Great article. Something they eluded to but didn't explicitly call out is the "good guys" I.e. the government who use the law to get access can be bad guys for many reasons.
One is individual actors. See recent cases of how MI5 agents covered up DV using their privileges. Bad people love power, and they just need to get the right job.
Another is a bad government, such as a repressive controlling style government gaining control and having everyone's personal data in a lake.
I think thats the right mindset to have in cases where power increases.
I’m really exhausted with this sovereign citizen crap, but when the government is trying to accrue more powers its worthwhile asking what else can be done with it.
For a prescient example: my mother welcomed policies that made protesting more-or-less illegal. “Just Stop Oil” had been doing a lot of nuisance things and she felt it justified. As did the right wing.
Now, when the far-right started marching[0] she was horrified to learn the extent of the new powers and said it was orwellian.
I use her as an example because I think HN leans left, but it will be the right wing folks who dislike government most. Obviously as a left winger myself- when the right wing government was installing anti-protest measures I was horrified, and was much more keen to point out they it could be used against people like my mum.
The government aren’t your friends, they are either changable- meaning all rules have to be solid enough to be used fairly even if the ruling party changes a lot, or: you’re living in something other than democracy, which is largely considered bad.
The crazy thing with allowing for backdoors is that the most capable or trusted advisaries get in first, aka: other nation states and former employees.
Yeah, almost makes you wonder who's actually behind it. Wouldn't be a bad political psyop for a UK/democracy adversary to go after.
If the intelligence agencies don't know that their own tools can and will be used against them (and all the data on their own citizens they've kindly gathered for their adversaries) they are willfully ignorant. No excuses.
This is political move, quid pro quo just like everything else. I wonder what UK got in exchange for some public heat (maybe not that much since common folks font care about this)
They haven't given anything. We've moved from a government of looney idealogues to a government of insecurity. Labours' actions can be pretty well understood as a need to be taken seriously by the Very Serious People, be that finance, big tech or the security services.
Not true however and contradicts itself later. They have inserted backdoors, the backdoors exist. Them holding the keys to it does not magically make it not exist.
I flat do not trust that the motivations for the legislation are what the government says.
The UK has a history of covering up child abuse by establishment figures, not least Prince Andrew. They are not actually concerned with preventing child abuse.
Successive UK governments have tried to remove or weaken encryption over the years since the 90's. There have been a succession of excuses, but mostly "think of the children".
The various MI* agencies have said publicly that they cannot carry out their duties (that of spying on UK citizens) while E2E encryption is available.
IF they had the courage of their convictions they would just lay out their case for a society with no privacy, have the argument, and accept the conclusion. But I realise this is politically naive.
> The UK has a history of covering up child abuse by establishment figures, not least Prince Andrew.
Can we please reference Jimmy Saville instead? Jimmy Saville is an entirely deplorable example of what it is that you're getting at and he got away with blatant and horrific acts until he died.
Conversely Prince Andrew is a crap example because what he is accused of (sex with a 17 year old in London in 2001) is actually entirely legal in the UK (age of consent is 16). So to hold him up as a prime example of a problem is just an Americanism.
> Can we please reference Jimmy Saville instead? Jimmy Saville is an entirely deplorable example of what it is that you're getting at and he got away with blatant and horrific acts until he died.
that's why I have long maintained CCP is the biggest threat to all citizens currently living in relatively free societies right now. Our democratic governments are only seemingly disgusted but whoever holds real power are ENTICED "what do you mean with these new tools and policies you've kept a billion people under control"
The CCP first and foremost keeps control by keeping their people happy, and controlling the narrative in such a way that the people are happy.
Surveillance in China is a Damocle's sword at worst - hardly used in an enforcement capacity, transgressions (like using VPNs) are mostly ignored, and it's very easy to slip through the cracks. Everyone is breaking laws all the time - they're a tool only selectively used. Police will look the other way as long as you don't force their hand. Funnily enough you don't even need a surveillance state to create bullshit laws that you selectively enforce. They made a surveillance state... and don't really use it.
