Signal: If UK Government Undermines Encryption It Can Kiss Messaging Service Used By Its Employees Goodbye
from the better-start-writing-up-the-carve-outs dept
If anyone can call a government’s bluff, it’s Signal. It’s a nonprofit, which means it doesn’t need to make a bunch of shareholders happy by capitulating to ridiculous government demands in order to retain market share.
Governments really can’t threaten Signal. It doesn’t collect or retain user information, so it can’t hand this data over no matter how much or how hard government agencies demand it.
When governments start threatening to undermine or criminalize encryption, the encrypted messaging service is more than willing to walk away from those markets, rather than weaken/remove encryption just so it can keep serving users in these countries. While that doesn’t do much good for Signal users in countries where encryption is being eyed for vivisection, it does protect the rest of its users everywhere else in the world. Once encryption is undermined — no matter where it takes place — it threatens the security and privacy of every user.
The government of India has been steadily increasing its direct control of the internet, including social media and messaging services. To achieve this control, the Indian government needs to backdoor or ban encryption. In response to this threat, Signal has promised to exit the market, rather than produce a weaker (or unencrypted) version of its service for the Indian market, which is one of the world’s largest.
The UK government is now receiving the same declaration from Signal the Indian government did when it started directly threatening encryption. The UK government has been trying to undermine encryption for years, with each passing year bringing with it new proposals and new levels of desperation from legislators.
Whatever the UK government decides to do, Signal isn’t interested in collaborating with it if it says encryption has to go.
Asked if the Online Safety Bill could jeopardise their ability to offer a service in the UK, [Signal president Meredith Whittaker] told the BBC: “It could, and we would absolutely 100% walk rather than ever undermine the trust that people place in us to provide a truly private means of communication.
“We have never weakened our privacy promises, and we never would.”
The UK government, however, continues to live in denial. It claims its proposed changes to the Online Safety Bill would not “ban end-to-end encryption.” That may be so but the proposal is intended to weaken end-to-end encryption by either compelling encryption-breaking by providers or creating backdoors for law enforcement access. As usual, the government claims this is for the children.
“The Online Safety Bill does not represent a ban on end-to-end encryption but makes clear that technological changes should not be implemented in a way that diminishes public safety – especially the safety of children online.
“It is not a choice between privacy or child safety – we can and we must have both.”
Except that it is. And the choice isn’t about privacy, it’s about security. You can either have a secure system or you can have this fairy tale lots of government officials believe: something that allows cops in but keeps bad guys out.
[Whittaker] added: “Encryption is either protecting everyone or it is broken for everyone.”
She said the Online Safety Bill “embodied” a variant of this magical thinking.
And the government knows this. Last year, its own Information Commissioner’s Office issued its own report on the government’s encryption war, coming down firmly on side of strong, uncompromised encryption… for the children.
“E2EE [end-to-end encryption] serves an important role both in safeguarding our privacy and online safety,” said Stephen Bonner, the ICO’s executive director for innovation and technology. “It strengthens children’s online safety by not allowing criminals and abusers to send them harmful content or access their pictures or location.”
If you want to protect children, the last thing you should do is weaken the encryption that protects their connections and communications. That’s the point the ICO made. But the other parts of the government seem to think they know best and are ignoring this advice to press forward with efforts intended to weaken or backdoor encryption.
If the UK government won’t listen to the UK government, maybe it will listen to the UK government? Plenty of its employees like to use encrypted services featuring self-destructing messages (including Signal), presumably to keep their communications out of the hands of public records requesters. Will these legislators and officials be willing to work against their own interests by chasing Signal out of the country with anti-encryption mandates? Or will they decide to safeguard their own interests (and the some of the public’s interests too, albeit inadvertently) by shutting down these proposals before the become law?
Filed Under: encryption, online safety bill, uk
Companies: signal
Comments on “Signal: If UK Government Undermines Encryption It Can Kiss Messaging Service Used By Its Employees Goodbye”
Slightly more correct paraphrase:
“The Online Safety Bill does not represent a ban on end-to-end encryption but makes clear that technological changes should not be implemented in a way that provides end-to-end encryption, yadda yadda chewbacca safety of children online.
Ok, it does represent a ban on effective end-to-end encryption, but you may employ the technology as long as it doesn’t work.”
It’s sort of like how you are allowed to keep historic guns as long as they have been modified to be useless for their principal purpose.
Or alternative three: become scofflaws regarding encryption and use Signal regardless of their own laws?
Re:
A political establishment that raised Boris Johnson to the highest office, scofflaws? The very idea!
Re:
Is it even legal for government employees to be using Signal to keep their messages out of the public record? Saying “the government’s plan is bad because it’ll make it harder for the government to escape their legal obligations” isn’t what I’d consider a winning argument, even if it happens to accidentally benefit the public in another way.
