[News, Call for Action] The U.K. Government Is Very Close To Eroding Encryption Worldwide
eff.org
cross-posted from: https://monyet.cc/post/153506
The U.K. Parliament is close to passing the Online Safety Bill, which threatens global privacy by allowing backdoors into messaging services, compromising end-to-end encryption. Despite objections, no amendments were accepted. The bill also includes content filtering and surveillance measures. There's still a chance for lawmakers to protect privacy with an amendment preserving encryption. A recent survey shows the majority of U.K. citizens want strong privacy on messaging apps.
I'm surprised banks haven't stepped in. They wouldn't help for the good of the world, but this would destroy online commerce and banking.
Why would banks step in? All your financial data is already accessible to the government.
I doubt any of these efforts will break TLS, in-transit, or any at rest type of encryption. They’re goal is to break E2E “zero access” encryption, and it’s usage by commoners. The data and services they can’t already gain access to… Even if they did, politicians will absolve their capital handlers the same as they always absolve themselves, because they’re criminally corrupt corporate whores.
Not because they care about the government. Because they care about hackers.
Creating encryption backdoors for the government means creating encryption backdoors for hackers. Because once encryption is weakened, it’s weakened.
Again, they aren’t going to break the encryption that corporations use, because the laws they pass are ghost written by corporations. Multinationals aren’t going to abandon their own security and dramatically increase their risk because some UK oligarchs go off the deep end.
They will only break the encryption that the proles use, because this is only about increasing control, power, data mining, and profits.
London was Europe’s banking center. Post Brexit much of it has moved to other EU countries, but there are still large teams in London handling investments all over Europe.
At this point they should just try to ban Math because that’s what they’re essentially trying to accomplish fucking morons man
The state of Indiana once almost passed a bill that would've legally defined the mathematical constant of pi to be 3.2.
The UK doesn't have sufficient international clout to do much of anything on a "worldwide" basis.
I don’t know if post-Brexit Britain has the juice for this. If nothing else, Signal is going to exit. Losing the entire EU is a major hit to a company but losing the UK? I could see companies just offering a degraded experience for UK users. (Green bubble style, basically.)
Funny you mention green bubbles, Apple has said they would pull iMessage and FaceTime from the UK rather than add a backdoor. Signal and WhatsApp have also said they would leave the market rather than comply and Google has opposed the bill but I haven’t personally seen any reporting on if they said they’d pull services from the UK.
WhatsApp is huge in the UK.
Apple has said they'd disable relevant services in the UK if it passes
Galaxy brain idea: Just encrypt your messages manually. Agree on an algorithm and trade keys in-person, then send each other encrypted files that you decrypt with a separate program (and for added privacy, on a separate device that doesn't have network access). It's not convenient at all but the idea is hilarious.
There's an urban myth at my university that two students did this to test rumors that the school emails were being monitored, and after a few weeks later IT emailed them asking them to stop.
As in, run GPG like you already do on important emails? mind == blown
You can go a step further and do Diffie-Hellman on a pocket calculator for key agreement. Authentication is left as an exercise for the reader tho.
I feel more companies will just leave or reduce rather than give in.
The UK has always been on the leading edge of encryption, because they've got to work out what Northerners are on about.