Signal threatens to leave UK if UK's attempts to undermine E2EE passes into law

[AlTech]

Summary

 

 The Signal foundation have threatened to leave the UK market if the UK's attempt at undermining E2EE passes into law as the "Online Safety Bill".

 

The controversial bill requires providers of user generated content who use E2EE to undermine E2EE by requiring CSAM detection to be performed on all user generated content regardless of whether it is encrypted using E2EE or not as well as requiring the UK regulator OfCom to be able to view decrypted versions of encrypted data including E2EE data.

 

While the proposed law does not prescribe how tech companies must achieve these outcomes, technology companies believe there are only 2 ways of complying with the law:

1) Staying in the UK market:

• Have an E2EE backdoor for law enforcement - This is a non-starter for hopefully obvious reasons.
• Conducting CSAM detection prior to encrypting data - This would completely undermine E2EE as an idea and destroy the privacy of millions of people

2) Withdraw from the UK market

• Tech companies could force app stores to delist apps in the UK as a means to get around having to implement the proposed law. - This is what the Signal Foundation proposes since they are unwilling to compromise user privacy.

 

Quote

“We would absolutely exit any country if the choice were between remaining in the country and undermining the strict privacy promises we make to the people who rely on us,” Signal CEO Meredith Whittaker told Ars. “The UK is no exception.”

 

Quote

Provisions in the bill specifically take aim at end-to-end encryption, which is a form of encryption that allows only the senders and recipients of a message to access the human-readable form of the content. Typically abbreviated as E2EE, it uses a mechanism that prevents even the service provider from decrypting encrypted messages. Robust E2EE that’s enabled by default is Signal’s top selling point to its more than 100 million users. Other services offering E2EE include Apple iMessages, WhatsApp, Telegram, and Meta's Messenger, although not all of them provide it by default.

 

Additionally the CEO of the Signal Foundation said:

Quote

    It is a very troubling piece of legislation. The proactive requirement for services such as Signal to police expression and content would effectively require some form of surveillance capabilities and some sort of rubric around which expression is accepted or not. What they’ve done is to say this is the outcome we want but leaves it to the innovators, the technologists, to figure out how to do this.

    The outcome they want presupposes mass surveillance capabilities, presupposes a regime that polices acceptable vs. unacceptable expression, and it presupposes either breaking into the E2EE in ways that would totally undermine privacy or undermine the point of E2EE by conducting surveillance outside of encryption itself.

 

My thoughts

 The surveillance state is here and E2EE is on the chopping block.

 

I sincerely hope that all affected companies will choose to withdraw from the UK rather than compromise user privacy.

 

And I guess VPN makers now have new advertising materials made up for them: Use our VPN to download E2EE communication apps in the UK.

 

Sources

 https://arstechnica.com/information-technology/2023/02/signal-vows-to-defy-uk-legislation-that-puts-e2e-encryption-in-the-crosshairs/

[Shimejii]

UK becoming more and more of a place that will simply cease to exist in 100 years. Backdoors are always going to be a thing that governments want, there is a big reason why telecom and phone companies are often tied at the hip of governments, because they wouldnt allow a phone to come into the market without it having some sort of back door nowadays. 

 

The more countries that adopt this type of law, the less it makes sense to use the services.

[AlTech]

1 minute ago, Shimejii said:

The more countries that adopt this type of law, the less it makes sense to use the services.

Respectfully disagree, the importance of using E2EE services arguably is even more important (assuming they haven't been compromised or caved to the proposed legal requirements) not only for the merits of E2EE but also to say to governments that destroying E2EE is unacceptable.

[Alex Atkin UK]

And the government are too stupid to realise that these backdoors are a huge security risk to themselves while doing nothing useful to catch actual criminals, who wont be using any mainstream company for their E2EE.

All this ever does is push people further underground, making it harder for law enforcement to catch offenders as they will be less complacent about their security.  There have been plenty of reports from law enforcement saying as much, that every time a big change is made like this it just makes their jobs harder.

