Security Researchers Latest To Blast UK's Online Safety Bill As Encryption Risk (techcrunch.com) 5
An anonymous reader quotes a report from TechCrunch: Nearly 70 IT security and privacy academics have added to the clamor of alarm over the damage the U.K.'s Online Safety Bill could wreak to, er, online safety unless it's amended to ensure it does not undermine strong encryption. Writing in an open letter (PDF), 68 U.K.-affiliated security and privacy researchers have warned the draft legislation poses a stark risk to essential security technologies that are routinely used to keep digital communications safe.
"As independent information security and cryptography researchers, we build technologies that keep people safe online. It is in this capacity that we see the need to stress that the safety provided by these essential technologies is now under threat in the Online Safety Bill," the academics warn, echoing concerns already expressed by end-to-end encrypted comms services such as WhatsApp, Signal and Element -- which have said they would opt to withdraw services from the market or be blocked by U.K. authorities rather than compromise the level of security provided to their users. [...] "We understand that this is a critical time for the Online Safety Bill, as it is being discussed in the House of Lords before being returned to the Commons this summer," they write. "In brief, our concern is that surveillance technologies are deployed in the spirit of providing online safety. This act undermines privacy guarantees and, indeed, safety online."
The academics, who hold professorships and other positions at universities around the country -- including a number of Russell Group research-intensive institutions such as King's College and Imperial College in London, Oxford and Cambridge, Edinburgh, Sheffield and Manchester to name a few -- say their aim with the letter is to highlight "alarming misunderstandings and misconceptions around the Online Safety Bill and its interaction with the privacy and security technologies that our daily online interactions and communication rely on." "There is no technological solution to the contradiction inherent in both keeping information confidential from third parties and sharing that same information with third parties," the experts warn, adding: "The history of 'no one but us' cryptographic backdoors is a history of failures, from the Clipper chip to DualEC. All technological solutions being put forward share that they give a third party access to private speech, messages and images under some criteria defined by that third party."
Last week, Apple publicly voiced its opposition to the bill. The company said in a statement: "End-to-end encryption is a critical capability that protects the privacy of journalists, human rights activists, and diplomats. It also helps everyday citizens defend themselves from surveillance, identity theft, fraud, and data breaches. The Online Safety Bill poses a serious threat to this protection, and could put UK citizens at greater risk. Apple urges the government to amend the bill to protect strong end-to-end encryption for the benefit of all."
"As independent information security and cryptography researchers, we build technologies that keep people safe online. It is in this capacity that we see the need to stress that the safety provided by these essential technologies is now under threat in the Online Safety Bill," the academics warn, echoing concerns already expressed by end-to-end encrypted comms services such as WhatsApp, Signal and Element -- which have said they would opt to withdraw services from the market or be blocked by U.K. authorities rather than compromise the level of security provided to their users. [...] "We understand that this is a critical time for the Online Safety Bill, as it is being discussed in the House of Lords before being returned to the Commons this summer," they write. "In brief, our concern is that surveillance technologies are deployed in the spirit of providing online safety. This act undermines privacy guarantees and, indeed, safety online."
The academics, who hold professorships and other positions at universities around the country -- including a number of Russell Group research-intensive institutions such as King's College and Imperial College in London, Oxford and Cambridge, Edinburgh, Sheffield and Manchester to name a few -- say their aim with the letter is to highlight "alarming misunderstandings and misconceptions around the Online Safety Bill and its interaction with the privacy and security technologies that our daily online interactions and communication rely on." "There is no technological solution to the contradiction inherent in both keeping information confidential from third parties and sharing that same information with third parties," the experts warn, adding: "The history of 'no one but us' cryptographic backdoors is a history of failures, from the Clipper chip to DualEC. All technological solutions being put forward share that they give a third party access to private speech, messages and images under some criteria defined by that third party."
Last week, Apple publicly voiced its opposition to the bill. The company said in a statement: "End-to-end encryption is a critical capability that protects the privacy of journalists, human rights activists, and diplomats. It also helps everyday citizens defend themselves from surveillance, identity theft, fraud, and data breaches. The Online Safety Bill poses a serious threat to this protection, and could put UK citizens at greater risk. Apple urges the government to amend the bill to protect strong end-to-end encryption for the benefit of all."
that's the point (Score:1)
the thin edge of the wedge to prevent private communications between two parties.
trying to end whistleblowing and investigative journalism.
The easiest means (Score:2)
The UK government obviously likes the US policy of no rights to privacy but they can't undo the privacy laws the UK already has. No encryption means it is possible to impersonate anybody, and as Zoom proved, any conversation can be infiltrated.
There is no technological solution ...
When the US outlawed images of naughty schoolgirls, US media responded by banning all nudity. Similarly, Apple and others can respond with "it's not our job to detect criminals" and obey the law by the easiest means, removing all apps with end-to-end privacy: I susp
Re: (Score:3)
The UK government obviously likes the US policy of no rights to privacy but they can't undo the privacy laws the UK already has.
The US and the UK are part of the same illegal surveillance network [wikipedia.org] and as such this is bigger than just the UK's concerns. All members of five eyes are fundamentally anti-freedom, anti-rights, and anti-privacy. A big part of what they do is collect information and hand it off to one another in order to bypass privacy laws.