The UK Government repeatedly fails to understand that there are no boarders on the internet, and it'd be impossible to impose any without the kind of extreme restrictions of a totalitarian regime.
Any measures without broad international cooperation will push vast number of people towards darker corners of the internet, which will not just end up completely undermining what they are trying to achieve, it will make the problems worse.
Meta alone have the power to make this law a miserable failure.
People will want to use WhatsApp, the government themselves use it extensively.
If meta refuses there is very little they can do. Facebook can continue to operate without a single person on the ground in UK. It might harm their business in some ways but it's definitely doable.
The government might be able to force/convince Apple and Google to take it out their app stores in the UK but such regional restrictions are easily bypassed and WhatsApp is popular enough to make people try it. So that would then normalise the practices such as side loading / jail breaking and avoiding regional restrictions. Cyber criminals would be rubbing their hands at the opportunities this creates and I am sure the peodos and terrorists this is meant to be stopping will jump at the chance to get in on the act.
I’m pretty concerned about what Apple is doing in China, but there’s no evidence at all that Apple is escrowing end-to-end encryption keys to the government. There’s also no evidence that the Chinese government is using Apple’s non-E2E keys (held in Apple hardware in a cage at a Chinese hosting provider) for mass surveillance. I’m not saying that it’s impossible: I’m saying if you could come up with that evidence, either through reverse-engineering or a verifiable leak from Apple, it would be the biggest story in tech. You would be famous and (if you knew the right hedge fund) probably very rich.
That Apple operates iCloud in every single country except China, where GCBD (AIPO Cloud (Guizhou) Technology Co. Ltd) operates iCloud, think I makes pretty clear what's going on.
That’s separate from iMessage, which is end to end.
Apple used to be able to access iMessages through iCloud backups. They changed their system worldwide, now they can’t. So presumably GCBD also lost access to iMessages in iCloud backups.
Apple can still read ~100% of all iMessages in real-time because iCloud Backup (non e2ee by default) serves as a key escrow backdoor in the e2ee of iMessage. It is thus legitimate to state that iMessage is not e2ee as in practice each iMessage is also encrypted to a key held by Apple (in addition to the endpoints).
Even if you turn it (e2ee iCloud Backup) on, it's ineffective, as both parties to a conversation must have turned it on for the conversation to be private.
The optional iCloud feature called "Advanced Data Protection" is currently an opt-in. It comes with a significant drawback for typical pop and mom users --> If you lost you password and recovery key it's game over you loose everything. So I guess it's sensible to keep this as an opt-in until users are better educated about this drawback.
What will be quite significant is wether or not this feature will be available for chinese users.
It make sense from a technical POV to block ADP feature in poorly democratic countries that might request it like China and maybe tomorrow the UK.
PS : Once a significant % of users activated ADP it could be a good UX improvement to display a warning to mixed ADP status conversation that the conversation is not fully e2e encrypted. However this might be premature right now otherwise early adopters of ADP would be flooded by such warning.
There’s some confusion here, iMessage is end to end encrypted by default. That in no way protects the information on each users device.
If iCloud is enabled, then by default it gets unencrypted copies of these messages from the device unless “advanced data protection” is also enabled which ensures iMessage is encrypted but means losing your password also loses access to these backups. However, disabling iCloud sidesteps this issue and honestly if you want that kind of privacy then disabling iCloud is probably a good idea.
So if one users uses ADP and the other user disables iCloud then the conversion is protected.
If you scrolled down in the link provided above, it mentions with BOTH Standard and Advanced data protection messages are end to end encrypted, it’s just with advanced data protection the encryption key also ends up being encrypted too, but I’m positive even this has changed recently. You can try looking at logs when you turn on messages in iCloud and see that your messages are encrypted.
So lots of confusion in this thread, my advice for Apple would be make it very very clear to users that your data is safe. I mean they are threatening to back out of UK, so it’s against their core principles and also probably very technically expensive to undo they end to end encrypted system.
Actually there is a third option, don't back-up your iMessage to iCloud in the first place. In this configuration you need to transfer your content from device to device using a local backup if you intend to keep your messages.
You the have the same level of privacy (if not higher) than with ADP. But with the same drawback, if your recipient does backup to iCloud without ADP then messages can be intercept by apple at rest on your recipient iCloud backup.
Incidentally ADP mainly target users that didn't trusted iCloud backup for the lack of e2e encryption at rest.
More prosaically it's probably because turning it on means it's easier to lose access to your data if you lose devices/keys. Apple can't help you if they don't have the keys. It's not a bad marketing position.
They don’t want their data leaving their country? Doesn't GermanyAlso have some privacy laws that require data on Germans to stay within Germany? Isn’t this just an extension of that in a way?
> You would be famous and (if you knew the right hedge fund) probably very rich.
Famous, sure.
Rich? Perhaps… but I suspect that annoying a superpower will mean that, like Snowden, one would be somewhat restricted in ability to make use of any such wealth or fame.
Regarding the financial impact, what's the trade if they find out China is different? Shorting Apple? I don't think that would be a consequence. Nobody cares that China intercepts everything, we just don't want to live there or in a regime like it.
There was a rumor about separate HSMs for device personalization in China, and this would be verifiable by determining whether the Chinese HSMs could verify cryptograms produced by derived keys from a US device,
against Apple's personalizaiton endpoints in china. I don't know the protocol off hand, but there is a short list of ways to do it. If Apple uses different root secrets in China from the rest of the world, what further evidence would you need?
Apple has claimed that they don’t allow China to intercept communications using these keys. They’ve said on the record to the WSJ that they don’t do any combination of these things, and they left very little wiggle room in their denials (Google Apple China encryption keys WSJ). If you could show that they were compromising security for the Chinese government but not making any allowances for the FBI, and that their executives were lying about it, it would be a massive political scandal. There would almost certainly be congressional hearings, simply because any one of {Apple, China, tech executives caught lying, tech executives secretly collaborating with foreign governments} is by itself an opportunity for Congresspeople to get their face on TV and this would cover all the bases. Following this there would be huge US government pressure for Apple to (at minimum) cease collaborating with China to surveil its people, or else to offer the same capability to the US government. Potentially Apple’s entire business in China could be jeopardized if it was predicated on secret collaboration, not to mention their whole supply chain would be even more at risk. In the long run Apple might maneuver out of the situation somehow, but in the short run it would certainly affect them very badly.
>Apple has claimed that they don’t allow China to intercept communications using these keys. They’ve said on the record to the WSJ that they don’t do any combination of these things, and they left very little wiggle room in their denials
There's wiggle room in what you wrote: "Apple doesn't allow China to intercept communications, China just does it on their own" for example is a way to parse that sentence.
That would be a bigger scandal. If Apple's communication protection protocols could be subverted in flight (i.e., not via endpoint compromises) without Apple's consent or active participation, that would imply that the protocols themselves were just for show.
Chinese national security law includes a gag order for such assistance requests.
Apple can say they don’t allow it, because their local partner company is the one actually doing it. And the local partner would say they don’t allow it, because Chinese law (and the Party) requires them to keep all national security assistance secret.
US executives can be compelled to testify truthfully under oath. There is no "Chinese law compels me to keep this secret" defense to perjury charges in the US. If credible evidence emerges, Apple executives will eventually be forced to admit whatever they know. The only viable strategy here is to have a broken system and plausible "not know" it's being exploited, but that's a very fragile approach (technically risky, vulnerable to whistleblowers) and it only works once.
> Following this there would be huge US government pressure for Apple to (at minimum) cease collaborating with China to surveil its people, or else to offer the same capability to the US government.
Congress knows this would only kneecap one of their largest companies (with no fallback option at present). There is no iPhone without China.
Apple can and does already provide surveillance of this type domestically to FBI/DHS/et al. Approximately all iMessages are readable by Apple and extension by the USG in real-time, with or without a warrant.
You can frame it the different way: Apple has given up improving the freedom of the Chinese people because that is infeasible. But it hasn’t given up hope on the West.
Yes, because China has double the population as the whole of Europe. Ceasing operations in the UK wouldn't hurt their revenue as much as doing so in China.
No, the population of China is not the issue. The problem for Apple is that so many of their products are still made in China that if they anger the Chinese government they risk having their factories closed, leaving them with no products to sell. To say this would be disastrous for sales would be an understatement.
The last thing China is going to do is close manufacturing plants.
Apple makes 10x more selling in the Chinese market than they do in the United Kingdom, even with all of the roadblocks and handicaps China erects. Further Apple realizes that as the UK is a Western, democratic nation it is easy to essentially bargain about policies. Apple's current threats are essentially negotiating. There would be no negotiating with China about stuff like this.
Beijing can’t even shut down the factories north of the city that dump particulates into the lungs of the leadership and their families. No way they can shut down some of the big iPhone factories.
Are you joking? Even a random middle class flat in Beijing would have at least one OK air filter appliance. Party elites likely have pretty good industrial grade ones everywhere. First thing is shield themselves from the fruits of their policies...
Nobody is talking about morals here. Its bad for business for Apple to capitulate to the UK. It's bad for business for them to not capitulate to China.
And iPhones ceasing to be sold in the UK would probably be all it takes for public backlash to neuter the law. I imagine that's not on the table in China.
> Its bad for business for Apple to capitulate to the UK. It's bad for business for them to not capitulate to China.
It's very difficult to square these two sentences together.
