Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
United Kingdom Encryption Technology

UK Defends Plan To Demand Access To Encrypted Messages To Protect Children (reuters.com) 114

British technology minister Michelle Donelan defended plans to require messaging apps to provide access to encrypted private messages when needed to protect children from abuse, which major platforms say would undermine the privacy of their users. From a report: Donelan told the BBC that the government was not against encryption, and the access would only be requested as a last resort, under Britain's Online Safety Bill which is expected to become law later this year. "I, like you, want my privacy because I don't want people reading my private messages. They'd be very bored but I don't want them to do it," said Donelan, minister for science, innovation and technology. "However, we do know that on some of these platforms, they are hotbeds sometimes for child abuse and sexual exploitation. And we have to be able access that information should that problem occur."
This discussion has been archived. No new comments can be posted.

UK Defends Plan To Demand Access To Encrypted Messages To Protect Children

Comments Filter:
  • by Anonymous Coward on Thursday August 10, 2023 @10:25AM (#63755990)

    Yeah, "Think about the children!" is always the excuse.

    • by dbialac ( 320955 ) on Thursday August 10, 2023 @10:33AM (#63756010)
      Yep. Idea: if you use a tech with a backdoor and there isn't child porn on the device, you pay the owner of the device £10,000. Lets see how critical this bill is then. Regardless, law enforcement has already found workarounds where they don't need it.
      • by Marful ( 861873 ) on Thursday August 10, 2023 @11:21AM (#63756172)
        That's not how this would be used.

        This would be used by LEO to justify their illegal actions in the form of parallel construction [wikipedia.org]
        • No. You Don't. You want to, until it's your own communications that are compromised and you lie in scandal or worse. My how the mighty British Empire has fallen.
        • by mjwx ( 966435 )

          That's not how this would be used.

          This would be used by LEO to justify their illegal actions in the form of parallel construction [wikipedia.org]

          First thing, this is in the UK. LEOs are demanding this, it's being pushed by the current (soon to be former) conservative (Tory) government in order to "look" like they're tough on crime.

          There was recently a "TikTok" organised mass shoplifting. Stupid I know, but one universal truth is that no matter how you divide people, a certain percentage of them are going to be dumb. However the Home Secretary went on TV and said she wanted them "hunted down mercilessly". By whom Cruella... I mean Suella, by whom

      • Forget a measly payout. Make the penalty for the false accusation and invasion of privacy mandatory jail time... say the median time sentenced for the crime you're falsely accusing someone of... and *THEN* you'd put a hard stop to this "close enough for government work" bullshit.

      • Yep. Idea: if you use a tech with a backdoor and there isn't child porn on the device, you pay the owner of the device £10,000. Lets see how critical this bill is then. Regardless, law enforcement has already found workarounds where they don't need it.

        Hmm, there's actually the seed of a good idea there, paying people who were subject to search that didn't find anything. 10K is probably too much (that number I think was picked to stop all searches), but if there were a payment for invading people's privacy, it would encourage the police to only do so when there's good evidence.

        HOWEVER, that doesn't solve the other problem, that once you have mandated backdoors, other people (who may not be obeying laws) will find ways use it (and not only for stopping cr

      • by eth1 ( 94901 )

        Yep. Idea: if you use a tech with a backdoor and there isn't child porn on the device, you pay the owner of the device £10,000. Lets see how critical this bill is then. Regardless, law enforcement has already found workarounds where they don't need it.

        That would just incentivize them to plant things when they don't find anything in order to avoid paying.

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      Yeah, "Think about the children!" is always the excuse.

      And it will continue working until parents actually start being parents again. They'd rather pay anyone else to do that shit, so they'll blindly believe this excuse. Every time.

      • by dbialac ( 320955 )
        Kidnapped children submitted to porn usually aren't an issue of parenting.
      • Its not about children or porn, it is about politicians determined to prove beyond reasonable doubt that they are terminally insane.

        This phenomenon is not limited to the USA.

        • Its not about children or porn, it is about politicians determined to prove beyond reasonable doubt that they are terminally insane.

          This phenomenon is not limited to the USA.

