A🔻atar of 🔻engeanceUnder British and UK Legislation anyone using or developing end-to-end encryption is now a “hostile actor”
bobzerWas this written by a native English speaker?
It’s hard to take seriously with so many grammatical errors
Vitaly
wizardbeardNo way this lasts or holds up to basic scrutiny. End to end encryption is a de-facto standard for so fucking much technology.
Like fucking HTTPS.
Well if they commit to this, it will never affect “e2ee” options that collaborate with feds e.g. whatsapp, imessage. If you can kill Refaat Alareer with it rest assured you will be able to keep it in your phone anytime
I would like to know too please
hold on hold on, it’s in my bookmarks somewhere I just saved a screen and prioritized alarmism
I found it:
gov.uk/…/report-of-the-independent-reviewer-of-st…
It’s an independent review of some UK laws concerning national security, and the reviewer is warning that the laws could be used against people unfairly. Note the last sentence of the section: “Serious responsibility is put on police to use the power wisely.”
Engagement in Hostile Activity
6.16. Under Schedule 3 a person may be engaged in hostile activity even though unaware that their activity is hostile activity[footnote 428].
So a person could be examined on account of their wholly inadvertent and morally blameless conduct.
Examples could include a journalist carrying confidential information whose significance to national security he did not understand, or the victim of planted material. The examining officer could act if there was no possibility that the person was aware that its dissemination might be in the interests of a foreign state, or even that they were carrying the material.
The Code of Practice to Schedule 3 refers to the innocent dupe, who “…may believe that they are working for a legitimate business, or charity, which is in fact being utilised specifically for the purpose of espionage”[footnote 429].
6.17. Since hostile activity does not require any knowledge or tasking by a foreign state[footnote 430], the phenomenon of double-ignorance could arise. A person may be engaged in hostile activity if they do something which, unknown to them threatens, national security and which is in the interests of another State, also entirely in the dark. For example:
The developer of an app, whose selling point is end-to-end encryption which would make it more difficult for UK security and intelligence agencies to monitor communications. It is a reasonable assumption that this would be in the interests of a foreign state even if though the foreign state has never contemplated this potential advantage.
The lobbyist for a foreign firm, who seeks to persuade an electronic chip manufacturer to build its factory in France rather than the UK. This would engage the UK’s economic well-being in a way relevant to national security even though France is entirely unaware of the lobbying and the lobbyist is only doing his normal day job.
A journalist carrying information that is personally embarrassing to the Prime Minister on the eve of an important treaty negotiations affecting UK security interests.
6.18. In each of these cases the motive of the app developer/ lobbyist/ journalist may be more sinister than first appears, so permitting an officer to examine whether the individual is a witting or unwitting agent of a foreign state might be described as necessary in the right circumstances. Serious responsibility is placed on police to use the power wisely.
Awesome, thanks!
douglasg14bSo literally everyone in the UK using any website that uses TLS is now a hostile actor?
Essentially everyone’s a criminal which is a huge boon for the government. They can now get rid of anyone they want at any time, legally.
I don’t get it. E2ee is about encryption in transit not encryption at rest. TLS sounds exactly like e2ee
E2E is about the sender encrypting, and only the intended receiver decrypting, with nothing in the middle able to read the data.
TLS is not designed for that, as the server you connect to is not necessarily the intended receiver, yet it can see everything.
With E2E, you can send data to a server, which is not the intended receiver, and it won’t be able to read it.
Your explanation assumes that scope and scale are part of the definition which it is not.
If you keep zooming in or zooming out the definition of E2E keeps changing under your statement.
If the only knowledge a system has is between a sender and a receiver (Which satisfies even your definition of “intended recipient”) then TLS is E2E encrypted.
Considering how trivial it is to build, and the plethora of working examples on github, I expect anyone is one chatgpt prompt away from running afoul of this.
That’s often the point of this kind of legislation. The review from which this comes points out that the law is very broad and a lot is left up to the discretion of the police about how to apply it. In other words, they implement a law that just about everyone is breaking, then enforce it against environmentalists, critics of Israel, privacy advocates, socialists, anarchists and human rights campaigners, while leaving Meta execs, MPs, banks and the far-right untouched.
If I were to send a physical letter written in code that can only be decrypted with a cipher would I now be breaking the law?
What about radio or telephone conversations in code?
Can I still password protect my zip files or encrypt my NAS or PC before boot?
According to this legislation, using https is against the law.
A Cypherpunk’s Manifesto
By Eric Hughes
Privacy is necessary for an open society in the electronic age. Privacy is not secrecy. A private matter is something one doesn’t want the whole world to know, but a secret matter is something one doesn’t want anybody to know. Privacy is the power to selectively reveal oneself to the world.
If two parties have some sort of dealings, then each has a memory of their interaction. Each party can speak about their own memory of this; how could anyone prevent it? One could pass laws against it, but the freedom of speech, even more than privacy, is fundamental to an open society; we seek not to restrict any speech at all. If many parties speak together in the same forum, each can speak to all the others and aggregate together knowledge about individuals and other parties. The power of electronic communications has enabled such group speech, and it will not go away merely because we might want it to.
