Requiring a "skilled person" write a report before mass surveillance is imposed does little
Especially given that the UK gov HAS ALREADY heard from hundreds of skilled experts restating longstanding consensus: there's no such thing as a safe backdoor.
Open letter from UK-affiliated cybersecurity academics laying out why the Online Safety Bill's spy clause is dangerous and unworkable:
The director of the research group selected by the government to conduct a technical evaluation of the “safety tech” that would likely be implemented via the Online Safety Bill spy clause states unequivocally that it's not fit for use:
https://www.bristol.ac.uk/news/2023/july/online-safety-bill.html
The National Research Centre on Protecting Citizens Online has called on Parliament to consider independent scientific evaluation before voting through the online safety bill, which could inadvertently enable surveillance technologies and erode online protection.
Over 450 cybersecurity experts from institutions around the globe call out the magical thinking at the heart of the EU's and UK's (and all) proposals to impose client side scanning and undermine strong encryption:
https://docs.google.com/document/d/13Aeex72MtFBjKhExRTooVMWN9TC-pbH-5LEaAbMF91Y/edit
The text below is an open letter on the position of scientists and researchers on the EU’s proposed Child Sexual Abuse Regulation. Signatures on 31 July @ 12pm Signatories: 465 Countries: 38 For press inquiries please contact: Carmela Troncoso - [email protected] (Spain, Switzerland) B...
All of which is to say, the verdict is in! We don't need more debate, more research into questions answered long ago.
Expert consensus is clear and longstanding, and now it's time to listen to it.
@Mer__edith I'll just throw this into the discussion for about the hundredth time...
#Encryption is #math.
There is no math that "the good guys" can do but which cannot be done by "the bad guys".
"Responsible encryption" and "lawful access" are bullshit phrases meant to convince you to give up your #privacy willingly.
Resist. Demand end-to-end encryption, in *everything*.
Now can we get that through to the politicians somehow?
@Mer__edith “We want a skilled person!” —> writes report, no lawmakers can understand, aides misdescribe it.
“We want a layman’s report!” —> writes report, lawmakers misconstrue due to second degree derivation, loopholes and stupid laws are created.
Independently written, but unsurprisingly very similar #Austrian version (in German, to strengthen the current no-scanning position the Austrian government still holds) is available at https://www.ins.jku.at/chatcontrol/
O the irony of an open letter by security experts which requires me to sign in to Google to read it...
ECOSYSTEMKEY FEATURESGET /E/OSNEED HELP /e/OS is a complete, fully “deGoogled”, mobile ecosystem /e/OS is an open-source mobile operating system paired with carefully selected applications. They form a privacy-enabled internal system for your smartphone. And it’s not just claims: open-source means auditable privacy. /e/OS has received academic recognition from researchers at…
@Mer__edith
"But Children's charity the NSPCC backed the powers in the bill, telling the BBC it set out "a balanced settlement that should encourage companies to mitigate the risks of child sexual abuse when designing and rolling out features like end-to-end encryption"."
I can't remember the last time I saw such a load of clue free double talk.
@Mer__edith
There are obvious countermeasures both to "client side scanning" and to backdoored apps.
If client-side scanning get pushed to phones in general, temporarily you could use an older unlocked phone and block all updates by removing the updater under root or ADB.
When that dies, buy an unlocked phone supporting Lineage OS (successor to CyanogenMod) or Graphene.
Neither will ever support client-side scanning.
If you cannot obtain unlocked phones with unlockable bootloaders, start with a cheap "unlocked" phone not provided by any carrier. Use ADB to remove all known spyware, and use something like Tracker Control to deny all untrusted or unused apps plus the core operating system access to the Internet. That will keep the client side scanners from ever phoning home even if they are buried where you cannot find them.
Had Apple proceeded with their failed client side scanning plan, removing iPhotos and disabling cloud backup would have been enough to defeat it. Photos shared over Signal would have been completely invisible to Apple's phone nannies had that gone through.
BTW, Signal has already made it plain they will not comply with backdoors or client side scanning proposed by several countries, vowing to remove all "business presence" in any such nations instead. Signal will also refuse to block connections from foreign countries banning the service. Thus governments like Russia that ban signal find they have to attempt to block it themselves, with mixed results. Kicking it out of the Google Play store does little.
If your country finds a way to block Signal, connect to it over Tor. If they find a reliable way to block that too, it gets hard to conceal WHO you talk to, but you can still totally conceal WHAT you are saying.
This would be done the old SHAC way: local encryption and decryption using GPG, legally or otherwise. GPG is a program not a service, so no server is required anywhere. It could be passed around on flash drives if ISP's somehow find a way to block distribution of illegal software. Type your message on a text editor, cut and paste it into GPG, encrypt, then cut and paste the cyphertext into email or even SMS. Reverse to decrypt an incoming message.
Obviously in this scenario you must defy any key disclosure orders (as SHAC did in the UK) or be considered a snitch.
To defeat this tactic, carriers would have to be required by law to block any data they cannot read, and nobody is yet proposing that. Most of them (maybe all?) cannot even read https content and thus can only log your IP address, phone, and plain SMS histories. Even Facebook would have to be banned-and due to encrypted logins and payment processing online shopping and banking would also have to be banned.
These can be combined if governments try app bans AND client-side scanning: GPG on a phone with client-side scanning forcibly removed, and any comms protocol that works on a doctored phone.
So long as your text editor cannot be scanned, your screen cannot be scanned or keylogged, and your GPG setup cannot be scanned, you could conceal all the content of your comms though not the recipient with nothing more than plain SMS.
In short, the people the government REALLY wants to spy on will be the least affected by backdoored apps and client side scanning, low level dissidents, opposition party members, and legal journalists may be the most affected by it.
@Mer__edith More quickly: Signal has already stated they will refuse to comply with backdoors including client-side scanning, and will "walk" from the UK if this passes
Meredith Whittaker
C.
Bob Thomson
Josh, or whatever
Aral Balkan
Timo Grün
René Mayrhofer 
🇺🇦
Clifton Royston
Anansi (spider)
Don Thompson
Michael Stanclift
3johnl
LukefromDC