neuromancerThe U.K. Government Is Very Close To Eroding Encryption Worldwide
OlapUntil the US also mandates backdoors, the UK will back down. It may even attempt to pass this bill for the courts to fail to enforce it, as non-compliance will be off the scale. Open source projects in particular will not accept back doors. And have you ever seen anyone sued successfully over publically released code?
The Open Rights Group need our cash though, they are likely to attempt to defeat this in court. As you can’t ban mathematics, it will be fairly trivial to show technically this is nonsense. But the government won’t argue for that; they’ll argue that companies in control will have to comply with insertimg backdoors. This is harder to fight, but it is essentially disproportionate and indiscriminate, with high likelyhood of weakening all communication for specialist use cases.
The trouble is of course that prior to E2EE the government tapped things willy-nilly. And that tool is no longer available to them. I surmise we will see instead of minor players forced to surrender, Apple and Android having to insert backdoors. And this is why this bill will never pass: neither will do so unless the US forces them to
dust_acceleratorI really like your comment and agree with your position. Thanks for taking the time to write it out like that.
I do have two questions
The Open Rights Group need our cash though, they are likely to attempt to defeat this in court.
Do you happen to have a link or where does one go to support this specifically?
The trouble is of course that prior to E2EE the government tapped things willy-nilly. And that tool is no longer available to them.
In most all IT positions, both public and industry, we rely heavily on E2EE for everyday operations. Alone data privacy compliance is even made possible (see GDPR). Does this mean governments will have to provide the extensive resources to be the “data controller for all” with all obligations to be compliant with the rule of law? Considering the vast majority of affected users data is not going to be criminal activity.
And if course the security implications of punching holes in a security barrier - What are your thoughts on potential misuse of these backdoors by bad actors?
Ooh, a government mandated encryption mitm is a route I hadn’t considered. You could transparent proxy all comms at ISP level and force OSes to recognise your government ticket. Well that’s one route. But still doomed to failure: Apple and Android won’t accept these certs. And ISPs may do this, but have you ever run even a corporate proxy? Beefy boys. With loads of stuff out there not having the certs too. And they’ll be cracked sooner than the government cares for too. A mad approach
And of course with the ORG www.openrightsgroup.org
talOpen source projects in particular will not accept back doors.
No, but you gotta remember that a lot of people are just going to use a commercial service.
I remember when the US government made a collossal amount of noise over PGP. While PGP is available, few people actually use it, because it's a pain to use.
https://en.wikipedia.org/wiki/Phil_Zimmermann
After a report from RSA Security, who were in a licensing dispute with regard to the use of the RSA algorithm in PGP, the United States Customs Service started a criminal investigation of Zimmermann, for allegedly violating the Arms Export Control Act.[5] The United States Government had long regarded cryptographic software as a munition, and thus subject to arms trafficking export controls. At that time, PGP was considered to be impermissible ("high-strength") for export from the United States. The maximum strength allowed for legal export has since been raised and now allows PGP to be exported. The investigation lasted three years, but was finally dropped without filing charges after MIT Press published the source code of PGP.[6]
In 1995, Zimmermann published the book PGP Source Code and Internals as a way to bypass limitations on exporting digital code. Zimmermann's introduction says the book contains "all of the C source code to a software package called PGP" and that the unusual publication in book form of the complete source code for a computer program was a direct response to the U.S. government's criminal investigation of Zimmermann for violations of U.S. export restrictions as a result of the international spread of PGP's use.[7]
Essentially the US government lost that argument. Strong encryption is available worldwide, you can’t weaponise maths, and the internet exports all. I’d argue we don’t use pgp because easier solutions currently exist, nothing about legislation. If private companies have to weaken products, people will switch to open source. PGP can be made easier
I haven’t explored matrix too readily yet, is it a legislation resistant platform? Something is already waiting