Independent review of UK national security law warns of overreach

> He warns that developers of apps like Signal and WhatsApp could technically fall within the legal definition of "hostile activity" simply because their technology "make[s] it more difficult for UK security and intelligence agencies to monitor communications.

Sounds like Let's Encrypt would also fall under that.

This has got to stop. If you want to stop criminals, then focus on their illegal activites, not the streets they walk on. I walk on them too. And don't use CP as a catch-all argument to insert backdoors.

Their big problem here is that previously, it was hard to find people with the same opinion as you. If you couldn't find someone in the same village who wanted to start a rebellion, it probably wouldn't happen. Today, someone can post a Telegram group message and make thousands of people rally to a town square. I see the dangers, and I see why governments think they are doing this to protect the people. No one wants civil war. That is still not a strong enough reason to call road construction a hostile activity.

I'm back in Sweden after 12 years abroad. Time to read up on which parties are sane and which aren't when it comes to technical infrastructure.

I know this is about UK (where I am a foreigner living for almost a decade).

But why are pretty much all governments universally inept? It's not only the UK but US gov has also pushed for this and plenty of other stupendously stupid ideas or decisions - and plenty of other governments (well, all of them) besides.

It leads me to believe that our species is incapable of leading itself, that we are incapable of choosing good leaders.

> Developers of apps that use end-to-end encryption to protect private communications could be considered hostile actors in the UK.

So say if my UK friend connected directly to my PC with SSH/RDP, both uses end-to-end encrypted link, to chat with me using `wall`, `write` or Windows Task Manager, then all of sudden this is a hostile and Mr Big Ben will just launch laser at me to burn me to death. Wow, this is just messed up.

Someone should check the cognitive of those lawmakers, because these guys are clearly not good at their jobs. If such they failed to understand such simple concept, how can they understand much much more complex construct such as society?

Developers of apps that use end-to-end encryption to protect private communications could be considered hostile actors in the UK. <-- HTTPS does this. What about secure sites like baking sites that encrypt end-to-end? Old farts making laws about things they know nothing about.

There are quite a few comments below complaining about the headline - happy to change it, but I'm in a meeting trying to figure out more about https://news.ycombinator.com/item?id=46301921 for the next bit.

Can someone suggest a better title? Better here means "accurate and neutral, and preferably using representative language from the article".

It makes a lot of sense. Whoever wants to continue developing "these apps" will do it privately, and sell the service to those who want to keep doing things in hiding. Well done, watchdog!

So again, it just harms the general public, while making it harder to catch criminals.

The authorities here (UK resident) are already pushing hard for as much authoritarianism as they can get. They are also increasing prison capacity and the two tier system is a genuine thing with public services collapsing.

Police militarization, drones, army unit investigating private civilians, digital powers widening... I am more scared of the government than I am of local paramilitary forces at this point.

It may be enough to swing my vote towards Irish unity given the topic will be forced within my life time.

Not unlike in Canada right now. The bill is stage 2 but proceeding. https://www.globalencryption.org/2025/09/open-letter-bill-c-...

Soon in the UK: "That photo you took looks too noisy. You could be hiding data in it!"

The encryption debate is the same as the gun debate. The tools are politicized because it's the easy thing for lawmakers to make it look like they're taking action. As the report warns, the deployed laws have negative consequences.

Outlaw all guns and make end-to-end encryption illegal doesn't stop GRU dropping novichok perfume bottles around england.

I am quite possed with the implementation of social control and restrictions that increasingly look like the only purpose is to keep power tight and half-slaving people.

I think we should all massively move to crypto, gold and such things, avoid KYC when possible and show these people that we will not go through their wishes no matter the oppressive laws they try to come up with.

They can put a few in jail. But when we are millions, what are they going to do?

Being hostile to these agendas is becoming a necessity.

anybody can buy esim on street(ask llm how to do so) for cash or crypto. anybody can randomly talk on random webrtc domain or use random delta chat email to text.

if somebody really has high income(and high risk) illegal scheme he will not use signal for very bad things.

more, llm can tell exactly do things outlined above.

so chat control is for small(small income) crime and control of ordinary citizens behave well. in this sence it will serve its purpose.

so what is purpose going for signal developers? why not they try to do same with webrtc standard and browsers and llms?

Meanwhile MI6 offers an onion service for secure communications:

mi6govukbfxe5pzxqw3otzd2t4nhi7v6x4dljwba3jmsczozcolx2vqd.onion

https://www.youtube.com/watch?v=OYB129pGq0k

I wonder how the public in the UK feels about their country quickly devolving into an oversurveilled state.

This is a terrible headline, despite being the original.

The "watchdog" is a KC (senior barrister) officially appointed to review the legislation. He's warning that this could be considered hostile activity under the act, which would be a bad thing. In other words, he's criticising the act for being overly broad, a view that most on HN agree with, and his criticisms of it presumably carry some weight, given his official role.

As usual, this has provoked a load of ill-informed knee-jerk rants about the UK government from people who didn't read past the headline. This act is an absolute stinker, but let's maybe criticise what's actually happening rather than some imagined cartoon variant of it.