[Shimejii]

58 minutes ago, AluminiumTech said:

Respectfully disagree, the importance of using E2EE services arguably is even more important (assuming they haven't been compromised or caved to the proposed legal requirements) not only for the merits of E2EE but also to say to governments that destroying E2EE is unacceptable.

I meant if they break the apps and get the back doors and are compromised, they would no longer function as useful as they really wouldnt be encrypted anymore.

[TrueNerdTastic]

1 hour ago, AluminiumTech said:

as well as requiring the UK regulator OfCom to be able to view decrypted versions of encrypted data including E2EE data.

Absolutely not, like this is the most ridiculous decision. I've heard time and time again UK taking bad decisions but in full honesty this might be the worst. 
The fact that they think companies like Signal would just flip over is sad. And let's not forget that companies such Meta will most likely roll over as to not lose the market. Another reason to stop using them.

[jagdtigger]

The beginnings of the thought police......

[suicidalfranco]

UK going from ignore the groomers to ban e2ee cause think of the children.

They didn't care before, hard doubt the have the children best interest at heart.

[AlTech]

1 hour ago, suicidalfranco said:

UK going from ignore the groomers to ban e2ee cause think of the children.

Not sure if it's a kneejerk reaction to something but it feels like it.

1 hour ago, suicidalfranco said:

They didn't care before, hard doubt the have the children best interest at heart.

They don't.

 

7 hours ago, TheNerdTastic said:

The fact that they think companies like Signal would just flip over is sad. And let's not forget that companies such Meta will most likely roll over as to not lose the market. Another reason to stop using them.

The platforms I expect to roll over are:

• iMessage (cos they already have a backdoor, tho I'm not sure if Apple will make a show of not rolling over or not like they did with the FBI)
• WhatsApp (they already do scanning prior to encrypting content. The scanning they do is clientside to stop people violating their TOS.)
• FB Messenger encrypted Conversations (see above for WhatsApp except encrypted convos are not enabled by default. You have to go out of your way to use them)

 

Not sure on Telegram, I'm inclined to say they won't roll over but I wouldn't count on it unless they explicitly say they won't.

 

Matrix likely won't roll over. But not sure about apps implementing the Matrix protocol.

[mr moose]

This is nothing new, ever since humans worked out how to carve stone they have been trying to ban anything that posses a threat to them.   They've got spears, we better take the spears away before they hurt someone or us, They've got steam buses, better regulate them before they take our horse and cart jobs,  Those pesky pedestrians keep getting hit by our new cars, we better make J walking illegal so it's their fault and not ours,  they've got telephones, better make wire tapping legal before they use them to organize a mutiny, they've got computers better update the communications laws before they use them to spread misinformation, they've got mobile phones with encrypted chat, better make it illegal before it is used to commit a crime.

[leadeater]

1 hour ago, mr moose said:

they've got computers better update the communications laws before they use them to spread misinformation

LOL!

 

Bit bloody late on that one

[TrueNerdTastic]

5 hours ago, AluminiumTech said:

• WhatsApp
• FB Messenger encrypted Conversations

That's why I simply listed Meta since it's the parent company from both, also any other product they may buy will follow suit sadly.
I am interested to see what Viber does as well since they too offer E2EE. I mean, they most likely will follow the big companies and just roll over, but we can only wait and see.

 

5 hours ago, AluminiumTech said:

iMessage

Maybe, maybe not. The privacy sphere is pretty good at maintaining Apple at their place, around 2019 they were planning on launching a program that scanned photos of all users to prevent illegal stuff being spread. The EFT alongside other privacy advocates made a push and successfully made them drop that idea and promise iCloud E2EE (which should be coming around 2023).

[Alex Atkin UK]

1 hour ago, TheNerdTastic said:

The EFT alongside other privacy advocates made a push and successfully made them drop that idea and promise iCloud E2EE (which should be coming around 2023).

They only dropped the idea "for now", they never promised to drop it permanently.  In fact, there was a "bug" recently causing MacOS to talk to their servers, every time an image was previewed, with iCloud disabled.  It wasn't actually sending any information, but clearly that feature exists in the OS for a reason.

