Incredibly disappointed in the government for passing it, and my employer for lobbying in favour of it. A dark day for the UK - I would never launch a tech company in these borders with this bill as law.
As I pointed out on Mastadon, these laws open up an interesting slippery sloap. If we are willing to scan for CSAM, why can’t we scan politicians phones for evidence of corruption and bribery?
In related news, the EU Parliament assented to a heavily modified version of the EU Commission’s impractical CSAR (chat control) directive, that would’ve required client-side scanning on all devices as well At least the Pirate Party’s Patrick Dreyer is moderately enthusiastic about the compromise.
I think it’s no coincidence that multiple jurisdictions are working on similar laws/directives at the same time, using similar languages. The big social media multinationals are obviously afraid of a fragmented regulatory landscape, and are massaging lawmakers into similar directions, and towards solutions that are practical for them, or even cement their competitive advantage.
Which is probably why these bills are heavily framed as being about “child safety”. No politician wants to give the impression that they’re against that.
Well yes, that is a given. It is a lawmaker’s prerogative to frame the laws they wish to pass in a way that maximizes the probability of them passing.
The “pro-encryption” camp (which I belong to, btw) needs better arguments than just shrugging their shoulders and saying “yes, encryption protects bad people too, but we believe the trade-off is worth it”. For many people who are not versed in the minutiae of online communication, the trade-off is not worth it. They want the bad guys to be caught and punished!
It’s very hard to argue against, because it relies on fundamental rights like privacy, which many people don’t care about in the first place, and is too nebulous to really nail down. Maybe you could argue something like “some pervert at Meta will also be able to see all your sextings”?
Most of the campaigning against CSAR (which was at least significantly amended) focused on the proposed solutions not being particularly effective, and the idea that client-side scanning would drown the already insufficient police forces in low-quality reports.
But EU directives aren’t really subject to the same media attention that laws on the national level are. The campaigning was aimed at convincing lawmakers, not the general public.
I think a lot of the resistance comes from an ambient sense that tech companies and governments are bad guys. This view is probably a lot more widespread than media would admit, but the taboo on making that argument no doubt has an effect.
Incredibly disappointed in the government for passing it, and my employer for lobbying in favour of it. A dark day for the UK - I would never launch a tech company in these borders with this bill as law.
As I pointed out on Mastadon, these laws open up an interesting slippery sloap. If we are willing to scan for CSAM, why can’t we scan politicians phones for evidence of corruption and bribery?
In related news, the EU Parliament assented to a heavily modified version of the EU Commission’s impractical CSAR (chat control) directive, that would’ve required client-side scanning on all devices as well At least the Pirate Party’s Patrick Dreyer is moderately enthusiastic about the compromise.
I think it’s no coincidence that multiple jurisdictions are working on similar laws/directives at the same time, using similar languages. The big social media multinationals are obviously afraid of a fragmented regulatory landscape, and are massaging lawmakers into similar directions, and towards solutions that are practical for them, or even cement their competitive advantage.
Alright, they passed the law. Time to admit that we actually do know how to do secure key escrow, we just didn’t feel like it. 🙃
if people are serious about it, how about striking
There’s a good issue for Labour to campaign on, unless they believe that the bill is popular among voters.
Which is probably why these bills are heavily framed as being about “child safety”. No politician wants to give the impression that they’re against that.
Well yes, that is a given. It is a lawmaker’s prerogative to frame the laws they wish to pass in a way that maximizes the probability of them passing.
The “pro-encryption” camp (which I belong to, btw) needs better arguments than just shrugging their shoulders and saying “yes, encryption protects bad people too, but we believe the trade-off is worth it”. For many people who are not versed in the minutiae of online communication, the trade-off is not worth it. They want the bad guys to be caught and punished!
It’s very hard to argue against, because it relies on fundamental rights like privacy, which many people don’t care about in the first place, and is too nebulous to really nail down. Maybe you could argue something like “some pervert at Meta will also be able to see all your sextings”?
Most of the campaigning against CSAR (which was at least significantly amended) focused on the proposed solutions not being particularly effective, and the idea that client-side scanning would drown the already insufficient police forces in low-quality reports.
But EU directives aren’t really subject to the same media attention that laws on the national level are. The campaigning was aimed at convincing lawmakers, not the general public.
I think a lot of the resistance comes from an ambient sense that tech companies and governments are bad guys. This view is probably a lot more widespread than media would admit, but the taboo on making that argument no doubt has an effect.
Wait, we know how to do secure key escrow so only authorized parties can break in to encrypted traffic?
Is this just shamir secret sharing?
We don’t know how to give that key to the government and have the government never lose it to Edward Snowden or the GRU.
Did they inadvertently ban TLS?