Under British and UK Legislation anyone using or developing end-to-end encryption is now a “hostile actor”
3mon 26d ago by lemmy.ml/u/tastemyglaive in privacy@lemmy.ml from lemmy.ml
Surveillance strategies in the UK and Israel often go global
These people are clueless
What is the fundamental difference. Evil men and arrogant idiots might as well be the same thing.
the real misdirection is focusing on individuals and their blame. The real question is why does UK political system produces these people rule and how do they keep ruling.
Both parties were captured by the aristocracy/super rich, call them what you will, and they support a total surveillance of a population they obviously fear and want tools to persecute as they see fit. Starmer is a perfect example of this, he's done more damage arguably than the tories did in over a decade. Their betrayal of the country will throw the elections to the far right too, that is the only protest vote against the status quo, and they will affix themselves in power and implement even worse privacy.
A popular reform party would fix the problems but the aristocracy is too greedy and arrogant for that, thinking they can control a far right party or otherwise shut them out electorally indefinitely and continue to sell out the public to the rich, even as discontent is increasing and the plutocratic rot is visible on the surface and spread throughout the whole.
Ironically that's kinda the argument being made in the document above
They don't care how it affects normal people's lives or what we sacrifice to pay for their incompetent leadership.
It doesn't affect just normal people, but when you make encryption weaker, the foreign state (i.e. bad actor) surveillance also benefits.
It denies normal people the ability to retain their privacy from corporate and government surveillance.
Which is exactly what any government these days wants.
"Never attribute to stupidity that which is adequately explained by malice."
or something like that...
No way this lasts or holds up to basic scrutiny. End to end encryption is a de-facto standard for so fucking much technology.
Like fucking HTTPS.
Well if they commit to this, it will never affect "e2ee" options that collaborate with feds e.g. whatsapp, imessage. If you can kill Refaat Alareer with it rest assured you will be able to keep it in your phone anytime
Yes, the trick is to outlaw it entirely then enforce the law selectively against those whom you find politically awkward.
TLS is not typically considered end-to-end encryption. It's transport encryption.
Our governments are hostile. Act accordingly.
All of them, AFAIK
So literally everyone in the UK using any website that uses TLS is now a hostile actor?
Essentially everyone's a criminal which is a huge boon for the government. They can now get rid of anyone they want at any time, legally.
That's what the governments in 1984 could do as well.
That is longstanding, the US and the UK both have been writing laws broadly enough for them to take down anyone for them, or at least charge, we all just trust it won't be abused, but as we've seen with the uk and their bad faith terror designations, that trust is misplaced, and the mask is coming off society. They aren't pretending anymore, and cynically think "democracy" such as it is, is already dead in all but name, it's only the citizenry that doesn't know it yet, and or is contesting it.
TLS is not typically considered end-to-end encryption. It's transport encryption.
I don’t get it. E2ee is about encryption in transit not encryption at rest. TLS sounds exactly like e2ee
E2E is about the sender encrypting, and only the intended receiver decrypting, with nothing in the middle able to read the data.
TLS is not designed for that, as the server you connect to is not necessarily the intended receiver, yet it can see everything.
With E2E, you can send data to a server, which is not the intended receiver, and it won't be able to read it.
Your explanation assumes that scope and scale are part of the definition which it is not.
If you keep zooming in or zooming out the definition of E2E keeps changing under your statement.
If the only knowledge a system has is between a sender and a receiver (Which satisfies even your definition of "intended recipient") then TLS is E2E encrypted.
The definition of E2EE has evolved since the concept surfaced. You seem to be stuck with the original meaning.
TLS does not fit the modern definition.
Yes the technical term has evolved but did the term evolve in the legislation definition of it?
If not, then the technically correct usage doesn't matter which is a point I've made in another comment as well.
And in my previous comment, I am pointing out the logical inconsistencies. Not that I agree or disagree with the technical terminology. You seem to be conflating a logical explanation/call-out of logic holes for my opinion, which it is not
Do they strictly define end to end encryption in this bill?
