Let's wind the clock back to 1997, and then look at the @ukhomeoffice press release earlier today:

«
LICENSING OF TRUSTED THIRD PARTIES
FOR THE PROVISION OF #ENCRYPTION SERVICES
Public Consultation Paper
on
Detailed Proposals for Legislation
March 1997
»

https://web.archive.org/web/19970716004745/http://www.dti.gov.uk/pubs/

"the Government would be bringing forward proposals for the licensing and regulation of Trusted Third Parties for the provision of encryption services"

- you would have no PGP, no HTTPS, no Tor, unless you provided the Government with a copy of the key; and this was "balance"

Gov't fear, then, was that people would be encrypting data in motion, passing over a network. The fear now is that people will be encrypting data, even momentarily "at rest", as it passes through the cloud, encrypted from one person to another:

Then, as now, the discussions are being pushed as "industry"-related - this is all about corporations (then: telcos, now: platforms) and garnering their adherence. That the main actors will be *individuals*, enabled by (often, free) software, is nowhere to be seen.

I do vaguely wonder what @iancolintaylor thinks now, of Governments demanding back-doors into his own WhatsApp and other messenger chats. But: back to the story...

Building back-doors is all about "building the information society in the UK" and "[offering] exciting opportunities in the UK" - we saw what happened when HMG tried taking an opportunity to build a parochial, homebrew #NHSCOVID19app; bit of a disaster and a waste of tax money:

[This is a topic which I have expanded on further, here.] https://medium.com/@alecmuffett/the-economic-opportunity-cost-argument-in-favour-of-end-to-end-encryption-e2ee-in-2020-7aebbcec4ec4

Compare: 1997 Government telling tech that Government should tell tech how to build solutions, vs: 2020 Government telling tech that Government should tell tech how to build solutions. At least 1997(c) is a bit more honest about hinting the value proposition…

[ Link for that latter: https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/925601/2020.10.11_International_statement_end-to-end_encryption_and_public_safety_for_publication_final.pdf ]

To this day I strongly believe that the ratio of pink-text to yellow-text in this paragraph, reflects the Government's actual concern for the privacy of individuals:

It's probably worthwhile recapping, the proposal back then was that the UK Government would license "trusted third parties" with whom UK people who did any encryption would be obligated to stash a copy of the keys, just in case Law Enforcement wanted to peep.

Having realised that this is a non-scaling, geopolitical non-starter (e.g. some people on the Internet are outside the UK) the goal *now* is to put the tech companies into the same role for themselves, weakening their user privacy mechanisms to satisfy a small coalition of states

It's also worth pointing out that today, as it was 20, or even 200 years ago, the best way to break a conspiracy is to turn an informant rather than to demand that all the world's privacy should be eroded so that it is wiretap-able: https://twitter.com/adamgoldmanNYT/status/1314299965389385730

"The development of encryption services via TTPs requires compatible mechanisms in other countries" - as I have been saying for years, to add backdoors for 1 country will require them for all countries, even those with poor human rights records.

To date I've not seen any insight from @ukhomeoffice @NCSC @MissingKids @pritipatel @PeterDutton_MP @AndrewLittleMP or any other proponent, re: how platforms should prevent this back-door being used by (e.g.) China for the persecution of #Uighur people, to name but one atrocity

Interesting to look at the OECD recommendations cited by the 1997 proposals: the latter clearly puts "law-enforcement access" on par with "corporate employer escrow", so one wonders what legislation will prohibit lawsuits attempting to crowbar-open any backdoor? @neil_neilzone?

The OECD also clearly identify that some forms of back-door also put data assurance at risk; and we are not seeing discussion of that nowadays:

[ link: https://www.oecd.org/sti/ieconomy/guidelinesforcryptographypolicy.htm#recommendation ]

It's not just about British children, it's that robust End-to-End Encryption will be helping to assure the safety of everyone in the world. Thank you, OECD

Back to 1997, and I predict that you can expect to see something like section 42 bullet 2 coming out of the EU fairly soon, as the anticapitalist privacy wonks double-down on "Your WhatsApp Message Should Be Forwardable to iMessage or SMS", calling for authorised middlemen:

"TTPs will allow UK Business to take advantage of secure electronic trading" - or, you know, people could just do it for themselves. The technology is not that hard to drive, even if you have a First in PPE from Balliol.

And here's a "one-two punch" in the 1997 document which you are not overtly seeing today, but which is there behind the scenes:

1/2 "If you don't add a backdoor to your encryption software then we will make it really hard to export it..."

2/2 "...but we're supposed to believe in free markets, so we'll say that we'll let the market decide which products to use."

Google, Facebook, Twitter (etc) are already being threatened with legislation to coerce them to add backdoors. "Child protection" is a front.

2020: Licensed social networks, anyone?

"Voluntary use of <services> … Organisations offering or providing encryption services to the public in the UK, including those providing or advertising such services from outside the UK, will be required to be licensed."

Make no mistake: if some Governments of the world are permitted to require (i.e.: mandate) that back doors are provided in #EndToEndEncryption, then we are moving towards the end of both innovation and of free software.

Be licensed, or don't exist.

Interesting insight from the 1997 document: these are the lengths to which a TTP would have to go, to "vet" employees for access to the backdoor mechanism. In 2020, this would essentially mean "Most or All {Facebook, Google, SnapChat, Telegram, …} Software Engineers":

Gosh, what do you think @realDonaldTrump would have done, if he had had the capability to "revoke the license" of @Facebook or @Twitter or @Snapchat? Or even of the @nytimes website?

With hindsight, this 1997 quote is utterly amazing:

"However, if the bank wished to extend the cryptography's functionality and allow client to client communications, then this service would be covered by the legislation"

They only ever fear people talking to other people.

"Comply, or we will ban you." - in the modern day it would be interesting to see the UK Government calling to ban any form of communication which they cannot directly intercept / that cannot serve a Technical Capability Notice

[ aside: I am pretty sure that most of the big social networks are already facing such intimidation; it will be interesting to see how @signalapp and @BriarApp, etc, are approached ]

"It is envisaged that it should take no more than an hour for a TTP…to deposit the appropriate client encryption key(s) with the central repository."

It was never envisaged that (e.g.) there would be a different key FOR EVERY SINGLE MESSAGE, per @signalapp

If the TTPs of 1997 are the Platforms of 2020, with the call for backdoors in end-to-end encryption we can expect to see:

- Non-compliant social networks, banned under criminal law.

- Platforms being liable for weaknesses that the Governments have required them to implement.

One last hint from 1997 of how strongly the mindset of "The British Internet, for British People" (& similarly for the US, France, Aus, etc) - parochial mindset was/is.

There is no "British Facebook", no "British Internet" to be subject to British interception. It's all Global.

If you've been following this thread, you should now go and look at https://www.gov.uk/government/news/home-secretary-and-international-partners-tell-tech-companies-to-put-child-safety-first and follow the links through to the apparently heartfelt but self-serving appeal at https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/925601/2020.10.11_International_statement_end-to-end_encryption_and_public_safety_for_publication_final.pdf [PDF]

Governments are calling for Platforms to add backdoors to their #EndToEndEncryption messenger software, ostensibly to protect children, in the process risking the privacy of *everyone* who uses those platforms - including entire cultures who are at risk of political oppression.