433 comments

[ 5.1 ms ] story [ 308 ms ] thread
[flagged]
(comment deleted)
Nice username :)

I'm on the other side. IMO; CP is used more and more as an excuse to pass more anti-privacy agenda, because it is difficult to argue against "We want to protect children". That perspective moves discussion to a different place where it is difficult to discuss. Why can't we have both? Is only way to prevent CP eliminating privacy?

The only way to prevent all crime is 24/7 surveillance combined with constant control and no free will, but any reasonable person would find that unreasonable. That aside, a significant number of people sharing CP aren't smart enough to use an encrypted platform anyway.
I mean in the UK there were cp rings which were known about, that is the girls told the authorities about what was happening to them, and it was buried, so maybe get their own house with systems in place, training and funding (which is universally in short supply in UK since [edit: about] a decade now) to act on info they already get before trying to come after innocent people with a drag net in the hope of catching a few paedophiles. https://en.wikipedia.org/wiki/Rotherham_child_sexual_exploit...
CP = "brain_off" to defending your human rights :D

Simple as!

Also see terrorism

Its simple, get a warrant.
I’m going to assume that both you and the OP are engaging in this in good faith. I am thoroughly in the “legislating encryption is basically outlawing math” camp and believe it’ll be highly ineffective at accomplishing any of its goals. However…

Get a warrant for what exactly? On, say, an iPhone where you can have reasonably secured encryption-at-rest for your data (the entire disk is encrypted using an AES key that is protected by your passcode and that key is destroyed after too many failed attempts), simply getting a warrant to take physical possession of the device doesn’t really provide any evidentiary value. In the US and many other jurisdictions (but not the UK from what I recall), courts generally can’t compel someone to reveal their passcode. The E2E keys are stored encrypted at rest as well.

This begs the question of there being a "scourge" of child porn and terrorist propaganda. You're also assuming the UK's attack on encryption would do anything at all to combat either thing let alone end the presumed "scourge".

Strong encryption is the foundation of pretty much all online commerce. Without it little else is practical online. It's not up to the EFF to come up with solutions to made up or exaggerated issues.

> This begs the question of there being a "scourge" of child porn and terrorist propaganda. You're also assuming the UK's attack on encryption would do anything at all to combat either thing let alone end the presumed "scourge".

And the "terrorist propaganda" part doesn't make sense. Propaganda is useless if it doesn't reach an audience, and encryption is all about restricting the audience. I mean, didn't ISIS put up its propaganda videos on Youtube? They're hardly trying to hide it out of sight.

They've been coming back with these proposals with this every few years at least as long as my adult life (~20yrs) just that thus time they've got it through. Until now it's been knocked down for the ridiculousness it is. "They only have to be lucky once, you have to be lucky every time"
Your right to hunt down child porn does not exceed my right to privacy. To have it otherwise is to live in a panopticon.
In reality all rights are contingent upon and in direct conflict with each other. This is not some special case, and no, contingency and conflict does not make one side immediately the worst case scenario of itself.

"Your right to prevent incitement to violence does not exceed my right to free speech. To have it otherwise is to live in a panopticon."

It factually does exceed that right and that fact does not yield a panopticon.

> It factually does exceed that right and that fact does not yield a panopticon.

Poor analogy. The panopticon analogy was to relate the fact that allowing inspection of every single message sent by everyone ever is a panopticon. Preventing someone from speaking doesn't equate to a panopticon.

I am very concerned for the worldviews of people who genuinely think it's a good idea to let the government (and consequently, any entity with moderately-skilled hackers and a motive to mass collect data) view every message sent between private parties.

So I'll reiterate, I guess.

No, it doesn't.

Your comment is made in bad faith. Notably, you posted from a brand new account echoing the most inflammatory talking points that the government uses in support of eroding encryption. Either this is some blatant (and bad) astroturfing, or you've drunk the kool-aid from the government.

Nobody is here to defend child pornography or terrorism. But even accepting that they exist, those are a drop in the literal ocean of use cases for encryption relative to the overwhelmingly legal and productive and often necessary uses.

> They should come up with a useful alternative

We have a useful alternative - criminal laws. Make the criminal penalty a strong enough deterrent and you'll stop everyone except the most craven malfeasors (and those people will find ways to continue to disseminate their materials irrespective of encryption status).

Rather than accuse privacy supporters of being "stubborn", you should come up with a legitimate argument why ordinary, law abiding people should have to sacrifice their autonomy in service of an effectively phantom boogeyman.

wrt making criminal penalties stronger, I wonder what effect an add-on charge (idk the technical term) for deliberately using encryption in the commission of a crime would add.

I.e. using encryption is never illegal, but if you commit a crime and directly employ encryption as a means to commit that crime, your sentence is doubled or whatever.

(inb4 pedantic "all internet services use encryption", which I don't think a court would buy if this is meant to be an add-on charge)

They're telling us it's a scourge.

But I suspect it's a relatively tiny, albeit terrible, problem compared to breaking encryption, which isn't just about privacy but about every action over the internet.

I don't see that you can have it both ways; secure encryption and being able to inspect traffic. There's no alternative so it's either using other mechanisms to go after CSE and terrorist material, as currently happens allowing us to know about the scourge, or we may as well revert to everything being on http.

why don't you save us all a bit of time and just go ahead and tell us exactly which rights we're allowed to have in order to protect the children in your perfect kingdom?

like, will you allow me to drive a car, or eat beef, or own a kitchen knife?

We could outlaw math. Or the police could start doing their job.
That would require the UK government to fund the police properly. And the courts. And the judiciary. And the prisons.

For a political party that likes the cliché "tough on crime", it's kinda surprising how far on the path to accidental anarchy they are.

They're hoping people will start hiring rent-a-cop type security firms for their areas. Not joking.
Speaking from experience, they work pretty well.

Unlike the metropolitan police which is utterly useless.

I want my tax money back.

It's the same party that's tough on immigration, yet keeps importing lorry drivers, health workers and building contractors because they apparently can't be found inside the country.
> kinda surprising how far on the path to accidental anarchy they are.

"Anarchy" is not a synonym for "chaos". It is the opposite.

Triggered am I!

>We could outlaw math.

Maybe that's why math education is being sabotaged.

I think they'd argue that this is them doing their job: trying to negate the advantages that sophisticated criminals have over law enforcement efforts.

Could you elaborate on what you see as "doing their job" in this context?

Given that we don't catch, deal with appropriately or rehabilitate the majority of the non-sophisticated criminals, I'd suggest we start with that before we decide to start spying on the rest of the population?

Based on how RIPA and it's successors in the UK have suffered from excessive use I doubt that we will be restricting this power to "sophisticated" criminals if it comes to pass.

Surely this won't help them with sophisticated criminals, as they'll find some other way to communicate. You can easily build your own end to end encryption method based on things on github.

It might help them with the dumb criminals.

The cat is already out of the bag, the encryption already exists. This only hurts them who obey the law.
The police can do legal wiretaps because it is a tremendous help to get the job done.

That's the problem with e2e encryption: it makes the police's job much, much more difficult.

That's the point. People have to realise that there is a real issue which does not have a simple solution.

All protections of civil liberties and rights to due process can make the police's job more difficult - if you consider the police's job to be something like "catching bad guys without regard to any collateral damage that might be caused along the way". But in a free society that's not normally the job we want the police to do.

Of course the trouble in this case is that we either have private, secure communication or we don't. There is no halfway measure available. So both locking the police out of everything and giving them complete access to everything might be simplistic non-solutions to the real issue but they might also be the only options we have on this one so a least-of-evils argument may have to prevail.

I've personal experience of police not doing their job properly.

Anything that makes their job more easy will only make them more lazy.

Police work should be hard, because they have to navigate the law if they're to prosecute anyone. Lawyers love laziness, it's sloppy and steps all over lines of technicality.

Also, the legal right to violate citizens rights should never be 'made easier' by any legislation. To be on the end of state-enabled rights violations pretty much entirely ruins any trust one may have in 'the system'. And that trust seems to be increasingly valuable and decreasingly present amongst the Western populace.

I always find it a headscratcher when people advocate for making the violation of civil rights easier.

Cops seem perfectly capable of doing it with the tools they have today.

> That's the problem with e2e encryption: it makes the police's job much, much more difficult.

So what? It should be difficult. They should have to literally send a guy to follow and literally spy on you if they want to learn a single bit of information about you. Not push a button and have your entire life revealed on their screens.

It's nonsensical to claim that the job of the police should be difficult and made to be difficult.

The restrictions and controls, which exist, should be an enforced legal framework. If today the police want to wiretap your phone they need a warrant, that's the control and 'difficulty', but then telcos will route your calls to them at the push of a button.

Again, the issue with e2e encryption is real and complex.

It's not "nonsensical" at all. Even with warrants, authorities will abuse their power. I've seen a story here on HN about police submitting literal blank pages to judges and getting the warrants they want. Don't tell me this warrant bullshit stops anything.

I refuse to grant them any power whatsoever by using subversive technology like encryption. Their only choice is to increase their tyranny by treating all encryption as proof of guilt, undermining the freedom of everyone, including yours. Will you tolerate the increased tyranny or will you oppose it? That is the question.

The easier the job of the police is, the easier it becomes for them to create a police state. We can argue perfect imaginary world semantics all day long, but it doesn't change the fact that in the real world abuse is rampant and power over others is pursued at great cost.

