[HN Gopher] The U.K. government is close to eroding encryption w...
___________________________________________________________________
The U.K. government is close to eroding encryption worldwide
Author : pwmtr
Score : 112 points
Date : 2023-07-28 21:01 UTC (1 hours ago)
(HTM) web link (www.eff.org)
(TXT) w3m dump (www.eff.org)
| nitwit005 wrote:
| I'm curious how many companies will just block the UK rather than
| comply. It's definitely not going to be zero.
| miohtama wrote:
| - Whatsapp (Meta)
|
| - Signal
|
| - Apple
|
| https://www.politico.eu/article/uk-ministers-lock-horns-with...
| tamimio wrote:
| Let me guess, to protect the children and the rest of us from
| terrorists?
|
| You know bad actors won't care about your bill, I would love to
| see how the government is going to block an email encrypted with
| gpg?
| jckahn wrote:
| Would this bill affect P2P apps? From the article:
|
| > The Online Safety Bill, now at the final stage before passage
| in the House of Lords, gives the British government the ability
| to force backdoors into messaging services
|
| So it seems like purely P2P communication could still be legally
| encrypted.
| lijok wrote:
| We could outlaw math. Or the police could start doing their job.
| endgame wrote:
| https://www.newscientist.com/article/2140747-laws-of-mathema...
|
| Australia tried that. This must be resisted wherever it
| appears.
| zen_1 wrote:
| >We could outlaw math.
|
| Maybe that's why math education is being sabotaged.
| ethanbond wrote:
| I think they'd argue that this _is_ them doing their job:
| trying to negate the advantages that sophisticated criminals
| have over law enforcement efforts.
|
| Could you elaborate on what you see as "doing their job" in
| this context?
| itsathrowaway56 wrote:
| Given that we don't catch, deal with appropriately or
| rehabilitate the majority of the non-sophisticated criminals,
| I'd suggest we start with that before we decide to start
| spying on the rest of the population?
|
| Based on how RIPA and it's successors in the UK have suffered
| from excessive use I doubt that we will be restricting this
| power to "sophisticated" criminals if it comes to pass.
| ben_w wrote:
| That would require the UK government to fund the police
| properly. And the courts. And the judiciary. And the prisons.
|
| For a political party that likes the cliche "tough on crime",
| it's kinda surprising how far on the path to accidental anarchy
| they are.
| hkt wrote:
| They're hoping people will start hiring rent-a-cop type
| security firms for their areas. Not joking.
| tremon wrote:
| It's the same party that's tough on immigration, yet keeps
| importing lorry drivers, health workers and building
| contractors because they apparently can't be found inside the
| country.
| MarcScott wrote:
| I wrote this about 6 years ago when the then PM was trying to
| do the same thing -
| http://coding2learn.org/blog/2017/06/11/dear-theresa/
| user6723 wrote:
| Yeah well I have an AR-15 try to take my BSD and OpenSSL away
| bitch I dare you.
| dang wrote:
| Could you please stop posting unsubstantive comments and
| flamebait? You've unfortunately been doing it repeatedly. It's
| not what this site is for, and destroys what it is for.
|
| If you'd please review
| https://news.ycombinator.com/newsguidelines.html and stick to
| the rules when posting here, we'd appreciate it.
| CTDOCodebases wrote:
| Most sieges don't tend to end well for the person inside the
| building.
| jstarfish wrote:
| Especially these days. You're up against drones now, so it's
| not like you're going to do any damage on the way out.
|
| Find another means of resistance, ideally a nonlethal one
| (they bet everything on terrorism). Bunkering with a shotgun
| and a six-pack won't cut it anymore.
| ssl232 wrote:
| Is this even enforceable? How can the UK government determine
| whether encrypted traffic going to/from UK IPs emanates from a
| messaging service as opposed to any other service?
| jamesdwilson wrote:
| "Who denounced you?" said Winston. "It was my little daughter,"
| said Parsons with a sort of doleful pride. "She saw the
| installed encryption programs, and nipped off to the patrols
| the very next day. Pretty smart for a nipper of seven, eh? I
| don't bear her any grudge for it. In fact, I'm proud of her. It
| shows I brought her up in the right spirit, anyway."
| theginger wrote:
| The UK Government repeatedly fails to understand that there are
| no boarders on the internet, and it'd be impossible to impose any
| without the kind of extreme restrictions of a totalitarian
| regime.
|
| Any measures without broad international cooperation will push
| vast number of people towards darker corners of the internet,
| which will not just end up completely undermining what they are
| trying to achieve, it will make the problems worse.
|
| Meta alone have the power to make this law a miserable failure.