On one hand, if they break their privacy and security for the UK government, it's bad for business because they'll continue to sell iDevices and services?
On the other hand, if they break their privacy and security for the CCP, it's good for business because they'll continue to sell iDevices and services?
You're tacitly admitting my assertion - Apple's morals are for sale.
If the US threatened Apple, we can expect they'll sell out there too, no?
> You're tacitly admitting my assertion - Apple's morals are for sale.
Yes.
China is much further from the Western world than the UK. Capitulation there isn’t a step onto the slippery slope. Doing the same thing in the UK would lead very quickly to EU and US demands to do the same.
By exiting such a small market, Apple defends the much larger markets against creeping surveillance.
Remember how fierce the backlash was to their CSAM scanning proposal? They walked that back. Some people might think it was for moral reasons, but I’m pretty sure they realized it would harm their bottom line.
The way things work in China is not the same as the UK. They either play by CCP rules or they don’t play at all. Apple’s calculus here seems to be that not playing in the UK market is worth it, whereas missing out on the Chinese market is not worth it.
Nobody needs to operate in China. That's the thing that's being overlooked.
Apple made a choice to operate there - and would have still been the world's most valued company regardless.
So, Apple's choice was to sell-out their privacy and security credentials to make more money - counting on their other large markets (ie. the US) not paying close enough attention to see the blatant hypocrisy.
"Security and privacy are great - unless we can make more money selling off your security and privacy to oppressive government regimes!"
Somehow that just doesn't have a catchy marketing ring to it...
So now there's precedent that Apple will violate everything they stand for if a large enough market demands it. What happens when the US government decides to place Apple in the crosshairs for not "helping catch terrorists" or something? Will Apple sell out too? Why not?
While a good example, that was in 2015. There haven't been very many (or any?) public challenges since - which does make one wonder...
Apple could simultaneously backdoor their devices while also keep them secure from anyone but the government with a warrant. These things are not mutually exclusive.
The China precedent is troubling - to say the least.
You cannot backdoor a device in such a way that only 'certain' people can access it. Once that door is there, people will find an exploit it. The only way to be completely secure is never build the door in the first place.
It's not possible to make 25,000 iPhones per hour anywhere else on Earth right now. There are over a hundred thousand people who work on manufacturing the iPhone and you can't just clone them (and their skills and experience and knowledge) in a week, or a month, or even a year.
> Who forced Apple to manufacturer iPhones in China?
> Nobody
Ironically correct: the absence of alternatives — nobody else could do it — is what forced them in the first place.
The recent pressure from the US government to "bring it home" is because the US government finally started to realise that was both true and bad (doesn't matter if Huawei was really spying, Washington believed they were); similarly for equivalent EU pressure.
Are you asking if the west could make phones? Almost certainly. Have they chosen to do so? Not at all. Apple may be big enough today to possibly operate without china in 10-20 years, but no chance in 2007 or today.
It's the global debt-based fiat monetary system. It squeezes workers hard and turns every industry into a winner-takes-all industry since workers are so poor they can only afford the cheapest of the cheap. In the old days, a business could afford to continue to operate and thrive even if they weren't necessarily number one at everything... People had enough surplus income to not worry about spending a bit more for some local product even if it wasn't necessarily the best value for money. Also consumers were not so insanely well attuned to squeezing every penny as they are today (due to lower financial stress levels) and this created more room for new businesses to compete with incumbents.
It's the effect of the monetary system squeezing the masses hard which forces everyone to buy the cheapest things and it created a kind of technological shrinkflationary race to the bottom.
You’re correct of course. Even so it’s worth noting that you could also call it the global asset based monetary system. Credits and debits are just two sides of the ledger.
In my mind, and definitely informed by my attraction to medieval Catholic philosophy, the problem isn’t really debt but rather usury.
Kind of interesting that the definition of usury became about 'unreasonably high' interest rates as opposed to merely any interest. I think the harm of usury can happen at any interest rate level depending on the specific details of debt contracts.
I actually think that if it's one's own money, they should be allowed to loan it at any interest rate since they're taking the risk upon themselves. If they can find a willing borrower at such high rates, then good for them. If the borrower agrees to a bad deal, then it's the borrower's own fault.
What I most strongly oppose is the idea of public institutions loaning citizens' money through the issuance of new currency (which dilutes the value of previously issued money). It's especially harmful when the interest rate is low.
For example, if the interest rate is 0%, then it's unjust for a government institution to dilute citizen's currency and shift the risk of borrower default onto currency-holding citizens (savers) without offering any upside to those savers; in that case, the central banks turn regular citizens (savers) into suckers by loaning out their money for free for the benefit of reckless borrowers who borrow it for free.
>US and European political leadership who made manufacturing unaffordable domestically.
Manufacturing consumer goods in the west was never unaffordable, just that insane corporates profits weren't possible while keeping manufacturing in the west, as they were in China.
A lot of consumer electronics were made in the west before the mass exodus to China. Nokia phones was made in Finland and Germany, Siemens phones were made in Germany, Ericsson phones were made in Sweden, etc.
It was all possible and they also didn't cost an rm and a leg, but companies saw the allure of ultracheap labor and loose environmental regulations in China to jack up their profits.
Exactly. Tariffs on Chinese made goods would have prevented this but everyone saw only shareholder value increasing opportunities so it was decided to offshore all electronics manufacturing.
I think it's more that not capitulating to China would potentially result in destroying Apples supply chain. China could potentially kill Apple, the UK can kill a portion of Apples user base.
They have huge illiquid manufacturing in China. The government has a lot of leverage over them. Its impossible for them to gamble on this. It's not even comparable to the UK situation at all.
Even if they pulled all manufacturing from China, they could still potentially be kneecapped if China blacklisted them from purchasing things like gallium.
I don't think they had a choice not to operate in China in any practical sense.
They could have not been a large scale electronics manufacturer, but then they don't operate in China by making an entirely different kind of choice to be an entirely different kind of company. I don't think any electronics manufacturer (or meta-manufacturer/designer/whatever/globalization is weird) within an order of magnitude of Apple's scale can practically operate without benefit of China's manufacturing base.
It feels like you have to bend the intuitive notion of "deciding" to operate in China even means for this to make sense and you just want to pin something on Apple here because they're a giant corporation, and all giant corporations are morally gray at best. The global economy has "decided" that China has the manufacturing base for this kind of business.
This doesn't seem productive in the way that appeals to personal responsibility fall flat in dealing with societal issues, like, we shouldn't have public drug treatment programs because people shouldn't do drugs. People do drugs, and there are costs to not having public treatment programs, so if you want to pretend it's just a matter of personal responsibility, you are indeed pretending, because it is also a societal problem not negated by framing it as personal responsibility.
Here, we assign "personal responsibility" to Apple for operating in China, when we have the "societal issue" of large scale electronics manufacturing centralizing there so that they have the industrial base for it. The world, on the whole, has allowed China to link into the world economy in this manner regardless of their humans rights record and other issues.
So, while there's nothing to love about Apple here, I feel like it's really missing the forest for the trees to frame this as an "Apple" issue in any sense whatsoever, but should be framed as a China-human-rights, globalization, and world economy issue, and we don't do ourselves any favors with appeals to "corporate personal responsibility"
A company has no morals… Its policies depend on the people within it, who do have all sorts of moral principles that are always more or less at odds with each other. Trying to go beyond that is a fool’s errand: a company is not a person. Everything makes sense once you’ve understood that.
When it happens, a company acting purely on someone’s moral code (usually a dictator CEO, though) sounds fine and reassuring. But on the contrary, this is unstable as you never know when that person will be sidelined, forced out, or realign their principles. At this point the company you trust can very well become an enemy. Just look at Twitter or Reddit.
On the long term, you need the company’s financial interests to be aligned with your (various) interests. This is the only thing that remains stable. Well, as long as nobody comes and make it private; then anything goes. It sucks, but that’s capitalism for you.
For the moment, Apple is mostly safe because basic privacy is their brand, and dropping it would be costly. This gives them leverage against some governments, but not so much against others. You can also count yourself lucky not to be born in China, but then there’s nothing Apple can do about that.
It's also important to draw red lines right away before unwelcome precedents are set. We'll do this for China and maybe for India if that market grows big enough, and we would absolutely do this in the US if compelled to, but we will not do this for anyone else. Except maybe for the EU.
Ever been to China? The internet certainly has borders and boundaries. Sometimes you can sneak across or get a visa, but individual nations make their own rules. Most people either follow them or remain unaware of them, and large multinational companies will typically follow local laws because they are juicy targets.
In the UK, companies which protest this law are threatening to leave the market. That would mean blocking UK users on their properties, not helping them find ways to break the law.
Or, when you say "no boarders," do you mean that the internet is not zoned for residential use? Sorry if I misunderstood.
If the UK implemented something like The Great Firewall of China, it would be a gigantic statement about the country's future ideological direction (arguably started and in line with Brexit), and may actually be enough to cause protests large enough to make a difference.
"When in the Course of human events, it becomes necessary for one people to dissolve the political bands which have connected them with another, and to assume among the powers of the earth, the separate and equal station to which the Laws of Nature and of Nature's God entitle them..."
"There is a time when the operation of the machine becomes so odious, makes you so sick at heart, that you can't take part! You can't even passively take part! And you've got to put your bodies upon the gears and upon the wheels ... upon the levers, upon all the apparatus, and you've got to make it stop! And you've got to indicate to the people who run it, to the people who own it, that unless you're free, the machine will be prevented from working at all!"
