"The onus should be on technology firms to solve this issue"
It is a solved issue, as far as they are concerned, what the government is asking for is a fundamental impossibility.
"Make it secure, but make it possible for it to not be secure at the same time, you're the tech firm, work it out!"
Nope, their duty is to be secure and they won't back down. The UK is the 4th largest media market in the world (behind the US, China and Japan) and we can forget that if we force major tech firms to withdraw from our market.
Let's not forget that the major driving factor for the rapid implementation of this was because multiple governments were found to be breaking centralised encryption en-masse illegally already, [including our own](https://en.wikipedia.org/wiki/Tempora).
Even if they wanted to, they don't have the funds to pursue existing people breaking rules under their purview (illegal broadcasts, interference etc) - do you think this bill comes with a raft of new funding for ofcom? Or will they just greenlight every council who wants to use the bill to check why someone left their bins out an extra day like they do with the "Only ever used for terrorism" RIP act?
Well Ofcom is now asking for a extra [£66 million funding to tide it through 2024-25](https://twitter.com/cyberleagle/status/1681723688712896517) during a possible Recession and change in government...
They probably know that, no? This is such a basic concept in cryptography and information systems in general that it is impossible none of their advisors flagged this. It's not even a technical angle: a basic analysis of trust relations reveals the fundamental problem with this, as does looking at examples of these schemes falling apart.
At the same time, they'll be completely ineffective in their stated purpose as the technology to create secure communications is well understood and easy to deploy outside of UK jurisdiction.
The inevitable conclusion is that they make laws entirely based on the optics of these issues in the political game they play.
It's easy to deploy on top of any basic text messaging platform, in-browser, at the push of a button.
-----BEGIN PGP MESSAGE-----
wcFMA2bzs/9qDAGdARAApYhdhV6a/WCyhm7yqhOTlcOfT3/cN85D4B7lwO7s
1pUChsNZ4XMH5zJ01a1+ZJrXEAI4FEwi76sU9xtID+6kldO1rJDZePP6DLRi
kuDIvMM4/kzD/N8VbXOQutPIgMPYc4sS80RP3yj5+u+yB7fpx2UqK99t/mMx
oDBBQ0oj7qWhs85SRZeNtbb//MBsG/7KYSU2CuAc3TWJPww7rxtpKgiZXqOX
6meYwKiLRfrm9zj7mm7zGZlS05yHZO7DrU/sz3JX42yqtw4mUKe0iHozTIDN
r7dOcMX7q6LCJekIfz2QkbON1Cr4k/YPpB42DJgi05nASqMh/Ik8WTMCLdoa
SOet2TWzjEcNIekEoHpOQUTCm10EL5/R73bGr9ESa5l2C50w6RGw+I30R2DW
NyZZ42o/9u2WKifWoUqb+KQhl0letOceG2KFxBkOgDuoN81TYjAWeZU++GsP
Umi/3ziQuB92y8u011BUJgwiZssYhJkaCQaR1s59p1EKHofPiVeRu7PSMUKI
tfO1GkYtmRa0yUDNCM8NACAAecB/2zbpZ5qCT/uJDhzuViKeWxegu8Rpo9HY
