> He warns that developers of apps like Signal and WhatsApp could technically fall within the legal definition of "hostile activity" simply because their technology "make[s] it more difficult for UK security and intelligence agencies to monitor communications.
Sounds like Let's Encrypt would also fall under that.
This has got to stop. If you want to stop criminals, then focus on their illegal activites, not the streets they walk on. I walk on them too. And don't use CP as a catch-all argument to insert backdoors.
Their big problem here is that previously, it was hard to find people with the same opinion as you. If you couldn't find someone in the same village who wanted to start a rebellion, it probably wouldn't happen. Today, someone can post a Telegram group message and make thousands of people rally to a town square. I see the dangers, and I see why governments think they are doing this to protect the people. No one wants civil war. That is still not a strong enough reason to call road construction a hostile activity.
I'm back in Sweden after 12 years abroad. Time to read up on which parties are sane and which aren't when it comes to technical infrastructure.
> Today, someone can post a Telegram group message and make thousands of people rally to a town square. I see the dangers, and I see why governments think they are doing this to protect the people.
Don't play into their propaganda. Governments don't like it because they're protecting themselves and their power; making it harder for people to find each other and organize and rally is one of many ways governments do that. (There's a reason authoritarian governments regularly shut down cell networks.)
> The U.K. Online Safety Act was (avowedly, as revealed in a recent High Court case) “not primarily aimed at protecting children” but at regulating “services that have a significant influence over public discourse.”
You don't even have to go that far, in Europe, to use a large social network (50M users), and the definition is very broad (WhatsApp is a social network, Telegram, Signal, TEMU, Aliexpress, etc), all users will have to provide their ID to that they are not a minor, otherwise the website can be blocked or fined.
This is to protect minors of course. Did you think about the children ?
Telegram, whether it's true or not, claims they are not a large platform (so if this is a lie, it may really pay off).
Curtains should also fall under the same category because they do make it more difficult for UK security and intelligence agencies to monitor suspect activities. Then of course you also have walls...
The argument is so fundamentally stupid that they should be embarrassed just putting it down in writing!
Both you and the poster above you may be misunderstanding the point that Jonathan Hall KC appears to be making. If you take a look at what he actually writes [1], then it is pretty clear that he is presenting these hypothetical cases as examples of obvious over-reach.
This is a warning from the independent reviewer that the law is too potentially broad, not an argument to retain these powers.
This cuts to one of the critical issues with governance globally in this era. For a really long time, we relied on social norms and mores to keep governments in check - and astonishingly it worked at least a little. Embarrassment was a good proxy for well constituted rules of representation.
What right-wing institutions have noticed all around the world is that you can just kind of ignore all that shit now. Centrists are flailing around begging for an explanation for "how this could happen" and folks on the left, marginalized for years in favor of free markets, are just kind of facepalming and saying we told you so.
You need to put it in writing somewhere that there's a limit on governmental authority and enforce the hell out of it. You need to do the same to clamp down on the power of special interests and corporations. More than anything, you need robust mechanisms that make government representatives vulnerable to the voting public. The people need to be the ones that they scramble to please and when we get mad that should be dangerous and difficult for those holding the reins of government. Their existence needs to depend on the mandate of the public.
It boggles my mind that you think this stuff is being pushed by the right. Expansion of government and surveillance is a hallmark of the left, and indeed this latest wave of surveillance is being pushed by progressive governments in Western Europe and Australia.
Governments of both flavours are ignoring the voting public, for various reasons, e.g. they are signatory to agreements that no longer work for the public but are difficult to break, the public is increasingly economically irrelevant compared to businesses, and, of course, the greedy self-interest of the politicians themselves.
I agree with you on the third paragraph, but it's also the reason that I believe the US will be okay compared to other Western democracies (an opinion I'm not sure you would share, judging by your post). The Constitution is already a thing, and is on its own a declaration that certain rights derive from a higher authority than government. The second amendment in particular is under siege (again, by the left), but does equalize things in a way that many of its opponents are reluctant to admit.
The constitution is being summarily ignored by the current administration. There is a right to trial in there that we've just totally blown past, and the deep integration between party insiders and media consolidation is a sideways assault on the first amendment.
The idea that "they're coming for your guns" is something we can begin to discuss when the first step to curb our mass shooting problem is actually taken. For now, it's a little ridiculous to infer that there's any kind of 'siege' on the second amendment given that we have them all the damn time and they're not slowing down.
I would ask folks in the EU whether they think they're leaning left at the moment. Reading their news it doesn't seem to be the case [0 1 2 3].
Just out of curiosity - in what concrete way do you think the second amendment serves as an equalizer? Do you imagine that the government sees an armed populace as any kind of a threat?
Leaving the left-right debate behind for just a second - I smell that there is something perhaps we may agree on. Representation is fundamentally broken. Even given our ideological differences, how do you feel about direct democracy? I think we'd benefit.
Are you under the impression that corporations and governments of capitalist countries are somehow independent? The ultimate goal of both of them is to have the greatest amount of power over the greatest number of people. They're an extension of one another more than they are independent entities.
> I see why governments think they are doing this to protect the people.
they're not doing this to protect people, they're doing this to ensure there cannot be rebellion against unpopular policies. Organization is harder if all communications is monitored.
But this is how gov't get to be kept in check - the risk of "rebellion". If this risk is removed, you get authoritarian states - see north korea.
I know its satisfying to think of the government as some singular nefarious entity, but the reality is far worse: There is no one in charge. It’s chaos all the way down.
There are a few people in charge, they just don’t advertise the fact. Similar how the ‘Never ascribe to malice that which is adequately explained by incompetence’. These both appear correct to the vast majority of people because of the Pareto distribution of outcomes, the vast majority of people experience the incompetence / no-one in charge and don’t experience the relatively tiny number of events when the competent malevolent people in charge do make their decisions. Consider if you were hosting the Jekyll Island meeting, how many people of what caliber would you invite to be there? And that’s just one of the meetings we know about. Another good one is the involvement of Bohemian Grove in selecting Ronald Regan to run for president. Their motto, "Weaving spiders come not here", like many institutions, describes the opposite of what actually happens there.
No, that's what I was getting at. Thinking "they" are in charge is actually very widespread, with varying opinions on who "they" actually are—whether it's billionaires for you, the Rothschild's for others, or Reptilians for some.
How great it would be to have a select few evil masterminds, a clear enemy to roil against! That isn't reality, though. Would the super-secret council of puppet masters have allowed Trump to become president of the USA (again) and ruin the economy? You'll have an answer to that, obviously. It matters little. Reality is far more complex, shadow masters prefer stability over chaos, and the world is generally full of competing and opposing interests.
A few rich men might hold a lot of power in their hands, I give you that; but unless you limit "the world" to mean an arbitrary smaller region of earth, nobody is in charge of it all.
You're confusing control with total control. Nobody has total control, even the most powerful and rich entities. This doesn't mean, however, that a lot of the policies we see being enacted by governments have not been discussed and promoted by a small number of people in very high positions of economic and political power. You're trying to disprove this well known and easily attested fact with the straw man of total control.
> Consider if you were hosting the Jekyll Island meeting, how many people of what caliber would you invite to be there? And that’s just one of the meetings we know about. Another good one is the involvement of Bohemian Grove in selecting Ronald Regan to run for president. Their motto, "Weaving spiders come not here", like many institutions, describes the opposite of what actually happens there.
That's some pretty classic conspiracy theory stuff. No evidence of anything nefarious, just heavily implied.
I think the saying “the road to hell is paved with good intentions” is more apt.
I think what’s happening isn’t some evil plot to quell opposing voices, but more likely the UK government thinking they’re actually passing laws to reduce rioting and online abuse. And the censorship effects are a side effect of these laws.
Some might consider this opinion naive but take this counterpoint: laws require a majority to pass. So if these censorship laws were written to squash opposing voices, then we’d be dealing with a literal conspiracy involving hundreds of people. I don’t believe all politicians are only in it for themselves (though I do believe many are), so you’d expect at least 1 MP to speak out if such a conspiracy existed.
This. Governments are signatory to a huge number of agreements, and are members of various NGOs. Things start out as being representative of some will of the people, but over time it becomes a millstone around the government's neck if it the arrangement becomes politically difficult at home. And of course, those arrangements often morph to be to the benefit of those in charge.
What happens is that you get arrangements like the EU demanding migration quotas that the populations of various individual countries despise, or an automobile market that gets progressively more expensive as environmental legislation puts ever more pressure on manufacturers. And of course, if you're saving the world, who needs cars anyway? We should all be living Hong Kong style to save the environment, so we need more urban density.
> they're not doing this to protect people, they're doing this to ensure there cannot be rebellion against unpopular policies
Yup. There is a huge amount of resentment about handouts for pensioners, a lot of disagreement with any kind of new 'islamophobia law', anger about actual and perceived reneging on pre-election promises, still a lot of anti asylum-seeker sentiment, anger about grooming/rape gangs etc.
And Labour are worried about Reform making big gains again in local elections next year.
This is about the astonishing lack of ability in the political class in the UK. The security services are honestly wagging the dog and they think they can force some kind of key escrow eventually, but instead they’ll just destroy software development in the UK and possibly financial services.
It’s the same with the multi billion ID cards and digital ID which is almost impossible for a government as incompetent as this one to implement.
And whatever is foisted on the public will be so insecure you’ll have to deal with your identity constantly being stolen, and it being your problem to fix it.
> That would be against everything european governments stand for.
I really struggle to understand why the hell this is always only applied to european governments? The idea to take 1984 as a book of requirements seems to extend *far* beyond europe.
yes, and here is a fun fact, most of the push for mass surveillance comes from the European Council, the thing is that literally are "just" the locally elected leaders...
not some vague far away "the EU (personalized)" thing
which also mean you can locally enact pressure on them
furthermore the EU supreme court(s) might have more often hindered mass surveillance laws in member states then the council pushing for them...
and if we speak as of "now", not just the UK, but also the US and probably many other states have far more mass surveillance then the EU has "in general".
so year the whole "EU is at fault of everything" sentiment makes little sense. I guess in some cases it's an excuse for people having given up on politics. But given how often EU decisions are severely presented out of context I guess some degree of anti-EU propaganda is in there, too.
> mass surveillance comes from the European Council, the thing is that literally are "just" the locally elected leaders...
Factually incorrect.
The European Parliament is elected. The Council is appointed, so there is no direct democratic incentive for the council to act on and no direct electorate to please.
On top of that the actually elected European Parliament can only approve (or turn down) directives authored by the Council. They have no authority to draft policies on their own.
To make matters even worse the European Council, which drafts the policies, has no public minutes to inspect. Which obviously makes it ripe for corruption. Which evidently there is a lot of!
Looking at the complete picture, the EU looks like a construct designed intentionally to superficially appear democratic while in reality being the opposite. The more you look at how it actually works, the worse it looks. Sadly.
In short, there are three core institutions, the "technocratic" European Commission, the European Parliament elected by direct popular vote, and the Council ("of the EU"/"of ministers") made up of the relevant (in terms of subject matter) ministers of the standing national govs. The law-making procedures depend on policy areas etc. but usually in the policy areas where EU is fully competent, the Commission — the democratically least accountable of the three bodies — by default makes the initiatives and negotiates/mediates them further along with the Parliament and Council, but only the last two together really have the power to finally approve actual legislation, usually either Regulations (directly applicable in member states as such — so an increasingly preferred instrument of near-full harmonisation), or Directives (requiring separate national transposition / implementation and usually leaving more room for national-level discretion otherwise as well).