          It does seem to be mostly English speaking countries. That and totalitarian regimes.
          Maybe theres something in common there...

    • by lusid1 ( 759898 ) on Thursday August 10, 2023 @10:45AM (#63756040)

      A 'think of the children' argument instantly eradicates any credibility they may have had. That is the go-to argument when the real reasons are things they are unwilling to admit publicly.

      • by mjwx ( 966435 )

        A 'think of the children' argument instantly eradicates any credibility they may have had. That is the go-to argument when the real reasons are things they are unwilling to admit publicly.

        And tends to go over even less well with the UK public which isn't as... to put it nicely, reactionary as the US.

        Most people in their right mind see right through this. We've watched the conservatives cut police budgets to the bone, then get out the chisel to see how much bone they could take. Now their pulling this BS in order to make them look "tough on crime". Along with their constant bleating about "migrants" (whose applications they're not processing) it's just a dog whistle for their ever diminish

    • by VeryFluffyBunny ( 5037285 ) on Thursday August 10, 2023 @10:57AM (#63756096)
      Think about the children! Yeah, from the same govt that brought us this: https://www.bbc.co.uk/news/uk-... [bbc.co.uk] From the article:

      Minister Robert Jenrick ordered painting over of child asylum unit murals

      Murals of Mickey Mouse and other cartoon characters designed to welcome child asylum seekers to a reception centre in Dover have been painted over, by order of the immigration minister.

      Robert Jenrick instructed that they be removed, reportedly because he believed they sent too welcoming a message.

      Like they really care so much about children's welfare.

      • don't forget the ongoing child slavery, child prostitution rings, and the government complicity that enable it--

        The UK's Tory party has a LONG track record with this.

        (I can provide links again, if slashdot wants, but I posted this shit the LAST time the UK Tories were squealing about unfettered access to data FOR THE CHILDREN.)

      • To be fair, knowing Disney's litigious history on the matter; I would order murals with Mickey Mouse or other Disney characters painted over too. The department's budget is better spent on children than lawyers.

    • Yep. Five states enacted book bans recently and now Florida's teaching Shakespeare only via excerpts... not because Juilet is underage but because of implied pre-marital sex.

      Still haven't done anything about kids being shot in the classroom, though...

      • Gotta have your priorities straight!
        If we made massive progress on the problem there wouldn't be a reason to be banging on constantly about it as a distraction (or elect those who literally have nothing else to run on to get elected). They might have to *do their fucking jobs for once*.
        Personally I'm of the opinion they no longer know how to legislate, so we lurch from crisis to crisis, moral panic to moral panic in a never ending train of bullshit.

  • Police state (Score:5, Insightful)

    by RUs1729 ( 10049396 ) on Thursday August 10, 2023 @10:35AM (#63756018)
    It's always the case that regimes start drifting toward totalitarianism with the excuse of protecting their citizens.
    • ...access would only be requested as a last resort

      No encryption... no need to request access. A massive red herring, that nugget.

      • Remember when police were saying tasers would only be used as a last resort? Now they are first resort and sometimes for no reason at all.

    • You think they just started now? Not been following the news much have you. :(

    • the kids need more protection from the threat of government than they do the threat of emails
    • It's always the case that regimes start drifting toward totalitarianism with the excuse of protecting their citizens.

      Gender affirming care is for the protection of children...

      • Ok ok. Calm down grandpa. Here, let's get you some warm milk and I'll put on some more OAN if you'll just shut the fuck up and sit there.

        Sorry folks. He gets cranky and starts repeating things he heard on TV, you know how they get sometimes.

        • Ok ok. Calm down grandpa. Here, let's get you some warm milk and I'll put on some more OAN if you'll just shut the fuck up and sit there.

          Sorry folks. He gets cranky and starts repeating things he heard on TV, you know how they get sometimes.

          Don't you care about those poor kids?? What kind of monster are you!

    • by AmiMoJo ( 196126 )

      The Tories know they are headed towards defeat in the next election. Various polls place them anywhere from a hung parliament and unable to form a viable coalition (best case) to be annihilated and becoming the 3rd or 4th party in UK politics.