I disagree with this part. The EU is on that same path. The EU Great Firewall idea has been kicked around for years and it has even shown up in some policy suggestion documents.
I disagree for the simple reason that I've lived in the UK for 40 years, and I recall each home secretary being more authoritarian and pro-surveillance than the last. The RIP bill is a decade old and was strengthened, under home sec May, before the referendum.
I would describe the EU as wavering. Perhaps they'll do it, but it's far from certain.
The UK doesn't need to implement a Great Firewall; if they succeed in convincing service providers to voluntarily exit the UK market, then each service provider will block traffic to/from the UK on its own. A few shitty laws may be enough to incentivize the emergence of a Great Patchwork Firewall.
Serious question as a UK citizen who doesn’t live there anymore. Post-Brexit, leaving is surprisingly difficult despite the refrain of the morons who say “if you don’t like it go somewhere else”, blind or ignorant to the fact they removed that option.
Brexit is a refusal of authoritarianism and introducing another layer of "barely elected" government, which is why the UK is being punished for following through with Brexit.
Of course most governments in the UK, like everywhere else (whether right or left wing) are, more or less secretly, authoritarian so they will be favourable to a great firewall when the right time comes.
I spent a long time rebutting each counterfactual in turn, but then I recognised that I was falling for a gish gallop. Furthermore, as dang is (rightly) adamant about avoiding personal remarks, I had to cut out the funny bits.
So instead, here's the simple truth.
The UK, in a surge of authoritarianism, cut its own balls off by leaving the EU (and the Civil rights it confers). It did this to appease fringe nutjobs and to make a pile of money for hedgies. Then it howled in pain and blamed the EU, even though the EU was against the chopping of the plums from the get-go.
The conditions for this bollockectomy were created by a barely-elected government, after the fall of which we have had, mainly, unelected government.
This entire manoeuvre was done under a screed of fractal dishonesty, in which scuttling little fibs decorate a structure of brassy falsehoods all stacked higgledy-piggledy on a giant whopper. Unwilling to accept the blame, the responsible parties continue to lie to this day.
In a parallel move completely unrelated to the above, the unelected UK government is ramping up surveillance. The EU has not done this, but the liars blame it anyway.
The UK is not being "punished". All the consequences of Brexit are imposed by the UK on the UK. (Also, it seems to be leading them somewhere more authoritarian, not less.)
Brexit for most people was about almost nothing at all. It was an empty shell of an idea that people poured their vision of a better country into. That's why the UK is being 'punished' - because nobody had a single actual decent idea of what they wanted.
> introducing another layer of "barely elected" government
If the UK really cared about unelected government, why don't they get rid of their House of Lords? This would have been much less painful than Brexit. It looks a lot like this unelected government complaint is just an excuse and not something that they actually care about.
Bloody revolution is not really appropriate here, the majority of the House of Lords is already not hereditary - of 780 seats, 90 are occupied by hereditary peers and AFAICT they will no longer pass their seats on.
The issue is whether the leaders of the commons should be able to appoint people to the upper chamber for life, whether the church should have a seat at the table etc. Or whether the upper chamber should be directly elected. It’s a matter of governance and constitution more than embedded privilege.
So as much as “Guillotine the nobs” would be a popular cry, most of them aren’t nobs in the first place.
I am confident that you have accurately conveyed the British mentality towards their circumstance, and therefore the reason their circumstance will continue.
I am confident you don’t understand what their circumstance is, such that your comments comparing it to the French situation a couple of centuries ago are born from nothing more than ignorance.
So the English cut off their Monarch's head before the French did. But we then invited the Monarch's back after not liking the republic of the "Lord Protector".
Admittedly the English state, not the later British state, but anyway...
"Brexit" the movement has lots of meanings to lots of people but is generally a set of issues/complaints. The people that movement enabled (brexiteers) have almost universally made those issues worse.
> That would mean blocking UK users on their properties, not helping them find ways to break the law.
That's a sad reflection of the tech industry. Too much "we can't make money from them" and too little spitefulness of the sovereignty of foreign governments.
Cell towers operate from within the country though and are subject to their laws. That we can bypass things as foreigners is only at the government prerogative.
I already block EU countries from my site. Wrote a gem called "GDPR safe" and it returns an http error code 457, if the IP address indicates an EU country.
Even with a totalitarian regime, they cannot stop the rest of the world from using encryption. People can pull their business entities out of the UK and they have no jurisdiction outside their borders.
If I create an E2E messaging app, I don't need to listen to the UK at all. The UK can't tell me what to do any more than China can. China can block my app if they want, but it's on them, not me, to block it. Same goes for the UK. They can set up a firewall too if they want. But I don't need to change my app if I don't set foot in the UK.
Yeah the UK doesn't have the clout of the US that does go after app creators in other countries all the time extraditing them to the US etc, or attempting to anyway.
They certainly can, if they wanted to - or they could block your app and exile you with minimum effort.
Telegram is half banned in Russia.
Of course this doesn't apply to the bad guys: they're already breaking the law, using E2E is a no-brainer for them.
The UK government can't ban math out of existence (even if it looks like they're trying very hard, judging from the quality of their education system) so there will always be encryption.
It's the same with guns: congratulations you've outlawed guns and now only criminals can use them.
Your last analogy is very poor because even against rising rates of criminal gun use, the UK and the ROTW apart from the USA continues to have substantially lower levels of gun related deaths and suicide by police, against the USA.
So true: gun use and ownership in the UK rises and is mostly criminals. It's still less of a problem per capita than promiscuous gun ownership in the USA by all measures I understand.
This has nothing to do with the "war on encryption by the state" topic
>The UK Government repeatedly fails to understand that there are no boarders on the internet, and it'd be impossible to impose any without the kind of extreme restrictions of a totalitarian regime.
Why would the latter stop them? They have no problem with these.
>Any measures without broad international cooperation
Don't worry, other governments are just as shitty and want the same BS.
>The UK Government repeatedly fails to understand ... impossible to impose
Yeah but it's never worried them much in the past. As a Brit I occasionally come across the effects of them requiring ISPs to block piracy sites. Something comes up saying "this site is blocked" so you click like one or two buttons to switch to a different connection or turn a VPN on (VeePN is good and free). I imagine their encryption ban will be similarly tricky to avoid. I think it's more about looking noble to the electors than actually achieving anything.
>The UK Government repeatedly fails to understand that there are no boarders on the internet
Don't know what universe or timeline you're from, but on this earth today, the internet definitely has borders.
That's why we have those EU cookie banners and GDPR consent forms, and why some of my favorite piracy websites are blocked by all ISPs in my country, or why I can't watch Top Gear on BBC's website because I'm not from the UK, or why Facebook had to remove some politically spicy content worldwide because the courts where I live forced them to, etc, etc.
Mainstream web companies have to conform to local laws in each country or they'll get fined or blocked. Sure, there's VPNs to circumvent that, but the days of the lawless and borderless internet are a thing of the past.
My choice of interpretation is that those aren't internet borders, they're copyright borders, commercial borders, layers on top of a borderless internet.
This argument tends to break down at The Great Firewall of China, however, due to its thoroughness.
Unfortunately, we see those EU cookie banners and GDPR forms even if we live and visit a non-EU web site from outside. It doesn't target only the people inside the EU. So for this particular case is has no borders.
The international network we used to know has been destroyed. It is fracturing into smaller regional networks with heavy filtering at the borders as countries seek to impose their little laws on it.
I'm glad I was able to experience the true internet while it lasted. Truly a wonder of this world.
The central problem with the UK is that they've never fully embraced, or taken the time to understand, an inherent, universal, unconditional right to freedom of speech by all of their citizens.
Kings respected it... when it was convenient.
And so the democracy they begat also only respects it... when it is convenient.
But freedom of speech when another permits it is no freedom at all, because the right's value increases precisely with its ability to stand up to other, more powerful interests' disagreement with speech.
I see no failure to understand. The UK is a pragmatic imperial power, not a collaborative cooperative peer. They built Empire upon the asymmetric application of technology. When time to surrender Empire, they did so. When time to build a Financial Empire, they did so. When the time comes to build an Internet Empire, I'm sure they will do that too, by applying whatever technology they have at hand.
Legislators, courts and bureaucrats (in this order) always fail to grasp such things. That's an idea erodes their jurisdiction and authority, and abhorrent to thee ethos.
No borders (from their POV), puts internet businesses above the law... which it sort of does. The global village happened, but global authority did not. There are no clean resolutions to some of these tensions.
They might even understand that but if they think that they'll get more votes by banning e2e encryption, they'll ban it. If people will sideload WhatsApp, they might not go after them. They'll keep the extra votes coming from "we care about the children" and lose very little votes for the small inconvenience of sideloading once.
By the way, does a sideloaded WhatsApp on Android still update from the Play store? And what will iPhone owners do?
I don't think the thing driving this initiative is public sentiment. The public, obviously hates child abuse and that's a convincing argument. Child protection organisations might be vocal proponents... but law enforcement, mi5 and whatnot are also probably strong advocates and tend to have the ear of governments.
I think a large majority of the "non technical" population would have no clue how to sideload apps, or even that it was possible, and that the more likely result of WhatsApp being withdrawn from the UK would be massive screaming from the public of such intensity and wrath that the government would be forced to backtrack.
