back to article Now Apple takes a bite out of encryption-bypassing 'spy clause' in UK internet law

Apple has joined the rapidly growing chorus of tech organizations calling on British lawmakers to revise the nation's Online Safety Bill – which for now is in the hands of the House of Lords – so that it safeguards strong end-to-end encryption. "End-to-end encryption is a critical capability that protects the privacy of …

  1. Pascal Monett Silver badge
    Facepalm

    So, we're back to square one again

    We've already had this discussion, we've heard all the arguments, we've seen all the rebuttals.

    And UK Gov is starting it all over again.

    Is this insanity, or are they just suckers for punishment ?

    1. Anonymous Coward
      Anonymous Coward

      Re: So, we're back to square one again

      They only have to pass it once, then there is no going back.

      1. Mishak Silver badge

        Re: So, we're back to square one again

        Laws can be removed as well, but that never seems to happen in practice, even when a party declares it as a manifesto "promise".

        1. GruntyMcPugh

          Re: So, we're back to square one again

          hmmm, like Daylight Savings, introduced as an emergency law during WW1, and we got stuck with it. There was also the 'Defence of the Realm Act' which gave us restricted opening hours for pubs, to 'luncheon' and 'supper' hours, and that only took 74 years to amend.

          1. Tron Silver badge

            Re: So, we're back to square one again

            Drama was made subject to state censorship in 1737 in Britain to 'protect public morals' in response to satirical attacks on the government in plays by dangerous domestic terrorists like Henry Fielding (author of 'Tom Jones'). Sound familiar? It lasted until 1968.

            1. JimboSmith
              Coat

              Re: So, we're back to square one again

              Drama was made subject to state censorship in 1737 in Britain to 'protect public morals' in response to satirical attacks on the government in plays by dangerous domestic terrorists like Henry Fielding (author of 'Tom Jones'). Sound familiar?

              It’s not unusual

              Mine’s the one with the red dragon on the back.

          2. Infused

            Re: So, we're back to square one again

            Theatre censorship took 231 years to repeal: 1737 to 1968.

          3. Fred Daggy Silver badge
            Pint

            Re: So, we're back to square one again

            Income Tax, even longer. Introduced 1799 (according to Wikipedia, https://en.wikipedia.org/wiki/Income_tax).

            Not had a decent war against France in years.

            1. WolfFan

              Re: So, we're back to square one again

              I’m sure that if you ask nicely the French will give you a nice little war.

      2. Anonymous Coward
        Anonymous Coward

        Re: So, we're back to square one again

        Even if it were to pass its likely Ofcom will find it hard to set up and enforce, Just look at the last UK age verification law that was delayed over and over again until it was quietly scraped.

        1. TimMaher Silver badge
          Coat

          Re: Quietly scraped

          From the bottom of our collective shoe.

          Mine has a doggies pooh bag in the pocket.

    2. Fred Flintstone Gold badge
      Facepalm

      Re: So, we're back to square one again

      I think it returns roughly every seven years.

      Total Information Awreness, the Clipper chip - you name it.

      The basic argument is that we must all install easily pickable locks in millions of houses so the police can briefly digress from their institutional problems and chase the ten or so troublemakers (compared in volume) while simultaneously enabling thousands of others to do the same, but undetected. It's almost like employment protection if it wasn't for the fact that simple statistics and frequent events suggest that there are quite a few dodgy ones hide amongst that force itself - which will then have a much easier life too.

      Basically, allowing this idiocy will amplify crime to the point of having to return to cash-in-hand transactions.

      Brexit and now this again tells me is that standards of education and analytical thinking in politics have declined to the point that Idiocracy is heading towards becoming a documentary, but without as yet any sight on a happy ending.

      1. This post has been deleted by its author

      2. BobTheIntern

        Re: So, we're back to square one again

        The most inaccurate thing about Idiocracy is that it is set 500 years in the future.

        I give us 50 at best over here across the pond.

    3. Charlie Clark Silver badge

      Re: So, we're back to square one again

      Something must be done! and they want to be the ones seen to be doing something against whichever particular group of undesirables is currently top of the list. If they can spin this as a way to stop migrants in the English Channel, you know they will. Maybe they'll try anyway.

      Add it to the list of reducing government waste, ensuring growth, etc.

    4. JohnMurray

      Re: So, we're back to square one again

      They're all mentally low-age politicians backed by mentally low-age police/security.

      "if at first you don't succeed, try, try, try, again"

    5. Anonymous Coward
      Anonymous Coward

      Re: So, we're back to square one again

      When your parliament (any western democracy) is majority comprised of wash-up ex-lawyers then the only policy you get is new laws. It's all they know.

      As for

      The controversial draft law, which the government claims will make the UK "the safest place in the world to be online,"

      Only someone so tech illiterate could make the statement that "<physical location> will be the safest place in the world to be <somewhere that is absolutely not location dependent> and can be accessed from anywhere"

    6. John Smith 19 Gold badge
      Gimp

      And UK Gov is starting it all over again.

      No.

      It's the same old cabal of data fetishists, so many of whom seem to be Oxford PPE graduates.

      Many of these high level civil servants are are in the Intelligence community (Policy, not operations. IRL the equivalent to "Thomas Brian Reynolds" in Enemy of the State) so are used to putting out a cover story to hide what they want and why.

      They don't give a s**t about kiddie fiddlers, except as a useful lever to control their behaviour of course. The C in MICE.

      Their real "heroes" are

      a) Francis Walsingham and his reputed ability to read every letter posted in England.

      b) Cardinal Richel Richelieu and "Give me six lines written by the hand of the most honest man, I will find something in them which will hang him"

      It's a very inefficient way to catch sexual predators.

      It's an excellent way (if you can remote update the "suspect words list," and you can bet any system they mandate will require such a mechanism) to spy on the whole population.

      It's an excellent way to spy on a whole population

  2. Evil Auditor Silver badge
    Childcatcher

    Silly government. Just implement legislation that each computing device is required to have gov spyware installed. What could go wrong?!

    1. Mishak Silver badge

      I guess they could also use it to reduce the number of "leaks" from official government devices?

      1. Evil Auditor Silver badge

        Reducing leaks? Silly you! Of course, there'd be an exception for gov devices, which will be prohibited from installing their own spyware. Where would we end up otherwise, with good governance?

