back to article MPs charged with analysing Online Safety Bill say end-to-end encryption should be called out as 'specific risk factor'

Britain's Online Safety Bill is being enthusiastically endorsed in a "manifesto" issued today by MPs who were tasked with scrutinising its controversial contents. Parliament's Joint Committee on the Online Safety Bill published the report declaring the bill would let government ministers "call time on the Wild West online." …

  1. WhereAmI?

    Here we go again... fuck safety and security, just 'think of the children'.

    1. Franco

      Exactly. When are these fucking idiots going to realise that any exploit is a total one, any weakening of encryption for law enforcement is just going to lead to easier cybercrime.

      Mind you, the amount of Class A substance traces found in the House of Parliament recently might explain this.

    2. Anonymous Coward
      Anonymous Coward

      Meanwhile over at the NCSC

      How do these proposals align with the NCSC* and their heavily-promoted 'Secure by Default' and 'Secure Design Principles'?

      * still part of government the last time I checked, but knowing this lot it's been flogged off to a friendly pub landlord.

    3. Geez Money

      "We recommend that end-to-end encryption should be identified as a specific risk factor in risk profiles and risk assessments. Providers should be required to identify and address risks arising from the encrypted nature of their services under the Safety by Design requirements."

      Since every app on Earth uses TLS for transport this is just going to become a piece of boilerplate 'pursuant to best practices in the industry we encrypt data to protect our users blah blah' that's basically just a permanent part of the form that gets filled in. If we're really lucky the boilerplate might not even have any blanks in it. Should be pointful.

      1. Rosie Davies

        Termintion Point

        Hmmm...I'm not sure how many legs using TLS as an example would have TBH. The sane implementations that I've seen use something like n F5 as a termination point, everything inside the termination point is plain text, only outside is encrypted. Which is sort of essential if you#ve got tp do anything based on packet payload a a Good Idea(tm) if you don't want to have key handling hell to deal with and servers wasting clock cycles decrypting when they could be doing something more useful.

        Other than that, agreed. This is all going to end up under the umbrella of "aligned with Good Industry Practice" and largely ignored.

        Rosie

    4. ThatOne Silver badge
      Devil

      > fuck safety and security, just 'think of the children'

      It's unbelievable how well children were protected under the Stasi regime...

    5. MachDiamond Silver badge

      I've been trying to push a program I have to protect children that's called "Parent-2". It's installed by default but tends to get corrupted and overwritten by "Government-2Much".

  2. a_yank_lurker

    end-to-end encryption

    When I see a politician bloviate on banning end-to-end-encryption I wonder how much of the sum total of human knowledge has been destroyed (hat tip to Thomas Bracken 'Czar' Reed of Maine). Encryption, to be effective, has to be end-to-end as any point were there is plain text will allow someone to see the details which may be very sensitive.

    1. elsergiovolador Silver badge

      Re: end-to-end encryption

      But how are they going to see if you are conspiring against them?

      1. Rich 11

        Re: end-to-end encryption

        Looking at the Tory party these last few weeks, they mostly seem interested in conspiring against each other.

        Then again, to the likes of Jacob Rees-Mogg the concept of message intercepts extends only to gunning down pigeons with his Purdeys.

        1. Anonymous Coward
          Anonymous Coward

          Re: end-to-end encryption

          I think you meant to say Jacob Rees Mogg has his nanny and servants shoot down the pigeons for him. Firing a shotgun is a bit tricky when you're wearing a monocle and a top hat.

          1. Rich 11

            Re: end-to-end encryption

            I dunno. Perhaps the monocle has a reticule.

      2. Mike 16

        Re: end-to-end encryption

        By the apparent definition of "conspiring" used by most politicians, one rich source of leads would be to note who shows up at at their polling place.

        They must be up to no good if they have any thoughts on the wisdom, honesty, and the sanctity of their betters.

      3. Anonymous Coward
        Anonymous Coward

        Re: end-to-end encryption

        Simpler to just assume everyone is out to get you unless

        (deleted the options. Just assume no one trusts The Government)

      4. simonb_london

        Re: end-to-end encryption

        And how are we going to see if they are conspiring against us? I bet they will still want to keep their secrets. I wonder if what they propose will be asymmetric or symmetric in terms of who it apples to.

      5. NiceCuppaTea

        Re: end-to-end encryption

        They could try not being self serving bastards so that people dont want to conspire against them. Or is that asking too much?

    2. staringatclouds

      Re: end-to-end encryption

      "Lets ban end to end encryption" say MP's who regularly talk to their party donors via Whatsapp

      1. Anonymous Coward
        Anonymous Coward

        Re: end-to-end encryption

        Don't mix the haves and the have-nots: Obviously rules only apply to the plebs, not the people of quality who are clearly above them.

        1. matjaggard

          Re: end-to-end encryption

          End to end encryption is not required for the web to function - until recently nothing had it, you had encrypted connections from you to a server and encrypted again from the server to your friend. It seems Facebook decided most of the value was from who talks to who rather than what they say, or possibly they felt pressured into end-to-end encryption. Either way, the biggest problem I have with removing it is trusting the companies and organisations that have the data not to misuse it or be hacked. Whether that risk can be mitigated enough to be worth having access to criminal communications is debatable. The worst criminals would just move into another platform anyway and who knows which platforms use genuine end to end encryption. I think there's a good chance telegram's is broken

    3. Starkoman
      Alert

      Re: end-to-end encryption

      MI5, GCHQ and plenty of other government departments and teams cannot bear the thought of true public freedom of speech or, worse, genuine freedom of information protected by end-to-end encryption (which technology daily preserves their own crooked secrets and behaviours).

      God forbid the day comes when government communications are exposed to the public in the same way they’re once again demanding the public surrender their every shred of privacy to them.

      The Independent Human Rights Act Review is not a “quid pro quo” document, is is not an exchange in any way — it’s a one-way theft: “You give us yours and we keep ours”. Not a trade but a mugging.