> If meta refuses there is very little they can do. Facebook can continue to operate without a single person on the ground in UK
If it came to it, Whatsapp could be blocked at the network level. All the gov need to do is impose regulations that forbid ISPs and other infrastructure hosts to carry the traffic.
> such regional restrictions are easily bypassed and WhatsApp is popular enough to make people try it. So that would then normalise the practices such as side loading / jail breaking and avoiding regional restrictions.
If people would be doing this (using a VPN, for instance), they would know how to bypass those restrictions.
Breaking encryption is not good for anyone and won't solve absolutely any problems, except the "problem" of right to privacy.
I think it's dangerous to assume they fail to understand. These are smart people with good advisors. They just want to do it anyway. Which puts them in the category of evil.
Who would you rather be in the public eye, evil or stupid?
the opposition in the UK is accusing the government of dragging their feet over this law, and are pushing them to adopt it sooner. they are also criticising the government for watering it down.
various NGOs are also attacking the government for watering it down and not moving as fast as possible.
basically the whole political spectrum is not only for this law, but wants it strengthened even further. there are also calls from the public for the government to go even further.
this is why there is no real backlash against this law. everyone no only wants it, but wants it to go a lot further than what the government has proposed.
They really are not. The current crop of UK politicians of all stripes are thick as they come - intellectual lightweights who can bullshit their way through a media appearance thanks only to an abject lack of shame. No one can look at people like Mark François, Liz Truss or Dianne Abbott (just to take three) and think “ah, there’s someone playing dumb for the camera”!
Unfortunately, the current crop of journalists are largely ineffective if not broadly enabling if this kind of behaviour, and politics is not a field anyone not already independently wealthy can afford to be in (a junior developer in the Bay Area can easily make more than the Prime Minister) so it does not seem likely to self-correct.
It's not impossible. The pandemic showed that you don't need a Hitler or Stalin figure to be ruled with an iron fist. The oligarchy could just make the pro encryption people the new ivermectin.
Encrypted files? You're obviously a money laundering, drug trafficking, child abusing terrorist. I pronounce you guilty and off to the waterboarding room with you.
Ivermectin had every institutional accolade that a drug could have but because authorities wanted to take power away from doctors (took away their agency) to offer off-label use they had to "nerf" it to the point of horse paste. Do a Google search for Ivermectin for before:2020 and after:2019 and you will see the narrative change.
Ivermectin has legitimate uses for humans and other animals for various invertebrate parasites (mites, lice, and worms); it is in fact prescribed to humans for those parasites. There is only in vitro evidence for it being effective against the virus causing COVID-19; if there is in vivo evidence for it being effective against that or any other viral invection, I'd love to see it.
The bigger point is that they took away the agency of some doctors. The vaccine and ivermectin both didn't have enough time for testing for safety and efficacy.
“It is hard to imagine a more stupid or more dangerous way
of making decisions than by putting those decisions in the hands of people who pay no price for being wrong.”
Thomas Sowell
Writing to your MP (don't use a template) would be more effective. I have yet to see a single one of those petitions that resulted in anything more than a brush off. Even much more popular ones.
Letters to MPs almost always result in a brush-off too but they do take notice of them at least. Very occasionally you do get a non-template response too.
I've written to my MP twice in my life (as you say, non-templated because otherwise it's as meaningless as sending them a photocopy) and got a detailed response twice. If you take the time, they generally do too. (Obvious caveat that this is a sample size of one person and two emails / letters...)
I've written to an MP maybe 10 times in total and I would say 80% responded with a template. But they do at least have to have an assistant read the letters and pick the right template response.
The one I remember where they didn't do that was when I wrote to them saying that Ordnance Survey's maps should be free, and that did actually improve! They're not totally free not but they are much freer.
And the worst response I've had was the most recent when I wrote about the UK's insane criminalisation of term time holidays, and they wrote back assuring me that they were doing everything they could to deal with COVID??
Even so, still much more effective than petitions.
This is interesting- 6k signatures (and just the one (no duplicate) petition when searching seems very low. I suspect there isn’t a huge amount of knowledge in the Facebook-mass-share spheres that usually kick these petitions into the big numbers.
There’s still the option of appeal to the ECHR, but that’s more or less it - and there’s a quite strong push from the right to leave that as well.
This was absolutely an intended outcome for a lot of the figures responsible for the UK’s exit from the EU - European legislation/institutions were more or less the only real absolute check on the authoritarian tendencies of the British state, given the UK’s insane constitutional structures.
The thing about the "authoritarian streak" in the UK is that historically as a people we have mostly trusted the government and its police and security services to use the powers they give themselves by law appropriately. And although obviously there have been some serious failings in the past it's probably fair to say that overall they have earned that trust more than some of their counterparts in some other Western democracies so enough of our people continue to give them that trust that the same culture can continue. The danger for us is that it's always possible for the needle to move towards more frequent or routine abuses of power but once those measures make it into statute our trust-based system has few checks and balances to help us recover if it turns out someone went too far that time. That in turn is because our political/electoral system is itself fundamentally broken but also self-sustaining, which is a much bigger problem than just the risks of authoritarianism that we're discussing here.
A few columnists have noted this. Institutions like the police, parliament and the BBC are coasting on their previously-earned reputations.
I think the ornate Palace of Westminster gives the political class too much cover, and if they moved into a modernist structure it would be more fitting and reveal their brute disregard for anything virtuous.
> as a people we have mostly trusted the government and its police and security services to use the powers they give themselves by law appropriately. And although obviously there have been some serious failings in the past it's probably fair to say that overall they have earned that trust more than some of their counterparts in some other Western democracies
I am not so sure. The recent history of the elites in London, and the rampant corruption and incompetence in the Metropolitan police is, surely, wearing down the English people's trust?
Yes - this is exactly the kind of danger I was referring to in the GP comment. The historical trend here to trust in our authorities lets strong policing powers (mostly) work as long as that trust isn't abused. But we've been learning the hard way that our governments and police services don't always live up to the standards we expect of them and some of the laws that were passed with claimed - and perhaps even honestly believed - good intentions can still lead to abuse and bad results. Then because we lack the checks and balances that less trusting cultures tend to incorporate into their systems - such as a written constitution that establishes a layer of fundamental laws that no single government can arbitrarily change - it can be difficult to stop the runaway train.
They might know what they are doing politically but in terms of modern technology and its implications I'm not convinced they know what they are doing technologically or socially. They are being driven by vocal advocacy from groups with an agenda and the media. Those advocates do make reasonable points about things we can all agree are good or bad in isolation and so the politicians often go along with it. But that doesn't mean they necessarily understand the full implications or have thought through the long-term consequences of the laws and regulations they propose.
Given that the English constitution and the Scottish constitution are incompatible (insofar as where sovereignty lies), it is no real surprise that the UK has never got a single codified one.
As it is the Scottish constitution is generally ignored, and folks more or less assume that the English one applies to the whole UK. If there was an attempt to properly codify the UK constitution, that incompatibility would have to be addressed, and that would open a can of worms.
IIRC Secondary legislation can be challenged in the courts and this is hopefully where the fight will take place between the well-heeled cat 1 service companies and Uk.gov
Else companies will leave or simply ignore the legislation, e.g. Signal, and the law will quietly become impossible to enforce with a series of arbitrary decisions and fines taking place before the digital economy falls off a cliff.
> I thought the UK courts can't override Acts of Parliament, because the courts are subordinate to it
The UK Courts aren't subordinate to Parliament and can tell the UK government to "go back and think again". For example, the move to export immigrants to Rwanda.
Your link doesn’t disprove that they are subordinate though let’s not dive in to semantics.
The government are just playing nice and taking heed (or pretending to) of the declaration of incompatibility.
The courts can not force them to change their policy. The courts can not overturn primary legislation, not even the Supreme Court. They are basically just law experts and publish statements on what is lawful and what is not. Their power is derived from how much - or how little - the Government decides to act based on their rulings.
It’s important to remember the courts exist because of Acts of Parliament (some very recently, eg the Supreme Court was created in 2009). Moreover, they are governmental departments!
I’m sure Boris Johnson considered legislating them out of existence during his tenure but decided it was a bridge too far.
the courts in the uk are in the business of interpreting the laws that parliament creates. as these laws are mostly very badly drafted, there is a lot of wiggle-room.
It’s not just the current government, the whole of Parliament including the various committees are eager to just go along with the intelligence and security agencies who tell them encryption is bad.
I hate our government but the media has a massive part to play in propping them up.
All the tech companies should stand together and be ready to block access to their services. Imagine if the UK was left without access to just WhatsApp, let alone iMessage etc. It's not irresponsible or unsafe, there's always SMS for which the govenment has full control over.
Also I don't think any of these companies should fear an competitors. Why? These services are so ingrained a few weeks if not months of protest will not change anything. When the govnement finally succumbs restoration will be easy and the numbers will go back to normal quickly.
I watched an interview with David Yelland, former editor of the Sun, recently where he said that the news media in the UK is more or less run by the same minority class of people who typically work as spads[1]. That would follow your point that the media props them up, because it is a homogenous and tight knit community now between media and politics.
Agree - a UK without WhatsApp would be a UK in revolt. Literally everyone I know from teens to oldies organises their lives on it. Lack of WhatsApp would be enough to drag our sorry apathetic lazy non-protesting arses out onto the street
It absolutely wouldn’t. Just because we use a lot of something doesn’t mean we care about it. We are extremely politically apathetic.
