Surveillance strategies in the UK and Israel often go global
These people are clueless
they are evil, not necessarily clueless.
What is the fundamental difference. Evil men and arrogant idiots might as well be the same thing.
Ironically that’s kinda the argument being made in the document above
it shouldn’t be different but focusing on the ‘they are idiots’ fallacy completely misdirects blame and disencourages deeper critical thought.
the real misdirection is focusing on individuals and their blame. The real question is why does UK political system produces these people rule and how do they keep ruling.
Both parties were captured by the aristocracy/super rich, call them what you will, and they support a total surveillance of a population they obviously fear and want tools to persecute as they see fit. Starmer is a perfect example of this, he’s done more damage arguably than the tories did in over a decade. Their betrayal of the country will throw the elections to the far right too, that is the only protest vote against the status quo, and they will affix themselves in power and implement even worse privacy.
A popular reform party would fix the problems but the aristocracy is too greedy and arrogant for that, thinking they can control a far right party or otherwise shut them out electorally indefinitely and continue to sell out the public to the rich, even as discontent is increasing and the plutocratic rot is visible on the surface and spread throughout the whole.
sure, focusing on how dumb they are isn’t very condusive to discussing the intricacies of capitalism.
seriously though, they do have a plan. we need to figure out ours.
They don’t care how it affects normal people’s lives or what we sacrifice to pay for their incompetent leadership.
It doesn’t affect just normal people, but when you make encryption weaker, the foreign state (i.e. bad actor) surveillance also benefits.
It denies normal people the ability to retain their privacy from corporate and government surveillance.
Which is exactly what any government these days wants.
“Never attribute to stupidity that which is adequately explained by malice.”
or something like that…
Its quite explicitly malicious. If you do anything they think is not in national security interests: treason.
No way this lasts or holds up to basic scrutiny. End to end encryption is a de-facto standard for so fucking much technology.
Like fucking HTTPS.
Well if they commit to this, it will never affect “e2ee” options that collaborate with feds e.g. whatsapp, imessage. If you can kill Refaat Alareer with it rest assured you will be able to keep it in your phone anytime
Yes, the trick is to outlaw it entirely then enforce the law selectively against those whom you find politically awkward.
So literally everyone in the UK using any website that uses TLS is now a hostile actor?
Essentially everyone’s a criminal which is a huge boon for the government. They can now get rid of anyone they want at any time, legally.
That’s what the governments in 1984 could do as well.
That is longstanding, the US and the UK both have been writing laws broadly enough for them to take down anyone for them, or at least charge, we all just trust it won’t be abused, but as we’ve seen with the uk and their bad faith terror designations, that trust is misplaced, and the mask is coming off society. They aren’t pretending anymore, and cynically think “democracy” such as it is, is already dead in all but name, it’s only the citizenry that doesn’t know it yet, and or is contesting it.
TLS is not typically considered end-to-end encryption. It’s transport encryption.
Do they strictly define end to end encryption in this bill?
If not, then yes, TLS is “end to end” as the sender encrypts the message, and the receiver decrypts it. Each “end” to each “end” is encrypted, satisfying the semantics of the term.
I don’t get it. E2ee is about encryption in transit not encryption at rest. TLS sounds exactly like e2ee
E2E is about the sender encrypting, and only the intended receiver decrypting, with nothing in the middle able to read the data.
TLS is not designed for that, as the server you connect to is not necessarily the intended receiver, yet it can see everything.
With E2E, you can send data to a server, which is not the intended receiver, and it won’t be able to read it.
Your explanation assumes that scope and scale are part of the definition which it is not.
If you keep zooming in or zooming out the definition of E2E keeps changing under your statement.
If the only knowledge a system has is between a sender and a receiver (Which satisfies even your definition of “intended recipient”) then TLS is E2E encrypted.
The definition of E2EE has evolved since the concept surfaced. You seem to be stuck with the original meaning.
TLS does not fit the modern definition.
Yes the technical term has evolved but did the term evolve in the legislation definition of it?
If not, then the technically correct usage doesn’t matter which is a point I’ve made in another comment as well.
And in my previous comment, I am pointing out the logical inconsistencies. Not that I agree or disagree with the technical terminology. You seem to be conflating a logical explanation/call-out of logic holes for my opinion, which it is not
Removed by mod
Was this written by a native English speaker?
It’s hard to take seriously with so many grammatical errors
It’s called legalese.
No, beyond the legalese. For example, the comma placement in:
which, unknown to them threatens,
The comma should go after “them”, because “unknown to them” constitutes the entire aside.
If you delete the aside in this, it reads “which national security”, whereas it should read “which threatens national security”.
This is just the first one I found; I didn’t go hunting for them. It’s one of those grammatical mistakes that actively ruins the cadence of the sentence as you read it in your head.