    2. Anonymous Coward
      Anonymous Coward

      Do they need to?

      Everyone is already running Windows, and rumour has it Microsoft was actively involved in the Cloud Act (although I have as yet not seen any evidence of that, but it doesn't strike me as implausible).

      1. Neil Barnes Silver badge

        Everyone?

        1. Anonymous Coward
          Anonymous Coward

          OK, granted, replace that with "waaaaaaaaaaaaaay too many people and businesses".

          :)

      2. Doctor Syntax Silver badge

        "and rumour has it Microsoft was actively involved in the Cloud Act (although I have as yet not seen any evidence of that"

        You must have missed the reporting at the time it was passed. Microsoft pushed them into it by insisting on warrant in a case where the data* was held in an Irish data centre. Logic would suggest that it would have made an even deeper cleft stick for them as it would still mean ignoring the need for an Irish warrant. Did they protest about that? No, they welcomed it.

        * Existing international agreements would have enabled this if the USian PTB had been prepared to seek one in ireland.

  3. xyz Silver badge

    the safest place in the world to be online

    Safest for the government they mean. Sort of like the Chinese system but with a couple of words like "responsible" and "reasonable" chucked in make it sound normal. Don't know why they don't just cough up the cash for Pegasus* like everyone else does or is it just a bit too targeted.

    *Other sneaky scumbag software is available.

    1. localzuk

      Re: the safest place in the world to be online

      That's the question that needs asking. "Safest for who, exactly?" Weakening encryption technologies by definition reduces safety online, so they need to be specific as to who this newfound "safety" is for.

    2. Encryptor
      Black Helicopters

      Re: the safest place in the world to be online

      Too true, Pegasus and Predator etc. are already viewing everything that you can see on your phones and machines. The only real way for secure communications is to have an offline device do the encryption, send it to your smartphone or computer and then send that encrypted message to another internet enables device which relays the message to an offline device where the message is then encrypted. Comfortress by Kralos is a new player n the encryption game.

      1. PapaPepe
        Alert

        The Red Pill and the Blue Pill

        A very good paper was written on the subject way back in 2008 by Ben Laurie and Abe Singer: "Choose the Red Pill and the Blue Pill". Surprisingly, no attempt was ever made (that I know of) to put it in practice.

        For the curious:

        https://www.researchgate.net/publication/234832838_Choose_the_red_pill_and_the_blue_pill_a_position_paper

  4. Howard Sway Silver badge

    Some of broadest surveillance powers in any Western democracy

    Brought to you by some of the dumbest politicians in any Western democracy.

    And subsequently to be misused against us by some of the worst people in any foreign autocracy.

    1. HereAndGone

      some of the dumbest politicians in any Western democracy

      As an American currently residing in a bottom ranked state (yeah yeah I know), I feel obligated to challenge your claim. My current representative is truly astoundingly stupid. Every time I think, "No one could be that stupid," he proves me wrong and doubles down.

      Sigh!

    2. Anonymous Coward
      Anonymous Coward

      Re: Some of broadest surveillance powers in any Western democracy

      Are you thinking of Nadine I don’t know what I’m talking about Dorries?

      For those who don’t know she was what’s known as the Minister for Fun (aka the Secretary of State for Culture, Media and Sport) who has the regulator OFCOM in their remit. Amongst other gaffes she made one of her priorities to privatise Channel 4 one of the five major terrestrial tv channels. She appeared before a select committee & discussed this claiming that Channel 4 was in receipt of public money. She was corrected by the chair of the committee who pointed out they are a commercial broadcaster who take adverts not public money. It is alleged that she had it in for Channel 4 because their flagship news show was very hard when interviewing members of the government.

      1. Fruit and Nutcase Silver badge

        Re: Some of broadest surveillance powers in any Western democracy

        I see now that Nadine has time on her hands, she's been here and down voted you

      2. tiggity Silver badge

        Re: Some of broadest surveillance powers in any Western democracy

        @AC

        "Are you thinking of Nadine I don’t know what I’m talking about Dorries?"

        I thought the commonly used term was just "Mad Nad"?

  5. Anonymous Coward
    Anonymous Coward

    Proof of the UKs diminishing political structure ...

    A colleague is involved in this story. When the news reached the HoC committee, a committee member asked "why didn't you say anything before ?"

    The industry answer is there is so much fucking hot air from "the government" over this that and the other, that there is fuck all point in investing any time and effort until you know it's serious.

    That, dear regtards, is the sign of a deeply dysfunctional government. No one trusts it enough to invest in engagement, so rather than carefully thought out laws that actually make sense, you descend into this pantomime run-in between ideology and technology.

    Mind you, last time there was a "consultation" it was painfully clear that it was really just a "sign off on what we have decided" exercise. Again not a good use of time, money or reputation.

    In a battle with Google, Microsoft, Apple, plus significant players like Signal, the UK can only lose. No matter what the TeleMailExpress report.

    1. StrangerHereMyself Silver badge

      Re: Proof of the UKs diminishing political structure ...

      The UK is a sinking ship that continues to inflict pain on itself.

      Mostly this absurd legislation with the absurd Orwellian NewSpeak discussions ("We believe E2EE can be safely backdoored whilst keeping users' privacy") is meant to disguise the utter incompetence of the UK Government and its politicians in cleaning up the mess Brexit has caused. Britain is becoming poorer by the minute and the politicians are helpless to do anything about it.

      1. ludicrous_buffoon

        Re: Proof of the UKs diminishing political structure ...

        > We believe E2EE can be safely backdoored whilst keeping users' privacy

        Politicians genuinely believe their laws (words on paper) can alter the nature of reality. It's still soothsaying and sorcery just this time in bespoke Saville Row tailoring.

        1. Anonymous Coward
          Anonymous Coward

          Re: Proof of the UKs diminishing political structure ...

          Jimmy Saville tailoring, more like.

          1. Fr. Ted Crilly Silver badge

            Re: Proof of the UKs diminishing political structure ...

            Beat me to it...

        2. Michael Strorm Silver badge

          Re: Proof of the UKs diminishing political structure ...

          It's obvious that the less a politician actually knows and understands technology, the more they take for granted they can invoke it as a magic handwave solution to any problem, especially those they've created for themselves.