      The hypocrisy is right there in plain sight. Raab and the other numbskulls barely have the IQ to pretend to hide it. Besides, they know the British press and media won’t tell the public they’re being robbed of their rights, most of them won’t understand anyway.

      The motivators in and out of Westminster, the connivers lurking behind this so-called “Review” of the Human Rights Act are the very people who are confounded by it every day in their ‘work’ and by the courts — chief amongst them, habitual lawbreaker and Home Secretary, Priti Patel — without doubt the most crooked evil and mendacious of todays government Ministers.

      This is no “final review” of the Human Rights Act — nor are these mere “tweaks”. This is another political subterfuge — where, once politicians have got away with a little twiddling at the edge of the previously unassailable Human Rights Act without too much fuss being made, the next move is to get inside and, one swing of the blade at a time, gut every single part of it which they don’t like or lands them in court and losing most days of the week.

      Before anyone knows, the Human Rights Act will be a dead, empty cadaver skin — where once existed public serving, protective restraints on government.

      It would appear the motto of the entire Johnson government can been distilled to one underlying, telltale, putrid axiom:

      “One rule for me — and another for thee”.

  3. Anonymous Coward
    Anonymous Coward

    It's OK, freedom of speech is a quintessentially British right

    Apparently, freedom of speech is a "quintessentially British right, the freedom that guards all the others". At least, according to Dominic Raab (Justice Secretary and deputy Prime Minister) in a speech regarding changes to the Human Rights Act:

    https://www.bbc.co.uk/news/uk-59646684

    1. Flywheel
      Megaphone

      Re: It's OK, freedom of speech is a quintessentially British right

      freedom of speech is a "quintessentially British right"

      It is, and if you're a British pleb it can land you in jail and/or a very expensive legal bill. Caveat Speaker.

      1. CountCadaver Silver badge

        Re: It's OK, freedom of speech is a quintessentially British right

        Unless of course your a wealthy public figure where you can say whatever you like as everyone knows you could bankrupt them in the courts, even cowing certain media outlets into not criticisng some public personas due to their sue happy nature.

        Also if your views align with those of the ruling party where the govt will extend laws to protect your right to be bigoted and offensive, while declaring a "war" on those who oppose said bigotry

    2. Primus Secundus Tertius

      Re: It's OK, freedom of speech is a quintessentially British right

      Freedom of speech is a right. But in Britain you have to accept responsibility for the consequences. This is fair and reasonable, unlike the USA where freedom of speech is a cynical shibboleth used to defend outrageously harmful words.

      1. unimaginative
        Mushroom

        Re: It's OK, freedom of speech is a quintessentially British right

        I disagree. I admire and envy consitutionally protected free speech in the US.

        Freedom of speech limited to "nice" speech in your judgement is no freedom at all.

      2. Loyal Commenter Silver badge

        Re: It's OK, freedom of speech is a quintessentially British right

        ...unlike the USA where freedom of speech is a cynical shibboleth used to defend outrageously harmful words

        In the UK, it's more a shibboleth used to defend oneself from criticism when you say or do appalling things. See also "political correctness gone mad" and "wokeism", terms invented by those who would like to shrug off scrutiny. Like Dominic Raab*.

        *The correct pronunciation of this man's name is, I like to think, to tighten your vocal chords and let off a preternatural scream, as if doing an impression of a velociraptor. "RAAAAAAAAAAAAAAAAB!".

        1. Kane
          Alien

          Re: It's OK, freedom of speech is a quintessentially British right

          "The correct pronunciation of this man's name is, I like to think, to tighten your vocal chords and let off a preternatural scream, as if doing an impression of a velociraptor. "RAAAAAAAAAAAAAAAAB!"."

          I'm more inclined to go for the "KHAAAAAAAAN!" of of Kirk.

        2. martyn.hare
          Paris Hilton

          Forget Raab… focus on the decent people like…

          Rowan Atkinson, Sean Lock, Bill Burr, George Carlin; all of whom have pointed out the absurdity of overzealous censorship. We should all be allowed to say appalling things from time to time and while people can judge us for by our words, they should not be able to use them to silence us.

          Also: Fuck the children, let’s think of OUR safety and security!

      3. VicMortimer Silver badge
        Flame

        Re: It's OK, freedom of speech is a quintessentially British right

        Here in the US you absolutely have to accept responsibility for your speech - from anyone who isn't the government.

        You can be shunned by your community, you can be unceremoniously dumped off social media, you can be fired without warning.

        But you CANNOT be imprisoned or fined by the government.

        And that is as it should be. Speech is not a crime, no matter how despicable it may be.

        1. Anonymous Coward
          Anonymous Coward

          Re: It's OK, freedom of speech is a quintessentially British right

          * unless your name is Julian Assange.

          1. Anonymous Coward
            Anonymous Coward

            Re: It's OK, freedom of speech is a quintessentially British right

            Publishing stolen documents is not "freedom of speech." It's theft. It's computer fraud. Whatever the means used, it was illegal to access those documents, much less distribute them.

            Assange is NOT a "journalist" in any sense of the word; he is a grandstanding show-boater who should have had the 'nads to face justice over a decade ago instead of hiding in the bushes.

            1. Starkoman

              Re: It's OK, freedom of speech is a quintessentially British right

              Written by Moscow-B (msobkow), who has no interest in freedom of speech — nor whether Assange released documents owned by the public is in their best interest or not.

              Moscow-B’s paid job is to search for keywords and sew division and misinformation. That’s it. Hatred and division in the West.

              Pathetic, isn’t it? But that’s it, right here.

    3. jason_derp

      Re: It's OK, freedom of speech is a quintessentially British right

      I think there's a public service announcement (with guirar) that mentions a caveat to that right.

      1. Swarthy
        Thumb Up

        Re: It's OK, freedom of speech is a quintessentially British right

        "Provided you're not dumb enough to actually try it!"

