"If you get this wrong, you’ll end up criminalizing a lot of people whose only offense is using or selling a phone that is too abnormal for the Government’s official tastes," she writes. "Either you’re an obedient consumer who uses what Samsung, Google, Apple, and Meta have to offer, or you’re a criminal. Good luck developing your moribund tech industry with that attitude."
Great that more people are speaking out against govt overreach.
Many of those lawmakers want to regress back to the 18th century, replacing modern banking with cholera. Not having a tech industry isn’t a threat to them, it’s the goal
Theres just as many politicians who fall for the “save the children” pitch as there is politicians who really truly want a surveillance state. It pays to keep repeating this. There’s no conspiracy.
Knowing nothing about the bill, the title of it tells me it's something that will compromise online safety -- and indeed, seems like it.
The one tasty morsel here is the (unprecedented?) threat of holding corporate executives criminally liable for harms. Of course it's over something so nebulous as "would someone think of the children!?" -- I would love to see this become more of a trend over the massive harms corporations are routinely causing and getting away with.
It wouldn't be corporate executives that control the UK government, these people come and go and without belittling the power and publicity they have, It would be the groups that own the corporations if it were anyone with true influence and power.
That's ridiculous. If Signal weren't centralized, it would long ago have split into four thousand mutually incompatible OpenSignal apps, all of which would be just as easy to ban in the UK app store.
Sure, but the main problem here is Apple/Google stores. Remove it there, and 99% of their users disappear.
Governments don't care much about Tor, for example, because they have very little leverage (and their law enforcement use it, but members of parliament also use Signal but can't admit it openly).
Have we forgotten about the internet? It wouldn't be difficult to make Signal as a PWA, and with iOS 16.4 coming all the relevant API's should be present.
As for TOR, I'd wager governments love it. Everyone the world over has decided to congregate one one official "secret stuff" platform and get this: it's made by the US Government.
And by all accounts the US government is well able to spy on it - but won't say how instead preferring to bring up cases by parallel construction^. It's perfect. I don't know what more a government could want.
It is fundamentally not possible to have strong privacy or censorship resistance on proprietary operating systems like iOS and Android if a state is targeting you. Even the so-called open source Android ROMs have no choice but to include hundreds of privileged binary blobs to make the proprietary hardware work. All a state actor need do is
leverage their no doubt existing backdoors into said binaries and all plaintext is revealed on those devices. They could also issue a secret order to mobile app stores to issue slightly tweaked Signal binaries. In either case Signal would never know that users are compromised.
For my own company which does security research, privacy is critical. We bring in only people who have been trained to only access the channel from dedicated QubesOS VMs, with no mobile access permitted. This is not perfect but it is as reasonable best effort until we can run Matrix home servers in a TEE (working on foundations for this atm).
Signal by contrast demands a phone number and assumes mobile handsets can be fully trusted so it already has ruled itself out for high risk use cases.
Matrix on the other hand I can run a private server of, and enforce whatever rules are appropriate for my threat model.
Corporations and governments are not responsible for keeping children safe online. Parents are. It is far past the time we should have learned that letting kids interact with strangers online is no different than it is at the park or the gas station.
Safety, like security, is best when layered. This bill appears to be absolute garbage, but as a parent doing my best to balance my kids' online autonomy and safety, I want the online analogue of reasonably safe roads and cars for them.
I wonder how much leverage Signal has here, if any. I have a friend whose partner worked at a high level in the UK Gov in the foreign affairs area. Still don't have any idea of what they did exactly, other than vague but incredibly interesting stories. They mentioned it was the app they were told to use for communication with official contacts. This was a number of years ago though.
> The legislation contains what critics have called “a spy clause.” It requires companies to remove child sexual exploitation and abuse (CSEA) material or terrorist content from online platforms “whether communicated publicly or privately.” As applied to encrypted messaging, that means either encryption must be removed to allow content scanning or scanning must occur prior to encryption.
This is not accurate. The “spy clause” (section 110) allows Ofcom to issue notices, if it is “necessary and proportionate” to do so, which could have that effect. In deciding what is “necessary and proportionate” Ofcom is specifically required to consider things like “the kind of service it is,” “the extent to which the use of the specified technology would or might result in interference with users' right to freedom of expression” and “whether the use of any less intrusive measures than the specified technology would be likely to achieve a significant reduction in the amount of relevant content” (section 112). This decision can be legally challenged.