          For example, at the time of Brexit, the claim that any problems created due to the border issue in Northern Ireland could be quickly and easily fixed by the application of modern technology. Despite anyone who actually understood the technology in question warning that it would be hugely more complicated than they imagined and take years rather than being an overnight solution, if it was possible at all.

          1. Strahd Ivarius Silver badge
            Joke

            Re: Proof of the UKs diminishing political structure ...

            Don't worry, the only thing that was missing was BorderGPT, and it is almost ready now!

          2. Doctor Syntax Silver badge

            Re: Proof of the UKs diminishing political structure ...

            "For example, at the time of Brexit, the claim that any problems created due to the border issue in Northern Ireland could be quickly and easily fixed by the application of modern technology."

            Anyone with any intelligence would have realised that three mutually incompatible requirements created a problem beyond fixing other than by entirely removing one of them which was a political impossibility given that the third requirement was the one HMG had introduced.

          3. anothercynic Silver badge

            Re: Proof of the UKs diminishing political structure ...

            Well, Norway and Sweden manage a virtual border between them just fine (Norway being EFTA, and Sweden being EU), but in the case of NI, everyone threw a strop over it because it meant they would have to reduce the number of border crossings (and there are not meant to be any border crossings between Éire and NI as per the GFA) to be able to put up the scanners as the lorries go by.

            So what remains? The physical border in the sea. Which the "we're part of the grand British Empire, how dare you cut us off" dunces from the DUP threw a strop about and told May that that was not an option. The EU would probably have been ok with the Nordic stuff between the island and us, but May's successor, Mr "I've an oven ready deal" Bunglec**t didn't want to upset his Norn Iron blackmailers so he said no, and the model as it stands was negotiated.

            And being stroppy over what that deal really meant for quite a while cost quite a bit because people like M&S and Tesco suddenly found themselves unable to supply NI shops, until several years and two prime ministers later, Sunak (to give him his credit) arranged the 'green-lane-red-lane' system with the EU. Of course, the ability to smuggle things through the green lane still exists, although just like at the airport, if you're caught, it'll cost ya.

            1. Anonymous Coward
              Anonymous Coward

              Re: Proof of the UKs diminishing political structure ...

              Yes but when you say "Nordic stuff" you need to remember that Norway is not just in EFTA but also the EEA...

              Form the Norwegian Ministry of Foreign Affairs website:

              Through the EEA Agreement, Norway, Iceland and Liechtenstein are equal partners in the internal market, on the same terms as the EU member states. This includes having access to the internal market’s four freedoms, the free movement of goods, persons, services and capital. In addition, the Agreement covers cooperation in other important areas such as research and development, education, social policy, the environment, consumer protection, tourism and culture.

              Which makes things significantly different to the self-inflicted dog's dinner of NI.

            2. Number 39

              Re: Proof of the UKs diminishing political structure ...

              You missed out that Johnson wanted to leave the Single Market which messes up the "Nordic Stuff" idea. Staying in the Single market would have solved all sorts of other problems too. And had that been the plan and inititiated back in 2016, I double anyone would have been speaking about it past 2017.

            3. Anonymous Coward
              Anonymous Coward

              Re: Proof of the UKs diminishing political structure ...

              "Norway and Sweden manage a virtual border between them just fine "

              Yes, because both belong to Nordic alliance with Denmark, Finland and Iceland. Not because they belong to EFTA or EU, that's literally irrelevant in this context.

          4. JohnMurray

            Re: Proof of the UKs diminishing political structure ...

            Politicians are towering intellects, compared to technologists surely?

            At least, in the politicians minds.

            As someone who has actually talked to one for a while [Dorries], I quickly realised it was a case of "the doors open but nobody is home"

            1. TimMaher Silver badge
              Coat

              Re: Nobody is home

              Well, the door was open but were the lights on?

        3. JimboSmith

          Re: Proof of the UKs diminishing political structure ...

          We believe E2EE can be safely backdoored whilst keeping users' privacy

          I had to explain to my Mum a short while ago that end to end encryption underpins a lot of the modern world. “So why don’t they include these back doors all the politicos talk about then?” Well because if you do that and someone discovers this back door and works out how to open it, you’re screwed. So online shopping and banking would be totally impossible without E2E. WhatsApp (and Signal) both use it too etc. She now accepts that we can’t ditch it nor backdoor it.

          She’s retired and has been for a good few years so has been around a lot longer than the average MP. She did no science at school because she was female and they didn’t back then. She’s got children and grandchildren so has thought of the children thank you very much. If she can understand this…………..

          1. Anonymous Coward
            Anonymous Coward

            Re: Proof of the UKs diminishing political structure ...

            This is exactly the point. It's a very simple thing to explain and understand. For some reason the politicians just seem to refuse to listen. Either that, or they know exactly what is going on and it's more propaganda.

            1. John Smith 19 Gold badge
              Gimp

              It's a very simple thing to explain and understand.

              As Upton Sinclair observed "No man's ignorance is so great as a man whose livelyhood depends on his ignorance"

              And if you're playing the TOTC card you don't want to hear anything about "No you can't have "unsecure encryption on demand," which is basically what you want. It doesn't work that way. It's all or nothing. The mathamatics of cryptography trumps your belief that we can do this."

      2. jmch Silver badge
        FAIL

        Re: Proof of the UKs diminishing political structure ...

        Put aside "We believe E2EE can be safely backdoored whilst keeping users' privacy"....

        What happens when a non-UK messaging app company just refuses to compromise E2EE?? There's nothing UK gov CAN do, particularly if it's stand-alone and open source (no UK stores / users / revenue to target), except try and mandate government control of all the apps someone has installed on their phone, ie they would have to not only to backdoor the messaging apps, but Android and iOS. Good luck with that, chaps!

        The bottom line is, not only is it technically impossible to ban what they want to ban without huge negative consequences, but it's also trivial to sidestep and impossible to police.

        1. Mark 65

          Re: Proof of the UKs diminishing political structure ...

          The funnier thing is that, although they could enforce the inability to use the app on UK iPhones by forcing Apple to not allow UK phones to install it, the EU is busy working on Apple allowing alternative app stores of which overseas ones not affected by this would be perfectly fine.

        2. My-Handle

          Re: Proof of the UKs diminishing political structure ...

          Dealing with the "We believe E2EE can be safely backdoored whilst keeping users' privacy" comment for a moment... I once dealt with a head of marketing who trotted out a line like this at me. I replied that she could believe what she liked, it didn't make it true.