| People will want to use WhatsApp, the government themselves use
| it extensively. If meta refuses there is very little they can do.
| Facebook can continue to operate without a single person on the
| ground in UK. It might harm their business in some ways but it's
| definitely doable. The government might be able to force/convince
| Apple and Google to take it out their app stores in the UK but
| such regional restrictions are easily bypassed and WhatsApp is
| popular enough to make people try it. So that would then
| normalise the practices such as side loading / jail breaking and
| avoiding regional restrictions. Cyber criminals would be rubbing
| their hands at the opportunities this creates and I am sure the
| peodos and terrorists this is meant to be stopping will jump at
| the chance to get in on the act.
| FirmwareBurner wrote:
| _> The UK Government repeatedly fails to understand that there
| are no boarders on the internet_
|
| Don't know what universe or timeline you're from, but on this
| earth today, the internet definitely has borders.
|
| That's why we have those EU cookie banners and GDPR consent
| forms, and why some of my favorite piracy websites are blocked
| by all ISPs in my country, or why I can't watch Top Gear on
| BBC's website because I'm not from the UK, or why Facebook had
| to remove some politically spicy content worldwide because the
| courts where I live forced them to, etc, etc.
|
| Mainstream web companies have to conform to local laws in each
| country or they'll get fined or blocked. Sure, there's VPNs to
| circumvent that, but the days of the lawless and borderless
| internet are a thing of the past.
| dheera wrote:
| Even with a totalitarian regime, they cannot stop the rest of
| the world from using encryption. People can pull their business
| entities out of the UK and they have no jurisdiction outside
| their borders.
|
| If I create an E2E messaging app, I don't need to listen to the
| UK at all. The UK can't tell me what to do any more than China
| can. China can block my app if they want, but it's on them, not
| me, to block it. Same goes for the UK. They can set up a
| firewall too if they want. But I don't need to change my app if
| I don't set foot in the UK.
| [deleted]
| ajdude wrote:
| > The government might be able to force/convince Apple and
| Google to take it out their app stores in the UK
|
| Apple has even threatened to withdraw their own systems from
| the UK rather than comply with this.
|
| https://9to5mac.com/2023/07/20/apple-imessage-facetime-remov...
| api wrote:
| To fully implement this would require dismantling vast amounts of
| software and protocols including VPNs, SSL/TLS, SSH, WebRTC, and
| loads more. Other countries won't want these protocols weakened
| just for the UK. It would end with the UK having a "great
| firewall" and basically its own little Internet with tech-savvy
| people punching holes in it just like they do in China.
| miohtama wrote:
| Hopefully the role of the UK is:
|
| Mistakes: It could be that the purpose of your life is only to
| serve as a warning to others.
|
| https://despair.com/products/mistakes
| EGreg wrote:
| The issue is bigger than just the UK government. Here is the
| global war on encryption: https://community.qbix.com/t/the-
| coming-war-on-end-to-end-en...
| jmclnx wrote:
| "They" seem to be using the standard play boor used by the rich
| and/or powerful against the will of the people. If you fail, keep
| trying and trying and trying until they get their way.
|
| Well if the UK and other countries pass this, I guess it is back
| to gnupg. No way can that be restricted at this point.
| christkv wrote:
| I bet the five eyes are exited about this then maybe the us and
| Europe can use the uk to spy on their citizens. Since it's not
| them doing the spying hey presto legal.
| eff_off wrote:
| [flagged]
| inconceivable wrote:
| why don't you save us all a bit of time and just go ahead and
| tell us exactly which rights we're allowed to have in order to
| protect the children in your perfect kingdom?
|
| like, will you allow me to drive a car, or eat beef, or own a
| kitchen knife?
| pwmtr wrote:
| Nice username :)
|
| I'm on the other side. IMO; CP is used more and more as an
| excuse to pass more anti-privacy agenda, because it is
| difficult to argue against "We want to protect children". That
| perspective moves discussion to a different place where it is
| difficult to discuss. Why can't we have both? Is only way to
| prevent CP eliminating privacy?
| developer93 wrote:
| I mean in the UK there were cp rings which were known about,
| that is the girls told the authorities about what was
| happening to them, and it was buried, so maybe get their own
| house with systems in place, training _and funding_ (which is
| universally in short supply in UK since [edit: about] a
| decade now) to act on info they already get before trying to
| come after innocent people with a drag net in the hope of
| catching a few paedophiles. https://en.wikipedia.org/wiki/Rot
| herham_child_sexual_exploit...
| shrimp_emoji wrote:
| CP = "brain_off" to defending your human rights :D
|
| Simple as!