I'm more afraid of surveillance states in a western countries, because they have a much better track record of consequently enforcing laws as written. If they make it illegal to say bad things about the party and use encryption, you can be sure enforcement will go beyond just silently deleting your critical Facebook post and killing your SSH connection. They'll throw the book at you.
...is an accurate description of "prior restraint".
The government (in the US at least) isn't allowed to discriminate based on the content of your speech even if it goes against "controlling the narrative in such a way that the people are happy". IIRC, the burden is on the government to prove the censorship is the result of a compelling public interest and there are no lesser solutions which can be employed.
> Police will look the other way as long as you don't force their hand.
They usually don't need to look the other way because people will do it secretly not talk about it openly and most people by a mile would never even use it (because it is illegal and most people don't want to do illegal stuff unless it's necessary and it is not necessary)
You don't need to enforce laws strictly to create an obedient population that does not dare think, you just need to have those laws and do a few show trials
Not secretly, at least in terms of "翻墙" (circumventing the GFW). It is commonly talked about in mainland chatgroups and on websites, sometimes with euphemisms (e.g. "科学上网" (surfing the web scientifically), etc.), but no one really bats an eyelid when talking about it.
In any case, I find it amusing that the case of UK disallowing E2EE could come back to CCP so quickly. Maybe without the example of CCP, other governments wouldn't realize the greatness of censorship? /s
Source: being a native who lives in mainland China.
>While there are no doubt a handful of evil people who would abuse E2EE to better cover their harmful tracks, it also benefits ordinary, law-abiding users by giving them a huge defensive boost against data breaches, massive data collection, unchecked mass surveillance, and a myriad of other threats online
Very few people care about such things.
Or rather, very few people understand such thing well enough to care about them.
It goes deeper than that in the UK. There's a large (and electorally powerful, as they're often older) proportion of the population who want, no expect, the government to step in and regulate social harms, and has a genuine belief that the good outweighs the harms.
Unfortunately as a nation our culture appears to have shifted away from taking personal responsibility for anything. It's always someone else's fault now. Some else's responsibility. Someone else's job.
I have seen many comments that this has become worse since the isolation period caused by COVID. I tend to agree but I also think it goes deeper than that. We have some problems in our society that have been festering for much longer and have root causes like inequality, lack of opportunity, and a lack of constructive facilities and positive role models.
I hear a lot from friends who work in education about children coming to school with profoundly disturbing attitudes and other children who have experienced nasty forms of abuse. And yes - absolutely the schools and the government should push back against problems like bullying and misogyny and racism where they can.
But maybe the answer here isn't just trying to lock up this week's negative social media influencer or introduce unusual and potentially dangerous concepts like regulating online content that is "harmful" yet not illegal or expecting governments to spy on us all and interfere in our lives more often. Maybe we should first be asking why so many kids think they have nothing better to do than spend all day watching that nasty online content in the first place. Maybe we should be asking why so many kids are given unsupervised and unregulated access to ideas they aren't ready to deal with yet.
That's about education and children but you can pick almost any hot button topic and find similar examples. Try immigration or people who live entirely off state benefits. You can find plenty of examples where people advocate for papering over social problems but there's a sad lack of discussion about properly fixing the cracks underneath. Those are the real social harms we should be trying to reduce. Unfortunately their perpetrators are often among the first to assume it must be someone else's problem.
> Unfortunately as a nation our culture appears to have shifted away from taking personal responsibility for anything.
That's as old as hierarchy. The Hillsborough disaster was in the 90s: every one tried to shift the blame. The different sex abuse scandals (Rotherham, Rochdale, Telford etc.)? Same shit started early 90s and still going on with looking for people other than police to blame.
> Here’s a poll from 2019, showing 91% of the US cares:
This is a wrong poll, because "privacy" is too broad of a term to meaningfully to assess. Privacy is a "good" thing, so people, of course, respond "I care" because they want to feel good about themselves and care about good things. In reality they don't understand what privacy is and at what price or comes (in terms of inconvenience).