"Claims" in the title is misleading. He (It/They, I guess it is an organism, not a single person) is _warning_ about that, same as this page always does. So, it is not an infamous claim, it is a warning to all affected parties (i.e. also the government).

^^;

If there was ever a signal ( edit: happy accident ) that it should be done, it is that the government agency thinks it is a bad idea.

We are just one step from banning HTTPS in UK, aren't we?

It's not technology. It's negotiation between people and state. Having a state requires people to forego something and contribute something. More stronger the state you want, more you need to give up. It's about your needs and making a deal.

This was easy to predict. It also shows how backwards are the UK security bureaucracy as you can simply clone Signal and tweak it, and deploy your own blend. Also, perhaps an LLM can do it as well, what if the prompt is "keep me safe from a totalitarian government"?

Interesting how the term "watchdog" has been appropriated to mean an organization keeping watch not on the powerful, but on everyone else.

UK gov seems intent to establish a surveillance state :(

It is becoming more and more important that people learn to encrypt things locally themselves, its not end-to-end if the users are the ones encrypting and decrypting manually and then sending that message over unencrypted methods to comply with this draconian invasion of privacy. It would probably be a matter of time before they try to make using PGP usage illegal as well but they haven't yet.

Echelon, Five Eyes. If you feel safe because of "Muricah", then you know nothing.

Just look at the Tempest for Eliza project. And current snoopers are even more effective than that.

Absolutely sick and tired of what I call "minority report" laws where you didn't cause any harm, but you are flagged and penalized for having had the potential to cause harm. Illegal is illegal, you don't need to make precursors illegal.

When government is corrupt, any activity that makes it easy for citizens to protect themselves can be described as hostile.

This is just a symptom of security services not doing the job tax payers pay them to do.

Like when foreign asset managers can influence government to create policies nobody voted for and make it the most important thing on the agenda? No a single arrest?

We are entering banana republic territory.

Strong encryption is necessarily at odds with the state. It's somewhat crazy that states allowed private citizens to use it freely as long as they did.

"Developers of apps that use end-to-end encryption to protect private communications could be considered hostile actors in the UK." <-- What about HTTPS, the thing that secures most websites especially banking sites. Old farts making laws about things they know nothing about! FFS

This government has to be stopped and any other governments that are 'hostile' to it's citizens.

Vote them out at the very least.

You, UK regulators and law enforcement, shall learn first how to do your frickin job!

Intruding everyone's privacy is not that!

Should everyone hand in their full recording of private conversations and full track of movements per month so you can filter out those breaking the law and claim you did your job?! NO!

Or better yet, should everyone spend two weeks in a high-security jail every three years, just so you can claim that, statistically speaking, crimes were punished? So your life can be easy, you can kick back, and collect paychecks? You'd like that, wouldn't you?! Maybe farmers can ask people making food for themselves but still collecting money for it, shouldn't they?

If you must intrude the privacy of all people then you are just a buch of incompetent idiots without a clue how to chase the actual criminals instead of harassing honest people! Exposing everyone to bad actors. Which is a crime on its own, by the way!

If you are unable to do without privacy violations for everyone then get a job you are able to carry out!

Walls, locks, gates, and all such are made for a purpose: to protect people. Don't break them!

UK has entirely gone off the deep end. The value they place on free speech is nearly zero.

It may soon not be safe for authors of any privacy or encryption software to visit it or live in it.

The way to fight this is to make and use so much encryption software that no private communications or storage stay unencrypted or non-private.

This was always the end game and all our warnings were ignored. One of those very bittersweet “told you so” moments. Bye bye, Britain.

Hah, I’m now a hostile actor!

> Jonathan Hall KC, the government’s Independent Reviewer of State Threats Legislation and Independent Reviewer of Terrorism Legislation

Right-wing extremist and likely Russian asset.

What the fuck is the UK's problem? In fact, what the fuck is wrong with Europe in general when it comes to freedom of expression today?

Fuck the government

[dead]

And the government defrauding the English of their own homeland while pumping in misinformation by the petabyte while simultaneously calling everything else misinformation isn't hostile activity?

If a government is legitimately elected, and respects due process, I don't see why people would want to hide from the government.

There are very few situations where a journalist would need to hide himself from a legitimate government who respects due process.

With the Trump administration, in China, Russia, yes of course. Those apps do matter. Conventional apps are probably giving data to abusive governments if their laws require it.

With criminals using those apps to not get caught in those legitimate due process countries, I don't really know if those apps are worth using it they help criminals.

I agree that I don't want to give my data to big companies or for ads.

But I trust a legitimate government and due process.

AI can make you a basic signal for whatever group you want with zero oversight now anyway. The days of trying to proxy anti-encryption laws so you can spy on your people are numbered.

I think there is a point to this. I’m not saying I’m a fan. But the reality is that it is too simple to communicate secretly, and the government has an interest in protecting its citizens. This is true in many aspects. (Health, technology, electronics, traffic)

Btw. The https communication comparison does not hold, there is always a third party that can read what you say. E2E chats are effectively communication where evidence is instantly destroyed.

Want to have a private communication, I think offline is the right approach.

I agree that it sucks, but it’s probably not about you. It’s about nefarious people that use this as an uber advantage.