UK passes "online safety" bill making end-to-end encryption impossible

Permanently Deleted

Haha yes also incredibly that they had to point out this sentence "Tech companies have said scanning messages and end-to-end encryption are fundamentally incompatible."

Very astonishing how there are some fundamental lacks of understanding from politicians advertising this. Or all on purpose
- Tech companies have said scanning messages and end-to-end encryption are fundamentally incompatible.
  
  That's not a given. Imagine messaging is like you trying to pass a note to a classmate in school. End-to-end encryption is like using a cypher based on your friend's social security number, crumpling up the note, and then shoving the note up Tommy's ass for them to deliver it to your buddy. Pretty standard note-passing stuff.
  
  Adding the ability for the government to scan your messages is like being that kid who can't write without mouthing or whispering what you're writing. Then the teacher says "got it! Don't worry, I definitely definitely won't discuss this in the beak room with the other teachers!" And then gives you a big reassuring wink and a smile while you shove the note up Tommy's ass.
  
  See how everyone gets to have fun in the second scenario? The best part is knowing that no teacher ever has ever done anything bad. The end.
- I'm not surprised at all
Not really. Different websites will treat you differently depending on what country you're accessing them from.
- Ah if Internet was only websites, life would be easier.

Do they want to lose access to… everything on the internet? Because this is how you lose access to everything.

Haha yes definitely something to follow. I'm looking forward to lists of companies that left UK because of this (as announced) and lists of companies that stay and thus prove that their end-to-end encryption isn't a real one
- I keep forgetting that the UK left the European Union. When I originally read that title I was like how the fuck could that happen? Oh Brexit. That is going to set them back decades.
Digital Brexit

Not even the United States is as determined to become a third-wonld shithole as the UK is.

republicans: "hold my beer"
- The common thing here is conservatism. It has no borders and thrives on hatred, which is fundamentally human. It will alway exist as an evil. It just varies on how much power they have and is under slightly different names, but they have a common thread of beliefs that always come back. No country or person is immune to this as morally superior they think they are.
I don’t get it - where did all these idiots come from in the western developed worlds? It’s like half have forgotten history, and are hell bent on sending us into this fascist dystopia where we’ve forgotten that freedom comes with a price. Nobody likes the darker side of the internet, but punishing regular users and businesses isn’t the answer. Everyone loves to pick on the USA, and we deserve it, but it’s happening seemingly everywhere.
- Because these people are always there, always waiting. We got lazy about stomping them down.
- Where there is money to be made, and influence to be pedaled, Capitalism will find the person to do it for them. If you are doing it because you are evil you are a conservative, if you are doing it because you think you are actually helping the children, you are a liberal. But the outcomes are the same either way.

" Safety Bill " the fucking irony of it Tories making sure we're the biggest clown show in the world. Well time to shutdown all those https end points and spool up jhonlewi5.co.uk to my offshore account.

"If companies do not comply, media regulator Ofcom will be able to issue fines of up to 18 million pounds ($22.3 million) or 10% of their annual global turnover." Yet thier mates can quite happly steal tax money under PPE contracts and pump literal shit into our waterways.

Well, they already left the EU, now they want to leave the internet, too.

Well all you can say is bye bye and good luck

Okay so how would this be enforced? Highly unlikely any messaging service that offers E2E is going to release a version without it just to satisfy the UK government. So this will basically be easily thwarted by using a VPN?

The bill was changed so it no longer bans e2e encryption, it's now the responsibility of tech companies to provide protection "where technically feasible" which basically means fuck all
- where technically feasible
  
  It gives something that can be argued about later, right? After other parts of the bill have begun to be implemented. So, further down the road if gvmt considers e.g. WhatsApp or Signal as having CSAM and not taking appropriate steps, then they can put pressure and WA/Signal can argue back about feasibility and merit.
That's the lovely bit about putting a bill out there. The enforcement and feasibility is not the problem of the politicians anymore.

We made it safe by making it so nobody can be safe. What are you people mot understanding?!

/s

Uh it’s not impossible, just illegal.

So did Signal and others actually leave the UK market or did they fold like a wet paper napkin like we all knew they would?

