This piece of legislation is goddamn chilling for all UK citizens. Having your government be able to read whatever you send to your mates just because they suspect wrong doing? Insane. Not to...
This piece of legislation is goddamn chilling for all UK citizens. Having your government be able to read whatever you send to your mates just because they suspect wrong doing? Insane.
Not to mention that the government itself has admitted they don't actually know how it's technically feasible at the moment.
So it's legislation that can be used later when the tech arrives. Which is just now how laws should be thrown down. Rather than invest time and money into Police forces, they're just going for the "capture everything" approach which so rarely works from a data perspective.
I wrote to my Labour MP about it and she was as much use as a chocolate fire guard about the whole thing. Said it was to challenge badly written terms and conditions inside companies ways of working... Despite the fact I wrote to her explaining how this affects average Joe's and Journalists alike. It was really obvious that none of these people have the slightest inclination in technology yet continue to make legislation like this that is unusable and unenforceable.
The "we'll wait until it's 'technically feasible' for Alice to send a message to Bob without Charlie being able to intercept it while Charlie also intercepts the message" makes zero sense.
The "we'll wait until it's 'technically feasible' for Alice to send a message to Bob without Charlie being able to intercept it while Charlie also intercepts the message" makes zero sense.
Of course it does. It makes no sense because Encryption does not give a shit about legislation. Also, do these people genuinely believe that child molesters, muderers and other bastards are...
Of course it does. It makes no sense because Encryption does not give a shit about legislation.
Also, do these people genuinely believe that child molesters, muderers and other bastards are suddenly just going to start airing their dirty laundry? Course not, it's just designed to socially cool so much.
Yes the "pedophiles are happy to disobey the law and abuse children but they won't use end-to-end encryption because that will be iLLeGAl" also doesn't follow [subsequent clarification: follow...
Yes the "pedophiles are happy to disobey the law and abuse children but they won't use end-to-end encryption because that will be iLLeGAl" also doesn't follow [subsequent clarification: follow logically], at all.
Sorry, I mean follow logically. I see a lot of politicians say "if we ban end to end encryption pedophiles won't use it to share illegal material" (a bit like if we ban shipping, narcotics...
Sorry, I mean follow logically. I see a lot of politicians say "if we ban end to end encryption pedophiles won't use it to share illegal material" (a bit like if we ban shipping, narcotics organisations won't use it to smuggle illegal drugs).
Yeah. There's a lot of false dichotomies and other falacies that float around things like this. Regulation can be smart, but you've got to have well funded and staffed institutions in order to...
Yeah. There's a lot of false dichotomies and other falacies that float around things like this.
Regulation can be smart, but you've got to have well funded and staffed institutions in order to carry out said regulations. The Police and OFCOM have been absolutely pillaged over the past 14 years, so this will never actually be used... but it'll be a threat.
Similar vibes to a recent headline along the lines of "China will crack down on speech/content/people that offends national sensibilities and pride". I'm all for removing actually harmful content...
Similar vibes to a recent headline along the lines of "China will crack down on speech/content/people that offends national sensibilities and pride".
I'm all for removing actually harmful content from the open internet (CSAM and the like) but for better or worse the internet as I've always seen it has been a wild west, and should stay that way. Legislation written like this is a very slippery slope towards public discourse being molded into "parroting the state-sponsored popular opinion for fear of penalty" discourse over time (again, China vibes).
Really? How's society supposed to function if you just get to organize terrorism, theft, scams, abuse, misuse, unregulated trade, scams, disinformation, and on and on, just because it's online?...
the internet as I've always seen it has been a wild west, and should stay that way.
Really? How's society supposed to function if you just get to organize terrorism, theft, scams, abuse, misuse, unregulated trade, scams, disinformation, and on and on, just because it's online?
No, it's paramount for society to regulate the internet and digital behavior well. Sure, there are ham-fisted attempts at regulation that are bad.
The concept of internet regulation and oversight have to be implemented if we are to retain functioning liberal democracies. That's what's at stake: our entire mode of civilization and nothing less.
Liberal democracies are built on well-functioning communities due to social trust. That will inevitably be eroded an destroyed if those with money/power/means can simply encrypt their communications and then get away with all sorts of crime with zero probability of getting caught.
Again: Yes, law-makers in many western countries are getting it wrong, and well-intentioned attempts are being coopted by other interests. But the threat is serious, existential and very, very real.
Those are still crimes even if they are online. In fact, online communication is more visible than just meeting up in person and communicating face-to-face, as it is more likely to be logged in...
How's society supposed to function if you just get to organize terrorism, theft, scams, abuse, misuse, unregulated trade, scams, disinformation, and on and on, just because it's online?
Those are still crimes even if they are online. In fact, online communication is more visible than just meeting up in person and communicating face-to-face, as it is more likely to be logged in some manner.
That will inevitably be eroded an destroyed if those with money/power/means can simply encrypt their communications and then get away with all sorts of crime with zero probability of getting caught.
Firstly, encryption has been widely available for at least 3 decades, if not longer, so you would expect to have some examples of this kind of social erosion. Secondly, banning encryption is not feasible, due to the simplicity and widespread availability of algorithms, and so banning it without a backdoor would not prevent those with evil intentions getting away with it, but only harm legitimate uses. After all, they are already commiting a crime, so why wouldn't they break another rule?
Thirdly, the right to privacy is just as fundamental a right that must be preserved to prevent a liberal democracy becoming an authoritarian state snooping on all its citizens without necessary due process.
Obviously these are crimes even if online, but a "wild west"-internet makes it trivial to organize these pre-meditated crimes in ways that can't be proven beyond a reasonable doubt in court. Think...
Those are still crimes even if they are online. In fact, online communication is more visible than just meeting up in person and communicating face-to-face, as it is more likely to be logged in some manner.
Obviously these are crimes even if online, but a "wild west"-internet makes it trivial to organize these pre-meditated crimes in ways that can't be proven beyond a reasonable doubt in court.
Think just how easy it is to bribe someone electronically in ways that can't be connected back to you.
It takes real dedication to move around physically without having your interactions with shady individuals being documented, by the phone in your pocket, a car, cameras etc. How would you even start physically searching for a hitman, con artist, scammer or similar with zero risk of being found?
There are plenty of examples were "everyone" knows who has ordered the murder of their spouse or similar, but that simply can't be proven. One well-documented case is the Hagen disappearance in Norway. It's obvious to most that the ultra-rich husband killed his wife as their marriage was deteriorating, but that can't be proven.