|
| Also see terrorism
| ronsor wrote:
| The only way to prevent all crime is 24/7 surveillance
| combined with constant control and no free will, but any
| reasonable person would find that _unreasonable_. That aside,
| a significant number of people sharing CP aren 't smart
| enough to use an encrypted platform anyway.
| SN76477 wrote:
| Its simple, get a warrant.
| tonyarkles wrote:
| I'm going to assume that both you and the OP are engaging in
| this in good faith. I am thoroughly in the "legislating
| encryption is basically outlawing math" camp and believe
| it'll be highly ineffective at accomplishing any of its
| goals. However...
|
| Get a warrant for what exactly? On, say, an iPhone where you
| can have reasonably secured encryption-at-rest for your data
| (the entire disk is encrypted using an AES key that is
| protected by your passcode and that key is destroyed after
| too many failed attempts), simply getting a warrant to take
| physical possession of the device doesn't really provide any
| evidentiary value. In the US and many other jurisdictions
| (but not the UK from what I recall), courts generally can't
| compel someone to reveal their passcode. The E2E keys are
| stored encrypted at rest as well.
| giantrobot wrote:
| This begs the question of there being a "scourge" of child porn
| and terrorist propaganda. You're also assuming the UK's attack
| on encryption would do anything at all to combat either thing
| let alone end the presumed "scourge".
|
| Strong encryption is the foundation of pretty much all online
| commerce. Without it little else is practical online. It's not
| up to the EFF to come up with solutions to made up or
| exaggerated issues.
| tivert wrote:
| > This begs the question of there being a "scourge" of child
| porn and terrorist propaganda. You're also assuming the UK's
| attack on encryption would do anything at all to combat
| either thing let alone end the presumed "scourge".
|
| And the "terrorist propaganda" part doesn't make sense.
| Propaganda is useless if it doesn't reach an audience, and
| encryption is all about restricting the audience. I mean,
| didn't ISIS put up its propaganda videos on _Youtube_? They
| 're hardly trying to hide it out of sight.
| developer93 wrote:
| They've been coming back with these proposals with this every
| few years at least as long as my adult life (~20yrs) just
| that thus time they've got it through. Until now it's been
| knocked down for the ridiculousness it is. "They only have to
| be lucky once, you have to be lucky every time"
| thefurdrake wrote:
| Your right to hunt down child porn does not exceed my right to
| privacy. To have it otherwise is to live in a panopticon.
| ethanbond wrote:
| In reality all rights are contingent upon and in direct
| conflict with each other. This is not some special case, and
| no, contingency and conflict does not make one side
| immediately the worst case scenario of itself.
|
| "Your right to prevent incitement to violence does not exceed
| my right to free speech. To have it otherwise is to live in a
| panopticon."
|
| It factually _does_ exceed that right and that fact _does
| not_ yield a panopticon.
| thefurdrake wrote:
| > It factually does exceed that right and that fact does
| not yield a panopticon.
|
| Poor analogy. The panopticon analogy was to relate the fact
| that allowing inspection of every single message sent by
| everyone ever is a panopticon. Preventing someone from
| speaking doesn't equate to a panopticon.
|
| I am very concerned for the worldviews of people who
| genuinely think it's a good idea to let the government (and
| consequently, any entity with moderately-skilled hackers
| and a motive to mass collect data) view every message sent
| between private parties.
|
| So I'll reiterate, I guess.
|
| No, it doesn't.
| AequitasOmnibus wrote:
| Your comment is made in bad faith. Notably, you posted from a
| brand new account echoing the most inflammatory talking points
| that the government uses in support of eroding encryption.
| Either this is some blatant (and bad) astroturfing, or you've
| drunk the kool-aid from the government.
|
| Nobody is here to defend child pornography or terrorism. But
| even accepting that they exist, those are a drop in the literal
| ocean of use cases for encryption relative to the
| overwhelmingly legal and productive and often necessary uses.
|
| > They should come up with a useful alternative
|
| We have a useful alternative - criminal laws. Make the criminal
| penalty a strong enough deterrent and you'll stop everyone
| except the most craven malfeasors (and those people will find
| ways to continue to disseminate their materials irrespective of
| encryption status).
|
| Rather than accuse privacy supporters of being "stubborn", you
| should come up with a legitimate argument why ordinary, law
| abiding people should have to sacrifice their autonomy in
| service of an effectively phantom boogeyman.
| ethanbond wrote:
| wrt making criminal penalties stronger, I wonder what effect
| an add-on charge (idk the technical term) for deliberately
| using encryption in the commission of a crime would add.
|
| I.e. using encryption is never illegal, but if you commit a
| crime and directly employ encryption as a means to commit
| that crime, your sentence is doubled or whatever.