While not fully comparable to nation-state parliaments, the powers of the EU Parliament have been strengthened vis-à-vis both the Commission and the Council, and it's certainly long been a misrepresentation to say that they, e.g., only have the power to "approve or turn down" proposals of the Commission and/or the Council.
There's societal memory of monarchies and kings that held a lot of power that still impacts things to this day, sometimes unconsciously and sometimes consciously.
The NSA is an American body, and Trump is the subject of a personality cult far in excess of any European monarch. Authoritarianism is a personality trait independent of political structures.
it was the EU which had stopped many similar unhinged attempts from the UK when the UK was still a member
similar it had been the EU which had shut down various other surveillance nonsense of the EU
you are basically pretending the EU is a person with one uniform opinion and goals
but it's like the opposite of it, like in a lot of way
it's a union of states, each having a vastly different goals and culture and non of them having a "single uniform opinion" either but (in most cases) a more complex political field then the US (on a federal level)
Furthermore the most influential organ of the EU when it comes to making changes is literally a composition of the elected leaders of the member states. So for most big controversial decisions the driving and directing force isn't "the EU" but but the various elected leaders of the member states. For EU citizens blaming "the EU" instead of blaming your own elected leaders is common, but pretty counter productive, as it's basically pretending you have no power to change things.
Furthermore in the EU you have an additional parliament which (in general) needs to ratify laws and two high courts which can (and in context of mass surveillance repeatedly have) shut down misguided "laws", including in many cases local attempts at mass surveillance laws.
So while some parts of the EU have consistently pushed for mass surveillance in recent years other parts also have consistently moved against it.
In general while the EU needs a lot more transparency and some more democratic processes in some aspects a lot (not all) of the "stories told to make the EU look dump/bad" have a lot of important context stripped from that (like e.g. that a lot of the current push for surveillance comes from the locally elected leaders not the EU parliament or some other abstract "the EU" thing, it's your own countries leader/lead party(1) which does or at least tolerates that shit).
> blaming "the EU" instead of blaming your own elected leaders
The elected leaders like to blame the EU (or for those without an EU - any external body or even the mythical deep state) for everything adverse. The reality is these "failures" they blame on someone else are generally in alignment with their own policies goals and objectives.
Yes, there are governments that are worse than European, but the decline of European government is the fastest.
You may be surprised that the UK is the world leader in the number of people arrested because of internet posts. And that Germany, which is still way behind the UK, has more people arrested for the same reason than Russia, China, North Korea, Iran, Belarus, Saudi Arabia, and a few others combined.
And many people still believe that those countries are beacons of democracy while the others are backward dictatorships.
For people too lazy to click, the second post was:
> I think it’s time for the British to gang together, hit the streets and start the slaughter.
> Violence and murder is the only way now. Start off burning every migrant hotel then head off to MPs’ houses and Parliament, we need to take over by FORCE.
I'm not sure what the punishment for such a clear but ineffective incitement to violence should be, but it shouldn't be nothing.
The US has a three part test[1] for what constitutes incitement:
- intent
- imminence
- likelihood
If the UK had speech protections like the US (which I wish they would) then it would fail the imminence and probably the likelihood tests (you rightly note that it is ineffective).
It didn't happen in the US though, so that's neither here nor there. America's political system is not some benchmark that the rest of the world needs to judge themselves against.
This is definitely not a crime in the US per the US Supreme Court. Several additional conditions not in evidence are required for speech of this type to fall outside of First Amendment protections.
> Several additional conditions not in evidence are required for speech of this type to fall outside of First Amendment protections.
Perhaps your point would be clearer if you indicated what specific conditions you believe are missing. Maybe the tweeter had no followers? Idk, I can only vaguely guess at what you're referring to.
> Yarwood replied: ‘Head for the hotels housing them and burn them to the ground.’
That's terrorist speech tho. My problem is that everyone can reasonably get on board with banning speech that indicates violent action, and that the reliance on "muh free speech!!!" has been a net negative for actually defending the right of people to have privacy, because people rely on that sans any other (better) arguments.
The decline of the US government is the faster than "Europe", because it's been declining rapidly in a few months. The US government currently has a monthly quota for ICE arrests. ICE agents racially profile people and ignore non-white people telling them they are US citizens because they assume they are lying. Non-white US citizens need to have papers on them that prove their status (US citizen), or else might be disappeared. The US government now bans immigrants from a list of dark skin countries but fast-tracks White South Africans for immigration. It politically persecutes their political opponents and ignores the rule of law. It is preparing for war with Venezuela, which would conveniently tie up US resources as Russia positions itself for entering Europe.
The UK is rapidly declining as a close second, but calling it "European" (especially when UK citizens see themselves as non-European) is just a lazy generalization.
> I don't understand why you got heavily downvoted.
Because his post contributes nothing to the discussion.
> Yes, there are governments that are worse than European, but the decline of European government is the fastest.
What makes it the fastest?
> You may be surprised that the UK is the world leader in the number of people arrested because of internet posts. And that Germany, which is still way behind the UK, has more people arrested for the same reason than Russia, China, North Korea, Iran, Belarus, Saudi Arabia, and a few others combined.
Don't know about you but I'd rather be arrested for posting something in EU then be disappeared in any of the countries that you mentioned.
> And many people still believe that those countries are beacons of democracy while the others are backward dictatorships.
That is because Germany and UK are beacons of democracy when compared to the countries that you listed.
The UK arrests 12k people per year for social media posts, using vague laws to undermine free speech. Here's the citation from the EU parliament itself [1], since I doubt you'd believe non-government sources.
> That is because Germany and UK are beacons of democracy when compared to the countries that you listed.
Read my comment again. The fact that the UK and Germany are in some aspects still better than the ones I mentioned doesn't make them beacons of democracy. It's sad that those countries declined so fast that we are now comparing them.
> The UK arrests 12k people per year for social media posts, using vague laws to undermine free speech.
A spokesperson for Leicestershire police clarified that offences under section 127 and section 1 can include any form of communication and may also be “serious domestic abuse-related crimes”. [1]
It seems misleading to count arrests related to domestic abuse as "anti-free speech".
It seems very politically convenient to be able to hide that one number behind the other. To obfuscate something highly controversial by making it artificially conflated with something everyone would agree on with.
This is what governments do when they want to avoid public scrutiny. This is not the win you are looking for.
It would indeed be better to have the separate counts. It's also wrong to attribute to only one case what is a actually a larger category, unless there is actual evidence that it's the overwhelming majority anyways. Both can be true at the same time.
I'm not trying to win anything, and I do support privacy. I just think any argument, especially those citing specific numbers, should be based on an accurate description of reality.
>> The UK arrests 12k people per year for social media posts, using vague laws to undermine free speech.
> This doesn't mean anything in isolation.
It's pretty good proxy for freedom of speech, one of the features without which democracy is not possible.
>> Here's the citation from the EU parliament itself [1], since I doubt you'd believe non-government sources.
> Do we know each other?
Probably not, but I can smell a state believer when I see him.
> No, but there aren't many that are much better so when you take all of that in to account, yes UK an Germany are beacons of democracy.
If they are, it's a pretty low baseline. They are but a shadow of what they once were.
>> It's sad that those countries declined so fast that we are now comparing them.
> I already asked this but by what metric are they declining faste?
The article I posted has a link [1]. There you can see the number of people arrested went up from 5502 in 2017 to 12183 in 2023. It's a pretty sharp decline in freedom of speech.
The problem here is that contextually you are falling into the trap of "talking about committing a terrorist act" as being relevant to "having private communications", and in the process you are conflating the two. This means you are falling into the trap that the UK government intentionally creates to suppress privacy — within a reader's head, now the two are related. This also means you haven't had to develop any arguments other than "muh free speech!" with respect to why having private communication is important.
The second problem is that American conservatives have framed Nazi speech as a free speech issue, so to an onlooker who is not in the USA, when people talk about "free speech", it comes across as someone defending someone's right to say incredibly harmful, violent things about Jewish people, Transgender people, and so on. I think for most people outside of the USA (and, to be honest, most minority populations within the USA) you should consider "free speech" as being an incredibly tainted phrase for that purpose.
The flipside of all of this is that fascism is very, very possible even with freedom of speech (actually it seems to rely on it, given how virulent the spread of outright Nazi rhetoric has been in the USA so far). Freedom of speech is not the sole thing that holds up a democracy and it weakens your arguments for you to rely upon it like this.
> American conservatives have framed Nazi speech as a free speech issue
The famous US Supreme Court case[0] that explicitly confirmed that "Nazi speech is free speech" was brought to the court by the ACLU[1], a left-leaning organization that defends things like LGBTQ rights. Your take is completely divorced from factual reality.
American conservatives aren't "framing" it. They are restating what the US Supreme Court has already determined in a case brought to the court by the liberal left. This is a principled defense of free speech that has historically been supported by people across the political spectrum.
You completely missed the point of what I wrote and ignored the majority, just so you could claim that Nazi speech is actually a left-wing issue — which is not a claim I think many people outside of the USA would agree with.
I do not think you understand the optics of how this looks outside of your USA-centric echo-chamber audience.
>"That is because Germany and UK are beacons of democracy when compared to the countries that you listed."
Give them a little time. They'll catch up. Comparatively to what the UK used to be it is sliding down, more and more. One should be more concerned about what is happening in their country rather than consoling themselves that there are worce places.
No one is getting 20 years for tweet content in the UK like they are in Saudi Arabia. No grandmother is being arrested for holding up a blank sign like in Russia. I can go on just with the reported stuff from memory for an hour wrt Iran, North Korea and China. I don't even know how many books it would take to read to learn of all the examples worse that aren't.
Look I think there are problems with the UK's policy here, but this comment is either disingenuous or naive.
The UK is not part of the EU, and its security services are barely affiliated with it. That all ended with Brexit.
It's absolutely hopeless at protecting citizens from foreign threats.
95% of the arrests aren't actually arrests. The police send you a polite letter, you write a polite response, and at least 90% of the time the case is dropped.
Compare with various authoritarian dictatorships where if the police turn up at your door you're unlikely to survive.
And - unlike the US - no one is hauling random British brown people off the streets and sending them to prison camps.
The UK does have a far-right party desperate to end judicial oversight and remove legal protections from torture, etc, by ending support for the ECHR.
There's currently a huge online campaign, funded in part with foreign money and supported by most of the British press (foreign billionaire owned...), to make their far-right dictatorship seem like a political inevitability.
It isn't. But they're trying really really hard to pretend otherwise.
Putin is also really, really pissed at the EU for taking Russian money and using it for defence and reparations.
But - you know - if you start a war because you're a grandiose psychopath, that's what happens.
> 95% of the arrests aren't actually arrests. The police send you a polite letter, you write a polite response, and at least 90% of the time the case is dropped.
Bahaha, as if that's any better.
Guess cops showing up to your door for being mean to someone online is just an inevitability when there is no "second amendment" equivalent in said country.
