"As independent information security and cryptography researchers, we build technologies that keep people safe online. It is in this capacity that we see the need to stress that the safety provided by these essential technologies is now under threat in the Online Safety Bill."
Europe has similar bills with chat control. There was no serious expert that did not warn about the severe negative repercussions. Representatives still didn't seem to be interested and the EU isn't particular democratic so anyone could be held to account.
I think technology must provide ways to ensure free and secure communication without a possibility of surveillance. The political class cannot be entrusted to shield essential freedoms, so technology has to provide it. Large tech companies are a single point of failure and we already have seen political influence there. While much of it is now challenged at least, I think we can all be glad the the internet provided some resilience against surveillance and propaganda attempts.
In that regard the panic about disinformation is also mostly manufactured in my opinion and the voice of experts will be disregarded anyway.
I agree generally, but we have to be realistic that decentralization/onion routing/public key encryption and all the other technical tricks at our disposal will only slow the corporations/the state down. Yes, it convenient for the FBI to have a web form to be able to get access to your gmail inbox or whatever, but they will happily just arrest you and beat you with a wrench until you give them your private keys.
The truth is that power (aka money) is heavily concentrated in global society. It's a worthwhile goal to break it up, and maybe there are some technical tricks to help people toward that end, but even if we woke up tomorrow with a perfectly decentralized and anonymous network culture, we would still be under the rule of oil interests/unelected bureaucrats/unaccountable intelligence agencies/the finance industry/your bogeyman of choice.
Yeah, i think we also have to be wary of defeatism when it comes to things like this as well. Of course they could just kidnap and torture you, they've always been able to do that. But this is about their ability to get information on millions of people simultaneously. It would be pretty unrealistic for the FBI to simultaneously kidnap and torture every member of an ethnic or political group. But if that data is all online then that information becomes easy and instant to get. So yeah, 1 person could be captured, that's not what this is about. This is about the simultaneous capture of _everyone_, which is wholly something outside the realm of possibility currently.
We shouldn't give up just because a bad thing already exists.
> Yes, it convenient for the FBI to have a web form to be able to get access to your gmail inbox or whatever, but they will happily just arrest you and beat you with a wrench until you give them your private keys.
Very unlikely on average, because they cannot (and are not interested) in arresting everyone. Internet surveillance, however, makes it easy to spy on everyone all the time.
This is also why it is vital to have approximately everyone using secure technologies.
> There was no serious expert that did not warn about the severe negative repercussions.
This is surprisingly often the case, not just for criminal law (or "security law") changes, but even in general lawmaking. And way more often than not those experts are spot on. Be it obvious loop holes in regulations, tax code issues, eroding civil rights, obvious unconstitionality of many surveillance (and many other) laws, obvious abuse potential and so on. It's a very long list.
These researchers are using logic and reason to fight against a bill that seeks to amass power and control.
And while I appreciate the level tone... I do wish they'd at least wink at the real reasons this is being put forward. I get why they don't, to maintain respectability and deniability etc.
But look at the sheer hypocrisy on display here. I kinda wish they'd take the gloves off and say, hey - Look at Prince Andrew, Ghislaine Maxwell, Jimmy Savile and Gary Glitter, and God Knows how many others.
Look at how those horrifying scumbags walked around free, for decades, as if authorities didn't know full fine well what they were doing. Look at how they were not just ignored, but protected by the establishment that now wants a backdoor on every private communication.
It's very difficult trying to do rational opposition to policy in the UK these days because .. that's simply not how it works any more. At best you have to work the kremlinology of different factions to get an idea killed or promoted. But you have to remember that it's a closed news ecosystem, you simply can't get a word in unless you're already part of that media/party group of people.
The plan to bring back "Imperial" measurements still isn't dead, for example.
Liz Truss, worst and shortest PM in living memory, is back after a few months as if nothing had happened. Why? It's not because she has any good ideas; it's because she's a vessel for a particular faction of bad ideas.
I think it's inflammatory and unfair to put Prince Andrew in your list, with a sex trafficker and two serial child abusers. He may have had an inappropriate relationship with a girl at a party, hold him to account for whatever there is in that it, but it's nowhere near on the scale as the others and it's the kind of hyperbole that dismisses the magnitude of major crimes.
He wasn't held to account for "an inappropriate relationship" (which is a fucked up way to describe multiple statutory rape allegations).