You need targeted messages on social media and savvy campaigns to get people irate. Eg “campaigners stopping a pregnant mother getting to hospital”. That’s what gets people foaming at the mouth. Even then that’s usually just limited to angry replies on social media
People protest when it affects them personally, and aside from the air we breathe it’s hard to think of anything more critical than WhatsApp. Losing it would be a bigger shitstorm than Truss, IMO. And the media all rely on WhatsApp so the real knives would be out.
There could be public executions of children caught for stealing candies and nobody would go protest in the UK. There's nobody with less backbone than the Brits.
Suppose WhatsApp added an insecure mode, required UK users to use it, marked it prominently as "inspected by UK government and law enforcement" and refused to allow UK users to communicate with non-UK users by popping up a nag screen every time they tried.
I agree and platforms explaining why access has been blocked. It needs to be politicised perhaps EFF can get involved with a page explaining it and steps for action (emailing MPs, those that voted for it etc). We are supposed to be a democracy after all right?
This govenment is nutorious for it's u-turns. I would be happy to see another in this case.
FB, Apple and Microsoft need to start this campaign ASAP.
The EFF are very US focused and I feel they often pay lip service elsewhere. It's disappointing and why I stopped donating.
As another commenter said, nobody in the UK is going to protest over this. As a downbeaten kingdom (in my opinion), we have no fight left in most of us. People will sigh and move to another app en masse.
The issue I have with all of this is that we think a law is going to make people who break the law not break the law.
The only people who this affects is people who everyday people chatting to their family.
The ones this is claimed to be fighting don't, by and large, use WhatsApp and the like, so will make no difference to how they operate. The one off they catch who does naively use it, does not justify surveilling the entire UK.
This is uber stupid, because it will create way more divided internet (all countries will start separating further) and will create loss of trust in western/UK/US products (why would rest of the world continue to use iPhone/MacBook, google, Amazon, etc,..) therefore it will have huge cost in terms of lost revenue to all big companies. On the other hand there are smarter ways to do what is needed that respect privacy and do not cause such unnecessary economic harm to companies, but hey we'd need to have smart people in the governments (which are full of not smart people). Another aspect is that this will be unenforceable for huge majority of individuals since there will be plenty of solutions that will circumvent this, plus then number of companies will start forming companies in non affected geo's (off shore etc) and provide for example alternative to Viber/Skype/google/etc.. (some already exist).
At the same time as this is going on the UK is rolling out fibre to every home. I know of multiple people who live in the deepest darkest rural country lanes who are seeing 36x fibre COF215 drop cables strung up through the trees or trenched by the muddy roads. EE pioneered LTE cat16 at the end of the last decade in first and second tier cities right in time for iPhoneX to ship with support for gigabit traffic. It’ll be available in a field near you soon. There’s about to be an abundance of low latency bandwidth available to everyone.
With all that connectivity you can start being much more creative about who provides your transport versus who provides your IP connectivity. VPNs are already becoming mainstream. Sounds like a positive way forward, right? The internet just routes around damage, heh, and laws that restrict what you can and can’t do can be “routed around” by terminating all your traffic in Dublin or Amsterdam.
The trouble is that as it becomes normal for British subjects to export their traffic overseas then I can’t see HM Government policy avenue going anywhere other than all out war on encryption. Again.
I run an encrypted XMPP server for about a dozen people. It's completely ephemeral in the sense that the server stores no messages. If you're offline, you miss them, kind of like IRC.
Will this apply to me? Do I need to ensure that no UK users are on my server?
I never anticipated this back when I set up the server. I thought that implementing strong security and privacy measures was a responsibility that I should take seriously.
I wouldn't be willing to run the server if I had to compromise people's privacy. If you don't have privacy, you might as well be on a mega-corp service.
They can still open a case against you and put out a warrant for your arrest, in the UK. Then you need to ensure that you never have a flight routed through there. Though I doubt that they would go to all this trouble for a small fry.
I see a few comments suggesting a change of government will help.
The previous Labour government (1997-2010) introduced the Regulation of Investigatory Powers Act 2000 (https://en.m.wikipedia.org/wiki/Regulation_of_Investigatory_...), which amongst other provisions includes key disclosure rules (https://en.m.wikipedia.org/wiki/Key_disclosure_law#United_Ki...). The burden of proof in key disclosure is inverted (the accused must prove non-possession of the key or inability to decrypt), which was somewhat controversial amongst people who cared at the time (activation, i.e. actual use if RIPA III provisions, began in 2007).
I think Labour are on board with this, and the senior civil service (those at the top levels who work with ministers or close to those who do) don't change in the same way US administrations do. It might be the case that this bill runs out of time in the current parliament and is not picked up by the next government (this can happen even if the same political party holds office) but the idea will be back in some form one way or another and I suspect will make it into law.
Given Labour also have not committed to reverting the anti-protest laws that were brought in by Suella Braverman, and where the Deputy Leader of the Opposition said along the lines of "now is not the time to review that" when a caller literally asked that question, I don't hold out much hope for them doing anything progressive in relation to this.
To fully implement this would require dismantling vast amounts of software and protocols including VPNs, SSL/TLS, SSH, WebRTC, and loads more. Other countries won't want these protocols weakened just for the UK. It would end with the UK having a "great firewall" and basically its own little Internet with tech-savvy people punching holes in it just like they do in China.
I mean having users in the country without having a business incorporated in the country, therefore there's no entity the Government has any jurisdiction over.
If you accept business from UK customers and take their money or data you need to comply with UK law, as well as collect & pay VAT to the UK. This is more obvious in meatspace, for example it’s obvious that Chinese companies are not allowed to send children toys containing lead to EU markets. Your country of incorporation likely has an international free trade agreement with UK that you can read for details.
Basically, you only need to incorporate in UK or establish a foreign branch if you need offices in UK or want to hire someone from UK (even remotely). The only way to opt-out is to block UK users.
Define "need". If there's no legal jurisdiction, where is this "need"? If a company wants to follow the rules, sure, it will so the thing. But otherwise, is there international legal jurisdiction that covers, for example, a company in Seychelles offering e2e encrypted comms that has users in the UK? Isn't it up to the UK to put in place blocking technology or laws that prohibit specific app usage?
I'm kinda thinking about the US TikTok situation.
What if the service is free, like Signal and WhatsApp? (and TikTok)
Sure, UK will just block you and they will compel app stores to remove you if they want to. That’s what they are doing with tracker websites already.
> Define "need". If there's no legal jurisdiction,
As I have explained your country has an agreement with UK that says they do have the right to make you follow their rules if you want to trade on their market. So they can sue you and your country will say yup that’s fine they can do that. It’s a mutual agreement, so your country can do the same if some UK company decides they don’t want to pay your taxes. There are also mutual agreements about establishing foreign branches & incorporating by foreign persons or companies and UK could demand you must do that as well, if they wanted to.
If there were no diplomatic relations or the country you’re exporting services to was sanctioned then it would be illegal for you to serve or trade with any citizens of that country.
Anyway regardless as before even if you find a country that you think is safe they can still just block your IP range and remove your app, but then you’re clearly not just doing regular business—this was about actual companies operating internationally, so this is a different goalpost. I mean sure, that’s how internet works, but that was already a given.
Also unless you actually live and manage your company from Seychelles or Russia then you should be careful because there are all kinds of laws about creating fictional entities (though mostly concerning avoiding taxes) and you could still be personally liable.
> What if the service is free, like Signal and WhatsApp? (and TikTok)
Certainly WhatsApp isn’t free, you pay with ad impressions and user data. UK can demand you pay tax on that and calculate how much you make for each of their citizens. EU’s doing it already, it’s called EU Digital Tax. Signal has some crypto stuff, they might want to monetize more. Anyway it doesn’t matter, just look at GDPR and how US companies treat it for real-world analog.
I bet somebody said that very sentence just after the country voted for Brexit. But no. The government handed out shovels and started digging their collective grave at an ever increasing pace.
> The whole thing will fail once they realise how impossible this is to implement.
Uhhm…. Brexit?
These clowns (and not just this specific bunch, the entire UK political class) did Brexit, do you really think a small thing like the feasibility of this law will stop them?
Just in case you're not british, no that's not what they did. They organised a referendum, voted in parliament to follow through on the vote, then spent 5 years negotiating pretty much the most damaging version of an exit that they could, burnt bridges with the EU, signed an agreement on the border with Ireland which they then decided to renege on, trashed our trade with the EU through failure to compromise on anything, failed to prepare our ports leading to massive queues and delays and the loss of small to medium business transactions with the EU. Implemented damaging and unnecessary additional british regulations which diverge from EU regulations and standards, necessitating extra cost to uk businesses which must support both standards. Screwed over the horizon science funding, screwed over studying abroad, and many other things too. There was a version of brexit that was minimally damaging, but on every case they pursued a maximally antagonistic solution in order to pander to the ERG and be seen to be tough to their senile voter base.
yeah all they did is organise a referendum and then work tirelessly to ram lies and propaganda down the entire country's throat to make damn sure it passes.
Do they really get fined for this by a DPA or a court in Germany? Is it not one of these shady lawyers sending an invoice for “providing legal advice”? I (and people I “know”) reported countless uses of Google Analytics to our DPA, back when Schrems II was still effective, and all they did was send a bunch of letters. Anyway, GDPR is getting enforced, even if DPAs are slow. Not sure what your point is here.