There are huge corporate ransomware attacks, disinfo-operations, election-interference operations, spam/phishing operations, fake ads etc. that permeate social media and are organized through systematic use of the web enabled by poor internet regulation.
Would we live in a post-truth society without these developments, if we could identify who's funded these different operations, domestically and globally? Would a Trump presidency be possible in such a world? (Obviously, counterfactuals can't be proven.)
We have universal, fundamental rights. However, only an 18th century would view these rights as unlimited (see the US constitution). Many of our fundamental rights intersect each other and have to be balanced: different rights preclude others from being unregulated, uncompromised and unlimited.
I and almost any person would rather live in a liberal democracy with more limited privacy expectations than living in an autocracy where these rights will invariably be limited down the line. Billions of people live in autocracies today.
Almost any person would rather live in a liberal democracy where their rights to living without being harmed in other ways trumps complete privacy.
To draw these arguments toward existing extremes: Why do so many object to their governments knowing and using basic facts some claim as "private", while unceremoniously allowing private companies extremely intimate access to their deepest, darkest secrets?
The principle of the "state" somehow being dangerous, while asserting that private companies somehow have my best interests more at heart just seems like a very strange hill to die on.
As you say, I can opt out of using electronic communications and interact face-to-face with people, or through letters, flash drives sent in the mail or other non-internet technologies if I value the government having no access to my communications and privacy that much. It would be impractical, but possible for anyone who values their privacy so much to opt out of using technologies society must have mechanisms to inspect. We accept these limitations in all sorts of other areas of our lives.
Encryption is math. You cannot prevent bad actors from computing m^e (mod n). You can only prevent good actors who faithfully follow laws. By trying to eliminate encryption with laws, you only...
Encryption is math. You cannot prevent bad actors from computing m^e (mod n). You can only prevent good actors who faithfully follow laws. By trying to eliminate encryption with laws, you only prevent good people from having privacy, while still leaving bad actors the ability to send encrypted messages.
The method is criminalizing unauthorized means of encryption and punishing those who use that encryption. This would of course require strong privacy guards and systems for secure transmissions...
The method is criminalizing unauthorized means of encryption and punishing those who use that encryption.
This would of course require strong privacy guards and systems for secure transmissions for everyone with very clear judicial systems for control of when government bodies are allowed to access content. And robust oversight systems that ensure sound practice.
The idea that we should have total privacy online fully knowing this seriously limits many of our other fundamental is not the right balance between these basic rights.
The issue is getting regulation right to balance reasonable levels of privacy with the other needs society has.
How could that possibly be done? Encryption fundamentally turns numbers into other numbers. How can you track whenever people send numbers to each other? If I send gibberish to my friend on...
How could that possibly be done? Encryption fundamentally turns numbers into other numbers. How can you track whenever people send numbers to each other?
If I send gibberish to my friend on iMessage, is that now illegal, since it could be a encrypted message? What if I send an image? The noise on that image could be an encrypted message as well.
All binary data is a number. The only way this could possibly be done is to completely lock down access to the internet, and anything like the internet such that you can transmit numbers (which is like, every form of communication) such that the only clients that can go on the internet are government controlled, which isn't even possible.
The thing is that you need even more than that. It’s trivial to send encrypted data over unencrypted channels. Images is an easy one - take your encrypted message and XOR it with the image and a...
The thing is that you need even more than that. It’s trivial to send encrypted data over unencrypted channels. Images is an easy one - take your encrypted message and XOR it with the image and a mask. It just looks like digital noise on the image. The receiver merely needs the original image to xor it back to the encrypted message.
I suppose we can’t even send noisy images to each other in this future! What if it could be dastardly encryption? Camera ISOs are no longer allowed to go above 100?
We have centuries of experience with designing and improving on laws that define just these things in practical, actionable terms. Why would definitions of "attempts at encryption" somehow be the...
We have centuries of experience with designing and improving on laws that define just these things in practical, actionable terms. Why would definitions of "attempts at encryption" somehow be the impossible problem to solve?
Legally, we define all sorts of lines in the sand on case-by-case bases and make judgements beyond a reasonable doubt based on these interpretations.
That just hand waves the problem away. There’s plenty of problems we do not have laws, or at least actually enforced laws, about because it’s fundamentally impossible to, like thoughtcrime. How...
That just hand waves the problem away. There’s plenty of problems we do not have laws, or at least actually enforced laws, about because it’s fundamentally impossible to, like thoughtcrime.
How would you in practical terms prevent bad actors from sending encrypted messages to each other? How would you detect this? If that cannot be answered, the actual effect of such a law is very detrimental to good actors, eg us, while doing nothing to the criminals it targets.
Persecution of a thought crime is in itself a breach of my most basic rights. There are methods of getting at thought crime. It is my clear view that it is the principle of the absolute freedom of...
Persecution of a thought crime is in itself a breach of my most basic rights.
There are methods of getting at thought crime. It is my clear view that it is the principle of the absolute freedom of thought that leads us not to persecute thought crimes, not that there aren't ways of attempting to do so in pracitce.
Some authoritarian states do follow this, especially in matters of religion and compelling expression of thoughts. We do not want to compare ourselves to these places.
The right to my own thoughts is probably the only right I consider a completely inalienable right. It is fundamentally absolute.
My view is that my right to express my views is in no way as absolute. Expressing my views can have consequences if these views are objectionable. In many cases I cannot be compelled to express my views.
I'm not a lawmaker. I don't have the perfect solution for how to regulate encryption. If someone had fully solved the issue, laws in the area wouldn't be as they are. Many countries have made different attempts at regulation of encryption. Many of these attempts are really bad, uninformed and lack a modern technical understanding. That doesn't mean I believe the area is impossible to regulate.
There are clear, unavoidable issues of not regulating encryption. To me those cumulative costs are unacceptable, even if the regulation of encryption is not perfect. We have to accept trade-offs because cheap, unbreakable encryption is a reality.
I don't believe good regulation of AI, or intellectual property rights relating to coding/algorithms is impossible either, even though the solutions to these issues aren't fully there either. It's also possible making gradual steps in the right direction through better and better regulation.
I fundamentally disagree that there is a magical way to regulate encryption. The idea that a number can be illegal is also at the heart of the distribution of copyrighted material, and despite the...
