UK's new Snoopers' Charter just passed an encryption backdoor law by the backdoor Among the many unpleasant things in the Investigatory Powers Act that was officially signed into law this week, one that has not gained as much attention is the apparent ability for the UK government to undermine encryption and demand surveillance backdoors. As the bill was passing through Parliament, several organizations …
Let's face it, if it's like it is across the pond, few casual users will notice. Businesses that depend on specific software will pay any price, even if that means software that has been hobbled in a non-business-critical way. IT folks will bang their heads against the wall over the implications, and we may see some increased use of OS, but it won't change much.
They knew that when they passed it.
This post has been deleted by its author
"I dont believe this paw would last long here in the states."
It will never pass here in the states, too many spy games. Our gov already spies on us, but to put it into law is nuts. Maybe the law was passed over there for some grand purpose, but how long until they go to get a drivers license and a online check is ran to prove you haven't driven without a license? Tweet: "Just drove down to get my license!! I'm free now!!"...oops, maybe the opposite. It's not beyond realistic that this new law will get out of hand. In fact, considering how all governments work, it will probably be much worse i.e. "Online Security Tax: .85%".
It does give some "hope" to those here in the States that want similar. Simply reference the Brit law and say: "We need something like this. Afterall, it weren't the right thing to do, they wouldn't have passed it.". And things will go to hell from there..... err.. correction... things are already going to hell.
"It does give some "hope" to those here in the States"
Think about the spy games here in the USA played out 24/7. I might retract my above post because this article might be trolling or missing something. This article makes it sound like, well... Imagine you added a locked door on your house that read "VALUABLES INSIDE: THIEVES ONLY!" Well, at least you locked the door... An invisible, unadvertised, secret door on the othet hand (USA)...
>You can kiss the UK Software Industry good bye. Who would buy a software product from there now?
Anyone know who "an operator" is? Just the commercial ones such as telco's or is this down to individuals too?
It looks to me like a fairly logical extension of "give us your password or we'll throw you into gaol forever," to cover in-transit as well as at-rest data. Didn't MS get into trouble with the Belgians for not providing tapping capabilities to skype? Is anyone surprised its no longer p2p?
That's the fun part!
This is 'primary legislation' - that means legislation that has passed parliament and been debated 'fully' by both houses.
What sets the actual rules is secondary legislation - this can be passed with little or no scrutiny, and require a majority of MPs to vote against it in a seperate vote that the MPs initiate later, only once it's passed.
The only limits to this are if the primary legislations limits cannot be read in a way to cover the powers required.
However, in this case, the definition of 'operator' is 'a postal or telecommunications operator', and that is further defined as 'someone who provides a postal or telecommunications service'.
Which is comedically vague, and can be (without violating the terms of primary legislation) read to mean anything from large ISPs to individuals controlling open source projects.
It most certainly - for example - includes people who operate random wifi hotspots who may be required to install certain software or do certain things.
"includes people who operate random wifi hotspots who may be required to install certain software or do certain things."
Will they? It seems to me that only the "big boys" will be affected as it stands due to the proviso in the bill which states "CSPs subject to a technical capacity notice".
So those smaller ISPs who are nit currently subject to website block orders today will not be subject this backdooring. I may be wrong now, and will almost certainly be wrong as feature-creep sets in, but at least for now they won't be enforcing this on smaller companies without the money and resource to do and not on individuals either.
What's particularly galling is that a pathetic nut job murdered a popular MP who was generally regarded as doing what she was meant to be doing: representing the people who elected her to represent them compared to Ms May who has her own personal agenda of an all invasive (thought) police state that many experts have clearly stated has no benefit to the electorate, particularly in what is meant to be a leading democracy in the "free" world.
There will be no Revolution here.
A per-requisite for a revolution is the ability of likely-minded individuals to organize, prepare and serve as the catalyst for the masses to rise.
Let's see:
1. Organize. Let's face it - the current surveilance and anti-encryption laws guarantee that this does not happen. The government was taken by surprise 15 years ago by the fuel blockade protests and it has been ensuring that it never happens again. No organization for the proles. Ever.
2. Prepare. Right, British law is pretty adamant on the "prepare" bit - any preparation falls under possessing materials "useful for terrorists", so this was taken care of by the previous Evil Witch.
3. Masses to rise. Masses which are glued to the 42 inch TV set watching "I am a celebrity, get me out of here" buried under a pile of Hello, OK and Sun on Sunday are not rising any time soon. The most they will rise will be for a new bag of crisps. The masses may riot, but they will NOT rise.
So the answer to "Dad, what did you do in the Revolution" will be "Nothing as there was not one".
All we have left is to watch the new Great Chancellor(ess) rise and pray for the coming of Edmon Dantes (He was my father, he was my mother, he was my brother).
@Voland's right hand
I wish you were wrong...possibly. Revolutions are messy and people who are good at leading them are not often good at governing.
People generally won't rise whilst they still have food - countries get away with far lower standards of living than us without trouble. Note that a constantly rising standard of living has protected the Chinese regime - even a pretence at democracy isn't necessary.