Making the job more difficult for the police costs nothing but money. To argue that we should relax our liberties to make the polices job easier, is to argue that liberty should be erasable by those willing to pay.

They already are. They imprison journalists under terrorist acts if they criticise the gov or they come knock on your door if you put mean things on twitter.

But corrupt politicians? That's not a bug, it's a feature.

> They imprison journalists under terrorist acts if they criticise the gov

Is that fair? The English state is not doing that are they?

Some examples are suitable to back up such a claim.

The most obvious one is Julian Assange.

Then they detain people such as https://thegrayzone.com/2023/05/30/journalist-kit-klarenberg...

Or David Miranda (late husband of Glenn Greenwald).

Surely we believe that UK and USA are the good guys and they don't do evil stuff. That's left for Russia and China who are evil. Not like US and UK who invade and depose governments for commercial and geopolitic interests but "there's always a good excuse for it".

Ok.

Point definitely made

The English state ceased to exist in 1707.
>We could outlaw math

'We' don't call it 'math', who's 'we'?

Is this even enforceable? How can the UK government determine whether encrypted traffic going to/from UK IPs emanates from a messaging service as opposed to any other service?
"Who denounced you?" said Winston. "It was my little daughter," said Parsons with a sort of doleful pride. "She saw the installed encryption programs, and nipped off to the patrols the very next day. Pretty smart for a nipper of seven, eh? I don't bear her any grudge for it. In fact, I'm proud of her. It shows I brought her up in the right spirit, anyway."
This becomes a separate problem of against whom they choose to enforce it.

Defending yourself legally, no matter whether there's a lot or a little evidence, is an expensive, stressful, drawn out exercise.

Sometimes the accusation is the punishment.

>Is this even enforceable?

Not really, people have been talking in code for millennia. I wouldnt be surprised if a car company like Mercedes or Volkswagen could use their vehicles like swarm drones, relaying information between them when passing on the road, which could get data out of the UK using the cross channel ferries and eurotunnel.

There's way too much movement of people and stuff inorder to secure anything really. Even the new Apple headset can read the iris of the eye to get subconscious data out of the user when exposed to AV data, and the users wont even know they are giving out this data. Privacy? We dont have any!

Clandestine communications in cyber-denied environments Numbers stations and radio in the 21st century https://www.tandfonline.com/doi/full/10.1080/18335330.2023.2...

Number Stations https://www.youtube.com/@RingwayManchester

> Is this even enforceable?

They'll consider it enforced if all the major companies comply.

In terms of actually having the criminals using software that complies with the law, absolutely not. Making your own program that doesn't comply isn't much of a challenge.

To fully implement this would require dismantling vast amounts of software and protocols including VPNs, SSL/TLS, SSH, WebRTC, and loads more. Other countries won't want these protocols weakened just for the UK. It would end with the UK having a "great firewall" and basically its own little Internet with tech-savvy people punching holes in it just like they do in China.
Hopefully the role of the UK is:

Mistakes: It could be that the purpose of your life is only to serve as a warning to others.

https://despair.com/products/mistakes

I think Australia is used as a canary for laws that other 5-eyes countries want to implement.

Australians are pretty darn compliant to bad government because their lives are really quite comfortable either way.

"They" seem to be using the standard play book used by the rich and/or powerful against the will of the people. If you fail, keep trying and trying and trying until they get their way.

Well if the UK and other countries pass this, I guess it is back to gnupg. No way can that be restricted at this point.

> against the will of the people

it is not against the will of the people.

the opposition, NGO’s and the general public are accusing the government of moving too slowly and watering down the law. they want the law strengthened and adopted faster.

The Government, Opposition and NGOs don’t necessarily represent the views of the general public. Obviously in a perfect world such a consensus would, but in the real world it’s often not the case unfortunately.

I expect many UK citizens who were given a clear explanation of what the implications of the law was (without revealing which law it is and using its cutesy name) would say they would be opposed to such a hypothetical law, and would then be surprised if you told them you’d just described the “Online Safety” bill - if they knew what it was.

Literally the way these laws get through is because there are enough uninformed and politically non-engaged people that they can slip them by.

I honestly hate my current government with all my heart.

Let this series of badly-thought-out bills be destroyed in the courts once the courts find that reality bats last.

There’s probably a clause in there that decrees Pi must be four from now on.

> Let this series of badly-thought-out bills be destroyed in the courts once the courts find that reality bats last.

How? I thought the UK courts can't override Acts of Parliament, because the courts are subordinate to it (unlike in the US).

There’s still the option of appeal to the ECHR, but that’s more or less it - and there’s a quite strong push from the right to leave that as well.

This was absolutely an intended outcome for a lot of the figures responsible for the UK’s exit from the EU - European legislation/institutions were more or less the only real absolute check on the authoritarian tendencies of the British state, given the UK’s insane constitutional structures.

One think I have never realised before moving here, is that UK has an authoritarian streak going back a long, long time.

The desire to join such beacon of democracy as Russia in jeaving ECHR is heartwarming.

The thing about the "authoritarian streak" in the UK is that historically as a people we have mostly trusted the government and its police and security services to use the powers they give themselves by law appropriately. And although obviously there have been some serious failings in the past it's probably fair to say that overall they have earned that trust more than some of their counterparts in some other Western democracies so enough of our people continue to give them that trust that the same culture can continue. The danger for us is that it's always possible for the needle to move towards more frequent or routine abuses of power but once those measures make it into statute our trust-based system has few checks and balances to help us recover if it turns out someone went too far that time. That in turn is because our political/electoral system is itself fundamentally broken but also self-sustaining, which is a much bigger problem than just the risks of authoritarianism that we're discussing here.
And also the government does such a good act of gross incompetence I think most people think its fairly harmless to just ignore what it's doing.
Most people believe it’s incompetence
Incompetence is easier to swallow than evil. Our leaders aren't stupid. They know what they are doing.
They might know what they are doing politically but in terms of modern technology and its implications I'm not convinced they know what they are doing technologically or socially. They are being driven by vocal advocacy from groups with an agenda and the media. Those advocates do make reasonable points about things we can all agree are good or bad in isolation and so the politicians often go along with it. But that doesn't mean they necessarily understand the full implications or have thought through the long-term consequences of the laws and regulations they propose.
> as a people we have mostly trusted the government and its police and security services to use the powers they give themselves by law appropriately. And although obviously there have been some serious failings in the past it's probably fair to say that overall they have earned that trust more than some of their counterparts in some other Western democracies

I am not so sure. The recent history of the elites in London, and the rampant corruption and incompetence in the Metropolitan police is, surely, wearing down the English people's trust?

What does it take?

Yes - this is exactly the kind of danger I was referring to in the GP comment. The historical trend here to trust in our authorities lets strong policing powers (mostly) work as long as that trust isn't abused. But we've been learning the hard way that our governments and police services don't always live up to the standards we expect of them and some of the laws that were passed with claimed - and perhaps even honestly believed - good intentions can still lead to abuse and bad results. Then because we lack the checks and balances that less trusting cultures tend to incorporate into their systems - such as a written constitution that establishes a layer of fundamental laws that no single government can arbitrarily change - it can be difficult to stop the runaway train.
A few columnists have noted this. Institutions like the police, parliament and the BBC are coasting on their previously-earned reputations.

I think the ornate Palace of Westminster gives the political class too much cover, and if they moved into a modernist structure it would be more fitting and reveal their brute disregard for anything virtuous.

Direct line back to monarchy...

Of course it has an authoritarian streak....

Given that the English constitution and the Scottish constitution are incompatible (insofar as where sovereignty lies), it is no real surprise that the UK has never got a single codified one.

As it is the Scottish constitution is generally ignored, and folks more or less assume that the English one applies to the whole UK. If there was an attempt to properly codify the UK constitution, that incompatibility would have to be addressed, and that would open a can of worms.

IIRC Secondary legislation can be challenged in the courts and this is hopefully where the fight will take place between the well-heeled cat 1 service companies and Uk.gov

Else companies will leave or simply ignore the legislation, e.g. Signal, and the law will quietly become impossible to enforce with a series of arbitrary decisions and fines taking place before the digital economy falls off a cliff.

the courts in the uk are in the business of interpreting the laws that parliament creates. as these laws are mostly very badly drafted, there is a lot of wiggle-room.
> I thought the UK courts can't override Acts of Parliament, because the courts are subordinate to it

The UK Courts aren't subordinate to Parliament and can tell the UK government to "go back and think again". For example, the move to export immigrants to Rwanda.

https://ukandeu.ac.uk/rwanda-policy-unlawful-unpacking-the-c...

Your link doesn’t disprove that they are subordinate though let’s not dive in to semantics.

The government are just playing nice and taking heed (or pretending to) of the declaration of incompatibility.

The courts can not force them to change their policy. The courts can not overturn primary legislation, not even the Supreme Court. They are basically just law experts and publish statements on what is lawful and what is not. Their power is derived from how much - or how little - the Government decides to act based on their rulings.

It’s important to remember the courts exist because of Acts of Parliament (some very recently, eg the Supreme Court was created in 2009). Moreover, they are governmental departments!

I’m sure Boris Johnson considered legislating them out of existence during his tenure but decided it was a bridge too far.