>Support for increasing regulation was at about 71% then and still is.
That's even better. I remember GDPR being legislated, and everyone was extremely fascinated by how much it "protects" the users, and literally a few days after GDPR came into power, my messenger company blocked me with the following message: "according to GDPR, we must keep your personal data private and secret, and since at the moment we don't have any of your personal data, we can't keep them secret, so we're blocking you. Please, upload a photocopy of you passport by following this link (link) to get unblocked".
Again, the word "regulation" is perceived as a "good thing", because the opposite of "regulation" is "chaos, anarchy", and people are afraid of anarchy. If people actually understood what "regulation" means, support would have been way way lower.
> very few people understand such thing well enough to care about them
Even understanding the risks, there's little that can be done about it.
Use a credit card? Need a mortgage? Care about discounts when buying groceries? Have friends that post photos on social media? Live in a small country?
Privacy is simply unavailable if you want to live in a modern society.
Privacy is simply unavailable if you want to live in a modern society.
I think that's unnecessarily defeatist. Privacy has never been a black and white concept. We all share some information with some other people for good reasons.
The big change with modern technology has been how easily information can be collected at a massive scale and how many people end up with access to that information and for what purposes they can then use it. Almost none of this change was inevitable or necessary to function in a modern society. Governments could step in to legally regulate the businesses making a fortune off data capitalism any time they wanted to. They just haven't.
A cynic might suggest that this is because those businesses have made an awful lot of money. Some of that goes back to the governments in tax revenues. No doubt some of it also goes back to the politicians in campaign contributions.
A different cynic might suggest that our governments are typically made up of career politics/media/economics types who are woefully underequipped to even understand the capabilities and implications of the technology that has become such a core part of our lives in the past 20-30 years and so almost totally fail to perceive or mitigate the threats it poses.
We already have some well-intentioned data protection laws in the UK and some more that we inherited from the pre-Brexit EU GDPR. But their implementation has not been very effective at challenging the culture of harvesting whatever personal data businesses can and then attempting to monetise it. Meanwhile like any regulation they introduce a compliance cost for everyone.
A better attempt in the same spirit but written by people who actually knew what they were doing and enforced by people who had both good intentions and sufficient resources could undermine a lot of the more toxic practices that have built up since the likes of Facebook and Google made planetary scale corporate surveillance a thing.
We could get a long way just by banning two practices - keeping or using personal details provided to make purchases for anything other than administering those sales and incorporating phone-home surveillance into physical products where that surveillance has nothing to do with why a normal customer would buy that product (think TVs, laptops, or cars).
It would also help if governments could lead by example on this issue. They necessarily deal with a lot of sometimes sensitive personal data. They - not just national/federal government but all the spin-out agencies and more local forms of government as well - also have a tendency to abuse data collection powers granted to them by broad surveillance law for debatable reasons.
>We could get a long way just by banning two practices - keeping or using personal details provided to make purchases for anything other than administering those sales and incorporating phone-home surveillance into physical products where that surveillance has nothing to do with why a normal customer would buy that product (think TVs, laptops, or cars).
Don't get me wrong, but I don't believe that the government can do anything good in this respect.
The only thing they can really do is to try to make data hoarding less profitable than it is now.
For example it should be not just perfectly legal, but encouraged to scrape and repost bigtech data elsewhere. So that if you're unhappy with Google keeping your data on Google drive, you could switch to another cloud provider and they would already have all the same data.
That is, instead of going from "all your data is supposedly protected, but actually not" to "all your data is private", we should go from "all your data is supposedly protected, but actually not" to "all your data is public, deal with it".
The only thing they can really do is to try to make data hoarding less profitable than it is now.
FWIW I think this is a very practical response far more often than people realise. "Follow the money" is advice as old as money itself. Making behaviours we don't like unprofitable is one of the most reliable ways we have ever found to guide commercial organisations away from those behaviours.