I fundamentally disagree that there is a magical way to regulate encryption. The idea that a number can be illegal is also at the heart of the distribution of copyrighted material, and despite the very best efforts of the richest companies in the world in conjunction with world governments, there is yet to be a way to prevent pirates from pirating.
The issue is that unless you figure out how you're magically going to detect and control encryption, this is the tradeoff:
You get
Nothing, because criminals will use encrypted messaging since you cannot prevent them from doing so.
You pay
Private citizens can have their communications intercepted by criminals (if there's a backdoor, criminals will find it)
Private citizens can have their communications intercepted by governments
This seems like an extremely bad tradeoff. Until you can argue for a ACTUAL way to prevent criminals from using encryption, they lose nothing and law abiding citizens lose everything.
To be honest, you don't seem to have any idea of how we'd accomplish this. As a result, I can only advise for it to be tabled until this fabled solution arrives.
There is no incremental progress until you solve this. Only incremental suffering for good citizens.
This is bullshit. Complete, utter, nonsensical bullshit and it makes me sick how often I see it. Our governments are totalitarian organisations that have worked tirelessly over the past decades...
This is bullshit. Complete, utter, nonsensical bullshit and it makes me sick how often I see it. Our governments are totalitarian organisations that have worked tirelessly over the past decades through surveillance and propaganda to erode our freedoms, and the ball keeps rolling—we fail to stop it.
Much harm is perpetrated through the internet, it is true—that does not mean we should not have the right to free and private speech and association.
I'm not going to characterize you or what I think of your position. On Tildes I assume constructive participation in good faith. If their convictions are strong enough, anyone can opt out of...
I'm not going to characterize you or what I think of your position. On Tildes I assume constructive participation in good faith.
If their convictions are strong enough, anyone can opt out of communicating or associating online if they view the trade-offs that society at large enforces is too invasive of their privacy.
An unrestricted internet lets a rich person order the murder of a journalist, lawyer, judge, official, witness or someone else who exposes or holds them to account for their abuses,
And they can be certain to get away with it without punishment. One example is the murder of Daphne Caruana Galizia.
The chilling effects and rebalancing of power towards those who already have power due to these sorts of situations are known, expected and real consequences for society if we accept a society based on simple, mathematically unbreakable encryption (in practice) for all online communications.
It's perfectly legitimate to accept those consequences in support of absolute privacy. That would also make me expect people to defend those trade-offs, just like I'm defending other trade-offs based on my values.
One's perfectly entitled to the opinion that the political system I live in is fundamentally broken in serious ways. To me holding that position would both morally and ethically oblige me to perform serious actions in attempt of bringing the systems back in line.
Many of my direct ancestors have died in defense of my rights; I'm not saying everyone has to go that far, but my view is that I personally have moral obligations that go way beyond online slacktivism if I view the threats to our rights as serious enough.
I appreciate that. They can do that without the internet, too. Or would you have a microphone placed in every ear? The rich and powerful have wielded their power in terrible, abusive ways without...
I'm not going to characterize you or what I think of your position.
I appreciate that.
An unrestricted internet lets a rich person order the murder of a journalist, lawyer, judge, official, witness or someone else who exposes or holds them to account for their abuses,
They can do that without the internet, too. Or would you have a microphone placed in every ear? The rich and powerful have wielded their power in terrible, abusive ways without account for millenia.
The chilling effects and rebalancing of power towards those who already have power due to these sorts of situations are known, expected and real consequences for society if we accept a society based on simple, mathematically unbreakable encryption (in practice) for all online communications.
Laughable. Strong encryption is a democratising force—anybody can secure communication to anybody. Backdoored encryption centralises power with those who hold the back door. Those in china cannot attempt a rally and insurgency in part because of a lack of popular communication protocols with desirable properties. (One noteworthy, recent, specific example: https://www.cnn.com/2022/11/11/business/china-apple-airdrop-function-restricted-hnk-intl/index.html)
One's perfectly entitled to the opinion that the political system I live in is fundamentally broken in serious ways. To me holding that position would both morally and ethically oblige me to perform serious actions in attempt of bringing the systems back in line.
Many of my direct ancestors have died in defense of my rights; I'm not saying everyone has to go that far, but my view is that I personally have moral obligations that go way beyond online slacktivism if I view the threats to our rights as serious enough.
I would like to believe you are right. If there really is a revolution, one that involves millions of people marching into the capitol and ousting the current heads of state, I will gladly join it. But I really doubt it will happen.
You can interpret those as empty words if you like. But others have fought against the surveillance state and accomplished little to nought. For my part I think that, if I want to make the world a better place, my efforts were better directed socially-communally and locally than globally and politically. But I find accounts such as the one you expressed very, very frustrating because they are why the surveillance state keeps winning.
The crucial difference is that it's trivially easy with robust end-to-end encryption, as opposed to difficult, but possible without. Well you must have some new safe-guards ready to think it...
An unrestricted internet lets a rich person order the murder of a journalist, lawyer, judge, official, witness or someone else who exposes or holds them to account for their abuses,
They can do that without the internet, too.
The crucial difference is that it's trivially easy with robust end-to-end encryption, as opposed to difficult, but possible without.
Well you must have some new safe-guards ready to think it laughable that witnesses, jurors, prosecutors, journalists, lawmakers, judges and others won't be intimidated by organized crime knowing they can plan and threaten lives through the safety of impenetrable communications.
Or politicians knowing their corruption can't ever be uncovered and proven.
Or mega-corporations knowing their illegal practices can't be unearthed.
A fossil fuel company today can systematically go about ensuring climate change won't be dealt with in ways that put them out of business, megabanks or the insurance industry can ensure their illegal exploitation of systems can ever be unearthed and proven.
I just don't see how encryption is a stronger democratizing force more than it ensures those who profit from dysfunctional society can consolidate their power even more, getting away with even more, and making things hader and harder to get back on track.
More and more societies are moving in mor authoritarian directions despite end-to-end encryption becoming easier and easier to access for everyone. I just don't believe encrypted communications is more democratizing than not in most existing democracies, or that it's a powerful enough counter-balance in authoritarian places. These states turn off their internet/phone service and so on anyway.
Both then and now, I'd add and argue that we're the ones responsible for solving the issue, individually and collectively by getting involved.
To me this isn't about revolution, or giving up because revolution seems impossible to enact. It's about gradually getting people involved, engaged and participating in the system that exists. That's the system we have to make the most of.
