The U.K. Parliament has passed the Online Safety Bill (OSB), which says it will make the U.K. “the safest place” in the world to be online. In reality, the OSB will lead to a much more censored, locked-down internet for British users. The bill could empower the government to undermine not just the privacy and security of U.K. residents, but internet users worldwide.
The big thing I’m mostly concerned about is this mysterious backdoor they are supposedly forcing tech providers to build into all devices - what exactly is this and what stops anyone from learning about it and exploiting it?
It’s fairly simple: encrypted software developers will leave the UK, because no one would trust the security of their SW. I’m not sure if there is an exception for online banking, but perhaps this bill will stimulate the mattress industry and encourage return to the old ways of storing money.
Even if there are exceptions for banking apps, would you trust them? What will private companies do to protect their trade secrets? What will children and other victims of sexual abuse do when they seek help and need a safe and private environment?
Edit for an addition:
UK mass interception laws violates human rights and the fight continues… [May 2021]
I see your point and agree. I use online banking and I trust that my bank doesn’t want to compromise my account by adding some back-door. Having said that I have no doubt that should and government agency request access to my financial data, they would do it in a blink of an eye.
Yes, the law is a bad one and people should voice their protests, but I’m afraid that nothing will ultimately change and we’ll have more bad laws in the future.
Tbf banking uses encryption for transactions exclusively between you and a bank. I don’t think the law is “no end to end encryption at all”
I’m using signal no matter what dishi rishi tells me to do.
I didn’t say they’re banning encryption, I was just referring to the back-door requirement. An encryption with a back-door is no encryption at all.
Signal as far as I know isn’t based in the UK and hence not subject to these laws.
They apply client-side scanning. Meaning the data gets scanned before it gets encrypted. This is like someone looking over your shoulder.
Australia did something similar ages ago, just for absolutely every peace of software even if a aingle employee lives from their but this one targeting encryption is bad too, it basically means every encryption software developer will leave the UK and proper encryption will be illegal to use.
The issue is end to end encryption.
The law change requires messaging applications to be able to provide messages between people using their service.
In the 00’s, messaging applications would have a secure connection between themselves and person A and anouther secure connection between themselves and Person B.
Person A would encrypt the message, send it to the service, who would decrypt it, open a connection to Person B, encrypt the message and send to Person B.
So if the police got a warrent for communications of Person B (say the police think the person is involved in human trafficking), then the messaging service could provide all messages sent to Person B.
Message services have taken themselves out of the loop, Person A now encrypts the message and sends directly to Person B. So the police appear with a warrent and the message service shrugs its shoulders since it hasno means to get the data.
The law effectively requires messaging services to design the apps/service so they can comply with a warrent.
The issue is less encryption and more the balance between your right to privacy and states right to intrude.
This is why banks aren’t upset, they aren’t talking about back dooring encryption and bank encryption is between you and the bank so they don’t have to do/say anything.