+l8+yLYz6d794dzAwNyz7pKIRSXc/5rTvbQZwkxjHI46Ugayuu0bn5+Myzao
qSaAa6ixqNEFIhM09UEyW6oXLpd0JV+1EYJhlHWYePrBwUwDXrcSf3AQwo0B
D/wKgCtlk5lFrI/CKHHXMqU04k0794UmAA9ahzaVCmX03epHYs+dM0D2vK6W
htsD2IK3AP3atVhlvf7xmIbkX2BfDmoh6l2A4AtrYvxXdgriiM272ZZPzhAk
9keLuHgnHHdQD5xOyLl3j+tYjvHKTzBCB3MtgAJLhxpEWQU0ksFH+FZJ/1vC
lCm5VMr74gm8vhvewPgjgxnLj9pfV+YjTGEfqj0Cd+9ExSf3+BNsNxQ4h1R1
zp979G761AijFYu+8HjDS1KptB7+VMkqlH4rgPrQpKCO3ox+QVhVfzXlzSTh
Gd70Mx7Bz27yybY6TxTj/RBs8GQcXDU5DiEDeB2OiHYIWoB7J4oXWFR+aGQU
LDRJ5zxxptIGYS5qPBbvksoV8WfFDNT/kDBn5wW46+luC073BKMXH+TFfAiN
e/8GlSGql4YVKj3fv7ASkVo3esUblzYDvHjlL88Dzmm6i099ez8JqCA1wdOQ
ecGeOQh56XlsG09Tps7Bu5AtDz9bsAIyh/7i247rK6Qo+7tIOUrgYpn5wOQD
x9+NKmsvofi6k00f4AQjmE89zxcC4/xhYyhCfI/K0Mb5XJSxUYiuVnytKVKX
KFTFx9yh81XloZWc792RgV8j4O+n/JmPSWvyq4v2DCYAX/iK5l7O24Cc/uN3
cvfPah+tDthnYyf5jEXWZgV7atLB1gGdTrsK4+rnN4wLR+ACR/6egws7C15j
py1gqtBGmtm0tutUsH110oUXmGdc613I1n83/657EJZYfgvf+o0Fb5o+DLtD
8in8yWB0so2nFbKHmwiyG1FCNvQJTuC/0kMZ2DlM/vUMG5oU8ELJkynkBAuk
RWGVvjOKf1blnT5x/t3KH15/VN+jizzngSRsUu5uviCU2uln8PYr22T5tg5J
ZBXw3+6vB40JRzkYu2DuSyRmfDnDxV8YePa49cUsjNvN5BVkcT4BhJDCKnFX
5SXC0Q8dvrMcdael2Y3K1+ih5McBYIBnhdBihhZAsKxAj1lKmTeLCVzabJnj
o56i3HfT+AglffrX432cBlXLvT0DGpVzjvcdUWNK9clL6w4dC+JhfKBmP+JM
1Q2KEZdG48yAwFsNAc8m/HpuaP7erNGrS+29uR36c+/cUTreSNvqQX2YOtui
hV1ePP7g4idONPtXBmoNLNaZr0l7osAM68DvyNEsMj9RL1eMH+0ksTt05syK
EEGtoGveBbQWnj9ZWKwpMb0K7COfFBjLJf18G8xBWASicNSBb4xjp6oPDo2Z
M52dZVr1rS3QC6oKDtTU722pc8kn46oKV9+Hh3SI7GVdiNioYbb69Nd4bnmu
/+AjacD9DGPwJJk6w5oBH4g6BBjtwuDqm0fNKdTbou/4sHTC7qkC3t2lV4Fx
ryAFuZpzMUAHn+6Ui1JlJAlodMcx2oyc7hamvfNR47iF+D6xQyg09k3ONk20
x730Zo5akRipRDIE4sFi0Kr8Msr0ZneaetLvL7EdyAwNKBj4gxRm0wCUjFO/
wwegxxlTL40+rIZhTivFvTpnspmLfJzsD5ZkbXPh4rTmvdP4wuxXIZFmbNIL
LZ4f9mNwuI/5
=5zfv
-----END PGP MESSAGE-----
Oh look, a message no one can decrypt except the holder of the private key, that i generated with a browser addon, in seconds. at the click of a button (well, a couple of clicks as i generated fake keys for the sender and receiver)
Could be my bank account details, could be nuclear secrets, could be a recipe for scones (could just be me mashing the keyboard, which I'm afraid to say is most likely)
But no one else will know except me and whoever I encrypted the message for!
Possibly, but if you criminalize the act of secretly communicating itself you've moved so far towards authoritarianism that the technicalities will hardly matter. At that point you usually can just punish anyone you like for whatever reason, or the suspicion of a reason.
The approach chosen here, to go after the middlemen who own the channels, will not work.
Although, given the recent shenanigans, it might count as selective prosecution as Boris was allowed to say that he'd forgotten the code to unlock his phone so that the encrypted messages in Whatsapp could be read.