They already local scan your images if you use iCloud for facial recognition, its a small step to take that further.

 

The irony in all this is if they start CSAM scanning everyone, how long until MPs get caught out?  Or are they going to have some flag on their account saying "I'm too important, don't scan my files"?  It seems the people pushing for this are the ones most at risk of being caught with something dodgy on their phones, which makes it all rather puzzling what they think they're doing.

There's already been a case where someone got investigated by the police and lost their Google account (due to automated scanning by Google when you sync with the cloud), because they sent a pic of their kids genitals to their wife to send to their doctor.  How exactly are they planning to make this work while singing the praises of supposedly being able to do more medical assessments online?

[TrueNerdTastic]

5 hours ago, Alex Atkin UK said:

They only dropped the idea "for now", they never promised to drop it permanently.  In fact, there was a "bug" recently causing MacOS to talk to their servers, every time an image was previewed, with iCloud disabled.  It wasn't actually sending any information, but clearly that feature exists in the OS for a reason.

Not really no. Although initially they paused the rollout of the program but on the December last year they killed it completely. Instead they are switching to system that would be managed by the parents and would be opt-in. Also since they will be end to end encrypting the data will also stop the on device scanning. 
But those features are expected to roll out early 2023 with no set date as of yet.

Sources:
EFF Blog Post

Wired Story

[wanderingfool2]

16 hours ago, AluminiumTech said:

Have an E2EE backdoor for law enforcement - This is a non-starter for hopefully obvious reasons.

I only skimmed over, but not 100% sure it would allow a backdoor.  More of the providing scanning is quite evident in the bill...and maybe providing a way to access current communications but that could be done in theory without a "backdoor" so to speak (as it already is in the protocol design).

 

They would just have to force a switch of the safety number, which of course would alert the signal users the safety number was switched and if the users verified the safety numbers with each other they would quickly learn that their communications aren't private anymore.  So I wouldn't necessarily say it would be a backdoor, as with the way Signal handles E2EE it still requires a certain amount of trust with the certificate authority (and if you don't trust the CA, you could add an additional layer where you check with the person outside of the signal network). 

 

Not saying I agree with the bill at all, but merely stating that the current model that Signal isn't 100% safeguarded against MITM attacks (if Signal were to be the man in the middle)...at least not without the end users checking safety numbers (which I'm betting most likely won't).  So from the bill's perspective, and I could be wrong, but Signal would just need to have a method in place to change the safety number (so that they could intercept the traffic)...which given their current protocol they could already do (I think)

 

In general, I'm against breaking E2EE and against the forced scanning of things such as phones.  As was stated by @Alex Atkin UK pointed out there already is a case where it's a legitimate use case (sending to a doctor for a diagnosis) and that couple iirc got their Google account permanently banned (and reported to the police).  Imagine the case where the algorithm determined you look "too young" as well (despite being like 25) and getting flagged/banned/reported to the cops [I was genuinely mistaken as a high school student until my mid 20's]

 

With that said, it brings me back to what I always say in scenarios like this...as we lock more and more data behind E2EE or encryption in general we are introducing the problem that crimes with evidence will become harder and harder to solve (or require vast amounts more resources).  If you seriously suspect someone of CSAM in this day, how do you gather evidence?  E2EE so you can't get it while it's being transmitted.  You might be able to try infecting their system (but that requires a lot of work and iirc is still a legal grey area not tested fully in courts).  You might not even have enough for a warrant to search their computer, but even if you did if they encrypted it you can't do much.

 

There needs to be the discussion in society what we are and aren't willing to sacrifice (like it is still my opinion that the least destructive solution is to loosen the grips on the right to not self incriminate...but with very strict safeguards)

[Jerakl]

18 hours ago, Alex Atkin UK said:

There have been plenty of reports from law enforcement saying as much, that every time a big change is made like this it just makes their jobs harder.

Government attempts to push legislation that many in the field affected recommend against.

 

More at 4.