          I agree with your last comment as well - this will be impossible to police. The thing with laws is that only law-abiding people follow them. Criminals, by definition, don't. Anyone likely to be dealing in prohibited material just won't use the back-doored apps or services, or will add their own layer of encryption over the top.

        3. Dr Dan Holdsworth
          FAIL

          Re: Proof of the UKs diminishing political structure ...

          The UK government has already had experience of precisely how much notice Apple and Google take of their views during the time that COVID-19 contact tracker apps were being set up. The UK produced a horrible pile of rubbish which the two tech companies looked at, and flatly refused to have anything to do with. They then produced their own rather more elegant and much less intrusive options and presented these to the UK government as a fait accomplis, take it or leave it.

          The UK government then accepted the inevitable and took this option.

          The same will happen with encrypted comms apps; the government will be quietly ignored by all and sundry and will eventually bow to reality and confine themselves to making the tax code ever more complicated.

      3. Arthur the cat Silver badge
        Unhappy

        Re: Proof of the UKs diminishing political structure ...

        the utter incompetence of the UK Government and its politicians

        To be fair, the utter incompetence seems to be an Anglosphere wide problem. As a reminder, back in 2017 the Oz PM at the time, Malcolm Turnbull, stated clearly about encryption that "the laws of mathematics don't apply in Australia".

        It's getting to the ridiculous stage where I'd not only like to see a hung parliament at the next election, I'd happily pay for the piano wire.

        1. GioCiampa
          Pint

          Re: Proof of the UKs diminishing political structure ...

          I was hoping someone would bring that up!

      4. Anonymous Coward
        Anonymous Coward

        Re: Proof of the UKs diminishing political structure ...

        The UK is a sinking ship that continues to inflict pain on itself

        "Drilling holes in the hull of" rather than "rearranging the deckchairs on" the Titanic.

    2. ludicrous_buffoon

      Re: Proof of the UKs diminishing political structure ...

      I have to wonder whether we've ever had a competent government that actually defended our freedom and served the people. We do have a history of pushback and Great Charters and suchlike in this country, but I would be surprised whether enough of our MPs know what is or what it meant ("it's just about Barons and entitlements hehehe..." read past the first few clauses you fanny).

      Even Boris let this abomination of a bill slip through under his premiership, and he once claimed he'd rather eat an ID card than be issued one. I wonder what changed for him, or was his objection simply because the Other Party had suggested ID cards? Stopping it could've been the One Good Thing he did in office, if he really believed that.

      I don't know what's going on, while I welcome the inevitable kicking coming at the next election, I wonder will the Other Party deliver for our online and civil freedom?

      1. Doctor Syntax Silver badge

        Re: Proof of the UKs diminishing political structure ...

        Boris would and will say anything that he thinks will further his own interests with whoever he's talking to. H may well believe it until he has to say the opposite to someone else in a hours - or minutes time and will be entirely unaware of having contradicted himself. One of the things which slipped out when some of his staff started describing their time working for him was that they kept trying to stop him talking to anyone, at least when they weren't there.

        1. anothercynic Silver badge

          Re: Proof of the UKs diminishing political structure ...

          That's what many folks realised very quickly when he worked for the Telegraph. One day he'd say one thing, a week later he'd contradict himself. And his audience, happy as Larry, lapped it up.

      2. Anonymous Coward
        Anonymous Coward

        Re: I wonder will the Other Party deliver for our online and civil freedom?

        the Other Party will deliver EXACTLY the same bill, because "think of the children!!!" works on huge majority of voters, because majority of voters a) have children, or grandchildren, and b) they don't give a flying about 'encryption', etc. And no, when confronted with, 'so what about banking apps?', they'll uh-uh and come up with a classic gem: 'oh, they'll figure something out, I'm sure!' Like they did with brexit, I'm sure.

    3. 43300 Silver badge

      Re: Proof of the UKs diminishing political structure ...

      "so rather than carefully thought out laws that actually make sense, you descend into this pantomime run-in between ideology and technology."

      It's more between ideology and reality!

      So they make E2E encryption without some way of monitoring it illegal. What are the dodgy image distributors and terrorists going to do? Clearly, they are going to find a method of communicating which still offers full encrypton (the dark web will no doubt offer plenty of options) - probably also involving servers outside of UK jurisdiction.

      Very obviously, people who are already doing things which are illegal are unlikely to be bothered about using communication tools which are also illegal.

      Even politicians as technologically clueless as this lot must understand this, which demonstrates that 'think of the children' is just the usual, tried and tested despots' excuse. It won't stop those who it's claimed to be aimed at, but will pose massive security risks for the bulk of the population.

      But the government will get to spy on millions of people, so that's all OK then.

      1. Tron Silver badge

        Re: Proof of the UKs diminishing political structure ...

        quote: It's more between ideology and reality!

        Well, so was Brexit, and that happened. The fact that the NIA wasn't compatible with it didn't stop them. That the world is now made up of trading blocs and failed states. That it was always going to take down the economy (25% off Sterling, extra costs of borders and lack of labour) didn't stop them. They just wreck things and declare victory. There is no way back from Brexit and there will be no way back from the Brexinet, with most services locking out UK users. Our digital future is Viewdata and will end at Dover. Prepare for another chunk off Sterling and record the postal addresses of your online friends. Maybe they will send you food parcels.

        This country has completely gone to hell under the Tories - well, 85% there and buffering. Thatcher must be spinning in her grave. The deal she got us in the EU tossed out, the economy and City of London broken, Sterling degraded. Food rotting in the fields for lack of labourers to harvest it. Putin could never have done that much damage, and the Tories haven't finished yet.

        1. anothercynic Silver badge

          Re: Proof of the UKs diminishing political structure ...

          Maybe that is exactly what Russia paid so handsomely (through their 'dissidents' who generously donated to the Tories) for... Ruin the UK and eliminate one of Russia's stumbling blocks.

    4. Doctor Syntax Silver badge

      Re: Proof of the UKs diminishing political structure ...

      "why didn't you say anything before ?"

      To which the only possible answer is "We've been saying i for years. Why didn't you listen?"

  6. Anonymous Coward
    Anonymous Coward

    Ofcom....and partial solutions to personal privacy.....