You say this like there is some natural pathway toward fair and just international regulation, like nearly every government in the world doesn't have its own out group to target, with no incentive...
You say this like there is some natural pathway toward fair and just international regulation, like nearly every government in the world doesn't have its own out group to target, with no incentive to collaborate and rise above our domestic frame outside of multinational coffers. As it stands, nobody even has a strong framework for actual policing of content beyond firewalls, or of preventing terroristic organization without mass data collection. Why should we, as the little people, tolerate any of this noise from regulators, with so little public trust? Even to the extent that you couch and justify, which I do see the point of, when the tools are almost all being built by big business and enshrined in law by their best pals, why should we bother giving them the time of day?
Can we afford to throw our hands in the air and just not try to get it right? Should we not try because it seems difficult to accomplish? Often regulation and lawmaking happens because we're...
Can we afford to throw our hands in the air and just not try to get it right?
Should we not try because it seems difficult to accomplish?
Often regulation and lawmaking happens because we're forced to deal with something that clearly isn't sustainable moving on. These issues are getting more and more pressing with technological development and powerful coding tools at the fingertips of anyone. AI-aided systems are quickly changing the whole landscape in a host of areas, including this one.
I'd say that we have to afford it, or else we risk monstrosities far worse than anything you've pointed out. Our world has been full of fraud and murder for as long as humanity's been around. We...
I'd say that we have to afford it, or else we risk monstrosities far worse than anything you've pointed out. Our world has been full of fraud and murder for as long as humanity's been around. We can't pretend that lending credence to untrustworthy actors' positions does anything but give them more power.
I'm saying that if we have a society where mathematically unbreakable encryption is pervasive necessarily has to lead to other compromises if we are to be able to deal with serious crimes in a...
I'm saying that if we have a society where mathematically unbreakable encryption is pervasive necessarily has to lead to other compromises if we are to be able to deal with serious crimes in a meaningful way.
Otherwise we're designing a system where we knowingly let people with resources to get away with not following the rules because they cannot be found guilty of serious (planned) crimes. We would expect these people to get away with serious crimes systematically. That is a real problem.
To expand: If it's impossible to read internet communications for law enforcement, that same law enforcement will have to rely on other seriously privacy-invading means to be able to deal with crime if we were not to accept large volumes of serious, unsolved crimes.
I don't think that's preferable and these other methods would be way, way more restricting to how we live our lives form day to day. And they'd be much less useful in solving crime.
The CSI-driven stories of how crimes are solved we see on TV are not how cases are solved in practice. There are reasons why we have so many unsolved serious crimes, and many crimes have little physical evidence to go by in any case.
These are not simple issues, and I'd be extremely wary of people who present these issues as no-brainers.
I have to disagree -- this is actually a pretty simple issue. Giving out backdoor keys to encryption is absolutely guaranteed to be misused. The downsides vastly outweigh any possible upside. This...
I have to disagree -- this is actually a pretty simple issue. Giving out backdoor keys to encryption is absolutely guaranteed to be misused. The downsides vastly outweigh any possible upside.
This is a good article that goes in depth into the major issues:
I work in networking. I view The Netherlands as one of the governments that's most savvy in cybersecurity. In april of this year, The Netherlands argued for ways of circumventing end-to-end...
I work in networking. I view The Netherlands as one of the governments that's most savvy in cybersecurity.
Governments almost always seek to erode civil liberties and increase surveillance. To think that giving up access to secure encryption (which is a catastrophic problem that will result in...
Governments almost always seek to erode civil liberties and increase surveillance. To think that giving up access to secure encryption (which is a catastrophic problem that will result in intentional and unintentional misuse, by authorized and unauthorized users) will stop them from seeking all of these measures to intrude on our privacy, is implausible. It will just make them logistically easier and more likely to happen.
Unlike technologies like on-device hashed image scanning though, or other alternatives to end to end encryption breaking, you can’t put the broken encryption genie back in the bottle. All that data is forever tainted.
I wasn't advocating for terrorism, theft, scams etc. at all. What you're talking about are crimes that have existed since long before the internet, and should be treated as such in that they...
I wasn't advocating for terrorism, theft, scams etc. at all. What you're talking about are crimes that have existed since long before the internet, and should be treated as such in that they should be penalised by law enforcement efforts on a case-by-case basis where the penalty is appropriate for the crime, not overstepping communications control legislation.
"How will society function?"
As it always has. Scamming and dishonesty have existed for as long as intelligent life has existed, and will continue to be perpetrated regardless of the internet's existence.
Believe it or not, people do not live their entire existences under oath - there are only a handful of circumstances in life where you're legally obligated to be truthful. It's the responsibility of the consumer to make sure they're sourcing reliable information and to fact check anything they're not sure of - not the responsibility of any public-access platform to act as the Police & Gatekeepers of Truth®, and certainly not the responsibility of the poster of information to actually be telling the truth in the first place (obvious legal exceptions aside).
"The concept of internet regulation and oversight have to be implemented if we are to retain functioning liberal democracies. That's what's at stake: our entire mode of civilization and nothing less."
"We must control the people's means of communication. Our freedom depends on it."
"...those with money/power/means can simply encrypt their communications and then get away with all sorts of crime..."
Anyone can encrypt their communications if they want to, and I strongly recommend everyone does just that. Try Signal if you haven't already. Just like any other tool, there is obviously potential for abuse. The UK currently has a significant problem with knife violence, would you disallow everyone from cutting their vegetables and buttering their toast because a tiny fraction of the population used a knife with bad intent? Most people are law-abiding citizens who just want to be able to communicate with others knowing that the three-letter mafia can't just rip their messages out of the air in clear text.
"...with zero probability of getting caught.
Encryption is not infallible. Read pretty much any article on the Snowden whistleblower docs to find out that...
Spoiler Alert!
The NSA has been decrypting the public's emails and other message formats for decades.
Just because you see no value in privacy or freedom of expression doesn't mean others' lifestyles should be beholden to your feelings.
Assuming good faith, I'm sure you understand that's not my opinion. I don't value unlimited privacy at the expense of all my other basic rights. All our basic rights have to be balanced against...
Just because you see no value in privacy or freedom of expression doesn't mean others' lifestyles should be beholden to your feelings.
Assuming good faith, I'm sure you understand that's not my opinion.
I don't value unlimited privacy at the expense of all my other basic rights. All our basic rights have to be balanced against each other. In practice they are mutually exclusive in many situations.