> Their power is derived from how much - or how little - the Government decides to act based on their rulings

That's ... exactly the same as any other country in which the judiciary and executive are separate

Your 'current' government has been in power for well over 10 years.
What do you mean by this non-sequitur?
I think they are reminding the OP that it’s been the same political party and highlighting the distinction between a government and a political party.
It’s not just the current government, the whole of Parliament including the various committees are eager to just go along with the intelligence and security agencies who tell them encryption is bad.
Aren't Labour also in favour of this? So we're screwed anyway.
> gives the British government the ability to force backdoors into messaging services

This is NOT enforceable outside the UK any more than Chinese law enforceable outside China. If you are a messaging service, just close all your business entities in the UK and they have no more jurisdiction over you. People in the UK can still use your messaging services unless the UK decides to implement a firewall like China.

> which will destroy end-to-end encryption

I don't trust any E2E encryption unless at least the clients are open source. How do I know the NSA hasn't inserted a backdoor into WhatsApp?

And then if the clients are open source, the back doors they insert (via git pull requests?) can be removed.

Or they can be scraping screens so it does not matter whether your encryption is "trusted".
It's much more useful for agencies to backdoor hardware. If Intel chips, the snapdragon line, and AMD chips all have a backdoor allowing root, that's most of the devices out there that wouldn't need to have E2EE broken.
I'm curious how many companies will just block the UK rather than comply. It's definitely not going to be zero.
WhatsApp requires a phone number, implicitly deanonymizing you. It also lacked e2ee for a long time.

Signal requires a phone number. Use the fork Session that generates anonymous identifiers. https://getsession.org

Apple participated in PRISM and also requires an identifier such as an email address or phone number.

E2E encryption means that the content of the messages you send are encrypted. Requiring a SIM card to sign-up doesn't kill that feature.
Anonymity is not equivalent to privacy, although lots of characteristics overlap.
phone numbers cost like $5. phone numbers don't deanonymize you.
Would be amusing if British ministers could no longer use WhatsApp. They seem to be addicted to it.
Meta and Apple will come to and arrangement. Signal will not.

I'm not sure how I feel about any of that.

Agree entirely. Meta and Apple will make a lot of noise but ultimately neither will want to lose the UK market.
Have they quit Australian market?
Do they even have to block UK users?

Can't they just remove any business presence in the country to free themselves from any potential legal troubles?

Blocking UK users is removing business presence. How else would you go about it?
I mean having users in the country without having a business incorporated in the country, therefore there's no entity the Government has any jurisdiction over.
If you accept business from UK customers and take their money or data you need to comply with UK law, as well as collect & pay VAT to the UK. This is more obvious in meatspace, for example it’s obvious that Chinese companies are not allowed to send children toys containing lead to EU markets. Your country of incorporation likely has an international free trade agreement with UK that you can read for details.

Basically, you only need to incorporate in UK or establish a foreign branch if you need offices in UK or want to hire someone from UK (even remotely). The only way to opt-out is to block UK users.

> need to comply

Define "need". If there's no legal jurisdiction, where is this "need"? If a company wants to follow the rules, sure, it will so the thing. But otherwise, is there international legal jurisdiction that covers, for example, a company in Seychelles offering e2e encrypted comms that has users in the UK? Isn't it up to the UK to put in place blocking technology or laws that prohibit specific app usage?

I'm kinda thinking about the US TikTok situation.

What if the service is free, like Signal and WhatsApp? (and TikTok)

Sure, UK will just block you and they will compel app stores to remove you if they want to. That’s what they are doing with tracker websites already.

> Define "need". If there's no legal jurisdiction,

As I have explained your country has an agreement with UK that says they do have the right to make you follow their rules if you want to trade on their market. So they can sue you and your country will say yup that’s fine they can do that. It’s a mutual agreement, so your country can do the same if some UK company decides they don’t want to pay your taxes. There are also mutual agreements about establishing foreign branches & incorporating by foreign persons or companies and UK could demand you must do that as well, if they wanted to.

If there were no diplomatic relations or the country you’re exporting services to was sanctioned then it would be illegal for you to serve or trade with any citizens of that country.

Anyway regardless as before even if you find a country that you think is safe they can still just block your IP range and remove your app, but then you’re clearly not just doing regular business—this was about actual companies operating internationally, so this is a different goalpost. I mean sure, that’s how internet works, but that was already a given.

Also unless you actually live and manage your company from Seychelles or Russia then you should be careful because there are all kinds of laws about creating fictional entities (though mostly concerning avoiding taxes) and you could still be personally liable.

> What if the service is free, like Signal and WhatsApp? (and TikTok)

Certainly WhatsApp isn’t free, you pay with ad impressions and user data. UK can demand you pay tax on that and calculate how much you make for each of their citizens. EU’s doing it already, it’s called EU Digital Tax. Signal has some crypto stuff, they might want to monetize more. Anyway it doesn’t matter, just look at GDPR and how US companies treat it for real-world analog.

The whole thing will fail once they realise how impossible this is to implement.
I wish that were true, but I doubt it. They'll carry on, as they have in other self-immolating ways.
> The whole thing will fail once they realise how impossible this is to implement.

Uhhm…. Brexit?

These clowns (and not just this specific bunch, the entire UK political class) did Brexit, do you really think a small thing like the feasibility of this law will stop them?

What do you mean "these clowns did Brexit"? All they did was to organize a referendum. Why does this make them clowns in your eyes?
yeah all they did is organise a referendum and then work tirelessly to ram lies and propaganda down the entire country's throat to make damn sure it passes.
Just in case you're not british, no that's not what they did. They organised a referendum, voted in parliament to follow through on the vote, then spent 5 years negotiating pretty much the most damaging version of an exit that they could, burnt bridges with the EU, signed an agreement on the border with Ireland which they then decided to renege on, trashed our trade with the EU through failure to compromise on anything, failed to prepare our ports leading to massive queues and delays and the loss of small to medium business transactions with the EU. Implemented damaging and unnecessary additional british regulations which diverge from EU regulations and standards, necessitating extra cost to uk businesses which must support both standards. Screwed over the horizon science funding, screwed over studying abroad, and many other things too. There was a version of brexit that was minimally damaging, but on every case they pursued a maximally antagonistic solution in order to pander to the ERG and be seen to be tough to their senile voter base.
I bet somebody said that very sentence just after the country voted for Brexit. But no. The government handed out shovels and started digging their collective grave at an ever increasing pace.
I see GDPR as the same thing. People in Germany getting fined heaps for including google fonts in the websites.
Do they really get fined for this by a DPA or a court in Germany? Is it not one of these shady lawyers sending an invoice for “providing legal advice”? I (and people I “know”) reported countless uses of Google Analytics to our DPA, back when Schrems II was still effective, and all they did was send a bunch of letters. Anyway, GDPR is getting enforced, even if DPAs are slow. Not sure what your point is here.
Would this bill affect P2P apps? From the article:

> The Online Safety Bill, now at the final stage before passage in the House of Lords, gives the British government the ability to force backdoors into messaging services

So it seems like purely P2P communication could still be legally encrypted.

The UK Government repeatedly fails to understand that there are no boarders on the internet, and it'd be impossible to impose any without the kind of extreme restrictions of a totalitarian regime.

Any measures without broad international cooperation will push vast number of people towards darker corners of the internet, which will not just end up completely undermining what they are trying to achieve, it will make the problems worse.

Meta alone have the power to make this law a miserable failure. People will want to use WhatsApp, the government themselves use it extensively. If meta refuses there is very little they can do. Facebook can continue to operate without a single person on the ground in UK. It might harm their business in some ways but it's definitely doable. The government might be able to force/convince Apple and Google to take it out their app stores in the UK but such regional restrictions are easily bypassed and WhatsApp is popular enough to make people try it. So that would then normalise the practices such as side loading / jail breaking and avoiding regional restrictions. Cyber criminals would be rubbing their hands at the opportunities this creates and I am sure the peodos and terrorists this is meant to be stopping will jump at the chance to get in on the act.

Even with a totalitarian regime, they cannot stop the rest of the world from using encryption. People can pull their business entities out of the UK and they have no jurisdiction outside their borders.

If I create an E2E messaging app, I don't need to listen to the UK at all. The UK can't tell me what to do any more than China can. China can block my app if they want, but it's on them, not me, to block it. Same goes for the UK. They can set up a firewall too if they want. But I don't need to change my app if I don't set foot in the UK.

(comment deleted)
Yeah the UK doesn't have the clout of the US that does go after app creators in other countries all the time extraditing them to the US etc, or attempting to anyway.
They certainly can, if they wanted to - or they could block your app and exile you with minimum effort.

Telegram is half banned in Russia.

Of course this doesn't apply to the bad guys: they're already breaking the law, using E2E is a no-brainer for them.

The UK government can't ban math out of existence (even if it looks like they're trying very hard, judging from the quality of their education system) so there will always be encryption.

It's the same with guns: congratulations you've outlawed guns and now only criminals can use them.

Your last analogy is very poor because even against rising rates of criminal gun use, the UK and the ROTW apart from the USA continues to have substantially lower levels of gun related deaths and suicide by police, against the USA.

So true: gun use and ownership in the UK rises and is mostly criminals. It's still less of a problem per capita than promiscuous gun ownership in the USA by all measures I understand.

This has nothing to do with the "war on encryption by the state" topic

> The government might be able to force/convince Apple and Google to take it out their app stores in the UK

Apple has even threatened to withdraw their own systems from the UK rather than comply with this.

https://9to5mac.com/2023/07/20/apple-imessage-facetime-remov...

Unlike in China, where they do presently escrow keys to the government for mass surveillance.
Yes, because China has double the population as the whole of Europe. Ceasing operations in the UK wouldn't hurt their revenue as much as doing so in China.
So Apple's only principled if they'll make slightly less ludacris amounts of money?