  4. Hubert Cumberdale

    Any attempt to ban encryption is like trying to ban pigs from being tasty: futile.

    1. doublelayer Silver badge

      And yet there are large chunks of the world's population who don't eat them. Many of those could choose to and don't for their own reasons, but in some areas, it's prohibited at a higher level. I could not make you dislike the taste, but I could prevent you from eating them if I had enough power and the desire to do so.

      You can't prevent encryption from existing at all, but you can prevent the general public from having access to it. You can block services that would use it. And if you do those things, you can identify those people who have created their own encrypted communication systems and target them. Nobody wants to go that far that I've seen, as encryption is still of use to some transactions, but China has taken a lot of actions to block communication systems that don't include a forward-to-government option. Other countries have spoken about desires to follow that lead.

      1. Hubert Cumberdale

        Point is, those who are up to no good (and of course those involved in activities that are not inherently bad but the government defines as illegal so as to try to hold on to power) will certainly find a way to use it anyway. As they do in China: they're playing constant whackamole with VPNs etc. over there. If people have sufficient motivation (good or bad), they will find a way.

        I say everyone should encrypt everything just because they can. Everyone should always believe they have something to hide: you never know when something perfectly innocent today (e.g. being a Communist, Jew, Labour voter...) will be suddenly deemed problematic by someone in power. Then you'll wish you'd encrypted everything.

        Think of the children? I am: I'm thinking of that baby that can't avoid being thrown out with the bathwater when banning or intentionally breaking encryption.

        1. Anonymous Coward
          Anonymous Coward

          WHAT! There are Labour voters?

          1. Anonymous Coward
            Anonymous Coward

            Voters!!?? ... hang on a minute ... I know the word ... just can't remember what it means.

            "WHAT! There are Labour voters?"

            Yes .... I was suprised by that but I am assured by many local people that they know someone who voted for labour.

            The harder question at the moment is ..... why !!!???

            The labour party is somewhat confused 'what and/or who' it represents.

            As per usual the Conservatives have their 'internal' fights in private mostly and pretend to be united when votes are at risk or to be gained.

            The Labour party, when a chance for gaining votes/voters appears, will have their 'internal' fights in the streets with razor blades, bicycle chains and switch blades. Expecting the voters to not notice and happily give them their votes.

            The common characteristics of both parties and their MP's is that the party comes first .... before country or anything else and that the 'Political' job is just a stepping stone to a better job in the city etc.

            Not quite as corrupt or underhand as american politics BUT of late importing far too many ideas from the US of A political pit of vipers !!!

            In the US of A democracy is a concept that has not seen the light of day for so long that the populace have lost any expectation of it ever happening in their lifetime.[50% don't want it to happen because they are winning as it is .... 50% want it but have no idea when it will happen] :)

            The UK politicians look on longingly as they see all the ways they could line their (& their friends) pockets, if the UK was a little more like the US of A from a political point of view. :)

            Rant over. :)

        2. a_yank_lurker

          Also, everyone has sensitive information they do not want snooped such as banking information. Information that for most is innocent; you got paid and you paid rather mundane bills such as utilities. But you do not some miscreant to easily grab your sensitive data like bank login.

      2. Majikthise

        Not quite that easy, I think

        You could, with enough power and will, make it effectively impossible for me to gain access to a pig, dead or alive.

        You're going to find it harder to deny me access to AES, given that it's widely documented and even the cheap laptop I'm typing on has hardware support. I hear you argue that Reg commentards are not "the general public"; fair enough but I'm certainly happy to be one of the folks who continues to make e2e available to everyone with traffic disguised as quotes from the collected speeches of Joe Biden* with plausible deniability and forward secrecy built in.

        Way back when PGP was young, using it conveniently notified NSA/GCHQ that your email** was of interest to them. The spooks now want widespread encryption for security, as long as it is back-doored (or they have access to the in-clear state via Google, FB etc) and that does make it harder for them to work out what might be "legal" vs "non-legal" payload of your traffic, especially if it can plausibly be decrypted as pictures of playful kittens or (legal) porn. If this is needed, it will be developed and widely used. I'll agree that that won't be used by most of the general public most of the time, but those that will want it will really want it; some will use it much the time, many will use it some of the time.

        Like others here I'm actively working on keeping my own stuff under my control.*** This is all a bit Farenheit 451, but keeping the knowledge in our heads is prudent. Post-Snowden, reporters now know that decent e2e software is a thing, which helps.

        * Greybeards out there in the Regiverse will remember that someone tweaked an algorithm thus in an attempt to demonstrate to then-senator Biden that this crypto thing was a bit harder than he might imagine.

        ** All your email thereafter, not just the pgp stuff...

        *** Not too much of problem admitting this here as, obviously, anyone reading El Reg is suspect anyway.

        1. doublelayer Silver badge

          Re: Not quite that easy, I think

          I couldn't easily cut you off from AES, but I could identify that you're making an application that is easy to use for others and go after that. I could shut down your communication system, replace your binaries with compromised ones, or similar. If I did that, I have not prevented you from using encryption, but I have made the widespread use of it more difficult. I could also target you for building a system to evade the communications law and lock you up, gradually reducing the supply of people circumventing attempts at surveillance. Doing this is costly even for the surveillance organizations, but if one cares more about power than resources, they could try it. That's why we shouldn't allow them to try it.

      3. Geez Money

        > And yet there are large chunks of the world's population who don't eat them. Many of those could choose to and don't for their own reasons, but in some areas, it's prohibited at a higher level. I could not make you dislike the taste, but I could prevent you from eating them if I had enough power and the desire to do so.

        You seem to be labouring under the impression that a beer and a ham sandwich would be hard to get in Pakistan (even for a local). If anything this comparison shows how bad and ineffective these sorts of bans are.

