApp doesn't rely on ads for their income and never has. For one the technology may have helped the company save development cost for their other chat applications (Facebook messenger & Instagram). On the other hand WhatsApp Business is probably pretty profitable, although there are sadly no public revenue reports I could find.
Additionally I assume the running costs for WhatsApp are probably not very high.
From my limited understanding of WhatsApp revenues were healthy prior to the buyout. I have seen some revenue estimates since the buyout that could justify the sale price, should they be accurate.
Are you factoring in opportunity cost? Could an independent Whatsapp have cost Facebook >= $20B worth of revenue? Could Whatsapp have evolved into a more fully-fledged Social Network to rival Facebook? Ensuring the answer is "no" for Facebook is worth a lot more than $20B in my book.
I don't really believe WhatsApp was bought to show ads on WhatsApp, I believe it was bought to forestall competition and protect Facebook's existing revenue. Zuckerberg was afraid that users would leave Facebook for WhatsApp, and tried to prevent that by buying it and merging it in to messenger.
They largely failed though, as for political (and maybe also technical) reasons the merge was cancelled.
Your messages to him will be backed up and stored in plain text by default along with all of his messages and all the messages to him from other users. If that makes any sense. I would not be surprised if 90%+ of WhatsApp messages are just sitting at Google and Apple unencrypted.
The backups were indeed WhatsApp's Achilles heel. However recently they've finally given users the option to store the key on their side and only there.
Instead of removing end-to-end encryption, there may be alternative solutions to address law enforcement concerns. For example, law enforcement agencies could work with WhatsApp to develop lawful access mechanisms that allow them to access messages in specific cases where they have a legitimate need to do so. These mechanisms could be subject to strict oversight and transparency to prevent abuse.
If the messages are end-to-end encrypted, there is no way to do this. A backdoor or other mechanism means it is no longer end-to-end - some third party is involved.
Furthermore, the UK has a long history of such “strict oversight and transparency” hardly existing, when it comes to these matters, with numerous controversies with police and other agencies abusing their access to systems.
It is worth noting, however, that WhatsApp messages can generally be accessed with such a backdoor anyway. The majority of users backup their messages to iCloud or Google Drive, encrypted, with WhatsApp holding the key. Consumer tools already exist that can access these encrypted backups, and fetch the key from WhatsApp with nothing but a text message. A warrant to Google/Apple for the backup is all that is needed, apart from the small % of users who have enabled the new E2EE backups.
Maybe it can still be called e2ee, but instead of having 2 ends you have 3.
Much like on a group where everyone involved in a group chat has access to the messages. With UK law, all 1 on 1 chats would turn into group chats: 2 people + UK law enforcement.
So it's not like everyone and your grandma will have access to your messages. It's you, the people you chat with and law enforcement.
But regardless, I still think this is stupid because not even governments can be trusted with our privacy, much less law enforcement. Not to mention leaks.
Which always makes me wonder, what is the extend of the child pornography problem? How big is the nail compared to the proposed hammer? If I had to guess, I would guess this is hammer affecting 80+ % of the population to go after a group constituting a fraction of a percent of the population.
That's a very good question: how to quantify child suffering to one of the worst crimes imaginable? I am not saying I am for or against. I am just trying to point how really difficult is to quantify both sides of the equation.
This will do a grand total of nothing to reduce CP, though. It's probably not even going to be an inconvenience. They're already breaking the law and probably jumping through hoops to get access to it.
I disagree that it will be nothing. It will be something larger than 0. First question is how to predict the impact. But more interestingly when we have the impact analysis how to quantify the suffering that will be reduced in comparison with reducing security and how to quantify even that and put these into comparison. (Again I am not on either side just pointing how hard it is to quantify these things)
I don't think you can quantify it in neat charts and numbers. But I suggest that the depraved individuals who consume such materials are already used to being outliers and willing to go to extremes to procure such materials, so in most cases they'll just use whatever dark web crap will serve it. They aren't all as thick as Gary Glitter unfortunately.
Meanwhile 99% of innocent people will be hugely inconvenienced by weakened security, not to mention the amount of suffering caused by data breaches and impersonation, then the loss of jobs and economy for many business wasting resources on downgrading their products for compliance.
Not a great trade IMO.
It is more likely that "only pervs use encryption" is a pretext to appease lazy police or spooks, who just want to hit buttons and get people arrested. I have this suspicion because actually helping children who are exploitable this way is a much more difficult problem than breaking out the banhammer.
But I suggest that the depraved individuals who consume such materials are already used to being outliers [...]
The perception of those people also has to change. I would guess most of them will not have made a conscious choice to be attracted to children in the same way that most homosexuals will not have decided to be attracted to the same sex. So they have to deal with a desire that they can never fulfill without doing something really bad and many of them would probably benefit from professional help. But thinking about those people as if they are the personified evil and considering them almost inhuman, is probably not what will encourage them to come forward and seek help.