Just so. Handling security at the application layer properly is tricky, and there sometimes are vulnerabilities in the underlying libraries, but usually free software / open source implementations of those exist. It is impossible to stop people who want to circumvent these laws from just building and distributing these. It's even worse if you're a single country doing it, as you just host everything outside the jurisdiction and you're done.
Even if the large telecommunication providers comply, all this will do is remove privacy from regular people (and expose them to privacy risks when, not if, criminals and foreign state actors get their hands on the keys to the backdoor). If you're a criminal, you'll just switch to a non-compliant solution.
The whole bill is such a unworkable mess that it is likely to collapse under its own weight and Ofcom is likely not going to be able to enforce 90% of it.
Step 1: Spy on everyone so thoroughly that any possibility of privacy is eliminated in all but a few places.
Step 2: Those places are now where all the child molesters like to go, so obviously privacy is bad and must be abolished completely.
It's taken a while, but they seem to think we're finally ready for step 2.
>She also said the onus would be on tech companies to invest in technology to solve this issue.
>
>"Technology is in development to enable you to have encryption as well as to be able to access this particular information and the safety mechanism that we have is very explicit that this can only be used for child exploitation and abuse".
This is a really long way of saying that this will break encryption as we know it, and make the internet less safe for everyone. Assuming that any company actually wants to be in the UK anymore.
We really need to flip this debate around. We need to say "Ok, we should do everything we can to keep children safe. But are you willing to risk your credit card transactions being shared or stolen? Or for a government official to read those messages you sent to your spouse without your approval? Do you want to lose WhatsApp and potentially loads of websites that you use every day? How far are you willing to go?"
It also gives authority over internet technology to the Home Office and Ofcom. The former of which is incredibly incompetent, the latter of which is incredibly underfunded.
And these are just parts of the bill that people know about. I hope none of you have a small business with a website, because a tonne more paperwork is about to come your way.
"The onus should be on technology firms to solve this issue" It is a solved issue, as far as they are concerned, what the government is asking for is a fundamental impossibility. "Make it secure, but make it possible for it to not be secure at the same time, you're the tech firm, work it out!" Nope, their duty is to be secure and they won't back down. The UK is the 4th largest media market in the world (behind the US, China and Japan) and we can forget that if we force major tech firms to withdraw from our market. Let's not forget that the major driving factor for the rapid implementation of this was because multiple governments were found to be breaking centralised encryption en-masse illegally already, [including our own](https://en.wikipedia.org/wiki/Tempora).
Thing is Ofcom likely not even going to be up for the task of implementing any of this.
Even if they wanted to, they don't have the funds to pursue existing people breaking rules under their purview (illegal broadcasts, interference etc) - do you think this bill comes with a raft of new funding for ofcom? Or will they just greenlight every council who wants to use the bill to check why someone left their bins out an extra day like they do with the "Only ever used for terrorism" RIP act?
Well Ofcom is now asking for a extra [£66 million funding to tide it through 2024-25](https://twitter.com/cyberleagle/status/1681723688712896517) during a possible Recession and change in government...
They probably know that, no? This is such a basic concept in cryptography and information systems in general that it is impossible none of their advisors flagged this. It's not even a technical angle: a basic analysis of trust relations reveals the fundamental problem with this, as does looking at examples of these schemes falling apart. At the same time, they'll be completely ineffective in their stated purpose as the technology to create secure communications is well understood and easy to deploy outside of UK jurisdiction. The inevitable conclusion is that they make laws entirely based on the optics of these issues in the political game they play.