Maybe when they were part of the E.U it mattered what the U.K did but now they do not seem important enough to be able to dictate things on a global scale. Not trying to put it down but do people worry about how Estonia's law will affect the rest of the world?. Nobody cares, because you are just not a big enough market to matter.
> The Australian government has passed a new piece of legislation that, at its core, permits government enforcement agencies to force businesses to hand over user info and data even though it’s protected by cryptography.
> gives the British government the ability to force backdoors into messaging services
This is NOT enforceable outside the UK any more than Chinese law enforceable outside China. If you are a messaging service, just close all your business entities in the UK and they have no more jurisdiction over you. People in the UK can still use your messaging services unless the UK decides to implement a firewall like China.
> which will destroy end-to-end encryption
I don't trust any E2E encryption unless at least the clients are open source. How do I know the NSA hasn't inserted a backdoor into WhatsApp?
And then if the clients are open source, the back doors they insert (via git pull requests?) can be removed.
It's much more useful for agencies to backdoor hardware. If Intel chips, the snapdragon line, and AMD chips all have a backdoor allowing root, that's most of the devices out there that wouldn't need to have E2EE broken.
It's the same party that's tough on immigration, yet keeps importing lorry drivers, health workers and building contractors because they apparently can't be found inside the country.
They already are. They imprison journalists under terrorist acts if they criticise the gov or they come knock on your door if you put mean things on twitter.
But corrupt politicians? That's not a bug, it's a feature.
Or David Miranda (late husband of Glenn Greenwald).
Surely we believe that UK and USA are the good guys and they don't do evil stuff. That's left for Russia and China who are evil. Not like US and UK who invade and depose governments for commercial and geopolitic interests but "there's always a good excuse for it".
I think they'd argue that this is them doing their job: trying to negate the advantages that sophisticated criminals have over law enforcement efforts.
Could you elaborate on what you see as "doing their job" in this context?
Given that we don't catch, deal with appropriately or rehabilitate the majority of the non-sophisticated criminals, I'd suggest we start with that before we decide to start spying on the rest of the population?
Based on how RIPA and it's successors in the UK have suffered from excessive use I doubt that we will be restricting this power to "sophisticated" criminals if it comes to pass.
Surely this won't help them with sophisticated criminals, as they'll find some other way to communicate. You can easily build your own end to end encryption method based on things on github.
All protections of civil liberties and rights to due process can make the police's job more difficult - if you consider the police's job to be something like "catching bad guys without regard to any collateral damage that might be caused along the way". But in a free society that's not normally the job we want the police to do.
Of course the trouble in this case is that we either have private, secure communication or we don't. There is no halfway measure available. So both locking the police out of everything and giving them complete access to everything might be simplistic non-solutions to the real issue but they might also be the only options we have on this one so a least-of-evils argument may have to prevail.
I've personal experience of police not doing their job properly.
Anything that makes their job more easy will only make them more lazy.
Police work should be hard, because they have to navigate the law if they're to prosecute anyone. Lawyers love laziness, it's sloppy and steps all over lines of technicality.
Also, the legal right to violate citizens rights should never be 'made easier' by any legislation. To be on the end of state-enabled rights violations pretty much entirely ruins any trust one may have in 'the system'. And that trust seems to be increasingly valuable and decreasingly present amongst the Western populace.
> That's the problem with e2e encryption: it makes the police's job much, much more difficult.
So what? It should be difficult. They should have to literally send a guy to follow and literally spy on you if they want to learn a single bit of information about you. Not push a button and have your entire life revealed on their screens.
It's nonsensical to claim that the job of the police should be difficult and made to be difficult.
The restrictions and controls, which exist, should be an enforced legal framework. If today the police want to wiretap your phone they need a warrant, that's the control and 'difficulty', but then telcos will route your calls to them at the push of a button.
Again, the issue with e2e encryption is real and complex.
It's not "nonsensical" at all. Even with warrants, authorities will abuse their power. I've seen a story here on HN about police submitting literal blank pages to judges and getting the warrants they want. Don't tell me this warrant bullshit stops anything.
I refuse to grant them any power whatsoever by using subversive technology like encryption. Their only choice is to increase their tyranny by treating all encryption as proof of guilt, undermining the freedom of everyone, including yours. Will you tolerate the increased tyranny or will you oppose it? That is the question.
The easier the job of the police is, the easier it becomes for them to create a police state. We can argue perfect imaginary world semantics all day long, but it doesn't change the fact that in the real world abuse is rampant and power over others is pursued at great cost.
Making the job more difficult for the police costs nothing but money. To argue that we should relax our liberties to make the polices job easier, is to argue that liberty should be erasable by those willing to pay.
"They" seem to be using the standard play book used by the rich and/or powerful against the will of the people. If you fail, keep trying and trying and trying until they get their way.
Well if the UK and other countries pass this, I guess it is back to gnupg. No way can that be restricted at this point.
the opposition, NGO’s and the general public are accusing the government of moving too slowly and watering down the law. they want the law strengthened and adopted faster.
The Government, Opposition and NGOs don’t necessarily represent the views of the general public. Obviously in a perfect world such a consensus would, but in the real world it’s often not the case unfortunately.
I expect many UK citizens who were given a clear explanation of what the implications of the law was (without revealing which law it is and using its cutesy name) would say they would be opposed to such a hypothetical law, and would then be surprised if you told them you’d just described the “Online Safety” bill - if they knew what it was.
Literally the way these laws get through is because there are enough uninformed and politically non-engaged people that they can slip them by.
If you can't offer safe encryption, without backdoors, then you shouldn't offer encryption at all. No point in giving people a false sense of security. Let them accept that everything they say is potentially public.
Eventually, they may even decide that they'd like a little privacy and force their government to back down.
Still, an early general election would put the brakes on this bill. The next Labour government will be under no pressure to pick it back up, and in fact will likely be under quite a bit of pressure to let it go.
This is the sort of terrible throwaway law that results from lame-duck governments.
My understanding is this bill will have cross party support and has been in development for many many years.
It might be politically expedient to abandon it at some point, but the mainstream media largely have completely ignored it and the public have little knowledge of it but at all
Many many years with the same party in power. Whereas New Labour, at the peak of their electoral dominance, couldn't even pass a bill to get an ID card the rest of Europe has had for centuries.
It's much easier to whip the right-wing into a frenzy when the government is not their natural friend.
To the extent this also breaks or threatens the security of financial services, I’d like to see credit card brands and non-UK banks also pull out of UK.
I know it may be dreaming but as a consumer outside of UK I don’t want to be saddled with the costs via higher fees, inferior service etc. that will be necessitated to pay for the knock-on effects of this weakening of security.
I’d rather do business with companies that stay more secure and not pay this “shoddy security tax” they will impose on the industry.
The British public seem mildly in favour of the thing
"As the Online Safety Bill returns to parliament this month, polling shows overwhelming public support for tougher measures to enforce children’s safety online." "81% UK adults want senior tech managers to be appointed and held legally responsible for stopping children being harmed by social media, new polling reveals" https://www.nspcc.org.uk/about-us/news-opinion/2023/Majority...
How does this differ from the access and assistance bill in Australia?
While its super illegal for anyone to talk about, literally none of the actions that were going to be taken (Atlassian threatened to move overseas and stop servicing oz, Apple/Facebook/Google all rattled sabers) eventuated. We can only assume that the backdoors have been delivered on time without complaint.
Is it really considered a "backdoor" for one party to willingly hand over the data that was exchanged through an encrypted channel? I'm not sure what you mean.
Is this even enforceable? How can the UK government determine whether encrypted traffic going to/from UK IPs emanates from a messaging service as opposed to any other service?
"Who denounced you?" said Winston.
"It was my little daughter," said Parsons with a sort of doleful pride. "She saw the installed encryption programs, and nipped off to the patrols the very next day. Pretty smart for a nipper of seven, eh? I don't bear her any grudge for it. In fact, I'm proud of her. It shows I brought her up in the right spirit, anyway."
Not really, people have been talking in code for millennia. I wouldnt be surprised if a car company like Mercedes or Volkswagen could use their vehicles like swarm drones, relaying information between them when passing on the road, which could get data out of the UK using the cross channel ferries and eurotunnel.
There's way too much movement of people and stuff inorder to secure anything really. Even the new Apple headset can read the iris of the eye to get subconscious data out of the user when exposed to AV data, and the users wont even know they are giving out this data. Privacy? We dont have any!
They'll consider it enforced if all the major companies comply.
In terms of actually having the criminals using software that complies with the law, absolutely not. Making your own program that doesn't comply isn't much of a challenge.
Would this bill affect P2P apps? From the article:
> The Online Safety Bill, now at the final stage before passage in the House of Lords, gives the British government the ability to force backdoors into messaging services
So it seems like purely P2P communication could still be legally encrypted.
To break from the party line and parrot that E2E encryption is a human right for just a moment, does anyone else experience the same fatigue with communities on encrypted platforms? I've never found a good community on Tor, everyone on Signal seems to become a shadier version of their public selves, Telegram seems it's all full of smut.
However I believe this is due to my small social circle. Does anyone with better social skills (any at all) have a more positive experience with E2E platforms? Please help me out because I want to believe. I believe it's important for people to speak freely but I'm having trouble reconciling that with how nasty they become.