      They also know they can't fix it by the end of next year, the latest date they can delay the election to. Oh yeah, the government gets to choose when the election is.

      So they are pushing all sorts of wedge issues and bigotry, in the hope of appealing to a core of Labour

  • by DeplorableCodeMonkey ( 4828467 ) on Thursday August 10, 2023 @10:37AM (#63756022)

    You don't need to regulate the apps, you need to regulate the app stores and tell them they cannot allow such apps to be installed on someone's phone if they're under 18.

    This is where the Neckbeard Brigade will come in with whataboutisms and non sequitors about side loading and stuff like that, but it's an 80% solution which is plenty good enough for most social problems. You know, just like how we don't wring our hands about how pointless it is to card people who look under 30 "because fake IDs" work on a very small percentage of the cases where teens get ahold of alcohol and such.

    The neat thing is, they could apply this logic to VPNs too. Minors have no burning need for VPNs, encrypted apps, etc. There is not one thing they're communicating or doing online legally that should be hidden from the scrutiny of their guardians. Yep, even pregnancies, being in the closet, etc. Those things are edge cases that do not justify hard and fast rules on minors and what their guardians can permit so that us adults don't have to have our freedoms curtailed as much.

    • Theyâ(TM)ll just move on to âoewhat about terroristsâ, and of course what theyâ(TM)re really after is being able to read the texts of weed dealers and basically anyone the police want an excuse to prosecute.

      If you watch shows like Traffic Cops or Police Interceptors, probably 70% of the âoecrimeâ the cops are dealing with is weed dealers and the crime surrounding them. If theyâ(TM)d just figure out to legalise the stuff suddenly crime numbers would be through the floor.

    • > You don't need to regulate the apps

      They do need to regulate the apps.

      When they say they want to protect the children, that's just a lie.

      They don't want you to be able to keep any secrets from them. Your privacy is not allowed.

      Their privacy is unassailable.

      Who do you think you are to have rights? The King no longer grants them.

    • by Sloppy ( 14984 ) on Thursday August 10, 2023 @11:40AM (#63756240) Homepage Journal

      There is not one thing they're communicating or doing online legally that should be hidden from the scrutiny of their guardians.

      I'm imagining what teenage 1980s me would think of your statement. Finally I'm on the phone with a girl asking her out for the first time, and my parents are going to be on the call?

      I though this timeline was hard enough, and you had to come up with a worse one where I never even get that first date.

      • Well man up and ask her in person. Duh. You know, like they did it in the 80/90s.

      • Finally I'm on the phone with a girl asking her out for the first time, and her parents are going to be on the call?

        FTFY.

        The next targeted advertisement your phone displays as the call ends: "10% off baseball helmets and Kevlar. 30% off Tuxedos and pole bearer attire."

    • > Minors have no burning need for VPNs, encrypted
      > apps, etc.

      Yeah... no. In this performative zeal to "protect" kids, people seem to have forgotten about parents' responsibility to EDUCATE their kids. the use of VPNs and secure communication channels are very important life skills that will serve someone for many more years of their life than the mere handful that they both have a mobile phone and are under 18. In this day and age, information security isn't just for work. People need to be aware

    • I don't want my app store vendor to have that much of my personal information. I don't want to be sending my state id to anyone, much less Google or Apple.
    • And how does keeping encrypted messaging apps out of the hands of children help protect them? Do you expect parents to submit images of their children's phones to the UK police who in turn will the decrypt those messages for them to check if there is anything dangerous?

      This smells because doing that wouldn't help keep children safe.

      Parents who want to guard their children from online threats can just demand to look at their children's phone. If they can defeat those parents with encryption they can defeat

    • by Teun ( 17872 )
      Sure you would keep the kids from having an encrypted app.
      But how is this going to protect society at large against the adults that deal in kiddy porn?
    • Comment removed based on user account deletion
    • > You don't need to regulate the apps, you need to regulate the app stores and tell them they cannot allow such apps to be installed on someone's phone if they're under 18.

      What has being under 18 got to do with this??

      It's more likley OVER 18's that are of concern here? Males, over 18.

    • Minors have no burning need for VPNs, encrypted apps, etc.