It's really hard to be a credible "privacy/security" choice when your morals are plainly for sale...

Nobody is talking about morals here. Its bad for business for Apple to capitulate to the UK. It's bad for business for them to not capitulate to China.

And iPhones ceasing to be sold in the UK would probably be all it takes for public backlash to neuter the law. I imagine that's not on the table in China.

> Its bad for business for Apple to capitulate to the UK. It's bad for business for them to not capitulate to China.

It's very difficult to square these two sentences together.

On one hand, if they break their privacy and security for the UK government, it's bad for business because they'll continue to sell iDevices and services?

On the other hand, if they break their privacy and security for the CCP, it's good for business because they'll continue to sell iDevices and services?

You're tacitly admitting my assertion - Apple's morals are for sale.

If the US threatened Apple, we can expect they'll sell out there too, no?

> You're tacitly admitting my assertion - Apple's morals are for sale.

Yes.

China is much further from the Western world than the UK. Capitulation there isn’t a step onto the slippery slope. Doing the same thing in the UK would lead very quickly to EU and US demands to do the same.

By exiting such a small market, Apple defends the much larger markets against creeping surveillance.

Remember how fierce the backlash was to their CSAM scanning proposal? They walked that back. Some people might think it was for moral reasons, but I’m pretty sure they realized it would harm their bottom line.

The way things work in China is not the same as the UK. They either play by CCP rules or they don’t play at all. Apple’s calculus here seems to be that not playing in the UK market is worth it, whereas missing out on the Chinese market is not worth it.

Nobody needs to operate in China. That's the thing that's being overlooked.

Apple made a choice to operate there - and would have still been the world's most valued company regardless.

So, Apple's choice was to sell-out their privacy and security credentials to make more money - counting on their other large markets (ie. the US) not paying close enough attention to see the blatant hypocrisy.

"Security and privacy are great - unless we can make more money selling off your security and privacy to oppressive government regimes!"

Somehow that just doesn't have a catchy marketing ring to it...

So now there's precedent that Apple will violate everything they stand for if a large enough market demands it. What happens when the US government decides to place Apple in the crosshairs for not "helping catch terrorists" or something? Will Apple sell out too? Why not?

I agree with all of this. Though I do believe Apple would put up a fight—if it comes down to it they’d follow the law and keep selling phones.

We have examples of this from previous attempts to weaken encryption. The FBI’s San Bernardino case being the most memorable one for me.

While a good example, that was in 2015. There haven't been very many (or any?) public challenges since - which does make one wonder...

Apple could simultaneously backdoor their devices while also keep them secure from anyone but the government with a warrant. These things are not mutually exclusive.

The China precedent is troubling - to say the least.

You cannot backdoor a device in such a way that only 'certain' people can access it. Once that door is there, people will find an exploit it. The only way to be completely secure is never build the door in the first place.
You are wrong. Despite some recent movements to produce iPhones in other places, approximately 100% of all iPhones are made in China.

Without China, there is no iPhone, and there is no Apple. Apple, presently, needs to operate in China. They have them by the balls.

Compliance with CCP demands is non-optional.

This may change in the future. Today it is 100% true.

So you're claiming it's not possible to produce an iPhone in any other country besides China?

That seems incredibly dubious.

Who forced Apple to manufacturer iPhones in China?

Nobody.

US and European political leadership who made manufacturing unaffordable domestically.

It will take about five years optimistically to build that capability.

It's the global debt-based fiat monetary system. It squeezes workers hard and turns every industry into a winner-takes-all industry since workers are so poor they can only afford the cheapest of the cheap. In the old days, a business could afford to continue to operate and thrive even if they weren't necessarily number one at everything... People had enough surplus income to not worry about spending a bit more for some local product even if it wasn't necessarily the best value for money. Also consumers were not so insanely well attuned to squeezing every penny as they are today (due to lower financial stress levels) and this created more room for new businesses to compete with incumbents.

It's the effect of the monetary system squeezing the masses hard which forces everyone to buy the cheapest things and it created a kind of technological shrinkflationary race to the bottom.

You’re correct of course. Even so it’s worth noting that you could also call it the global asset based monetary system. Credits and debits are just two sides of the ledger.

In my mind, and definitely informed by my attraction to medieval Catholic philosophy, the problem isn’t really debt but rather usury.

Kind of interesting that the definition of usury became about 'unreasonably high' interest rates as opposed to merely any interest. I think the harm of usury can happen at any interest rate level depending on the specific details of debt contracts.

I actually think that if it's one's own money, they should be allowed to loan it at any interest rate since they're taking the risk upon themselves. If they can find a willing borrower at such high rates, then good for them. If the borrower agrees to a bad deal, then it's the borrower's own fault.

What I most strongly oppose is the idea of public institutions loaning citizens' money through the issuance of new currency (which dilutes the value of previously issued money). It's especially harmful when the interest rate is low.

For example, if the interest rate is 0%, then it's unjust for a government institution to dilute citizen's currency and shift the risk of borrower default onto currency-holding citizens (savers) without offering any upside to those savers; in that case, the central banks turn regular citizens (savers) into suckers by loaning out their money for free for the benefit of reckless borrowers who borrow it for free.

>US and European political leadership who made manufacturing unaffordable domestically.

Manufacturing consumer goods in the west was never unaffordable, just that insane corporates profits weren't possible while keeping manufacturing in the west, as they were in China.

A lot of consumer electronics were made in the west before the mass exodus to China. Nokia phones was made in Finland and Germany, Siemens phones were made in Germany, Ericsson phones were made in Sweden, etc.

It was all possible and they also didn't cost an rm and a leg, but companies saw the allure of ultracheap labor and loose environmental regulations in China to jack up their profits.

Right. And governments failed to establish public policies to make that unattractive when they certainly could have.
Exactly. Tariffs on Chinese made goods would have prevented this but everyone saw only shareholder value increasing opportunities so it was decided to offshore all electronics manufacturing.
> That seems incredibly dubious.

Check out the global battery supply chain

Are you asking if the west could make phones? Almost certainly. Have they chosen to do so? Not at all. Apple may be big enough today to possibly operate without china in 10-20 years, but no chance in 2007 or today.
It's not possible to make 25,000 iPhones per hour anywhere else on Earth right now. There are over a hundred thousand people who work on manufacturing the iPhone and you can't just clone them (and their skills and experience and knowledge) in a week, or a month, or even a year.

That's not dubious, that's obvious.

> Who forced Apple to manufacturer iPhones in China?

> Nobody

Ironically correct: the absence of alternatives — nobody else could do it — is what forced them in the first place.

The recent pressure from the US government to "bring it home" is because the US government finally started to realise that was both true and bad (doesn't matter if Huawei was really spying, Washington believed they were); similarly for equivalent EU pressure.

I think it's more that not capitulating to China would potentially result in destroying Apples supply chain. China could potentially kill Apple, the UK can kill a portion of Apples user base.
US stock listed Businesses have no morals, it’s amazing people somehow talk about them like people, not profit maximizing paperclip engines.
(comment deleted)
They have huge illiquid manufacturing in China. The government has a lot of leverage over them. Its impossible for them to gamble on this. It's not even comparable to the UK situation at all.
Nobody forced Apple to manufacture anything in China - let alone sell devices there and be held to Chinese laws regarding privacy and security.

Make no mistake - Apple traded their moral high-ground for a few bucks.

Even if they pulled all manufacturing from China, they could still potentially be kneecapped if China blacklisted them from purchasing things like gallium.

https://www.theregister.com/2023/07/27/prices_of_gallium_and...

China wouldn't care if Apple bought gallium if Apple wasn't selling/manufacturing devices there in the first place.

Apple made a choice folks... and it was to sell out to an oppressive regime. There is no other way to see this.

You really think if Apple completely boycotted China that China wouldn't retaliate?
Most companies in this world do not operate in China.

Apple made a choice. It's really simple.

I don't think they had a choice not to operate in China in any practical sense.

They could have not been a large scale electronics manufacturer, but then they don't operate in China by making an entirely different kind of choice to be an entirely different kind of company. I don't think any electronics manufacturer (or meta-manufacturer/designer/whatever/globalization is weird) within an order of magnitude of Apple's scale can practically operate without benefit of China's manufacturing base.

It feels like you have to bend the intuitive notion of "deciding" to operate in China even means for this to make sense and you just want to pin something on Apple here because they're a giant corporation, and all giant corporations are morally gray at best. The global economy has "decided" that China has the manufacturing base for this kind of business.

This doesn't seem productive in the way that appeals to personal responsibility fall flat in dealing with societal issues, like, we shouldn't have public drug treatment programs because people shouldn't do drugs. People do drugs, and there are costs to not having public treatment programs, so if you want to pretend it's just a matter of personal responsibility, you are indeed pretending, because it is also a societal problem not negated by framing it as personal responsibility.

Here, we assign "personal responsibility" to Apple for operating in China, when we have the "societal issue" of large scale electronics manufacturing centralizing there so that they have the industrial base for it. The world, on the whole, has allowed China to link into the world economy in this manner regardless of their humans rights record and other issues.

So, while there's nothing to love about Apple here, I feel like it's really missing the forest for the trees to frame this as an "Apple" issue in any sense whatsoever, but should be framed as a China-human-rights, globalization, and world economy issue, and we don't do ourselves any favors with appeals to "corporate personal responsibility"

A company has no morals… Its policies depend on the people within it, who do have all sorts of moral principles that are always more or less at odds with each other. Trying to go beyond that is a fool’s errand: a company is not a person. Everything makes sense once you’ve understood that.