    Quote: "....Ofcom will have the power to instruct chat app makers and other tech companies to monitor conversations and posts...."

    Privacy? So lots of interweb providers will be monitoring throughput:

    - service providers running server-based services

    - app providers giving users (or selling) apps to run on the user's own equipment

    - "other tech companies".......whatever that means (Palantir, perhaps?)

    This is not unforeseen: here's a link from 1999: https://www.wired.com/1999/01/sun-on-privacy-get-over-it/

    Well....I for one have not "got over it". Why is it not clear to everyone that ANY use of interweb services (Signal, Telegram, WhatsApp)...any use of these services is a single point of failure for privacy?

    The (partial) solution: use peer-to-peer messaging where the ONLY messaging software is resident on user end-points.....and the encryption protocols exist ONLY on the end-points. (So no dependencies on any third-party "service".)

    Coming back to the quote above: peer-to-peer software seems to be outside the remit of Ofcom......and the nice people in Cheltenham and Fort Meade will have no big-dollar corporate support.

    "Partial" privacy as I said...........but better than "get over it"!!

    1. Zippy´s Sausage Factory

      Re: Ofcom....and partial solutions to personal privacy.....

      The problem with the peer to peer stuff is getting it on your phone. Android you can sideload, but do most people know how to do that? As for iPhone, well, good luck with that.

      1. Bitsminer Silver badge

        Re: Ofcom....and partial solutions to personal privacy.....

        You've heard of JavaScript I presume?

      2. BebopWeBop

        Re: Ofcom....and partial solutions to personal privacy.....

        They will hear about it. And I suspect the number of pissed off Apple owning voters will let them know as well if they ban Apple devices

    2. Strahd Ivarius Silver badge

      Re: Ofcom....and partial solutions to personal privacy.....

      We already know the answer from Twitter to any request from Ofcom...

    3. Doctor Syntax Silver badge

      Re: Ofcom....and partial solutions to personal privacy.....

      The (partial) solution: use peer-to-peer messaging where the ONLY messaging software is resident on user end-points.....and the encryption protocols exist ONLY on the end-points. (So no dependencies on any third-party "service".)

      1. Protocols are fine but you need software to implement them. I suppose this was what you meant to say.

      2. How do you get that S/W onto the endpoints?

      3. How do the peers get in touch with each other?

      4. Have you actually looked at Signal?

      1. Anonymous Coward
        Anonymous Coward

        Re: Ofcom....and partial solutions to personal privacy.....

        @Doctor_Syntax

        Good questions! Are you wondering how to do peer-to-peer with no central server

        and hence no "master list" of peers?

        (A2) As usual.....apt, dnf......I suppose there's a M$ equivalent as well!

        (A3) The software is only on endpoints. Transport perhaps by email? (See "app password". Also item #b)

        (A4) .....about that phone number requirement! ...about those central servers!

        More generally, the assumption that E2EE requires a central single point of failure is false.

        If (note "if") transport is by email:

        (a) Every peer can use a different email provider

        (b) Diffie/Hellman means that D/H tokens can be exchanged using plain text email

        (c) Diffie/Hellman means that encryption keys are transient, random and never transmitted or saved

        (d) Authentication can be inside the encrypted message!

        (e) Of course, the encrypted message in transit can be read by a third party.

        But given (a) (b) and (c) it's going to be many many times more difficult for third parties

        because of the diffuse nature of the communications, and because every message uses a different key.

        Nothing is perfect, and privacy is hard. But third parties have no constitutional right to see my messaging.....

        ......unless they have charged me and have a warrant! And until the law changes, our group will use

        private encryption to keep (some of) our messaging private (see above).

      2. Anonymous Coward
        Anonymous Coward

        Have you actually looked at Signal?

        @Doctor_Syntax

        Quote: "Have you actually looked at Signal?"

        Well......

        (1) See https://support.signal.org/hc/en-us/articles/4850133017242-Twilio-Incident-What-Signal-Users-Need-to-Know-

        (2) Signal only supports Debian on Linux......pity about any other Linux users

        (3) Then there's the telephone number.....

        (4) ....and the servers......

        Perhaps someone can tell me that the open source code for chacha20 and curve255519 hasn't been undermined somewhere (Fort Meade? Cheltenham? Moscow? Bejing?.........)

        And apart from that....I know absolutely nothing about Signal....please enlighten me!!!

    4. Infused

      Re: Ofcom....and partial solutions to personal privacy.....

      The government wants the scanning to happen on your devices to avoid the problems encrypted traffic brings.

      1. mark l 2 Silver badge

        Re: Ofcom....and partial solutions to personal privacy.....

        Well good luck with that UK gov, My PCs run Linuxand my phones Lineage OS so I doubt any client side scanning will be baked into my OS by the dev teams there.

        And i am happy to VPN to change my location to outside the UK or sideload apps to ensure i get the international versions not any backdoored apps if they compel app stores to only allow compromised versions for those in the UK.

        TBH though I can see this dragging on for another 12 months and then it will be getting towards GE campaigning and will probably get stuck in the Tory party manifesto for implementing if they win the next GE. Which looks doubtful unless Sunak can pull a miracle out of his arse within the next year, due to the cluster fsck they have done to the country over the last few years.

  7. Naich

    "Strong" encryption?

    I'm a bit confused about the use of the phrase. It implies there is "weak" encryption, with a line drawn somewhere between the two. I'd be interested to know where the line is and if there is any consensus about where it is. I'd imagine that the security services would like to class anything above ROT13 as strong.

    Can I suggest everyone stops calling it "strong" encryption? Strong encryption = encryption, any other form of "encryption" is meaningless.

    1. Paul Smith

      Re: "Strong" encryption?

      Strong encryption is any encryption where the cost in money/time/effort to crack exceeds the value of the information retrieved.

      Since the value of the information being protected is variable, the relative strength of the encryption used is also variable. ROT-13 is strong enough to protect my Christmas present shopping list from my children's prying eyes this year, but might not be strong enough next year.

      1. Anonymous Coward
        Anonymous Coward

        Re: "Strong" encryption?

        @Paul_Smith

        Quote: "....the value of the information retrieved...."

        There's a problem with this definition: the nice folk in Cheltenham and Fort Meade HAVE NO IDEA OF THE VALUE of 99.9% of the messages which they attack!!!!