Since we desire privacy, we must ensure that each party to a transaction have knowledge only of that which is directly necessary for that transaction. Since any information can be spoken of, we must ensure that we reveal as little as possible. In most cases personal identity is not salient. When I purchase a magazine at a store and hand cash to the clerk, there is no need to know who I am. When I ask my electronic mail provider to send and receive messages, my provider need not know to whom I am speaking or what I am saying or what others are saying to me; my provider only need know how to get the message there and how much I owe them in fees. When my identity is revealed by the underlying mechanism of the transaction, I have no privacy. I cannot here selectively reveal myself; I must always reveal myself.
Therefore, privacy in an open society requires anonymous transaction systems. Until now, cash has been the primary such system. An anonymous transaction system is not a secret transaction system. An anonymous system empowers individuals to reveal their identity when desired and only when desired; this is the essence of privacy.
Privacy in an open society also requires cryptography. If I say something, I want it heard only by those for whom I intend it. If the content of my speech is available to the world, I have no privacy. To encrypt is to indicate the desire for privacy, and to encrypt with weak cryptography is to indicate not too much desire for privacy. Furthermore, to reveal one’s identity with assurance when the default is anonymity requires the cryptographic signature.
We cannot expect governments, corporations, or other large, faceless organizations to grant us privacy out of their beneficence. It is to their advantage to speak of us, and we should expect that they will speak. To try to prevent their speech is to fight against the realities of information. Information does not just want to be free, it longs to be free. Information expands to fill the available storage space. Information is Rumor’s younger, stronger cousin; Information is fleeter of foot, has more eyes, knows more, and understands less than Rumor.
We must defend our own privacy if we expect to have any. We must come together and create systems which allow anonymous transactions to take place. People have been defending their own privacy for centuries with whispers, darkness, envelopes, closed doors, secret handshakes, and couriers. The technologies of the past did not allow for strong privacy, but electronic technologies do.
We the Cypherpunks are dedicated to building anonymous systems. We are defending our privacy with cryptography, with anonymous mail forwarding systems, with digital signatures, and with electronic money.
Cypherpunks write code. We know that someone has to write software to defend privacy, and since we can’t get privacy unless we all do, we’re going to write it. We publish our code so that our fellow Cypherpunks may practice and play with it. Our code is free for all to use, worldwide. We don’t much care if you don’t approve of the software we write. We know that software can’t be destroyed and that a widely dispersed system can’t be shut down.
Cypherpunks deplore regulations on cryptography, for encryption is fundamentally a private act. The act of encryption, in fact, removes information from the public realm. Even laws against cryptography reach only so far as a nation’s border and the arm of its violence. Cryptography will ineluctably spread over the whole globe, and with it the anonymous transactions systems that it makes possible.
For privacy to be widespread it must be part of a social contract. People must come and together deploy these systems for the common good. Privacy only extends so far as the cooperation of one’s fellows in society. We the Cypherpunks seek your questions and your concerns and hope we may engage you so that we do not deceive ourselves. We will not, however, be moved out of our course because some may disagree with our goals.
The Cypherpunks are actively engaged in making the networks safer for privacy. Let us proceed together apace.
Onward.
Eric Hughes
9 March 1993
This was written in 1993? Huh, I keep seeing cyber punks around in different contexts too, like some music mixes from some cyber punk festival at least.
In the old days, the British Empire steamed open everyone’s mail and read it, at least coming from the colonies like India.
UlrichPaving roads makes it easier for an invading army to get around.
ChaisOur governments are hostile. Act accordingly.
1984Oh yeah? I’ll train an army of crows to transfer messages in exchange for specific shiny objects.
Seriously though - the constant hypocrisy and attempt to make our lives undeniably worse for their control obsession is either going to force our hand or end with the enslavement of the human race. These people are truly mad.
UltraGiGaGiganticThey choose force your hand. Draw the line where you wish. They will arrive at it given enough time.
Chaotic EntropyFucking hell…
I heard reddit sends out warnings for updating certain comments these days.
If i remember correctly, a few weeks ago a government party had their signal chat leaked. Those people have since ceased using signal right?
There’s no problem with Signal’s encryption. It’s the same issue with any and to end encryption scheme, at either end is a person who can very easily copy and paste everything that has been said in the conversation and send it off to anybody they wish.
apftwbGee why does the capitalist oligopoly fear communication they can’t monitor it’s not like they are doing anything wrong and have anything to fear from little old us
Do you have a link to the law?
It’s from this report …gov.uk/…/E03512978_-_Un-Act_The_National_Securit…
I emailed my MP about this before Christmas and am yet to get a reply
Kilgore TroutThat is irritating. Consider writing anew.
I am trans and a U.S citizen, the UK govt cannot comprehend how hostile I can towards it.
JackbyDev