Sounds like "We don't care about the laws of mathematics, the laws of [insert country here] take precedence."

In the case of the UK, if "our brightest and best" work for GCHQ, why don't they break the encryption (answers on a postcard, please); if they don't work for GCHQ, why not?

> if they don't work for GCHQ, why not?

Two reasons:

1) Working for the government.

2) Being paid by the government.

Imagine, just for a second, if in the early 1990's, the regulations regarding allowing access for the security services to wiretap telephone switches in the UK had been extended to electronic communications at that point in time. We'd live in a totally different world...

The UK [1]had that right and it was easy to access the data as most things were in plaintext. It was only by the mid 2010s after Snowden that [2]encryption became a problem and other laws were necessary .

[1] https://www.theregister.com/2008/07/02/echr_ripa_judgement/

[2] https://www.theguardian.com/uk-news/2015/jan/15/david-cameron-ask-us-barack-obama-help-tracking-islamist-extremists-online

Sounds like "We don't care about the laws of mathematics, the laws of [insert country here] take precedence."

Of course, "Indiana" can also be inserted into the sentence above...

Time and time again, the Swedish government has excused large scale Internet data collection and retention by saying it is only used for serious crimes. Once they got people to swallow that excuse, they immediately started using the data to detect and prosecute crimes which are trivial in nature. The current Swedish data collection regime has been declared as illegal according to the ECJ, but nothing has been done to force Sweden to stop what they are currently doing.

Obviously emboldened by the ECJ's lack of enforcement action, now they are going after all E2EE services.

Shame on the ECJ for not demanding that the Swedish government respects the right to privacy!

If the currently tabled laws are passed by parliament, Swedish citizens will be even more treated as suspected criminals without any evidence to support that. They will lose their right to have a private conversation and the criminals will simply switch to using E2EE messaging applications which the Swedes cannot make demands upon. Honest people lose and the real criminals will be unaffected.

Sadly, this is pretty much standard operating procedure for Sweden's politicians.

" Swedish government respects the right to privacy! "

I was quite surprised when watching "The Are Murderers" on Netflix when the cop went to a school (following the murder of one of the students) and told everybody to write their password on a post-it, stick it to their phone, and then pop their phone into a bag for the local police to trawl through supposedly to look for evidence that might help them catch the culprit. I mean, WTactualF?

I'd be inclined to just write "fuck off" on that Post-it® (other insults are available).

In which case people will start keeping two accounts on their phones: one for use and one for the cops to look at should they need to look at the phone.

Saying "We like encryption so leave it alone" isn't going to be effective against the 'think of the children'-types. I think a better strategy is to point out that encryption protocols have been open source for decades and criminals can just encrypt their nefarious contents before sending it. Breaking encryption will only make the law abiding less secure, not the criminals.

The problem is that the powers that be see the general public as guilty of something, they just havent figured out or outlawed what it is though.....yet

Seems they are a big fan of ayn rand and have wholeheartedly went for the whole create vague and indecipherable laws so that no one can stay on the right side of the law

That despicable woman has a lot to answer for.

Silicon Valley c-suites love her as well.

Seeing how the US is changing now is a great demonstration of why these draconian laws are such a liability for us as citizens - each authoritarian law, no matter how well-meaning it may be when it is created - is a stepping stone towards authoritarian rule, a tool in the hands of an authoritarian regime if or when they come to power. The more potentially authoritarian powers they have when they arrive, the less work they have to do and the less opportunity there is to resist them.

This has always been a strong argument for the least intrusive, least potentially-harmful laws, but seeing how every oppressive surveillance and policing law created in the US over the last few decades is now a weapon pointed at the American people makes it feel very real right now.

The road to hell is paved with good intentions....

(Also UK 'extreme pornography' laws outlawed what was already covered in the 1959 obscene publications act, but because the public and judiciary were becoming more permissive, that they often couldn't charge the publishers (and conveniently they had a white Christian mother grieving over her dead daughter to fuel moral outrage, where any suggestion this was consensual sex gone badly wrong was shouted down) they went after the general public in a very very 1984 thought crime esque way, particularly as many of the acts outlawed to be in possession of images of....are legal to participate in - shit show is an understatement frankly and the epitome of "something must be done!!! Doing nothing is not an option!!!" Aka the politician and preachers favourite refrain

"no matter how well-meaning it may be when it is created "

Even that depends on what's meant by "well-meaning". These laws* are nothing more than a means to enable law enforcement to avoid due process of law. I don't see that as well-meaning at all. Due process, remember, is there to protect the innocent. The claimed reasons are not well-meant at all; they're just excuses to provide short cuts.

* We have an epidemic of mobile phone thefts. Something must be done. Legislating to permit warrant-less searches of premises for stolen phones is something, therefore HMG believes it must be done. If that one passes then providing the police "suspect" your premises might contain a stolen mobile phone they can just roll up and demand entrance - and maybe break in if they feel like it. For stolen goods of any nature and value, terrorist arms and exploaives, illegal drugs or anything else a warrant has been needed as a basic protection of English rights since 1215 - an increase of mobile phone thefts and 810 years of precedent can be overturned.

Ignored fact that software is software, and people who want to encrypt will find that open source or even just "downloaded without regard to the country's laws" will install on their devices just fine.

The only people this stops from protecting their data from snoops are ordinary citizens - those with highly harmful illegal activities to hide willc just... keep encrypting it...

It'll soon be pretty irrelevant anyway If you put AI processors in the mobile devices which are able to look at what is going on in the screen or keyboard, the governments will just demand a backdoor in the AI system to give access to the data before and after the encryption has been done.

The backdoors are already there, designed in from the start for the use of Microsoft, Apple, Google, etc.