        ....because they are on a mission to trawl EVERYTHING.......irrespective of "value"!! Paul Smith's privacy has zero "value" for them, but that doesn't stop the snooping!!!

        For details see Edward Snowden, 2013.

      2. Rich 2 Silver badge

        Re: "Strong" encryption?

        “ Strong encryption is any encryption where the cost in money/time/effort to crack exceeds the value of the information retrieved.”

        Sounds like a typical Teams meeting

      3. Doctor Syntax Silver badge

        Re: "Strong" encryption?

        "Strong encryption is any encryption where the cost in money/time/effort to crack exceeds the value of the information retrieved...."

        ... within the time-frame in which it will have that value.

    2. Anonymous Coward
      Anonymous Coward

      Re: "Strong" encryption?

      @Naich

      Well.....No! In this context the word "strong" does have a meaning, and is defined thusly:

      - strong, adj. Used as a synonym for the phrase "cannot be decrypted in Cheltenham".

      So if you get hold of a copy of Bruce Schneier's book "Applied Cryptography, 1996/2016" you can find an endless list of examples of (and code for) encryption protocols, many of which may not be "strong" today.

      One good aspect of this is that some sorts of encryption may be "strong" simply because they are well designed AND are only used by a few, privacy conscious groups. Of course, if such a "strong" protocol were to attract heavy-duty attack, then the likelihood of it remaining "strong" is remote. C'est la vie!!

      1. Anonymous Coward
        Anonymous Coward

        Re: "Strong" encryption?

        Your reference to Bruce Schneier's book reminds me of something I found amusing.

        I put in a request to borrow a copy from my local Library.

        When it arrived I noticed that the previous location was the Library at Gartree High Security Prison, which happens to be in the same county as I am.

        I've often wondered whether anyone in that institution managed to get any further than I did before giving up because of the Maths.

    3. Andy The Hat Silver badge

      Re: "Strong" encryption?

      I was thinking about this too.

      Is the law banning transmission encryption (that the carrier cannot monitor the content of at all) or banning all encryption during transmission (carriers could monitor data but not decode content)?

      For example implementing e2ee of a data stream containing a file would be illegal, but would sending a fully pre-encrypted file over an http connection?

      I was also wondering where use of the https protocol stands in all this?

      1. GioCiampa

        Re: "Strong" encryption?

        "I was also wondering where use of the https protocol stands in all this?"

        I'd say it could be interpreted as being E2EE, given that it's a set of encrypted messages between one end of a connection (your browser) and the other (the web server) - and back again.

        Just as "illegal" as any chat via WhatsApp, Signal, et al, therefore...

    4. Anonymous Coward
      Anonymous Coward

      Re: "Strong" encryption?

      " It implies there is "weak" encryption, with a line drawn somewhere between the two"

      There is ... or actually, was. I feel commenter is too young to know. An American invention, naturally, where software using longer than 40 bits of key length (of one spesific method) were classified as military secret and in export ban. Then Ylönen wrote SSH (protocol & software, for/in IETF, 1995) and it used whatever key length you wanted and published it into internet, making US programs with limited key length obsolete within months.

      "Strong encryption = encryption, any other form of "encryption" is meaningless."

      Nope and all of these government schemes (anywhere, not just UK) specifially try to introduce weak encryption. It *is* different thing and very real.

      Latest NSA sabotage was an encryption method with hidden weaknesses they managed to force into standards: Specifially a modern example of 'weak encryption' in practise.

  8. jmch Silver badge
    Facepalm

    Circle-jerk of bullshit

    "There's a concern this all starts with tackling child abuse and terrorists – something with which the population won't generally have a problem"

    I don't know who "THE POPULATION" is supposed to be because I have a problem with this method of " tackling child abuse and terrorists". There is a small teeny-eeny itsy-bitsy problem with using what is essentially spyware installed on the phones of terrorists and child abusers, and that is that the government doesn't know who the terrorists and child abusers are. What this bill is actually saying to the public at large is "you are all potential terrorists and child abusers and we will spy on all of your communications until we catch you". It's not a problem that it's a slippery slope starting with something innocuous that could potentially be abused later - It's highly abusive right from the start.

    That's even ignoring the fact that it isn't going to be possible to reliably scan on-device without getting a bunch of false positives, which is guaranteed to end up ruining some innocent people's lives because "computer says so" will morph into "AI says so", and the AI is always right as any fool know!!!

  9. Tubz Silver badge

    Never mind "think of the children and terrorist" tired excuse, the spooks already have tools needed, more of a "think of the politicians" and their dirty dealings behind encryption, I bet they go on a do not intercept list, if approved in to law.

    1. Doctor Syntax Silver badge

      Oddly enough they do tend to use the services they're attacking. They maybe don't realise they are encrypted because it's apt to leak out anyway - they leak it themselves whenever it becomes worth it to do so. E.g. handing it all over to a journalist to help them write their account of dealing with Covid.

      1. Ken Hagan Gold badge

        They certainly *do* realise that it is encrypted. WhatsApp groups became popular precisely because it was widely believed that they were secure and could therefore safely be used to conspire against your own party or government.

  10. IGotOut Silver badge

    Simple.

    I genuinely hope every single provider pulls out of the UK, even if for a day.

    As the government runs on all these services, as do a huge amount of businesses, a complete tech blackout would hopefully topple these cunts.

    1. 43300 Silver badge

      Re: Simple.

      Yeah, but then they'd just be replaced by another bunch of cunts!

      1. JohnMurray

        Re: Simple.

        Parliament is a breeding ground for cunts

  11. Annihilator
    Facepalm

    PGP exports

    Ah, remember the crazy times in the 90s when exporting PGP was seen as a federal crime and Phil Zimmerman had to print the source code as a book to get around it? I'm glad those days are behind us...

    1. Roland6 Silver badge

      Re: PGP exports

      The other way that has become popular is to print the algorithm on a tee shirt and so it becomes a work of art, even in the machine readable form….

    2. Down not across

      Re: PGP exports

      Ah yes, I've mentioned it here before that I took part in the proofreading. Thick stack of paper. A floppy disk. On the diskette was the aforementioned stack OCR'd.

      My (and many other volunteers') task was to proofread the code on the diskette. OCR back in the day was not great. Still, better than typing it in and still needing to have it proofread anyway.

