Tech companies and privacy activists are claiming victory after an eleventh-hour concession by the British government in a long-running battle over end-to-end encryption.
The so-called “spy clause” in the UK’s Online Safety Bill, which experts argued would have made end-to-end encryption all but impossible in the country, will no longer be enforced after the government admitted the technology to securely scan encrypted messages for signs of child sexual abuse material, or CSAM, without compromising users’ privacy, doesn’t yet exist. Secure messaging services, including WhatsApp and Signal, had threatened to pull out of the UK if the bill was passed.
“It’s absolutely a victory,” says Meredith Whittaker, president of the Signal Foundation, which operates the Signal messaging service. Whittaker has been a staunch opponent of the bill, and has been meeting with activists and lobbying for the legislation to be changed. “It commits to not using broken tech or broken techniques to undermine end-to-end encryption.”
The UK’s Department for Digital, Culture, Media and Sport did not respond to a request for comment.
The UK government hadn’t specified the technology that platforms should use to identify CSAM being sent on encrypted services, but the most commonly-cited solution was something called client-side scanning. On services that use end-to-end encryption, only the sender and recipient of a message can see its content; even the service provider can’t access the unencrypted data.
Client-side scanning would mean examining the content of the message before it was sent—that is, on the user’s device—and comparing it to a database of CSAM held on a server somewhere else. That, according to Alan Woodward, a visiting professor in cybersecurity at the University of Surrey, amounts to “government-sanctioned spyware scanning your images and possibly your [texts].”
In December, Apple shelved its plans to build client-side scanning technology for iCloud, later saying that it couldn’t make the system work without infringing on its users’ privacy.
Opponents of the bill say that putting backdoors into people’s devices to search for CSAM images would almost certainly pave the way for wider surveillance by governments. “You make mass surveillance become almost an inevitability by putting [these tools] in their hands,” Woodward says. “There will always be some ‘exceptional circumstances’ that [security forces] think of that warrants them searching for something else.”
Although the UK government has said that it now won’t force unproven technology on tech companies, and that it essentially won’t use the powers under the bill, the controversial clauses remain within the legislation, which is still likely to pass into law. “It’s not gone away, but it’s a step in the right direction,” Woodward says.
James Baker, campaign manager for the Open Rights Group, a nonprofit that has campaigned against the law’s passage, says that the continued existence of the powers within the law means encryption-breaking surveillance could still be introduced in the future. “It would be better if these powers were completely removed from the bill,” he adds.
But some are less positive about the apparent volte-face. “Nothing has changed,” says Matthew Hodgson, CEO of UK-based Element, which supplies end-to-end encrypted messaging to militaries and governments. “It’s only what’s actually written in the bill that matters. Scanning is fundamentally incompatible with end-to-end encrypted messaging apps. Scanning bypasses the encryption in order to scan, exposing your messages to attackers. So all ‘until it’s technically feasible’ means is opening the door to scanning in future rather than scanning today. It’s not a change, it’s kicking the can down the road.”
Whittaker acknowledges that “it’s not enough” that the law simply won’t be aggressively enforced. “But it’s major. We can recognize a win without claiming that this is the final victory,” she says.
The implications of the British government backing down, even partially, will reverberate far beyond the UK, Whittaker says. Security services around the world have been pushing for measures to weaken end-to-end encryption, and there is a similar battle going on in Europe over CSAM, where the European Union commissioner in charge of home affairs, Ylva Johannson, has been pushing similar, unproven technologies.
“It’s huge in terms of arresting the type of permissive international precedent that this would set,” Whittaker says. “The UK was the first jurisdiction to be pushing this kind of mass surveillance. It stops that momentum. And that’s huge for the world.”
Over the past few years, Apple has pursued a meal-prepping app with a pear logo, a singer-songwriter named Frankie Pineapple, a German cycling route, a pair of stationery makers, and a school district, among others. The company fought a decades-long battle with the Beatles’ music label, Apple Corps, which was finally resolved in 2007.
An investigation in 2022 by the Tech Transparency Project, a nonprofit that researches Big Tech, found that between 2019 and 2021, Apple filed more trademark oppositions—attempts to enforce its IP over other companies—than Microsoft, Facebook, Amazon, and Google combined. Those companies also have trademarked common terms such as “Windows” or “Prime.”
Apple has precedent in Switzerland. In 2010 the trillion-dollar company got a small Swiss grocers’ cooperative to enter into an out-of-court agreement declaring it would never add a bite mark to its logo—a bright red apple inside a shopping caddy—something which, according to the cooperative’s president at the time, was “never planned.”
Things haven’t always gone Apple’s way, though. In 2012, Swiss Federal Railways won a $21 million settlement after it showed Apple had copied the design of the Swiss railway clock. In 2015, an existing “apple” trademark in Switzerland, obtained by a watchmaker in the 1980s, forced Apple to delay the launch of its popular Apple Watch in the country.
