The National Crime Agency director, Graeme Biggar, apparently had a massive anti-encryption rant following the passage the Online Safety Act.
The UK’s Online Safety Bill is law, but that’s not stopping its supporters from giving anti-encryption rants and effectively calling for putting UK citizens lives at risk. For one supporter of the Online Safety Bill, apparently encryption is the equivalent of turning a blind eye to child abuse. It’s bizarre because these supporters have already gotten everything they wanted in turning the world into a more terrible place. So, it’s baffling why the rage rant in the first place.
How did the UK get to this point? Well, the UK governments quest to make the world a more dangerous place has been going on for years. In the previous government, the Online Safety Bill was threatening people’s lives and freedom of expression among other things. The fight was hard fought with digital rights advocates pointing out things like how age verification is going to require websites to store even more personal information on its users than before. This while threatening people with jail sentences for saying mean things on the internet. The cherry on top of this disaster was a ban on effective encryption.
Fighting against this was often like pounding your head against a brick wall. It was pointed out numerous times that mandating back doors to encryption will only weaken said encryption. There is no such thing as a back door that only the “good guys” can use. If there is a weakness in an encryption – whether intentional or not – there’s always a chance that bad actors will eventually find it. It’s hard enough to put those speed bumps of raising the technical knowledge to crack an encryption. It’s even worse when a government is asking for weaknesses to be intentionally placed on that encryption.
It’s worth pointing out that encryption on the web is quite prevalent these days. In fact, most users may find themselves using encrypted communications whether they realize it or not. For instance, if a user visits a website that starts with “HTTPS”, they are, in fact, using encryption while accessing that website. Basic online banking uses encryption. Shopping on a major online service also uses encryption. That’s not even getting into people who use additional tools like TOR or a VPN which requires additional steps. Arguably, the digital economy wouldn’t even be viable without encryption. Yet, the UK government is trying to attack this very pillar of e-commerce and privacy online.
To the relief of UK citizens, however, an election happened and the Online Safety Bill didn’t pass. The development represented a temporary relief, however, as Culture Secretary, Nadine Dorries, vowed that the next attempt to crack down on the internet will be much bigger in 2021. Lord Lipsey would later accuse digital rights advocates of being “extreme libertarians” for the crime of fighting to protect people’s privacy and security.
In 2022, as promised, the UK government’s crackdown on the internet came back in the form of the now current Online Safety Bill. Anti-encryption was back, the privacy destroying age verification was in there, and, of course, saying mean things online being a jailable offence was also in there as well. It became clear that the UK government, at that point, was out for revenge.
Debate raged over the bill with advocates appealing to logic and reason while the UK government appealed to emotion and fictional narratives such as the false narrative that encryption will allow criminals to hide their activity from law enforcement and that this was an impending threat. Organizations like the Online Rights Group did an excellent job of explaining the dangers associated with this such as their explanation of why age verification is a threat to your rights.
Unfortunately, it became increasingly evident that evidence based policy making was about the last thing the UK government intended on doing as they continued their efforts to ram this bill through. As we’ve seen so many times before, reality doesn’t care about your beliefs in how the world operates. As the bill inched closer to passage, organizations threatened to leave the country. Wikipedia threatened to leave the UK over it’s age verification requirements. In short, demands to track people’s online activities goes against how organizations like Wikipedia operates. Several privacy companies also threatened to leave the country because they would rather leave the country than compromise their own security just to appease lawmakers terrible law.
Sadly, emotion triumphed over logic and reason when the bill passed in September. It received Royal Assent last week. In response to developments like this, Signal reaffirmed that they will be leaving the UK in response to the new law. It remains to be seen how many companies are leaving the UK as things move to the UK regulator, Ofcom, to sort out how it intends on enforcing this terrible law.