        1. doublelayer Silver badge

          I didn't say it was completely prohibited with perfect enforcement, just that there are areas where it is banned and that they could put more resources into making it hard if they didn't mind wasting them for something with little benefit. Unfortunately, the world's dictators haven't always put efficiency over power. Or maybe that's fortunate after all, as they sometimes fall by doing so.

      4. Fred Dibnah

        Pork

        The ban on pig-eating in Judaism & Islam, which probably originated from the risks of storing pork in warm climates, makes more sense than banning e2e encryption (which has no rational reasoning behind it whatsoever).

    2. Hubert Cumberdale

      (looks like one or more vegans frequent these forums and can't deal with how tasty pigs are)

      1. Franco

        No chance that they are hiding, have you ever met a vegan who didn't tell you they were vegan within 5 minutes of meeting them? And usually much quicker than that.

        1. Hubert Cumberdale

          Actually, much to my surprise, I did once.

          1. Franco

            There's an exception to every rule it seems!

            1. jason_derp

              I find the people most interested in talking about veganism are people who aren't vegan, oddly.

              1. Hubert Cumberdale

                (found him)

              2. ICL1900-G3

                If there were more vegans - I'm happy to admit I'm one - we might stand a slight chance of not incinerating the planet. Still, I'm old and I presume you lot all have another planet to move to, so why should I worry?

                1. Hubert Cumberdale

                  If you were an honest vegan, you'd have to admit it's rarely that simple. In summary:

                  1. Assuming the moral high ground is nonsense ("it is hard to formulate a climatic argument that would convincingly create a moral obligation to strict veganism as a conclusion").

                  2. Ovo-lacto vegetarianism, and even a less careless omnivorous diet, can be on a par with or better than veganism in terms of climate change potential. ("A high inter-individual variability was observed through principal component analysis, showing that some vegetarians and vegans have higher environmental impacts than those of some omnivores"). Meat/no meat is a gross oversimplification: heavily processed vegan food bad, minimally processed plants good; beef bad, chicken good. Do you buy tomatoes that have been grown locally in winter in heated/lit greenhouses, or do you get them shipped from Spain? In any case, do you fly to go on holiday? Do you own a car?

                  3. You're not helping anyway ("[moralised minority practice identities] might paradoxically block societal shifts in practice due to a reluctance among non-practitioners to have to take on a practice that implies belonging to a particular minority group").

                  1. Geez Money

                    I'll add

                    4. Personal choices like this, even in aggregate across humanity, do f*** all to help climate change because they're absolutely dwarfed by commercial/industrial sources of pollution. Even if every single person on Earth made what your nearest virtue signaler insisted was the "right" personal choice at every step we'd be on the exact same path we're on now. This makes activism around personal choice multiply counterproductive since it also turns people away from doing more useful climate things.

                    1. Anonymous Coward
                      Boffin

                      Wrong, and this is one of the more nasty ways of avoiding responsibility so please, do not do it.

                      As example road transport is about 12% of emissions of which passenger transport is about 60%. So if everyone stopped driving they might save 5% of global emissions. Energy used in residential buildings another 11% so if we halved that that's another 5%. Livestock another 6% or so so vegans would stop all that (I am not a vegan no axe to grind here). So perhaps 15% so far, and there are more things of course.

                      15% is not solving the problem but it is also not nothing. As I said: is one of the more nasty and stupid denialist lies that individuals, even in aggregate, can do nothing because some imagined other people are causing all the problem. So, well, we don't have to do any thing, how very convenient that is. This is a lie.

                      1. Geez Money

                        First of all I am not a "denialist"; second calling your numbers heavily fudged is beyond being polite (something you could afford to do once in a while) as you smear commercial and personal numbers together and call them all personal; third yes there is harm to fixating on haranguing people for personal choices when you yourself acknowledge it won't do enough, you need to spend capital (monetary, political, social, otherwise) in effective ways and diverting it to this task is actively harmful; lastly your slippery slope argument is not even close to a good one, choosing to change things that make the most difference is not even a step toward choosing to do nothing, much less a slippery one.

                        Picking your targets tactically is not worse than flailing blindly as much as possible in an effort to 'try harder' or 'look busier' or whatever. Altering your lifestyle conspicuously isn't something you do for the Earth. Whichever one of those sentences you needed to hear, there it is.

                  2. jason_derp

                    Hubert Cumberdale and his long ass list are busy like bees proving my point, I see.

                    1. Hubert Cumberdale

                      You think that's a long ass list? You ain't seen nothin' yet.

          2. Geez Money

            Ah, some of my more inspired work.

        2. staringatclouds

          Next time ask them what Vega is like

          1. Hubert Cumberdale

            They won't answer: what happens in Vega stays in Vega.

  5. Eclectic Man Silver badge

    Ofcom codes of practice

    "Codes of practice issued by Ofcom to be made legally binding on social media platforms"

    I have to admit I am somewhat concerned that codes of practice issued for time to time by Ofcom would be legally binding without proper democratic oversight or debate. Yes, I know that our lords and masters in the Houses of Parliament can be ignorant and stupid at times, and maybe Ofcom is peopled with exceptionally astute and wise individuals, but to make any code of practice legally binding is surely the responsibility of parliament?

    1. Duncan Macdonald
      Mushroom

      Re: Ofcom codes of practice

      Ofcom wise - what are you smoking ???

      This is the group that rubber stamped the removal of direct copper connections (exchange to phone) thereby making sure that in an emergency causing loss of mains power there would be no way to make an emergency call (as mobile phone masts depend on mains power).

      If the government had its way it would outlaw ROT13 as too difficult to decrypt !!!

      Icon for what should happen to all lying politicians (99.9999% of them) ====>

    2. Pen-y-gors

      Re: Ofcom codes of practice

      I appreciate that our Parliamentarians believe they are answerable only to a god they don't believe in, and are all-powerful in the material realm, but how exactly do they intend to 'require' Sina Weibo (or even the USA-based Twitter) to implement foreign codes of practice from e.g. Ofcom?