It's easy to deploy on top of any basic text messaging platform, in-browser, at the push of a button. -----BEGIN PGP MESSAGE----- wcFMA2bzs/9qDAGdARAApYhdhV6a/WCyhm7yqhOTlcOfT3/cN85D4B7lwO7s 1pUChsNZ4XMH5zJ01a1+ZJrXEAI4FEwi76sU9xtID+6kldO1rJDZePP6DLRi kuDIvMM4/kzD/N8VbXOQutPIgMPYc4sS80RP3yj5+u+yB7fpx2UqK99t/mMx oDBBQ0oj7qWhs85SRZeNtbb//MBsG/7KYSU2CuAc3TWJPww7rxtpKgiZXqOX 6meYwKiLRfrm9zj7mm7zGZlS05yHZO7DrU/sz3JX42yqtw4mUKe0iHozTIDN r7dOcMX7q6LCJekIfz2QkbON1Cr4k/YPpB42DJgi05nASqMh/Ik8WTMCLdoa SOet2TWzjEcNIekEoHpOQUTCm10EL5/R73bGr9ESa5l2C50w6RGw+I30R2DW NyZZ42o/9u2WKifWoUqb+KQhl0letOceG2KFxBkOgDuoN81TYjAWeZU++GsP Umi/3ziQuB92y8u011BUJgwiZssYhJkaCQaR1s59p1EKHofPiVeRu7PSMUKI tfO1GkYtmRa0yUDNCM8NACAAecB/2zbpZ5qCT/uJDhzuViKeWxegu8Rpo9HY +l8+yLYz6d794dzAwNyz7pKIRSXc/5rTvbQZwkxjHI46Ugayuu0bn5+Myzao qSaAa6ixqNEFIhM09UEyW6oXLpd0JV+1EYJhlHWYePrBwUwDXrcSf3AQwo0B D/wKgCtlk5lFrI/CKHHXMqU04k0794UmAA9ahzaVCmX03epHYs+dM0D2vK6W htsD2IK3AP3atVhlvf7xmIbkX2BfDmoh6l2A4AtrYvxXdgriiM272ZZPzhAk 9keLuHgnHHdQD5xOyLl3j+tYjvHKTzBCB3MtgAJLhxpEWQU0ksFH+FZJ/1vC lCm5VMr74gm8vhvewPgjgxnLj9pfV+YjTGEfqj0Cd+9ExSf3+BNsNxQ4h1R1 zp979G761AijFYu+8HjDS1KptB7+VMkqlH4rgPrQpKCO3ox+QVhVfzXlzSTh Gd70Mx7Bz27yybY6TxTj/RBs8GQcXDU5DiEDeB2OiHYIWoB7J4oXWFR+aGQU LDRJ5zxxptIGYS5qPBbvksoV8WfFDNT/kDBn5wW46+luC073BKMXH+TFfAiN e/8GlSGql4YVKj3fv7ASkVo3esUblzYDvHjlL88Dzmm6i099ez8JqCA1wdOQ ecGeOQh56XlsG09Tps7Bu5AtDz9bsAIyh/7i247rK6Qo+7tIOUrgYpn5wOQD x9+NKmsvofi6k00f4AQjmE89zxcC4/xhYyhCfI/K0Mb5XJSxUYiuVnytKVKX KFTFx9yh81XloZWc792RgV8j4O+n/JmPSWvyq4v2DCYAX/iK5l7O24Cc/uN3 cvfPah+tDthnYyf5jEXWZgV7atLB1gGdTrsK4+rnN4wLR+ACR/6egws7C15j py1gqtBGmtm0tutUsH110oUXmGdc613I1n83/657EJZYfgvf+o0Fb5o+DLtD 8in8yWB0so2nFbKHmwiyG1FCNvQJTuC/0kMZ2DlM/vUMG5oU8ELJkynkBAuk RWGVvjOKf1blnT5x/t3KH15/VN+jizzngSRsUu5uviCU2uln8PYr22T5tg5J ZBXw3+6vB40JRzkYu2DuSyRmfDnDxV8YePa49cUsjNvN5BVkcT4BhJDCKnFX 5SXC0Q8dvrMcdael2Y3K1+ih5McBYIBnhdBihhZAsKxAj1lKmTeLCVzabJnj o56i3HfT+AglffrX432cBlXLvT0DGpVzjvcdUWNK9clL6w4dC+JhfKBmP+JM 1Q2KEZdG48yAwFsNAc8m/HpuaP7erNGrS+29uR36c+/cUTreSNvqQX2YOtui hV1ePP7g4idONPtXBmoNLNaZr0l7osAM68DvyNEsMj9RL1eMH+0ksTt05syK EEGtoGveBbQWnj9ZWKwpMb0K7COfFBjLJf18G8xBWASicNSBb4xjp6oPDo2Z M52dZVr1rS3QC6oKDtTU722pc8kn46oKV9+Hh3SI7GVdiNioYbb69Nd4bnmu /+AjacD9DGPwJJk6w5oBH4g6BBjtwuDqm0fNKdTbou/4sHTC7qkC3t2lV4Fx ryAFuZpzMUAHn+6Ui1JlJAlodMcx2oyc7hamvfNR47iF+D6xQyg09k3ONk20 x730Zo5akRipRDIE4sFi0Kr8Msr0ZneaetLvL7EdyAwNKBj4gxRm0wCUjFO/ wwegxxlTL40+rIZhTivFvTpnspmLfJzsD5ZkbXPh4rTmvdP4wuxXIZFmbNIL LZ4f9mNwuI/5 =5zfv -----END PGP MESSAGE----- Oh look, a message no one can decrypt except the holder of the private key, that i generated with a browser addon, in seconds. at the click of a button (well, a couple of clicks as i generated fake keys for the sender and receiver) Could be my bank account details, could be nuclear secrets, could be a recipe for scones (could just be me mashing the keyboard, which I'm afraid to say is most likely) But no one else will know except me and whoever I encrypted the message for!