Apple is asking only for rights over a black-and-white image of an apple. However, according to Cyrill Rigamonti, who teaches intellectual property law at the University of Bern, that might actually give it the broadest possible protection over the shape, allowing it to go after depictions in a wide range of colors. “Then the question [would be], is there a likelihood of confusion with regard to some other not-exactly-identical apple?” he says.
Irene Calboli, a professor at Texas A&M University School of Law and a fellow at the University of Geneva, says that in Switzerland, anyone who can prove prior history of using a disputed sign has protection in a potential trademark dispute. That means it might be hard for Apple to enforce its trademark on organizations that have used the apple symbol for decades.
However, she says, big, rich companies can often scare smaller businesses into compliance. “The system is very much skewed toward those who have more money,” she says. Just the threat of expensive litigation against a huge company like Apple can be enough to intimidate people and stop them from doing “something that might be perfectly lawful.”
Calboli says that the global trademark business is self-sustaining. “Lots of people make a lot of money over these rights by registering them,” she says. IP rights authorities “are as guilty as the lawyers, because offices want revenues, so they issue registrations for stuff companies don’t need. That’s our trademark industry.” Smaller companies, such as Switzerland’s apple growers, might need to learn how to work the system to protect their own assets, she adds. “We are dancing, and it is difficult to stop the dance. Since the system is like that, better that everybody uses it rather than just the big ones.”
A decision by the Swiss court will not be known for months, possibly years. For the Swiss apple growers, “millions” are at stake if they have to rebrand following a decision. “We’re not looking to compete with Apple; we have no intention of going into the same field as them,” Mariéthoz says, adding that one of the biggest gripes the 8,000-odd apple farmers he represents had with the attempted fruit grab was that, “you know, Apple didn’t invent apples … We have been around for 111 years. And I think apples have been around for a few thousand more.”
But the turnaround is far from uniform. Everstream’s data shows that lead times for some advanced chips needed for medical devices, telecommunications, and cybersecurity systems, is around 52 weeks, compared to a prior average of 27 weeks.
Automotive companies that were badly affected by the pandemic because they initially canceled orders for components, were then blindsided by an uptick in demand, and had no spare inventory and little negotiating leverage when it came to ramping back up. Modern cars can have thousands of chips, and future models are likely to pack even more computing power thanks to more advanced in-car software and autonomous driving functionality.
“Anything automotive—or competing with capacity for automotive—is still highly constrained,” says Jeff Caldwell, director of global supply management at MasterWorks Electronics, a manufacturer of printed circuit boards, cables, and other electronics products. Actify CEO Dave Opsahl, whose company sells operation management software to automotive companies, says the supply of chips has not improved for carmakers, and in fact shortages of raw materials like resin and steel, as well as of labor, has also gotten worse.
Frank Cavallaro, chief executive officer at A2 Global, a company that finds, procures, and tests electronic components for manufacturers, says the current situation reflects the complexity of the chip market and supply chain. Many end products include numerous semiconductor components sourced from all over the world, and also require devices to be packaged by companies that are mostly in China. “It’s macro, it’s micro, it’s down to individual regions,” he says.
Gerdman of Everstream says the appearance of the new BA5 Covid variant in China has raised fears of draconian lockdowns that could hamper the production of chips and other products. She adds that uncertainty around future capacity as well as geopolitical restrictions on chip exports makes it difficult to plan ahead.
The geopolitical picture may well significantly increase global capacity to produce advanced chips. Legislation making its way through the US Senate would provide $52 billion in subsidies to increase domestic chip production. The US share of global chip production has fallen from 37 percent in the 1980s to 12 percent today. But while chip shortages have been cited by boosters of the subsidies, much of the money would go towards reshoring production of advanced chips. The country’s most advanced technology, from Intel, lags behind that of TSMC, presenting a potential weakness in America’s access to technology that promises to be vital for everything from AI to biotechnology to 5G.
The current downtown may only contribute to instability further down the semiconductor supply chain. “Unfortunately, a slowing economy brings with it the risk of some suppliers going into financial distress or liquidity crunch if they cannot access capital,” says Bindiya Vakil, CEO of Resilinc, a company that sells AI-based supply-chain management tools. “This can introduce a lot of risk into the supply situation. Companies should really monitor supplier financial health and collaborate closely with suppliers to give them favorable payment terms, upfront payments and so on, to help them with liquidity.”
The cyclical nature of the semiconductor industry even has some, including Syed Alam, who leads the global semiconductor practice at consulting firm Accenture, envisioning the shortage turning into a glut. “A rising concern for 2023 is the possibility of overcapacity for chip production,” he says. “Companies need to be focused on building an agile and resilient supply chain for the longer term, and be prepared to react.”
Like many nerds before me, I spent a goodly portion of my life searching for the perfect computing system. I wanted a single tool that would let me write prose or programs, that could search every email, tweet, or document in a few keystrokes, and that would work across all my devices. I yearned to summit the mythic Mt. Augment, to achieve the enlightenment of a properly orchestrated personal computer. Where the software industry offered notifications, little clicks and dings, messages jumping up and down on my screen like a dog begging for a treat, I wanted calm textuality. Seeking it, I tweaked. I configured.