      1. Anonymous Coward
        Anonymous Coward

        Re: Ofcom codes of practice

        Do you think non-EU countries ignored GDPR too?

        Haven't you seen the many US sites that now block EU access, or have cookie popups,

        If they want to operate in the UK, they'll have to abide by UK laws.

        1. Anonymous Coward
          Anonymous Coward

          Re: Ofcom codes of practice

          EU is a large entity with much power. UK ... isn't.

          1. Anonymous Coward
            Anonymous Coward

            Re: Ofcom codes of practice

            I agree, but my point still stands - if they want to do business in the UK they must follow UK laws.

    3. Anonymous Coward
      Anonymous Coward

      Re: Ofcom codes of practice

      [...] and maybe Ofcom is peopled with exceptionally astute and wise individuals, [...]

      PM Johnson and his cronadvisers have a penchant for rigging any check&balance process to their own benefit.

      The new OFCOM head selection was abandoned after the PM's intended shoo-in was rejected by the independent panel. They appointed a new selection panel - with their shoo-in candidate back on the short list. However people then refused to be appointed to be on the selection panel.

      Eventually that candidate decided to withdraw to pursue other influential roles in their own media organisation.

  6. CountCadaver Silver badge

    Why am I reminded of the end of the republic in Star Wars where they all cheer at the announcement of an empire being created in the name of security and safety....

    1. Anonymous Coward
      Anonymous Coward

      A "tyrant" was a person in Ancient Greece who had absolute power to rule in a crisis. In theory this post could be legally time-limited - although tyrannicide was not unknown when a dynasty was apparent.

  7. tiggity Silver badge
    Joke

    Ban end to end encryption...

    In the spirit of no privacy I fully expect to see all MPs data (including historic deleted stuff) from all social media, emails, texts, phonecalls etc, etc..

    And to have this flow of data continually updated and freely available to the public.

    To cover non digital happenings, 24/7 video and audio recordings of everything they do always accessible

    After all, our MPs are so morally perfect and beyond reproach that they would see no problems with this at all, as nothing to hide, nothing to fear and always think of the children.

    https://www.theregister.com/design_picker/fa16d26efb42e6ba1052f1d387470f643c5aa18d/graphics/icons/comment/joke_32.png

    1. ThatOne Silver badge
      Childcatcher

      Re: Ban end to end encryption...

      > and always think of the children

      They should get treatment for this.

    2. Anonymous Coward
      Anonymous Coward

      Re: Ban end to end encryption...

      Don't forget their online credit card transactions. If it is ok with them for Google to know what they bought, surely it is okay for the public to know.

      After all, they have nothing to hide.

      They keep insisting that the only reason people want encryption is because they have things to hide. Time for the politicians to start living in glass houses to demonstrate to us all how it should be done without encryption...

  8. Anonymous Coward
    Anonymous Coward

    Naturally

    It's vital for the smooth implementation of the New World Order that Big Brother knows exactly what the resistance is up to.

  9. Anonymous Coward
    Anonymous Coward

    Sigh,

    Nothing leaves my machine unless I encrypt it.

    Suck on that.

    1. dogcatcher

      Re: Sigh,

      I presume that government ministers will not use their scrambled telephones. GCHQ can lay off half its staff because there will be no cipher traffic to monitor and let's re-establish Civil Censorship of the mails in case anyone has the temerity to send a coded letter.

      (With memories of my late mother who worked for part of the war excruciatingly censoring the Irish mail)

      1. Anonymous Coward
        Anonymous Coward

        Re: Sigh,

        The English public Royal Mail service was created as a monopoly by a paranoid King Charles I in 1635. All posts then had to go through a central office where they could be opened, copied, and resealed without signs of tampering. Some of the transcripts are in the archives to this day.

  10. Loyal Commenter Silver badge

    I must be reading this differently to everyone else

    The phrase "identifying end-to-end encryption as a risk factor" does not, to me, meant eh same as "ban end-to-end encryption".

    Now, I'm normally amongst the first to firmly slap my palm into my face when I see politicians gig on about banning encryption, where it is usually immediately apparent that they don't know what they are talking about, but this does not appear to be what they are talking about here.

    Identifying as a risk factor, to me, implies that they would like to flag up services that use E2E encryption as potentially problematic, presumably, because the content being shared through them is much harder to regulate. "Thin end of the wedge" arguments aside, it doesn't go so far as to say "ban them" though.

    Online regulation is a tricky issue, and I don't actually envy them the job they have to do here. On the one hand, nobody* wants a surveillance state. On the other hand, it is clear that there are real harms being done online; from the proliferation of hate-speech, to social media echo-chambers, targeted political advertising, and the consequence-free way people can say things online that would get them punched if they said them in person. Some regulation is clearly needed, and the form, and mode of that regulation is something that we can't really agree on. Talking about how to identify areas which may be problematic shouldn't be shouted down, and we should be able to have reasoned debate about it. In the UK, the governmental process to do that is reporting at the committee stage...

    *Well, some authoritarian nutjobs do, but even those in power realise that, on the whole, the administrative cost alone is too burdensome.

    1. doublelayer Silver badge

      Re: I must be reading this differently to everyone else

      I don't think that's what they mean. A lot of harmful communications can happen, but most of the stuff they've talked about is the public social media or similar services. E2E services don't really work there because every participant needs to have the keys, so it usually means a direct communication system. Regulation of social media is and should be very different than regulation of private emails I send, in that there should be a lot less regulation or perhaps none*. I therefore think that it is the traditional excuse to identify encryption as a problem in order to argue for limitations, interception, or a ban.

      * Sending emails which enable a crime is already criminal activity, so no email-specific regulation is needed to make it so. Sending emails which are evidence are already discoverable as part of court proceedings which have rules for destroyed or unrecoverable evidence, so that's covered too. I don't think they need more than that.