You would think there isn’t much need to further debate given that the UK government got everything it wanted here. Yet, the angry supporters of the Online Safety Bill seem to be continuing their quest to stamp out any perceived forms of effective security. In a rant that was noted by The Independent, Graeme Biggar attacked Facebook for trying to implement reasonable end-to-end encryption. He incoherently likened it to turning a blind eye to child abuse:
Introducing end-to-end encryption on Facebook would be like “consciously turning a blind eye to child abuse”, the head of the National Crime Agency (NCA) has said.
Graeme Biggar told a conference in central London that it should not be up to multinational corporations to decide where the balance lies between privacy and security.
Giving the annual security lecture at the Royal United Services Institute on Tuesday, he said: “I strongly support encryption. It is an important protection from a range of crimes.
“But the blunt and increasingly widespread rollout by the major tech companies of end-to-end encryption without sufficient protection of public safety poses a fundamental and negative implication.
“It means they cannot protect their own customers by identifying the most egregious illegal behaviour on their own systems.
None of this makes any sense whatsoever. Encryption would do the exact opposite. I mean, do you really want stalkers to intercept all of your communications on something like Facebook? Not really. Do you want child predators eavesdropping on your child’s communications? Absolutely not. This is the very activity encryption protects against. What is being called for here is the weakening of encryption in the name of “safety”. By demanding that backdoors be introduced, you are providing more opening for those nefarious actors to do what they want. As we’ve already said, there is no such thing as a back door for only the “good guys” to access. no amount of “nerd harder” is going to change that. Anyone suggesting otherwise is just being a nitwit.
Yet, apparently, the verbal diarrhea kept going:
“Each platform brings different risks, and the Online Safety Act recognises this, requiring companies to ensure safety within the services they are providing.
“If Facebook roll out end-to-end encryption, their ability to spot child sexual abuse will significantly reduce, as will the number of children we save from sexual abuse and the number of criminals we arrest on the back of their information.
“Let me be clear: this would be tantamount to consciously turning a blind eye to child abuse – choosing to look the other way.”
It’s very obvious that Biggar is inventing these scenarios through the power of his mind. I very much doubt that Facebook is saying that they are implementing encryption just to help child predators. If Biggar wants to prove me wrong on this, then he can find evidence that says Facebook is implementing encryption just for the purpose of helping child abusers. Good luck with that.
The rant was apparently so ridiculous, it actually makes Meta look like an organization that can reasonably protect people’s privacy. In a vacuum, it is a laughable concept given the extraordinary amount of baggage the company harbours on this file. Yet, juxtaposing Biggar’s comments to Meta’s comments and Meta comes off as the reasonable one in all of this:
A Meta spokesman said the social media giant expects to provide more information to law enforcement as the encryption is rolled out.
“The overwhelming majority of Brits already rely on apps that use encryption to keep them safe from hackers, fraudsters, and criminals.
“We don’t think people want us reading their private messages so have spent the last five years developing robust safety measures to prevent, detect and combat abuse while maintaining online security.
“We recently published an updated report setting out these measures, such as restricting people over 19 from messaging teens who don’t follow them and using technology to identify and take action against malicious behaviour.
“As we roll out end-to-end encryption, we expect to continue providing more reports to law enforcement than our peers due to our industry leading work on keeping people safe.”
I’m not one for trusting Facebook with my personal information. After all, how much money does Meta make through targeted advertising and tracking people’s activities? It’s ridiculous. Yet, you can’t help but read those comments from both parties and, at least, realize how much it sells the story of Meta being a privacy company. This article does an incredible job of that. It probably is an incredible sign of how Orwellian things have become when Meta sounds very reasonable on the privacy front. It’s very remarkable.
It’s also pretty depressing that any company that tries to implement any form of encryption to protect the privacy of their users (which is a goal that is very much encouraged), they risk earning scorn and ire from the government. I hope one day that encryption will once again be something that is actively encouraged to be implemented. Sadly, this world has gotten so bad that governments are now actively discouraging this type of noble activity.
Drew Wilson on Twitter: @icecube85 and Facebook.