For a glimpse of the safety and privateness dystopia the UK authorities has in retailer for its extremely regulated ‘British Internet’, look no additional than guidance put out by the Department of Digital, Media, Culture and Sport (DCMS) yesterday — aimed toward social media platforms and personal messaging companies — which incorporates the suggestion that the latter ought to “prevent’ the use of end-to-end encryption on “child accounts”.
That’s proper, the UK authorities is saying: ‘No end-to-end encryption for our kids please, they’re British’.
And whereas that is merely steerage for now, the nippiness is actual — as a result of laws is already on the desk.
The UK’s Online Safety Bill was revealed back in May, with Boris Johnson’s authorities setting out a sweeping plan to drive platforms to regulate person generated content material by imposing a authorized responsibility to shield customers from unlawful (or merely simply “harmful”) content material.
The invoice controversially bundles up necessities to report unlawful stuff like baby sexual exploitation content material to legislation enforcement with far fuzzier mandates that platforms take motion towards a spread of much-harder-to-define ‘harms’ (from cyber bullying to romance scams).
The finish consequence appears like a sledgehammer to crack a nut. Except the ‘nut’ that might get smashed to items on this ministerial vice is UK Internet users’ digital security and privacy. (Not to point out any UK startups and digital companies that aren’t on board with mass-surveillance-as-a-service.)
That’s the hazard if the federal government follows by way of on its wonky concept that — on the Internet — ‘safety’ means safety should be changed with blanket surveillance so as to ‘keep kids safe’.
The Online Safety Bill is not the primary wonky tech coverage plan the UK has provide you with. An earlier bid to drive grownup content material suppliers to age confirm customers was dropped in 2019, having been extensively criticized as unworkable in addition to an enormous privateness intrusion and safety danger.
However, on the time, the federal government mentioned it was solely abandoning the ‘porn blocks’ measure as a result of it was planning to carry ahead “the most comprehensive approach possible to protecting children”. Hence the Online Safety Bill now stepping ahead to push platforms to take away sturdy encryption within the identify of ‘protecting children’.
Age verification applied sciences — and all types of content material monitoring options (surveillance tech, probably badged as ‘safety’ tech) — additionally look possible to proliferate as a consequence of this method.
Pushing platforms to proactively police speech and surveil utilization within the hopes of stopping an ill-defined grab-bag of ‘harms’ — or, from the platforms’ perspective, to keep away from the danger of eye-watering fines from the regulator if it decides they’ve failed on this ‘duty of care’ — additionally clearly conjures up a nightmare state of affairs for online freedom of expression.
Aka: ‘Watch what you type, even in the privacy of your private messaging app, because the UK Internet safety thought police are watching/might block you…’
Privacy rights for UK minors seem to be first on the chopping block, by way of what DCMS’ guidance refers to as “practical steps to manage the risk of online harm if your online platform allows people to interact, and to share text and other content”.
So, just about, in case your online platform has any sort of communication layer in any respect then.
Letting youngsters have their very own protected areas to specific themselves is outwardly incompatible with ministers’ populist want to model the UK ‘the safest place to go online in the world’, as they like to spin it.
How precisely the UK will obtain security online if authorities zealots drive service suppliers to strip away sturdy safety (e2e encryption) — torching the usual of information safety and privateness wrapping Brits’ private information — is sort of the burning query.
Albeit, it’s not one the UK authorities appears to have thought-about for even a break up second.
“We’ve known for a long time that one of government’s goals for the Online Safety Bill is the restriction, if not the outright criminalisation, of the use of end-to-end encryption,” mentioned Heather Burns, a coverage supervisor for the digital rights group Open Rights Group (ORG), one among many vocal critics of the federal government’s method — discussing the broader implications of the coverage push with TechCrunch.
“Recent messaging methods promoted by authorities and the media have overtly sought to affiliate end-to-end encryption with baby abuse, and to indicate that firms which use it are aiding and abetting baby exploitation. So DCMS’s newly-published steerage advising the voluntary removing of encryption from youngsters’s accounts is a precursor to it turning into a probable authorized requirement.
