neuromancerThe U.K. Government Is Very Close To Eroding Encryption Worldwide
OlapUntil the US also mandates backdoors, the UK will back down. It may even attempt to pass this bill for the courts to fail to enforce it, as non-compliance will be off the scale. Open source projects in particular will not accept back doors. And have you ever seen anyone sued successfully over publically released code?
The Open Rights Group need our cash though, they are likely to attempt to defeat this in court. As you can’t ban mathematics, it will be fairly trivial to show technically this is nonsense. But the government won’t argue for that; they’ll argue that companies in control will have to comply with insertimg backdoors. This is harder to fight, but it is essentially disproportionate and indiscriminate, with high likelyhood of weakening all communication for specialist use cases.
The trouble is of course that prior to E2EE the government tapped things willy-nilly. And that tool is no longer available to them. I surmise we will see instead of minor players forced to surrender, Apple and Android having to insert backdoors. And this is why this bill will never pass: neither will do so unless the US forces them to
dust_acceleratorI really like your comment and agree with your position. Thanks for taking the time to write it out like that.
I do have two questions
The Open Rights Group need our cash though, they are likely to attempt to defeat this in court.
Do you happen to have a link or where does one go to support this specifically?
The trouble is of course that prior to E2EE the government tapped things willy-nilly. And that tool is no longer available to them.
In most all IT positions, both public and industry, we rely heavily on E2EE for everyday operations. Alone data privacy compliance is even made possible (see GDPR). Does this mean governments will have to provide the extensive resources to be the “data controller for all” with all obligations to be compliant with the rule of law? Considering the vast majority of affected users data is not going to be criminal activity.
And if course the security implications of punching holes in a security barrier - What are your thoughts on potential misuse of these backdoors by bad actors?
Ooh, a government mandated encryption mitm is a route I hadn’t considered. You could transparent proxy all comms at ISP level and force OSes to recognise your government ticket. Well that’s one route. But still doomed to failure: Apple and Android won’t accept these certs. And ISPs may do this, but have you ever run even a corporate proxy? Beefy boys. With loads of stuff out there not having the certs too. And they’ll be cracked sooner than the government cares for too. A mad approach
And of course with the ORG www.openrightsgroup.org