Instead, he was protected; given interviews where he practically hanged himself with ridiculous claims ("I don't sweat", "no recollection" of photographic evidence, etc); and still hasn't been investigated, even after refusing to cooperate with investigations.
And, you're dramatically underplaying his relationship with Epstein and Maxwell, which goes back to 1999 and includes weddings, Royal parties, topless Thai festivities, international visits, etc; even after Epstein's conviction: [0], [1]
It's not hyperbole to put him in this list; not at all. His inclusion illustrates the extent of power getting away with crimes in Britain. He was never arrested - but the protester who heckled him was. That says a lot.
UK law apparently makes it really easy to sue someone into oblivion for anything that even looks like libel. So the party with more money automatically wins, and the prize is an iron wall of silence.
As I understand it, most UK public are in favour of this bill almost Pavlovianly. There is a clear disconnect between us, the tech know-how, and the general public.
You much overestimate how politically involved the UK public is. Most people don’t know what this bill is.
In the UK there’s a concept of the “Westminster bubble”. Politicians believe that people care deeply about “online safety”, which is all that matters really.
Politicians don't believe that. But they know that the newspapers will vilify them at election time if they don't play along with the security & safety lobby, and the news media shapes voter preferences.
The public have been sold a lie. Just like the “Patriot Act” was just to keep everybody free and protect people from terrorists. It happens everywhere, and has been happening for a long time - it’s more about the narrative made up by the people pushing a law than what the law actually does. It would take a particularly free, particularly good media to inform the public that just doesn’t exist in most of the world.
The complacency of researchers knowledgeable in these topics should be noted as well. With great power comes great responsibility, as Spiderman states correctly.
This letter is a "nice try", but pretty late and lacking media-awareness. People certainly won't read a 4-page PDF. They should have led with:
> There is no technological solution to the contradiction inherent in both keeping information confidential from third parties and sharing that same information with third parties.
> The public have been sold a lie. Just like the “Patriot Act” was just to keep everybody free and protect people from terrorists.
The public tend to believe what they've been informed and the press tend to be inept when it comes to Gov surveillance.
The history of editors and journalists is 1) they reprint Gov Natsec claims w/o analysis or a single thought about Gov's history and 2) will only report surveillance wrongdoing when their nose has been dragged to it and they've been booted from behind.
And to clarify here, NatSec and Child Safety are just different food colors in the same poisonous water.
> The public have been sold a lie. Just like the “Patriot Act” was just to keep everybody free and protect people from terrorists.
The public have largely been sold nothing and are completely, blissfully, ignorant of this legislation. The legislation is being pushed through by politicians who have been sold two lies:
1. The legislation, and
2. the idea that the public care.
People rarely pay attention to bills before they are passed. This just seems like another case of people answering polling with higher confidence than they should.
The people are always sold a lie. But in a democracy, it is the responsibility of the voter to identify when they are being lied to and to search for the truth.
As much as you claim that media isn’t free and isn’t good, I look around and see the opposite. Now is the best time in the history of the world to get amazing journalism. You are just too focused on the media you dislike to admit that with selection comes lots of terrible choices.
> People rarely pay attention to bills before they are passed.
The fact that people don't pay attention means that they're vulnerable to accepting the framing that they get the first time they're forced to hear about it.
In this case it will be from slightly rewritten press releases sent from the people pushing the bill to the kind of UK papers and TV stations that can't find a single journalist who objects to censorship or surveillance.
> As I understand it, most UK public are in favour of this bill
Do you understand this from polling? Can't trust UK media outlets on public opinion, they push, they don't pull. If the public doesn't agree with them, they all will run variations of the same story, aimed at the same targets, for years until they do.
Honestly It is more an impression than understanding. Maybe the lack of attention in various petitions, e.g. https://petition.parliament.uk/petitions/601932
Maybe the lack of mentioning of "caveats" of the bill from major news outlet
Unfortunately, I think the only way for that situation to change is for enough members of the general public to be caught up in some kind of accidental suspicion or publication of their personal data.
And I think those who are proposing these kinds of bills know this, and are protected by how unlikely it would be to reach any kind of critical mass organically.
I'm sure there are laws against the encouragement of others to commit a crime, but ... wink wink.
The UK conservative party suddenly realising they can no longer communicate privately with each other over the internet should cause them to understand the consequences of their bill.