The right to freedom of expression isn't unlimited either. I'm sure you agree to many of these existing legal restrictions.
The balancing acts between our basic fundamental rights are left up to society to regulate through the systems in place in our legal systems nationally and internationally. This is not up to my personal views, or your personal views.
To be explicit: I'm arguing all these crimes are much, much easier to perform with much, much lower risk with a "wild-west internet". To the extent that it challenges fundamental structures in society.
Lots of this bill is just for show, like putting tech CEOs in jail (are the US really going to hand over zuckerberg for letting kids see naughty things?), and telling social media companies to...
Lots of this bill is just for show, like putting tech CEOs in jail (are the US really going to hand over zuckerberg for letting kids see naughty things?), and telling social media companies to magically remove all the bad things without any false negatives, but things like overly broad and ambiguous laws are going to have real impacts on smaller companies, ironically solidifying the place of the current companies. Also, it's going to be fun when the age verification services all turn out to be rushed jobs which inevitably get hacked and leak lists of people and their IDs who frequent adult sites (possibly closeted LGBT).
When (inevitably) major sites do not comply (as signal and wikipedia have said), it will be interesting to see how the gov either avoid banning them or spin it.
Interesting relevant article -> https://neilzone.co.uk/2022/01/the-wild-west-web-fallacy
and https://webdevlaw.uk/2023/04/17/greatest-hits-b-sides-and-unfinished-demo-tracks-or-all-my-blogging-on-the-online-safety-bill/
Chris Vallance Peers have passed a controversial new law aimed at making social media firms more responsible for users' safety on their platforms. (tap to read more) History Reaction Stake
Chris Vallance
Peers have passed a controversial new law aimed at making social media firms more responsible for users' safety on their platforms.
(tap to read more)
The Online Safety Bill has taken years to agree and will force firms to remove illegal content and protect children from some legal but harmful material.
Children's charity the NSPCC said the law would mean a safer online world.
But critics argued it would allow a regulator, and tech firms to dictate what may or may not be said online.
The nearly 300-page bill will also introduce new rules such as requiring pornography sites to stop children viewing content by checking the ages of users.
While the act is often spoken about as a tool for reining in Big Tech, government figures have suggested more than 20,000 small businesses will also have to comply.
Platforms will also need to show they are committed to removing illegal content including:
child sexual abuse
controlling or coercive behaviour
extreme sexual violence
illegal immigration and people smuggling
promoting or facilitating suicide
promoting self-harm
animal cruelty
selling illegal drugs or weapons
terrorism
New offences have also been included in the bill, including cyber-flashing and the sharing of "deepfake" pornography.
And the bill includes measures to make it easier for bereaved parents to obtain information about their children from tech firms.
The technology secretary Michelle Donelan told the BBC the bill was "extremely comprehensive".
Asked when there would be evidence of tech firms changing their behaviour she said: "We've already started to see that change in behaviour happening.
"As soon as this bill gains Royal Assent, the regulator will be working even more hand in hand with those social media platforms and you'll see them changing the way that they're operating", she added.
History
The bill has had a lengthy and contentious journey to becoming law, beginning six years ago when the government committed to the idea of improving internet safety.
The idea that inspired the bill was relatively simple, scribbled down on the back of a sandwich packet by two experts, Prof Lorna Woods of the University of Essex and William Perrin of the charitable foundation Carnegie UK.
Prof Woods told the BBC that finally seeing it pass was "slightly unreal".
"I think when you're waiting for anything for a long time, there's always that sense of, 'Oh, it's here,'" she said.
Reaction
Online safety campaigner Ian Russell has told the BBC the test of the bill will be whether it prevents the kind of images his daughter Molly saw before she took her own life after viewing suicide and self-harm content online on sites such as Instagram and Pinterest.
Imran Ahmed of the Center for Countering Digital Hate welcomed the passage of the bill saying "too much tragedy has already befallen people in this country because of tech companies' moral failures".
But digitalrights campaigners the Open Rights Group said the bill posed "a huge threat to freedom of expression with tech companies expected to decide what is and isn't legal, and then censor content before it's even been published".
Stake
There is a lot staked on the success of the bill - not only the safety of children and adults, but also the UK's ambitions as a tech hub and possibly, if things go wrong, continued access to popular online services.
For Prof Woods the bill will be a success if social media companies and others are more responsive to user concerns.
"And maybe we won't have to see quite so much of the stuff we don't want to see in the first place. But I don't think we should expect perfection. Life's not perfect," she said.
This piece of legislation is goddamn chilling for all UK citizens. Having your government be able to read whatever you send to your mates just because they suspect wrong doing? Insane.
Not to mention that the government itself has admitted they don't actually know how it's technically feasible at the moment.
So it's legislation that can be used later when the tech arrives. Which is just now how laws should be thrown down. Rather than invest time and money into Police forces, they're just going for the "capture everything" approach which so rarely works from a data perspective.
I wrote to my Labour MP about it and she was as much use as a chocolate fire guard about the whole thing. Said it was to challenge badly written terms and conditions inside companies ways of working... Despite the fact I wrote to her explaining how this affects average Joe's and Journalists alike. It was really obvious that none of these people have the slightest inclination in technology yet continue to make legislation like this that is unusable and unenforceable.
The "we'll wait until it's 'technically feasible' for Alice to send a message to Bob without Charlie being able to intercept it while Charlie also intercepts the message" makes zero sense.
Of course it does. It makes no sense because Encryption does not give a shit about legislation.
Also, do these people genuinely believe that child molesters, muderers and other bastards are suddenly just going to start airing their dirty laundry? Course not, it's just designed to socially cool so much.
Bunch of fucks.
Yes the "pedophiles are happy to disobey the law and abuse children but they won't use end-to-end encryption because that will be iLLeGAl" also doesn't follow [subsequent clarification: follow logically], at all.
I have no idea what you're saying. Follow what?
Sorry, I mean follow logically. I see a lot of politicians say "if we ban end to end encryption pedophiles won't use it to share illegal material" (a bit like if we ban shipping, narcotics organisations won't use it to smuggle illegal drugs).
Yeah. There's a lot of false dichotomies and other falacies that float around things like this.
Regulation can be smart, but you've got to have well funded and staffed institutions in order to carry out said regulations. The Police and OFCOM have been absolutely pillaged over the past 14 years, so this will never actually be used... but it'll be a threat.
