



Encrypted chat service Signal said it would cease operations in the UK if the UK government enforces online safety legislation.

The Online Safety Act considers using device-side scanning to bypass encryption to protect children from harmful material while simultaneously breaking the security of end-to-end encryption. It is currently under review by Congress and has been the subject of controversy for months.

The now-formulated legislation would mandate social media companies to prevent children from being exposed to harmful content online, and make executives criminally liable for damages such as failing to remove illegal content or censoring posts related to cyberbullying or self-harm. to bear.

The bill contains what critics call the “espionage clause.” [PDF] Businesses are required to remove child sexual exploitation and abuse (CSEA) material or terrorist content from online platforms “whether publicly or privately.” When applied to encrypted messaging, this means that to allow content retrieval, either the encryption must be removed or the retrieval must be performed prior to encryption.

The signal draws a line.

These plans have been criticized by tech pundits, and Signal is equally unenthusiastic.

“Signal is a non-profit organization whose sole mission is to provide a truly private means of digital communication to anyone in the world.

“Millions of people worldwide rely on safe and secure messaging services to do journalism, voice dissent, express intimate or vulnerable thoughts, and talk to those they want to hear without the oversight of tech companies and governments. They rely on us to provide.”

“We have never, and never will, break our promises to the people who use and trust Signal, which means that alternatives undermine our privacy commitments to those who depend on us. It means that we absolutely choose to cease operations in a particular region if .”

When asked if he was concerned that Signal could be banned under online safety rules, Whittaker told The Register, “We have responded hypothetically and will not speculate on probabilities. The language of the bill is very problematic, especially all images and text. It is our duty to preemptively monitor . If given the choice between implementing such large-scale surveillance to void our privacy guarantees or ceasing operations in the UK, we would cease operations.”

In response to Whittaker’s remarks, Dr Monica Horten, the Open Right Group’s freedom of expression policy manager, urged the UK government to rescind the provision.

“The online safety legislation’s spying provisions would give Ofcom the power to ask private companies to scan everyone’s private messages on behalf of the government,” Horten said in a statement. “Simply put, it’s the kind of state-mandated private surveillance we see in authoritarian regimes.

“The Signals announcement highlights how seriously these proposals threaten encryption and undermine our right to communicate securely and privately.

“Signal taking its service out of the UK would be particularly damaging to journalists, activists and activists who rely on end-to-end encryption for secure communications.”

The UK is also targeting crypto on other fronts. Last month, the UK Home Office began consultations on a series of proposals to tackle serious and organized crime.

One of these is the manufacture or manufacture of “elaborately encrypted communication devices,” a vague category that includes software and hardware used in supposedly secure (and subsequently seized) telephone networks such as ANOM, EncroChat, Phantom Secure, and Sky Global. Consider criminalizing possession. .

“This sophisticated device provides access to an encrypted communications platform used by serious and organized criminals to plan illicit activities,” the Ministry of Interior claims. “The highly encrypted nature of these devices and their modified methods create significant barriers for law enforcement agencies to gather information and evidence in relation to serious crimes.”

return to the land of the free

US officials have frequently expressed similar fears that encryption will leave them in the dark, similarly trying to promote unfeasible rules to ensure that only “good people” are protected by encryption.

The proposed UK ban aims to “ensure that custom devices and user bases on which software/hardware has been developed to anonymize users and their communications will almost certainly be rated as criminal”.

Off-the-shelf commercial cell phones don’t “can’t even use encrypted messaging apps”. So theoretically, Signal is not involved. However, other security engineers take issue with the Interior Ministry’s proposal.

Riana Pfefferkorn, a research scholar at the Stanford Internet Observatory, published a response to the government’s request for comment in a blog post Thursday (the Department of the Interior will do so through June 2023, and in condensed form only). to her troubles.

“Where is the line between a ‘custom device’ and a ‘commercial mobile phone’? [and] Can I use an encrypted messaging app?’ she asks. Lax justice coupled with strict criminal liability makes a mockery of due process.”

Pfefferkorn spares no part of her Home Office approach, characterizing it as a continuation of “the UK’s long and despicable history of spying on people (RIPA, DRIPA, IP Act)”. And she twists her knife, turning to the commercial consequences of over-restriction.

“Getting this wrong,” she wrote, “crimes many people whose only crime is to use or sell phones that are too unusual for the tastes of government officials.” “You are either an obedient consumer or a criminal using what Samsung, Google, Apple and Meta have to offer. I hope that attitude will move the dying tech industry forward.”

At least Northern Ireland and Scotland will survive. If the Home Office legislative proposal is adopted, it will only apply to England and Wales.