Sad state of affairs, if they weren't british I'd almost feel bad.
> If you want to stop criminals, then focus on their illegal activites,
I don't think their real intention is to stop criminals, it's just the smoke screen similar to ChatControl and other similar legislations prohibiting privacy elsewhere.
Governments always focus on the tools and not the people. Troubleshooting and resolving the root cause requires work. They do not get paid to work or care meaning they could sit on their hands and still get paid.
> they could sit on their hands and still get paid
Could? I know of government employees who literally cannot do their job, yet somehow they've been employed for over twenty years. When I say they can't do their job, I mean they have to ask coworkers how to do something that is and always has been a job requirement, and they have to "ask for help" every time. People are actually enabling massive amounts of waste and inefficiency.
Then there are those who don't even have work to do, and will take offense if you ask them to justify their continued employment. As though they are owed a position in the organization tomorrow just because they have a position in the company today.
Indeed. I work with governments all over the United States from federal, to states to counties, and even to larger cities. This is a consistent pattern I see as well. We have senior IT people who don't even know basics about firewall configuration. In one place, I waited 2 weeks for the IT person to figure out how to even get into the firewall configuration. Then they proceeded to completely screw it up in obvious ways, and then once we got the firewall completely configured, we could not get the app to work. It took another 2 weeks, and burned 40 hours of engineer time on our side, before somebody on their end realized that they had modified the wrong firewall!
I wish I could say that was an unusual experience. In another jurisdiction it took two months and we finally got to the point where even providing specific coaching telling them that it wasn't working because they opened the TCP port numbers we said instead of UDP, even though UDP was heavily emphasized. The stonewalling and constant battling ended up delaying our launch to the point where the decision makers decided to just can it instead of fight with their own IT organization.
Now that said, I have worked with some truly incredible and brilliant people on the government side. There definitely are some fantastic people that work for the government. Unfortunately they seem to be in a minority.
I wish I could say that was an unusual experience.
It sure is not. I'm not going to list all the examples I know as embarrassing some departments does not end well but I have to share this one. I tried to email someone at the California DMV a couple decades ago. My email bounced and I got a strange routing error. I assumed the problem was on my end. The first thing I did was dig their MX records and what did I get? 2 MX records with RFC1918 address space (10.0/8). I managed to get through to a real person on the phone and that went nowhere. They eventually fixed it some months later but they probably enjoyed the email silence.
Another one involved a 3 letter agency that should know better and could not figure out how to install an intermediate certificate on their website. They expected me to instead install their certificate on all of our servers and got mad & huffy puffy when I refused. I am not naming them but after a couple years they figured it out.
I don't believe there is an easy fix though. The government will prioritize retention because it promotes institutional stability while at the same time offering low pay (and not just low pay but often a complete lack of flexibility regarding pay) because the electorate demands it.
Which means that the truly good people are basically quirky people with strong work ethic/believe in the mission that happened to join the organization for some reason.
You seem to think this is somehow specific to government. It is not. And, no, the market does not eventually destroy the organizations where it happens.
> Today, someone can post a Telegram group message and make thousands of people rally to a town square. I see the dangers, and I see why governments think they are doing this to protect the people.
Yes. Previously this capability was reserved for the CIA.
> Today, someone can post a Telegram group message and make thousands of people rally to a town square
The "fun" part of this is that the person writing the message on these apps might not even be a local person involved, but some person far away in another country just trying to stir up some shit.
So you still believe that system which gives people less freedom with every new regulation would solve anything by contributing to it? Shouldn't we abandon the idea of giving our repsonsibility and power to uknown electorate?
I agree with your point and this is just a minor thing but it annoys me whenever it comes up:
Telegram is a terrible example. It is one of the few messengers that do not support end-to-end enrypted group chats. It is also heavily moderated. Your group will not be closed immediately but before anyone could pick up their pitchfork and certainly before it reaches a critical mass.
> Today, someone can post a Telegram group message and make thousands of people rally to a town square. I see the dangers, and I see why governments think they are doing this to protect the people. No one wants civil war.
The solution for government is simple: stop being scumbags whose only purpose is making people's lives more and more miserable by optimizing for total control and corporate profits.
I wonder if architects should be prosecuted first making non-transparent building structures making the observation of people very very hard for those puny security and intelligence agencies! Architects, you bastards! You aid and abet criminals!
Don't get me started on locksmiths, oh the horror!
I know this is about UK (where I am a foreigner living for almost a decade).
But why are pretty much all governments universally inept? It's not only the UK but US gov has also pushed for this and plenty of other stupendously stupid ideas or decisions - and plenty of other governments (well, all of them) besides.
It leads me to believe that our species is incapable of leading itself, that we are incapable of choosing good leaders.
When you look at the pay available in the UK government for this kind of work you'd understand. Interns at financial firms get paid more than the most senior technical staff in government.
The first one is the best one, but it only works well with an educated population. Unfortunately, many democratic countries have lost that key ingredient.
What makes you think this is ineptitude? They know exactly what they're doing.
The mistake HN commenters make is thinking "But TLS is encryption too! They can't ban Signal without also banning TLS!". They absolutely can if they want to.
> Developers of apps that use end-to-end encryption to protect private communications could be considered hostile actors in the UK.
So say if my UK friend connected directly to my PC with SSH/RDP, both uses end-to-end encrypted link, to chat with me using `wall`, `write` or Windows Task Manager, then all of sudden this is a hostile and Mr Big Ben will just launch laser at me to burn me to death. Wow, this is just messed up.
Someone should check the cognitive of those lawmakers, because these guys are clearly not good at their jobs. If such they failed to understand such simple concept, how can they understand much much more complex construct such as society?
Please read the report linked in the article. This in not a policy announcement. This a report from a government-appointed official illustrating that there is a theoretical possibility that the current legalisation may be interpreted in a way they didn't intend.
> So say if my UK friend connected directly to my PC with SSH/RDP, both uses end-to-end encrypted link, to chat with me using `wall`, `write` or Windows Task Manager, then all of sudden this is a hostile and Mr Big Ben will just launch laser at me to burn me to death. Wow, this is just messed up.
No, because nobody is using those systems to communicate at scale to try to destabilize a government.
Governments often equate any opposition to "destabilizing"; don't let them. Yes, there are real information-warfare efforts in the world to destabilize governments and societies. There are also far more people who are trying to organize, and rally, and communicate about issues they care about.
Developers of apps that use end-to-end encryption to protect private communications could be considered hostile actors in the UK. <-- HTTPS does this. What about secure sites like baking sites that encrypt end-to-end? Old farts making laws about things they know nothing about.
>>> Old farts making laws about things they know nothing about.
We should probably stop saying and believing that. This is basically the UK government making a deal to the developers they cannot refuse: cooperate (install backdoors) or get prosecuted. The French tried to do something similar not so long ago.
A decade ago politicians genuinely didn’t know much about the internet so most of the laws were terribly ill informed good ideas. The new sweep of internet legislation like chat control, age verification and banning of vpns are much more dangerous because those pushing know exactly what they are doing.
Exactly this. I do not think this is a case of Hanlon's razor. Assuming incompetence or stupidity of the government officials trying to push for is very dangerous.
Why worry about E2E encryption, in theory just need a cert issued from a vast array of CAs or intermediates. Which I wouldn't be suprised they possess the ability through some type of secret warrant, heck even private keys.
Browsers now require it to consider a certificate valid. Firefox, Chrome, and Safari all require a certificate to include proof of being logged in CT logs.
It makes a lot of sense. Whoever wants to continue developing "these apps" will do it privately, and sell the service to those who want to keep doing things in hiding. Well done, watchdog!
So again, it just harms the general public, while making it harder to catch criminals.
It's simpler than that. OSS strong encryption tools are available than anyone can run on the command line to encrypt their messages, which can then just go as attachments via email, whatsapp, etc. No new developers required. And as you say, the general public have to suffer with weak encryption while those who really want to encrypt do so regardless.
Not to be hysterical but when will publicly talking about, or publishing tutorials on how to use such tools get you in hot water for "promoting hostile activities"?
Actually it opens them up to being phished by the government. There have been several high profile cases where because of searching for custom communication services, groups ended up being vulnerable.
>How many cases have there been of groups successfully finding and use private communication services?
Probably a lot, given how booming the illegal drug market is. Obviously you don't hear about the successful ones, you only hear about the incompetent ones that get caught.
The authorities here (UK resident) are already pushing hard for as much authoritarianism as they can get. They are also increasing prison capacity and the two tier system is a genuine thing with public services collapsing.
Police militarization, drones, army unit investigating private civilians, digital powers widening... I am more scared of the government than I am of local paramilitary forces at this point.
It may be enough to swing my vote towards Irish unity given the topic will be forced within my life time.
The two tier bit is Palastine action people being in prison for up to two years before getting tried, being on hunger strike without much reporting in the press.
>> They are also increasing prison capacity and the two tier system is a genuine thing with public services collapsing.
What utter nonsense. The prison system was so full that when the current party got into power they had to start releasing people years early to free up space for newer offenders. That is why they're trying to improve capacity and that's not expected to happen for several years.
Removal of Jury service for certain crimes says it all, seeing this happen in the wake of Palestine Action is considerably disturbing, if I were a conspiracy nut I'd argue these things are being done to please Israel.
Irish unity will never happen. Not even sure where that came from.
People can make random accounts named after Shrek making weird claims that immediately gets upvoted. The mass astroturfing you see everywhere on the internet now has made it shit.
There are quite a few comments below complaining about the headline - happy to change it, but I'm in a meeting trying to figure out more about https://news.ycombinator.com/item?id=46301921 for the next bit.
Can someone suggest a better title? Better here means "accurate and neutral, and preferably using representative language from the article".
"Independent review of UK national security law warns of overreach" - this, apart from the addition of "UK", is verbatim from the article and much more accurately describes the event being reported.
This, btw, is exactly what we look for when doing a title replacement:
> verbatim from the article and much better describes the event being reported
That's what I usually call "representative language from the article" (https://hn.algolia.com/?dateRange=all&page=0&prefix=true&que...). The idea is not to invent new wordings, but rather to find the place where the article 'confesses' what it is really about.
Broadly-defined "hostile acts" in UK national security law
Reasoning:
* Original report behind the article: "State Threats Legislation in 2024" [0], i.e., UK national security law
* Article focuses on an example from section 6.17 where developing an encrypted messenger app is given to show how broad the definition of "hostile act" is
* Snippets from the article:
> In his independent review of the Counter-Terrorism and Border Security Act and the newly implemented National Security Act, Hall KC highlights the incredibly broad scope of powers granted to authorities.
>
> He warns that developers of apps like Signal and WhatsApp could technically fall within the legal definition of "hostile activity" simply because their technology "make[s] it more difficult for UK security and intelligence agencies to monitor communications."
"Creating apps like Signal could be considered 'hostile activities' under new Counter-Terrorism and National Security Acts, UK watchdog warns"
The language changes here are slight (claims -> warns) and includes more context about the reason this watchdog is speaking out (current debates around the Counter-Terrorism and Border Security Act, new implementation of the National Security Act), using language from the first 4 paragraphs (may be considered, could be considered, stark warning, report warns, etc).