If not, then yes, TLS is "end to end" as the sender encrypts the message, and the receiver decrypts it. Each "end" to each "end" is encrypted, satisfying the semantics of the term.
Seems appropriate, since the game was invented by brits and the Imperium is an unholy amalgamation of the Roman and British Empires
Does it say that explicitly in the document? I know that's the overall message they're getting at, but actually typing that out in the doc is darkly funny.
It's just a fancy, rosy version of just saying "innocence proves nothing".
Paving roads makes it easier for an invading army to get around.
No-one's invading Lincolnshire then.
Easier, not possible.
This is great.
If you are (or know) a UK citizen, please let them send this with the above context to their representative.
A Cypherpunk's Manifesto
By Eric Hughes
Privacy is necessary for an open society in the electronic age. Privacy is not secrecy. A private matter is something one doesn't want the whole world to know, but a secret matter is something one doesn't want anybody to know. Privacy is the power to selectively reveal oneself to the world.
If two parties have some sort of dealings, then each has a memory of their interaction. Each party can speak about their own memory of this; how could anyone prevent it? One could pass laws against it, but the freedom of speech, even more than privacy, is fundamental to an open society; we seek not to restrict any speech at all. If many parties speak together in the same forum, each can speak to all the others and aggregate together knowledge about individuals and other parties. The power of electronic communications has enabled such group speech, and it will not go away merely because we might want it to.
Since we desire privacy, we must ensure that each party to a transaction have knowledge only of that which is directly necessary for that transaction. Since any information can be spoken of, we must ensure that we reveal as little as possible. In most cases personal identity is not salient. When I purchase a magazine at a store and hand cash to the clerk, there is no need to know who I am. When I ask my electronic mail provider to send and receive messages, my provider need not know to whom I am speaking or what I am saying or what others are saying to me; my provider only need know how to get the message there and how much I owe them in fees. When my identity is revealed by the underlying mechanism of the transaction, I have no privacy. I cannot here selectively reveal myself; I must always reveal myself.
Therefore, privacy in an open society requires anonymous transaction systems. Until now, cash has been the primary such system. An anonymous transaction system is not a secret transaction system. An anonymous system empowers individuals to reveal their identity when desired and only when desired; this is the essence of privacy.
Privacy in an open society also requires cryptography. If I say something, I want it heard only by those for whom I intend it. If the content of my speech is available to the world, I have no privacy. To encrypt is to indicate the desire for privacy, and to encrypt with weak cryptography is to indicate not too much desire for privacy. Furthermore, to reveal one's identity with assurance when the default is anonymity requires the cryptographic signature.
We cannot expect governments, corporations, or other large, faceless organizations to grant us privacy out of their beneficence. It is to their advantage to speak of us, and we should expect that they will speak. To try to prevent their speech is to fight against the realities of information. Information does not just want to be free, it longs to be free. Information expands to fill the available storage space. Information is Rumor's younger, stronger cousin; Information is fleeter of foot, has more eyes, knows more, and understands less than Rumor.
We must defend our own privacy if we expect to have any. We must come together and create systems which allow anonymous transactions to take place. People have been defending their own privacy for centuries with whispers, darkness, envelopes, closed doors, secret handshakes, and couriers. The technologies of the past did not allow for strong privacy, but electronic technologies do.
We the Cypherpunks are dedicated to building anonymous systems. We are defending our privacy with cryptography, with anonymous mail forwarding systems, with digital signatures, and with electronic money.
Cypherpunks write code. We know that someone has to write software to defend privacy, and since we can't get privacy unless we all do, we're going to write it. We publish our code so that our fellow Cypherpunks may practice and play with it. Our code is free for all to use, worldwide. We don't much care if you don't approve of the software we write. We know that software can't be destroyed and that a widely dispersed system can't be shut down.
Cypherpunks deplore regulations on cryptography, for encryption is fundamentally a private act. The act of encryption, in fact, removes information from the public realm. Even laws against cryptography reach only so far as a nation's border and the arm of its violence. Cryptography will ineluctably spread over the whole globe, and with it the anonymous transactions systems that it makes possible.
