If it needs to interoperate with Signal I would think it would be easier to modify Signal to include the new audit-friendly protocol than add audit to Signal. A lot of what Signal includes (P2P key verification, PFS, post-compromise security, deniable) are contrary to the goal of universal logging.

The major selling points of these companies is self-hosting the key management server, and sometimes even more of the infrastructure. This would need to be part of the product offering too.

I can see the idea but that’s a hard market to get into. You’d need a security cleared technical sales team, FIPS certifications, etc. it would be a major departure for the company culture. These companies also often value having ex- military/intelligence staff. I can see conflicts there.

In terms of UX I think that’s achievable, e.g. the UK app in this space looks pretty much like WhatsApp. For ecosystem, indeed that’s a problem because government requirements are anti-requirements for pretty much everyone else. apps.apple.com/gb/app/armou...

It’s just a bizarre situation. When I was looking into MIKEY-SAKKE I found a whole ecosystem of government messengers with NATO security certifications and clearances. The protocol is (for better or worse) very amenable to centralised logging. And yet they picked a hacked-up Signal.

Nationwide offers the only service I’m aware of that backs up their advice with a guarantee. I don’t know how it works but I suspect that if AI is involved, there’s human verification of decisions. www.nationwide.co.uk/help/fraud-a...

And I’d add that Telegram’s janky cryptography doesn’t achieve anything normal encryption can’t provide. Signal uses some interesting constructions but did so to offer better security (and largely succeeded).

I'd view the consultation as an opportunity to revisit how electronic evidence should be handled, and disclosure is obviously a critical part of that. Flipping the presumption is just a mechanism to impose disclosure requirements on a party that is reluctant to do so.

You raise a good point. In my experience, the presumption is rarely explicitly mentioned in disputes. And it's not entirely clear whether PACE s69 would worked out better (the Post Office included PACE s69 statements even when they were not needed).

I found this video showing the tracking information. The Solong was heading directly towards the tanker for hours before the collision. I’ve no idea what could have caused such a failure. youtu.be/Ex6OpRiuflA?...

Thanks, that looks like it. The IPT web page makes no mention of that, but maybe they are focused on what members of the public could bring to them.

I remember hearing similar objections when Signal implemented disappearing messages. I’m glad the pragmatists won, correctly (IMO) arguing that the feature is to encourage good hygiene rather than enforce security against a malicious communication partner.

This could be followed up by a judicial review, for example arguing that there was a violation of human rights. The existence of this would be public knowledge but not necessarily all the evidence presented.

In case you are curious about the legal route, it is described here. It would not necessarily be public, so I can’t say whether it has happened. www.gov.uk/government/p...