Internet Society condemns UK's Online Safety Bill for demonising encryption using 'think of the children' tactic

Plus: Cops' surveillance is used against drug gangs and not child abusers, says Tutanota

Britain's controversial Online Safety Bill will leave Britons more exposed to internet harms than ever before, the Internet Society has said, while data from other countries suggests surveillance mostly isn't used to target child abusers online, despite this being a key cited rationale of linked measures.

Government efforts to depict end-to-end encryption as a harm that needs to be designed out of the internet as it exists today will result in "fraud and online harm" increasing, the Internet Society said this week.

Founded by Vint Cerf and Bob Kahn, the Internet Society is one of the oldest and most well-respected institutions guiding the path of the public internet today. Its cry against the draconian Online Safety Bill (aka Online Harms Bill) should cause policymakers to sit up and pay attention.

Robin Wilton, the society's director of internet trust, said in a statement: "Today, encryption is an essential component of digitally connected objects like cars, doorbells, home security cameras and even children's toys, otherwise known as the 'Internet of Things' (IoT). It's also essential for national security by protecting highly sensitive systems like the power grid, citizen databases, and financial institutions such as the stock market."

Government has been explicit about wanting to ban end-to-end encryption, co-opting willing and eager police forces into a public campaign demonising the safety and security technology.

The Internet Society's Wilton rubbished these calls, saying: "Despite having access to the world's leading cryptographic expertise, the government has been unable to suggest a credible, safe back door that meets their requirements because it does not exist. Instead, the government is trying to make companies design insecurity in by default."

Quoting government publicity around the Online Harms Bill, he added: "That is not the way to 'harness the benefits of a free, open and secure internet', it's a recipe for fraud and online harm."

"It prevents spies, terrorists and hostile governments from accessing and exploiting confidential communications of government officials, and protects highly sensitive systems intrinsically tied to national security, including the power grid, databases, and financial institutions, from being hacked," he concluded.

Who is govt truly most keen on surveilling? Drug dealers

Meanwhile, more figures emerged tending to show that online surveillance tends to be used by Western governments against drugs gangs rather than child abusers, despite the Online Safety Bill and police campaigns claiming end-to-end encryption (E2EE) will turn social media into a paedophiles' paradise.

Encrypted email firm Tutanota, headquartered in Germany, published research this week suggesting surveillance orders are deployed to target drugs offenders first and foremost.

"Most orders issued to telecommunications providers are in connection with drug offences," Tutanota told The Register. Looking at published data, the company said about 80 per cent of wire-tapping orders granted in the US, one of the more heavily surveilled Western countries, were for drug-related crimes.

"In recent years, child sexual abuse and child pornography have played only a marginal role in telecommunications surveillance in practice," blogged Tutanota founder Matthias Pfau.

The same held true in Germany, where a specifically broken-out category of warrants granted for child abuse image offences made up just 0.2 per cent of surveillance applications for 2019 – having remained at that insignificant level for 10 years.

In snoop-happy Australia the situation was only slightly different, with warrants granted under that country's Telecommunications Interception Access Act 1979 being 50 per cent focused on drugs: in 2020 surveillance against child abuse imagery offenders made up just 0.4 per cent of applications, said Tutanota.

"The UK Home Office unfortunately does not provide figures on this," added Pfau, but there is little reason to assume the UK is much different from its sister democracies.

The Online Harms Bill continues its Parliamentary journey. ®

Other stories you might like

  • Capita to see wave of UK government contracts come to an end by 2025
    Technology firms rank second in UK list of strategic public-sector suppliers

    Everyone's favorite outsourcing business Capita is scheduled to see 415 government contracts with the British public sector expire between 2022 and 2025, more than any other major supplier.

    According to UK government spending research firm Tussell, the IT services company will see government contracts to the value of £700 million come to an end during the next three years.

    While it is set to wave goodbye to more contracts than any strategic supplier in any area of the public sector, the value of its expiring contracts is eclipsed by facilities management supplier G4S, which will see 30 contracts worth a total of £1.8bn expire over the period.

    Continue reading
  • Protecting data now as the quantum era approaches
    Startup QuSecure is the latest vendor to jump into the field with its as-a-service offering

    Analysis Startup QuSecure will this week introduce a service aimed at addressing how to safeguard cybersecurity once quantum computing renders current public key encryption technologies vulnerable.

    It's unclear when quantum computers will easily crack classical crypto – estimates range from three to five years to never – but conventional wisdom is that now's the time to start preparing to ensure data remains encrypted.

    A growing list of established vendors like IBM and Google and smaller startups – Quantum Xchange and Quantinuum, among others – have worked on this for several years. QuSecure, which is launching this week after three years in stealth mode, will offer a fully managed service approach with QuProtect, which is designed to not only secure data now against conventional threats but also against future attacks from nation-states and bad actors leveraging quantum systems.

    Continue reading
  • UK government seeks views on cloud, datacenter security
    Consultation asks for contributions from industry to better understand digital threats

    The UK government has kicked off a consultation to collate feedback on strengthening the security and resilience of local datacenters and cloud services to protect against outages and national security threats.

    Companies that run, purchase or rent any element of a datacenter are being asked to detail the types of customers they serve.

    Announced by the Department for Digital, Culture, Media and Sport (DCMS) late last week, the move is perhaps a recognition that the UK may need to beef up measures to safeguard key infrastructure against cyber threats and other disruptions.

    Continue reading
  • Cheers ransomware hits VMware ESXi systems
    Now we can say extortionware has jumped the shark

    Another ransomware strain is targeting VMware ESXi servers, which have been the focus of extortionists and other miscreants in recent months.

    ESXi, a bare-metal hypervisor used by a broad range of organizations throughout the world, has become the target of such ransomware families as LockBit, Hive, and RansomEXX. The ubiquitous use of the technology, and the size of some companies that use it has made it an efficient way for crooks to infect large numbers of virtualized systems and connected devices and equipment, according to researchers with Trend Micro.

    "ESXi is widely used in enterprise settings for server virtualization," Trend Micro noted in a write-up this week. "It is therefore a popular target for ransomware attacks … Compromising ESXi servers has been a scheme used by some notorious cybercriminal groups because it is a means to swiftly spread the ransomware to many devices."

    Continue reading

Biting the hand that feeds IT © 1998–2022