(C) Alec Muffett's DropSafe blog.
Author Name: Alec Muffett
This story was originally published on allecmuffett.com. [1]
License: CC-BY-SA 3.0.[2]


The Impending Crisis of Messenger Communications in the Westminster Bubble

2023-04-18 12:05:33+00:00

So I keep tabs on Westminster discussion of internet technology via a selection of RSS feeds, and this gem directed my attention to this report from the ICO, dated from mid-2022, titled:

Behind the screens – maintaining government transparency and data security in the age of messaging apps

Report of the Information Commissioner to Parliament, July 2022 https://ico.org.uk/media/about-the-ico/documents/4020886/behind-the-screens.pdf

I’ll be blunt: I read the PDF as essentially the Information Commissioner Office’s saying:

Everyone in government already knows that official records are meant to be retained Everyone in government is already trusted to act where they deem necessary in order to satisfy this retention Everybody in government already knows that official records need to be kept to a high standard of privacy and integrity Regardless of what everyone knows and is trusted to do, this is all really complicated because it turns out that everyone working in government will at the drop of a hat use any messenger account on any messenger service in order to communicate with each other, especially if they are secretly shagging and/or plotting to overthrow the Prime Minister …but everything is already okay, because <see points 1 to 3 all over again> Maybe we could consider doing the American thing if we really want? Maybe? Pretty please? But only if we really want.

Of course the ICO wrote-up point (4.) more elegantly:

However…

What I found more telling was the utter lack of discussion regards the “platform” risks of security; there is mention of “encryption” a total of three times:

They haven’t exactly gone out of their way to talk about “all this shagging and plotting which ministers are getting up to, wouldn’t it be a good idea if such communications were not available to any Spy or News International journalist who gets a job at the Messenger platform which is being used?” — but such ought to be of increasing concern to ministers, and it’s astonishing that the matter remains undiscussed. At best there’s reference to (fairly bland and meaningless) “certification” of communications platforms, plus a wishlist for what the Department of Health should have sought to know — but again without reference to how the provider stores the data in order to make it secure against third-party tampering:

Everything is basically done on trust and left to the assumptions that “privacy is all sorted out by contract.”

That’s lovely, but it’s not actually how the world works any more.

Mercury Shrugged

We know that the Westminster Bubble uses WhatsApp and Signal; we know that they use those two apps because the apps guarantee privacy integrity at a very fundamental level which goes beyond what can be achieved by “contract” and by “vetting platform employees”.

We also know that those apps are going to walk out of the United Kingdom if it presses ahead with illiberal and misconceived proposals to permit Ofcom (hello again!) to obligate client-side content filtering (i.e. spying) upon messages, a matter reinforced this morning by a group tweet which may signal broadening of this shunning of the supply of Messenger services to Britain:

Our position remains clear. We will not back down on providing private, safe communications. Today, we join with other encrypted messengers pushing back on the UK's flawed Online Safety Bill. pic.twitter.com/MwGBgcvgjk — Signal (@signalapp) April 18, 2023

This is not actually atypical behaviour for tech companies when states attempt to tell them how to build their software in order to accommodate local political peccadilloes; see for instance when Google abandoned search services in China regards censorship of the Tank Man image.

It’s not rare for tech companies to do this; it’s simply rare for a western democracy to be illiberal enough for tech companies to do it “here.”

But — when WhatsApp and Signal leave the UK — what will rush to fill the gap?

Many years ago I was for a while employed by a lovely little startup that did a lot of Government work… or rather: that regularly picked up relatively small amounts of money for high-stress, rapid delivery of essential software development work on big-ticket, high-visibility projects after the primary, huge, multinational, “lowest bidder” contractor corporation which had promised the earth and won the project bid, invariably ran away after extracting most of the project’s budget with basically nothing to show for doing so.

From that work I learned a lot about government contracts and the hinterland which supplies them, and I’m confident that there could very well be a BritChat™ or some other government-certified messenger solution, waiting in the wings to jump into the regulatory-capture market niche which WhatsApp and Signal leave behind. Of course there will be millions of pounds allocated to the BritChat™ project, but Locketic-AtoMG™ will run away with most of that after 18 months of architectural infighting and the whole thing will actually be hacked up in PHP by a subcontractor in the 6 weeks remaining before public launch.

But even when it gets delivered the problem is: who will use this outside the UK?

Simply: nobody.

There will be an app for Britons to communicate unto Britons, and beyond that there will be no secure communications available for Britons to speak to the world.

The Online Safety Bill will prevent everybody in the United Kingdom from communication with people overseas. It will end free movement of digital speech. It will be CyberBrexit.

The negative consequences for the general public will be incalculable.

But the Westminster Bubble, what will they use in order to keep our country running in the two or three years until BritChat™ can be delivered by DSIT?

Well… I hear that Telegram and TikTok are both very popular.
[END]

[1] URL: https://alecmuffett.com/article/55670
[2] URL: https://creativecommons.org/licenses/by-sa/3.0/

DropSafe Blog via Magical.Fish Gopher News Feeds:
gopher://magical.fish/1/feeds/news/alecmuffett/

You are viewing proxied material from magical.fish. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.