      1. Anonymous Coward
        Anonymous Coward

        Re: I must be reading this differently to everyone else

        The implication is that E2E would be allowed. However senders and recipients could have surveillance software in their devices - either mandated or covert.

    2. yetanotheraoc Silver badge

      Re: I must be reading this differently to everyone else

      The phrase "identifying end-to-end encryption as a risk factor" does not, to me, mean the same as "ban end-to-end encryption".

      -- Which is precisely why the politician phrased it like that.

    3. Doctor Syntax Silver badge

      Re: I must be reading this differently to everyone else

      The phrase "identifying end-to-end encryption as a risk factor" does not, to me, meant eh same as "ban end-to-end encryption".

      So the weasels fooled you.

    4. Cuddles

      Re: I must be reading this differently to everyone else

      Read the full text. They didn't just say "identifying as a risk factor", they also said - "Providers should be required to identify and address risks arising from the encrypted nature of their services under the Safety by Design requirements.". Providers should be required to address the risk. In other words, while they won't explcitly ban encryption, they will make it so onerous to justify doing it that no-one will actually be able to provide encrypted services. Or at the very least they'll be forced to "address the risks" by leaving all the back doors open, which has been openly stated as the goal many times previously.

      1. Geez Money

        Re: I must be reading this differently to everyone else

        My understanding of this law is that this would mean the company breached its 'duty of care' if it used encryption and would have essentially unlimited liability as a result? So the government wouldn't even go after them directly, it would just let the court system murder anyone who didn't play ball.

    5. Anonymous Coward
      Anonymous Coward

      Re: I must be reading this differently to everyone else

      The thin end of the wedge is exactly what this is. Have you not been watching the sort of things they have been doing recently?

  11. The Axe

    Sorites problem

    When does a company enabling customers to communicate with each become a social media company. At some arbitrary random point in the number of customers, its turnover, the number of messages, or whatever?

    1. yetanotheraoc Silver badge

      Re: Sorites problem

      Paradoxically, Ofcom knows the answer.

    2. Version 1.0 Silver badge

      Re: Sorites problem

      An alternative solution might be to permit encryption but ban social media companies? Or maybe just require that everyone wanting encrypted email messages use Google ... that way the government would have full access to the contents.

      1. Anonymous Coward
        Anonymous Coward

        Re: Sorites problem

        A more straightforward and easier to affirm method would be to ban all cameras. Then you are certain to stop child pornography.

        1. The Basis of everything is...
          Joke

          Re: Sorites problem

          Hmm. Before the camera there was the oil painting. And then the sketch. And then the woodcut. Better ban all art that shows people.

          And yes, I am aware of certain artistic traditions in a particular part of the world.

          1. Eclectic Man Silver badge

            Re: Sorites problem

            Ih the film about the Windmill theatre during WW2*, it never closed, the argument with the Lord Chamberlain (who regulated pays and theatrical productions at the time) was that he was quite happy for the art galleries to show very many pictures and statues of nude women, so how could he object to nude women on stage? The compromise was that the women on stage must not move.

            * https://en.wikipedia.org/wiki/Mrs_Henderson_Presents

          2. Bogle

            Re: Sorites problem

            "Don't try to destroy the painting, bishop, we have the original etchings." - Edmund Blackadder

          3. Loyal Commenter Silver badge

            Re: Sorites problem

            Probably safest to ban eyes.

            1. cyberdemon Silver badge
              Devil

              Re: Sorites problem

              And brains, apparently

          4. Anonymous Coward
            Anonymous Coward

            Re: Sorites problem

            UK law bans any pictorial representation - no matter what medium or if the subject is totally fictional. A long time ago the "Oz" magazine trial found a Rupert Bear derivation obscene.

        2. Michael

          Re: Sorites problem

          Surely banning all children would also solve the problem of child pornography?

          1. Dave559 Silver badge

            Re: Sorites problem

            Ah, I see that some representatives from Scarfolk Council have now joined the discussion…

            This is a local forum for local people, we'll have no trouble here!

            (Puts a penny in the swear jar for mixing metaphors/universes…)

  12. EricM

    It didn't work when the US tried this in the 90's, when encryption was virtually non-existing.

    France gave up on attempts to severly limit encryption in '99.

    I doubt it will work if the UK tries this in 2022, when encryption already is everywhere.

    Honestly, who assumes british government employees (or whoever manages to intercept the traffic ) wading through customers bank transactions or online shopping records would be acceptable for international customers?

    Today banning real encryption means banning business.

    1. Loyal Commenter Silver badge

      Re: It didn't work when the US tried this in the 90's, when encryption was virtually non-existing.

      Honestly, who assumes british government employees (or whoever manages to intercept the traffic ) wading through customers bank transactions or online shopping records would be acceptable for international customers?

      You might assume that the same sort of logic would apply to erecting cumbersome trade barriers with our close neighbours; such a thing would have a disastrous effect on those who rely on international trade. Yet here we are, with a government which has done exactly that and crowed about how it is somehow "taking back control of our borders".

      Never underestimate exactly how stupid and self-destructive government policies can be, and how, with enough propaganda, the public can not only be made to buy them, but also be made to blame someone else for the consequences.

      1. Anonymous Coward
        Anonymous Coward

        Re: It didn't work when the US tried this in the 90's, when encryption was virtually non-existing.

        Well look at the last age verification law this will delayed over and over again until it is scraped because they just could not find a way to get it up and running, its also easy to see that the new Online Safety Bill could also collapse and not work at all.

      2. EricM

        Re: It didn't work when the US tried this in the 90's, when encryption was virtually non-existing.

        OK, _that_ point is hard to argue ...

        Cheers

  13. Boris the Cockroach Silver badge
    Big Brother

    Identifying end to end

    encryption.... hmm

    OK I boot up firefox.... and login in to my online bank account(very unlikely as I dont have one)

    My password and account info are encrypted and sent to the bank ... who then encrypt the response.... and so on and so on until the session is finished and I log off

    Next I boot up a custom version of IRC(remember that?) my chat is encrypted and sent to the IRC server who then relays it to the people I'm talking to.

