Open Letter from Security Researchers in Relation to the Online Safety Bill [pdf]

Europe has similar bills with chat control. There was no serious expert that did not warn about the severe negative repercussions. Representatives still didn't seem to be interested and the EU isn't particular democratic so anyone could be held to account.

I think technology must provide ways to ensure free and secure communication without a possibility of surveillance. The political class cannot be entrusted to shield essential freedoms, so technology has to provide it. Large tech companies are a single point of failure and we already have seen political influence there. While much of it is now challenged at least, I think we can all be glad the the internet provided some resilience against surveillance and propaganda attempts.

In that regard the panic about disinformation is also mostly manufactured in my opinion and the voice of experts will be disregarded anyway.

It's very difficult trying to do rational opposition to policy in the UK these days because .. that's simply not how it works any more. At best you have to work the kremlinology of different factions to get an idea killed or promoted. But you have to remember that it's a closed news ecosystem, you simply can't get a word in unless you're already part of that media/party group of people.

The plan to bring back "Imperial" measurements still isn't dead, for example.

Liz Truss, worst and shortest PM in living memory, is back after a few months as if nothing had happened. Why? It's not because she has any good ideas; it's because she's a vessel for a particular faction of bad ideas.

I think it's inflammatory and unfair to put Prince Andrew in your list, with a sex trafficker and two serial child abusers. He may have had an inappropriate relationship with a girl at a party, hold him to account for whatever there is in that it, but it's nowhere near on the scale as the others and it's the kind of hyperbole that dismisses the magnitude of major crimes.

UK law apparently makes it really easy to sue someone into oblivion for anything that even looks like libel. So the party with more money automatically wins, and the prize is an iron wall of silence.

You much overestimate how politically involved the UK public is. Most people don’t know what this bill is.

In the UK there’s a concept of the “Westminster bubble”. Politicians believe that people care deeply about “online safety”, which is all that matters really.

The public have been sold a lie. Just like the “Patriot Act” was just to keep everybody free and protect people from terrorists. It happens everywhere, and has been happening for a long time - it’s more about the narrative made up by the people pushing a law than what the law actually does. It would take a particularly free, particularly good media to inform the public that just doesn’t exist in most of the world.

> As I understand it, most UK public are in favour of this bill

Do you understand this from polling? Can't trust UK media outlets on public opinion, they push, they don't pull. If the public doesn't agree with them, they all will run variations of the same story, aimed at the same targets, for years until they do.

Unfortunately, I think the only way for that situation to change is for enough members of the general public to be caught up in some kind of accidental suspicion or publication of their personal data.

And I think those who are proposing these kinds of bills know this, and are protected by how unlikely it would be to reach any kind of critical mass organically.

I'm sure there are laws against the encouragement of others to commit a crime, but ... wink wink.

Propaganda works wonders as usual

The UK public are extremely conservative, and extremely misinformed by conservative news sources. That's at the root of a lot of the demand for authoritarianism.

Most of the populations around the world were in favor of locking people down because the governments, media and tech companies told them to. They were ok with debate being censored because "It was too important and risky".

Same thing happened in many countries with terrorism and loss of rights/super authoritarian/inconstitucional powers for govs, and it was fine... Because the risk is too great and "are you a <insert label here, such as terrorist sympathdizer, grandma killer, etc>

Let's not pretend the UK is particularly bad. Many countries are pushing the same old "destroy encryption" because I need to "tap the bad guys" and people are always fine when given the flimsiest of excuses/narrative.

Yes, HN "tech crowd" too.

Looks like the opposition's stance is even worse.

Labour's Lucy Powell:

“The weakened bill will give abusers a licence to troll, and the business models of big tech will give these trolls a platform.”

So the Labour government will get to decide who's a "troll," and whether they're de-platformed AKA cancelled.

