Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Encryption

Signal Would 'Walk' From UK if Online Safety Bill Undermined Encryption (bbc.co.uk) 42

Bruce66423 writes: The encrypted-messaging app Signal has said it would stop providing services in the UK if a new law undermined encryption. If forced to weaken the privacy of its messaging system under the Online Safety Bill, the organisation "would absolutely, 100% walk" Signal president Meredith Whittaker told the BBC. The government said its proposal was not "a ban on end-to-end encryption". The bill, introduced by Boris Johnson, is currently going through Parliament. Critics say companies could be required by Ofcom to scan messages on encrypted apps for child sexual abuse material or terrorism content under the new law. This has worried firms whose business is enabling private, secure communication.
This discussion has been archived. No new comments can be posted.

Signal Would 'Walk' From UK if Online Safety Bill Undermined Encryption

Comments Filter:
  • Again (Score:5, Insightful)

    by Ol Olsoc ( 1175323 ) on Friday February 24, 2023 @09:35AM (#63319819)
    If they were actually thinking about protecting children, that would be one thing. But "Won't someone think about the children" is just a bullshit move to try to cut off discussion. After all, who want's to be branded in favor of child abuse by being against something that isn't about children at all?
    • Re: (Score:3, Insightful)

      The same people threatening nuclear war want to protect the children by banning the means of communication that could oppose the people threatening nuclear war.

      Yeah, we're not that stupid.

      Good for Signal. Now decentralize because they're coming for the servers sooner or later.

    • Re: Again (Score:5, Informative)

      by wierd_w ( 1375923 ) on Friday February 24, 2023 @09:51AM (#63319873)

      It has always been BS.

      Remember when the UK Govt was embroiled in a multidecade child sex ring?

        I sure do!

      https://www.reuters.com/articl... [reuters.com]

      This is all about panopticonism, and a blatant refusal to comprehend what encryption does, and why it has to be that way in order to work.

      The UK Govt feels squeamish about its citizens communicating securely, and wants to be notified on a backchannel about all communications, despite the fact that this is impossible to enable without making the encryption moot.

      To disguise their BS, they have gone all 'FOR THE CHILDREN!', despite the historical record that they have in that regard, such as actively arresting people who managed to track their sex trafficked kids down.

      https://www.google.com/amp/s/w... [google.com]

      Or, that such child trafficking has INCREASED, not been reduced, in recent years.

      https://www.ons.gov.uk/peoplep... [ons.gov.uk]

      So yes, I would say the trustworthiness of BoJo's plan is about on par with that of the Nigerian Prince.

      As long as people trust those choads, this will keep happening. Tory Govts have a TERRIBLE reputation with this.

      • by sjames ( 1099 )

        Perhaps had there been a secure communications tool like Signal available then, the children would have felt safe enough to contact concerned adults from outside the area for help. They certainly needed help and the adults in the area seemed to mostly be interested in them keeping quiet.

        So I say keep secure confidential communication secure and confidential FOR THE CHILDREN!

      • What's so frustrating about it all, is why it's so hard for government agents to understand encryption. Even old dinosaurs understand the idea of combination locks. What do you think happens if say we required every combination lock to have a master code that we tell every police officer about? You don't need to be able to understand an iphone to see how quick that would go wrong. Hell you could also compare it to the TSA keys on luggage tags, Followed by pictures of TSA keys selling for under $5 on amazon.
    • Re:Again (Score:5, Insightful)

      by Opportunist ( 166417 ) on Friday February 24, 2023 @11:16AM (#63320145)

      Remember: If you think of the children all the time, chances are good you're a pedo.

      • Remember: If you think of the children all the time, chances are good you're a pedo.

        And how. There is the occasional person who was abused as a child and becomes an activist. But that's a whole different modus.

        But when you get people who are way too obsessed with X activity, they probably engage in it. Or at least want to.

        I find it amusing the present obsession of some folks with transgenders. Now don't get me wrong, I find the pronoun business pointless, but seriously, the way some of these folks go on, I'll bet their internet history shows they likes them those "chicks with dicks".

        • I have this hypothesis that they are afraid they might hit on a girl, only to find out that there's more land south than north of the equator and they'd have to realize that they had the hots for a guy.

          Teh horrorz! Le Gay!

    • Pedophiles. Obviously.

      Checkmate.

  • From the (Score:3, Insightful)

    by ArchieBunker ( 132337 ) on Friday February 24, 2023 @09:41AM (#63319845)

    Same people who turned a blind eye to Jimmy Savile. https://en.wikipedia.org/wiki/... [wikipedia.org]

    That guy was fucking everyone from children to the elderly.

    • Re:From the (Score:5, Insightful)

      by Ol Olsoc ( 1175323 ) on Friday February 24, 2023 @10:08AM (#63319915)

      Same people who turned a blind eye to Jimmy Savile. https://en.wikipedia.org/wiki/... [wikipedia.org]

      That guy was fucking everyone from children to the elderly.

      It fits in with my thesis that when a person or group of people make a constant presentation of ostentatious opseudo opposition to something like child abuse, or gay opposition, it's a big red flag.

      How many times do we find politicians or clergy who have rageboners (how appropriate a term in this case) about gays end up caught boinking someone of the same sex?

      The "Won't someone think of the children!" crowd - aside from the dishonesty of their tactics, are probably thinking a whole lot about having sex with children, just like anti-gay people spend more time thinking about gay sex than gay people do.

      So as weird_w points out these folk are into panopticonism, and we can add projection to that.

      • Yes, sadly, the most vocal opponents tend to be closet fans. Your examples are spot on.

        Is there a name for this other then hypocrite?

