Summary
The UK Parliament has passed the Online Safety Bill (OSB), claiming it will enhance online safety but actually leading to increased censorship and surveillance. The bill grants the government the authority to compel tech companies to scan all user data, including encrypted messages, to detect child abuse content, effectively creating a backdoor. This jeopardizes privacy and security for everyone. The bill also mandates the removal of content deemed inappropriate for children, potentially resulting in politicized censorship decisions. Age-verification systems may infringe on anonymity and free speech. The implications of how these powers will be used are a cause for concern, with the possibility that encrypted services may withdraw from the UK if their users’ security is compromised.
But how would they even enforce that? It’s E2E, and I doubt anyone would add backdoors to every app, website, and service that uses it.
They won’t need to. Signal, WhatsApp, Session and iMessage (Apple) have already said they’ll withdraw their products from the UK market. Meta are making similar noises regarding Facebook Messenger.
Not if all of 5 eyes rush through similar legislation in the next year. Then big tech will cave.
The current state of the legislation is this: the gvmt started out by saying “you must do this”, then when it finally sunk in that it wasn’t technically possible right now, they then said “OK, we get its not possible right now. As soon as it is, you must do this.”
Some people have said ‘no problem, its never going to be possible to break encryption’. This is not accurate. When quantum processing becomes a reality, which is realistically not too far away now, encryption will be trivial to crack. That’s the point the rest of the world need to worry because you’re right, every other gvmt in the world will follow the UK’s lead.
we have plenty of solutions to this though… we have quantum-safe encryption
afaik how these work is that currently cracking encryption is CPU-bound (takes a lot of CPU resources to find the key) which quantum can do much faster… there are classes of encryption that are RAM-bound though, which mean that quantum still can’t crack them because it doesn’t give us huge amounts of storage
On the tangent of quantum factorization, I feel like a reality of modern encryption at risk is still very slim. At least if the wiki article is anything to go by. I think we are sooner to have backdoors in encryption algorithms than we are quantum messing everything up.
IBM think otherwise
NIST already has recommendations for quantum resistant algorithms. https://www.nist.gov/news-events/news/2022/07/nist-announces-first-four-quantum-resistant-cryptographic-algorithms
This is very good news, I’ve never been more happy to be wrong.
Most applications, like your internet traffic, aren’t using public key encryption.
Doesn’t an https website use a public key?
Signal is already making some progress on building protections against the use of quantum computers to break its encryption https://signal.org/blog/pqxdh/
No sale. Most encryption algorithms in use today are already quantum resistant and there are a bunch of stronger ones waiting in the wings. Basically a solved problem. Stuff the NSA already harvested years ago, not so much.
The EU will vote on chat control next week, if I’m not mistaken.
This bullshit is completely incompatible with many member states’ laws, so if this goes through, I will lose all the trust I somehow still had.
How they can propose severely pro- and anti-consumer laws at the same time is genuinely disturbing.
The California Age-appropriate Design bill just got Julius Caesared by Federal Judge Beth Labson Freeman. I dont know what the process is to prevent Parliament from doing things that are really stupid in the UK, but the same forces obsessing on kids on the internet sponsored both bills.
It might be a Tory infestation. Or at least a Baroness Beeban Kidron infestation. Another person with too much money behaving like a toddler with a handgun.
For all our sake, I hope you’re wrong.
Yes, I’m wondering how much pressure USA exerted do they could claim it’s nothing to do with them.
Personally, I don’t trust or use anything Meta because I very well recall what Zuck said when fb was still university only.
Bet they’ll try to come up with their own “private” messenger as an alternative too for the public
They don’t need to backdoor end-to-end encryption when they can instead snoop at the endpoints (e.g. the apps).
Governments can force service providers to either do that or no longer operate in their jurisdiction.
This won’t stop especially knowledgeable people (including criminals) from using encrypted comms, but it will make it much harder to access for everyone else, thereby robbing the general population of an essential safety tool, among other things. It’s terrible for democracy and dangerous to vulnerable populations. The article is worth reading.
I suspect that the UK will just say “either you add the backdoor or you don’t operate here”
Which from a cynical perspective is just an easy check for hackers to see if a particular target is vulnerable by seeing if they’re allowed to operate in the UK
I mean, kinda sounds like the companies beat it to the punch or are threatening to. Which is the real path forward. Buh-bye Whatsapp and Signal disappearing and fully encrypted messages you parliamentarians and government folks are so fond of to avoid public transparency and “priveleged” info. They will last 5 seconds before the bill is scrapped.
Regarding iMessage, I believe they are honestly safer and better off without out it. Fight me(!), aha
Of course, what this means in reality is that all Brits will start using VPNs all the time, so they can get their secure apps from international app stores.
At that point everyone has plausible deniability and the security theatre is complete.
I’m wondering what, if any, effect this win have on the royals?
Can you imagine if Prince Andrew ever got busted for CSAM? Oh my God, [chef’s kiss]
I’m wondering if they’d Jimmy Savile it. Yes, it.
You mean you didn’t hear about that new encryption standard that keeps your data completely private from everyone except for the good guys?
Double Rot-13? I hear it’s state of the art.
They may or not, but would it be just UK downloads when it’s easier and cheaper to do it across the platform?