For privacy to be widespread it must be part of a social contract. People must come and together deploy these systems for the common good. Privacy only extends so far as the cooperation of one's fellows in society. We the Cypherpunks seek your questions and your concerns and hope we may engage you so that we do not deceive ourselves. We will not, however, be moved out of our course because some may disagree with our goals.
The Cypherpunks are actively engaged in making the networks safer for privacy. Let us proceed together apace.
Onward.
Eric Hughes
9 March 1993
This was written in 1993? Huh, I keep seeing cyber punks around in different contexts too, like some music mixes from some cyber punk festival at least.
In the old days, the British Empire steamed open everyone's mail and read it, at least coming from the colonies like India.
This is cypherpunk, not cyberpunk. Common roots, but important distinction.
Cyberpunk is an aesthetic style.
Cypherpunk is not.
Cyberpunk is a genre first and foremost. A critique of capitalism set in a corporate dystopia with transhumanist themes.
A lot of the aesthetic is rooted in the culture of the time period that it was created in (the 80s). The cultural fear, more specifically. A time where American corporations, and by extension the US government and population, were afraid of the Japanese economic boom and saw a future where the dollar was replaced by the yen and Japanese supplanted English as the lingua franca of the world, Japanese culture was exported the way American culture is, and Americans started eating their meals with chopsticks instead of forks.
Yes end to end encryption is for hostile actors why don't you send your nuclear launch codes in plain text.
Rules for thee not for me.
If I were to send a physical letter written in code that can only be decrypted with a cipher would I now be breaking the law?
What about radio or telephone conversations in code?
Can I still password protect my zip files or encrypt my NAS or PC before boot?
Using password protection for files is definitely work of terrorists you should be imprisoned for life. \s
According to this legislation, using https is against the law.
Not as long as UK is the root CA, I suppose.
Normally the certificate signing authority should never see, not need to see anybody's private key, so no.
But they can, taking help from the DNS (or ISP), send you to a fake website.
If so we should all start sending cryptic sounding gibberish around the world. Like from random lists send emails to foreigners with some random gibberish like product codes written in that look like encrypted messages, xg0-fs39450, or whatever, just as a form of protest.
if im alone in my car, i'll just start talking gibberish or about that time i kicked a cyber-dolphin through the moon. just in case the man is training some ai on what my phone's microphone picks up.
The speedquack cyrocrunk failed, need pryoram ciclicogram asap,
Make sure you only use transparent envelopes.
thats what happens when we as society become ignorant and inept, and therefore we vote for inept and ignorant people to represent us.
They are not all inept.
They know exactly what they are doing.
It is a hostile act to create information the state isn't privy to. That is a very deliberate act.
Fascista
When has the majority not been ignorant and inept?
Back when societies collective knowledge was like 4 things?
to me when they defended their rights and prevented certain toxic people from staying in power
That doesnt mean they werent ignorant or inept, they were just aware of what was happening to them, and in most cases for rights it was only after decades or centuries of mistreatment. Its a reaction not a prevention.
As for toxic people in power, thats a lot harder to argue but toxic people enter and leave government all the time. It can be obvious sometimes who will be shit but theres only so many choices and again a significant portion of people are ignorant or inept.
I think this is more malice than it is ineptitude tbh.
So google, amazon and Microsoft are hostile actors.every cloud provider is an enemy of uk government. They have gardeners (at best) or lawyers ( most probably), which did their own research.before writing these abominations. At the same time, they want to give all medical datas in the NHS to palantir. This is the apoteosis of incompetence.
All those companies willingly hand over our data when asked. At this point it's almost a feature
So google, amazon and Microsoft are hostile actors
Obviously not. They're happy to give MI5 a backdoor into all their systems.
This is the apoteosis of incompetence.
The age old question - malicious or stupid.
Gee why does the capitalist oligopoly fear communication they can't monitor it's not like they are doing anything wrong and have anything to fear from little old us
Shit-flinging desperation at the realization that they have failed to contain dissent via internet-based coordination. Elbit and the UK's protection of property was defeated by persistent disruption thanks to the work by Palestine Action. Unlike previous forms of communication, the empire has had tremendous difficulty wrestling control away because the materiality of the internet is so dispersed, accessible, and impossible to restrict without dire economic and military consequences.