"your data never leaves your device" they say. It doesn't need to as they can just ask the AI if you have whatever they're looking for before sending round the heavies.

Simply encrypt using a one-time pad and then you can thumb your nose at law enforcement any time you see fit.

How do you distribute the one-time pad to whoever is supposed to get the message? If that's intercepted you might as well not bother.

PGP.

Encrypt your message (or one-time pad) using your recipient's public key, and sign with your private key. Only the recipient can decrypt the message, and they can verify that it could only have come from you.

Humanity cannot un-invent encryption, however much authorities try to do so with legislation. It's just maths.

Why is this a problem? Surely they just need to add a disclaimer - 'Are you a bad guy then you can't use this backdoor we had put in, by order of the Government' Of course all the bad guys will take notice and stop accessing the data.

You have nothing to fear if you have nothing to hide. This is generally a known problem for authoritarian regimes, but take the super democratic USA. We have a backdoor and can access all your data. (As a purely hypothetical example). We trust Briden and he doesn't abuse the access, and won't allow anyone else in the government to do so. That is great < Time Passes > Trumpy is the new President and now has access to all your data along with his mate Nylon Muse. They set up 2 new departments - DOGE (Dept of Government Efficiency) and DOGR (Dept of Getting Revenge).

You sent a message supporting Briden and his replacement Parris, don't worry Trumpy and Muse aren't at all childish or thin skinned. Wait,why is there 50 people all wearing black assault gear outside the house? Why is that big tank driving over the garden towards the house?

Just remember you have nothing to fear as you were only using your 1st Amendment rights, honest. The Supreme Court will of course back you up, well maybe, if you voted Republican in the last election and were found guilty of storming the Capital

Don't forget Trump can do anything he wants and it isn't illegal if it is done as President, so that won't be a problem when you consider that if his lips are moving he is lying.

Hoping I don't need to include Sarcasm marks above

Why do you need sarcasm marks when you are speaking facts? Irony marks, maybe, but not sarcasm.

The sarcasm applies to the first part - bad guys following the rules because they are told to, and the creation of the DOGR department.

Yes you are right in that some parts could also do with Irony marks.

Unless I'm very mistaken (and boy do I hope I am), the telecoms companies do not need to record every single call a person makes and store it for 2 years. They need to store who called what number and when.

I actually dont think there would be a problem for a similart requirement on the likes of Signal and Whatsapp. Person A sent a message to Person B on blah blah date and time. Done.

What cant read what the message was? Well you cant know what the telephone call they had was about either. Get off your bum and do some proper police work and stop being lazy...

Having access to all of the phone records, as well as the ability to tap a suspects phone calls in that magical period in the 90s before End to End Encryption kicked in, didnt magically end all crime, funnily enough. Even if you had the Backdoors you want, it's not going to end it now either. So bugger off and leave us our privacy!

Signal doesn't even record that kind of data. This has been demonstrated after several court orders to that effect in the US.

I wonder if it will even be possible to stop people using Signal in any given country. If sideloaded, will it still prevent access based on IP addresses or something? I gather it's probably already banned in places like Iran (great role model there, well done), but I'm guessing people still use it.

Restricting IP addresses is relatively effective, except anywhere where VPNs work, so sideloading is an easy option in many countries, including Sweden. Telegram has some interesting tactics to evade IP blocks, but also stores data on servers, so is not the best option for real bad actors.

But the code for Signal is open source, so it's easy enough to set up your own version, wrapped in VPNs and effectively untraceable.

...to hide, you've got nothing to fear...and blah, blah, blah.

Except you almost certainly have stuff you're contractually obliged to hide. Just check out the T&Cs of any online services you use. You're obliged to keep those secure. If you rely on any such service to sync these between devices you can no longer do so securely.

To paraphrase, when encryption is criminalized, only the criminals use encryption

You can force people to send unencrypted data but you can't force them to write things out in a readable way. Run the encryption locally, copy-paste into your document or whatever and off you go. All sorts of other ciphers exist, many of which aren't that hard to do manually. At the extreme end, you could even use any of the existing encryption algorithms and do the work manually with paper and pencil; math does not require a computer to be done.

I'll also point out that criminals and terrorists can send paper letter snail-mail to each other; should we also open every single envelope and copy the contents "just in case" there's a crime in there we find out about later?

Signal is distributed free of charge. What would prevent people from downloading the software from foreign sites and using it?

More worrisome shall be attacks upon VPN services. At present, VPNs are under scrutiny from copyright rentiers, these wishing to oblige VPN providers to block access to sites deemed to infringe upon their God-given 'rights'. Presumably, various state security agencies would like the ability to decrypt the traffic. Combined, these lobbies are powerful.

Regarding subscriptions to banned (or voluntarily withdrawn) services, shall there be an upsurge in use of non-legal-tender for transactions? For example, alt-coinage and shopping vouchers (e.g. Amazon).

Nothing, really - and that's kind of the point.

Signal (the charity) can avoid complying with the regulation by not making Signal (the app) available for download in Sweden. If anyone sideloads the app, so be it.

VPN providers are... silly?

Let's look at the claims in their ads. They do not protect you from anything more than ssl already does, except now the VPN company can see which sites you are contacting (not the content, though). Before that it was you internet provider. Using a VPN service offers no "advanced protection"

The only thing it does is circumvent geoblocking for certain things, like streaming services, which is forbidden under the terms and services of the streaming service (sometimes because they just do not have the rights to show that movie in this jurisdiction, so if they do it then WB or whoever comes for them!).

VPNs do make sense when you are out of your office nad the other endpoint is in the company, or you are on the road and the endpoint is at your home. But this is not what VPN companies sell you.

Oh, and even if the traffic over those VPNs would be decrypted, it is still encrypted by the ssl connection that is tunneled through the VPN.