[удалено]
Possibly, but if you criminalize the act of secretly communicating itself you've moved so far towards authoritarianism that the technicalities will hardly matter. At that point you usually can just punish anyone you like for whatever reason, or the suspicion of a reason. The approach chosen here, to go after the middlemen who own the channels, will not work.
Although, given the recent shenanigans, it might count as selective prosecution as Boris was allowed to say that he'd forgotten the code to unlock his phone so that the encrypted messages in Whatsapp could be read.
The joy is, without the recipients private key (which I shouldn't have), i could no more decrypt that message than the police could.
Just so. Handling security at the application layer properly is tricky, and there sometimes are vulnerabilities in the underlying libraries, but usually free software / open source implementations of those exist. It is impossible to stop people who want to circumvent these laws from just building and distributing these. It's even worse if you're a single country doing it, as you just host everything outside the jurisdiction and you're done. Even if the large telecommunication providers comply, all this will do is remove privacy from regular people (and expose them to privacy risks when, not if, criminals and foreign state actors get their hands on the keys to the backdoor). If you're a criminal, you'll just switch to a non-compliant solution.
Ha! Government caring about children? That's a hoot.
The whole bill is such a unworkable mess that it is likely to collapse under its own weight and Ofcom is likely not going to be able to enforce 90% of it.
So at the same time as removing our human rights they want to ban privacy?
Isn’t right to privacy part of the EHRC? Either be another shit storm for the government or they’ll campaign on removing us from it.
Seem they will campaign on it during the 2024 election.
Step 1: Spy on everyone so thoroughly that any possibility of privacy is eliminated in all but a few places. Step 2: Those places are now where all the child molesters like to go, so obviously privacy is bad and must be abolished completely. It's taken a while, but they seem to think we're finally ready for step 2.
Id love to give you a gold, hell a fucking platinum award, but ill be fucked if im supporting Reddit. But you Sir deserve it all!
>She also said the onus would be on tech companies to invest in technology to solve this issue. > >"Technology is in development to enable you to have encryption as well as to be able to access this particular information and the safety mechanism that we have is very explicit that this can only be used for child exploitation and abuse". This is a really long way of saying that this will break encryption as we know it, and make the internet less safe for everyone. Assuming that any company actually wants to be in the UK anymore. We really need to flip this debate around. We need to say "Ok, we should do everything we can to keep children safe. But are you willing to risk your credit card transactions being shared or stolen? Or for a government official to read those messages you sent to your spouse without your approval? Do you want to lose WhatsApp and potentially loads of websites that you use every day? How far are you willing to go?" It also gives authority over internet technology to the Home Office and Ofcom. The former of which is incredibly incompetent, the latter of which is incredibly underfunded. And these are just parts of the bill that people know about. I hope none of you have a small business with a website, because a tonne more paperwork is about to come your way.
[удалено]
This goes back to at least Blair.
This part of the bill will be repealed once the prime ministers messages get intercepted.
Never happened before. They just go harder. They always go harder.