When it happens, a company acting purely on someone’s moral code (usually a dictator CEO, though) sounds fine and reassuring. But on the contrary, this is unstable as you never know when that person will be sidelined, forced out, or realign their principles. At this point the company you trust can very well become an enemy. Just look at Twitter or Reddit.

On the long term, you need the company’s financial interests to be aligned with your (various) interests. This is the only thing that remains stable. Well, as long as nobody comes and make it private; then anything goes. It sucks, but that’s capitalism for you.

For the moment, Apple is mostly safe because basic privacy is their brand, and dropping it would be costly. This gives them leverage against some governments, but not so much against others. You can also count yourself lucky not to be born in China, but then there’s nothing Apple can do about that.

It's also important to draw red lines right away before unwelcome precedents are set. We'll do this for China and maybe for India if that market grows big enough, and we would absolutely do this in the US if compelled to, but we will not do this for anyone else. Except maybe for the EU.
No, the population of China is not the issue. The problem for Apple is that so many of their products are still made in China that if they anger the Chinese government they risk having their factories closed, leaving them with no products to sell. To say this would be disastrous for sales would be an understatement.
The last thing China is going to do is close manufacturing plants.

Apple makes 10x more selling in the Chinese market than they do in the United Kingdom, even with all of the roadblocks and handicaps China erects. Further Apple realizes that as the UK is a Western, democratic nation it is easy to essentially bargain about policies. Apple's current threats are essentially negotiating. There would be no negotiating with China about stuff like this.

Beijing can’t even shut down the factories north of the city that dump particulates into the lungs of the leadership and their families. No way they can shut down some of the big iPhone factories.
Are you joking? Even a random middle class flat in Beijing would have at least one OK air filter appliance. Party elites likely have pretty good industrial grade ones everywhere. First thing is shield themselves from the fruits of their policies...
I’m pretty concerned about what Apple is doing in China, but there’s no evidence at all that Apple is escrowing end-to-end encryption keys to the government. There’s also no evidence that the Chinese government is using Apple’s non-E2E keys (held in Apple hardware in a cage at a Chinese hosting provider) for mass surveillance. I’m not saying that it’s impossible: I’m saying if you could come up with that evidence, either through reverse-engineering or a verifiable leak from Apple, it would be the biggest story in tech. You would be famous and (if you knew the right hedge fund) probably very rich.
That Apple operates iCloud in every single country except China, where GCBD (AIPO Cloud (Guizhou) Technology Co. Ltd) operates iCloud, think I makes pretty clear what's going on.
That’s separate from iMessage, which is end to end.

Apple used to be able to access iMessages through iCloud backups. They changed their system worldwide, now they can’t. So presumably GCBD also lost access to iMessages in iCloud backups.

(comment deleted)
Apple can still read ~100% of all iMessages in real-time because iCloud Backup (non e2ee by default) serves as a key escrow backdoor in the e2ee of iMessage. It is thus legitimate to state that iMessage is not e2ee as in practice each iMessage is also encrypted to a key held by Apple (in addition to the endpoints).

Even if you turn it (e2ee iCloud Backup) on, it's ineffective, as both parties to a conversation must have turned it on for the conversation to be private.

Your beliefs are inaccurate.

(comment deleted)
> iCloud Backup (non e2ee by default)

I don't see any option to enable e2ee iCloud Backup on iOS 16.6, does this mean your information is outdated and it's all e2ee now?

It’s called “advanced data protection”. You’ll find it hidden deep within the iCloud settings.

It’s off by default.

Wow, thanks for mentioning this. I was also under the impression it was e2ee by default but it was actually disabled for me.
Interesting. FYI, I'm not an apple user, but no upset that some are.

I wonder. Is this an attempt to market? Make it optional, but tout "we do this!', as if it is?

It's not a bad marketing position.

More prosaically it's probably because turning it on means it's easier to lose access to your data if you lose devices/keys. Apple can't help you if they don't have the keys. It's not a bad marketing position.
Actually there is a third option, don't back-up your iMessage to iCloud in the first place. In this configuration you need to transfer your content from device to device using a local backup if you intend to keep your messages.

You the have the same level of privacy (if not higher) than with ADP. But with the same drawback, if your recipient does backup to iCloud without ADP then messages can be intercept by apple at rest on your recipient iCloud backup.

Incidentally ADP mainly target users that didn't trusted iCloud backup for the lack of e2e encryption at rest.

Yes and to be precise this is the relevant source : https://support.apple.com/en-us/HT202303

The optional iCloud feature called "Advanced Data Protection" is currently an opt-in. It comes with a significant drawback for typical pop and mom users --> If you lost you password and recovery key it's game over you loose everything. So I guess it's sensible to keep this as an opt-in until users are better educated about this drawback.

What will be quite significant is wether or not this feature will be available for chinese users.

It make sense from a technical POV to block ADP feature in poorly democratic countries that might request it like China and maybe tomorrow the UK.

PS : Once a significant % of users activated ADP it could be a good UX improvement to display a warning to mixed ADP status conversation that the conversation is not fully e2e encrypted. However this might be premature right now otherwise early adopters of ADP would be flooded by such warning.

There’s some confusion here, iMessage is end to end encrypted by default. That in no way protects the information on each users device.

If iCloud is enabled, then by default it gets unencrypted copies of these messages from the device unless “advanced data protection” is also enabled which ensures iMessage is encrypted but means losing your password also loses access to these backups. However, disabling iCloud sidesteps this issue and honestly if you want that kind of privacy then disabling iCloud is probably a good idea.

So if one users uses ADP and the other user disables iCloud then the conversion is protected.

If you scrolled down in the link provided above, it mentions with BOTH Standard and Advanced data protection messages are end to end encrypted, it’s just with advanced data protection the encryption key also ends up being encrypted too, but I’m positive even this has changed recently. You can try looking at logs when you turn on messages in iCloud and see that your messages are encrypted.

So lots of confusion in this thread, my advice for Apple would be make it very very clear to users that your data is safe. I mean they are threatening to back out of UK, so it’s against their core principles and also probably very technically expensive to undo they end to end encrypted system.

Correct me if I'm wrong, but I believe I've read that ADP is not fully available in China.
Don’t know why you’ve been downvoted. You’re correct. I forgot ADP was optin. This is likely why China allows it.

Also possible ADP is off as an option in China.

Of course this wouldn’t work for the UK system unless the UK demanded the iCloud keys same way as China has.

They don’t want their data leaving their country? Doesn't GermanyAlso have some privacy laws that require data on Germans to stay within Germany? Isn’t this just an extension of that in a way?
Is China the only country where this applies you mean? Because Apple runs the iCloud servers in every single country, except China.
Regarding the financial impact, what's the trade if they find out China is different? Shorting Apple? I don't think that would be a consequence. Nobody cares that China intercepts everything, we just don't want to live there or in a regime like it.

There was a rumor about separate HSMs for device personalization in China, and this would be verifiable by determining whether the Chinese HSMs could verify cryptograms produced by derived keys from a US device, against Apple's personalizaiton endpoints in china. I don't know the protocol off hand, but there is a short list of ways to do it. If Apple uses different root secrets in China from the rest of the world, what further evidence would you need?

Apple has claimed that they don’t allow China to intercept communications using these keys. They’ve said on the record to the WSJ that they don’t do any combination of these things, and they left very little wiggle room in their denials (Google Apple China encryption keys WSJ). If you could show that they were compromising security for the Chinese government but not making any allowances for the FBI, and that their executives were lying about it, it would be a massive political scandal. There would almost certainly be congressional hearings, simply because any one of {Apple, China, tech executives caught lying, tech executives secretly collaborating with foreign governments} is by itself an opportunity for Congresspeople to get their face on TV and this would cover all the bases. Following this there would be huge US government pressure for Apple to (at minimum) cease collaborating with China to surveil its people, or else to offer the same capability to the US government. Potentially Apple’s entire business in China could be jeopardized if it was predicated on secret collaboration, not to mention their whole supply chain would be even more at risk. In the long run Apple might maneuver out of the situation somehow, but in the short run it would certainly affect them very badly.
> Following this there would be huge US government pressure for Apple to (at minimum) cease collaborating with China to surveil its people, or else to offer the same capability to the US government.

Congress knows this would only kneecap one of their largest companies (with no fallback option at present). There is no iPhone without China.

Apple can and does already provide surveillance of this type domestically to FBI/DHS/et al. Approximately all iMessages are readable by Apple and extension by the USG in real-time, with or without a warrant.

>Apple has claimed that they don’t allow China to intercept communications using these keys. They’ve said on the record to the WSJ that they don’t do any combination of these things, and they left very little wiggle room in their denials

There's wiggle room in what you wrote: "Apple doesn't allow China to intercept communications, China just does it on their own" for example is a way to parse that sentence.

That would be a bigger scandal. If Apple's communication protection protocols could be subverted in flight (i.e., not via endpoint compromises) without Apple's consent or active participation, that would imply that the protocols themselves were just for show.
Chinese national security law includes a gag order for such assistance requests.

Apple can say they don’t allow it, because their local partner company is the one actually doing it. And the local partner would say they don’t allow it, because Chinese law (and the Party) requires them to keep all national security assistance secret.