Should — but based on what else this particular group have demonstrated about understanding cause and effect, won't.
The UK had some pop celebs get mocked as far as I understand it and they advertised online control. I think this is a case of well-meant idiocy that disregarded the cost of being public.
You can discuss how high that cost should be, but there is a cost to state surveillance as well.
The UK public are extremely conservative, and extremely misinformed by conservative news sources. That's at the root of a lot of the demand for authoritarianism.
Yeah. "Small-c conservative". Starmer seems to have decided that the path to victory is to copy Tory policy and attitude as closely as possible, hoping that this will get him favourable press coverage or support from the particular set of "floating" voters in marginal constituencies that he needs.
But the Labour party have never been especially liberal. They're just as likely to enact controlling social policy. And, again, the press are extremely illiberal, they're likely to campaign for more surveillance.
(Don't try to jam the American two-party lens onto UK four-plus party politics, it will not help you make sense of the actual situation).
> (Don't try to jam the American two-party lens onto UK four-plus party politics, it will not help you make sense of the actual situation).
Because the UK has FPTP elections, in practice it's a two party system but which two parties varies by locale, resulting in some weird interactions that aren't really seen in the US.
You aren't going to get elaborate rainbow coalitions under that model, as you might in say Germany.
Long way off topic, but: I've always wondered why the US, fifty states not all of which are even contiguous, separated by huge distances, has not evolved regional parties?
Labour are the party who passed that very nasty "Tell us your password or go to prison" law under "If you've done nothing wrong, you've got nothing to hide from law enforcement or the government." mentality.
Red Tories are still Tories.
This leaves the Lib Dems, who sadly have zero interest in repealing the Online Safety Bill if it passes.
I don’t think they were talking about tories specifically just Britain as a whole being very conservative. Indeed as you’ve pointed out even the Labour Party in the UK is quite conservative. I would say the same is true of America, that much of the Democratic Party is actually quite conservative.
It sort of depends I guess. I’m not a political historian but it depends on what that “authoritarianism” looks like. In general though, wouldnt authoritarianism exist to maintain a strict status quote? In that sense yes I would call it conservative.
But like I said, I’m not a political historian just an idiot with a half baked opinion.
I think the common theme that unites supporters of the surveillance state is control, which is not the same thing as preserving the status quo. You also need control in order to make effective changes to the status quo.
All political movements and all politicians are convinced that their power is 100% legitimate and they should therefore be able to have 100% control of and visibility into everything that's going on.
The idea is compatible with most peoples' definition of democracy. You don't need to support other aspects of authoritarianism usually associated with right or left wing dictatorships.
What's the purpose of this exercise? What's the value of equating one emotionally-charged label with a different emotionally-charged label?
As to your question: yes, most authoritarians are conservative in nature, given that the world has mostly been moving away from authoritarianism over the past few decades.
My point is very simple: Attitudes (among politicians) toward the surveillance state do not seem to split along political lines between left and right. I wish they did.
Also, I completely disagree that the world has mostly been moving away from authoritarianism. On the contrary. There was a time when at least the direction of travel seemed assured. Now I'm no longer so sure.
[Edit] Just so you know where I'm coming from. As someone who would never remotely associate himself with anything "conservative", I wish I could just blame conservatism or right wing authoritarians for this surveillance drive. But I can't honestly do that, and I have to accept that it is not just a right wing idea historically.
Let me elucidate my point further then, as well: I think that any attempt to map a political decision or opinion on a binary scale serves no purpose (other than satisfy our tribalistic vestiges). It doesn't matter if it's left vs right, Tory vs Labour or republican vs democrat. The world just isn't that black and white, no matter how much you wish for it.
So please, debate policies on their content, not on their label. Reducing everything to a binary decision only serves authoritarian agendas.
I think it's used as a reference to the UK incarnation of a political philosophy [1], which by no means has a monopoly on promoting the serveillance state.
I believe you're conflating "big-C" Conservative with "little-c" conservative.
The Conservatives (aka Tories) are conservatives. The Labour party are also conservatives as much of the voting public in the uk is small-c conservative and also authoritarian.
> The UK public are extremely conservative, and extremely misinformed by conservative news sources.
While conservative news sources historically act in bad faith here, non-conservative news sources lose all reasoning ability, when it comes to Gov surveillance. They rarely hold Gov accountable unless they have little choice.
