By John Gruber
WorkOS: APIs to ship SSO, SCIM, FGA, and User Management in minutes. Check out their launch week.
From an open letter signed by the leaders of WhatsApp, Signal, Viber, and a few other secure services:
Proponents say that they appreciate the importance of encryption and privacy while also claiming that it’s possible to surveil everyone’s messages without undermining end-to-end encryption. The truth is that this is not possible.
We aren’t the only ones who share concerns about the UK Bill. The United Nations has warned that the UK Government’s efforts to impose backdoor requirements constitute “a paradigm shift that raises a host of serious problems with potentially dire consequences”. Even the UK Government itself has acknowledged the privacy risks that the text of the Bill poses, but has said its “intention” isn’t for the Bill to be interpreted this way.
Global providers of end-to-end encrypted products and services cannot weaken the security of their products and services to suit individual governments. There cannot be a “British internet,” or a version of end-to-end encryption that is specific to the UK.
The UK Government must urgently rethink the Bill, revising it to encourage companies to offer more privacy and security to its residents, not less. Weakening encryption, undermining privacy, and introducing the mass surveillance of people’s private communications is not the way forward.
I’m glad to see these companies defending end-to-end encryption, but this letter dances around the repercussions of this proposed legislation in the U.K. What they mean in the third paragraph quoted above is that if the legislation passes, people in the U.K. won’t be able to use WhatsApp or Signal or any other end-to-end encrypted service. Apple isn’t a signatory of the letter, but I think iMessage would be banned too.
Some reports are portraying this as though these services would begrudgingly comply if the law passes, but they can’t. End-to-end encryption is inherent to the protocols. If end-to-end encrypted messaging is banned in the U.K., it won’t mean that WhatsApp, Signal, et al will somehow switch to insecure protocols in order to comply — it will mean that people in the U.K. can’t use these apps.
It’s tough, messaging-wise, because coming right out and saying that sounds like these companies won’t comply, by choice. Laypeople seemingly can’t be made to understand that a “good-guys-only back door” is cryptographically impossible. But that’s the truth. WhatsApp is incredibly popular in the U.K. — the message should not be that U.K. lawmakers are trying to weaken WhatsApp’s encryption, but rather that U.K. lawmakers are going to make WhatsApp illegal.
★ Wednesday, 19 April 2023