US executives can be compelled to testify truthfully under oath. There is no "Chinese law compels me to keep this secret" defense to perjury charges in the US. If credible evidence emerges, Apple executives will eventually be forced to admit whatever they know. The only viable strategy here is to have a broken system and plausible "not know" it's being exploited, but that's a very fragile approach (technically risky, vulnerable to whistleblowers) and it only works once.
> held in Apple hardware in a cage at a Chinese hosting provider

There's also no evidence to support the claim of this architecture, either.

> You would be famous and (if you knew the right hedge fund) probably very rich.

Famous, sure.

Rich? Perhaps… but I suspect that annoying a superpower will mean that, like Snowden, one would be somewhat restricted in ability to make use of any such wealth or fame.

Would like a citation for this. Also, Apple recently deployed e2e encryption for all of iCloud, and this is live even in China.
True, but the Chinese are in control of the iCloud system used for Chinese residents, which was carved off to comply with Chinese law.
You can frame it the different way: Apple has given up improving the freedom of the Chinese people because that is infeasible. But it hasn’t given up hope on the West.
Or Apple doesn't care about either, just pays lip service to both.
They are a corporation. They care about making money. Privacy concerns are completely and utterly subservient to this goal.
That’s because Apple still makes their hardware in China & America. But not in the UK.
>The UK Government repeatedly fails to understand that there are no boarders on the internet

Don't know what universe or timeline you're from, but on this earth today, the internet definitely has borders.

That's why we have those EU cookie banners and GDPR consent forms, and why some of my favorite piracy websites are blocked by all ISPs in my country, or why I can't watch Top Gear on BBC's website because I'm not from the UK, or why Facebook had to remove some politically spicy content worldwide because the courts where I live forced them to, etc, etc.

Mainstream web companies have to conform to local laws in each country or they'll get fined or blocked. Sure, there's VPNs to circumvent that, but the days of the lawless and borderless internet are a thing of the past.

My choice of interpretation is that those aren't internet borders, they're copyright borders, commercial borders, layers on top of a borderless internet.

This argument tends to break down at The Great Firewall of China, however, due to its thoroughness.

Unfortunately, we see those EU cookie banners and GDPR forms even if we live and visit a non-EU web site from outside. It doesn't target only the people inside the EU. So for this particular case is has no borders.
Ever been to China? The internet certainly has borders and boundaries. Sometimes you can sneak across or get a visa, but individual nations make their own rules. Most people either follow them or remain unaware of them, and large multinational companies will typically follow local laws because they are juicy targets.

In the UK, companies which protest this law are threatening to leave the market. That would mean blocking UK users on their properties, not helping them find ways to break the law.

Or, when you say "no boarders," do you mean that the internet is not zoned for residential use? Sorry if I misunderstood.

"and it'd be impossible to impose any without the kind of extreme restrictions of a totalitarian regime."

Surely china would fall under that statement from OP's perspective.

If the UK implemented something like The Great Firewall of China, it would be a gigantic statement about the country's future ideological direction (arguably started and in line with Brexit), and may actually be enough to cause protests large enough to make a difference.
Don’t give our idiot Government any ideas.
>arguably started and in line with Brexit

I disagree with this part. The EU is on that same path. The EU Great Firewall idea has been kicked around for years and it has even shown up in some policy suggestion documents.

I think the EU started down the path all on it's own. Fining someone who has google fonts is a bit over the top.
I disagree for the simple reason that I've lived in the UK for 40 years, and I recall each home secretary being more authoritarian and pro-surveillance than the last. The RIP bill is a decade old and was strengthened, under home sec May, before the referendum.

I would describe the EU as wavering. Perhaps they'll do it, but it's far from certain.

100% correct - the EU is a relative bastion of sanity in comparison.

It would be nice if the UK government used the ridiculous powers they gave themselves to hold Boris Johnson to account though.

Brexit is a refusal of authoritarianism and introducing another layer of "barely elected" government, which is why the UK is being punished for following through with Brexit.

Of course most governments in the UK, like everywhere else (whether right or left wing) are, more or less secretly, authoritarian so they will be favourable to a great firewall when the right time comes.

The EU has been talking about it for some time and I'm sure they'll stick it together with some 600 pages policy nobody will bother reading at some point. https://diginomica.com/eu-policy-doc-recommends-building-eur...

They can't remove all our freedoms at once or people may lift their heads from their smartphones and protest.

We're being slowly boiled alive.

The UK is not being "punished". All the consequences of Brexit are imposed by the UK on the UK. (Also, it seems to be leading them somewhere more authoritarian, not less.)
(comment deleted)
Brexit for most people was about almost nothing at all. It was an empty shell of an idea that people poured their vision of a better country into. That's why the UK is being 'punished' - because nobody had a single actual decent idea of what they wanted.
"Brexit" the movement has lots of meanings to lots of people but is generally a set of issues/complaints. The people that movement enabled (brexiteers) have almost universally made those issues worse.
> introducing another layer of "barely elected" government

If the UK really cared about unelected government, why don't they get rid of their House of Lords? This would have been much less painful than Brexit. It looks a lot like this unelected government complaint is just an excuse and not something that they actually care about.

(comment deleted)
I’m not on-side with Brexit, but it’s not like the UK public have been given the chance to vote on dissolving the lords at this point.
That's the kind of opportunity which must be seized, not received. The French figured this out but the British probably never will.
Bloody revolution is not really appropriate here, the majority of the House of Lords is already not hereditary - of 780 seats, 90 are occupied by hereditary peers and AFAICT they will no longer pass their seats on.

The issue is whether the leaders of the commons should be able to appoint people to the upper chamber for life, whether the church should have a seat at the table etc. Or whether the upper chamber should be directly elected. It’s a matter of governance and constitution more than embedded privilege.

So as much as “Guillotine the nobs” would be a popular cry, most of them aren’t nobs in the first place.

This kind of cope is why you'll continue to be stuck with them.
I don’t live there, and explaining the situation, which you clearly don’t understand, is not ‘cope’.
I am confident that you have accurately conveyed the British mentality towards their circumstance, and therefore the reason their circumstance will continue.
I am confident you don’t understand what their circumstance is, such that your comments comparing it to the French situation a couple of centuries ago are born from nothing more than ignorance.
Hmm...

French Revolution - 1789.

English Revolution - 1649.

So the English cut off their Monarch's head before the French did. But we then invited the Monarch's back after not liking the republic of the "Lord Protector".

Admittedly the English state, not the later British state, but anyway...

I don't think they care about unelected government - a relative novelty in historical terms - so much as being ruled by foreigners.
I spent a long time rebutting each counterfactual in turn, but then I recognised that I was falling for a gish gallop. Furthermore, as dang is (rightly) adamant about avoiding personal remarks, I had to cut out the funny bits.

So instead, here's the simple truth.

The UK, in a surge of authoritarianism, cut its own balls off by leaving the EU (and the Civil rights it confers). It did this to appease fringe nutjobs and to make a pile of money for hedgies. Then it howled in pain and blamed the EU, even though the EU was against the chopping of the plums from the get-go.

The conditions for this bollockectomy were created by a barely-elected government, after the fall of which we have had, mainly, unelected government.

This entire manoeuvre was done under a screed of fractal dishonesty, in which scuttling little fibs decorate a structure of brassy falsehoods all stacked higgledy-piggledy on a giant whopper. Unwilling to accept the blame, the responsible parties continue to lie to this day.

In a parallel move completely unrelated to the above, the unelected UK government is ramping up surveillance. The EU has not done this, but the liars blame it anyway.

Today I learned the phrase “gish gallop”, which is both really useful and really fun to say.
Protests? I would leave the country. I'm already disillusioned as it is.
To go where?

Serious question as a UK citizen who doesn’t live there anymore. Post-Brexit, leaving is surprisingly difficult despite the refrain of the morons who say “if you don’t like it go somewhere else”, blind or ignorant to the fact they removed that option.

You can always go to Ireland, curtsy of the so-called CTA.
Good point, I’d forgotten about that. Probably one of the easier and better options.
"There is a time when the operation of the machine becomes so odious, makes you so sick at heart, that you can't take part! You can't even passively take part! And you've got to put your bodies upon the gears and upon the wheels ... upon the levers, upon all the apparatus, and you've got to make it stop! And you've got to indicate to the people who run it, to the people who own it, that unless you're free, the machine will be prevented from working at all!"
"When in the Course of human events, it becomes necessary for one people to dissolve the political bands which have connected them with another, and to assume among the powers of the earth, the separate and equal station to which the Laws of Nature and of Nature's God entitle them..."
UK rebelling against the UK itself would be a nice (and IMHO, deserved) end to the empire.
We're British. Our protests either don't matter or are banned.

Perhaps you meant another democratic country where the idiot clowns hadn't taken over the circus ...

The UK doesn't need to implement a Great Firewall; if they succeed in convincing service providers to voluntarily exit the UK market, then each service provider will block traffic to/from the UK on its own. A few shitty laws may be enough to incentivize the emergence of a Great Patchwork Firewall.
The internet most in China have access to is best viewed as a national intranet.
I already block EU countries from my site. Wrote a gem called "GDPR safe" and it returns an http error code 457, if the IP address indicates an EU country.
Thank you. If only Meta would take this approach everywhere and not just Threads, society would be better off.
The borders and boundaries are bypassed with a roaming SIM card.
Cell towers operate from within the country though and are subject to their laws. That we can bypass things as foreigners is only at the government prerogative.
Correct, however the fact that this situation exists at all I feel is oft overlooked. The implications of it can be debated but the fact remains.
> That would mean blocking UK users on their properties, not helping them find ways to break the law.