The latter probably happens because the public endlessly gives news orgs a pass about it.
Most of the populations around the world were in favor of locking people down because the governments, media and tech companies told them to. They were ok with debate being censored because "It was too important and risky".
Same thing happened in many countries with terrorism and loss of rights/super authoritarian/inconstitucional powers for govs, and it was fine... Because the risk is too great and "are you a <insert label here, such as terrorist sympathdizer, grandma killer, etc>
Let's not pretend the UK is particularly bad. Many countries are pushing the same old "destroy encryption" because I need to "tap the bad guys" and people are always fine when given the flimsiest of excuses/narrative.
That's such a poor response to everything i said but it's par for the course.
A telling thing is that you said people who have diseases and here it was prevent movement from everyone. Prevent the movement of the non sick. Remove human rights and civil rights. Implement inconsistent security theater and censor debate, and a long etc you don't care for because you just answered in the laziest of ways.
> Most of the populations around the world were in favor of locking people down
These were common sense measures known by people in the 500s
From the article about what happened centuries ago:
> He imposed isolation for both travelers and food coming to Constantinople from North Africa, hit by the terrible plague outbreak (541-542 A.D).
> Freedom of movement was only granted to those who obtained "a sanitary certification" from the authorities. In Venice, foreigners and passengers coming on ships needed to show a "certificate", to prove that they came from contagion-free places. In times of plague or cholera those who entered the cities were obliged to present a "health certificate" ("Patente di sanità")
But the same people were arguing right here on HN about studies showing that preschoolers in day care spread Covid even though every parent knows that preschoolers in day care have always been walking Petri dishes that spread diseases like a hooker on a crack.
Heck, since many of the people who were complaining about masks are self proclaimed “Christians”, even the Bible had “mask mandates”
>The person with such an infectious disease must wear torn clothes, let his hair be unkempt, [4] cover the lower part of his face and cry out, `Unclean! Unclean!' As long as he has the infection he remains unclean. He must live alone; he must live outside the camp.
“The weakened bill will give abusers a licence to troll, and the business models of big tech will give these trolls a platform.”
So the Labour government will get to decide who's a "troll," and whether they're de-platformed AKA cancelled.
Likewise Labour's desire to curb "legal but harmful" speech means that Labour will get to decide, on an ongoing basis, which speech is "harmful." It won't be defined in law, so the definition will be completely subjective, and ripe for corruption and chilling suppression of innocent people.
> The government disagrees and says the bill “does not represent a ban on end-to-end encryption, nor will it require services to weaken encryption.”
The bill mandates an end-run around E2E encryption. Government spokespeople are deeply disingenuous about this; the two ends are me and you, metaphorically; two users. If there's anything in the channel before the content is encrypted or after it's decrypted, then it isn't end-to-end any more.
I think it's inevitable that at some point some legislation like the OSB will pass in most western countries.
It's going to drive the people who have the know how underground, and anyone engaging in protecting their privacy will be considered a criminal. We're already creeping toward that IMO.
kill; e-commerce, in store payment terminals, online banking, all https, email, biometric passports etc.
It would be a return to the pre internet era, so probably is the will of the people and on form for the UK. I kind of hope they pass it then realise what it actually means.
> kill; e-commerce, in store payment terminals, online banking, all https, email, biometric passports etc.
Hold on! Kill all HTTPS? Biometric passports? I haven't tried to read the bill, but AFAIK there are no provisions in the bill that attack HTPPS, and given that biometric passports are not a communications technology, I don't see how they could be impacted.
I don't see how the bill impacts email at all; opportunistic SMTP encryption isn't E2E in the first place, and PGP is rarely used in email. And when it is used, it's usually to sign rather than to encrypt.
"End-to-end encryption (E2EE) is a private communication system, only communicating users can participate, no adversary nor eavesdropper can interfere, not the communication system provider, telecom providers, Internet providers, nor malicious actors, only communicating users can access the cryptographic keys needed to converse"
TLS / HTTPS would be included in my definition; the purpose of which is that the two parties are the only ones that can see the traffic.
It's not going to be enforced that way even if that's what the text says. Although it might get spicy if one of the megacorps decides the legal risk is real and withdraws from the UK market.
If it is implemented as per the legislation, the UK would need to be disconnected from the global internet, and most activity economic or otherwise would cease overnight. I should really retract my original position, things in the UK would be very different.
