U.K. Abandons, for Now, Legislation That Would Have Banned End-to-End Encryption

Cristina Criddle, Anna Gross, and John Aglionby, reporting from London for The Financial Times (paywall-circumventing Twitter link):

The UK government has conceded it will not use controversial powers in the online safety bill to scan messaging apps for harmful content until it is “technically feasible” to do so, postponing measures that critics say threaten users’ privacy.

In a statement to the House of Lords on Wednesday afternoon, junior arts and heritage minister Lord Stephen Parkinson sought to mark an eleventh-hour effort to end a stand-off with tech companies, including WhatsApp, that have threatened to pull their services from the UK over what they claimed was an intolerable threat to millions of users’ privacy and security.

Parkinson said that Ofcom, the tech regulator, would only require companies to scan their networks when a technology is developed that is capable of doing so. Many security experts believe it could be years before any such technology is developed, if ever.

No, Thursday’s out. How about never — is never good for you?

WhatsApp, owned by Facebook’s parent Meta, and Signal, another popular encrypted messaging app, are among those that have threatened to exit the UK market should they be ordered to weaken encryption, a widely used security technology that allows only the sender and recipient of messages to view a message’s contents. [...]

Officials have privately acknowledged to tech companies that there is no current technology able to scan end-to-end encrypted messages that would not also undermine users’ privacy, according to several people briefed on the government’s thinking.

This isn’t the worst reporting on encryption and lawmakers’ fantasies about “backdoors only accessible by the good guys”, but it’s fundamentally misleading. End-to-end encryption’s meaning is right there in its name. There’s no dial that can be adjusted from “weak” to “strong”. There’s no option for content inspection between end points. It’s not about choosing not to allow eavesdroppers, it’s about implementing protocols where it’s technically impossible to inspect content between sender and receiver.

The actual math is far more complex, but ultimately this boils down to the U.K. acknowledging that 2 + 2 can only equal 4.

Wednesday, 6 September 2023