    Will this new snooping software be able to tell the difference? will it be able to tell apart what data I am sending if both programs are using the same encryption algorithm? and more to the point, will the powers have to obtain a warrent to be able to snoop on you rather like they have to if they want to intercept and open your mail?

    And finally who gets to decide what harm the social media(farcebork) is causing or is not causing..........

  14. Anonymous Coward
    Anonymous Coward

    "divide and conquer" .. keep on, granualising, bit by bit.

    Will society, in 20 years, be able to revoke the mistake they made today? Did they 20 years before today. No. Because rules made now, are for a moment. Everyone's attitude will completely different in 20 years as they mature. or they will deceased :(

    OSB will be back and forth. for each victory in eaither direction, like always, there will be stalls and decay of the small change proposed. one that tiny bit of law is ineviteably added and assumed small enough to concede.. next is another small little update. and a little update to that... where's the end? LEGALISED Universal Auditing of every keystroke, by every online entity that collects data.

    Look at the Terms or Privacy statements. EVERY SINGLE ONE says they have to provide data they have collected to law enforcement and prevent fraud etc.. OSB and extra, is already fully in place. This OSB is process to counter future culpability and formalise, from that day, movement towards online safety. Negating and absolving, for their part, that which has gone before. .. bit by bit. small advance at a time.

  15. Doctor Syntax Silver badge

    I've said it here before & I suppose I'll have to say it to my MP. If someone is intending to break the law then providing them with more laws to break will not stop them. The people who will count the cost will be the law abiding.

    1. ThatOne Silver badge

      > providing them with more laws to break will not stop them

      While this is true, I'm afraid it is also irrelevant in this case: Clearly the point here isn't stopping crime, but better controlling the semi-docile masses, making sure they don't get devious ideas (like voting for somebody else).

      Then there is also the "showing we're doing something" aspect, so that when something bad happens it can't possibly be your fault, you clearly did all you could.

      Last but not least, power and control are addictive, one can never have enough...

      "Strong" regimes are getting fashionable again, and all over the world supposedly democratic governments are watching the more repressive regimes like China and dream of imitating them ("Great firewalls" are just the first, almost innocent step).

  16. Winkypop Silver badge
    Devil

    Infamy infamy!

    They’ve all got it in for me!

  17. Anonymous Coward
    Anonymous Coward

    Ah.....the STASI state moves ever closer...and some EL Reg commentards seem to approve!

    Quote #1 (El Reg): "...end-to-end encryption to be banned...."

    Quote #2 (doublelayer): "You can't prevent encryption from existing at all, but you can prevent the general public from having access to it."

    Quote #3 (Hubert Cumberdale): "Point is, those who are up to no good ... will certainly find a way to use it anyway."

    Quote #1: So what? If the end user(s) use private encryption before anything enters a publicy available service, then they have effectively implemented "end-to-end encryption" which could be even harder for "the authorities" to crack....cipher scheme unknown, key management unknown, (potentially) end-points unknown.....so actually worse than a published public service!

    Quote #2: So doublelayer is into banning books as well! (See Bruce Schneier, Applied Cryptography)....and banning C programming too!

    Quote #3: Sorry Hubert, but some of us law-abiding citizens want to preserve our privacy.....what we communicate is PRIVATE, irrespective of the activities of GCHQ.

    Re: All three quotes -- Maybe someone here can decrypt this short message, once they have figured out the private cipher.

