After bouncing back and forth between the house of lord’s and the house of commons This bill is a shadow of it’s former self. I’m glad to say.
Three things that were massively damaging for privacy and security have, as far as I can see, been scrapped.
The bill no longer requires tech companies to control ‘harmful but legal’ content. A blurry, ill defined concept that would have been impossible to regulate.
The bill no longer requires all end to end encrypted communication channel’s (WhatsApp etc) to have a backdoor for governments and enforcement agencies to access unencrypted messages between people. Something that would have broken effective security in every way.
The bill no longer requires porn to only be accessible to UK citizens after they have proven they are an adult. This was by providing bank details or ID to porn websites (lol no thanks), possibly through a third party company that is supposed to assure some privacy ( lol still no thanks).
And what’s left in the bill is going to be regulated by Ofcom, a toothless underfunded shell of a regulatory body.
Age verification isn’t so clear cut but there’s room for a lot of hope. What ‘age verification’ is going to be in the bill is yet to be determined by Ofcom.
… Which is law makers kicking the can down the road… or passing the buck. Probably because it’s unenforceable and a technical/ privacy nightmare. Maybe it will amount to something, in which case we should be afraid, but I think most likely it will amount to not much.
Sorry wired just came to hand. You can find it referenced elsewhere.
But it did change from ‘have to’ to ‘have to, if possible’ which is a massive climb down. It’s basically not possible to have a backdoor in e2e encryption so I think it’s dead in the water. It may even make other companies shift to e2e to avoid this legislation, which would be ironic.
And I think the quote is from the minister in charge of the bill, so he/she would talk it up.
The bill is awful. But at least it’s weak(er) and awful.
It’s basically not possible to have a backdoor in e2e encryption
That depends on the encryption method. No one is publicly aware of the standards having backdoors (with a few exceptions), but proprietary encryption implementations can definitely have backdoors.
This has occasionally been a requirement for export-controlled technology (e.g., a mandated maximum key size). And it has occasionally led to the unintended side effect of creating backdoors in the full-strength/domestic/non-export models due to poor implementation.
re your 2nd point, that’s most certainly not been scrapped. The language has changed to basically say, they’re aware thetech doesn’t currently exist to do this but as soon as it does, it must be done. It’s a temporary reprieve at best.
Of course it will. As soon as quantum processing becomes a reality, which is getting nearer and nearer to happening, encryption will be simple to crack.
Only a very specific and unfortunately common encryption protocol will be affected by quantum computing.
Prime factorization based encryption is hosed, Elliptic curve cryptography is already the promoted standard and it’s not susceptible to the same issue.
And enough room to be justifiably concerned about it being reintroduced whenever they decide. The point remains however, it’s most certainly not been scrapped.
Because the social media giants should be held responsible for the damaging stuff they host and push through algorithms that target hate and an adapted “if it bleeds it leads” style of pushing things just to keep people enraged and engaged.
Why do you think removing child porn, animal crushing videos, and suicide content is a bad thing?
mf, i just don’t want british glowies in my dms which is what this bill basically is, even if it’s been “paused”. also, most of that shit is already illegal here, so cope.
i know you’re just here to instigate so don’t bother replying
I just have a different opinion than you and don’t feel this is as big a deal as the hyperbole makes it sound, while also doing great good to help the internet and the kids that have to grow up alongside it.
We already know the kind of damage the exposure to this sort of content can cause to a developing mind, and if the internet is going to be around forever, then we absolutely SHOULD be doing stuff like this just to hold the tech players accountable.
You can still use your precious DMs encrypted in other places my guy, even Signal thinks it’s negotiable, so calm your tits.
After bouncing back and forth between the house of lord’s and the house of commons This bill is a shadow of it’s former self. I’m glad to say.
Three things that were massively damaging for privacy and security have, as far as I can see, been scrapped.
And what’s left in the bill is going to be regulated by Ofcom, a toothless underfunded shell of a regulatory body.
Can I ask where you got this info from? The article says the bill is 300 pages long. I’m never getting through all that.
Edit: the article also claims age verification for porn sites is still in there?
Sure. I’ve not read it either but here’s what I’ve found.