I’m just baffled Labour is trying to die on this hill.
I think Labour is just trying to die.
At this point it feels like they're being paid to make people vote for Reform who will then make great use of all the surveillance infrastructure that Labour and Tories have put in place
The autonomous murder bots are not complete yet
Was this written by a native English speaker?
It's hard to take seriously with so many grammatical errors
It’s called legalese.
No, beyond the legalese. For example, the comma placement in:
which, unknown to them threatens,
The comma should go after "them", because "unknown to them" constitutes the entire aside.
If you delete the aside in this, it reads "which national security", whereas it should read "which threatens national security".
This is just the first one I found; I didn't go hunting for them. It's one of those grammatical mistakes that actively ruins the cadence of the sentence as you read it in your head.
And worse mistakes:
where there must be at least possibility that
I have complete sympathy for non-native speakers writing papers, but it also raises the question of whether they properly understand the source material they're referencing.
I will inform you that this excerpt is correct English. There needn't be an article like "a" or "the" before "possibility". It reads awkwardly in everyday language, but that really is just innocent "legalese" phrasing.
Thanks for the correction. Rereading it I can kind of see if they mean possibility as an abstract concept, so I'll take the L on it.
But I still maintain it's a pretty fucked way of phrasing it.
That is perfectly grammatical English, especially in legal texts.
Probably ai generated let's be honest here
It's British, so no.
What I see here is that the UK is a hostile entity towards humanity. So, fuck the UK government and all their parties. Since we're here, fuck the French government as well, just in case.
Oh yeah? I'll train an army of crows to transfer messages in exchange for specific shiny objects.
Seriously though - the constant hypocrisy and attempt to make our lives undeniably worse for their control obsession is either going to force our hand or end with the enslavement of the human race. These people are truly mad.
They choose force your hand. Draw the line where you wish. They will arrive at it given enough time.
There's a common saying in Germany that applies.
Basically translates to: "Those Brits are crazy", but the literal translation would be: "The Brits are spinning" (yarn).
Obelix knows best.
The spiders,
the Brits!
/s
What does it say in the original French version?
So every financial institution and everyone using WhatsApp
I think whatsapp it's already sharing chats with a few governments
So they're happy for us to read all their messages, right?
I heard reddit sends out warnings for updating certain comments these days.
“You are a hostile actor if we say you are a hostile actor.”
If i remember correctly, a few weeks ago a government party had their signal chat leaked. Those people have since ceased using signal right?
There's no problem with Signal's encryption. It's the same issue with any and to end encryption scheme, at either end is a person who can very easily copy and paste everything that has been said in the conversation and send it off to anybody they wish.
No of course. I meant that if at least one party in the UK gov is using signal, with end to end encryption, they are no longer using it because they are now considered ‘hostile actors’
Their favorite saying: "Rules for thee, not for me."
Well, yes, generally the recipient of a message has to get access to its content.
Not running down Signal or any other e2ee client out there. But there are in fact ways to prevent the recipient from retaining and, at least via the device they are using to receive the messages, copying the data within messages. Several banking apps actually include such measures. And perhaps even having a Mission Impossible-esque self destruct on the message where it re-encrypts and then deletes the messages after they have been viewed is a viable way to prevent retention. It would not prevent somebody from using another device to snap a picture of the information in the message, but it would definitely cut down on people's ability to easily leak private conversations that are intended to stay that way.
No one said there was
Did they also invite a journalist to the group chat?
Oh great more mens rea-less laws.
Nothing like police showing up for reasons that you don't understand and charging you for crimes that you were not even aware that you were committing.
I forget which page this was on the in book of Democracy, but I'm pretty sure it was towards the end.
It's in the Oligarchic Repression Chapter I think.
This is actually bonkers and goes to show that governments are loosing this battle, this just means that no matter what we cant stop.