Honestly, it kind of needs to happen properly, otherwise people will never learn. Allowing these half baked pieces of legislation to pass and then not implementing them except for some edge case allows the idiots who write it and promote it to claim they were right all along.
There's a general "bad" when law are enacted and then not enforced, especially if it's a law that most people would naturally break because it's a silly law. It allows the authorities to persecute chosen individuals while not actually achieving anything that the law as written looks like it should be trying to achieve.
And this is a silly law. Everyone will break it, every time they use an encrypted communication, which is pretty-much every single thing one does on the internet these days. It's a perfect recipe for the authorities to let everyone carry on as normal, then when they want to crush someone they're certain to find some law that they have broken like this one.
> then when they want to crush someone they're certain to find some law that they have broken like this one
The will get a prosecution after catching red-handed a mass murdering terrorist or a pedo with kids locked in their basement because they did an online shop which "used encryption". The authors will claim victory, without these protections we couldnt lock these people up, the Sun and the Mail readers will lap it up. 5 counts of murder and 1 count of doing an online tesco shop.
So years ago there was a corruption scandal in Brazil, where gambling is illegal. A guy named Carlinhos Cachoeira[1] found that fact a great opportunity and built a gambling empire, which involved financing corrupt politicians so that they would vote according to his interests. Among those on the payroll was a senator, Demóstenes Torres. Well, one day an audio of a conversation between Demóstenes and Carlinhos leaks. It went something like that:
Carlinhos: so I want you do vote in favor of [law X, which toughened restrictions on the kind of gambling Carlinhos promoted]
Demóstenes (naively): but, professor, that will make things harder for you, won't it?
Carlinhos: oh, don't worry, it's not going to be used against me.
[1] Loosely translated as "Charlie Waterfall" by the NYT
Given what has happened previously and all the bickering about "the blob", I suspect this simply won't be implemented except for possibly a token target.
Has anyone checked if the legislation has the special clause for "prosecutions require permission from the Attorney General"? (i.e. politically motivated prosecutions only - this has been seen before)
My hope is that some comparatively insignificant Western country passes it first, makes international news when it cripples its own technological capacity and infrastructure, and then that becomes the cautionary tale.
My money is on Canada. The Trudeau Liberals passed their first of three internet control and censorship bills, C-18, and it has already backfired stupendously. It's quite similiar to Australia's similiar bill to force some companies to pay for linking to news content, but the Liberals saw that and thought "we should try it too!". Same result, Google basically said "no problem, we won't link to news in Canada".
However, unlike Australia, the Canadian Liberals are doubling down. New tax payer-funded subsidies for Canadian news are already being discussed to make up for the lost revenue the legislation caused. The Liberal-funded media is also trying to paint this as evil greedy foreign capitalist technology companies refusing to pay their fair share for exploiting Canadian news companies.
But that's why my money is on Canada. It has the perfect blend of incompetent leadership, empowered by another party that helps them pass any legislation no matter what, and constituents that are largely apathetic to anything that happens.
Don't worry, Australia is doubling down too. Our entire legislative board around tech and the internet at the moment is chock full of draconian shit like this.
Australia is half-fucked already, and will be completely fucked when the current opposition get back into Government (they're the ones who initiated the half-fucked status when they were in government, unfortunately with no resistance from the opposition at the time).
Raid warrants are already being signed off based on the tiny window into an IP address' life provided by legislated metadata retention. And no further actual police work is done on backgrounding the persons or households involved before choosing to suspend their rights.
Defeatism adds to the problem and it doesn't bring solutions. If we're already accepting that idiotic laws will pass, obviously they will. Let's call this what it is: a myopic and totalitarian law created by misinformed and clueless politicians. Let's fight it tooth and nail until we bury it.
- All online messenger providers (Whatsapp, Signal, Telegram) e.g. withdraw from the UK market. Meta and Google gave a taste for this after Canadian link law.
- UK needs to come up with a crappy homebrew messenger ecosystem no one uses. Maybe a messenger.gov.uk?
- People download applications with privacy and sideload them to their mobile phones, keep going with their business as usual
- The number of childs protected or caught pedophiles stays unchanged
- UK parliament members who proposed the bill will look like idiots, not getting re-elected
- The "compliance" companies who promoted these solutions, as it's driven by commercial interest that guides the political discussion, go bankcrupt
However I remain doubtful if we have this ideal scenario.