Removal of encryption backdoors - https://www.wired.co.uk/article/britain-admits-defeat-in-online-safety-bill-encryption
Removal of ‘harmful but legal’ - https://techcrunch.com/2022/11/29/uk-online-safety-bill-legal-but-harmful-edit/
Age verification isn’t so clear cut but there’s room for a lot of hope. What ‘age verification’ is going to be in the bill is yet to be determined by Ofcom.
… Which is law makers kicking the can down the road… or passing the buck. Probably because it’s unenforceable and a technical/ privacy nightmare. Maybe it will amount to something, in which case we should be afraid, but I think most likely it will amount to not much.
Full bill is here if you have a spare 3 days to read it all - https://bills.parliament.uk/publications/52368/documents/3841
deleted by creator
Sorry wired just came to hand. You can find it referenced elsewhere.
But it did change from ‘have to’ to ‘have to, if possible’ which is a massive climb down. It’s basically not possible to have a backdoor in e2e encryption so I think it’s dead in the water. It may even make other companies shift to e2e to avoid this legislation, which would be ironic.
And I think the quote is from the minister in charge of the bill, so he/she would talk it up.
The bill is awful. But at least it’s weak(er) and awful.
Time will tell.
Indeed.
That depends on the encryption method. No one is publicly aware of the standards having backdoors (with a few exceptions), but proprietary encryption implementations can definitely have backdoors.
This has occasionally been a requirement for export-controlled technology (e.g., a mandated maximum key size). And it has occasionally led to the unintended side effect of creating backdoors in the full-strength/domestic/non-export models due to poor implementation.
Again, the necessity for encryption backdoors has not been removed, simply paused.
It is still in there.
re your 2nd point, that’s most certainly not been scrapped. The language has changed to basically say, they’re aware thetech doesn’t currently exist to do this but as soon as it does, it must be done. It’s a temporary reprieve at best.
OK great, because that tech will never exist.
Of course it will. As soon as quantum processing becomes a reality, which is getting nearer and nearer to happening, encryption will be simple to crack.
Oh please.
Only a very specific and unfortunately common encryption protocol will be affected by quantum computing.
Prime factorization based encryption is hosed, Elliptic curve cryptography is already the promoted standard and it’s not susceptible to the same issue.
Yeah, I just discovered that on a different thread. Something of a relief, I admit.
If anyone’s curious, like I was, it’s about RSA encryption.
https://arstechnica.com/information-technology/2023/01/fear-not-rsa-encryption-wont-fall-to-quantum-computing-anytime-soon/
OK, but then at that point we’re fucked anyway and it ALL becomes moot.
I think the bill words it as ‘if feasible’ or something similar. But that’s enough wiggle room to drive a bus full of lawyers through.
And enough room to be justifiably concerned about it being reintroduced whenever they decide. The point remains however, it’s most certainly not been scrapped.
Don’t worry, allmof that will be back on the table again next year, and then the next and the next, untill it passes.
Remember kids, if you want to be a good evil politician, you just keep pushing and pushing and pushing your evil shit until people tire and it passes.
This shit has been on the table at just about all governments since at least 2 decades. It just returns each year with a new name, same shit.
I hope they make this worldwide.
wtf, why?
Because the social media giants should be held responsible for the damaging stuff they host and push through algorithms that target hate and an adapted “if it bleeds it leads” style of pushing things just to keep people enraged and engaged.
Why do you think removing child porn, animal crushing videos, and suicide content is a bad thing?
mf, i just don’t want british glowies in my dms which is what this bill basically is, even if it’s been “paused”. also, most of that shit is already illegal here, so cope.
i know you’re just here to instigate so don’t bother replying
Jesus, so dramatic.
I just have a different opinion than you and don’t feel this is as big a deal as the hyperbole makes it sound, while also doing great good to help the internet and the kids that have to grow up alongside it.
We already know the kind of damage the exposure to this sort of content can cause to a developing mind, and if the internet is going to be around forever, then we absolutely SHOULD be doing stuff like this just to hold the tech players accountable.
You can still use your precious DMs encrypted in other places my guy, even Signal thinks it’s negotiable, so calm your tits.