All that said I'd buy a lottery ticket with a chance of winning the right to shoot the pry minister (given how many would want in on that after the revolution it seems the only fair way)
To be fair, from the end of the war, through the darkest days of the cold war the UK government allowed people to communicate with anyone in the world (including the Soviet Block) through the amateur radio service. This was at a time when monitoring spectrum was orders of magnitude harder than it later became with the advent of SDR and wideband recording as we have it today.
The CB debate was really about whether people needed to be technically qualified, and given the complexity and reliability of radio equipment at the time that was a reasonable demand. The second aspect of the CB concern conformance with international radio regulations which did not recognize operation for that purpose on the frequencies that CBers were using.
@Voland's right hand, it has to be done the way the Dems are doing it in the States right now. Get only maybe a hundred protesters, but bus them to different locations and claim it's spontaneously different demonstrations by different people.
Paris Hilton icon, for insincere sincerity.
What the hell has it got to do with the masses?
There's an old saying: When the poor go hungry, that's normal. When lawyers go hungry, empires fall.
No-one really cares if the masses suffer. When educated middle-class types find themselves threatened, that's when the shit hits the fan. That's why it's usually colonels, doctors or lawyers who lead revolutions and coups. The masses generally figure they'll be screwed either way, but like to see the rich and powerful fall regardless.
Which is more or less the exact setup we've been producing in the West for much of the past 20-30 years; the degree mill followed by the recession has produced a huge number of extremely highly-educated young people who now cannot get the good jobs that were promised to them when they signed up for university, and so are struggling along with large amounts of debt and still going hungry. That's fertile soil for revolutionaries.
That's why so many people are already being radicalized by various nutjob causes like the alt-right or ISIS. The number of militia groups in the US has tripled in the last 5 years. Most of Europe is a recruitment ground for radical Islamist groups in the Middle East and far-right ultranationalist groups. I don't think we're likely to see some spontaneous civil wars, but a political revolution getting out of hand and turning violent is far from out of the question at present. Real revolutions take years or decades; the old order crumbles and the violence comes when the power vacuum is well advanced.
"The masses may riot, but they will NOT rise."
Eric Blair wrote a book about that, published in 1948. 'Course he didn't write it under that name, and his timescale was a bit short, but one important observation in /1984/ was that the proles would never rise. The masses you mentioned *ARE* the proles he was talking about.
Here's what I did, son...
1. Got a VPN privacy service with servers located beyond the grasping clutches of the NSA/GCHQ.
2. Used local asynchronous encryption on everything sync'd to Cloud storage, protecting everything in the Cloud whether or not the respective service actually supports encryption.
3. Used whole disk encryption on everything else, including the system partition and backups.
4. Stopped using email entirely, and switched to Bitmessage, pseudonymous social networking via VPN, and darknets.
Although frankly, the way things are going, I think I'm just delaying the inevitable. Under the circumstances probably the only realistic, long-term measure you can take to defend your civil liberties ... is to get a passport.
"1. Got a VPN privacy service with servers located beyond the grasping clutches of the NSA/GCHQ."
The government will then block those VPNs so the ONLY ones you can access are domestic and open to spying. Since OpenVPN requires specific credentials like IPs in their configurations, these credentials can be read and blocked.
"2. Used local asynchronous encryption on everything sync'd to Cloud storage, protecting everything in the Cloud whether or not the respective service actually supports encryption.
3. Used whole disk encryption on everything else, including the system partition and backups."
See xkcd and the monkey wrench, unless you're wimpy or masochistic.
"4. Stopped using email entirely, and switched to Bitmessage, pseudonymous social networking via VPN, and darknets."
Serverless systems like Bitmessage, freenet, and so on are murder on data allowances. Plus what if the people you want (or NEED) to talk to don't use that stuff or have such tight data allowances it's not an option?
"Although frankly, the way things are going, I think I'm just delaying the inevitable. Under the circumstances probably the only realistic, long-term measure you can take to defend your civil liberties ... is to get a passport."
Which is less useful a prospect when more and more countries fall victim to the data grab. What'll you do when EVERY country starts doing it (including the EU when they abandon their privacy directives as ink on a page)?
I'm just following the natural progression of countermeasures available to me at any given time.
The prospect of those countermeasures being blocked and/or criminalised in the future is a bridge I will have to cross, if and when that happens, but I have no power to prevent that eventuality, and currently there are no other alternatives*, so I'm compelled to use what's available.
It does in fact seem very likely that VPN will either be blocked/restricted by technical measures in the future, or criminalised, or both, given the increasingly oppressive regime we live under. Strictly speaking, VPN and everything else that uses encryption is already criminalised under RIPA - legislation that dispenses with habeas corpus and the presumption of innocence, and compels you to reveal passwords or face imprisonment, without the need for evidence of any further wrongdoing. But again, this is currently the only option* available, "illegal" or otherwise.
As for the "monkey wrench" (a.k.a. "rubber hose") vulnerability, again if your regime is so oppressive that you're subject to government kidnapping "extraordinary rendition" and torture "enhanced interrogation", then all bets are off, the question of technical measures becomes moot, and your only reasonable option* is to leave.