By the looks of it e2ee isn't actually banned, and if e.g. Signal says "we can't technically scan people's messages" then they're given a pass... maybe. The Reuters article reads like the UK gvmt are going to be going after more Facebook-like media first, rather than encrypted private messages.
I'd love to know that as well. So if you guys have any news let's have it

Very 1984 of them

Literally facial recognition cameras at every single stop light in UK.
- Literally not. Unless you think the UK doesn’t exist outside of London.
I wonder where the book was written and set, i wonder
- Kinda makes you wonder
Very 1984 and also very 1894
I like your PROBLEM light.
- It's on! It's off! It's on! It's of! It's on! It's off!
  
  Sigh, that's called blinking!

There must be exceptions for banks. Otherwise, brb gonna steal some easy £

If governments the world over were as obsessed with solving things like the climate crisis and cost of living as they are with undermining encryption techs, we'd be living in a utopia by now.

They tried this here in Australia, luckily for us it got voted down. Iirc there's been other countries trying the same BS

What? It didn’t get voted down, it literally passed and is law under the Telco Act. The fact we passed it gave the UK ammunition to do the same thing.
- it is my understanding that our sucky Assistance and Access Act, is fundamentally different, it compels developers provide back doors where it will not systemically undermine the system. To my understanding the UK one requests "breaking" e2ee in its entirely - which is why services like Signal were considering full exiting the region?

"we want to break https, SSL, TLS, SSH..."

Man, operating servers in the UK is going to be FUN!

First of all, these protocols don't allow for backdoors so good luck with that. Are they going to ditch all those and run their own private internet or something?

Seriously, what they want isn't even possible, and even if it were, it won't. fix. anything.

Real criminals will just continue using these real encryption protocols that you cannot break, so this just ends with the state being able to spy on the common people.

And nobody will abuse this, if 50.000 pounds disappears from yout bank about then fuck you, shut up, you never had that...

Politicians are stupid.

First of all, these protocols don't allow for backdoors

Doesn't matter, tbh. The entire problem of giving governments (or whoever) a backdoor is that there's no way to make it only available to the "good guys".

If Apple and co did put in backdoors to satisfy the Brits, the first thing every other government on earth would do is legislate itself access to the backdoor.

With or without a proper backdoor, this law breaks the tech.
Yeah, the title of this post is misinformation. If you read the article it says: "The government, however, has said the bill does not ban end-to-end encryption." Even in extreme cases it says scanning will be required where "technically feasible."

People need to relax and pay attention.

So, looking at this article, there is no mention that they made end-to-end encryption illegal.

Tech companies have said scanning messages and end-to-end encryption are fundamentally incompatible.

Earlier this month, junior minister Stephen Parkinson appeared to concede ground, saying in parliament's upper chamber that Ofcom would only require them to scan content where "technically feasible".

So they would basically be scanning information WITHOUT end-to-end encryption

Permanently Deleted
- Well, it's more than that since OP even changed the title of the article.

Earlier this month, junior minister Stephen Parkinson appeared to concede ground, saying in parliament's upper chamber that Ofcom would only require them to scan content where "technically feasible".

Big if true.

It depends how they interpret "technically feasible". It's technically feasible to force everyone to compromise their encryption.

How to contact your MP https://www.parliament.uk/get-involved/contact-an-mp-or-lord/contact-your-mp/

The thumbnail for this article really bothers me. They just copy pasted the same string of 1's and 0's throughout the entire screen and colored it lime green on a black background for that Matrix effect.

I thought it was apropos… just as fake as the encryption solution now enshrined in law in the UK.

This is the best summary I could come up with:

LONDON, Sept 19 (Reuters) - Britain's long-awaited Online Safety Bill setting tougher standards for social media platforms such as Facebook, YouTube and TikTok has been agreed by parliament and will soon become law, the government said on Tuesday.

"Today, this government is taking an enormous step forward in our mission to make the UK the safest place in the world to be online," she said.

Once the bill receives royal assent and becomes law, social media platforms will be expected to remove illegal content quickly or prevent it from appearing in the first place.