[AlTech]

2 hours ago, wanderingfool2 said:

I only skimmed over, but not 100% sure it would allow a backdoor.  More of the providing scanning is quite evident in the bill...and maybe providing a way to access current communications but that could be done in theory without a "backdoor" so to speak (as it already is in the protocol design).

The proposed law requires OfCom to be able to view any messages it wants including previously sent data.

 

2 hours ago, wanderingfool2 said:

They would just have to force a switch of the safety number, which of course would alert the signal users the safety number was switched and if the users verified the safety numbers with each other they would quickly learn that their communications aren't private anymore.

I'm fairly certain on Signal this can't be done. On WhatsApp I know it can (and it has been used by Law Enforcement) but I think Signal's design and implementation of their E2EE doesn't allow for this.

2 hours ago, wanderingfool2 said:

  So I wouldn't necessarily say it would be a backdoor

ArsTechnica said that experts arguing against the bill said tech companie would need to keep a copy of the encryption keys so that they could be handed over to OfCom where they could then decrypt the encrypted data.

2 hours ago, wanderingfool2 said:

, as with the way Signal handles E2EE it still requires a certain amount of trust with the certificate authority (and if you don't trust the CA, you could add an additional layer where you check with the person outside of the signal network). 

 

Not saying I agree with the bill at all, but merely stating that the current model that Signal isn't 100% safeguarded against MITM attacks (if Signal were to be the man in the middle)...at least not without the end users checking safety numbers (which I'm betting most likely won't).

See above but basically I don't think that works in Signal. Even if it did, it wouldn't give access to existing conversations (if you change your device on Signal without backing up the existing chat on the existing device you lose the chat history) which is the point of the proposed law.

2 hours ago, wanderingfool2 said:

Snip

Respectfully, you can't have both privacy and ways to undermine privacy. It's one or the other.

 

If the choice is to undermine privacy, the "good guys" will be worse off and the "bad guys" will find or create alternatives. This has been seen countless times before. Where there is a will there is a way and the only people who suffer are the "good guys".

[wanderingfool2]

25 minutes ago, AluminiumTech said:

ArsTechnica said that experts arguing against the bill said tech companie would need to keep a copy of the encryption keys so that they could be handed over to OfCom where they could then decrypt the encrypted data.

Yea, if it is true that the bill requires decryption of old data then yea it wouldn't really be possible.  If there is a chance that it can be data going forward after presentation of a warrant then it would be possible.

 

27 minutes ago, AluminiumTech said:

I'm fairly certain on Signal this can't be done. On WhatsApp I know it can (and it has been used by Law Enforcement) but I think Signal's design and implementation of their E2EE doesn't allow for this.

I think it would allow it.  For voice/video it's P2P which makes it harder...but for files/messages I think it passes through the signal service (def. for messages).  So I'd assume, but could still be wrong, that they could initiate a new key (as if you uninstall and reinstall it will generate a new key for when you message the person...so from the other person's perspective they would have to be informed of the key switch).  It would only be available for messages going forward, but I do think that if they wanted to they could perform a MITM attack on messages (but again it falls apart if the parties involved decide to check their safety number manually or through a P2P connection).

 

32 minutes ago, AluminiumTech said:

Respectfully, you can't have both privacy and ways to undermine privacy. It's one or the other.

 

If the choice is to undermine privacy, the "good guys" will be worse off and the "bad guys" will find or create alternatives. This has been seen countless times before. Where there is a will there is a way and the only people who suffer are the "good guys".

I'm not saying that though.  It's also not one or the other, unless you look at it as an absolute thing.  You can still have privacy while being subject to rules that would require you to break your privacy.

 

Ultimately privacy has to be on some form of sliding scale, and not an absolute privacy to rule them all.  It's the basic principle of why search warrants to houses are allowed, it's to allow a structured form of privacy breach.