It's not really wrong though. This kind of legislation certainly makes me hostile.
https://blog.giovanh.com/blog/2025/10/14/a-hack-is-not-enough/this article makes a sadly excellent point in response to you here. Fair warning: it's long. But even if you dip out early I assume you'll get the point being made
Setting a factory in France is a hostile activity too?
I guess using Olvid is terrorism.
Protectind yourself from beind spied on and then potentially blackmailed is a hostile behavior!
...to the blackmailer, yes.
Even the US used to ban the export of strong encryption algorithms. You used to have to download the stronger encryption algorithms separately. https://en.wikipedia.org/wiki/Java_Cryptography_Extension
I remember in the 1990s when you went to download Netscape you could only use the 40-bit encryption if you were in Europe, not the 128-bit encryption people in the USA could use.
https has got to go
ROT13 too.
Makes me want more E2E encryption.
Not sure which one is dumber
The USA or UK
Yes.
Dad?
what the fuck mate. Just take a shit on your citizens and wonder why the largest empire in the world now sucks off an orange paint face micro dick to make sure people still recognize they might be someone...
What document is this from?
It's a screenshot of this report from a review of the UK's security and terrorism legislation, published in December.
TechRadar article discussing the specific encryption issue here.
I was skeptical given the grammar issues others have pointed out but it seems legitimate.
I would like to know too please
I found it:
It's an independent review of some UK laws concerning national security, and the reviewer is warning that the laws could be used against people unfairly. Note the last sentence of the section: "Serious responsibility is put on police to use the power wisely."
Engagement in Hostile Activity
6.16. Under Schedule 3 a person may be engaged in hostile activity even though unaware that their activity is hostile activity[footnote 428].
So a person could be examined on account of their wholly inadvertent and morally blameless conduct.
Examples could include a journalist carrying confidential information whose significance to national security he did not understand, or the victim of planted material. The examining officer could act if there was no possibility that the person was aware that its dissemination might be in the interests of a foreign state, or even that they were carrying the material.
The Code of Practice to Schedule 3 refers to the innocent dupe, who “…may believe that they are working for a legitimate business, or charity, which is in fact being utilised specifically for the purpose of espionage”[footnote 429].
6.17. Since hostile activity does not require any knowledge or tasking by a foreign state[footnote 430], the phenomenon of double-ignorance could arise. A person may be engaged in hostile activity if they do something which, unknown to them threatens, national security and which is in the interests of another State, also entirely in the dark. For example:
The developer of an app, whose selling point is end-to-end encryption which would make it more difficult for UK security and intelligence agencies to monitor communications. It is a reasonable assumption that this would be in the interests of a foreign state even if though the foreign state has never contemplated this potential advantage.
The lobbyist for a foreign firm, who seeks to persuade an electronic chip manufacturer to build its factory in France rather than the UK. This would engage the UK’s economic well-being in a way relevant to national security even though France is entirely unaware of the lobbying and the lobbyist is only doing his normal day job.
A journalist carrying information that is personally embarrassing to the Prime Minister on the eve of an important treaty negotiations affecting UK security interests.
6.18. In each of these cases the motive of the app developer/ lobbyist/ journalist may be more sinister than first appears, so permitting an officer to examine whether the individual is a witting or unwitting agent of a foreign state might be described as necessary in the right circumstances. Serious responsibility is placed on police to use the power wisely.
Awesome, thanks!
hold on hold on, it's in my bookmarks somewhere I just saved a screen and prioritized alarmism
I found it and posted a link in this thread.
Can't wait to hear about all the upcoming data breaches. RIP all your medical records...
I am trans and a U.S citizen, the UK govt cannot comprehend how hostile I can towards it.
Hell yeah
Don't talk without electronic devices around because it might be hostile activity.
Can you provide a source for this document?
The source can be found here: https://terrorismlegislationreviewer.independent.gov.uk/(direct link)
It's an independent report by Jonathan Hall KC presented to parliament. I think everyone is under the impression that those highlighted paragraphs are a statement of law, they're not. But they are the guy's (correct) interpretation of existing law - namely, Schedule 3 of the Counter-Terrorism and Border Security Act 2019.