Likewise Labour's desire to curb "legal but harmful" speech means that Labour will get to decide, on an ongoing basis, which speech is "harmful." It won't be defined in law, so the definition will be completely subjective, and ripe for corruption and chilling suppression of innocent people.

> The government disagrees and says the bill “does not represent a ban on end-to-end encryption, nor will it require services to weaken encryption.”

The bill mandates an end-run around E2E encryption. Government spokespeople are deeply disingenuous about this; the two ends are me and you, metaphorically; two users. If there's anything in the channel before the content is encrypted or after it's decrypted, then it isn't end-to-end any more.

I don't see why it is inevitable.

In fact, I very see the opposite. Passing this kind of legislation will kill e-commerce for sure, so it will never happen.

My hope is that some comparatively insignificant Western country passes it first, makes international news when it cripples its own technological capacity and infrastructure, and then that becomes the cautionary tale.

My money is on Canada. The Trudeau Liberals passed their first of three internet control and censorship bills, C-18, and it has already backfired stupendously. It's quite similiar to Australia's similiar bill to force some companies to pay for linking to news content, but the Liberals saw that and thought "we should try it too!". Same result, Google basically said "no problem, we won't link to news in Canada".

However, unlike Australia, the Canadian Liberals are doubling down. New tax payer-funded subsidies for Canadian news are already being discussed to make up for the lost revenue the legislation caused. The Liberal-funded media is also trying to paint this as evil greedy foreign capitalist technology companies refusing to pay their fair share for exploiting Canadian news companies.

But that's why my money is on Canada. It has the perfect blend of incompetent leadership, empowered by another party that helps them pass any legislation no matter what, and constituents that are largely apathetic to anything that happens.

Defeatism adds to the problem and it doesn't bring solutions. If we're already accepting that idiotic laws will pass, obviously they will. Let's call this what it is: a myopic and totalitarian law created by misinformed and clueless politicians. Let's fight it tooth and nail until we bury it.

I think it's inevitable that at some point some legislation like the OSB will pass in most western countries.

It's going to be no different at all from the current situation.

It will pass now. It's a concerted effort as the same laws are passing in the EU as well.

Most likely the intended audience is the press. Now that this letter has been published, journalists can write stories like "Online Safety Bill Under Fire From Security Experts", which make the issue digestible to a lay audience.

They bury the central tenet in the middle, staying true to being inept at public communication:

> There is no technological solution to the contradiction inherent in both keeping information confidential from third parties and sharing that same information with third parties.

It would be more effective to tweet that sentence wherever the discussion is remotely touched. Nobody, including politicians, reads such lengthy letters.

> Could they actually communicate with normal people if they (somehow) wanted to?

That have that comm channel. It's the press and the press instantly loses it's way, the moment Gov puts on a NatSec or Child Safety mask.

This is an answerable question!

There aren't a lot of people who are at the intersection of technology and advocacy, but they do exist and would be able to help us know what effective advocacy looks like. We just need a little guidance as a community.

This is directed primarily to politicians about to vote on the bill.

> This bill will make it so much easier for the next Wayne Couzens to find his perfect Sarah Everard

How so?

This is what the micro-nations were on about, people trying to dredge sand up off reefs and take over drilling platforms since the early 1980s to establish "data havens". The long term trend is that no nation will ultimately resist backdoors on encrypted platforms, because militarily they cannot resist the pressure (internally or externally).

The micronation thing is silly, as is relying on a shrinking number of countries which claim they won't enforce these laws. We need satellite-based servers. If I were Musk and had that chain up in the sky, I'd open a simple E2EE Whatsapp for anyone who could ping them directly. At this point, anyone who wants private comms is going to need to go to space for them.

The apps would be delisted in the UK app stores and will eventually stop working for existing users when not updated. That's also a security issue in itself.

Federated message systems like Matrix already exist and are unaffected even if legislation like this passes.

I for one welcome a future where (you can once again) sit in a coffee shop and watch peoples plaintext usernames and passwords travel over the ether followed by the plaintext content of their messages.