 

It wouldn't always be worse off for the "good guys" either.  My whole concept, not fully flushed out, would be that on reasonable suspicion of a crime being committed a warrant could be granted for one to unlock a device (where the law strictly enforces exact details of the crime suspected in the warrant).  At least that way you get around the information where you know the evidence exists, but cannot access it.  If they are wrong, since the warrant was specific in the crimes committed they cannot use any information against you that's not pertaining to that crime.  Specifically if you were accused of CSAM but really were a drug dealer, it doesn't matter that they see your texts about dealing...they legally cannot act on it (and if they did, it would be tossed out so quickly...fruit from the poisonous tree).  In this scenario the chances of it hurting a "good guy" would be greatly less...as if they already had enough suspicion they would already be able to seize the phone, and it still would require a warrant

[soldier_ph]

Good thing Switzerland doesn't have any bills which are nearly as brain dead as this one is. Our Politics are full of dumb Tech Illterate Boomers, but at least they focus on just talking and not doing anything really. Politicians ikr.

 

Governments should rather want to implement E2EE and drive Tech forward in a good and safe way for everyone but no they gotta f* it up no matter what Tech Topic it is.

 

Don't take this as a Politics discussions starter.

[jagdtigger]

1 hour ago, wanderingfool2 said:

but for files/messages I think it passes through the signal service (def. for messages)

Maybe but they dont have the keys so pretty much irrelelvant, plus their implementation was already tested in court:
https://whispersystems.org/bigbrother/eastern-virginia-grand-jury/

In short signal handed over basically nothing because that all they had.

[wanderingfool2]

1 minute ago, jagdtigger said:

Maybe but they dont have the keys so pretty much irrelelvant, plus their implementation was already tested in court:
https://whispersystems.org/bigbrother/eastern-virginia-grand-jury/

In short signal handed over basically nothing because that all they had.

That only shows that they didn't have access to the prior messages/user data.  That request though doesn't mean they don't have the ability to perform a MITM for new data, which is what I am talking about.  The fact is Signal could initiate a new key if they wanted, which then could be used to intercept messages going forward (again it breaks apart if the participants decide to check their safety numbers though).  The safety number is effectively one of the methods they use to "prevent" MITM

[jagdtigger]

22 minutes ago, wanderingfool2 said:

hat request though doesn't mean they don't have the ability to perform a MITM for new data, which is what I am talking about.

Even if (huge if) the can, all they could hand over is a bunch of encrypted blobs.......

[leadeater]

3 hours ago, AluminiumTech said:

Respectfully, you can't have both privacy and ways to undermine privacy. It's one or the other.

 

If the choice is to undermine privacy, the "good guys" will be worse off and the "bad guys" will find or create alternatives. This has been seen countless times before. Where there is a will there is a way and the only people who suffer are the "good guys".

Your house is perfectly private until a warrant is issued to search it. You can have both, the practicality of it is the difficult part.

[wanderingfool2]

1 minute ago, jagdtigger said:

Even if (huge if) the can, all they could hand over is a bunch of encrypted blobs.......

No, that's now how it works.

 

E2EE encryption, the type Signal protocol deploys, relies on private public keys where the private keys are stored on the user end.  There actually isn't much on the technical side that prevents them from sending the fake public keys (which they have the private keys for), and then encrypting the new message with your real public key.

 

Similar concept to the example I used in the past with Eufy.  They might do things with E2EE, but the server configuration where it allowed other Eufy users to see random accounts shows that yes Eufy could "intercept" it if they wanted to.  So the same thing applies with Signal, if a government forced them to then yes they could publish fake public keys between two users and use that to spy on any messages going forward (until they redo it)

[CarlBar]

3 hours ago, leadeater said:

Your house is perfectly private until a warrant is issued to search it. You can have both, the practicality of it is the difficult part.

 

This is (besides the technical issues related to backdoors), my biggest concern here, not that they want access, but what if anything they need to do to get it. If it's the same as tapping your phone, or intercepting mail or searching a house i don't have any real concerns. Sure it could be abused but at least as the UK legal system is setup i don't sees an issue barring a major change in the system provided the requirements are equivalent to current IRl stuff.

 

The photo scanning i like in theory but i don't trust it to not have a troublesome false positive rate.