That's a sad reflection of the tech industry. Too much "we can't make money from them" and too little spitefulness of the sovereignty of foreign governments.

>The UK Government repeatedly fails to understand that there are no boarders on the internet, and it'd be impossible to impose any without the kind of extreme restrictions of a totalitarian regime.

Why would the latter stop them? They have no problem with these.

>Any measures without broad international cooperation

Don't worry, other governments are just as shitty and want the same BS.

It's Charles II banning coffeehouses all over again.
The central problem with the UK is that they've never fully embraced, or taken the time to understand, an inherent, universal, unconditional right to freedom of speech by all of their citizens.

Kings respected it... when it was convenient.

And so the democracy they begat also only respects it... when it is convenient.

But freedom of speech when another permits it is no freedom at all, because the right's value increases precisely with its ability to stand up to other, more powerful interests' disagreement with speech.

It's not impossible. The pandemic showed that you don't need a Hitler or Stalin figure to be ruled with an iron fist. The oligarchy could just make the pro encryption people the new ivermectin.
> The oligarchy could just make the pro encryption people the new ivermectin.

Can you elaborate?

Encrypted files? You're obviously a money laundering, drug trafficking, child abusing terrorist. I pronounce you guilty and off to the waterboarding room with you.
They can create a whole new narrative around anything and you reward people with some power that would subscribe to that new story.
OK, but I was referring to the "ivermectin" part.
Ivermectin had every institutional accolade that a drug could have but because authorities wanted to take power away from doctors (took away their agency) to offer off-label use they had to "nerf" it to the point of horse paste. Do a Google search for Ivermectin for before:2020 and after:2019 and you will see the narrative change.
Ivermectin has legitimate uses for humans and other animals for various invertebrate parasites (mites, lice, and worms); it is in fact prescribed to humans for those parasites. There is only in vitro evidence for it being effective against the virus causing COVID-19; if there is in vivo evidence for it being effective against that or any other viral invection, I'd love to see it.
The bigger point is that they took away the agency of some doctors. The vaccine and ivermectin both didn't have enough time for testing for safety and efficacy.

“It is hard to imagine a more stupid or more dangerous way of making decisions than by putting those decisions in the hands of people who pay no price for being wrong.” Thomas Sowell

The international network we used to know has been destroyed. It is fracturing into smaller regional networks with heavy filtering at the borders as countries seek to impose their little laws on it.

I'm glad I was able to experience the true internet while it lasted. Truly a wonder of this world.

Encryption respects no authority...

... which is why they continue to come for encryption.

I think it's dangerous to assume they fail to understand. These are smart people with good advisors. They just want to do it anyway. Which puts them in the category of evil.

Who would you rather be in the public eye, evil or stupid?

> They just want to do it anyway.

some background here.

the opposition in the UK is accusing the government of dragging their feet over this law, and are pushing them to adopt it sooner. they are also criticising the government for watering it down.

various NGOs are also attacking the government for watering it down and not moving as fast as possible.

basically the whole political spectrum is not only for this law, but wants it strengthened even further. there are also calls from the public for the government to go even further.

this is why there is no real backlash against this law. everyone no only wants it, but wants it to go a lot further than what the government has proposed.

> These are smart people

They really are not. The current crop of UK politicians of all stripes are thick as they come - intellectual lightweights who can bullshit their way through a media appearance thanks only to an abject lack of shame. No one can look at people like Mark François, Liz Truss or Dianne Abbott (just to take three) and think “ah, there’s someone playing dumb for the camera”!

Unfortunately, the current crop of journalists are largely ineffective if not broadly enabling if this kind of behaviour, and politics is not a field anyone not already independently wealthy can afford to be in (a junior developer in the Bay Area can easily make more than the Prime Minister) so it does not seem likely to self-correct.

> If meta refuses there is very little they can do. Facebook can continue to operate without a single person on the ground in UK

If it came to it, Whatsapp could be blocked at the network level. All the gov need to do is impose regulations that forbid ISPs and other infrastructure hosts to carry the traffic.

And then you present commercial VPNs to people who might have never heard of it.

Now you need to block VPNs, and the cat-and-mouse game gets in full action!

Also, at this point you've basically implemented the roots of a British version of The Great Firewall.

As GP pointed out:

> such regional restrictions are easily bypassed and WhatsApp is popular enough to make people try it. So that would then normalise the practices such as side loading / jail breaking and avoiding regional restrictions.

If people would be doing this (using a VPN, for instance), they would know how to bypass those restrictions.

Breaking encryption is not good for anyone and won't solve absolutely any problems, except the "problem" of right to privacy.

https://en.m.wikipedia.org/wiki/Right_to_privacy

Sure, it can be circumvented. But 95% of people won't be bothered / wont know how / wont want the hassle.
>The UK Government repeatedly fails to understand ... impossible to impose

Yeah but it's never worried them much in the past. As a Brit I occasionally come across the effects of them requiring ISPs to block piracy sites. Something comes up saying "this site is blocked" so you click like one or two buttons to switch to a different connection or turn a VPN on (VeePN is good and free). I imagine their encryption ban will be similarly tricky to avoid. I think it's more about looking noble to the electors than actually achieving anything.

I think a large majority of the "non technical" population would have no clue how to sideload apps, or even that it was possible, and that the more likely result of WhatsApp being withdrawn from the UK would be massive screaming from the public of such intensity and wrath that the government would be forced to backtrack.
Legislators, courts and bureaucrats (in this order) always fail to grasp such things. That's an idea erodes their jurisdiction and authority, and abhorrent to thee ethos.

No borders (from their POV), puts internet businesses above the law... which it sort of does. The global village happened, but global authority did not. There are no clean resolutions to some of these tensions.

They might even understand that but if they think that they'll get more votes by banning e2e encryption, they'll ban it. If people will sideload WhatsApp, they might not go after them. They'll keep the extra votes coming from "we care about the children" and lose very little votes for the small inconvenience of sideloading once.

By the way, does a sideloaded WhatsApp on Android still update from the Play store? And what will iPhone owners do?

I don't think the thing driving this initiative is public sentiment. The public, obviously hates child abuse and that's a convincing argument. Child protection organisations might be vocal proponents... but law enforcement, mi5 and whatnot are also probably strong advocates and tend to have the ear of governments.

This is a security/law enforcement issue.

I see no failure to understand. The UK is a pragmatic imperial power, not a collaborative cooperative peer. They built Empire upon the asymmetric application of technology. When time to surrender Empire, they did so. When time to build a Financial Empire, they did so. When the time comes to build an Internet Empire, I'm sure they will do that too, by applying whatever technology they have at hand.
When is the time to build an internet empire if not 20 years ago?
Good point. I'm not right now privy to their rarefied machinations, but I'm sure they have some aces in the hole.
I bet the five eyes are exited about this then maybe the us and Europe can use the uk to spy on their citizens. Since it’s not them doing the spying hey presto legal.
Funny thing is, this doesn’t hurt criminals at all. If you’re doing serious crime, you bring your own encryption. There are cartels that spend a lot of money rolling their own crypto.
In the UK we have a huge problem with children sending hateful communications online which cause anxiety and distress. As it stands we can only arrest children who are doing this in public but banning encryption should give authorities more power to arrest children who are committing these crimes in private (eg on WhatsApp).

The list really of hate crimes being committed online is endless and these are just the criminals doing this in public:

https://news.sky.com/story/teenager-jailed-for-sending-racis... https://www.bbc.co.uk/news/uk-england-merseyside-4381692 https://www.bbc.co.uk/news/uk-england-tyne-52877886

Are you being serious? Racist trolls causing "anxiety and distress" is justification for undermining everyone's security and privacy? Shame.
I am trolling, but in my opinion this is likely the reason for the attack on encryption.

Everyone occasionally says bad things in private, so banning encryption and policing hate speech laws basically criminalises everyone.

Well, I just hope you're preaching to the choir about that here. All have to add is that the people deciding these laws also enjoy parliamentary privilege which exempts them from slander and libel charges. Isn't that nice? They can be untouchable while you and I get to have our stripped away.
I'm going to assume this is the case:

"I'll sometimes use sarcasm as a tool to make you think harder about an opinion expressed."

Yeah, cool you read that.

I find being highly disagreeable often helps makes a point. It's find it can be hard to invoke appropriate emotional outrage with a well reasoned argument.

This only works if you really commit to remaining disagreeable and never reveal that it was all a ruse.
Is this satire? Between being pro child-arrest, and using the phrase "anxiety and distress", which seems to be rather uncommon, and is the exact same phrasing as your 3rd link, I'm starting to feel like parody is the most likely option.
Sounds a lot like something the U.K. Home Secretary would say, sadly.
That's... disappointing.

But, I guess values drift is a thing. My country hasn't been part of theirs for quite a long time, and I guess it has just diverged to that point.

Ironically, irony is no longer possible in the UK.
This assumes criminals are not stupid which is not always the case.
The UK is an island, physically and metaphorically. It can dig its (financial) grave if it wants to, the rest of the world won't really care much.

The headline is false.

Indeed. The article itself doesn't explain why this will affect the rest of the world. In fact, Apple has said they would consider withdrawing FaceTime and iMessage in the UK if this law goes ahead, so I think it is unlikely it will affect the rest of the world. Either the UK will be left with fewer encrypted products, or they will do a u-turn.

https://www.theguardian.com/technology/2023/jul/20/uk-survei...

