I am reminded frequently to be grateful I do not live in the UK.
Lord Hanson of Flint, the man chosen to deliver this particularly Orwellian update in the House of Lords, confirmed that Ofcom is expected to start using these powers just as soon as it finishes its report.
“We have set a date of April 2026,” he said, presumably while polishing his best ‘nothing to see here’ smile, “and we expect to act extremely speedily once we have had the report back.”
Baroness Butler-Sloss, clearly tired of waiting for this dystopia to arrive on schedule, pushed for Ofcom to get on with it. “Work to do this now,” she said.
Meanwhile, Baroness Berger popped up to promote something called “upload prevention technology.” It sounds like an antivirus program crossed with a puritanical school principal, and she claimed it can stop harmful content before it spreads. Lovely idea. Also, exactly how Chinese censorship works.
She also accused tech companies of lying when they say scanning encrypted messages isn’t possible. And maybe they are. But when your answer to that is “Well, we’ll just force them to comply by law,” you’re not solving the problem. You’re building a digital panopticon with the grace of a sledgehammer.
Does it really matters where you live if there are backdoors in the encryption you use?
I assume that this gets implemented by having UK-specific apps that do this "client-side" scanning stuff before messages are encrypted.
My understanding is that this is something that the regulators will require to be added to apps almost as a separate function (ie. do bigbrother-scan, if data = naughty, do phone-home, else do encrypt and proceed as per usual). Is it fair to say the encryption is backdoored? The app is backdoored, the encryption has become illegal unless content is shown to big brother first, but it seems that this is an app issue.
If I message from my non-backdoored app with someone who is backdoored, yes, there's a problem. But if I message with people who are not under the auspices of Ofcom and we are probably not so badly off. So it would probably mean, don't use apps that bend the knee, even if they say they're only bending it in the UK.
As far as does it matter where I live, I think it does in the sense of this is a domino that hasn't yet fallen in the US. I'm sure there will be pressures to implement such things here, but at least we aren't there yet.
If that genie is out of the bottle, it is out globally. That's why resisting this is important.
Here's the backdoors I can think of:
spy()around, say, the built-incryptoextensions in ARM's microcode. Intel and AMD use this method to "fix" bugs in hardware (many of them cryptographic extensions), so you could in theory use it to implement spyware.I neither of these cases are you safe when you're outside of the UK, because each has impact on development.
naively I assumed that you were only referring to 5 in your earlier response. the keyboard thing is something I hadn't thought about. But thinking about all these other avenues for state capture of my device, I am now sad.
How optimistic would you say you are on the future that avoids these sorts of things? Like it's a 50-50 shot right now, or pretty much most devices will be openly[1] backdoored in 5 years?
'openly' because I suspect many devices are already secretly backdoored (given how much is closed source...) ↩
If I were to propose an encryption backdoor, that's what I'd mean [1], yes, but that is not what politicians mean. What they mean is: force developers to build spyware of any kind and regulate everything that circumvents it away. If all you have is a hammer...
I'm optimistic that I can personally avoid it, probably I'm overconfident in my own abilities though. I'm extremely pessimistic for everyone that cannot code their own functionality without the help of an LLM. It's both awesome and awful at the same time that we're finally going back to the resistance 90s. It means that
"we" failed to normalize personal sovereignty, real cybersecurity for the individual, and most importantly privacy.
I think it won't be "openly". It will just be done.
Edit: like, now that allegedly the Chinese have hacked the FBI's own backdoors into the telco systems, suddenly "the Chinese are capturing everything". This implies that before the Chinese gained access, the feds were already capturing everything. Do we really believe in the benevolence of our own governments in 2026?
But even if that were the only case, it is expensive to maintain different kinds of encryption based on jurisdiction. The nerfed version will become the standard. ↩
Or if there aren't, which is the better choice of encryption to use.
Yes! Though a negative like that is hard to be sure of.