|
| (inb4 pedantic "all internet services use encryption", which
| I don't think a court would buy if this is meant to be an
| add-on charge)
| cs02rm0 wrote:
| They're telling us it's a scourge.
|
| But I suspect it's a relatively tiny, albeit terrible, problem
| compared to breaking encryption, which isn't just about privacy
| but about every action over the internet.
|
| I don't see that you can have it both ways; secure encryption
| and being able to inspect traffic. There's no alternative so
| it's either using other mechanisms to go after CSE and
| terrorist material, as currently happens allowing us to know
| about the scourge, or we may as well revert to everything being
| on http.
| [deleted]
| vr46 wrote:
| I honestly hate my current government with all my heart.
|
| Let this series of badly-thought-out bills be destroyed in the
| courts once the courts find that reality bats last.
|
| There's probably a clause in there that decrees Pi must be four
| from now on.
| tivert wrote:
| > Let this series of badly-thought-out bills be destroyed in
| the courts once the courts find that reality bats last.
|
| How? I thought the UK courts can't override Acts of Parliament,
| because the courts are subordinate to it (unlike in the US).
| LocutusOfBorges wrote:
| There's still the option of appeal to the ECHR, but that's
| more or less it - and there's a quite strong push from the
| right to leave that as well.
|
| This was absolutely an intended outcome for a lot of the
| figures responsible for the UK's exit from the EU - European
| legislation/institutions were more or less the only real
| absolute check on the authoritarian tendencies of the British
| state, given the UK's insane constitutional structures.
| ClumsyPilot wrote:
| One think I have never realised before moving here, is that
| UK has an authoritarian streak going back a long, long
| time.
|
| The desire to join such beacon of democracy as Russia in
| jeaving ECHR is heartwarming.
| Silhouette wrote:
| The thing about the "authoritarian streak" in the UK is
| that historically as a people we have mostly trusted the
| government and its police and security services to use
| the powers they give themselves by law appropriately. And
| although obviously there have been some serious failings
| in the past it's probably fair to say that overall they
| have earned that trust more than some of their
| counterparts in some other Western democracies so enough
| of our people continue to give them that trust that the
| same culture can continue. The danger for us is that it's
| always possible for the needle to move towards more
| frequent or routine abuses of power but once those
| measures make it into statute our trust-based system has
| few checks and balances to help us recover if it turns
| out someone went too far that time. That in turn is
| because our political/electoral system is itself
| fundamentally broken but also self-sustaining, which is a
| much bigger problem than just the risks of
| authoritarianism that we're discussing here.
| jbjbjbjb wrote:
| It's not just the current government, the whole of Parliament
| including the various committees are eager to just go along
| with the intelligence and security agencies who tell them
| encryption is bad.
| InCityDreams wrote:
| Your 'current' government has been in power for well over 10
| years.
| xwdv wrote:
| Funny thing is, this doesn't hurt criminals at all. If you're
| doing serious crime, you bring your own encryption. There are
| cartels that spend a lot of money rolling their own crypto.
| dheera wrote:
| > gives the British government the ability to force backdoors
| into messaging services
|
| This is NOT enforceable outside the UK any more than Chinese law
| enforceable outside China. If you are a messaging service, just
| close all your business entities in the UK and they have no more
| jurisdiction over you. People in the UK can still use your
| messaging services unless the UK decides to implement a firewall
| like China.
|
| > which will destroy end-to-end encryption
|
| I don't trust any E2E encryption unless at least the clients are
| open source. How do I know the NSA hasn't inserted a backdoor
| into WhatsApp?
|
| And then if the clients are open source, the back doors they
| insert (via git pull requests?) can be removed.
| FpUser wrote:
| Or they can be scraping screens so it does not matter whether
| your encryption is "trusted".
| zgluck wrote:
| The UK is an island, physically and metaphorically. It can dig
| its (financial) grave if it wants to, the rest of the world won't
| really care much.
|
| The headline is false.
| cpncrunch wrote:
| Indeed. The article itself doesn't explain why this will affect
| the rest of the world. In fact, Apple has said they would
| consider withdrawing FaceTime and iMessage in the UK if this
| law goes ahead, so I think it is unlikely it will affect the
| rest of the world. Either the UK will be left with fewer
| encrypted products, or they will do a u-turn.
|
| https://www.theguardian.com/technology/2023/jul/20/uk-survei...
| zgluck wrote:
| I've lost count of the number of u-turns they have done
| already. I think it's like 5 or so.
|
| (I'm including their various attempts to ban porn from the
| internet.)
___________________________________________________________________
(page generated 2023-07-28 23:00 UTC)