The UK government is dangerously incompetent

Preface, 2022-10-22

In retrospect, this blog post is perhaps a little too inflammatory, though not incorrect as far as I know. Such were my feelings at the time. I won’t censor myself by editing or removing it (see also “What we leave behind”), but be warned. If you’d like to see a more carefully considered article around this topic, see Ross Anderson’s paper “Chat Control or Child Protection?”

Original post

Recently the UK government launched the “No place to hide” propaganda campaign, which seeks to maintain their unfettered access to Facebook Messenger data by preventing the addition of end to end encryption. What’s going on? And why would they choose such an evil-sounding name??

What is end to end encryption (E2E) anyway?

Lifted shamelessly from wikipedia:

End-to-end encryption (E2EE) is a system of communication where only the communicating users can read the messages. In principle, it prevents potential eavesdroppers – including telecom providers, Internet providers, malicious state bodies, and even the provider of the communication service – from being able to access the cryptographic keys needed to decrypt the conversation.

Why do the UK government claim they oppose it?

The first line of the “No place to hide” site is “Let’s work together to ensure we keep children safe online without compromising user privacy”. Sounds great, but what they’re proposing doesn’t keep children safe online, and does compromise user privacy. Nice one guys, good idea.

They say “We are not opposed to end-to-end encryption, as long as it is implemented in a way that does not put children at risk.” Looking past the emotionally charged language, that’s basically saying “We’re not opposed to end-to-end encryption, as long as it’s not really encrypted, and we can access all the information anyway.” That’s just idiotic really. And we haven’t even got to the section titled “The Incompetence” yet.

The Incompetence

What the politicians seem to fail to realise is that they’re trying to fight the laws of maths. Even if they block Facebook from introducing E2E into Messenger, there will still be 10 other services providing E2E, which criminals will flock to. What makes this situation especially stupid is that Facebook’s proprietary nature makes it untrustable anyway, regardless of whether they claim to provide E2E, and any criminal who is stupid enough to think Facebook Messenger is secure is certainly stupid enough to be caught in 5 other ways. (See also Why FOSS?).

Literally just do your jobs please

OK we’re still talking about messages on a child’s phone, right? The same phone that the child’s parents/carer probably has the password to? The same phone that the police could just idk, get a warrant to access, ask for the password, and then see who they were talking to? Or are we hellbent on doing it the “big data way”, where biased neural networks analyse millions of private messages looking for criminals (oh and don’t worry, advertisement neural networks definitely aren’t being trained on the same data).

The danger to user privacy

Indiscriminate government access to user data is a huge threat to society at large. Nobody has nothing to hide (a friend of mine has a good test to illustrate this: ask people increasingly personal questions until they refuse to answer). Even if you genuinely did have nothing to hide, you don’t know what laws will change in the future, and what data can be used to “prove” your guilt – just look at the case of Ben John, who was convicted simply for owning a book.

This is all besides the fact that if anyone has backdoor access to your data, then so do the bad guys – governmental agencies in particular have a horrific record of data breaches.

Whose responsibility are children anyway?

This is an easy one, right? In most respects, children are the responsibility of their parents/carer and their school. So why don’t the government invest in better education of children and their parents, instead of taking cheap shots at encryption technology?

Shameful language

Regardless of the actual conversation about privacy and protecting children, the “No place to hide” campaign leans heavily on fearmongering rhetoric, and inaccurately presents what is possible. It is not possible whatsoever to ensure data privacy while allowing the government unfettered access to user data. It’s a contradiction in terms.

There is a very clear ulterior motive: the government wants to spy on their own citizens. They will go far further than protecting children with this data.