Age verification isn’t so clear cut but there’s room for a lot of hope. What ‘age verification’ is going to be in the bill is yet to be determined by Ofcom.
… Which is law makers kicking the can down the road… or passing the buck. Probably because it’s unenforceable and a technical/ privacy nightmare. Maybe it will amount to something, in which case we should be afraid, but I think most likely it will amount to not much.
Sorry wired just came to hand. You can find it referenced elsewhere.
But it did change from ‘have to’ to ‘have to, if possible’ which is a massive climb down. It’s basically not possible to have a backdoor in e2e encryption so I think it’s dead in the water. It may even make other companies shift to e2e to avoid this legislation, which would be ironic.
And I think the quote is from the minister in charge of the bill, so he/she would talk it up.
The bill is awful. But at least it’s weak(er) and awful.
It’s basically not possible to have a backdoor in e2e encryption
That depends on the encryption method. No one is publicly aware of the standards having backdoors (with a few exceptions), but proprietary encryption implementations can definitely have backdoors.
This has occasionally been a requirement for export-controlled technology (e.g., a mandated maximum key size). And it has occasionally led to the unintended side effect of creating backdoors in the full-strength/domestic/non-export models due to poor implementation.
Sure. I’ve not read it either but here’s what I’ve found.
Removal of encryption backdoors - https://www.wired.co.uk/article/britain-admits-defeat-in-online-safety-bill-encryption
Removal of ‘harmful but legal’ - https://techcrunch.com/2022/11/29/uk-online-safety-bill-legal-but-harmful-edit/
Age verification isn’t so clear cut but there’s room for a lot of hope. What ‘age verification’ is going to be in the bill is yet to be determined by Ofcom.
… Which is law makers kicking the can down the road… or passing the buck. Probably because it’s unenforceable and a technical/ privacy nightmare. Maybe it will amount to something, in which case we should be afraid, but I think most likely it will amount to not much.
Full bill is here if you have a spare 3 days to read it all - https://bills.parliament.uk/publications/52368/documents/3841
deleted by creator
Sorry wired just came to hand. You can find it referenced elsewhere.
But it did change from ‘have to’ to ‘have to, if possible’ which is a massive climb down. It’s basically not possible to have a backdoor in e2e encryption so I think it’s dead in the water. It may even make other companies shift to e2e to avoid this legislation, which would be ironic.
And I think the quote is from the minister in charge of the bill, so he/she would talk it up.
The bill is awful. But at least it’s weak(er) and awful.
Time will tell.
Indeed.
That depends on the encryption method. No one is publicly aware of the standards having backdoors (with a few exceptions), but proprietary encryption implementations can definitely have backdoors.
This has occasionally been a requirement for export-controlled technology (e.g., a mandated maximum key size). And it has occasionally led to the unintended side effect of creating backdoors in the full-strength/domestic/non-export models due to poor implementation.
Again, the necessity for encryption backdoors has not been removed, simply paused.