[PrimeMcFly]

I think it's inevitable that at some point some legislation like the OSB will pass in most western countries.

It's going to drive the people who have the know how underground, and anyone engaging in protecting their privacy will be considered a criminal. We're already creeping toward that IMO.

[xeyownt]

I don't see why it is inevitable.

In fact, I very see the opposite. Passing this kind of legislation will kill e-commerce for sure, so it will never happen.

[PrimeMcFly]

E-commerce will still happen, just with lessened security.

[sneak]

Or non-lessened security, and selective enforcement. Of course this is for "terrorists", not businesses.

[toyg]

Unlikely. The police will not renounce capabilities to track down all things a suspect ever bought.

[blitzar]

kill; e-commerce, in store payment terminals, online banking, all https, email, biometric passports etc.

It would be a return to the pre internet era, so probably is the will of the people and on form for the UK. I kind of hope they pass it then realise what it actually means.

[denton-scratch]

> kill; e-commerce, in store payment terminals, online banking, all https, email, biometric passports etc.

Hold on! Kill all HTTPS? Biometric passports? I haven't tried to read the bill, but AFAIK there are no provisions in the bill that attack HTPPS, and given that biometric passports are not a communications technology, I don't see how they could be impacted.

I don't see how the bill impacts email at all; opportunistic SMTP encryption isn't E2E in the first place, and PGP is rarely used in email. And when it is used, it's usually to sign rather than to encrypt.

[blitzar]

"End-to-end encryption (E2EE) is a private communication system, only communicating users can participate, no adversary nor eavesdropper can interfere, not the communication system provider, telecom providers, Internet providers, nor malicious actors, only communicating users can access the cryptographic keys needed to converse"

TLS / HTTPS would be included in my definition; the purpose of which is that the two parties are the only ones that can see the traffic.

[pjc50]

It's not going to be enforced that way even if that's what the text says. Although it might get spicy if one of the megacorps decides the legal risk is real and withdraws from the UK market.

[blitzar]

If it is implemented as per the legislation, the UK would need to be disconnected from the global internet, and most activity economic or otherwise would cease overnight. I should really retract my original position, things in the UK would be very different.

Honestly, it kind of needs to happen properly, otherwise people will never learn. Allowing these half baked pieces of legislation to pass and then not implementing them except for some edge case allows the idiots who write it and promote it to claim they were right all along.

[mnw21cam]

There's a general "bad" when law are enacted and then not enforced, especially if it's a law that most people would naturally break because it's a silly law. It allows the authorities to persecute chosen individuals while not actually achieving anything that the law as written looks like it should be trying to achieve.

And this is a silly law. Everyone will break it, every time they use an encrypted communication, which is pretty-much every single thing one does on the internet these days. It's a perfect recipe for the authorities to let everyone carry on as normal, then when they want to crush someone they're certain to find some law that they have broken like this one.

We should be throwing out such laws.

[blitzar]

> then when they want to crush someone they're certain to find some law that they have broken like this one

The will get a prosecution after catching red-handed a mass murdering terrorist or a pedo with kids locked in their basement because they did an online shop which "used encryption". The authors will claim victory, without these protections we couldnt lock these people up, the Sun and the Mail readers will lap it up. 5 counts of murder and 1 count of doing an online tesco shop.

[reginaldo]

So years ago there was a corruption scandal in Brazil, where gambling is illegal. A guy named Carlinhos Cachoeira[1] found that fact a great opportunity and built a gambling empire, which involved financing corrupt politicians so that they would vote according to his interests. Among those on the payroll was a senator, Demóstenes Torres. Well, one day an audio of a conversation between Demóstenes and Carlinhos leaks. It went something like that:

  Carlinhos: so I want you do vote in favor of [law X, which toughened restrictions on the kind of gambling Carlinhos promoted]

  Demóstenes (naively): but, professor, that will make things harder for you, won't it? 

  Carlinhos: oh, don't worry, it's not going to be used against me.

[1] Loosely translated as "Charlie Waterfall" by the NYT

[pjc50]

Given what has happened previously and all the bickering about "the blob", I suspect this simply won't be implemented except for possibly a token target.

Has anyone checked if the legislation has the special clause for "prosecutions require permission from the Attorney General"? (i.e. politically motivated prosecutions only - this has been seen before)

[BLKNSLVR]

It will be enforced against undesirable market places though. Winners and losers will be selected.

[tenpies]

My hope is that some comparatively insignificant Western country passes it first, makes international news when it cripples its own technological capacity and infrastructure, and then that becomes the cautionary tale.

My money is on Canada. The Trudeau Liberals passed their first of three internet control and censorship bills, C-18, and it has already backfired stupendously. It's quite similiar to Australia's similiar bill to force some companies to pay for linking to news content, but the Liberals saw that and thought "we should try it too!". Same result, Google basically said "no problem, we won't link to news in Canada".