For example it should be not just perfectly legal, but encouraged to scrape and repost bigtech data elsewhere. So that if you're unhappy with Google keeping your data on Google drive, you could switch to another cloud provider and they would already have all the same data.
Again FWIW I agree with busting the data hoarding walled gardens and supporting data portability. I couldn't disagree with you more strongly about making it all public by default but I also don't think that's the only way to solve the portability problem.
If you're arguing that GDPR was poorly implemented and often did more harm than good then I'm afraid you're preaching to the choir here. It is one of my go-to examples of where I do believe that governments should be regulating the potentially harmful behaviours of organisations to protect the little guy but the people who wrote the actual rules we have today didn't really understand the problem or the possible solutions and they blew it.
One is individual actors. See recent cases of how MI5 agents covered up DV using their privileges. Bad people love power, and they just need to get the right job.
Another is a bad government, such as a repressive controlling style government gaining control and having everyone's personal data in a lake.
I’m really exhausted with this sovereign citizen crap, but when the government is trying to accrue more powers its worthwhile asking what else can be done with it.
For a prescient example: my mother welcomed policies that made protesting more-or-less illegal. “Just Stop Oil” had been doing a lot of nuisance things and she felt it justified. As did the right wing.
Now, when the far-right started marching[0] she was horrified to learn the extent of the new powers and said it was orwellian.
I use her as an example because I think HN leans left, but it will be the right wing folks who dislike government most. Obviously as a left winger myself- when the right wing government was installing anti-protest measures I was horrified, and was much more keen to point out they it could be used against people like my mum.
The government aren’t your friends, they are either changable- meaning all rules have to be solid enough to be used fairly even if the ruling party changes a lot, or: you’re living in something other than democracy, which is largely considered bad.
[0]: https://en.wikipedia.org/wiki/2024_United_Kingdom_riots
If the intelligence agencies don't know that their own tools can and will be used against them (and all the data on their own citizens they've kindly gathered for their adversaries) they are willfully ignorant. No excuses.
The UK might be the country least likely to be confused with a nation-state. It’s an empire, or at least the remnants of one.
Not true however and contradicts itself later. They have inserted backdoors, the backdoors exist. Them holding the keys to it does not magically make it not exist.
https://en.wikipedia.org/wiki/Crypto_Wars
https://gigazine.net/gsc_news/en/20191223-lotus-notes-nsa-ba...
https://archive.nytimes.com/www.nytimes.com/interactive/2013...
https://www.eff.org/document/crypto-wars-governments-working...
https://theintercept.com/2014/10/17/draft-two-cases-cited-fb...
https://arstechnica.com/tech-policy/2015/01/uk-prime-ministe...
https://www.extremetech.com/defense/203275-the-nsa-wants-fro...
https://theintercept.com/2015/12/28/recently-bought-a-window...
https://arstechnica.com/tech-policy/2016/01/yet-another-bill...
https://cyberlaw.stanford.edu/blog/2020/01/earn-it-act-how-b...
https://www.washingtonpost.com/graphics/2020/world/national-...
https://www.wired.com/story/europe-break-encryption-leaked-d...
https://www.newscientist.com/article/2396510-mathematician-w...
https://www.theregister.com/2024/04/25/asio_afp_accountable_...
The UK has a history of covering up child abuse by establishment figures, not least Prince Andrew. They are not actually concerned with preventing child abuse.
Successive UK governments have tried to remove or weaken encryption over the years since the 90's. There have been a succession of excuses, but mostly "think of the children".
The various MI* agencies have said publicly that they cannot carry out their duties (that of spying on UK citizens) while E2E encryption is available.
IF they had the courage of their convictions they would just lay out their case for a society with no privacy, have the argument, and accept the conclusion. But I realise this is politically naive.
Can we please reference Jimmy Saville instead? Jimmy Saville is an entirely deplorable example of what it is that you're getting at and he got away with blatant and horrific acts until he died.