UK parliament members who proposed the bill will look like idiots, not getting re-elected
No one will lose re-election over a technical or scientific issue such as this. 99.9% of the public can't understand the position, the discussion, and will only listen to what fluff websites, and the parties tell them.
Now, is any party going to take up a "soft on pedophiles!" position? Because that's how it will be played...
Closing the sideloading hole on Android then becomes the next step.
It's already a nonissue on the most popular device.
Eventually the sale of devices that don't include cryptographic controls to prevent terrorists from misusing them to evade terrorist surveillance will be outlawed.
In the EU (which I know no longer includes the UK), both Apple and Google will have to allow sideloading in their operating systems by early 2024, because they* are expected to be designated as gatekeepers under the new Digital Markets Act no later than early September 2023, and after being designated they’ll have six months to comply. So the feature to sideload will continue to exist in Android and will be added to iOS, although they could choose to enable it only in the EU or to block it in the UK.
*If you choose to fact-check this, be aware that technically the European Commission will be designating Alphabet, Google’s parent company, rather than one of the multiple subsidiaries with Google in its name. So the official EU communications about this may not mention the word Google.
Remember that the Play Store uses encryption to download apps to the phone. If the law is enacted then this encrypted channel will technically need to be compromised too, which Google might also object to. If Google withdraw the Play Store from the UK, then what are they supposed to do?
This law doesn't just apply to messenger apps. It applies to almost every single act you perform on the internet. Everything will be mandated to be broken, including your browser. If you run a web server using https, you'll be breaking the law. If you ssh to another computer over the internet, you'll be breaking the law. If you connect to a VPN to access a work/university/school network or indeed a commercial VPN, you'll be breaking the law.
Stopping sideloading will never fix this issue, just having one non-cooperative external website would mean the scheme falls apart, you need to start blocking at the network level and aggressively pursuing people who bypass those blocks, making an example out of the first one that hits courts would likely be enough to scare all but the most dedicated out of such pursuits.
Beyond the security researchers' own little "computer savvy 1%" bubble, is there any intended audience for such Open Letters?
Could they actually communicate with normal people if they (somehow) wanted to?
Are there laws in the UK that make it too risky to just say something like "This bill will make it so much easier for the next Wayne Couzens to find his perfect Sarah Everard."?
Most likely the intended audience is the press. Now that this letter has been published, journalists can write stories like "Online Safety Bill Under Fire From Security Experts", which make the issue digestible to a lay audience.
They bury the central tenet in the middle, staying true to being inept at public communication:
> There is no technological solution to the contradiction inherent in both keeping information confidential from third parties and sharing that same information with third parties.
It would be more effective to tweet that sentence wherever the discussion is remotely touched. Nobody, including politicians, reads such lengthy letters.
Might you know of any Press Releases they've issued in conjunction with this open letter, or similar media-friendly materials?
At least where I live, the middle-aged owner of a small-town ice cream parlor is 99% likely to know how to do an effective press release. The "news" can be a new ice cream flavor, with the colors of the local HS sports teams...but you carefully write that press release in such a way that any over-worked bottom-rung reporter can spend 30 seconds adjusting the pronouns & such, then publish it in their paper.
I'm mostly talking larger news orgs, inc wire services. They have resources. However, if manpower is tight, maybe they could redirect some manhours from their sportsball or celeb divisions.
I will agree that local news orgs tend to show ineptitude whenever local LEO issue a PR. They'll just parrot what is said - no analysis at all - not even when a 5 sec search would reveal blatant misinfo (re:kids are at meaningful risk of stranger kidnapping).
There aren't a lot of people who are at the intersection of technology and advocacy, but they do exist and would be able to help us know what effective advocacy looks like. We just need a little guidance as a community.
Could you tell us about the historical effectiveness of such open letters to UK politicians, from tiny numbers of technical experts, on issues politically similar to this?
Context: The President it was addressed to had been working to prepare for war against Germany for most of a year. Einstein's "famous, politically ~neutral super-genius" reputation was far loftier than that of any signatory to this Open Letter. And it warned the U.S. President about a super-powerful type of bomb which Germany might develop (and use against the U.S.A.) during a period when both bomber and bombing technologies were obviously advancing very rapidly.