The purpose of configuration is to make a thing work with some other thing—to make the to-do list work with the email client, say, or the calendar work with the other calendar. It’s an interdisciplinary study. Configuration can be as complex as programming or as simple as checking a box. Everyone talks about it, but it’s not taken that seriously, because there’s not much profit in it. And unfortunately, configuration is indistinguishable from procrastination. A little is fine but too much is embarrassing.
I spent almost three decades configuring my text editor, amassing 20 or so dotfiles that would make one acronym or nonsense word concordant with another. (For me: i3wm + emacs + org-mode + notmuch + tmux, bound together with ssh + git + Syncthing + Tailscale.) I’d start down a path, but then there’d be some blocker—some bug I didn’t understand, some page of errors I didn’t have time to deal with—and I’d give up.
A big problem I had was where to put my stuff. I tried different databases, folder structures, private websites, cloud drives, and desktop search tools. The key, finally, was to turn nearly everything in my life into emails. All my calendar entries, essay drafts, tweets—I wrote programs that turned them into gigs and gigs of emails. Emails are horrible, messy, swollen, decrepit forms of data, but they are understood by everything everywhere. You can lard them with attachments. You can tag them. You can add any amount of metadata to them and synchronize them with servers. They suck, but they work. No higher praise.
It took years to get all these emails into place, tag them, filter them just so. Little by little I could see more of the shape of my own data. And as I did this, software got better and computers got faster. Not only that, other people started sharing their config files on GitHub.
Then, one cold day—January 31, 2022—something bizarre happened. I was at home, writing a little glue function to make my emails searchable from anywhere inside my text editor. I evaluated that tiny program and ran it. It worked. Somewhere in my brain, I felt a distinct click. I was done. No longer configuring, but configured. The world had conspired to give me what I wanted. I stood up from the computer, suffused with a sort of European-classical-composer level of emotion, and went for a walk. Was this happiness? Freedom? Or would I find myself back tomorrow, with a whole new set of requirements?
When Russia annexed Crimea in 2014, the world’s chipmakers were even more dependent on Ukraine because the country supplied around 70 percent of neon gas. “There were delays in shipments because of border crossing issues,” says Shon-Roy, and the raw materials needed to make neon were also in short supply. “Russia was focusing a lot of their efforts on war and not making steel.”
Burned by that experience, the chip industry scrambled to diversify its supply. A company called Cymer, which is owned by Dutch chip giant ASML and makes the lasers used to draw patterns on advanced semiconductor chips, tried to reduce its consumption of neon. “Chipmakers are concerned about recent escalation of neon prices and supply continuity,” David Knowles, vice president and general manager of Cymer, said at the time, without specifically mentioning Ukraine.
Bondarenko says the price spike in 2014 was mainly caused by a feud between rival neon producers Cryoin and Iceblick, which is no longer operating. However, if access to Russian crude does become an issue, she says, Cryoin has enough supplies to keep production going until the end of March. If that runs out, she claims there are Ukrainian crude producers that Cryoin can turn to as alternatives.
Instead she is more worried about getting neon out of the country. “Borders right now are very overloaded as people, civilians, are trying to evacuate,” she says. “If the authorities of countries where our clients are located are able to influence the border situation for the commercial shipments then that would be a great help [and] it will not affect the whole industry worldwide.”
Chipmakers have played down how much they will be affected by the crisis in Ukraine. “There’s no need to worry,” Lee Seok-hee, CEO of South Korean chipmaker SK Hynix, said last week, adding the company had “secured a lot” of materials. Koichi Hagiuda, the minister of economy, trade, and industry in Japan, said Japanese chipmakers are not expecting a “major impact” on their operations because they can source materials elsewhere. The country imports 5 percent of gases used in semiconductor production from Ukraine.
But there are signs that despite the warning of 2014, Ukrainian neon still plays a major role in the industry. ASML told WIRED it sources “less than 20 percent” of the neon it uses in its factories from Russia or Ukraine. “Along with our supplier we are investigating alternative sources in the event of a supply disruption from Ukraine and Russia,” a spokesperson says.
There are concerns that the US is even more vulnerable. Last week, the White House urged US chipmakers to find alternative suppliers, Reuters reported. “We see huge amounts of imports coming into the US from [Russia and Ukraine],” says TechCet’s Shon-Roy. “It is my educated assessment that what’s coming into the US from Russia and Ukraine could be as much as 80 to 90 percent of all [neon] imports.” US chipmaker Intel did not respond to a request for comment.
But sourcing neon from elsewhere will not be easy. Any disruption in Ukraine will hit chipmakers at a time when the industry is already under intense pressure from post-pandemic demand. “The drive behind increased production is so strong that it is causing strain in the supply chain everywhere, even without a war,” Shon-Roy adds. “So there is no excess supply of this kind of gas that I know of, not in the Western world.”
More Great WIRED Stories