It just adds the government as an end for all encrypted messages. Therefore encryption is stays end to end, just it is no longer a means of private communications.
Re:
End to Ends encryption
Re: Re:
More like means to an end encryption.
“Will these legislators and officials be willing to work against their own interests by chasing Signal out of the country with anti-encryption mandates? Or will they decide to safeguard their own interests (and the some of the public’s interests too, albeit inadvertently) by shutting down these proposals before the become law?”
In my home state motorcycles can’t split lanes… except for law enforcement.
Nobody can have blue or red reflectors or lights on their car… except for law enforcement.
Nobody can drive at an unsafe speed, a careless manner, or a reckless manner… except law enforcement.
Active school zones have a 15MPH speed limit, double fines, and crosswalks that extend to all lanes (for the safety of the children)… except for law enforcement.
I’m willing to wager ANY law the UK passes that weakens encryption will do so… except for law enforcement or politicians.
They’re not worried about how THEIR use of encryption can harm the children. They just want to make sure EVERYONE ELSE can’t use encryption, no matter the children.
“And then the priest turns to the lawyer and says “do you think we have enough time?””
E
We’re not banning breathing. We’re just outlawing systems that function by using expansion and contraction to cycle the volume of air exposed to an air/blood interface used to transfer oxygen and carbon dioxide between the two.
Don't Worry
Don’t worry all, we are not ending end to end encryption, we are just modifying it to allow for encryption on one end, unencrypted government inspection in the middle, and then re-encrypt it on the other end…so you know each ‘end’ has encrypted content!
Politicians and their, “Just the tip” push on encryption.
Brain damaged country
This is the country where people thought a story about a trans woman finding the bathroom out of paper towels and saying she would just wipe her hands on her penis not only made sense, but was plausible, and damning evidence of the danger of those scary transgenders. So yeah, an island full of people with severe brain damage.
Re:
If only everyone had such a soft, absorbent penis.
Re: Re: Absorbent
But is it detachable?
Re: Re:
Squeezably soft.
Re: Re: Re:
mouthfeel
If they can't get the company to comply, they will go after the employees
Assuming they continue down this route, and don’t have a change of heart, they will still find a way to go after Signal for non-compliance even if Signal refuses to back down.
We have seen the tactic used in the US to go after people providing completly legal products that law enforcement didn’t like. All law enforcement has to do is allege that the product is mostly used and marketed to criminals, and they can go after the individual employees for aiding and abbeting criminal activity.
Re:
Which is exactly why Signal would exit the market. If the law passes, Signal packs up shop, closes down any local offices, and no longer maintains a presence in the country at all.
Thus the government has no employees to go after.
Re: Re:
I think you missed the point. Look at Dmitry Sklyarov or Meng Wanzhou. People who work for Signal might have to avoid ever going into the UK and any countries from which it can extradite, even for non-work-related reasons. Nevermind that some countries try to claim jurisdiction just for having customers from that country—or moving money through there, having domain names with any connection, etc.
Re: Re: Re:
In the US, criminal defendants can be charged in federal courts if the crime involves electronics, if any part of the electronics was made in a different state or country. Surprise, that’s all electronics.
'You can have encryption, just not encryption that works against us.'
“The Online Safety Bill does not represent a ban on end-to-end encryption but makes clear that technological changes should not be implemented in a way that diminishes public safety – especially the safety of children online.
‘Look we’re not saying you have to leave all your doors unlocked just in case we want in for whatever reason, we’re just saying you’ll be legally required to leave the key in a place we can access it whenever we want to and we pinky-promise we’ll only use it for super-serious reasons.’
The bill has become such an unworkable mess that it is likely to collapse under its own weight that will end up delayed over and over again until it is scraped even if it were to pass.
There also the fact that the UK is about to enter a recession meaning Ofcom is likely to be super underfunded and unable to enforce 90% of the bill.
Re:
We are not about to enter a recession. It is defined as two consecutive quarters with negative growth. We got positive growth this quarter, admittedly a microscopic one, but that means, officially, we cannot be in recession until Q3.
If everyone stopped going on about it, it may cease to be a self fulfilling prophecy.
Found the NAZIs
They’ve invaded parliament. (And Congress.)
Not quite "no countries"
Sure UK and India can’t influence Signal.
However a National Security letter from the US Government could request changes to break E2E encryption. Leaving signal the choice to shut down, or leave the country. It’s unclear where they could go, and if ownership of domains, Android App, and IOS app would stay with the new entity, or the old.
The scariest part is national security letters can require the recipient to not reveal whats going on.
Re:
I think you mean “order”. NSLs are more than requests.