You could also leave out the specific names of the acts—they're not super helpful to me as a non-UK news consumer, but I suspect they might be more crucial to someone who's tapped into the UK political news cycle:
"Creating apps like Signal could be considered 'hostile activities' under new laws, UK watchdog warns"
Although I'm not actually sure how much the watchdog is "warning" here, despite the article claiming it is. The language from the report is the following:
6.18. In each of these cases the motive of the app developer/ lobbyist/
journalist may be more sinister than first appears, so permitting an officer to
examine whether the individual is a witting or unwitting agent of a foreign state
might be described as necessary in the right circumstances. Serious
responsibility is placed on police to use the power wisely.
The report doesn't make any recommendations or suggest any changes to the law, it seems to consider that it is good that this could be considered Section 3 "hostile activity". This later part about Schedule 3 investigations also makes this clear:
The Joint Committee on Human Rights was of the view that there was an even greater risk of arbitrary use of Schedule 3 than of Schedule 7, owing to the broader and more ambiguous definition of “hostile activity” (than of terrorism). I would develop the point further:
• For Schedule 7, the examining officer must at least have in mind the possibility that the examined person is morally blameworthy. That arises from the statutory question: whether the individual is a person “…is or has been concerned in the commission, preparation or instigation of acts of terrorism”
• By contrast, under Schedule 3 a lawful examination may take place, with all the intrusion and inconvenience attached, of an individual for whom the question of moral fault does not arise at all.
6.22. Having said this, I am not yet able to draw any practical conclusions from this conceptual distinction. Firstly, most examinations are likely to be directed at the issue of witting or witting participation, which incidentally puts a premium on human as well as digital interrogation. Secondly, the possibility that an examinee is in fact entirely innocent also arises under Schedule 7. I will therefore keep under review whether this needs to be reflected in the Code of Practice, but make no recommendation at this stage.
The encryption debate is the same as the gun debate. The tools are politicized because it's the easy thing for lawmakers to make it look like they're taking action. As the report warns, the deployed laws have negative consequences.
Outlaw all guns and make end-to-end encryption illegal doesn't stop GRU dropping novichok perfume bottles around england.
anybody can buy esim on street(ask llm how to do so) for cash or crypto. anybody can randomly talk on random webrtc domain or use random delta chat email to text.
if somebody really has high income(and high risk) illegal scheme he will not use signal for very bad things.
more, llm can tell exactly do things outlined above.
so chat control is for small(small income) crime and control of ordinary citizens behave well. in this sence it will serve its purpose.
so what is purpose going for signal developers? why not they try to do same with webrtc standard and browsers and llms?
This is a terrible headline, despite being the original.
The "watchdog" is a KC (senior barrister) officially appointed to review the legislation. He's warning that this could be considered hostile activity under the act, which would be a bad thing. In other words, he's criticising the act for being overly broad, a view that most on HN agree with, and his criticisms of it presumably carry some weight, given his official role.
As usual, this has provoked a load of ill-informed knee-jerk rants about the UK government from people who didn't read past the headline. This act is an absolute stinker, but let's maybe criticise what's actually happening rather than some imagined cartoon variant of it.
What an Orwellian name, 'watchdog', for an organization that undermines privacy. They're watching, all right.
edit: I misunderstood the poorly-worded headline. It should have been something like "Creating apps like Signal could be 'hostile activity' according to govt., claims UK watchdog".
Once again, the transparency we do have in the UK is weaponised against it.
You see this with "OMG knife-crime is out of control in London" type stories that the US love to run.
It's because we were :
1. a decade or more ahead of the rest of the world in actually collecting knife-crime stats
2. Include in those stats people who were simply carrying the kind of knife that wouldn't even get you noticed elsewhere, let alone recorded in the stats.
The actual rate of stabbings per capita is higher in the USA than the UK.
And that's even without considering that the weapon of choice in the USA is the firearm.
But you wouldn't beleive it from the headlines.
Back to this story, here we have legislators doing their job of scrutinising, and their open scrutiny is held up against the country.
We could instead have a system where people vote on bills without knowing their contents like the US does.
> Back to this story, here we have legislators doing their job of scrutinising, and their open scrutiny is held up against the country.
> We could instead have a system where people vote on bills without knowing their contents like the US does.
UK MPs are quite capable of voting on things they haven't read, and indeed their individual opinions are irrelevant due to the whip system. Voting against the party is a rare, major event and can be punished by expulsion. The US traditionally had less party discipline, as can be seen from certain non-party-line Democrats.
Per capita is a pretty useless stat. I'm much more interested in why there are particular cities where being stabbed is much more likely than in my rural village, per capita.
Cities are generally worse because that's where the organized crime is, and a nasty spiral of people carrying weapons because other people are carrying them.
Seems very coordinated, like whenever there’s an article on the Trump administration crushing free speech by cutting funding/sanctioning/suing anyone critical of it, it quickly gets flagged into oblivion, but anything the UK and others do gets spun out of proportion and hangs around on the front page for ages.
I am quite possed with the implementation of social control and restrictions that increasingly look like the only purpose is to keep power tight and half-slaving people.
I think we should all massively move to crypto, gold and such things, avoid KYC when possible and show these people that we will not go through their wishes no matter the oppressive laws they try to come up with.
They can put a few in jail. But when we are millions, what are they going to do?
Being hostile to these agendas is becoming a necessity.
It's always been like this. From the official secrets act where they could jail you just for revealing the date of the office Christmas party to D notices suppressing newspapers from publish stories the government thought were to sensitive. MI5 and MI6 acting totally without accountability, with the government not even acknowledging their existence. If anything, things have started to get more transparent now, with a freedom of information act, actual oversight and accountability for the intelligence services and less government. But the default position of the UK government has always been secrecy and the right to do what they want to protect the country.
The public, or at least the section that buys newspapers and gets onto the Question Time audience, seem to be in favor of this. Like a lot of people, they will vote in favor of repression so long as they think it's being done to someone else. Especially immigrants. You can even see it in the comments here.
"Tough on crime" and "tough on terrorism" are magic bullets for winning authoritarian support. That's how people are being persuaded that ECHR is a bad thing.
The UK has been heavily surveilled for several decades, if anything the pace has slowed especially in comparison to the modern US network of CCTV cameras on every doorstep available to the state and "private" survillence apparatus that has taken over.
One of the original motivations for the First Amendment was the UK's surveillance and censorship of American mail; the UK has been a surveillance state for a very long time.
I also can't help thinking people living in the UK now are descended from people who didn't leave for the colonies, or were too rich to need to. Far too many of us just can't be bothered.
Free speech but a president that can deploy the military anywhere in American for no reason. Free speech but an unthinkable number of children murdered in schools on a regular basis for decades. Free speech but bankruptcy if you get cancer. I think I'm alright with the surveillance.
I was amused by the UK TV show Spooks (aka MI5), from the early 2000s - it showed an organization with a ridiculous amount of surveillance and other powers, acting in blatantly partisan ways, but it tried very hard to make that all seem like a good thing.
The underlying argument was essentially the same one used in the US: almost anything is justified if it helps prevent anything they subjectively determine as “terrorism”.
Devolving? Already there. Mostly the public are ok with it because they're ignorant of the facts, believing whatever they read on Facebook, see on GB news[1], etc. and are happy with "if you've done nothing wrong, you've nothing to be afraid of?"[0]
By the time the leopards eat their faces, it's too late.
[0] Much like the people who voted for Trump and are now slated for deportation because 15 years ago they cashed a check that bounced, etc.
[1] Also the BBC has some blame here because if they weren't platforming Farage for years when it was unnecessary, it's conceivable that he wouldn't/couldn't have forced first the Tories and now Labour into their hard-right turns and we'd all be better off.
If anyone wants an honest answer to that question it is fairly simple. Polling has suggested - very consistently and over a long period of time - that a majority of the British public (though often a fairly slim majority) tend to support authoritarian interventions by our governments in the name of protecting the public. Most of the time our governments and government agencies do appear to use such powers responsibly and so they tend to maintain that public trust. There has always been a significant minority who were more cautious on civil liberties grounds and there has always been an issue that the supportive majority aren't always very well informed about what could happen if the laws were applied more strongly in practice.
As a personal observation - I think this might start to change over the next few years and the current positions of MPs and government might start to look very out of touch. We are seeing the fall of our long-standing "big" political parties and the rise of a very right wing populist party that is increasingly looking like it might actually win significant power at the next general election. I think awareness of the potential for abuse by the next people to run the government and agencies is growing among the general public. Whether it grows enough to stop some of these policies from becoming law in the near future is a different question of course.
Intentions of votes for Labour went from 34% in 2019 to 17% or something now. While Reform UK is gaining voters left and right.
But it seems mostly due to a revolt against the "two tier Kharmer" policy of the current government: where normal people are jailed for online posts while others are free to break a female policer's nose at the airport and then be let to walk free by the judge and while others also get to rape hundreds of girls on an industrial scale and enjoy a nation-wide cover-up attempt (thankfully foiled) by the state...
Labour have dropped to 17% because their left wing has moved to the greens, Libdems and nationalists. Reform support has stopped growing at 25% and that's mainly Tories moving across. The only people that harp on about "two tier Keir" are the extreme right wing loonies.
Absolutely. Labour betrayed their core voters, who are looking for something else, but won't touch Reform UK because they're even more disgusting than the current right-wing Labour-in-name-only government.
"Claims" in the title is misleading. He (It/They, I guess it is an organism, not a single person) is _warning_ about that, same as this page always does. So, it is not an infamous claim, it is a warning to all affected parties (i.e. also the government).
Do you understand what transit encryption is? The point of TLS is the ISP can't inspect the traffic.
They can of course refuse to carry all encrypted traffic, but 1) stenography exists, so have fun writing DPI filters to detect suspicious noise in the note velocities of MIDI data; 2) turns out the free market didn't adopt HTTPS just to hide drug dealers -- I don't know if you heard, but there's this itty bitty thing called e-commerce, and unless you want people's credit card numbers flying in cleartext left right and center, it is better the padlook stays on.
Now what they can do is mandate their own root CA be installed on all the devices in the country, a tactic actually adopted by real regimes like Russia and Kazakhstan. Unfortunately, so far all they could do is beg and plead over SMS and refuse connections to the online government portal without the CA, while Mozilla and even Google blacklisted their certs.
If certificate transparency becomes universal, now the browser won't even connect until the feds politely check their little spy op into an immutable ledger. So the only remaining point of failure is the browser itself, but by that point it might as well send a clear copy on its own.
I know very well and I absolutely am not advocating for removing TLS. I am only saying that there is no need for them to remove it as IsP's can already access your traffic if needed through a lawful intercept. These are part of ISP certification. You're very naive if you believe there is no way for the ISP to view your traffic just because you're over an Https connection.
The ISP has "Intercept Access Points" withing their infra that will just clone you're data. Without you knowing. This is a feature. Turned on with a warrant always I'm sure.
Making my point of your ISP not being there to defend your privacy. It's not their mandate. Their mandate is to provide an internet service to you, and a mechanism to intercept to law enforcement.
Nobody is talking about passing around plain text over the wire here.
> You're very naive if you believe there is no way for the ISP to view your traffic just because you're over an https connection.