That's valid to some extent, for people who want to change. Not all of them do.
Also, sometimes the most strident voices of condemnation are seeking to draw attention away from their own criminality. A couple of months ago a guy in Southern California was arrested and charged with not just possession but production of CP and other sexual offenses. He had a private room on his business premises that he used for these crimes. In 2021, he had hosted an anti-child-sex-trafficking rally in the parking lot of the same business location.
Likewise, think of the numerous cases of moral crusaders against fornication/ homosexuality/ whatever that turn out to have been engaged in the same behavior that they regularly denounce. Dishonest people see no problem with being a pastor or community leader and bilking the suckers foolish enough to donate to them.
I would guess that there are, to a first approximation, two groups of people - those consuming child pornography and those producing it. The consumers are probably the much larger group and to a certain extend one could maybe even call them harmless, at least ignoring the risk that they will go further in the future and that they are driving the demand. I don't know if this is actually true, but in the discussion of prostitution you regularly come across the argument that it is a way to satisfy a desire that might otherwise be satisfied through rape or other sexual abuse. In the same way consuming child pornography might prevent a certain group of people from themselves abusing children directly. When it comes to the producers, things might be much more bleak. They are the subgroup you really want to go after. Some of them might even do this just for the money without themselves being interested in children.
There are two such groups, but the overlap is significant. A lot of CP is acquired by trade rather than sale. I don't think there's much evidence either way for the proposition that consumption prevents further harm.
Anyway, my point was that some of the most strident condemnation is actually performative & deceptive.
doesn't have to be neat chart but you kinda quantified one side: 99% of people will be hugely inconvenienced by weakened security. Now the question is how much child suffering is worth to inconvenient 99% of people?
Let's say it would be 1 child that could be saved would you say it's worth the inconvenience? What if it's 2,10,100,1000? I am genuinely curious where would you draw the line (And that line is your neat chart with numbers)?
As an analog: at some point in the past we decided cars didn't have to go at 15mph with a guy with a flag walking in front for safety. We accept a large number of road deaths a year for the convenience of shorter journey times.
To add to this, there is probably a huge spectrum, from people secretly taking pictures of naked children at the beach which you might never even become aware of to yearlong abuse and rape. And one should not lump them together to get to get a big number of cases and then pretend they are all of the worst kind.
Also the decision is not a dichotomy between complete surveillance of all communication and doing nothing at all, there are other measures that can be taken additionally or alternatively. So the proper measure is the additional utility of banning end-to-end encryption over all the other things you can reasonably do, not over not doing anything at all.
You misunderstood me, I did not want to say that you can have some partial end-to-end encryption, I meant that not outlawing end-to-end encryption does not mean that you do or can do nothing against illegal content, i.e. there are other ways to fight this problem besides outlawing end-to-end encryption.
"how to quantify child suffering" is already the wrong question. The focus of efforts like this are usually much more about the pictures than helping the actual children.
In this case certain child protection groups are suggesting that encryption is a hinderance to protecting children in some scenarios. Specifically it allows social media companies a convenient get out in terms of accepting responsibility.
I think there's two ways to interpret that:
a) At face value, in that its boomer mindset popular among the Tory voting base to want to convert the internet back into the pre-internet world and its possible the blues are just genuinely representing these concerns.
b) these child protection groups in years to come will be revealed to have links to MI5, given MI5 is one of the few agencies that the government does tend to listen to. Its worth remembering that the UK used to predominantly communicate using text messages which are sent over clear so the universal adoption of encryption post Snowden revelations has been a thorn in the side of intelligence agencies for many years now.
what does this have to do with the eu? The bad proposals I've seen have all been shut down, and instead good laws like gdpr and net neutrality have been enacted eu-wide.
I believe you don't know the meaning of the term "end-to-end encryption". Obviously the application itself (and the phone) can see the text you put into it, because it has to display that text.
"End-to-end encrypted" means "from the moment the text leaves the phone, to the moment the text arrives at the recipient's phone, the text is encrypted such that no intermediate party can read it". You must of course trust or verify that the WhatsApp app isn't leaking your text, that the keyboard you are using isn't leaking your text, that Android or iOS or whatever isn't leaking your text, that you yourself aren't somehow taking unencrypted backups and you aren't using whatever unencrypted-backup features WhatsApp might make available, etc.
That is all good and clear, but its not open source and the government would not need have a back door, they can just request the received messages, or am I wrong here?
They can certainly get a warrant to seize and search a phone, yes. They can also get a warrant to seize the contents of the WhatsApp server, for what little good it will do them (assuming we believe they are in fact end-to-end encrypting the messages effectively).
Now everyone wanting to make a communications app (or anything implementing that functionality) is risking an expensive lawsuit on the UK. Meta too, but they have the bucks and influence to weather it.