Less than people might think. Apparently a lot of the the worst cyber-bullying (like the stuff that drives teens to take their own lives) happens from real-name accounts on Facebook and Messenger…
WhatsApp is end to end encrypted, this has been proven in actual court in my country. Everyone here uses it for everything every day. Never before have so many people used something that is this secure by default.
I hope all the intelligent people eventually move away from those authoritarian governments' countries, moving all the brainpower away from serving their economies.
Indeed. The article itself doesn't explain why this will affect the rest of the world. In fact, Apple has said they would consider withdrawing FaceTime and iMessage in the UK if this law goes ahead, so I think it is unlikely it will affect the rest of the world. Either the UK will be left with fewer encrypted products, or they will do a u-turn.
The rest of the world is taking notes. They're trying to push something similar through in the EU. The US has at least 2 or 3 bills active right now that would have similar effects.
The main one being Great Britain, plus a chunk of Ireland. There are then a number of smaller islands around the English, Welsh, and Scottish parts of Great Britain.
as others have said, it's not going to affect the rest of the world, UK will just lose access to services.
as a UK resident, i can safely say that we aren't going to do a single thing to stop this and we wholeheartedly deserve this and everything else the government does to strip away our rights. we are a nation of spineless cowards, do not feel bad for a single one of us.
I wish it would affect the rest of the world, so everyone else could at least give our government a well-deserved kicking. I've not checked but I would be doubtful that Sir Keir's Labour will reverse this dreadful bill, but if they do that will be welcomed.
the opposition not only wants this to become law, they are accusing the government of watering it down and not moving fast enough.
same for NGOs. they want the government to go even further.
various members of the public have come forward accusing the government of not doing enough to protect them from the perils of the internet (there were a few tragic cases, as it’s always the case).
basically, everyone wants this, and want it sooner and strengthened.
Y’all forget the ultimate choice. None of us need these phones or need to use the Internet. I am sure it will make life much more difficult, but we don’t need to use these devices as much as we do. You have much more control than you think over the situation.
I hope that will be the response. I wish the same had happened when the EU passed the stupid cookie law. Everyone should have replaced their websites with a static page that explains browser cookie settings when accessed from Europe.
This nation gave us the first mecahnical computer, the first programming language, Alan Turing, the first digital computer, broke the Enigma encryption, and the World Wide Web… and now, this.
Funny thing is, this doesn’t hurt criminals at all. If you’re doing serious crime, you bring your own encryption. There are cartels that spend a lot of money rolling their own crypto.
In the UK we have a huge problem with children sending hateful communications online which cause anxiety and distress. As it stands we can only arrest children who are doing this in public but banning encryption should give authorities more power to arrest children who are committing these crimes in private (eg on WhatsApp).
The list really of hate crimes being committed online is endless and these are just the criminals doing this in public:
Well, I just hope you're preaching to the choir about that here. All have to add is that the people deciding these laws also enjoy parliamentary privilege which exempts them from slander and libel charges. Isn't that nice? They can be untouchable while you and I get to have our stripped away.
Is this satire? Between being pro child-arrest, and using the phrase "anxiety and distress", which seems to be rather uncommon, and is the exact same phrasing as your 3rd link, I'm starting to feel like parody is the most likely option.
I find being highly disagreeable often helps makes a point. It's find it can be hard to invoke appropriate emotional outrage with a well reasoned argument.
Better title: The U.K is close to making some chat apps no longer available to UK citizens. No apps are going to adopt this for a country that’s like 3% of its revenue.
I bet the five eyes are exited about this then maybe the us and Europe can use the uk to spy on their citizens. Since it’s not them doing the spying hey presto legal.
What needs to happen here is a breech of UK government officials private stuff. Not gov secrets, but real private conversations between the members who vote yes. Here's a conversation with your mistress. No we don't respect your privacy.
Is this legislation likely to land? I mean I'd expect all relevant vendors to drop the UK than to pick up so much liability and be expected to hold it world wide.
Apple told the US to suck lemons why would it kowtow to the UK.
The two main parties do not care about civil liberties or privacy. This will resurface in the next administration under a new name with a few tweaks here and there.
But it will have to be lobbied for again, to different people, and with right-wing tabloids ready to be pointed at anything vaguely controversial in it. It will be a very different battle, and likely much easier - if anything because the government will want to win the subsequent election, whereas the current one knows very well that they won't, regardless of what they do.
I wonder what twisted shit the tories are looking at online. We already know they watch porn in the commons. By eroding encryption we'll soon be seeing what they look at in the privacy of their own homes.
A government would still have to make and use their own keys in a man-in-the-middle attack. The forged key means that if anyone bothers to check it will be detected, and there are also various ways that an application can lock the used key to make this impossible. Man-in-the-middle requires a lot of control over the infrastructure, for something that works reliably they would need to cooperate heavily with telcos, and spend a good deal of money.
That's a very bold claim, any evidence you can provide to support it? How do the governments sidestep Certificate Transparency, which makes the simple possession of the signing keys ineffective? And have there ever been reports of developers observing these rogue certificates in the wild?
My assumption was that the signed certificates are provided by governments to state owned or shell companies (China having high profile cases of this).
But if it really was this simple, it would have been noticed earlier.
People on the other end of encrypted conversations outside of the UK would also be surveilled.
More broadly, any backdoor built into any app can and will be exploited by bad actors. Theres no "safe" way to break end to end encryption for just the " good guys".
It will absolutely erode encryption in my country. Our government seems to operate on the following logic:
1. We want to be a developed country.
2. X is a developed country.
3. X does Y.
4. Therefore, we must also do Y.
We have our own GDPR. I've seen judges citing european laws in decisions. Watching other countries pass laws like this one is like getting a glimpse into the future.
I guess then it would be your government eroding encryption in your country. To take it your way, every law passed everywhere has an effect on anything, which is so indirect it starts to become meaningless.
The UK has been getting less relevant for years. It's why tech companies are telling it to stick its laws without concern about losing that market. So its position on encryption is becoming less relevant too. But sure it's erosion and that sucks.
Other people listening in on private conversations hasn't been "fine" since the the first private conversation. It wasn't okay in the 90's and it isn't okay now. More people are aware now so more people are asking about it, which is making it seem more important, but it's always been important.
We don't use telnet anymore, we use SSH, and for good reason. That people that have never heard of ssh have the same demands for their communications shouldn't surprise you.
There's already a crime of refusing to provide a password. With a maximum sentence of two years imprisonment, or five years in cases involving national security or child indecency.
The excess death rates between anti-vaxers and the vaccinated show that, in fact, the experts had it right all along.
Similarly here, experts are pushing to maintain encryption for the sake of public safety. Weird you think your two examples cast doubt on expertise.
Governments have always tried to maintain power through breaking secrets. But there's no evidence governments tried to do anything but vaccinate and protect their populations from COVID. How was any of that a power play? What irony?
> The excess death rates between anti-vaxers and the vaccinated show that, in fact, the experts had it right all along.
Yes. In your imagination. Because there's no good data on that. He'll, wallensky when asked suddenly went on not having good data to avoid showing how the vaccine passports were a sham.
With that said, there's always some bullshit excuse about security and there's one for this bill. You're just the authoritarian spreading the same propaganda inconsistently.
> Similarly here, experts are pushing to maintain encryption for the sake of public safety.
Lol. No. Experts are testifying in favor. The government said so. And for once, the commercial interests of the companies is not aligned with gov so we don't censor the EFF like we did the great Barrington declaration... But we're not far from calling them names and implying the use of certain tools suggest criminality (see France).
> Weird you think your two examples cast doubt on expertise.
I'm just pointing out hypocrisy. I'm obviously in favor encryption and freedom.
The thing is, just like with my body my choice, I'm consistent throughout and not just when it benefits me.
> Governments have always tried to maintain power through breaking secrets. But there's no evidence governments tried to do anything but vaccinate and protect their populations from COVID. How was any of that a power play? What irony?
Lol. Really? Have you been asleep the last 20 years? The patriot act is also about security and terrorism? Do you not believe in corruption you can see and hear about daily if you only look for a bit?
Government does hygiene theater, gov settles on a beautiful corrupt loop. Companies get bailed out and money transferred from tax payers to them. Media and tech thrive through the lockdown (propaganda, payments, locked in audience). Big Pharma makes a killing.
It's simple hygiene/security theater and corruption. Not a grand masterplan.
But the fact that you stare "there's no evidence the government tried to so anything but vaccinate and protect" shows you're either extremely dishonest or just 100% brainwashed. Authoritarianism at its finest, ignoring what your eyes see in favor of "govs, the same ones we criticize for nearly every other thing, has our best interests at heart, pinky.promise"
The government is funded by taxes. Shutting down a large amount of commerce during the lockdown caused a huge hole in their funding. They didn't want to lose their income but that was the most rational and evidence-based approach. If they wanted to be authoritarian and control everyone they wouldn't have also harmed their finances so drastically.
That's hilarious. "Evidence based"? What evidence for this unprecedented lockdown? China lobbying Italy to do the same as them?
They didn't harm THEIR finances. They harmed those with least wealth. The ones who didn't get grants, or to grow inmensely in those times, those that weren't allowed to work...
Politicians and influential leaders thrived not even having to follow the rules they set for others.
You're posting in my comments with disingenuous assertions and then crawl back pretending it's about following rules.
Next time, have good arguments and sources instead of partisan FUD. Or go to a place where mods will censor oppposing opinions, should feel very familiar to you.