If a "smartest in the world" mathematician wrote the current U.S. President, to warn that the crypto algorithms currently used by the U.S. for uber-secret stuff might quite possibly be fully broken by China in the next few years - then I suspect that the current U.S. President might be fairly willing to take action. That is not the scenario around this Open Letter.
Totally concur - the point I was making that you revealed well is “The author is all that matters”
This actually happens all the time between experts and legislators, they just call it lobbying and it unfortunately lacks the “neutrality” that should be assumed, corrupting the whole thing in the process.
This is what the micro-nations were on about, people trying to dredge sand up off reefs and take over drilling platforms since the early 1980s to establish "data havens". The long term trend is that no nation will ultimately resist backdoors on encrypted platforms, because militarily they cannot resist the pressure (internally or externally).
The micronation thing is silly, as is relying on a shrinking number of countries which claim they won't enforce these laws. We need satellite-based servers. If I were Musk and had that chain up in the sky, I'd open a simple E2EE Whatsapp for anyone who could ping them directly. At this point, anyone who wants private comms is going to need to go to space for them.
> If I were Musk and had that chain up in the sky,
If you were Musk, and if Musk were some sort of superhero fighter for communications freedom. If Musk wants private communication for himself and his friends, I'm sure he can manage it.
I shouldn't have said "If I were Musk". That's so douchey. I feel like my 90 year old uncle.
I should've said, "If I owned a global chain of communications satellites, I would..."
But then again, would I? I'm not so sure. I ditched and walked away from a really brilliant E2EE platform I had built before I launched it in 2012, whose purpose was to touch off and gamify democratic revolutions in totalitarian states, precisely because I had a dream about it being used by nazis in the west to carry out mass organized violence. I woke up and realized it probably would be used for that, and I shut down the whole project. As a matter of fact, I have a 14 page long handwritten note I wrote addressed to Elon Musk warning him not to do things like that when he tries to de-moderate Twitter, which (since I don't know him, and he wouldn't care) I never sent.
So yeah, even if I were him, I probably wouldn't do what I just said. But it was a really douchey way that I put it. Sorry.
Sadly, a centralized, monetized space-based signaling system seems less like pie-in-the-sky to me at this point than does any particular decentralized platform gaining sufficient network effect to become a widely used standard.
Ah didn't even occur to me.. of course. I have been running my own server for a few months using Oracle free tier. Think I'll stick to matrix.org going forwards.
The apps would be delisted in the UK app stores and will eventually stop working for existing users when not updated. That's also a security issue in itself.
For something like this you must start blocking at the network level, simply allowing the traffic would make these trivial to bypass via even something as simple as a web browser.
Which, unfortunately, is a rather risky situation considering for instance all the rogue ChatGPT-branded extensions and apps people downloaded without a second thought to their legitimacy.
We have been conditioned to view branding as the certificate of legitimacy, and that simply is not true for the Internet where branding can be copied and pasted in seconds.
The risk can be reduced with open source code, verified by the community. Usually when the "branding" gets too authoritarian, people reach for the FOSS version that seems the most trusted.
Stop using centralized software distribution systems. F-Droid, Debian etc are run by international communities, support Tor, and cannot be censored as long as we maintain access to the internet.
When you have nothing to offer on real issues (inflation, housing, pay, jobs, transport, health, education, social mobility etc), you have to constantly whip up fear over non-issues (people online). (both with the general population, and your own back benches)
Once you have have spent years whipping up fear over non-issues, you inevitably have to do something about them.
But you cannot actually do something that doesn't have side effect worse than the intended effect. But you can't just admit that or walk away. You have convinced your electorate these are the number 1 issues facing the nation.
So you write a law that's meaningless nonsense, and poop it out into Parliament.
That is how we got this bill. That's how we got Brexit.
Whether we can overcome this sort of disfunction will basically decide whether algo-sphere style democracy is sustainable...
I for one welcome a future where (you can once again) sit in a coffee shop and watch peoples plaintext usernames and passwords travel over the ether followed by the plaintext content of their messages.
When Hunter S. Thompson wrote about the drugs our politicians were on, he wasn't completely fabricating. DC is high on prescription pharmaceuticals and the actual legislation is coming from lobbyists hired by people who are also highly medicated.
They don't care what the people want after campaign season is over, however they will back off from anything that generates genuine outcry, for a while, then they'll try it again later.