You seem to be under an impression an ISP's "Intercept Access Point" is somehow different from any downstream MitM. An ISP is certainly has more area than a coffee shop network, but the threat model stays mostly the same. Both I and Comcast can run tcpdump or mess with your packets to the extent cryptography permits.
There are only some realistic ways you could intercept a TLS connection, and that would be
1) For you to use TOFU, and the ISP to tamper with the initial key exchange. To stay undetected, you would have to ensure every vantage point after provides your compromised keys, expanding to potentially every cellular provider, home/business connections, and data-centers, potentially even outside your jurisdiction. This would be easiest if you could meddle near the backbone, until you realize the cost of deeply inspecting every packet, detecting the protocol, and transparently re-encrypting _all_ the internet. As soon as you verify out-of-band, even over a VoIP call, or the target crosses into a network you didn't compromise, your cover is blown. And you've only got shot at intercepting the key exchange, so you can't afford to be picky about who to target.
2) In practice, most traffic uses Certificate Authority roots from the browser's default set. As I've said before you can either plead with the citizens to install your intercept CA, or you can find one trusted by browsers without cross-jurisdictional threshold signatures and try to apply rubber hose cryptoanalysis until the rights certs get signed. A transparency log will mandate you publish your MitM cert onto an immutable global ledger, letting everyone know something fishy is going on. Your attack has succeeded, but at the cost of blowing your cover.
What an ISP, as well as me as a network admin, do see is the domain and IP, timing, and packet size. That does allow me to deduce a lot about you--large packets sent to whatsapp.com are probably images, many small ones may be a call. But that's about it unless you can get the keys.
Would you mind if we took this out hn? I'd love to go through this a bit more. I feel we may have reached the limit of scope for the conversation topic to be fair. I'll put my mail in my profile.
It's not technology. It's negotiation between people and state. Having a state requires people to forego something and contribute something. More stronger the state you want, more you need to give up. It's about your needs and making a deal.
This was easy to predict. It also shows how backwards are the UK security bureaucracy as you can simply clone Signal and tweak it, and deploy your own blend. Also, perhaps an LLM can do it as well, what if the prompt is "keep me safe from a totalitarian government"?
It is becoming more and more important that people learn to encrypt things locally themselves, its not end-to-end if the users are the ones encrypting and decrypting manually and then sending that message over unencrypted methods to comply with this draconian invasion of privacy. It would probably be a matter of time before they try to make using PGP usage illegal as well but they haven't yet.
Absolutely sick and tired of what I call "minority report" laws where you didn't cause any harm, but you are flagged and penalized for having had the potential to cause harm. Illegal is illegal, you don't need to make precursors illegal.
"Developers of apps that use end-to-end encryption to protect private communications could be considered hostile actors in the UK." <-- What about HTTPS, the thing that secures most websites especially banking sites. Old farts making laws about things they know nothing about! FFS
When government is corrupt, any activity that makes it easy for citizens to protect themselves can be described as hostile.
This is just a symptom of security services not doing the job tax payers pay them to do.
Like when foreign asset managers can influence government to create policies nobody voted for and make it the most important thing on the agenda? No a single arrest?
Strong encryption is necessarily at odds with the state. It's somewhat crazy that states allowed private citizens to use it freely as long as they did.
You, UK regulators and law enforcement, shall learn first how to do your frickin job!
Intruding everyone's privacy is not that!
Should everyone hand in their full recording of private conversations and full track of movements per month so you can filter out those breaking the law and claim you did your job?! NO!
Or better yet, should everyone spend two weeks in a high-security jail every three years, just so you can claim that, statistically speaking, crimes were punished? So your life can be easy, you can kick back, and collect paychecks? You'd like that, wouldn't you?! Maybe farmers can ask people making food for themselves but still collecting money for it, shouldn't they?
If you must intrude the privacy of all people then you are just a buch of incompetent idiots without a clue how to chase the actual criminals instead of harassing honest people! Exposing everyone to bad actors. Which is a crime on its own, by the way!
If you are unable to do without privacy violations for everyone then get a job you are able to carry out!
Walls, locks, gates, and all such are made for a purpose: to protect people. Don't break them!
The UK is just saying the quiet part out loud. If you look at the EARN IT Act in the US or the "Chat Control" proposals in the EU, then the trajectory is identical. The UK is providing the "democratic" precedent that the rest of the Five Eyes will use as leverage. If you think the US isn't eyeing the Online Safety Act as a convenient trial run for overt or covert domestic policy, I’ve got a bridge to sell you.
EDIT: You added a lot more after I replied to your post.
Westerners never had free speech in the first place. We are free to fight amongst one another, but if we ever act in a manner that endangers the Power that be, you don't live very long.
Thanks for saying the truth. Free speech is a concept that has been prostituted for political gain, but only for the already powerful. It has never been the case that you could publish the crimes of powerful people and get away with it. And especially now that US has embraced the path of authoritarianism and the government is actively harassing and ridiculing journalists, as well as pulling funding for libraries and schools, a cornerstone of democracy, freedom, and justice. Values the US has abandoned in exchange for oligarchy.
And the government defrauding the English of their own homeland while pumping in misinformation by the petabyte while simultaneously calling everything else misinformation isn't hostile activity?
If a government is legitimately elected, and respects due process, I don't see why people would want to hide from the government.
There are very few situations where a journalist would need to hide himself from a legitimate government who respects due process.
With the Trump administration, in China, Russia, yes of course. Those apps do matter. Conventional apps are probably giving data to abusive governments if their laws require it.
With criminals using those apps to not get caught in those legitimate due process countries, I don't really know if those apps are worth using it they help criminals.
I agree that I don't want to give my data to big companies or for ads.
But I trust a legitimate government and due process.
AI can make you a basic signal for whatever group you want with zero oversight now anyway. The days of trying to proxy anti-encryption laws so you can spy on your people are numbered.
I think there is a point to this. I’m not saying I’m a fan. But the reality is that it is too simple to communicate secretly, and the government has an interest in protecting its citizens. This is true in many aspects. (Health, technology, electronics, traffic)
Btw. The https communication comparison does not hold, there is always a third party that can read what you say. E2E chats are effectively communication where evidence is instantly destroyed.
Want to have a private communication, I think offline is the right approach.
I agree that it sucks, but it’s probably not about you. It’s about nefarious people that use this as an uber advantage.
But the reality is that it is too simple to communicate secretly
This is a horrifying thought to be reading on this site of all places, and I can't help but feel that humanity is well and truly screwed if this mentality has seeped this far into the culture. *Communicating secretly is a human right*. A legal right under international law (ICCPR article 17, ECHR article 8), and a constitutional right in any country worth living in. There can not possibly be such a thing as "too simple to exercise your human right to privacy". It's like asserting that it is too simple to choose your line of work, or that it is too simple to live in the city of your choosing.
and the government has an interest in protecting its citizens
The government has more than an interest, it has a legal obligation to protecting the human rights of its citizens.
the problem with current government protecting its citizens by collecting their private communications is the next government having access to this sensitive data.
Yep, the next government may be evil tyranny, but it's beyond my comprehension why would I have to trust current or any government with the data I'm sure they'll abuse the moment they have it.
>Btw. The https communication comparison does not hold, there is always a third party that can read what you say. E2E chats are effectively communication where evidence is instantly destroyed.
If I use a third party CA this is correct. But what third party can read communications over HTTPS between a client and a server I control with a self signed SSL cert?
This isn't correct with 3rd party CA's with modern TLS either.
TLSv1.2 has Perfect Forward Secrecy with DHE and ECDHE key exchanges and in TLSv1.3 PFS is mandatory. A compromised root CA or even leaf certificate these days protects you from a man-in-the-middle and not a whole lot else - the certificate private key is never used for session key derivation and the keys themselves are ephemeral and never sent over the wire so even intercepting the key exchange doesn't allow decryption of the stream.
Even if you don't have Forward Secrecy, like you decided to use RSA KEX which is a terrible non-default idea even in 2015 let alone today (this feature isn't even present in TLS 1.3 deliberately, lobbying to keep doing this failed), your private key is still needed so a third party CA can't imitate you.
The CAs have never been supposed to know your private key. For a long time now it's straight up forbidden on pain of removal from trust stores for the CAs to learn somebody else's private keys.
For the example of Let's Encrypt your client probably picks a private key and stores it where your web server can use it, but it never sends this key to anybody else. In fact if you care you can even have the key chosen by the web server and literally never send that key to the Let's Encrypt client at all, the client picks up a "Certificate Signing Request" and it goes OK, I see you want a certificate for some key you know but I don't, that's cool I will go ask Let's Encrypt to issue a certificate for that and let you know.
Sounds like Let's Encrypt would also fall under that.
This has got to stop. If you want to stop criminals, then focus on their illegal activites, not the streets they walk on. I walk on them too. And don't use CP as a catch-all argument to insert backdoors.
Their big problem here is that previously, it was hard to find people with the same opinion as you. If you couldn't find someone in the same village who wanted to start a rebellion, it probably wouldn't happen. Today, someone can post a Telegram group message and make thousands of people rally to a town square. I see the dangers, and I see why governments think they are doing this to protect the people. No one wants civil war. That is still not a strong enough reason to call road construction a hostile activity.
I'm back in Sweden after 12 years abroad. Time to read up on which parties are sane and which aren't when it comes to technical infrastructure.
Don't play into their propaganda. Governments don't like it because they're protecting themselves and their power; making it harder for people to find each other and organize and rally is one of many ways governments do that. (There's a reason authoritarian governments regularly shut down cell networks.)
https://bsky.app/profile/tupped.bsky.social/post/3lwgcmswmy2...
> The U.K. Online Safety Act was (avowedly, as revealed in a recent High Court case) “not primarily aimed at protecting children” but at regulating “services that have a significant influence over public discourse.”
This is to protect minors of course. Did you think about the children ?
Telegram, whether it's true or not, claims they are not a large platform (so if this is a lie, it may really pay off).
https://sumsub.com/blog/age-verification-on-social-media/
"WhatsApp is now a Very Large platform in the EU, and will face tougher regulation"
https://www.theverge.com/news/614445/whatsapp-channels-very-...
The argument is so fundamentally stupid that they should be embarrassed just putting it down in writing!
This is a warning from the independent reviewer that the law is too potentially broad, not an argument to retain these powers.
[1] https://assets.publishing.service.gov.uk/media/69411a3eadb57..., pages 112 and 113
What right-wing institutions have noticed all around the world is that you can just kind of ignore all that shit now. Centrists are flailing around begging for an explanation for "how this could happen" and folks on the left, marginalized for years in favor of free markets, are just kind of facepalming and saying we told you so.
You need to put it in writing somewhere that there's a limit on governmental authority and enforce the hell out of it. You need to do the same to clamp down on the power of special interests and corporations. More than anything, you need robust mechanisms that make government representatives vulnerable to the voting public. The people need to be the ones that they scramble to please and when we get mad that should be dangerous and difficult for those holding the reins of government. Their existence needs to depend on the mandate of the public.
Governments of both flavours are ignoring the voting public, for various reasons, e.g. they are signatory to agreements that no longer work for the public but are difficult to break, the public is increasingly economically irrelevant compared to businesses, and, of course, the greedy self-interest of the politicians themselves.
