this post was submitted on 13 Sep 2023
49 points (91.5% liked)

United Kingdom

4108 readers
179 users here now

General community for news/discussion in the UK.

Less serious posts should go in !casualuk@feddit.uk or !andfinally@feddit.uk
More serious politics should go in !uk_politics@feddit.uk.

Try not to spam the same link to multiple feddit.uk communities.
Pick the most appropriate, and put it there.

Posts should be related to UK-centric news, and should be either a link to a reputable source, or a text post on this community.

Opinion pieces are also allowed, provided they are not misleading/misrepresented/drivel, and have proper sources.

If you think "reputable news source" needs some definition, by all means start a meta thread.

Posts should be manually submitted, not by bot. Link titles should not be editorialised.

Disappointing comments will generally be left to fester in ratio, outright horrible comments will be removed.
Message the mods if you feel something really should be removed, or if a user seems to have a pattern of awful comments.

founded 1 year ago
MODERATORS
 

In the physical world, the limits are clear: no democratic government is permitted to monitor citizens in their homes without a court order, even to prevent domestic violence or child sexual abuse. In the digital world, though, the answer remains unresolved. Child safety advocates believe that governments must be able to unlock private messages, while tech companies and privacy activists see a smokescreen for mass government surveillance.

you are viewing a single comment's thread
view the rest of the comments
[–] Tweak 13 points 1 year ago (2 children)

My understanding is they've done bugger all. MP's behind the bill have merely said they won't use the provision, primarily because there is no sufficient technical means to do so, but the wording of the bill hasn't changed.

If the bill goes through as is then businesses may be compelled to create the means to do so, regardless of it breaking encryption - maybe they won't do it right away, but they'll have the perogative under law. It wouldn't be too much more effort to throw in a gag order and prevent public disclosure. I'm sure Signal and a few others would kick up a stink and leave if they were targeted, but I could see Facebook and Google signing up, for a price. Hell I'd be more surprised if WhatsApp didn't already have backdoors.

[–] peter 4 points 1 year ago (1 children)

My understanding is they've done bugger all. MP's behind the bill have merely said they won't use the provision, primarily because there is no sufficient technical means to do so, but the wording of the bill hasn't changed.

What will happen here will be exactly like what happened with the net neutrality laws in the US. Even if we beat it once they'll just keep trying until the media gets fatigued and they can pass it without a large amount of uproar. There's no legal way for us to stop them.

[–] fushuan@lemm.ee 1 points 1 year ago (1 children)

There’s no legal way for us to stop them.

Not there is a feasible way to remove e2e from the internet. tons of banks would just stop working in the UK. the bill wouldn't last a week.

[–] Buckshot@programming.dev 1 points 1 year ago (1 children)

I see this argument every time this comes up but it's not true. The end to end encryption they are talking about is between users so the service provider doesn't have access to the data.

You sent a WhatsApp message and it's encrypted right through to the recipient's phone.

Your banking doesn't do that, it's encrypted between you and the bank.

Don't get me wrong, I agree with you there's no feasible way to stop it and hasn't been for 30 years since the release of PGP, but it's not about encryption in general, it's specifically encrypted communication between individuals and bringing other stuff into it just weakens the argument against it.

[–] fushuan@lemm.ee 2 points 1 year ago (1 children)

They might be referring only to instant messaging, but in a technical sense your communications with your bank are encrypted e2e, where one end is the bank and the other one is you. there is no intermediary. The important part in what you said is the recipient, there user recipient in my communications with the bank is the bank itself.

Anyway, if this bill is only about instant messaging, disregard my message, but I hope messaging apps just stop working.

[–] Buckshot@programming.dev 1 points 1 year ago

Yeah totally agree in the technical sense but if they want to spy on your banking they can go to your bank. If they want to spy on your instant messaging they can't.

The bill doesn't mention encryption at all, it only creates the ability to compel service providers to grant them access on request. Breaking the encryption is the only way they could do that. The law isn't telling them not encrypt traffic directly.

Up until the last decade, law enforcement could access pretty much any communications with that appropriate warrants. They could intercept mail, tap phones, get access to emails. E2E being so widespread is fairly new and I vaguely remember messaging platforms implementing it to avoid all the potential legal problems with law enforcement around the world and and international user base. I have no source for that though.

I can imagine it's a potential minefield that they don't want deal with so removing their own access solved that problem.

Don't get me wrong, I believe people should have access to private communications and I think all the rhetoric about protecting children is BS. It's just an easy way to quiet the dissenters then they expand those powers later on.

[–] Lmaydev@programming.dev 3 points 1 year ago (1 children)

Tbh you can just do it client side once it's decrypted. It may not be that hard to circumvent but the vast majority wouldn't bother.

I'm hoping this just doesn't get passed in its current form. But not sure the house of lords will have much understanding of this stuff.

[–] peter 5 points 1 year ago (1 children)

They want to do client side scanning which technically keeps E2E encryption but basically destroys the principle behind it. Today it's CSAM, tomorrow its terrorism related phrases, next year its "anti-government sentiment"

[–] Lmaydev@programming.dev 2 points 1 year ago (1 children)

Which won't affect the majority of people at all. Which is how they get away with it.

The people who do care will just move to safer alternatives.

[–] Flax_vert 1 points 1 year ago (1 children)

Literally. I believe most criminals aren't using WhatsApp. Moreso some weird thing called "EncroChat"

[–] Lmaydev@programming.dev 1 points 1 year ago (1 children)

Exactly.

But you do hear a lot about Facebook groups for it and shit. I'm guessing many of them are just stupid as fuck.

Which I guess is the target of this.

[–] Flax_vert 0 points 1 year ago

If they're that stupid can't they just have people infiltrate the group like they do with encrochat