And worse mistakes:
where there must be at least possibility that
I have complete sympathy for non-native speakers writing papers, but it also raises the question of whether they properly understand the source material they’re referencing.
I will inform you that this excerpt is correct English. There needn’t be an article like “a” or “the” before “possibility”. It reads awkwardly in everyday language, but that really is just innocent “legalese” phrasing.
Thanks for the correction. Rereading it I can kind of see if they mean possibility as an abstract concept, so I’ll take the L on it.
But I still maintain it’s a pretty fucked way of phrasing it.
That is perfectly grammatical English, especially in legal texts.
what the fuck mate. Just take a shit on your citizens and wonder why the largest empire in the world now sucks off an orange paint face micro dick to make sure people still recognize they might be someone…
What document is this from?
It’s a screenshot of this report from a review of the UK’s security and terrorism legislation, published in December.
TechRadar article discussing the specific encryption issue here.
I was skeptical given the grammar issues others have pointed out but it seems legitimate.
I would like to know too please
I found it:
It’s an independent review of some UK laws concerning national security, and the reviewer is warning that the laws could be used against people unfairly. Note the last sentence of the section: “Serious responsibility is put on police to use the power wisely.”
Engagement in Hostile Activity
6.16. Under Schedule 3 a person may be engaged in hostile activity even though unaware that their activity is hostile activity[footnote 428].
So a person could be examined on account of their wholly inadvertent and morally blameless conduct.
Examples could include a journalist carrying confidential information whose significance to national security he did not understand, or the victim of planted material. The examining officer could act if there was no possibility that the person was aware that its dissemination might be in the interests of a foreign state, or even that they were carrying the material.
The Code of Practice to Schedule 3 refers to the innocent dupe, who “…may believe that they are working for a legitimate business, or charity, which is in fact being utilised specifically for the purpose of espionage”[footnote 429].
6.17. Since hostile activity does not require any knowledge or tasking by a foreign state[footnote 430], the phenomenon of double-ignorance could arise. A person may be engaged in hostile activity if they do something which, unknown to them threatens, national security and which is in the interests of another State, also entirely in the dark. For example:
The developer of an app, whose selling point is end-to-end encryption which would make it more difficult for UK security and intelligence agencies to monitor communications. It is a reasonable assumption that this would be in the interests of a foreign state even if though the foreign state has never contemplated this potential advantage.
The lobbyist for a foreign firm, who seeks to persuade an electronic chip manufacturer to build its factory in France rather than the UK. This would engage the UK’s economic well-being in a way relevant to national security even though France is entirely unaware of the lobbying and the lobbyist is only doing his normal day job.
A journalist carrying information that is personally embarrassing to the Prime Minister on the eve of an important treaty negotiations affecting UK security interests.
6.18. In each of these cases the motive of the app developer/ lobbyist/ journalist may be more sinister than first appears, so permitting an officer to examine whether the individual is a witting or unwitting agent of a foreign state might be described as necessary in the right circumstances. Serious responsibility is placed on police to use the power wisely.
Awesome, thanks!
Makes me want more E2E encryption.
If I were to send a physical letter written in code that can only be decrypted with a cipher would I now be breaking the law?
What about radio or telephone conversations in code?
Can I still password protect my zip files or encrypt my NAS or PC before boot?
If so we should all start sending cryptic sounding gibberish around the world. Like from random lists send emails to foreigners with some random gibberish like product codes written in that look like encrypted messages, xg0-fs39450, or whatever, just as a form of protest.
if im alone in my car, i’ll just start talking gibberish or about that time i kicked a cyber-dolphin through the moon. just in case the man is training some ai on what my phone’s microphone picks up.
The speedquack cyrocrunk failed, need pryoram ciclicogram asap,
According to this legislation, using https is against the law.
Can’t wait to hear about all the upcoming data breaches. RIP all your medical records…
Fuck this shit. The UK is not longer a free country. And fuck Israel even more for their damned work over the decades to make this possible.
it never has been a free country
Now that I think about it you are right.
Even the US used to ban the export of strong encryption algorithms. You used to have to download the stronger encryption algorithms separately. https://en.wikipedia.org/wiki/Java_Cryptography_Extension
I remember in the 1990s when you went to download Netscape you could only use the 40-bit encryption if you were in Europe, not the 128-bit encryption people in the USA could use.
Our governments are hostile. Act accordingly.
Yes I am a hostile actor. We are not property! Fight back!
Does the government have the right to monitor any and all communications corporate, private or political?
No. Whether they believe otherwise or not.
“…would make it more difficult for UK security and intelligence services to monitor communications…” As if they have a right to do so already.
https has got to go
ROT13 too.