    3. SCP

      Re: DeCSS a prime example

      Yes, crazy and fun times - or is that just the rose tinted glasses.

      I remember enjoying the spectacle of DeCSS and the attempts to shore that up being side-stepped by publication of a prime number.

      Link : [The Reg]

    4. DuncanLarge

      Re: PGP exports

      > Ah, remember the crazy times in the 90s when exporting PGP was seen as a federal crime and Phil Zimmerman had to print the source code as a book to get around it?

      Good times...

  12. Mister Dubious
    FAIL

    Sauce for the gander

    Will GCHQ, MI6, and [redacted] commit to using snoopable communications? Wouldn't want the spooks sharing pedoporn, would we?

  13. Anonymous Coward
    Anonymous Coward

    And AI generated images ?

    All of this is being discussed against a backdrop where AI can already create hyper realistic pictures of whatever you fancy.

  14. Tron Silver badge

    Just when you thought there was nothing left for the Tories to break...

    ...Buckle up for a return to newspapers, pen pals, paper catalogues, encyclopaedias, and 28 days for delivery. Plus you will be needing that chequebook after all. Because the least competent people in the UK are running the UK. I thought I hated the government as much as a person can, but I'm clearly going to be hating them even more soon.

    1. 43300 Silver badge

      Re: Just when you thought there was nothing left for the Tories to break...

      Never assume that they've reached rock bottom - they will always be able to find something else to fuck up...

      1. Anonymous Coward
        Anonymous Coward

        Re: Just when you thought there was nothing left for the Tories to break...

        "Never assume that they've reached rock bottom"

        They'll achieve it for sure, but then they start to dig ....

  15. Strahd Ivarius Silver badge
    Devil

    The next law...

    will require that data transmission over the network to be done in plain English, not these absurd bits.

    1. Ken Hagan Gold badge

      Re: The next law...

      zero zero zero one zero zero zero one, ...

      1. claimed Silver badge
        Coffee/keyboard

        Re: The next law...

        Actually brilliant. I vote this for most underrated commentard joke of the year

      2. SCP

        Re: The next law...

        Shhh. mreb mreb mreb bar mreb mreb mreb bar, ...

    2. SCP

      Re: The next law...

      Reading some things posted on social media that might not be a bad thing IYKWIM.

    3. Anonymous Coward
      Anonymous Coward

      Re: The next law...

      @Strahd_Ivarius

      See Simon Singh, "The Code Book" for a write up on book ciphers. Plain english: Yes. Easy to "decrypt": it varies!

      Now with computers to help, this sort of cipher can be built on widely (internet) available dictionaries (like the file linux.words).

      ...and still plain english!!! ...and still "encyphered"!!!!

  16. Boris the Cockroach Silver badge
    Facepalm

    Protecting us from terrorists eh

    that sounds about right, although with the knowledge already out there, it would take 20 odd people in 4 or 5 teams to destroy the electrical grid in this country for a few days/weeks, I cant detail how for obvious reasons but its pretty easy.

    So... how does my hypothethical terrorist network communicate in attempting to do more damage to this country than the tory government has already done.(bloody hard job... might have ask putin to send over a few nukes heh)

    It wont be by farcebork secure messaging app thats for sure (or anything like it), simple dead drops and burner phones etc etc

    As for 'having a backdoor' in strong encryption ... will someone send these idiots on a basic university mathemathics course and explain in detail about public/private key messaging and the algorithms behind it. there is no back door... its either secure or its broken.... and if its known that theres a way to break a messaging app you can be damn sure there'll be all sorts of people trying to break it

    1. Doctor Syntax Silver badge

      Re: Protecting us from terrorists eh

      "As for 'having a backdoor' in strong encryption ... will someone send these idiots on a basic university mathematics course"

      No. Just ask them to commission a proof of concept. It would, of course, have to pass scrutiny by independent experts to verify that the monitoring facility couldn't possibly provide any form of point of weakness.

  17. Headley_Grange Silver badge

    False Alarm

    It wouldn't take much coordination for millions of people to send a couple of messages a day that contain trigger sentences to completely overload whatever system gets put in place. Imagine every nick in the country getting told to go and investigate 90% of the local population for potentially being terrorists every day. It'd fall apart in a week.

    1. claimed Silver badge

      Re: False Alarm

      Sure but it would last longer than most people’s attention span and all come together once people forget about it

    2. tiggity Silver badge

      Re: False Alarm

      the old "Jam Echelon" day activities you mean?

  18. gnasher729 Silver badge

    Here’s a possible outcome if the lawmakers don’t watch out: Apple monitors everything and tells Ofcom “we found 13,279 cases of violations”. Ofcom: So who are these 13,279 animals? Apple: Sorry but your law didn’t tell us to record that. All we know is 13,279 cases. “

    Apple has to report how many phone ids they handed to the police in every country. At some point they reported over 10,000 numbers to police in Brazil, absurdly high compared to all other countries. Turned out a truck with 10,000 iPhones had been stolen :-(

  19. Anonymous Coward
    Anonymous Coward

    The whole bill is such a unworkable mess that it is likely to collapse under its own weight just look at the last UK age verification law that was delayed over and over again until it was quietly scraped.

    There also the fact that Ofcom is likely to be super underfunded and unable to enforce 90% of the bill so its likely the rules will not be effective.

  20. Number 39

    Rather than leaving

    Perhaps Signal could make a restricted version that allowed SMS length messages and voice only, (no video or attachements). So no serious possibility of the content that is supposedly the target.

    And if they did that, perhaps they could roll out a preview, so people see what they are going to get.

  21. localzuk

    Send MPs to a classroom

    Let's get someone knowledgeable to run a lecture for the MPs pushing this. As they too would be affected by the weakened encryption - their beloved WhatsApp would suddenly become a security problem. If there's a hole, criminals will exploit it - and not just local criminals, but other countries that are constantly looking to destabilise the west will love it. A nice easy way to get the discussions of government ministers, unencrypted.

  22. Anonymous Coward
    Anonymous Coward

    Even statistically unsound

    The entire concept would be scrapped if anyone with influence had an inkling about Bayesian statistics. The false positives will use up resources that would be far more effectively used elsewhere.

    But, as others have implied, the media will have a field day with politicians...

  23. TimMaher Silver badge
    Windows

    The Undercover Policing enquiry.

