UK Government Still Looking For Ways To Criminalize Encryption
from the government-contractors-asked-to-provide-better-euphemisms dept
The across-the-pond Chris Wray analogues are still at work trying to undermine encryption for the sole purpose of greasing exceedingly squeaky law enforcement wheels. Friction is unacceptable, UK officials appear to believe, as they move forward with efforts meant to undermine this essential protection.
It’s not that the UK government is wholly opposed to encryption. Its employees use encrypted communications for reasons unexplained, but appear to be related to efforts to dodge public records requests. And the government isn’t even internally coherent when it comes to the tradeoffs of encryption. The Home Office continues to insist it’s mostly evil and threatens the safety of everything from criminal investigations to innocent children. Other parts of the UK government, meanwhile, offer no opinion on law enforcement efficiency, preferring to point out how encryption protects everyone, especially the children.
Internal inconsistency aside, the part of the government that can do damage to encryption continues to insist encryption is fine… so long as it can be readily broken when law enforcement presents some paperwork.
The biggest problem facing the UK government isn’t a lack of will when it comes to turning use or creation of encrypted devices/products. It’s the dearth of useful euphemisms, which might help the government disguise its true intentions while sliding damaging legislation past a public that can see the obvious benefits of this form of security.
Having run out of creative ways to tell the public the government wants it to sacrifice personal security for the greater good (i.e., law enforcement efficiency), the UK government is simply adding more rules to the rulebooks — rules that target the supply side of encryption by portraying these entities as the enablers of criminal activity.
Here’s the latest from the UK Home Office, which indicates the UK government intends to turn production of encrypted products (devices or services) into criminal activity:
The Government is today launching a consultation on two proposals to strengthen the law on serious and organised crime.
Law enforcement agencies frequently encounter articles which they suspect are being used in serious crime but which they are unable to act on under existing legislation. The Government is therefore consulting on a proposal to create new offences to criminalise the making, modification, supply, offer to supply and possession of articles for use in serious crime. Such articles include, for example, vehicle concealments or ‘hides’ used to transport illicit commodities, sophisticated and bespoke encrypted communication devices, templates for 3D-printing firearms components and pill presses used to make illicit drugs.
“Sophisticated and bespoke communication devices.” Cannot wait to see how this definition plays out in the real world. One might think this refers to the sort of devices that have been recently been the targets of international criminal investigations — “bespoke” phone manufacturers that provide encrypted messaging services available nowhere else.
But when a government starts using a word like “sophisticated,” watch out. FBI director Chris Wray has, during his anti-encryption agitation, created new terms like “warrant-proof encryption” and “military grade technology” to insinuate that messaging services millions of people use are somehow designed explicitly for the purpose of thwarting law enforcement — a broad brush Wray applies to both small businesses catering to criminal clientele and WhatsApp, a service used by hundreds of millions of people worldwide.
“Sophisticated” will likely end up meaning “anything law enforcement can’t readily crack.” “Bespoke” will be defined as “any product hitting the market after this law is passed.” Pretending this won’t be the case is buying into the UK government’s rhetoric, which is designed to give the impression it only wants to undermine sophisticated, bespoke criminal enterprises, rather than undermine encrypted services used by millions of UK residents.
It’s a dictionary attack. The government will determine what the definition of these words are when it decides whether or not these terms apply to whatever is currently causing investigators problems. It will expand to include popular services, disregarding the “bespoke” modifier to focus on the supposed “sophistication” of the offerings. In these cases, “sophisticated” will mean the same thing as “bespoke:” anything that’s an obstacle to the government’s wants and needs.
Filed Under: encryption, uk
Comments on “UK Government Still Looking For Ways To Criminalize Encryption”
The language about sophistication should be really worrying to anyone who understands how tech works, since the people crafting and later interpreting this law almost certainly do not.
+1
I see what you did there.
Re:
Yes, agreed. i enjoy the dictionary attack which is this new meaning for dictionary attack. Pretty good, really.
Not to play devil’s advocate but they did say the provisions ‘will not apply to commercially available mobile phones nor the encrypted messaging apps available on them’ and they are seeking input from law enforcement, businesses, lawyers, civil liberties NGOs, and the wider public.
Of course take all that with a grain of salt but alot of civil liberties are already calling this out.
Re: The UK Government isn't interested in *criminal* activity
Since the worst criminals in the UK are either in government or Tory party donors, it’s pretty obvious that like much of its recent lawmaking, the Conservative government is only interested in suppressing protest against it and other power brokers.
I just wish I believe Keir Starmer would role back these repressive laws when he is PM. As in the USA, once this kind of law is made, it tends to hang around for decades, regardless of administration.
Re: Re:
Keir Starmer and Labour seem to think the Online Safety Bill is a good law…
Re: Re: Re:
He’s a former prosecutor. Not surprised 🙁
The uk is outside the eu, this law would result in startups or tech companys leaving the uk, is the uk government really going to sue random tech companys that uses encryption even companys that have no office or staff in the uk.millions of people use apps with encryption to protect their privacy from hackers or criminals on the web.
Re:
Even with the UK outside the EU it still needs to follow most of the EU laws unless they want to face trade sanctions (Sadly the Tories seem ok with having a fight with the EU)
Re: Re:
Just one of the many benefits (to the government) of leaving the ECHR.
Add it to the list of stupid British ideas...
Somewhere between Brexit and serving beans for breakfast.
Re:
Nothing wrong with beans for breakfast! They’re good for what ails you 🙂
Re: Really?
Brexit? Stupid? For sure, that time the UK became the only nation in history of the world to impose sanctions on itself.
But… I can’t believe anyone would hate on The Full English Breakfast
Re:
I’m no fan of beans, but I can name a lot of things worse than the optional Heinz/Branston addition to the traditional breakfast that are nowhere near the destruction of country, due to pretending that a bare majority of a vote for an advisory referendum with irreversible consequences represented a mandate.
https://gizmodo.com/us-senate-can-now-officially-use-signal-for-encrypted-c-1795300382 Are you aware of this?