Similar vibes to a recent headline along the lines of "China will crack down on speech/content/people that offends national sensibilities and pride".
I'm all for removing actually harmful content from the open internet (CSAM and the like) but for better or worse the internet as I've always seen it has been a wild west, and should stay that way. Legislation written like this is a very slippery slope towards public discourse being molded into "parroting the state-sponsored popular opinion for fear of penalty" discourse over time (again, China vibes).
Really? How's society supposed to function if you just get to organize terrorism, theft, scams, abuse, misuse, unregulated trade, scams, disinformation, and on and on, just because it's online?
No, it's paramount for society to regulate the internet and digital behavior well. Sure, there are ham-fisted attempts at regulation that are bad.
The concept of internet regulation and oversight have to be implemented if we are to retain functioning liberal democracies. That's what's at stake: our entire mode of civilization and nothing less.
Liberal democracies are built on well-functioning communities due to social trust. That will inevitably be eroded an destroyed if those with money/power/means can simply encrypt their communications and then get away with all sorts of crime with zero probability of getting caught.
Again: Yes, law-makers in many western countries are getting it wrong, and well-intentioned attempts are being coopted by other interests. But the threat is serious, existential and very, very real.
Those are still crimes even if they are online. In fact, online communication is more visible than just meeting up in person and communicating face-to-face, as it is more likely to be logged in some manner.
Firstly, encryption has been widely available for at least 3 decades, if not longer, so you would expect to have some examples of this kind of social erosion. Secondly, banning encryption is not feasible, due to the simplicity and widespread availability of algorithms, and so banning it without a backdoor would not prevent those with evil intentions getting away with it, but only harm legitimate uses. After all, they are already commiting a crime, so why wouldn't they break another rule?
Thirdly, the right to privacy is just as fundamental a right that must be preserved to prevent a liberal democracy becoming an authoritarian state snooping on all its citizens without necessary due process.
Obviously these are crimes even if online, but a "wild west"-internet makes it trivial to organize these pre-meditated crimes in ways that can't be proven beyond a reasonable doubt in court.
Think just how easy it is to bribe someone electronically in ways that can't be connected back to you.
It takes real dedication to move around physically without having your interactions with shady individuals being documented, by the phone in your pocket, a car, cameras etc. How would you even start physically searching for a hitman, con artist, scammer or similar with zero risk of being found?
There are plenty of examples were "everyone" knows who has ordered the murder of their spouse or similar, but that simply can't be proven. One well-documented case is the Hagen disappearance in Norway. It's obvious to most that the ultra-rich husband killed his wife as their marriage was deteriorating, but that can't be proven.
There are huge corporate ransomware attacks, disinfo-operations, election-interference operations, spam/phishing operations, fake ads etc. that permeate social media and are organized through systematic use of the web enabled by poor internet regulation.
Would we live in a post-truth society without these developments, if we could identify who's funded these different operations, domestically and globally? Would a Trump presidency be possible in such a world? (Obviously, counterfactuals can't be proven.)
We have universal, fundamental rights. However, only an 18th century would view these rights as unlimited (see the US constitution). Many of our fundamental rights intersect each other and have to be balanced: different rights preclude others from being unregulated, uncompromised and unlimited.
I and almost any person would rather live in a liberal democracy with more limited privacy expectations than living in an autocracy where these rights will invariably be limited down the line. Billions of people live in autocracies today.
Almost any person would rather live in a liberal democracy where their rights to living without being harmed in other ways trumps complete privacy.
To draw these arguments toward existing extremes: Why do so many object to their governments knowing and using basic facts some claim as "private", while unceremoniously allowing private companies extremely intimate access to their deepest, darkest secrets?
The principle of the "state" somehow being dangerous, while asserting that private companies somehow have my best interests more at heart just seems like a very strange hill to die on.
As you say, I can opt out of using electronic communications and interact face-to-face with people, or through letters, flash drives sent in the mail or other non-internet technologies if I value the government having no access to my communications and privacy that much. It would be impractical, but possible for anyone who values their privacy so much to opt out of using technologies society must have mechanisms to inspect. We accept these limitations in all sorts of other areas of our lives.
Encryption is math. You cannot prevent bad actors from computing m^e (mod n). You can only prevent good actors who faithfully follow laws. By trying to eliminate encryption with laws, you only prevent good people from having privacy, while still leaving bad actors the ability to send encrypted messages.
The method is criminalizing unauthorized means of encryption and punishing those who use that encryption.
This would of course require strong privacy guards and systems for secure transmissions for everyone with very clear judicial systems for control of when government bodies are allowed to access content. And robust oversight systems that ensure sound practice.
The idea that we should have total privacy online fully knowing this seriously limits many of our other fundamental is not the right balance between these basic rights.
The issue is getting regulation right to balance reasonable levels of privacy with the other needs society has.
How could that possibly be done? Encryption fundamentally turns numbers into other numbers. How can you track whenever people send numbers to each other?
If I send gibberish to my friend on iMessage, is that now illegal, since it could be a encrypted message? What if I send an image? The noise on that image could be an encrypted message as well.
All binary data is a number. The only way this could possibly be done is to completely lock down access to the internet, and anything like the internet such that you can transmit numbers (which is like, every form of communication) such that the only clients that can go on the internet are government controlled, which isn't even possible.
Web Environment Integrity will get us close to that "authorised clients only" reality, only difference being our internet overlords will be Google.
The thing is that you need even more than that. It’s trivial to send encrypted data over unencrypted channels. Images is an easy one - take your encrypted message and XOR it with the image and a mask. It just looks like digital noise on the image. The receiver merely needs the original image to xor it back to the encrypted message.
I suppose we can’t even send noisy images to each other in this future! What if it could be dastardly encryption? Camera ISOs are no longer allowed to go above 100?
We have centuries of experience with designing and improving on laws that define just these things in practical, actionable terms. Why would definitions of "attempts at encryption" somehow be the impossible problem to solve?
Legally, we define all sorts of lines in the sand on case-by-case bases and make judgements beyond a reasonable doubt based on these interpretations.
That just hand waves the problem away. There’s plenty of problems we do not have laws, or at least actually enforced laws, about because it’s fundamentally impossible to, like thoughtcrime.
How would you in practical terms prevent bad actors from sending encrypted messages to each other? How would you detect this? If that cannot be answered, the actual effect of such a law is very detrimental to good actors, eg us, while doing nothing to the criminals it targets.