I'm not engaging further either. Maybe you could go to 4chan where your unhinged conspiracy crankery will receive no pushback, just the validation you're craving.
Your comment is made in bad faith. Notably, you posted from a brand new account echoing the most inflammatory talking points that the government uses in support of eroding encryption. Either this is some blatant (and bad) astroturfing, or you've drunk the kool-aid from the government.
Nobody is here to defend child pornography or terrorism. But even accepting that they exist, those are a drop in the literal ocean of use cases for encryption relative to the overwhelmingly legal and productive and often necessary uses.
> They should come up with a useful alternative
We have a useful alternative - criminal laws. Make the criminal penalty a strong enough deterrent and you'll stop everyone except the most craven malfeasors (and those people will find ways to continue to disseminate their materials irrespective of encryption status).
Rather than accuse privacy supporters of being "stubborn", you should come up with a legitimate argument why ordinary, law abiding people should have to sacrifice their autonomy in service of an effectively phantom boogeyman.
wrt making criminal penalties stronger, I wonder what effect an add-on charge (idk the technical term) for deliberately using encryption in the commission of a crime would add.
I.e. using encryption is never illegal, but if you commit a crime and directly employ encryption as a means to commit that crime, your sentence is doubled or whatever.
(inb4 pedantic "all internet services use encryption", which I don't think a court would buy if this is meant to be an add-on charge)
I'm on the other side. IMO; CP is used more and more as an excuse to pass more anti-privacy agenda, because it is difficult to argue against "We want to protect children". That perspective moves discussion to a different place where it is difficult to discuss. Why can't we have both? Is only way to prevent CP eliminating privacy?
I mean in the UK there were cp rings which were known about, that is the girls told the authorities about what was happening to them, and it was buried, so maybe get their own house with systems in place, training and funding (which is universally in short supply in UK since [edit: about] a decade now) to act on info they already get before trying to come after innocent people with a drag net in the hope of catching a few paedophiles. https://en.wikipedia.org/wiki/Rotherham_child_sexual_exploit...
The only way to prevent all crime is 24/7 surveillance combined with constant control and no free will, but any reasonable person would find that unreasonable. That aside, a significant number of people sharing CP aren't smart enough to use an encrypted platform anyway.
But I suspect it's a relatively tiny, albeit terrible, problem compared to breaking encryption, which isn't just about privacy but about every action over the internet.
I don't see that you can have it both ways; secure encryption and being able to inspect traffic. There's no alternative so it's either using other mechanisms to go after CSE and terrorist material, as currently happens allowing us to know about the scourge, or we may as well revert to everything being on http.
In reality all rights are contingent upon and in direct conflict with each other. This is not some special case, and no, contingency and conflict does not make one side immediately the worst case scenario of itself.
"Your right to prevent incitement to violence does not exceed my right to free speech. To have it otherwise is to live in a panopticon."
It factually does exceed that right and that fact does not yield a panopticon.
> It factually does exceed that right and that fact does not yield a panopticon.
Poor analogy. The panopticon analogy was to relate the fact that allowing inspection of every single message sent by everyone ever is a panopticon. Preventing someone from speaking doesn't equate to a panopticon.
I am very concerned for the worldviews of people who genuinely think it's a good idea to let the government (and consequently, any entity with moderately-skilled hackers and a motive to mass collect data) view every message sent between private parties.
I’m going to assume that both you and the OP are engaging in this in good faith. I am thoroughly in the “legislating encryption is basically outlawing math” camp and believe it’ll be highly ineffective at accomplishing any of its goals. However…
Get a warrant for what exactly? On, say, an iPhone where you can have reasonably secured encryption-at-rest for your data (the entire disk is encrypted using an AES key that is protected by your passcode and that key is destroyed after too many failed attempts), simply getting a warrant to take physical possession of the device doesn’t really provide any evidentiary value. In the US and many other jurisdictions (but not the UK from what I recall), courts generally can’t compel someone to reveal their passcode. The E2E keys are stored encrypted at rest as well.
why don't you save us all a bit of time and just go ahead and tell us exactly which rights we're allowed to have in order to protect the children in your perfect kingdom?
like, will you allow me to drive a car, or eat beef, or own a kitchen knife?
This begs the question of there being a "scourge" of child porn and terrorist propaganda. You're also assuming the UK's attack on encryption would do anything at all to combat either thing let alone end the presumed "scourge".
Strong encryption is the foundation of pretty much all online commerce. Without it little else is practical online. It's not up to the EFF to come up with solutions to made up or exaggerated issues.
> This begs the question of there being a "scourge" of child porn and terrorist propaganda. You're also assuming the UK's attack on encryption would do anything at all to combat either thing let alone end the presumed "scourge".
And the "terrorist propaganda" part doesn't make sense. Propaganda is useless if it doesn't reach an audience, and encryption is all about restricting the audience. I mean, didn't ISIS put up its propaganda videos on Youtube? They're hardly trying to hide it out of sight.
They've been coming back with these proposals with this every few years at least as long as my adult life (~20yrs) just that thus time they've got it through. Until now it's been knocked down for the ridiculousness it is. "They only have to be lucky once, you have to be lucky every time"
i guess this thread is a great example of how different the HN crowd is to the rest of the population. i keep seeing the same type of comments for every article where encryption is threatened.
to me it looks like the direction of policy in the world when it comes to the internet is pretty clear: the internet needs to be brought to heel. it needs to respect local laws, it can’t be a black box, we can’t rely on foreign/american companies to moderate.
this direction is coming mainly from voters. they feel disenfranchised from the big internet companies, they feel threatened, the internet still feels like a dangerous place. and to be fair, there are so many crimes enabled by the internet, some of them violent.
and so the public and the NGO’s make enough noise so that politicians take stock and start doing something about it.
this law is not the first law in the world to force internet companies to better moderate their content. and it won’t be the last.
but if HN folk want to change people’s view around this issue then they need to step out of this bubble and engage with people’s concerns.
because this direction of travel has been set for a while now. and it won’t change anytime soon.
what’s going to happen with this law? nothing special. it will be adopted, and there will be no consequences. just like all the other countries that did the same.
disclaimer: i’ve been on the internet since there were ~10 websites. that wild west stuff was amazing when growing up. but the cat is now out of the bag.
There was even pushback on HN to Apple's communication safety feature which would warn kids about nude photos. No big brother, not even CSAM matching. Just locally run nudity detection in a reasonable, even minimal effort to address some harm to kids.
Comments wailed about the invasion of privacy, thin end of the wedge/normalisation of scanning etc. without any mention of the problem this tries to address.
Personally I still think the risk of encryption to children is outweighed by the risk of permanent, incontestable authoritarian regimes (in which kids aren't safe either). But effectively arguing this requires acknowledgement of the other side's concerns.
As you say, most people prioritise child safety over privacy, so these bills are going to keep happening until the rest of us make our case, acknowledge the problem and help find solutions.
But I disagree there will be no domestic consequences for this law. The UK is the home of the coverup and this places even more power in the hands of a barely accountable old boys club. It should still be opposed, but privacy activists need to better make the case why.
Could you please stop posting unsubstantive comments and flamebait? You've unfortunately been doing it repeatedly. It's not what this site is for, and destroys what it is for.
Especially these days. You're up against drones now, so it's not like you're going to do any damage on the way out.
Find another means of resistance, ideally a nonlethal one (they bet everything on terrorism). Bunkering with a shotgun and a six-pack won't cut it anymore.
Second, The erosion of big tech companies' power is a benefit as far as I can see.
Third, We still have effective encryption in our hands. TLS is not going to be broken by this.
The argument that offenders will be pushed into darker corners of the internet is probably true, though I expect that will make it easier for law enforcement - take ANOM [1] as an example.
The battle I'd fight would be some kind of accountability in intelligence services.
Can you name one authoritarian regime in which child safety has been a priority? If anything the impunity of those at the top has made child trafficking worse. Your position risks giving a massive amount of power to people who have already demonstrated they can't be trusted with it, let alone with kids. Don't assume privacy activists don't care about children.
> Second, The erosion of big tech companies' power is a benefit as far as I can see.
Big tech can't read E2E communications either. This won't reduce their power.
> Third, We still have effective encryption in our hands. TLS is not going to be broken by this.
Effective against whom? If it's the authorities you don't trust then TLS is already useless.
Seriously, the UK is the home of the coverup. Sir Cyril Smith, Sir Jimmy Saville, Sir Peter Morrison, Sir Peter Hayman, Stuart Hall OBE, Rolf Harris CBE. All of them connected enough to 'put in a call to someone' and in many cases, shown to have received some police or official support. Your system sucks but you trust these people enough to give them more power?
Any measures without broad international cooperation will push vast number of people towards darker corners of the internet, which will not just end up completely undermining what they are trying to achieve, it will make the problems worse.
Meta alone have the power to make this law a miserable failure. People will want to use WhatsApp, the government themselves use it extensively. If meta refuses there is very little they can do. Facebook can continue to operate without a single person on the ground in UK. It might harm their business in some ways but it's definitely doable. The government might be able to force/convince Apple and Google to take it out their app stores in the UK but such regional restrictions are easily bypassed and WhatsApp is popular enough to make people try it. So that would then normalise the practices such as side loading / jail breaking and avoiding regional restrictions. Cyber criminals would be rubbing their hands at the opportunities this creates and I am sure the peodos and terrorists this is meant to be stopping will jump at the chance to get in on the act.