    *

    2DyDQpIFeLCpIRo3ovq7qxWLsbWreDeVmXun6jA34fGXOVUfInuVSFmfGFuDmzg5uVir65aDofyZ

    8J69sjgXOHsvahs9sNwNoxWPqdEJS1Kna1K3wH2N41K7kboNA5cdWdyRgXmr8jOtilof8TADqD2z

    YZ4Rgdul0JqhiJSNg1cR6Z8nU5szYTifQJGN8jiL63GJyn6dwPghY7iFOHqTCPY3er8563GVozs1

    kvYpmDqtgXa7WtAdst430RCr2P0Fe7AxCRAhqN2lgr8DSlyh0TiJcDodEdoPMLE3y32HEvELy10B

    4JS7E3OH89UrwpYBG7QlGbMzuvcR0RgxG9YN4vaJiVAdkvm3wXwt4x0VS9w1iBgXoRKBIV4JyV4z

    4pkJoB6faHOjUFefaHavwPQ5IpWnE30zah41wvi327e3Mh2rIX4NkzqfwPOJKbAVqNOLWPEVQVup

    wFWN4DAnufEt8VerKVaLwDUToXOrshSjYTcZkfm5ODa3WBkZabIJiDc5A7M3u5WH81YXG9Uxe7Wl

    if2rWjQ9opInG7ULKlKx67WXgBeNqDetmLY9YLSHSZQlmNYjE7A9IZavobSjCVy1Gh49yTsFI9Ib

    cJIDANiLSTmfKbk1cZqTW7YlutyjG30JqhEXiZeV0LCL03krova3KRqTyNiP0ZKdK7ITmtw305M3

    MfCDQxIx0tEDIJubQX0d25yb2TyhWn6TELkvw5o3mDwPIfgtWNwZ2H8DQXmXmp4HYTyRSN2DYZEt

    8rk7sjAfELaTiD67oF4nstGfcje7qTEfajYdgB4RE7yV6rWnutAN0n6Zq1mPOLQVwF67gDON4Dmf

    IdM7QBKfWFsjAZInOre1gNEHWrGvUHyHoF8fqX4zal2paP6D2J2TE1GTgJWH6bwDcp4VG16x47wX

    I9ihs3crQvmnQjs9UbWN0bwXc3uh8pynmfoZKfaTGHKJONmXUDAJAHC1excXKREbI5Atmt0fEpUH

    cXofWvkLmPA9C74vQLgpO56F0RkNm1KPIVk7wvg1KR2nALYl2jyD6by1GDWvKJ8lkz41gr2Zwxop

    GhMFat6RW10LqtUza5mDYncB2X0bsH0P21ivYnyPmT2ZonCr6jYbmLKV2hMxYHwJwbANgnKNO5G5

    SV67ofgFYhsj2tMD2BOHI3gdG1atyfEraLSFcfQH0jcP83krMd0DSDEZylCVSLCBU1wtul6jgdkz

    89wTiXo5yl4fGlafSzAV2b8z0d09ATELK3KFW1yHitYFyjA1OjizC5eb6d4rOtk5WVSly1szMJAV

    wTWBevsP0FYJcpMFED4L2JeVYjAT8FYjeF4XSJYX6dC5MlspMrI7IZgHWhw3sd0HK9kFWf4lcfQJ

    0tGfAZe9sdsxYjY3ALm5S7EXmpE7eBYjo1SNwPepArkpEFAHS9OvmJmXGTQtGFkZOJ6HCp0P6TG1

    IlkvkzoRWLOb6dk5ctK7idqjglAzeNSFKhuPml8DoZaRExSPyfyJk38bghG5470Bmh2fOdSDkXi5

    A9MnU74bojQRqpITct2P0j8HSNKx2V63EVAH4JML8DYtq9AlGB0nALIjOtWDMfuxulq9GbW5GPs3

    8Tuf41OrI10JyjAL4HOL216xsZk7glqP0p4VWJwVi945YxGni5A7U3oBw7cB6RYngJgL

    *

    1. Jimmy2Cows Silver badge
      Holmes

      Re: Ah.....the STASI state moves ever closer...and some EL Reg commentards seem to approve!

      Looks like someone can't spot a hypothetical statement.

    2. Loyal Commenter Silver badge

      Re: Ah.....the STASI state moves ever closer...and some EL Reg commentards seem to approve!

      Sure, just copy+paste your Bitcoin private wallet key and we'll go from there...

    3. doublelayer Silver badge

      Re: Ah.....the STASI state moves ever closer...and some EL Reg commentards seem to approve!

      Look up "could" and get back to me on my quote. Some examples that could help the point: I could hit myself with this hammer, you could eat a live frog (it could be the poisonous kind), and we all could die tomorrow. Maybe these will help you understand what the repliers to the post understood.

  18. Anonymous Coward
    Anonymous Coward

    We recommend that end-to-end encryption should be identified as a specific risk factor

    as in '"lack of end-to-end encryption..."? Or... quite the opposite? Yeah, well, silly me...

    btw, it's 'interesting' _how exactly_ this wording found its way into the proposal.

  19. Anonymous Coward
    Anonymous Coward

    "The British Computer Society, the chartered institute for IT"

    "The British Computer Society, the chartered institute for IT"

    Why doesn't the BCS actually just do the sensible thing and change its name to the Chartered Institute for IT (and, obviously, undergo whatever certifications it needs to do to formally do so), to put it on an equal standing with all of the other professional institutes?

    I'm sure it does its (very limited) reputation absolutely no good for it to actually sound like it's little more than a hobbyist fan club that meets in a garden shed (notwithstanding that garden sheds, or at least, garages, have played at least some significant roles in the histories of electronics and computing)!

    (Oh, and the sucky parts of this proposed legislation suck, obviously.)

  20. Pen-y-gors

    Bottom line

    is that any half-competent 12 year old knows all about VPNs.

  21. theOtherJT Silver badge

    openssl enc -aes-256-cbc -iter 10000 -e -k STOPWITHTHISSHIT

    Presented for your consideration in base64:

    U2FsdGVkX1+152L+bUv0ngnLq4Uw+GJZqjEOGO4IOgFTmpG2W4EQF3kA4Nyvo+K6CBlgo0TVsQ4jssGPUFSa9vKNkUHyIyi8HqjUQKdgTbB0iky+oTMdlcrJkdzlpfxPBMftvD/FJOX81YBVfYSREA==

    Just stop. Stop now. Stop.

  22. Anonymous Coward
    Anonymous Coward

    Do want to point out its not having its second reading in Parliament this week because the bills been delayed until spring 2022 or later.

  23. Anonymous Coward
    Anonymous Coward

    Have seven years gone already?

    In my experience, the political attempt to break, weaken, end or backdoor traffic encryption surface every seven years or so. It appears the cycle is shortening.

    Here's a remedy: make the people who try this liable for every stolen webshop transaction, every leaked credit card details and the consequences thereof (as that is always gleefully skipped over when yet another company reports that hackers were so sophisticated that they were able to locate the file customerpasswords.txt as soon as they had breached the at best inadequate good-enough-but-not-really security measures that accountants had saved money on to hand out more bonuses to those who were already so regrettably short of income).

    In other words, let he/she who removes security pay for the consequences.

    I bet it would go vewwy, vewwy quiet soon.

    1. ThatOne Silver badge

      Re: Have seven years gone already?

      > let he/she who removes security pay for the consequences

      Come on, you don't really believe this, do you... In the real world you always make the victims pay. Also in this specific case the culprits would be people of power and influence who have the means to easily deflect blame. Your ID was stolen? It's your fault, because you hadn't bought identity-theft protection (from our buddies).

  24. Anonymous Coward
    Anonymous Coward

    Yep. 'Tis year end.

    Time for the uneducated politicians around the world to trot out their favorite wish list item for maintaining power and control: breaking encryption systems en masse. There is no such thing as "end to end encryption" - that is the way all encryption works - only the sender and receiver are supposed to be able to understand the messages.

    I realize that makes the spies and power hungry bottom feeders among the powers that be nervous, but that is just too bad: the world is not willing to sacrifice their own online safety just to calm your nerves.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like