      So, ummm, children are supposed to be kept innocent of the real world until they are 18 and then they are to be thrust utterly unprepared into the grinder?

      Mmmmm. Tasty. Lots of 18 years old to exploit. I like your idea a LOT. Shall I take their money or their virginity first?

    • you need to regulate the app stores

      Which will result in everyone losing the ability to install anything without Google's / Apple's / etc. approval. Why? Because it's far easier for them to "enforce" this regulation by banning local installs (side loading). Than it is for them to get dragged into court every fucking time some dumbass parent allows a side load by entering their parental pass code. (Assuming they even took the time to enable the parental controls in the first place....)

      This is where the Neckbeard Brigade will come in with whataboutisms and non sequitors about side loading and stuff like that, but it's an 80% solution which is plenty good enough for most social problems.

      Whataboutisms? non sequitors? You're handwaiving away eve

  • Bullshit (Score:5, Insightful)

    by bjoast ( 1310293 ) on Thursday August 10, 2023 @10:43AM (#63756030)

    [...] the government was not against encryption, and the access would only be requested as a last resort [...]

    What is this bullshit they try to feed to the general public? Yes, the government is very much for encryption, as long as they can arbitrarily decrypt anything. If they can ask a messaging service for the plaintext contents of an encrypted message, the message is not really encrypted is it?

  • Layered Encryption? (Score:3, Interesting)

    by Vytalon ( 825024 ) on Thursday August 10, 2023 @10:54AM (#63756080) Homepage
    I was just wondering what prevents people from using a 2nd layer of encryption. The government would have keys to the 1st layer, but not the second. If there was concern about the 1st and the 2nd layers, then why not a 3rd layer. This could all be scripted and automated and if you were doing something illegal, then why wouldn't you spend the extra time.
    • I was just wondering what prevents people from using a 2nd layer of encryption. The government would have keys to the 1st layer, but not the second. If there was concern about the 1st and the 2nd layers, then why not a 3rd layer. This could all be scripted and automated and if you were doing something illegal, then why wouldn't you spend the extra time.

      That sounds a bit like when all we had for wifi was WEP. And we'd run a VPN through it, so that the only IP addresses on the wifi were the VPN endpoints.

    • Nothing, for now. But they know 99%+ won't do that, and that's good enough for them. It doesn't matter that criminals disproportionately will be in that 1%, because it's not actually about crimes. But eventually they'll make it a crime to tighten the noose.
  • Missing the point (Score:5, Insightful)

    by nickovs ( 115935 ) on Thursday August 10, 2023 @11:00AM (#63756112)

    Donelan told the BBC that ... the access would only be requested as a last resort

    Aside from the magical thinking that somehow they will be able to create a mechanism that allows access only by a "competent authority" (which they won't), the issue that the UK government seem to be totally missing is that in an international market, they are not the only authority. Warrants won't just be issued by some fine, upstanding justice in the Crown Court, they will be issued by CCP endorsed judges in Hong Kong, oligarch owned judges in Russia and Taliban appointed Sharia mullahs in Afghanistan. British citizens and British government workers travelling abroad will be subject to warrants from these sources and many others, and they will be silently enforceable.

    While the stated goal of this legislation is admirable, it's not going to work, and it's going to weaken the security for everyone, including the UK Government itself.

    • by Anne Thwacks ( 531696 ) on Thursday August 10, 2023 @11:29AM (#63756202)
      Aside from the magical thinking that somehow they will be able to be able to find a "competent authority"

      There is no evidence that the present government would know competence if it hit them on the head with a blunt object, or that any future government, anywhere, would perform the task significantly better.

      The underlying problem is that: All the present evidence is that competence and government are mutually incompatible concepts.

      Anyone stupid enough to think that a "government agent" can have access to anything without at least one "evil agent" having more and greater access, sooner, should be in protective custardy with immediate effect.

      I have no wish to view child porn, but I really don't want the Taliban to have access to my banking app. Let the politicians lead by example, and give the Russian Mafia access to their own banking details.

      In fact, why not require all the politicians intending to vote for this policy lead by example and paste all their private encryption keys on their publicity material for 12 months first.