I agree with you on the third paragraph, but it's also the reason that I believe the US will be okay compared to other Western democracies (an opinion I'm not sure you would share, judging by your post). The Constitution is already a thing, and is on its own a declaration that certain rights derive from a higher authority than government. The second amendment in particular is under siege (again, by the left), but does equalize things in a way that many of its opponents are reluctant to admit.
The idea that "they're coming for your guns" is something we can begin to discuss when the first step to curb our mass shooting problem is actually taken. For now, it's a little ridiculous to infer that there's any kind of 'siege' on the second amendment given that we have them all the damn time and they're not slowing down.
I would ask folks in the EU whether they think they're leaning left at the moment. Reading their news it doesn't seem to be the case [0 1 2 3].
Just out of curiosity - in what concrete way do you think the second amendment serves as an equalizer? Do you imagine that the government sees an armed populace as any kind of a threat?
Leaving the left-right debate behind for just a second - I smell that there is something perhaps we may agree on. Representation is fundamentally broken. Even given our ideological differences, how do you feel about direct democracy? I think we'd benefit.
0 - https://www.ibanet.org/The-year-of-elections-The-rise-of-Eur...
1 - https://ecfr.eu/publication/rise-to-the-challengers-europes-...
2 - https://fortune.com/europe/2025/02/25/europe-far-right-movem...
3 - https://www.euronews.com/my-europe/2024/12/24/european-polit...
People lie and they use doublespeak.
they're not doing this to protect people, they're doing this to ensure there cannot be rebellion against unpopular policies. Organization is harder if all communications is monitored.
But this is how gov't get to be kept in check - the risk of "rebellion". If this risk is removed, you get authoritarian states - see north korea.
How great it would be to have a select few evil masterminds, a clear enemy to roil against! That isn't reality, though. Would the super-secret council of puppet masters have allowed Trump to become president of the USA (again) and ruin the economy? You'll have an answer to that, obviously. It matters little. Reality is far more complex, shadow masters prefer stability over chaos, and the world is generally full of competing and opposing interests.
A few rich men might hold a lot of power in their hands, I give you that; but unless you limit "the world" to mean an arbitrary smaller region of earth, nobody is in charge of it all.
That's some pretty classic conspiracy theory stuff. No evidence of anything nefarious, just heavily implied.
I think what’s happening isn’t some evil plot to quell opposing voices, but more likely the UK government thinking they’re actually passing laws to reduce rioting and online abuse. And the censorship effects are a side effect of these laws.
Some might consider this opinion naive but take this counterpoint: laws require a majority to pass. So if these censorship laws were written to squash opposing voices, then we’d be dealing with a literal conspiracy involving hundreds of people. I don’t believe all politicians are only in it for themselves (though I do believe many are), so you’d expect at least 1 MP to speak out if such a conspiracy existed.
What happens is that you get arrangements like the EU demanding migration quotas that the populations of various individual countries despise, or an automobile market that gets progressively more expensive as environmental legislation puts ever more pressure on manufacturers. And of course, if you're saving the world, who needs cars anyway? We should all be living Hong Kong style to save the environment, so we need more urban density.
Yup. There is a huge amount of resentment about handouts for pensioners, a lot of disagreement with any kind of new 'islamophobia law', anger about actual and perceived reneging on pre-election promises, still a lot of anti asylum-seeker sentiment, anger about grooming/rape gangs etc.
And Labour are worried about Reform making big gains again in local elections next year.
Check out the Pirate party's stance on integrity and internet:
https://piratpartiet.se/sakpolitik/integritetspolitik/
https://piratpartiet.se/sakpolitik/natpolitik/
It’s the same with the multi billion ID cards and digital ID which is almost impossible for a government as incompetent as this one to implement.
That would be against everything european governments stand for.
I really struggle to understand why the hell this is always only applied to european governments? The idea to take 1984 as a book of requirements seems to extend *far* beyond europe.
not some vague far away "the EU (personalized)" thing
which also mean you can locally enact pressure on them
furthermore the EU supreme court(s) might have more often hindered mass surveillance laws in member states then the council pushing for them...
and if we speak as of "now", not just the UK, but also the US and probably many other states have far more mass surveillance then the EU has "in general".
so year the whole "EU is at fault of everything" sentiment makes little sense. I guess in some cases it's an excuse for people having given up on politics. But given how often EU decisions are severely presented out of context I guess some degree of anti-EU propaganda is in there, too.
Factually incorrect.
The European Parliament is elected. The Council is appointed, so there is no direct democratic incentive for the council to act on and no direct electorate to please.
On top of that the actually elected European Parliament can only approve (or turn down) directives authored by the Council. They have no authority to draft policies on their own.
To make matters even worse the European Council, which drafts the policies, has no public minutes to inspect. Which obviously makes it ripe for corruption. Which evidently there is a lot of!
Looking at the complete picture, the EU looks like a construct designed intentionally to superficially appear democratic while in reality being the opposite. The more you look at how it actually works, the worse it looks. Sadly.
Europe deserved something better than this.
In short, there are three core institutions, the "technocratic" European Commission, the European Parliament elected by direct popular vote, and the Council ("of the EU"/"of ministers") made up of the relevant (in terms of subject matter) ministers of the standing national govs. The law-making procedures depend on policy areas etc. but usually in the policy areas where EU is fully competent, the Commission — the democratically least accountable of the three bodies — by default makes the initiatives and negotiates/mediates them further along with the Parliament and Council, but only the last two together really have the power to finally approve actual legislation, usually either Regulations (directly applicable in member states as such — so an increasingly preferred instrument of near-full harmonisation), or Directives (requiring separate national transposition / implementation and usually leaving more room for national-level discretion otherwise as well).
While not fully comparable to nation-state parliaments, the powers of the EU Parliament have been strengthened vis-à-vis both the Commission and the Council, and it's certainly long been a misrepresentation to say that they, e.g., only have the power to "approve or turn down" proposals of the Commission and/or the Council.
no please read what I wrote
_local elected leaders_
they are the leaders each member state democratically elected in their own way
and that makes a lot of sense the EU isn't a country after all so using the already democratically elected leaders makes a lot of sense
> They have no authority to draft policies on their own.
yes neither did I claim so, the EU is by far not perfect
> Which evidently there is a lot of!
yes, but that is mainly a reflection of corruption in local Politics
it was the EU which had stopped many similar unhinged attempts from the UK when the UK was still a member
similar it had been the EU which had shut down various other surveillance nonsense of the EU
you are basically pretending the EU is a person with one uniform opinion and goals
but it's like the opposite of it, like in a lot of way
it's a union of states, each having a vastly different goals and culture and non of them having a "single uniform opinion" either but (in most cases) a more complex political field then the US (on a federal level)
Furthermore the most influential organ of the EU when it comes to making changes is literally a composition of the elected leaders of the member states. So for most big controversial decisions the driving and directing force isn't "the EU" but but the various elected leaders of the member states. For EU citizens blaming "the EU" instead of blaming your own elected leaders is common, but pretty counter productive, as it's basically pretending you have no power to change things.
Furthermore in the EU you have an additional parliament which (in general) needs to ratify laws and two high courts which can (and in context of mass surveillance repeatedly have) shut down misguided "laws", including in many cases local attempts at mass surveillance laws.
So while some parts of the EU have consistently pushed for mass surveillance in recent years other parts also have consistently moved against it.
In general while the EU needs a lot more transparency and some more democratic processes in some aspects a lot (not all) of the "stories told to make the EU look dump/bad" have a lot of important context stripped from that (like e.g. that a lot of the current push for surveillance comes from the locally elected leaders not the EU parliament or some other abstract "the EU" thing, it's your own countries leader/lead party(1) which does or at least tolerates that shit).
The elected leaders like to blame the EU (or for those without an EU - any external body or even the mythical deep state) for everything adverse. The reality is these "failures" they blame on someone else are generally in alignment with their own policies goals and objectives.
Yes, there are governments that are worse than European, but the decline of European government is the fastest.
You may be surprised that the UK is the world leader in the number of people arrested because of internet posts. And that Germany, which is still way behind the UK, has more people arrested for the same reason than Russia, China, North Korea, Iran, Belarus, Saudi Arabia, and a few others combined.
And many people still believe that those countries are beacons of democracy while the others are backward dictatorships.
This is untrue, as I've previously pointed out here [0] and here [1].
[0] https://news.ycombinator.com/item?id=41488099
[1] https://news.ycombinator.com/item?id=45412989
“An X user who posted two anti-immigration tweets been handed a 18-month jail sentence.”
Edit to point out 1. That is a quote and 2. The UK considers this Ok though https://www.bbc.com/news/articles/cjeykklwn7vo
> I think it’s time for the British to gang together, hit the streets and start the slaughter.
> Violence and murder is the only way now. Start off burning every migrant hotel then head off to MPs’ houses and Parliament, we need to take over by FORCE.
I'm not sure what the punishment for such a clear but ineffective incitement to violence should be, but it shouldn't be nothing.
- intent
- imminence
- likelihood
If the UK had speech protections like the US (which I wish they would) then it would fail the imminence and probably the likelihood tests (you rightly note that it is ineffective).
[1] https://uslawexplained.com/incitement
I think that puts the likelihood-factor at zero.
So, uh, yes. It's definitely something that the federal authorities take a dim view on.
> Several additional conditions not in evidence are required for speech of this type to fall outside of First Amendment protections.
Perhaps your point would be clearer if you indicated what specific conditions you believe are missing. Maybe the tweeter had no followers? Idk, I can only vaguely guess at what you're referring to.
That's terrorist speech tho. My problem is that everyone can reasonably get on board with banning speech that indicates violent action, and that the reliance on "muh free speech!!!" has been a net negative for actually defending the right of people to have privacy, because people rely on that sans any other (better) arguments.
That would be important context to mention, don't you think?
The UK is rapidly declining as a close second, but calling it "European" (especially when UK citizens see themselves as non-European) is just a lazy generalization.
Is that a bad thing? I've got friends in the UK crying out for something like ICE so keen to understand why it's viewed as rapid decline.
Because his post contributes nothing to the discussion.
> Yes, there are governments that are worse than European, but the decline of European government is the fastest.
What makes it the fastest?
> You may be surprised that the UK is the world leader in the number of people arrested because of internet posts. And that Germany, which is still way behind the UK, has more people arrested for the same reason than Russia, China, North Korea, Iran, Belarus, Saudi Arabia, and a few others combined.
Don't know about you but I'd rather be arrested for posting something in EU then be disappeared in any of the countries that you mentioned.
> And many people still believe that those countries are beacons of democracy while the others are backward dictatorships.
That is because Germany and UK are beacons of democracy when compared to the countries that you listed.
> That is because Germany and UK are beacons of democracy when compared to the countries that you listed.
Read my comment again. The fact that the UK and Germany are in some aspects still better than the ones I mentioned doesn't make them beacons of democracy. It's sad that those countries declined so fast that we are now comparing them.
[1] https://www.europarl.europa.eu/doceo/document/E-10-2025-0022...
A spokesperson for Leicestershire police clarified that offences under section 127 and section 1 can include any form of communication and may also be “serious domestic abuse-related crimes”. [1]
It seems misleading to count arrests related to domestic abuse as "anti-free speech".
[1]: https://lordslibrary.parliament.uk/select-communications-off...