Conversely Prince Andrew is a crap example because what he is accused of (sex with a 17 year old in London in 2001) is actually entirely legal in the UK (age of consent is 16). So to hold him up as a prime example of a problem is just an Americanism.
His case comes up on Thursday.
Surveillance in China is a Damocle's sword at worst - hardly used in an enforcement capacity, transgressions (like using VPNs) are mostly ignored, and it's very easy to slip through the cracks. Everyone is breaking laws all the time - they're a tool only selectively used. Police will look the other way as long as you don't force their hand. Funnily enough you don't even need a surveillance state to create bullshit laws that you selectively enforce. They made a surveillance state... and don't really use it.
I'm more afraid of surveillance states in a western countries, because they have a much better track record of consequently enforcing laws as written. If they make it illegal to say bad things about the party and use encryption, you can be sure enforcement will go beyond just silently deleting your critical Facebook post and killing your SSH connection. They'll throw the book at you.
...is an accurate description of "prior restraint".
The government (in the US at least) isn't allowed to discriminate based on the content of your speech even if it goes against "controlling the narrative in such a way that the people are happy". IIRC, the burden is on the government to prove the censorship is the result of a compelling public interest and there are no lesser solutions which can be employed.
They usually don't need to look the other way because people will do it secretly not talk about it openly and most people by a mile would never even use it (because it is illegal and most people don't want to do illegal stuff unless it's necessary and it is not necessary)
You don't need to enforce laws strictly to create an obedient population that does not dare think, you just need to have those laws and do a few show trials
In any case, I find it amusing that the case of UK disallowing E2EE could come back to CCP so quickly. Maybe without the example of CCP, other governments wouldn't realize the greatness of censorship? /s
Source: being a native who lives in mainland China.
Very few people care about such things.
Or rather, very few people understand such thing well enough to care about them.
I have seen many comments that this has become worse since the isolation period caused by COVID. I tend to agree but I also think it goes deeper than that. We have some problems in our society that have been festering for much longer and have root causes like inequality, lack of opportunity, and a lack of constructive facilities and positive role models.
I hear a lot from friends who work in education about children coming to school with profoundly disturbing attitudes and other children who have experienced nasty forms of abuse. And yes - absolutely the schools and the government should push back against problems like bullying and misogyny and racism where they can.
But maybe the answer here isn't just trying to lock up this week's negative social media influencer or introduce unusual and potentially dangerous concepts like regulating online content that is "harmful" yet not illegal or expecting governments to spy on us all and interfere in our lives more often. Maybe we should first be asking why so many kids think they have nothing better to do than spend all day watching that nasty online content in the first place. Maybe we should be asking why so many kids are given unsupervised and unregulated access to ideas they aren't ready to deal with yet.
That's about education and children but you can pick almost any hot button topic and find similar examples. Try immigration or people who live entirely off state benefits. You can find plenty of examples where people advocate for papering over social problems but there's a sad lack of discussion about properly fixing the cracks underneath. Those are the real social harms we should be trying to reduce. Unfortunately their perpetrators are often among the first to assume it must be someone else's problem.
That's as old as hierarchy. The Hillsborough disaster was in the 90s: every one tried to shift the blame. The different sex abuse scandals (Rotherham, Rochdale, Telford etc.)? Same shit started early 90s and still going on with looking for people other than police to blame.
This is untrue. Here’s a poll from 2019, showing 91% of the US cares:
https://www.pewresearch.org/short-reads/2019/11/15/key-takea...
Support for increasing regulation was at about 71% then and still is.
This is a wrong poll, because "privacy" is too broad of a term to meaningfully to assess. Privacy is a "good" thing, so people, of course, respond "I care" because they want to feel good about themselves and care about good things. In reality they don't understand what privacy is and at what price or comes (in terms of inconvenience).
>Support for increasing regulation was at about 71% then and still is.