      • by Anonymous Coward

        should be in protective custardy

        Mmmmm. Protective custard.

      • The underlying problem is that: All the present evidence is that competence and government are mutually incompatible concepts.

        Except when it comes to conspiring to murder a sitting president and keeping all objective evidence of such conspiracy secret for decades - in that case, the forces of government are diabolically competent.

      • I have no wish to view child porn, but I really don't want the Taliban to have access to my banking app. Let the politicians lead by example, and give the Russian Mafia access to their own banking details.

        Nobody cares about your desire to keep your banking details private. You don't matter and are not deserving of respect. In fact, if you speak up too much, we will just throw you in prison, so shut up.

        Yeah, really. I went there. Your government has far more important things to think about than your wishes. People are killing each other and raping children. Foreign governments are trying to overthrow your own government. And yet here you sit whining about privacy. Get the fuck over it. Your privacy is a minor

    • Donelan told the BBC that ... the access would only be requested as a last resort

      Aside from the magical thinking that somehow they will be able to create a mechanism that allows access only by a "competent authority" (which they won't), the issue that the UK government seem to be totally missing is that in an international market, they are not the only authority. Warrants won't just be issued by some fine, upstanding justice in the Crown Court, they will be issued by CCP endorsed judges in Hong Kong, oligarch owned judges in Russia and Taliban appointed Sharia mullahs in Afghanistan. British citizens and British government workers travelling abroad will be subject to warrants from these sources and many others, and they will be silently enforceable.

      While the stated goal of this legislation is admirable, it's not going to work, and it's going to weaken the security for everyone, including the UK Government itself.

      As soon as theres some reasonable expectation that, should need arise, access CAN be given, the security is already broken.

  • BBC Article (Score:5, Informative)

    by Sesostris III ( 730910 ) on Thursday August 10, 2023 @11:31AM (#63756208)
    The Reuters article linked to in the summary refers to an article on the BBC News website.

    For those interested, the BBC article is here:

    Minister defends safety law on messaging apps [bbc.co.uk]
  • We understand you might not want government microphones in your bedroom, but people might be discussing child abuse there, so we need to listen to keep the children safe!

    • Already have those, they are called smart speakers and mobile phones.

      Cameras in every room in every house would be the best measure.

  • New law says you must also keep all your hours and car doors unlocked because a crime might be committed inside those and they must have access to them.
  • "Any children that say things the current government doesn't agree with will be protected by this!" - the UK government, probably
  • by LeadGeek ( 3018497 ) on Thursday August 10, 2023 @12:17PM (#63756402)

    "As in Iran, we will continue to do everything in our power to ensure that people in the UK have access to Signal and to private communications. But we will not undermine or compromise the privacy and safety promises we make to people in the UK, and everywhere else in the world."

    Meredith Whittaker, President of Signal
    Source: https://signal.org/blog/uk-onl... [signal.org]

    • Did that mad woman renage on what she said earlier then?

      I abandoned Signal after she had them get rid of SMS support, leaving me trusting the proprietary default SMS app on my phone. She thought it was about the fact SMS wasnt secure, totally missing the point about why users used Signal for standard SMS.

      Maybe I'll look at it again after a change of management until then Signal is poor mans whatsapp. Which is ironic seeing as whatsapp uses the Signal protocol :D

  • by CrappySnackPlane ( 7852536 ) on Thursday August 10, 2023 @12:32PM (#63756442)

    Pedophiles today.

    Tomorrow, terr'ists.

    Next week, George Floyd protestors or Jan 6th kooks.

    Next month, people who posted in support of George Floyd protestors/ Jan 6th kooks.

    Next year, people who fibbed on their taxes.

    The year after that, people who the algorithm suspects are likely to eventually post in support of George Floyd protestors/ Jan 6th kooks or perhaps tell fibs on their taxes.

    Don't let them get their foot in the door.

  • This only makes sense if the plan is, in direct conflict to what was just specified, to do something like scan all messages for content like CSAM (aka child porn). Then the need for the decryption keys does make sense.