They will also be expected to prevent children from accessing harmful and age-inappropriate content like pornography by enforcing age limits and age-checking measures.

Instead it will require companies to take action to stop child abuse on their platforms and as a last resort develop technology to scan encrypted messages, it has said.

Earlier this month, junior minister Stephen Parkinson appeared to concede ground, saying in parliament's upper chamber that Ofcom would only require them to scan content where "technically feasible".

The original article contains 334 words, the summary contains 174 words. Saved 48%. I'm a bot and I'm open source!

Are VPNs in the UK getting banned? If e2ee is getting banned for "online safety," many apps are at risk, but doesn't that mean that you could just install the apps via a VPN?

Encryption isn't banned. The government could just ask service providers to decrypt content at any time, allegedly so that it can be scanned for child abuse. This is impossible with e2ee, so such services may become impossible to operate in the UK.

Is there anything I should be doing to protect myself from this bill if I live outside UK?

Yes, don't move to Slough

This is general life advice too
- David Brent reads 'Slough' by Sir John Betjeman
  
  https://m.youtube.com/watch?v=LQOJoGx3QyQ&pp=ygUWc2xvdWdoIHBvZW0gdGhlIG9mZmljZQ%3D%3D

And something as bad (if not worse) is coming to the EU too https://www.patrick-breyer.de/en/posts/chat-control/

Jesus christ. Thanks for sharing, I had no idea about this.
- This is by design; they've been very quiet about this. It's going to pass, and once it does I doubt it'll only be used for scanning for CSAM

Will this lead to companies ditching E2EE?

Unlikely; more likely it will lead to UK politicians finding out that, like Russia, the UK isn’t as big a deal internationally as they assume it is at home.
- To take a recent example, Microsoft considered just completely leaving the UK gaming console market if it fully blocked the buyout of blizzard activision, as it already won elsewhere and had good trial against the FTC in the U.S.

Cant you just make a keyboard app that encrypts it for the recipient while you type it? Will they even ban that?

There are logistical problems with that. Such as how you plan to get the key out to recipients.
- When someone wants to start a conversation they send their public key unencrypted (no need for it to be encrypted) and then you send your public key It will be one more message but the keyboard could have some sort of "profiles" for every persons public key, that you could select (This is just an idea, I have no coding experience)
Like this one https://github.com/amnesica/KryptEY?
- Yes, like that, thanks for it. was thinking about something that captures the screen and uses OCR to take the encrypted text and then decrypts it. But that would be complicated and would need to be adapted for every app
No they won't. The bill is against social media companies, not your own encryption measures. Where the line exactly falls between hand-coding your own cypher; using good old PGP; using an app to encrypt but sending via a separate service; using an e2ee messaging app+service; being on a community/group-focused e2ee service; normal unencrypted-on-server social media... Going by the Reuters article (I haven't read the actual bill) it seems mostly aimed at main social media platforms, with a to-be-explored relationship with private messages.

After Brexit there's Digital Brexit

This is openly misleading. This sucks, sure, but it doesn't ban e2ee as the title suggests.

and as a last resort develop technology to scan encrypted messages, it has said

Right there in the article, my guy.

If you can scan encrypted messages then you've no longer got e2ee
- They actually took off the E2EE decrypting clause from the bill that got passed. Originally it was there.
- 1 line below, you can read
  
  Tech companies have said scanning messages and end-to-end encryption are fundamentally incompatible. Earlier this month, junior minister Stephen Parkinson appeared to concede ground, saying in parliament's upper chamber that Ofcom would only require them to scan content where "technically feasible". Donelan said in response to questions about Parkinson's statement that further work to develop the technology was needed but government-funded research had shown it was possible.
  
  In practice, I doubt this will have any consequence on encryption, as the title of this post suggests.
- The title here said E2EE is made impossible, I was simply saying that is untrue. Clarity matters. It says in the article they removed the bit about banning encryption or requiring back doors to it before it passed.
  
  The rest sucks, as I acknowledged, and they want to make it easier to scan devices that would include messages that have been decrypted upon arrival. There's already spyware they does exactly that. However, that doesn't make it so that E2EE is impossible.