You're making the argument that the UK government will stop using encryption itself once the information about this becoming illegal makes it through the government.
It won't. The courts will refuse to force them to stop, and even if the courts attempt to force it, some government departments just won't listen, and be protected from the consequences.
This is another case of "the law applies to you, but not to me".
The law is that encrypted comms must be provided to the security services on request. This is not a problem for government agencies. It is not illegal per se.
I went digging a bit. No. You're wrong. You cannot substitute the law we're discussing with something else. If the law truly is that encrypted comms must be provided to the security services upon request, then Apple Encryption is not a problem. Security services simply should ask the owner of the icloud account ...
So that's NOT what the law says.
The law says that private sector entities cannot have effective encryption (so NOT government agencies). Why do I put it like that? Because it MUST be possible for the security services to get access to any data they can intercept in any way WITHOUT telling/alerting the participants. They must be able to ALTER those communications. Or to make it more practical: any software maker MUST be able to provide access to any data the security services physically intercept, encrypted hard drives, ssh capture ... anything. And no, there is no exception for open source software.
ANYONE who puts this in software is criminally liable, as well as any firm (director/...) of any firm that has software doing this:
// we're done with the key for this session, erase the key
key := 0
Obviously this means any government agency that runs a https website is violating this law. Publish an IOS app? Violation! (you're using encryption that is designed not to let anyone, including you yourself, alter the app on the wire). Publish an android app? Same. Publish a fucking rpm package on yum? (the signing code obviously violates this law). A fucking garbage collector violates this law. BUT ...
But there is one VERY specific limitation. Only the government gets to complain about this, and obviously, there is zero plans to enforce this equally. The government sure as hell is not planning to actually put in the effort to make the encryption they use compliant with this law. It's just to get at the contents of confiscated harddrives. It's just to force foreign companies to unlock phones that have been confiscated.
Oh and there's stricter punishments if you tell anyone you're complying with this. This law can be used to arrest Linus Torvalds until he backdoors encrypted loop devices, and threaten him with decades prison if he tells anyone he's done that.
And can I just say? If this law was put, properly explained, to the people of the UK, there's no way it would get 50% of the vote.
You're making the argument that the UK government will stop using encryption itself once the information about this becoming illegal makes it through the government.
It won't. The courts will refuse to force them to stop, and even if the courts attempt to force it, some government departments just won't listen, and be protected from the consequences.
This is another case of "the law applies to you, but not to me".
The law is that encrypted comms must be provided to the security services on request. This is not a problem for government agencies. It is not illegal per se.
I went digging a bit. No. You're wrong. You cannot substitute the law we're discussing with something else. If the law truly is that encrypted comms must be provided to the security services upon request, then Apple Encryption is not a problem. Security services simply should ask the owner of the icloud account ...
So that's NOT what the law says.
The law says that private sector entities cannot have effective encryption (so NOT government agencies). Why do I put it like that? Because it MUST be possible for the security services to get access to any data they can intercept in any way WITHOUT telling/alerting the participants. They must be able to ALTER those communications. Or to make it more practical: any software maker MUST be able to provide access to any data the security services physically intercept, encrypted hard drives, ssh capture ... anything. And no, there is no exception for open source software.
ANYONE who puts this in software is criminally liable, as well as any firm (director/...) of any firm that has software doing this:
Obviously this means any government agency that runs a https website is violating this law. Publish an IOS app? Violation! (you're using encryption that is designed not to let anyone, including you yourself, alter the app on the wire). Publish an android app? Same. Publish a fucking rpm package on yum? (the signing code obviously violates this law). A fucking garbage collector violates this law. BUT ...
But there is one VERY specific limitation. Only the government gets to complain about this, and obviously, there is zero plans to enforce this equally. The government sure as hell is not planning to actually put in the effort to make the encryption they use compliant with this law. It's just to get at the contents of confiscated harddrives. It's just to force foreign companies to unlock phones that have been confiscated.
Oh and there's stricter punishments if you tell anyone you're complying with this. This law can be used to arrest Linus Torvalds until he backdoors encrypted loop devices, and threaten him with decades prison if he tells anyone he's done that.
And can I just say? If this law was put, properly explained, to the people of the UK, there's no way it would get 50% of the vote.