UK gracelessly rolls back dumb anti-encryption proposals

As UK schoolchildren swap caps for hard hats to attend collapsing schools, the UK government has found as churlish as possible a way to concede that plans to force tech firms to break encryption aren’t technically possible.

Stupid people make stupid laws

This is the latest step in the UK’s utterly deluded attempt to force tech companies to scan messaging apps for “harmful content”, including CSAM material. The government effectively wanted the companies to find a way to break the encryption that protects messages in order to find such content.

The problem with this approach is that it would effectively make all messages insecure. Apple, Signal, WhatsApp, and others have all sworn to cease offering their services in the UK if this rule is pushed through.

Rolling back with little dignity

Now the UK has rolled back on the attempt and will issue a statement to that effect as it tries to push its new laws through. That statement essentially promises the government won’t make use of these powers until it is technically possible to do so while protecting privacy.

“A notice can only be issued where technically feasible and where technology has been accredited as meeting minimum standards of accuracy in detecting only child sexual abuse and exploitation content,” the statement will say, as reported by The Financial Times.

While that statement is a step in the right direction the fact this legislation may be pressed through remains worrying, as the commitment not to enforce it means a lot less if the law to force enforcement is already on the statute books.

Slaves to magical thinking

In the background it appears government officials have conceded that technologies capable of scanning encrypted messages that do not also undermine user privacy cannot exist.

That follows outcry from experts who have shown that existing systems claiming to be able to do this are prone to error and false accusations. They point the finger at the wrong people and because they require human confirmation the privacy of those wrongly identified is broken.

Never let reality get in the way of magical thinking, however. Under the proposed change, the UK will include the power to force companies to develop technology to identify and remove CSAM content. Of course, that part of the law underscores the ignorance of the attempt, as fundamentally if encrypted messages become scannable, they are no longer encrypted.

Ultimately, of course, there is no way to control what topics technologies like these are used to monitor. While CSAM material is fundamentally wrong, most critics see the attempt to undermine encryption for the rolling authoritarianism it actually is.

It is ironic that the same administration that presides over the collapse of school buildings is now so concerned for child welfare it wants to erode the privacy of UK residents.

Please follow me on Mastodon, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.