The difference is important. Every country has a system that allows police to legally break into your home and search it – if a legal authority decides that it is necessary and appropriate. Whether such powers are abused depends not only on the text of the law, which is often as vague and open to interpretation as the Fourth Amendment, but also on the prevailing culture of the government and its judicial and law enforcement bodies. That’s why Signal’s president acknowledges that they are responding to a hypothetical.
While she won’t speculate on the probabilities, there are precedents which inform us about the probability that a democratic government would use these powers to break a popular secure messaging system over the reasoned objection of its users and developers. This law could achieve its goal of increasing public control over Big Tech’s content moderation policies without being used in that perverse way. Such perverse outcomes have not yet arisen under the controversial Australian laws which generated similar comments from Signal [1] and HN users [2] in 2018.
>Such perverse outcomes have not yet arisen under the controversial Australian laws which generated similar comments from Signal [1] and HN users [2] in 2018.
How could you possibly know this?
Everything is secret under risk of jail for disclosure.
I don't imagine Signal is much concerned with complying with Iranian law. If you don't employ Iranians in Iran or operate infrastructure there, why would you care?
UK jurisdiction ends at its borders. If they don't like Signal they can ban their own citizens from using it. I don't understand what possible "reach" they could use to stop Signal exporting its products globally.
Readit News
Great that more people are speaking out against govt overreach.
The one tasty morsel here is the (unprecedented?) threat of holding corporate executives criminally liable for harms. Of course it's over something so nebulous as "would someone think of the children!?" -- I would love to see this become more of a trend over the massive harms corporations are routinely causing and getting away with.
Centralization remains incompatible with privacy and censorship resistance.
Only because something is decentralized doesn't mean it will scatter into an incompatible mess.
Governments don't care much about Tor, for example, because they have very little leverage (and their law enforcement use it, but members of parliament also use Signal but can't admit it openly).
As for TOR, I'd wager governments love it. Everyone the world over has decided to congregate one one official "secret stuff" platform and get this: it's made by the US Government.
And by all accounts the US government is well able to spy on it - but won't say how instead preferring to bring up cases by parallel construction^. It's perfect. I don't know what more a government could want.
^ https://www.technologyreview.com/2020/02/08/349016/a-dark-we...
For my own company which does security research, privacy is critical. We bring in only people who have been trained to only access the channel from dedicated QubesOS VMs, with no mobile access permitted. This is not perfect but it is as reasonable best effort until we can run Matrix home servers in a TEE (working on foundations for this atm).
Signal by contrast demands a phone number and assumes mobile handsets can be fully trusted so it already has ruled itself out for high risk use cases.
Matrix on the other hand I can run a private server of, and enforce whatever rules are appropriate for my threat model.
This is not accurate. The “spy clause” (section 110) allows Ofcom to issue notices, if it is “necessary and proportionate” to do so, which could have that effect. In deciding what is “necessary and proportionate” Ofcom is specifically required to consider things like “the kind of service it is,” “the extent to which the use of the specified technology would or might result in interference with users' right to freedom of expression” and “whether the use of any less intrusive measures than the specified technology would be likely to achieve a significant reduction in the amount of relevant content” (section 112). This decision can be legally challenged.
The difference is important. Every country has a system that allows police to legally break into your home and search it – if a legal authority decides that it is necessary and appropriate. Whether such powers are abused depends not only on the text of the law, which is often as vague and open to interpretation as the Fourth Amendment, but also on the prevailing culture of the government and its judicial and law enforcement bodies. That’s why Signal’s president acknowledges that they are responding to a hypothetical.
While she won’t speculate on the probabilities, there are precedents which inform us about the probability that a democratic government would use these powers to break a popular secure messaging system over the reasoned objection of its users and developers. This law could achieve its goal of increasing public control over Big Tech’s content moderation policies without being used in that perverse way. Such perverse outcomes have not yet arisen under the controversial Australian laws which generated similar comments from Signal [1] and HN users [2] in 2018.
[1]: https://signal.org/blog/setback-in-the-outback/
[2]: https://news.ycombinator.com/item?id=18636076
How could you possibly know this?
Everything is secret under risk of jail for disclosure.
Why hurt the people that you're trying to help. If this law passes they should do everything they can to increase availability of Signal in the UK.
But it could easily happen to the UK.
UK jurisdiction ends at its borders. If they don't like Signal they can ban their own citizens from using it. I don't understand what possible "reach" they could use to stop Signal exporting its products globally.