    But, if you accept their claim that this power will only be used rarely when they have particularized evidence that there is some kind of criminal conduct or threat it sounds like it will backfire. For this to happen, someone has to report their kid is getting disturbing/suspicious messages

    • > even if it's a burner

      Burner phones are an 00's concept, thay have not been possible for a while now.

      A PAYG phone needs a credit/debit card to be registered with correct address details to even top it up. Or you can top up from a cash machine, again with a card. So you would also need fake ID.

      Walking up to a market seller and buying a flip phone, then topping it up using a £10 note in a post office a-la Bourne is a thing of the past, thanks to Bourne.

      They know who you are.

  • by DontBeAMoran ( 4843879 ) on Thursday August 10, 2023 @12:58PM (#63756560)

    Either everyone is protected, or nobody is.
    There's no in-between.
    There's no "good guys" vs "bad guys".

    Somebody should really explain encryption to them.

    • There is no "government only" decryption key.

      Let's imagine there was something like that. In comes $evil_state_du_jour. A person approaches someone who has access to that government-only key and says "nice family you have there. Shame if anything bad happened to them. But you know, you can avoid that. The key you have there, you might want to share it. Nobody needs to know. We won't tell anyone. Promised. And you, and your beautiful wife, and your lovely kids, you can live long and happily".

      And if he doesn'

  • by Opportunist ( 166417 ) on Thursday August 10, 2023 @01:06PM (#63756596)

    Today's feature, children [wikipedia.org].

    Stay tuned, what's it gonna be tomorrow?

  • "However, we do know that on some of these platforms, they are hotbeds sometimes for child abuse and sexual exploitation. And we have to be able access that information should that problem occur."

    Is there a problem or is there not? "Sometimes"? "should that problem occur"? Is this a hypothetical crime?

    Will it be illegal for a citizen to encrypt anything? A real criminal would encrypt the message before using the app.

    • > Will it be illegal for a citizen to encrypt anything?

      That would solve the problem. Anyone using encryption (who is not a bank) would thus be obvioulsy hiding something and we all know if you have something to hide...

  • "I, like you, want my privacy because I don't want people reading my private messages.... However, we do know that on some of these platforms, they are hotbeds sometimes for child abuse and sexual exploitation. And we have to be able access that information should that problem occur."

    This is nonsense. I know I'm preaching to the choir here but this idiot politician must know (and probably does know) that you can't have it both ways. You either have safe and reasonably unbreakable encryption in communica

    • Actually that would be doublethink.

      Doublespeak is langage that is intentionally unclear as to allow any meaning to be true. Doublethink is the ability to hold two contradicting thoughts in ones head (or in this case to speak it) while believing both to be true.

  • why not hang microphones in houses for the same reason. And in every vehicle, classroom, gym, restuarant, etc. Child abuse CAN happen in those settings. Why is abusing the limit only done in the Tech world?

  • Comment removed based on user account deletion
  • 1. We know that if requesting decrypted messages today is used as a "last resort", then in a year or two or three it will be common place.

    2. Since Apple cannot know which messages on whose phone they might have to decrypt at some point, they will have to be capable of decrypting _any_ message on _any_ iPhone. Same for Google obviously and for anyone else.

    3. If Apple can decrypt any messages on any iPhone, then there is a substantial risk that some hacker will be able to do the same.
  • "And we have to be able access that information should that problem occur." "

    You first, followed by your department, followd at the same time by the royal family and GCHQ.

    If NO ONE complains, then we'll think about it.

  • ... should that problem occur.

    How do you know encrypted information is a "problem"? If you know there is a problem, you don't need to secretly spy on everyone. I recall that several years ago, Euro-pol created a child-porn server honeypot: The UK doesn't need back-doors to find CS-AM. It's obviously not the purpose of this bill.

  • Can we PLEASE get a minister who has actual understanding of how encryption works?

    I mean as a child I used to read everything I could about codes and secret messages etc so as a child I knew some foundational techniques in cracking a code and how they could be thwarted.

    I'm not a cryptographer but I have listened to enough Security Now episodes and have a degree in computer science to know that it is fundementally mathematically impossible to provide access on an as-needed "last resort" basis.

    The systems the

  • Just... Muppets.

Technology is dominated by those who manage what they do not understand.

Working...