This is what governments do when they want to avoid public scrutiny. This is not the win you are looking for.
I'm not trying to win anything, and I do support privacy. I just think any argument, especially those citing specific numbers, should be based on an accurate description of reality.
This doesn't mean anything in isolation.
> Here's the citation from the EU parliament itself [1], since I doubt you'd believe non-government sources.
Do we know each other?
> The fact that the UK and Germany are in some aspects still better than the ones I mentioned doesn't make them beacons of democracy.
No, but there aren't many that are much better so when you take all of that in to account, yes UK an Germany are beacons of democracy.
> It's sad that those countries declined so fast that we are now comparing them.
I already asked this but by what metric are they declining faste?
It's pretty good proxy for freedom of speech, one of the features without which democracy is not possible.
>> Here's the citation from the EU parliament itself [1], since I doubt you'd believe non-government sources.
> Do we know each other?
Probably not, but I can smell a state believer when I see him.
> No, but there aren't many that are much better so when you take all of that in to account, yes UK an Germany are beacons of democracy.
If they are, it's a pretty low baseline. They are but a shadow of what they once were.
>> It's sad that those countries declined so fast that we are now comparing them.
> I already asked this but by what metric are they declining faste?
The article I posted has a link [1]. There you can see the number of people arrested went up from 5502 in 2017 to 12183 in 2023. It's a pretty sharp decline in freedom of speech.
[1] https://archive.is/kC5x2
The second problem is that American conservatives have framed Nazi speech as a free speech issue, so to an onlooker who is not in the USA, when people talk about "free speech", it comes across as someone defending someone's right to say incredibly harmful, violent things about Jewish people, Transgender people, and so on. I think for most people outside of the USA (and, to be honest, most minority populations within the USA) you should consider "free speech" as being an incredibly tainted phrase for that purpose.
The flipside of all of this is that fascism is very, very possible even with freedom of speech (actually it seems to rely on it, given how virulent the spread of outright Nazi rhetoric has been in the USA so far). Freedom of speech is not the sole thing that holds up a democracy and it weakens your arguments for you to rely upon it like this.
The famous US Supreme Court case[0] that explicitly confirmed that "Nazi speech is free speech" was brought to the court by the ACLU[1], a left-leaning organization that defends things like LGBTQ rights. Your take is completely divorced from factual reality.
American conservatives aren't "framing" it. They are restating what the US Supreme Court has already determined in a case brought to the court by the liberal left. This is a principled defense of free speech that has historically been supported by people across the political spectrum.
[0] https://en.wikipedia.org/wiki/National_Socialist_Party_of_Am...
[1] https://www.aclu.org
I do not think you understand the optics of how this looks outside of your USA-centric echo-chamber audience.
>This doesn't mean anything in isolation.
For anyone who cares about free speech, this is very scary and very troubling, regardless of any other factors at play.
What about the other 11999?
Give them a little time. They'll catch up. Comparatively to what the UK used to be it is sliding down, more and more. One should be more concerned about what is happening in their country rather than consoling themselves that there are worce places.
Look I think there are problems with the UK's policy here, but this comment is either disingenuous or naive.
It's absolutely hopeless at protecting citizens from foreign threats.
95% of the arrests aren't actually arrests. The police send you a polite letter, you write a polite response, and at least 90% of the time the case is dropped.
Compare with various authoritarian dictatorships where if the police turn up at your door you're unlikely to survive.
And - unlike the US - no one is hauling random British brown people off the streets and sending them to prison camps.
The UK does have a far-right party desperate to end judicial oversight and remove legal protections from torture, etc, by ending support for the ECHR.
There's currently a huge online campaign, funded in part with foreign money and supported by most of the British press (foreign billionaire owned...), to make their far-right dictatorship seem like a political inevitability.
It isn't. But they're trying really really hard to pretend otherwise.
Putin is also really, really pissed at the EU for taking Russian money and using it for defence and reparations.
But - you know - if you start a war because you're a grandiose psychopath, that's what happens.
Bahaha, as if that's any better.
Guess cops showing up to your door for being mean to someone online is just an inevitability when there is no "second amendment" equivalent in said country.
Sad state of affairs, if they weren't british I'd almost feel bad.
I don't think their real intention is to stop criminals, it's just the smoke screen similar to ChatControl and other similar legislations prohibiting privacy elsewhere.
Could? I know of government employees who literally cannot do their job, yet somehow they've been employed for over twenty years. When I say they can't do their job, I mean they have to ask coworkers how to do something that is and always has been a job requirement, and they have to "ask for help" every time. People are actually enabling massive amounts of waste and inefficiency.
Then there are those who don't even have work to do, and will take offense if you ask them to justify their continued employment. As though they are owed a position in the organization tomorrow just because they have a position in the company today.
I wish I could say that was an unusual experience. In another jurisdiction it took two months and we finally got to the point where even providing specific coaching telling them that it wasn't working because they opened the TCP port numbers we said instead of UDP, even though UDP was heavily emphasized. The stonewalling and constant battling ended up delaying our launch to the point where the decision makers decided to just can it instead of fight with their own IT organization.
Now that said, I have worked with some truly incredible and brilliant people on the government side. There definitely are some fantastic people that work for the government. Unfortunately they seem to be in a minority.
It sure is not. I'm not going to list all the examples I know as embarrassing some departments does not end well but I have to share this one. I tried to email someone at the California DMV a couple decades ago. My email bounced and I got a strange routing error. I assumed the problem was on my end. The first thing I did was dig their MX records and what did I get? 2 MX records with RFC1918 address space (10.0/8). I managed to get through to a real person on the phone and that went nowhere. They eventually fixed it some months later but they probably enjoyed the email silence.
Another one involved a 3 letter agency that should know better and could not figure out how to install an intermediate certificate on their website. They expected me to instead install their certificate on all of our servers and got mad & huffy puffy when I refused. I am not naming them but after a couple years they figured it out.
Which means that the truly good people are basically quirky people with strong work ethic/believe in the mission that happened to join the organization for some reason.
That's what they say, but that's a smokescreen. They do it because they believe it helps them consolidate and keep power.
Yes. Previously this capability was reserved for the CIA.
The "fun" part of this is that the person writing the message on these apps might not even be a local person involved, but some person far away in another country just trying to stir up some shit.
Telegram is a terrible example. It is one of the few messengers that do not support end-to-end enrypted group chats. It is also heavily moderated. Your group will not be closed immediately but before anyone could pick up their pitchfork and certainly before it reaches a critical mass.
The solution for government is simple: stop being scumbags whose only purpose is making people's lives more and more miserable by optimizing for total control and corporate profits.
Don't get me started on locksmiths, oh the horror!
The UK is a failing nation run by pedophile apologist imbeciles. This is just desperate flailing to hold onto power by any means.
But why are pretty much all governments universally inept? It's not only the UK but US gov has also pushed for this and plenty of other stupendously stupid ideas or decisions - and plenty of other governments (well, all of them) besides.
It leads me to believe that our species is incapable of leading itself, that we are incapable of choosing good leaders.
Democracy: Through popularity contests
Monarchy: Through birth
Other various dictators: Through force/corruption
How on earth does anyone expect the best, most competent people for the job to be selected by these methods?
The mistake HN commenters make is thinking "But TLS is encryption too! They can't ban Signal without also banning TLS!". They absolutely can if they want to.
So say if my UK friend connected directly to my PC with SSH/RDP, both uses end-to-end encrypted link, to chat with me using `wall`, `write` or Windows Task Manager, then all of sudden this is a hostile and Mr Big Ben will just launch laser at me to burn me to death. Wow, this is just messed up.
Someone should check the cognitive of those lawmakers, because these guys are clearly not good at their jobs. If such they failed to understand such simple concept, how can they understand much much more complex construct such as society?
No, because nobody is using those systems to communicate at scale to try to destabilize a government.
Quantity has a quality all its own.
Governments often equate any opposition to "destabilizing"; don't let them. Yes, there are real information-warfare efforts in the world to destabilize governments and societies. There are also far more people who are trying to organize, and rally, and communicate about issues they care about.
Two conflicting problems can be true at once, and require careful balancing.
We should probably stop saying and believing that. This is basically the UK government making a deal to the developers they cannot refuse: cooperate (install backdoors) or get prosecuted. The French tried to do something similar not so long ago.
A decade ago politicians genuinely didn’t know much about the internet so most of the laws were terribly ill informed good ideas. The new sweep of internet legislation like chat control, age verification and banning of vpns are much more dangerous because those pushing know exactly what they are doing.
(Great username, btw, SirHumphrey)
Who's going to stop them?
Certificate Transparency thankfully means this is a tool a government could only use once if at all, and then they've burned an entire CA.
So again, it just harms the general public, while making it harder to catch criminals.
Probably a lot, given how booming the illegal drug market is. Obviously you don't hear about the successful ones, you only hear about the incompetent ones that get caught.
Police militarization, drones, army unit investigating private civilians, digital powers widening... I am more scared of the government than I am of local paramilitary forces at this point.
It may be enough to swing my vote towards Irish unity given the topic will be forced within my life time.
What utter nonsense. The prison system was so full that when the current party got into power they had to start releasing people years early to free up space for newer offenders. That is why they're trying to improve capacity and that's not expected to happen for several years.
Point of order: the concept already existed, they just want to expand it, for more crimes (the extent of which I'm unsure of).
Or just someone who has at least 100 IQ
People can make random accounts named after Shrek making weird claims that immediately gets upvoted. The mass astroturfing you see everywhere on the internet now has made it shit.
Can someone suggest a better title? Better here means "accurate and neutral, and preferably using representative language from the article".
This, btw, is exactly what we look for when doing a title replacement:
> verbatim from the article and much better describes the event being reported
That's what I usually call "representative language from the article" (https://hn.algolia.com/?dateRange=all&page=0&prefix=true&que...). The idea is not to invent new wordings, but rather to find the place where the article 'confesses' what it is really about.
Reasoning:
* Original report behind the article: "State Threats Legislation in 2024" [0], i.e., UK national security law
* Article focuses on an example from section 6.17 where developing an encrypted messenger app is given to show how broad the definition of "hostile act" is
* Snippets from the article:
> In his independent review of the Counter-Terrorism and Border Security Act and the newly implemented National Security Act, Hall KC highlights the incredibly broad scope of powers granted to authorities. > > He warns that developers of apps like Signal and WhatsApp could technically fall within the legal definition of "hostile activity" simply because their technology "make[s] it more difficult for UK security and intelligence agencies to monitor communications."
[0] Original report: https://assets.publishing.service.gov.uk/media/69411a3eadb57...
The language changes here are slight (claims -> warns) and includes more context about the reason this watchdog is speaking out (current debates around the Counter-Terrorism and Border Security Act, new implementation of the National Security Act), using language from the first 4 paragraphs (may be considered, could be considered, stark warning, report warns, etc).
You could also leave out the specific names of the acts—they're not super helpful to me as a non-UK news consumer, but I suspect they might be more crucial to someone who's tapped into the UK political news cycle:
"Creating apps like Signal could be considered 'hostile activities' under new laws, UK watchdog warns"
The report doesn't make any recommendations or suggest any changes to the law, it seems to consider that it is good that this could be considered Section 3 "hostile activity". This later part about Schedule 3 investigations also makes this clear:
These arguments are so ridiculous. Privacy is now a weapon of terror apparently.