“It’s also part of government’s drive, again as part of the Online Safety Bill, to require all services to implement mandatory age verification on all users, for all content or applications, in order to identify child users, in order to withhold encryption from them, thanks to aggressive lobbying from the age verification industry.”
That ministerial rhetoric across the Online Safety Bill is heavy on tub-thumping emotional appeals (to ‘protect our children from online nasties’) and low on sequential logic or technological coherence is not a shock: Successive Conservative governments have, in any case, had an enormous bee of their bonnets about e2e encryption — dating back to the David Cameron years.
Back then ministers had been usually taking purpose at sturdy encryption on counter-terrorism grounds, arguing the tech is unhealthy as a result of it prevents legislation enforcement from catching terrorists. (And they went on to cross beefed up surveillance laws which also include powers to limit the use of robust encryption.)
However, below more moderen PMs Theresa May and Boris Johnson, the kid safety rhetoric has stepped up too — to the purpose the place messaging channels are actually being actively inspired not to use e2e encryption altogether.
Next cease: State-sanctioned business mass surveillance. And huge dangers for all UK Internet customers topic to this anti-security, anti-privacy ‘safety’ regime.
“Despite government’s claim that the Bill will make the UK ‘the safest place in the world to be online’, restricting or criminalising encryption will actually make the UK an unsafe place for any company to do business,” warned Burns. “We will all need to resort to VPNs and foreign services, as happens in places like China, in order to keep our data safe. It’s likely that many essential services will block UK customers, or leave the UK altogether, rather than be compelled to act as a privatised nanny state over insecure data flows.”
In a piece of the DCMS steerage entitled “protect children by limiting functionality”, the federal government division actually means that “private channels” (i.e. companies like messaging apps) “prevent end-to-end encryption for child accounts”. And since precisely age figuring out online customers remains a challenge it follows that in-scope companies might merely determine it’s much less legally dangerous in the event that they don’t use e2e in any respect.
DCMS’s steerage additionally follows up with a completely bolded paragraph — wherein the federal government then makes a degree of highlighting e2e encryption as a “risk” to customers, typically — and, subsequently by implication, to future compliance with the forthcoming Online Safety laws…
“End-to-end encryption makes it more difficult for you to identify illegal and harmful content occurring on private channels. You should consider the risks this might pose to your users,” the UK authorities writes, emphasis its.
Whether something can cease this self-destructive coverage practice now it’s left the Downing Street station is unclear. Johnson has a whopping majority in parliament — and years left earlier than he has to name a normal election.
The solely factor that might derail probably the most dangerous components of the Online Safety Bill is that if the UK public wakes up to the risks it poses to everybody’s safety and privateness — and if sufficient MPs take discover and push for amendments.
Earlier this month the ORG, together with some 30 different digital and people rights teams, known as on MPs to just do that and “help keep constituents’ data safe by protecting e2e encryption from legislative threats” — warning that this “basic and essential” safety protocol is in danger from clauses within the invoice that introduce necessities for firms to scan personal and private messages for proof of prison wrongdoing.
Zero entry encryption is seen by the UK authorities as a blocker to such scanning.
“In order to do this, the use of end-to-end encryption is likely to be defined as a violation of the law,” the ORG additionally warned. “And companies operating in the UK who want to continue to defend user privacy through end-to-end encryption could, under the draft Bill, be threatened with partial shutdowns, being blocked from the UK, or even personal arrests.”
“We call on Parliament to ensure that end-to-end encryption must not be threatened or undermined by the Online Safety Bill, and that services utilising strong encryption are left out of the Bill’s content monitoring and filtering requirements,” it added within the online appeal.
DMCS has been contacted with questions on the logic of the federal government’s coverage towards e2e encryption.
In an announcement yesterday, the digital minister Caroline Dinenage mentioned: “We’re serving to companies get their security requirements up to scratch earlier than our new online harms legal guidelines are launched and likewise ensuring they’re defending youngsters and customers proper now.
“We want businesses of all sizes to step up to a gold standard of safety online and this advice will help them to do so.”