        • Yes, sadly, the most vocal opponents tend to be closet fans. Your examples are spot on.

          Is there a name for this other then hypocrite?

          A lot of us call it Malicious projection

  • by schwit1 ( 797399 ) on Friday February 24, 2023 @10:34AM (#63319995)

    https://www.independent.co.uk/... [independent.co.uk]

    Inquiry identifies ‘extensive failures’ by councils and police, leaving victims treated as offenders while perpetrators go free

  • Because people can't use a messaging app run by a company outside the UK can they ...

    and UK jurisdiction covers companies with no base of operations here ...

    and the UK can legislate against a US based non-profit ...

  • Pretty sure I read on the news that the encryption on signal was cracked, why are they still relevant?
    • by IcyWolfy ( 514669 ) on Friday February 24, 2023 @11:03AM (#63320089) Homepage

      It wasn't cracked.
      Cellebrite successfully launched a phishing attack on Twilio.

      Specifically, they sent phishing emails to Twilio, the SMS provider.
      One admin at Twilio fell for it, and submitted his admin credentials to the Cellebrite.
      Once they had admin access, they installed signal on their phone, and used a phone number for the account they wished access to.
      The SMS was sent, and they immediately read the message using Twilio's admin tools before it reached the end user.
      They signed into the account using the 2FA code.
      The user's account they signed in to DID NOT have a registration PIN set. Had this been set, no new installation would be allowed unless BOTH 2FA code and PIN are provided. Had the users set a registration PIN, this SMS diversion attack would not have been enough to log in to the signal account on a new device.

      The net result:
      Cellebrite had been able to log in to the user's account.
      Had NO access to chats.
      Had NO access to contacts.
      Only ability to pretend to be the user in new chats.

      Mitigation:
      Set a PIN on the account to prevent registration on new devices. ("Set Registration PIN in security settings).

      The Second claim by Cellebrite, was a blog saying they broke the encryption, and could access messages.
      This physical access has been known for years, and Signal suggests locking phone, and requiring PIN to access Signal. But, notes, if an adversary physically has your phone, there are many more vectors for attempting to gain access.

      The details required:
      Phone physically in hand to analyze.
      Able to access phone running (either known PIN or phone unlocked)
      Signal was NOT configured to have a PIN on startup.
      Open Signal.
      Read the decryption key from device memory.
      Copy LOCAL messages, and use the decryption key to read in bulk. (Or, since you have the app open, read them in the App itself.

  • Safety? (Score:4, Insightful)

    by Opportunist ( 166417 ) on Friday February 24, 2023 @11:15AM (#63320141)

    How again is a bill supposed to increase safety that reduces the safety of the information you transmit?

  • Does anybody happen to know user numbers for the UK? I know only a very few people on Signal, but they all communicate via WhatsApp and occasionally iMessage. Seriously, WhatsApp is so ubiquitous that I wonder if it's only an insignificant number of people who would notice? The government's certainly not going to complain if they walk, although I wonder what that actually means given that surely they can operate from outside the country?

    • Interesting.

      My initial reaction is that they would not "walk" but be "kicked out" for not complying with the law of the land.

      It reminds me of the likes of Google and Facebook in mainland China. They choose not to comply with the law of the land and so are not allowed to operate their illegal services there.

      However, last I heard, the UK does not have a Great Firewall to prevent such illegal services from being offered from "overseas".

      Does this prospect mean that the UK would implement such a "firewall" or wi

      • The UK does have a 'Great Firewall'. But it does not filter content as aggressively as China's version.

        The UK has operated a system known as 'cleanfeed' [wikipedia.org] since 2004 to block child pornography. It currently operates using a number of methods [bailii.org]:

        DNS name blocking, IP address blocking using routers, Deep packet inspection-based URL blocking, Two-stage system (IP followed by DPI blocking).

        There's other UK-wide internet filtering (eg various bittorrent sites), but cleanfeed is the most comprehensive one.
  • I was wondering if they opened your letters in the UK to read your mail to look for pedophiles?
    They can't do this in the US.
    Looks like they want to invade your privacy just because they can.

  • Couldn't they just scan the encrypted chat and say they found nothing matching abuse images etc, there by complying with the law and not risking their encrypted messages. After all when it's encrypted it's not readable in traditional ways until it is decrypted.

  • There's no need to surveil everyone & ignore their right to privacy. If police suspect someone is doing something illegal, they can get a warrant to surveil & search suspects' phones. It's not as if police & security agencies don't have the capability or a history of effective wiretapping & discreet search practices. Maybe those laws need to be updated to address newer techniques such as installing surveillance software onto suspects' phones remotely?
  • ... on encrypted apps for child sexual abuse material ...

    "Won't somebody please think of the children" or, rather encryption services might, possibly, someday contain CSAM, is a hot-button topic this year: It's equal to Patriotism as one is not allowed to say the government is wrong. It also denies the fact that CSAM existed before encryption services, so removing these services won't remove sexual exploitation.

    It's easy to find stories of sexual exploitation where the criminals weren't punished so the sudden interest in catching criminals isn't about keeping

  • I keep reading about the insanity of the EU trying to hollow out privacy and encryption on various levels and scanning private data and subjectively it feels like it is completely out of my control and some dark forces just keep trying to push this through every couple of years until the dam breaks.
    I do not even understand the political process and the factions involved and the checks and balances, really. The news just make it sound like this will be happening definitively any day now and we are all under

  • The mooted proposals are for England and Wales - not Scotland or Northern Ireland (because those of us in Scotland and Northern Ireland give fuck all fucks about the UK government). https://www.theregister.com/20... [theregister.com]

You knew the job was dangerous when you took it, Fred. -- Superchicken

Working...