That's even better. I remember GDPR being legislated, and everyone was extremely fascinated by how much it "protects" the users, and literally a few days after GDPR came into power, my messenger company blocked me with the following message: "according to GDPR, we must keep your personal data private and secret, and since at the moment we don't have any of your personal data, we can't keep them secret, so we're blocking you. Please, upload a photocopy of you passport by following this link (link) to get unblocked".
Again, the word "regulation" is perceived as a "good thing", because the opposite of "regulation" is "chaos, anarchy", and people are afraid of anarchy. If people actually understood what "regulation" means, support would have been way way lower.
Even understanding the risks, there's little that can be done about it.
Use a credit card? Need a mortgage? Care about discounts when buying groceries? Have friends that post photos on social media? Live in a small country?
Privacy is simply unavailable if you want to live in a modern society.
I think that's unnecessarily defeatist. Privacy has never been a black and white concept. We all share some information with some other people for good reasons.
The big change with modern technology has been how easily information can be collected at a massive scale and how many people end up with access to that information and for what purposes they can then use it. Almost none of this change was inevitable or necessary to function in a modern society. Governments could step in to legally regulate the businesses making a fortune off data capitalism any time they wanted to. They just haven't.
A cynic might suggest that this is because those businesses have made an awful lot of money. Some of that goes back to the governments in tax revenues. No doubt some of it also goes back to the politicians in campaign contributions.
A different cynic might suggest that our governments are typically made up of career politics/media/economics types who are woefully underequipped to even understand the capabilities and implications of the technology that has become such a core part of our lives in the past 20-30 years and so almost totally fail to perceive or mitigate the threats it poses.
The OP-post is exactly about the (UK) government stepping in. (With disastrous consequences)
We already have some well-intentioned data protection laws in the UK and some more that we inherited from the pre-Brexit EU GDPR. But their implementation has not been very effective at challenging the culture of harvesting whatever personal data businesses can and then attempting to monetise it. Meanwhile like any regulation they introduce a compliance cost for everyone.
A better attempt in the same spirit but written by people who actually knew what they were doing and enforced by people who had both good intentions and sufficient resources could undermine a lot of the more toxic practices that have built up since the likes of Facebook and Google made planetary scale corporate surveillance a thing.
We could get a long way just by banning two practices - keeping or using personal details provided to make purchases for anything other than administering those sales and incorporating phone-home surveillance into physical products where that surveillance has nothing to do with why a normal customer would buy that product (think TVs, laptops, or cars).
It would also help if governments could lead by example on this issue. They necessarily deal with a lot of sometimes sensitive personal data. They - not just national/federal government but all the spin-out agencies and more local forms of government as well - also have a tendency to abuse data collection powers granted to them by broad surveillance law for debatable reasons.
Don't get me wrong, but I don't believe that the government can do anything good in this respect.
The only thing they can really do is to try to make data hoarding less profitable than it is now.
For example it should be not just perfectly legal, but encouraged to scrape and repost bigtech data elsewhere. So that if you're unhappy with Google keeping your data on Google drive, you could switch to another cloud provider and they would already have all the same data.
That is, instead of going from "all your data is supposedly protected, but actually not" to "all your data is private", we should go from "all your data is supposedly protected, but actually not" to "all your data is public, deal with it".
FWIW I think this is a very practical response far more often than people realise. "Follow the money" is advice as old as money itself. Making behaviours we don't like unprofitable is one of the most reliable ways we have ever found to guide commercial organisations away from those behaviours.
For example it should be not just perfectly legal, but encouraged to scrape and repost bigtech data elsewhere. So that if you're unhappy with Google keeping your data on Google drive, you could switch to another cloud provider and they would already have all the same data.
Again FWIW I agree with busting the data hoarding walled gardens and supporting data portability. I couldn't disagree with you more strongly about making it all public by default but I also don't think that's the only way to solve the portability problem.
See my experience with GDPR: https://news.ycombinator.com/item?id=43155582