Persecution of a thought crime is in itself a breach of my most basic rights.
There are methods of getting at thought crime. It is my clear view that it is the principle of the absolute freedom of thought that leads us not to persecute thought crimes, not that there aren't ways of attempting to do so in pracitce.
Some authoritarian states do follow this, especially in matters of religion and compelling expression of thoughts. We do not want to compare ourselves to these places.
The right to my own thoughts is probably the only right I consider a completely inalienable right. It is fundamentally absolute.
My view is that my right to express my views is in no way as absolute. Expressing my views can have consequences if these views are objectionable. In many cases I cannot be compelled to express my views.
I'm not a lawmaker. I don't have the perfect solution for how to regulate encryption. If someone had fully solved the issue, laws in the area wouldn't be as they are. Many countries have made different attempts at regulation of encryption. Many of these attempts are really bad, uninformed and lack a modern technical understanding. That doesn't mean I believe the area is impossible to regulate.
There are clear, unavoidable issues of not regulating encryption. To me those cumulative costs are unacceptable, even if the regulation of encryption is not perfect. We have to accept trade-offs because cheap, unbreakable encryption is a reality.
I don't believe good regulation of AI, or intellectual property rights relating to coding/algorithms is impossible either, even though the solutions to these issues aren't fully there either. It's also possible making gradual steps in the right direction through better and better regulation.
I fundamentally disagree that there is a magical way to regulate encryption. The idea that a number can be illegal is also at the heart of the distribution of copyrighted material, and despite the very best efforts of the richest companies in the world in conjunction with world governments, there is yet to be a way to prevent pirates from pirating.
The issue is that unless you figure out how you're magically going to detect and control encryption, this is the tradeoff:
You get
You pay
This seems like an extremely bad tradeoff. Until you can argue for a ACTUAL way to prevent criminals from using encryption, they lose nothing and law abiding citizens lose everything.
To be honest, you don't seem to have any idea of how we'd accomplish this. As a result, I can only advise for it to be tabled until this fabled solution arrives.
There is no incremental progress until you solve this. Only incremental suffering for good citizens.
This is bullshit. Complete, utter, nonsensical bullshit and it makes me sick how often I see it. Our governments are totalitarian organisations that have worked tirelessly over the past decades through surveillance and propaganda to erode our freedoms, and the ball keeps rolling—we fail to stop it.
Much harm is perpetrated through the internet, it is true—that does not mean we should not have the right to free and private speech and association.
I'm not going to characterize you or what I think of your position. On Tildes I assume constructive participation in good faith.
If their convictions are strong enough, anyone can opt out of communicating or associating online if they view the trade-offs that society at large enforces is too invasive of their privacy.
An unrestricted internet lets a rich person order the murder of a journalist, lawyer, judge, official, witness or someone else who exposes or holds them to account for their abuses,
And they can be certain to get away with it without punishment. One example is the murder of Daphne Caruana Galizia.
The chilling effects and rebalancing of power towards those who already have power due to these sorts of situations are known, expected and real consequences for society if we accept a society based on simple, mathematically unbreakable encryption (in practice) for all online communications.
It's perfectly legitimate to accept those consequences in support of absolute privacy. That would also make me expect people to defend those trade-offs, just like I'm defending other trade-offs based on my values.
One's perfectly entitled to the opinion that the political system I live in is fundamentally broken in serious ways. To me holding that position would both morally and ethically oblige me to perform serious actions in attempt of bringing the systems back in line.
Many of my direct ancestors have died in defense of my rights; I'm not saying everyone has to go that far, but my view is that I personally have moral obligations that go way beyond online slacktivism if I view the threats to our rights as serious enough.
I appreciate that.
They can do that without the internet, too. Or would you have a microphone placed in every ear? The rich and powerful have wielded their power in terrible, abusive ways without account for millenia.
Laughable. Strong encryption is a democratising force—anybody can secure communication to anybody. Backdoored encryption centralises power with those who hold the back door. Those in china cannot attempt a rally and insurgency in part because of a lack of popular communication protocols with desirable properties. (One noteworthy, recent, specific example: https://www.cnn.com/2022/11/11/business/china-apple-airdrop-function-restricted-hnk-intl/index.html)
As I said, back in 2020:
You can interpret those as empty words if you like. But others have fought against the surveillance state and accomplished little to nought. For my part I think that, if I want to make the world a better place, my efforts were better directed socially-communally and locally than globally and politically. But I find accounts such as the one you expressed very, very frustrating because they are why the surveillance state keeps winning.
The crucial difference is that it's trivially easy with robust end-to-end encryption, as opposed to difficult, but possible without.
Well you must have some new safe-guards ready to think it laughable that witnesses, jurors, prosecutors, journalists, lawmakers, judges and others won't be intimidated by organized crime knowing they can plan and threaten lives through the safety of impenetrable communications.
Or politicians knowing their corruption can't ever be uncovered and proven.
Or mega-corporations knowing their illegal practices can't be unearthed.
A fossil fuel company today can systematically go about ensuring climate change won't be dealt with in ways that put them out of business, megabanks or the insurance industry can ensure their illegal exploitation of systems can ever be unearthed and proven.
I just don't see how encryption is a stronger democratizing force more than it ensures those who profit from dysfunctional society can consolidate their power even more, getting away with even more, and making things hader and harder to get back on track.
More and more societies are moving in mor authoritarian directions despite end-to-end encryption becoming easier and easier to access for everyone. I just don't believe encrypted communications is more democratizing than not in most existing democracies, or that it's a powerful enough counter-balance in authoritarian places. These states turn off their internet/phone service and so on anyway.
In the same thread you link to in 2020, I argue that we're responsible for civic engagement, and that we can't just blame the media.
Both then and now, I'd add and argue that we're the ones responsible for solving the issue, individually and collectively by getting involved.
To me this isn't about revolution, or giving up because revolution seems impossible to enact. It's about gradually getting people involved, engaged and participating in the system that exists. That's the system we have to make the most of.
You say this like there is some natural pathway toward fair and just international regulation, like nearly every government in the world doesn't have its own out group to target, with no incentive to collaborate and rise above our domestic frame outside of multinational coffers. As it stands, nobody even has a strong framework for actual policing of content beyond firewalls, or of preventing terroristic organization without mass data collection. Why should we, as the little people, tolerate any of this noise from regulators, with so little public trust? Even to the extent that you couch and justify, which I do see the point of, when the tools are almost all being built by big business and enshrined in law by their best pals, why should we bother giving them the time of day?