However, unlike Australia, the Canadian Liberals are doubling down. New tax payer-funded subsidies for Canadian news are already being discussed to make up for the lost revenue the legislation caused. The Liberal-funded media is also trying to paint this as evil greedy foreign capitalist technology companies refusing to pay their fair share for exploiting Canadian news companies.

But that's why my money is on Canada. It has the perfect blend of incompetent leadership, empowered by another party that helps them pass any legislation no matter what, and constituents that are largely apathetic to anything that happens.

[rainonmoon]

Don't worry, Australia is doubling down too. Our entire legislative board around tech and the internet at the moment is chock full of draconian shit like this.

[BLKNSLVR]

Australia is half-fucked already, and will be completely fucked when the current opposition get back into Government (they're the ones who initiated the half-fucked status when they were in government, unfortunately with no resistance from the opposition at the time).

Raid warrants are already being signed off based on the tiny window into an IP address' life provided by legislated metadata retention. And no further actual police work is done on backgrounding the persons or households involved before choosing to suspend their rights.

[zorrolovsky]

Defeatism adds to the problem and it doesn't bring solutions. If we're already accepting that idiotic laws will pass, obviously they will. Let's call this what it is: a myopic and totalitarian law created by misinformed and clueless politicians. Let's fight it tooth and nail until we bury it.

[blitzar]

I think it's inevitable that at some point some legislation like the OSB will pass in most western countries.

It's going to be no different at all from the current situation.

[miohtama]

What would happen in the ideal world:

- All online messenger providers (Whatsapp, Signal, Telegram) e.g. withdraw from the UK market. Meta and Google gave a taste for this after Canadian link law.

- UK needs to come up with a crappy homebrew messenger ecosystem no one uses. Maybe a messenger.gov.uk?

- People download applications with privacy and sideload them to their mobile phones, keep going with their business as usual

- The number of childs protected or caught pedophiles stays unchanged

- UK parliament members who proposed the bill will look like idiots, not getting re-elected

- The "compliance" companies who promoted these solutions, as it's driven by commercial interest that guides the political discussion, go bankcrupt

However I remain doubtful if we have this ideal scenario.

[b112]

UK parliament members who proposed the bill will look like idiots, not getting re-elected

No one will lose re-election over a technical or scientific issue such as this. 99.9% of the public can't understand the position, the discussion, and will only listen to what fluff websites, and the parties tell them.

Now, is any party going to take up a "soft on pedophiles!" position? Because that's how it will be played...

[blitzar]

Haw haw the honourable member is AGAINST ONLINE SAFETY. Its a bit like trying to vote against the Patriot Act.

[sneak]

Closing the sideloading hole on Android then becomes the next step.

It's already a nonissue on the most popular device.

Eventually the sale of devices that don't include cryptographic controls to prevent terrorists from misusing them to evade terrorist surveillance will be outlawed.

[jkaplowitz]

In the EU (which I know no longer includes the UK), both Apple and Google will have to allow sideloading in their operating systems by early 2024, because they* are expected to be designated as gatekeepers under the new Digital Markets Act no later than early September 2023, and after being designated they’ll have six months to comply. So the feature to sideload will continue to exist in Android and will be added to iOS, although they could choose to enable it only in the EU or to block it in the UK.

*If you choose to fact-check this, be aware that technically the European Commission will be designating Alphabet, Google’s parent company, rather than one of the multiple subsidiaries with Google in its name. So the official EU communications about this may not mention the word Google.

[mnw21cam]

Remember that the Play Store uses encryption to download apps to the phone. If the law is enacted then this encrypted channel will technically need to be compromised too, which Google might also object to. If Google withdraw the Play Store from the UK, then what are they supposed to do?

This law doesn't just apply to messenger apps. It applies to almost every single act you perform on the internet. Everything will be mandated to be broken, including your browser. If you run a web server using https, you'll be breaking the law. If you ssh to another computer over the internet, you'll be breaking the law. If you connect to a VPN to access a work/university/school network or indeed a commercial VPN, you'll be breaking the law.

[arsome]

Stopping sideloading will never fix this issue, just having one non-cooperative external website would mean the scheme falls apart, you need to start blocking at the network level and aggressively pursuing people who bypass those blocks, making an example out of the first one that hits courts would likely be enough to scare all but the most dedicated out of such pursuits.

[blitzar]

- UK parliament members who proposed the bill will look like idiots, but get re-elected anyway

Some things never change.

[PrimeMcFly]

> It's going to be no different at all from the current situation.

That's not true at all. If OSB is passed, things will be quite different in the UK afterward.

[blitzar]

The snoopers charter already exists, ISPs already have to report your web browsing to the Government database.

For everything else there are foreign agencies who are not limited by uk legislation.

[PrimeMcFly]

The issue is that they can't defeat encryption currently, and wish to.

Encryption can hide web browsing and a lot more, which they don't like.

[pieter_mj]

It will pass now. It's a concerted effort as the same laws are passing in the EU as well.