The report itself is a good thing, coz now we know how far the UK government will try to stretch their powers and what we need to repeal when Labour (and the Tories) fucks right off.
As part of his summary:
Some of the powers and offences extend well into the zone of political activity,
journalism, protest and day-to-day human activity. However useful, they must
be tested against misuse and overreach.
Do you have a link to the law?
It's from this report https://assets.publishing.service.gov.uk/media/69411a3eadb5707d9f33d7e8/E03512978_-_Un-Act_The_National_Security_Act_in_2024_Accessible.pdf
I emailed my MP about this before Christmas and am yet to get a reply
That is irritating. Consider writing anew.
Yeah, who needs TLS anyways?
TLS is not typically considered end-to-end encryption. It's transport encryption.
I understand that in a system with clients and servers having encrypted communications between the server and the clients is not enough to have end-to-end encryption.
Even then I find it strange to cobsider TLS not end-to-end, the whole gist of TLS is enabling confidential communications between 2 network nodes without any of the intermediate nodes participating in the communication being able to decrypt the data.
Yeah it's confusing. The implicit assumption in E2EE is that it is taking place on the application layer, while transport encryption happens on the, well, transport layer, or somewhere in between. I think the authors in the linked document mentioned chat communications between users which is definitely application layer.
Fuck this shit. The UK is not longer a free country. And fuck Israel even more for their damned work over the decades to make this possible.
it never has been a free country
Now that I think about it you are right.
Fucking hell...
Bar to become enemy of British crown is getting lower and lower...
Considering how trivial it is to build, and the plethora of working examples on github, I expect anyone is one chatgpt prompt away from running afoul of this.
That's often the point of this kind of legislation. The review from which this comes points out that the law is very broad and a lot is left up to the discretion of the police about how to apply it. In other words, they implement a law that just about everyone is breaking, then enforce it against environmentalists, critics of Israel, privacy advocates, socialists, anarchists and human rights campaigners, while leaving Meta execs, MPs, banks and the far-right untouched.
Yup, it's surveillance police state shit.
This is such a stupid law. A lot of things require encryption, even the government itself need end-to-end encryption. Are they going to ban Signal and Briar next?
These laws are made by people who have the slightest knowledge about the subjects they're making the laws on. Oppressing the people is their only concern, everything is else anti-nationalist activity.
This is the first biggest step towards a totalitarian society: cut all (end-to-end encrypted and private) communications across citizens. I hope the people there realise this and protest against this law or something. U.K. is literally becoming Oceania.
The United Kingdom didn't stop being an evil empire or it's own volition. The culture of oppression was never really challenged, the pool of potential victims just severely reduced.
Welcome to the resistance
If they’re not doing anything wrong, they don’t need to read private communications.
Reminder, rules for thee, but not for me
Look mate yaint paid ya proivocy loicence fer ages.
I paid it, but the transaction was private. Have a nice day.
We got one! A terrorist right here!
Does the government have the right to monitor any and all communications corporate, private or political?
"...would make it more difficult for UK security and intelligence services to monitor communications..." As if they have a right to do so already.
How dare you try to hide your communications from us!
Not surprised with the mindset of current admin. Awful people.
always wanted to be a hostile witness
No clue where that is from and if it's already in effect, but what's marked here only talks about developers, not users. Still, what a world to live in
sneak up into a dark street corner at night
"Ay you got that ed25519?"
Wtaf?
For their own use they have one that would have been a simple off the shelf option for others.
The whole government is currently using the famous ROT26 encryption algorithm.
Thank god I'm not British.
What actual document is this?
The British ought to actively strike against and shut this down ASAP or they will lose their country to complete fascism. Say goodbye to any aspect of democracy.
I mean, they wouldn't be wrong, but they don't know why they aren't wrong.
the feds are so pissed they can't break encryption, which is essentially just math, are they gonna ban math?
Isn't like building a basic encryption tool coding 101? I didn't build one when I was learning to code, but I did have to make a caesar cipher scrambler/unscrambler with python years ago. I don't have the code or remember how to do it, but does that make me a hostile actor now?
Link to article?