I've lost count of the number of u-turns they have done already. I think it's like 5 or so.

(I'm including their various attempts to ban porn from the internet.)

The rest of the world is taking notes. They're trying to push something similar through in the EU. The US has at least 2 or 3 bills active right now that would have similar effects.
The UK is a number of islands.

The main one being Great Britain, plus a chunk of Ireland. There are then a number of smaller islands around the English, Welsh, and Scottish parts of Great Britain.

Let me guess, to protect the children and the rest of us from terrorists?

You know bad actors won’t care about your bill, I would love to see how the government is going to block an email encrypted with gpg?

> to protect the children and the rest of us from terrorists

Don't forget the pedophiles.

I presume GP's comment was meant to be read "to protect the children[? and protect] the rest of us from terrorists?
Yeah well I have an AR-15 try to take my BSD and OpenSSL away bitch I dare you.
Most sieges don't tend to end well for the person inside the building.
Especially these days. You're up against drones now, so it's not like you're going to do any damage on the way out.

Find another means of resistance, ideally a nonlethal one (they bet everything on terrorism). Bunkering with a shotgun and a six-pack won't cut it anymore.

Could you please stop posting unsubstantive comments and flamebait? You've unfortunately been doing it repeatedly. It's not what this site is for, and destroys what it is for.

If you'd please review https://news.ycombinator.com/newsguidelines.html and stick to the rules when posting here, we'd appreciate it.

[flagged]
The excess death rates between anti-vaxers and the vaccinated show that, in fact, the experts had it right all along.

Similarly here, experts are pushing to maintain encryption for the sake of public safety. Weird you think your two examples cast doubt on expertise.

Governments have always tried to maintain power through breaking secrets. But there's no evidence governments tried to do anything but vaccinate and protect their populations from COVID. How was any of that a power play? What irony?

> The excess death rates between anti-vaxers and the vaccinated show that, in fact, the experts had it right all along.

Yes. In your imagination. Because there's no good data on that. He'll, wallensky when asked suddenly went on not having good data to avoid showing how the vaccine passports were a sham.

With that said, there's always some bullshit excuse about security and there's one for this bill. You're just the authoritarian spreading the same propaganda inconsistently.

> Similarly here, experts are pushing to maintain encryption for the sake of public safety.

Lol. No. Experts are testifying in favor. The government said so. And for once, the commercial interests of the companies is not aligned with gov so we don't censor the EFF like we did the great Barrington declaration... But we're not far from calling them names and implying the use of certain tools suggest criminality (see France).

> Weird you think your two examples cast doubt on expertise.

I'm just pointing out hypocrisy. I'm obviously in favor encryption and freedom.

The thing is, just like with my body my choice, I'm consistent throughout and not just when it benefits me.

> Governments have always tried to maintain power through breaking secrets. But there's no evidence governments tried to do anything but vaccinate and protect their populations from COVID. How was any of that a power play? What irony?

Lol. Really? Have you been asleep the last 20 years? The patriot act is also about security and terrorism? Do you not believe in corruption you can see and hear about daily if you only look for a bit?

Government does hygiene theater, gov settles on a beautiful corrupt loop. Companies get bailed out and money transferred from tax payers to them. Media and tech thrive through the lockdown (propaganda, payments, locked in audience). Big Pharma makes a killing.

It's simple hygiene/security theater and corruption. Not a grand masterplan.

But the fact that you stare "there's no evidence the government tried to so anything but vaccinate and protect" shows you're either extremely dishonest or just 100% brainwashed. Authoritarianism at its finest, ignoring what your eyes see in favor of "govs, the same ones we criticize for nearly every other thing, has our best interests at heart, pinky.promise"

The government is funded by taxes. Shutting down a large amount of commerce during the lockdown caused a huge hole in their funding. They didn't want to lose their income but that was the most rational and evidence-based approach. If they wanted to be authoritarian and control everyone they wouldn't have also harmed their finances so drastically.
That's hilarious. "Evidence based"? What evidence for this unprecedented lockdown? China lobbying Italy to do the same as them?

They didn't harm THEIR finances. They harmed those with least wealth. The ones who didn't get grants, or to grow inmensely in those times, those that weren't allowed to work...

Politicians and influential leaders thrived not even having to follow the rules they set for others.

[flagged]
You're posting in my comments with disingenuous assertions and then crawl back pretending it's about following rules.

Next time, have good arguments and sources instead of partisan FUD. Or go to a place where mods will censor oppposing opinions, should feel very familiar to you.

Edit: https://news.ycombinator.com/item?id=36927440

Go partisan troll somewhere else.

Corporate welfare existed before the pandemic.

I'm not engaging further either. Maybe you could go to 4chan where your unhinged conspiracy crankery will receive no pushback, just the validation you're craving.

. What the hell is this? Concerted effort trolling? Low effort labeling?

Wtf is up with HN and trolls who can't deal with debating.

Is this legislation likely to land? I mean I'd expect all relevant vendors to drop the UK than to pick up so much liability and be expected to hold it world wide.

Apple told the US to suck lemons why would it kowtow to the UK.

It does in China, but maybe the market is too small??
It's a desperate lame-duck government, heading for an electoral wipeout of historic proportions - all bets are off.
The two main parties do not care about civil liberties or privacy. This will resurface in the next administration under a new name with a few tweaks here and there.
But it will have to be lobbied for again, to different people, and with right-wing tabloids ready to be pointed at anything vaguely controversial in it. It will be a very different battle, and likely much easier - if anything because the government will want to win the subsequent election, whereas the current one knows very well that they won't, regardless of what they do.
yes, it's almost certain at this point.
Would this Online Safety Bill have protected Julian Assange from being imprisoned by a foreign totalitarian regime?
No. There's nothing that would have stopped that. If the US wants to make an example of someone, laws don't stop them.

Nice thought eh?

Doesn't help that Australian has some sweet FA to help one of its citizens. Weak as piss.

This is uber stupid, because it will create way more divided internet (all countries will start separating further) and will create loss of trust in western/UK/US products (why would rest of the world continue to use iPhone/MacBook, google, Amazon, etc,..) therefore it will have huge cost in terms of lost revenue to all big companies. On the other hand there are smarter ways to do what is needed that respect privacy and do not cause such unnecessary economic harm to companies, but hey we'd need to have smart people in the governments (which are full of not smart people). Another aspect is that this will be unenforceable for huge majority of individuals since there will be plenty of solutions that will circumvent this, plus then number of companies will start forming companies in non affected geo's (off shore etc) and provide for example alternative to Viber/Skype/google/etc.. (some already exist).
> it will create way more divided internet (all countries will start separating further)

IMHO that's the future.

Yep will be as effective as trying to block Activision Blizzard deal.
that actually worked.
except it didn't and the deal is going through.
If you live in the UK, then please go to the UK Government and Parliament website and sign your name on this petition: https://petition.parliament.uk/petitions/634725

It's currently at 6,327 signatures; it needs 3,673 more for the government to respond and 90,000 more after that for a debate to be considered.

Writing to your MP (don't use a template) would be more effective. I have yet to see a single one of those petitions that resulted in anything more than a brush off. Even much more popular ones.

Letters to MPs almost always result in a brush-off too but they do take notice of them at least. Very occasionally you do get a non-template response too.

I've written to my MP twice in my life (as you say, non-templated because otherwise it's as meaningless as sending them a photocopy) and got a detailed response twice. If you take the time, they generally do too. (Obvious caveat that this is a sample size of one person and two emails / letters...)
I've written to an MP maybe 10 times in total and I would say 80% responded with a template. But they do at least have to have an assistant read the letters and pick the right template response.

The one I remember where they didn't do that was when I wrote to them saying that Ordnance Survey's maps should be free, and that did actually improve! They're not totally free not but they are much freer.

And the worst response I've had was the most recent when I wrote about the UK's insane criminalisation of term time holidays, and they wrote back assuring me that they were doing everything they could to deal with COVID??

Even so, still much more effective than petitions.

This is interesting- 6k signatures (and just the one (no duplicate) petition when searching seems very low. I suspect there isn’t a huge amount of knowledge in the Facebook-mass-share spheres that usually kick these petitions into the big numbers.
For context this is a cross party designed in committee policy.

Yes, both parties are that bad.

The dumbest thing about this is you create a single attack vector for nation state enemies who we know now all have the facilites to exploit this.

You might as well just turn the lights off and hand Russia, China, Iran, N. Korea the keys.

Still, an early general election would put the brakes on this bill. The next Labour government will be under no pressure to pick it back up, and in fact will likely be under quite a bit of pressure to let it go.

This is the sort of terrible throwaway law that results from lame-duck governments.

What do you base that on?

My understanding is this bill will have cross party support and has been in development for many many years.

It might be politically expedient to abandon it at some point, but the mainstream media largely have completely ignored it and the public have little knowledge of it but at all

Many many years with the same party in power. Whereas New Labour, at the peak of their electoral dominance, couldn't even pass a bill to get an ID card the rest of Europe has had for centuries.

It's much easier to whip the right-wing into a frenzy when the government is not their natural friend.

Labour did introduce ID cards. It was one of the first acts of the Cameron government to scrap it.
Yeah because they had committed to it, the act was stillborn and everyone knew it.
Your entirely false recollection of history is because you start with a premise and work backwards.

Labour's official stance is this and related bills don't go far enough.