* (One possible solution is plausible deniability, but current implementations are difficult and somewhat flawed.)
The fact of any effective countermeasure being difficult or unpopular is also moot, given that it's your only option. It's also worth bearing in mind that there's a direct correlation between the popularity of such countermeasures and the degree of oppression. Eventually even the least technically adept in an oppressive regime will be conditioned into accepting complex countermeasures as a necessary evil. History teaches us how even ordinary folk adapt to the harsh conditions of oppression.
The one saving grace is that, if all else fails, you can always escape to a freer society. The question of what to do in the event that no such society exists any more only has two possible answers: revolution or slavery.
Get a copy of Ray Mears' Survival books, then become a hermit in the wilds of Canada. That country is so vast, you'll never be bothered by the authorities. Probably plenty of freshwater fish to catch and eat.
What is happening now is beyond, way beyond, the Nazis' wildest dreams of world domination. And we're just letting it happen.
Those bits of the EU previously more committed to data protection seem to be less concerned, suddenly.
And note that the intent of the Act is largely to legitimise activity that was already going on and was "perfectly legal" until it turned out perhaps not to be. Very little, if anything, has changed in practice.
the intent of the Act is largely to legitimise activity that was already going on
No, no it isn't.
ISPs were not logging this data because it wasn't required for billing, unlike say phone records. That's entirely new capability. It also doesn't legitimise or de-legitimise anything GCHQ were up to, nor does in grant on oversight to civilians to take them to any sort of task; even if we assumed they were capable.
But whereas previously your complete browsing history was recorded by a pseudo-legal system under the pretext of National Security, and presenting that as evidence in a court of law would involve admitting their capabilities, now they can just print out the logs from the ISP and present that.
Meanwhile the Merkel Govnm't intends to go full retardretreat on the customary attention to data protection, I really don't know what's going on: Germany planning to 'massively' limit privacy rights
The bill would also shut down citizens' right to know what data is being collected about them - even by private firms, if releasing that information would "seriously endanger" a company's "business purposes," the SZ quoted the draft as saying. Thilo Weichert, former data protection commissioner for the state of Schleswig-Holstein and now DVD board member, condemned de Maiziere's plans as a "massive" erosion of privacy in Germany.
I feel an Angry Election will be next.
But whereas previously your complete browsing history was recorded by a pseudo-legal system under the pretext of National Security, and presenting that as evidence in a court of law would involve admitting their capabilities, now they can just print out the logs from the ISP and present that.
All they can say is you connected to a server at a certain time, which in most cases would also include thousands or millions of other people at the same time. That's not evidence of any sort. So yeah, what's this law for again?
The EU wakes up and shuns British based Internet services?
Why would they? (a) the French and Germans certainly do the same sort of thing, and it's very likely that most other of the EU27 have some sort of lawful intercept capability; (b) there's a national security get-out clause in both the DPPD and NDPR.
How long until
The EU wakes up and shuns British based Internet services?
Sadly, not only is that not going to happen, signs are that the EU is moving towards the US (and thus the UK) with respect to the protection of privacy, for a very simple reason: US lobbying.
US companies have realised that there is no fixing of the Human Rights mess they made at home, so to protect their sales they are working on the next best thing: making EU privacy protection just as weak. UK's new snooping charter is but one example of others in the make, all based on the same old terrorism excuse and all suspiciously devoid of transparency.
At least that will not be a hard one to re-negotiate post Brexit: the UK seems now ahead of events, and just as much heading back to Medieval times as a Trump driven US will be.
Don't give up.
Non-UK based VPNs include the ones that every company that has a branch office UK uses to talk back to head office. And when said companies include, eg, Goldman Sachs, do you really think the UK government is going to ban them?
Banning VPNs would be economic suicide on par with the UK leaving...oh, wait a minute...
"Non-UK based VPNs include the ones that every company that has a branch office UK uses to talk back to head office. And when said companies include, eg, Goldman Sachs, do you really think the UK government is going to ban them?"
Yes, because you still have the requirement of having a local presence in order to bank in the UK, and I've never heard of a business willingly completely abandon over 100 million people and loads of money just to dodge a law (which is what your suggestion would require). Doing the same in the US would be even harder because it has more people and more money.
Charles 9 writes: "...requirement of having a local presence in order to bank in the UK, and I've never heard of a business willingly completely abandon over 100 million people and loads of money just to dodge a law"
What, did the UK population just grow by 50 % overnight?
Sorry. Was thinking Germany. Still, abandoning an entire country and its numerous people usually isn't a move to be taken lightly since that's denying potential customers. Why do you think so few people are so eager to abandon China (with its 1-billion-plus top-of-the-world population) in spite of its shameless human rights abuse?
To paraphrase, money talks, all else walks.
Why would you use a UK VPN provider? the whole point of them is to make it look like you're in the US so you get the good Netflix :P
Im curious though, where is the going to leave use after we get kicked out of the EU, what with all that hooha a while back with the US government having to cook up safe harbour and pinkie swear they werent going do bad things with EU citizens data.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