Just kidding, I'm well aware that we'll likely never escape photon/shot noise. :(
Outlaw all guns and make end-to-end encryption illegal doesn't stop GRU dropping novichok perfume bottles around england.
if somebody really has high income(and high risk) illegal scheme he will not use signal for very bad things.
more, llm can tell exactly do things outlined above.
so chat control is for small(small income) crime and control of ordinary citizens behave well. in this sence it will serve its purpose.
so what is purpose going for signal developers? why not they try to do same with webrtc standard and browsers and llms?
You can also get a physical SIM from tons of shops (corner shops, supermarkets etc) with no ID and cash lol
mi6govukbfxe5pzxqw3otzd2t4nhi7v6x4dljwba3jmsczozcolx2vqd.onion
https://www.youtube.com/watch?v=OYB129pGq0k
As many personal details as possible
The "watchdog" is a KC (senior barrister) officially appointed to review the legislation. He's warning that this could be considered hostile activity under the act, which would be a bad thing. In other words, he's criticising the act for being overly broad, a view that most on HN agree with, and his criticisms of it presumably carry some weight, given his official role.
As usual, this has provoked a load of ill-informed knee-jerk rants about the UK government from people who didn't read past the headline. This act is an absolute stinker, but let's maybe criticise what's actually happening rather than some imagined cartoon variant of it.
edit: I misunderstood the poorly-worded headline. It should have been something like "Creating apps like Signal could be 'hostile activity' according to govt., claims UK watchdog".
You see this with "OMG knife-crime is out of control in London" type stories that the US love to run.
It's because we were :
The actual rate of stabbings per capita is higher in the USA than the UK.And that's even without considering that the weapon of choice in the USA is the firearm.
But you wouldn't beleive it from the headlines.
Back to this story, here we have legislators doing their job of scrutinising, and their open scrutiny is held up against the country.
We could instead have a system where people vote on bills without knowing their contents like the US does.
> We could instead have a system where people vote on bills without knowing their contents like the US does.
UK MPs are quite capable of voting on things they haven't read, and indeed their individual opinions are irrelevant due to the whip system. Voting against the party is a rare, major event and can be punished by expulsion. The US traditionally had less party discipline, as can be seen from certain non-party-line Democrats.
Scotland used to have the worst reputation for stabbing until the https://en.wikipedia.org/wiki/Violence_Reduction_Unit incredible success. You won't hear about it in England because it reflects well on the SNP.
This fact seems to have no impact on UK politicians who now want to try to ban knives with pointy tips: https://theconversation.com/why-stopping-knife-crime-needs-t...
In general, this approach to crime is ridiculous and has no rational end-point.
This is the independent reviewer doing his job and pointing out how the legislation under review could have consequences we might not like.
It's not a government spokesperson supporting or endorsing those consequences.
I think we should all massively move to crypto, gold and such things, avoid KYC when possible and show these people that we will not go through their wishes no matter the oppressive laws they try to come up with.
They can put a few in jail. But when we are millions, what are they going to do?
Being hostile to these agendas is becoming a necessity.
Usually those types are the prime threat to the country.
"Tough on crime" and "tough on terrorism" are magic bullets for winning authoritarian support. That's how people are being persuaded that ECHR is a bad thing.
The UK has been heavily surveilled for several decades, if anything the pace has slowed especially in comparison to the modern US network of CCTV cameras on every doorstep available to the state and "private" survillence apparatus that has taken over.
That incident was four hundred and twenty years ago. There was no Great Britain, no United Kingdom. Scotland was an independent country.
The UK today is not the same place, not in the slightest.
The underlying argument was essentially the same one used in the US: almost anything is justified if it helps prevent anything they subjectively determine as “terrorism”.
By the time the leopards eat their faces, it's too late.
[0] Much like the people who voted for Trump and are now slated for deportation because 15 years ago they cashed a check that bounced, etc.
[1] Also the BBC has some blame here because if they weren't platforming Farage for years when it was unnecessary, it's conceivable that he wouldn't/couldn't have forced first the Tories and now Labour into their hard-right turns and we'd all be better off.
Farage is one of the few politicians who has opposed these laws. He wants to repeal the Online Safety Act.
As a personal observation - I think this might start to change over the next few years and the current positions of MPs and government might start to look very out of touch. We are seeing the fall of our long-standing "big" political parties and the rise of a very right wing populist party that is increasingly looking like it might actually win significant power at the next general election. I think awareness of the potential for abuse by the next people to run the government and agencies is growing among the general public. Whether it grows enough to stop some of these policies from becoming law in the near future is a different question of course.
But it seems mostly due to a revolt against the "two tier Kharmer" policy of the current government: where normal people are jailed for online posts while others are free to break a female policer's nose at the airport and then be let to walk free by the judge and while others also get to rape hundreds of girls on an industrial scale and enjoy a nation-wide cover-up attempt (thankfully foiled) by the state...
If there was ever a signal ( edit: happy accident ) that it should be done, it is that the government agency thinks it is a bad idea.
They can of course refuse to carry all encrypted traffic, but 1) stenography exists, so have fun writing DPI filters to detect suspicious noise in the note velocities of MIDI data; 2) turns out the free market didn't adopt HTTPS just to hide drug dealers -- I don't know if you heard, but there's this itty bitty thing called e-commerce, and unless you want people's credit card numbers flying in cleartext left right and center, it is better the padlook stays on.
Now what they can do is mandate their own root CA be installed on all the devices in the country, a tactic actually adopted by real regimes like Russia and Kazakhstan. Unfortunately, so far all they could do is beg and plead over SMS and refuse connections to the online government portal without the CA, while Mozilla and even Google blacklisted their certs.
If certificate transparency becomes universal, now the browser won't even connect until the feds politely check their little spy op into an immutable ledger. So the only remaining point of failure is the browser itself, but by that point it might as well send a clear copy on its own.
The ISP has "Intercept Access Points" withing their infra that will just clone you're data. Without you knowing. This is a feature. Turned on with a warrant always I'm sure.
Making my point of your ISP not being there to defend your privacy. It's not their mandate. Their mandate is to provide an internet service to you, and a mechanism to intercept to law enforcement.
Nobody is talking about passing around plain text over the wire here.
You seem to be under an impression an ISP's "Intercept Access Point" is somehow different from any downstream MitM. An ISP is certainly has more area than a coffee shop network, but the threat model stays mostly the same. Both I and Comcast can run tcpdump or mess with your packets to the extent cryptography permits.
There are only some realistic ways you could intercept a TLS connection, and that would be
1) For you to use TOFU, and the ISP to tamper with the initial key exchange. To stay undetected, you would have to ensure every vantage point after provides your compromised keys, expanding to potentially every cellular provider, home/business connections, and data-centers, potentially even outside your jurisdiction. This would be easiest if you could meddle near the backbone, until you realize the cost of deeply inspecting every packet, detecting the protocol, and transparently re-encrypting _all_ the internet. As soon as you verify out-of-band, even over a VoIP call, or the target crosses into a network you didn't compromise, your cover is blown. And you've only got shot at intercepting the key exchange, so you can't afford to be picky about who to target.
2) In practice, most traffic uses Certificate Authority roots from the browser's default set. As I've said before you can either plead with the citizens to install your intercept CA, or you can find one trusted by browsers without cross-jurisdictional threshold signatures and try to apply rubber hose cryptoanalysis until the rights certs get signed. A transparency log will mandate you publish your MitM cert onto an immutable global ledger, letting everyone know something fishy is going on. Your attack has succeeded, but at the cost of blowing your cover.
What an ISP, as well as me as a network admin, do see is the domain and IP, timing, and packet size. That does allow me to deduce a lot about you--large packets sent to whatsapp.com are probably images, many small ones may be a call. But that's about it unless you can get the keys.
they can see the connections, the volume, and the ciphertext being exchanged, but unless...
A) the server is compromised
B) the client is compromised
C) they can break the key exchange algorithm or the symmetric algorithm being used
...the ISP or any other MITM cannot see the plaintext. by design.
Just look at the Tempest for Eliza project. And current snoopers are even more effective than that.
This is just a symptom of security services not doing the job tax payers pay them to do.
Like when foreign asset managers can influence government to create policies nobody voted for and make it the most important thing on the agenda? No a single arrest?
We are entering banana republic territory.
Vote them out at the very least.
Intruding everyone's privacy is not that!
Should everyone hand in their full recording of private conversations and full track of movements per month so you can filter out those breaking the law and claim you did your job?! NO!
Or better yet, should everyone spend two weeks in a high-security jail every three years, just so you can claim that, statistically speaking, crimes were punished? So your life can be easy, you can kick back, and collect paychecks? You'd like that, wouldn't you?! Maybe farmers can ask people making food for themselves but still collecting money for it, shouldn't they?
If you must intrude the privacy of all people then you are just a buch of incompetent idiots without a clue how to chase the actual criminals instead of harassing honest people! Exposing everyone to bad actors. Which is a crime on its own, by the way!
If you are unable to do without privacy violations for everyone then get a job you are able to carry out!
Walls, locks, gates, and all such are made for a purpose: to protect people. Don't break them!
It may soon not be safe for authors of any privacy or encryption software to visit it or live in it.
The way to fight this is to make and use so much encryption software that no private communications or storage stay unencrypted or non-private.
EDIT: You added a lot more after I replied to your post.
Hope you'll enjoy the play.
Right-wing extremist and likely Russian asset.
There are very few situations where a journalist would need to hide himself from a legitimate government who respects due process.
With the Trump administration, in China, Russia, yes of course. Those apps do matter. Conventional apps are probably giving data to abusive governments if their laws require it.
With criminals using those apps to not get caught in those legitimate due process countries, I don't really know if those apps are worth using it they help criminals.
I agree that I don't want to give my data to big companies or for ads.
But I trust a legitimate government and due process.
Btw. The https communication comparison does not hold, there is always a third party that can read what you say. E2E chats are effectively communication where evidence is instantly destroyed.
Want to have a private communication, I think offline is the right approach.
I agree that it sucks, but it’s probably not about you. It’s about nefarious people that use this as an uber advantage.
If I use a third party CA this is correct. But what third party can read communications over HTTPS between a client and a server I control with a self signed SSL cert?
TLSv1.2 has Perfect Forward Secrecy with DHE and ECDHE key exchanges and in TLSv1.3 PFS is mandatory. A compromised root CA or even leaf certificate these days protects you from a man-in-the-middle and not a whole lot else - the certificate private key is never used for session key derivation and the keys themselves are ephemeral and never sent over the wire so even intercepting the key exchange doesn't allow decryption of the stream.
The CAs have never been supposed to know your private key. For a long time now it's straight up forbidden on pain of removal from trust stores for the CAs to learn somebody else's private keys.
For the example of Let's Encrypt your client probably picks a private key and stores it where your web server can use it, but it never sends this key to anybody else. In fact if you care you can even have the key chosen by the web server and literally never send that key to the Let's Encrypt client at all, the client picks up a "Certificate Signing Request" and it goes OK, I see you want a certificate for some key you know but I don't, that's cool I will go ask Let's Encrypt to issue a certificate for that and let you know.