Can we afford to throw our hands in the air and just not try to get it right?
Should we not try because it seems difficult to accomplish?
Often regulation and lawmaking happens because we're forced to deal with something that clearly isn't sustainable moving on. These issues are getting more and more pressing with technological development and powerful coding tools at the fingertips of anyone. AI-aided systems are quickly changing the whole landscape in a host of areas, including this one.
I'd say that we have to afford it, or else we risk monstrosities far worse than anything you've pointed out. Our world has been full of fraud and murder for as long as humanity's been around. We can't pretend that lending credence to untrustworthy actors' positions does anything but give them more power.
It's unclear what you're proposing. Are you saying that encryption needs backdoors so the government can read encrypted messages?
I'm saying that if we have a society where mathematically unbreakable encryption is pervasive necessarily has to lead to other compromises if we are to be able to deal with serious crimes in a meaningful way.
Otherwise we're designing a system where we knowingly let people with resources to get away with not following the rules because they cannot be found guilty of serious (planned) crimes. We would expect these people to get away with serious crimes systematically. That is a real problem.
To expand: If it's impossible to read internet communications for law enforcement, that same law enforcement will have to rely on other seriously privacy-invading means to be able to deal with crime if we were not to accept large volumes of serious, unsolved crimes.
I don't think that's preferable and these other methods would be way, way more restricting to how we live our lives form day to day. And they'd be much less useful in solving crime.
The CSI-driven stories of how crimes are solved we see on TV are not how cases are solved in practice. There are reasons why we have so many unsolved serious crimes, and many crimes have little physical evidence to go by in any case.
These are not simple issues, and I'd be extremely wary of people who present these issues as no-brainers.
I have to disagree -- this is actually a pretty simple issue. Giving out backdoor keys to encryption is absolutely guaranteed to be misused. The downsides vastly outweigh any possible upside.
This is a good article that goes in depth into the major issues:
https://www.justsecurity.org/53316/criminalize-security-criminals-secure/
I work in networking. I view The Netherlands as one of the governments that's most savvy in cybersecurity.
In april of this year, The Netherlands argued for ways of circumventing end-to-end encryption without backdoor keys.
That's after their cybersecurity council provided a roadmap for things to follow on the topic last fall.
The explicit Dutch policy since before 2020 has been that backdoors are not the way to go.
I don't think this is a simple issue at all, nor do the governments that seem most savvy on these issues. It's a difficult and pressing matter.
Governments almost always seek to erode civil liberties and increase surveillance. To think that giving up access to secure encryption (which is a catastrophic problem that will result in intentional and unintentional misuse, by authorized and unauthorized users) will stop them from seeking all of these measures to intrude on our privacy, is implausible. It will just make them logistically easier and more likely to happen.
Unlike technologies like on-device hashed image scanning though, or other alternatives to end to end encryption breaking, you can’t put the broken encryption genie back in the bottle. All that data is forever tainted.
I wasn't advocating for terrorism, theft, scams etc. at all. What you're talking about are crimes that have existed since long before the internet, and should be treated as such in that they should be penalised by law enforcement efforts on a case-by-case basis where the penalty is appropriate for the crime, not overstepping communications control legislation.
As it always has. Scamming and dishonesty have existed for as long as intelligent life has existed, and will continue to be perpetrated regardless of the internet's existence.
Believe it or not, people do not live their entire existences under oath - there are only a handful of circumstances in life where you're legally obligated to be truthful. It's the responsibility of the consumer to make sure they're sourcing reliable information and to fact check anything they're not sure of - not the responsibility of any public-access platform to act as the Police & Gatekeepers of Truth®, and certainly not the responsibility of the poster of information to actually be telling the truth in the first place (obvious legal exceptions aside).
"We must control the people's means of communication. Our freedom depends on it."
Anyone can encrypt their communications if they want to, and I strongly recommend everyone does just that. Try Signal if you haven't already. Just like any other tool, there is obviously potential for abuse. The UK currently has a significant problem with knife violence, would you disallow everyone from cutting their vegetables and buttering their toast because a tiny fraction of the population used a knife with bad intent? Most people are law-abiding citizens who just want to be able to communicate with others knowing that the three-letter mafia can't just rip their messages out of the air in clear text.
Encryption is not infallible. Read pretty much any article on the Snowden whistleblower docs to find out that...
Spoiler Alert!
The NSA has been decrypting the public's emails and other message formats for decades.
Just because you see no value in privacy or freedom of expression doesn't mean others' lifestyles should be beholden to your feelings.
Assuming good faith, I'm sure you understand that's not my opinion.
I don't value unlimited privacy at the expense of all my other basic rights. All our basic rights have to be balanced against each other. In practice they are mutually exclusive in many situations.
The right to freedom of expression isn't unlimited either. I'm sure you agree to many of these existing legal restrictions.
The balancing acts between our basic fundamental rights are left up to society to regulate through the systems in place in our legal systems nationally and internationally. This is not up to my personal views, or your personal views.
To be explicit: I'm arguing all these crimes are much, much easier to perform with much, much lower risk with a "wild-west internet". To the extent that it challenges fundamental structures in society.
Lots of this bill is just for show, like putting tech CEOs in jail (are the US really going to hand over zuckerberg for letting kids see naughty things?), and telling social media companies to magically remove all the bad things without any false negatives, but things like overly broad and ambiguous laws are going to have real impacts on smaller companies, ironically solidifying the place of the current companies. Also, it's going to be fun when the age verification services all turn out to be rushed jobs which inevitably get hacked and leak lists of people and their IDs who frequent adult sites (possibly closeted LGBT).
When (inevitably) major sites do not comply (as signal and wikipedia have said), it will be interesting to see how the gov either avoid banning them or spin it.
Interesting relevant article -> https://neilzone.co.uk/2022/01/the-wild-west-web-fallacy
and https://webdevlaw.uk/2023/04/17/greatest-hits-b-sides-and-unfinished-demo-tracks-or-all-my-blogging-on-the-online-safety-bill/
Chris Vallance
Peers have passed a controversial new law aimed at making social media firms more responsible for users' safety on their platforms. (tap to read more)
History
Reaction
Stake
This is why you don't use cloud services when you can avoid it.