I know we talk a lot lately about the UK's assault on e2e encryption, and it may seem a bit over the top, but it's important to understand what's on the table, and what policymakers are being told. Here a thread about e2e in the #onlineharms context.
It centres on a report released last month by the Centre for Social Justice, and endorsed by the former Home Secretary, Sajid Javid. Folks in power read these reports and follow their recommendations. Have a look at page 52. centreforsocialjustice.org.uk/wp-content/upl…
It calls for, as we've warned was likely, the use of e2e encryption to qualify as a violation of the "duty of care" in the Online Safety Bill. They note: "It will be insufficient for a platform to argue that introducing such a high-risk design feature will have benefits in other
spaces like user privacy and preventing online financial crime."
Page 57 goes on to recommend that Ofcom should apply sanctions for this breach - e.g. the use of e2e encryption - *retroactively*. Those sanctions should include "criminal sanctions and bans" for directors of
companies which use e2e.
So that's what's policymakers are considering: the possibility that you, reading this tweet, could face criminal charges in the future because you use e2e on your site or service now, for financial transactions or basic user privacy. All this, of course,
at the same time DCMS is enthusiastically cheerleading the post-Brexit UK as the best place in the world to start and grow a tech business; a place where, from day one of that business, you'll be assumed to be complicit in child abuse and constantly threatened with arrest.
That's your morning bulletin from the sunlit uplands. Join and support a digital rights group today. A lot more than your business may depend on it. openrightsgroup.org/blog/endgame-f…
P.S.: The fact that government is actively considering retroactive criminal charges for devs for deploying basic security protocols is a direct consequence of "unregulated wild west internet" rhetoric, which encourages politicians to adopt personal fantasies of being the sheriff.
Bang on cue
• • •
Missing some Tweet in this thread? You can try to
force a refresh
It's taken less than three weeks for India to go from this to taking down posts critical of the government in a national emergency. Think that couldn't happen here too?
We, and other groups, have been very clear on how the UK's plans would hand a gift to authoritarian regimes. One MP's response to that, last week, in a Parliament committee: to hell with other countries.
So to recap, the British Internet for British People should set a "world-leading" example for other nations to follow, up to the point where other nations use our model to justify their authoritarianism, at which point we wash our hands of our "world-leading" influence.
For years, the US has defiantly refused to reform its surveillance powers, or implement a Federal-level privacy law which respects privacy as a human right and safeguards the data of non-Americans. The CJEU has just ruled that enough is enough.
Today's ruling could have had implications for the Brexit transition, had SCCs been invalidated. That part remains. The ruling is, however, a warning shot to the UK's process of securing an adequacy decision. We are a Five Eyes ally with domestic surveillance issues of our own.
The UK, as I've said for years, was barely an adequate country in terms of domestic surveillance while *within* the EU. To secure adequacy, the UK's privacy practices will need to be better outside the EU than they were in it. Where does this go next? Trade deals.
Um, yes, yhat's exactly how trade deals work. For the 1,000th time: the UK cannot have a data adequacy agreement until it is a third country outside the EU, not before; and because of surveillance & human rights issues there's no way in hell we'll get one. thetimes.co.uk/edition/news/b…
Watch out for a lot of this: journalism painting the lack of a adequacy agreement as EU intransigence, when it's entirely the UK demanding the entitlement to remain a member of a club it's leaving without the club's rules applying to it.
There is no means of independently auditing social media companies' self-regulation - co-regulation may be the way forward. Focus tends to be quantitative (how many offensive posts taken down) than qualitative (how many takedown requests were accurate.)
Over-reliance on criminal mechanisms e.g. twitter joke trial - should we be looking at less intrusive regualtion as in self-regulation or something more industry driven like ASA, BBFC.
This is a thread for those of you who say coders and developers should take no role in politics. Those of you who watched my #WCLDN talk last year already heard this story. You can hear it again.
This was Rene Carmille, and that is a punch card.
Rene Carmille was the comptroller general of the French army. He eventually headed up the French census. Census data - innocuous, straightforward facts about people - was tabulated on IBM punch cards. Then the Nazis came.
Rene Carmille had all the data about all the people. He saw what the Nazis wanted to do with that data. So he made a decision about what to do with it. He did his job, externally, for the Nazis, of course.