    I quote a witness:-

    “These anti-democratic spying operations, and the abuses that resulted, were not the work of a few rogue officers – I hold some blame for the individual spies, but the real problem was the managers who tasked these officers, heads of the police, security services like MI5 who were recipients of the files and directed some of the targeting.”

    This has been going on in our society for decades.

    This bill facilitate the next generation of state corruption.

  24. Norman Nescio

    On-device backdoors and pre-encryption scanning

    As security bods will tell you, having your network end-point the same as your security end-point is poor practice.

    Adding scanning software that you do not control to your security end-point is sub-optimal too.

    What backdoored encryption and on-device pre-encryption scanning do is make effective encryption more difficult, but for those who need to send properly encrypted messages, you have to ensure the encryption is done before being entrusted to a compromised communications medium. This makes it inconvenient, which is probably the point, as it means catching the ignorant and unwise who can't be bothered is made easier, and more sophisticated users of encryption stand out for further investigation, as it is difficult to disguise pre-encrypted data, steganography notwithstanding.

    If you can't trust you phone or PC, you can fall back on manual methods, as described in this posting by Bruce Schneier.

    Schneier.com -- LC4: Another Pen-and-Paper Cipher

    Or use a One-Time Pad.

    I would fully expect the use of effective encryption to at least be flagged up to 'the authorities'; and it could come to pass that use of effective encryption for any purpose is made illegal.

    Steganography is susceptible to detection by statistical methods of increasing sophistication. An adversary might not be able to decode steganographically encoded data, but they cam almost certainly detect that it is there, so it is not a magic wand to make eavesdroppers magically give up and go away.

    Currently the pendulum of response to the distribution of information that is illegal to own and distribute (such as CSAM, National Security related secrets, terrorist handbooks etc.) is swinging towards removing everyone's privacy, and possibly other freedoms. If one is to argue against that, one needs a good argument why it should be possible to distribute such material that stands up against the testimony of abuse victims and National Security requirements. Are you happy to be killed by terrorists who successfully concealed their plot; or have your children exploited for the perverse predilections of others? That's a 'big ask' for the ideals of personal freedoms and privacy. Are you willing to be a potential martyr or potentially ruin the lives of your children for the ideal of liberty? If you are, can you convince enough other people to feel the same way?

    Personally, I like the 'freedom to encrypt', and to know that the full disk encryption on my PC is not backdoored. But I have not had to make a stark choice, and freedom to encrypt means some people will pay dearly for that freedom. As a society we need to decide how to deal with the question, preferably without emotion-laden debate. Politicians proposing laws is part of that process.

    It might seem cold-blooded, but calculations about how much lives are worth are made all the time when determining the cost benefit of road- and railway- safety-related upgrades, and by NICE when determining if drugs should be made available for treatment. I think the same cold-hearted calculations need to be made about the freedom to encrypt. But I'm in a minority, and such a viewpoint is regarded at the very least as lacking empathy, and by some as positively sociopathic.

    If the politicians do ban effective encryption, then the UK (or England & Wales) might be a grand experiment in finding out the cost to society of not being able to encrypt effectively. The outcomes are likely to be interesting for academics and other states wishing to do the same, even if challenging for the experimental subjects,

    1. Anonymous Coward
      Anonymous Coward

      Re: On-device backdoors and pre-encryption scanning

      @Norman_Nescio

      Quote: "...Are you happy to be killed by terrorists ... or have your children exploited ... and freedom to encrypt means some people will pay dearly for that freedom"

      False dichotomy!! Choose one of:

      a) Allow encryption and get criminal behaviour

      b) Ban encryption and eliminate criminal behaviour

      Of course this is a completely false choice!! There will ALWAYS be criminal behaviour.....irrespective of the existence (or not) of encryption!!

      Please try harder.....false dichotomies may appeal to some, but that does not stop them being both false and misleading!

    2. Anonymous Coward
      Anonymous Coward

      Re: On-device backdoors and pre-encryption scanning

      "some people will pay dearly for that freedom"

      Irrelevant: There's *always* a price to pay. No-one is safe in the way you claim, ever, therefore freedom is given up for literally nothing: Even imagined safety won't increase an iota.

  25. JulieM Silver badge

    Strong encryption

    What is there to stop two people who really wanted to communicate securely from creating identical one-time pads and manually (so the OTP is not on the device) encrypting everything they send through their backdoored service?

    All they will ever be able to recover is a ciphertext still encrypted with a one-time pad, and having the property that every possible plaintext is equally plausible and equally likely.

  26. Anonymous Coward
    Anonymous Coward

    In February, encrypted chat service Signal said it will stop operating in the UK

    it's interesting how WE, the Plebs, can circumvent this, still potential, but soon to be actual law (summer time, good to bury the news). Perhaps linking signal account in dual-sim phone with foreign sim? But then, signal would probably drop any connection from / to / via uk's IP address, not to be chased by UK's courts. VPN? But then, surely 'They' would make it a crime to use / store / retrieve / look at / dream about 'any apps that do not comply with the SAFE INTERNETS-SAFE CHILDREN (SISC) legal requirements' anyway. The other day I've read that it's already illegal to use / store / retrieve / look at / etc 'certain type' of AI-generated content, so yes, such developement is also likely.

    Hail free speech! hail privacy! hail Hitler! (isn't this phrase already banned?) Yes, yes, I know I sound trumpisty, but it seems there is some merit in their overall hysteria :(

  27. John Smith 19 Gold badge
    Coat

    I've been reading "True Names and the opening of the Cyberspace frontier"

    The story was written in 1980 and the other articless and essays up to 1995

    And f**k me sideways how much of the points raised and solutions suggested are still relevant close to 30 years later

    You know, like charging for email sending with a crypto currency?

    I need a drink. The same old stupidity over-and-over...and-over is too depressing.

    They are like f**king cockroaches.

  28. Tessier-Ashpool

    Meredith Whittaker

    I saw Meredith Whittaker, of Signal fame, on C4 News this evening taking some Tory stooge to task over this. I’m now a little in love with this woman. She is awesome. When the Tory suggested Signal would not quit the UK if the law goes pear-shaped, she demanded to know if he was calling her a liar. And then she scolded him with his first name like she would when castigating a guilty child. Of course, the Tory had no real answer other than to carry on with his magical thinking.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like