how do we say we're against a particular group in this modern pc sjw world, without offending any precious little diddums?
"We are against terrorists". There, that was easy, wasn't it?
242 posts • joined 13 May 2009
how do we say we're against a particular group in this modern pc sjw world, without offending any precious little diddums?
"We are against terrorists". There, that was easy, wasn't it?
This is an important point: people who are progressing in society, and see it delivering positive results for them and their peers, are unlikely to try to destroy it.
Of course, they may decide to help destroy a different regime (e.g. Syria, or Spanish nationalists in the '30s), which is likely to lead to further radicalisation. But the answer to that is not forcing the ISIS propaganda into the underground, with special apps etc (thus increasing its attractiveness to teenagers) but is sensible and effective counter-propaganda. This is a case where the US axiom that bad speech should be dealt with not by bans but by more (counter) speech is definitely true.
As for "Prevent" -- it is toxic and needs to be very publicly killed. If the Muslim community can come up with some alternative that gets support then fund that. Otherwise, just spend the money on the community anyway. What is important is that teens and returning fighters can see their community working to improve lives. Take that anti-everything energy and try to redirect it into (more constructive, although still anti-establishment) political and community activity to improve the lives of those around them.
A bit like Keith Vaz used to be known for, before he got old.
You are partially right (that is why I said "in the past") but it could still be a lot worse. And these powers are a further step along that road.
I believe we do have a choice. That is why this report has been created. The securocrats need the general public (and the press!) to be looking at the benefits and not paying attention to the downside.
I still have a really strong memory from my childhood: in the 1960's as a child under 10 I lived in East Anglia, surrounded by USAF bases, with "Protect and Survive" classes and under a very real threat of being amongst the first to be annihilated in a nuclear war. I used to lose sleep worrying about it. My parents did not try to tell me "don't worry, it won't happen". They told me why we needed to stand firm against the enemy: we needed to stand up for British values of freedom. The main example they used was that in Communist states you had to carry your papers and they could be inspected at any time, but that in Britain you had the right to not identify yourself at all and no one could do anything about it.
This review seems to have got completely the wrong end of the stick.
Of course there are good reasons for invasive powers. And, of course, the people proposing them generally intend them to be used for good. The question that needs to be analysed is not "are they useful?" but "what is the downside?". Of course a police state will reduce crime: the reasons we haven't allowed one to be created in the past is not because we like crime but because of the other effects it has!
My question to Anderson is "what stops bad people abusing these capabilities?". I believe the answer is "very little". And hence the risks of allowing these capabiltiies to even be created far outweigh the potential benefits.
Examples of real, documented and uncontested abuses which have happened even with the more technologically limited capabilities of the past include:
1) Monitoring and disruption of democratic political parties and trade unions [since the 1970's, at least]
2) Victimisation of innocent and human-rights-protected activism [cf. John Catt]
3) Abuse of access to records and data for personal revenge by "bad apples" in the police and security services [cf. several scandals involving looking up or investigating sexual partners]
4) Witch-hunts for whistle-blowers in both private and public organisations (including telecoms companies, local government, and many others).
5) Interference with freedom of the press, privileged communications with lawyers and political contact with our MPs.
Where does this report investigate the dangers of the massive acceleration, cost reduction and easier concealment of these abuses with the new proposed powers and new technological capabilities? We must reduce surveillance because of these concerns, not increase it!
I enjoy verbing nouns and other words and do so whenever I opportunitise.
A false dichotomy. Third options are actually much less difficult than in the past. The keys are education and opportunity for as many people as possible: enlightened self-interest is the best defence we have against both anarchy and the police state.
I see your point but I don't think it is as hard to draw the line as you think.
Wassenaar is not about stopping a gangster buying a gun. It is about stopping nation states buying extremely high-level weapons to use against other nations or their own people.
So, it really doesn't need to be about preventing access to knowledge of vulnerabilities (after all, any information available in the US will be easy to get hold of elsewhere). Nor is it about stopping crooks building new attacks. It isn't even about stopping "bad" nations from creating their own "Hacking Team" -- as long as they are having to do their own development they will be some distance behind us. It is really about stopping commercial entities (such as the real Hacking Team) from developing and selling weapons to anyone who can pay.
I think the issue will be over defensive uses: does Wassenaar really want to stop Microsoft, etc selling defenses against our weapons.
1) Is it secure or can hackers watch it like with most internet-connected cameras?
2) Does it come with automatic registration with the Information Commissioner’s Office as a CCTV operator? And does Nest handle Subject Access Requests to allow people to see the CCTV images you record of them?
The "safe spaces" aren't going away, whatever the government might do. That cat is well out of the bag. And it is a good thing too: it is a small step towards restoring law enforcement's powers back to historical norms. The last decade has been a complete aberration in police/spook intrusion.
But, even if they don't agree, there is nothing they can do except make life hard for ordinary people. All this will do is massively reduce the UK's international competitiveness -- great idea at the time of Brexit!
business users ... up to date with a relatively rigorous older version retirement scheme
Ha, ha! I think more and more companies are extending their mobile lifetimes to reduce cost (my employer is large and has just recently extended it again).
But the SFDC decision will please sales people everywhere! They now have an unbeatable business justification to ignore the company policy of "no replacements until 36 months, and even then only if it is broken". New handsets every 6 months -- and only the highest-end models!
The only reason I can think of would be industrial espionage, presumably directed at foreign companies.
And presumably the reason the PM blocked the commissioner from investigating it, and is busy rapidly cancelling it, is because he discovered some of it was directed against the US.
I wish that more people would just refuse to do business with companies that want intrusive information.
If a company asks for date of birth, or a phone number when they don't need it, I refuse to do business with them. I don't make something up. More often than not, I tell them that I would have done business with them but am not because of their nosy data gathering.
I started this when I got my first bank account in the 1970's. In those days, some shops wanted me to put my address on the back of a cheque, even if it was guaranteed (young'uns can ask their parents about something called "cheque guarantee cards"). I refused and, if necessary, walked away from the transaction.
If fewer companies were asking for personal data it would improve general "data hygiene" and people would be less willing to share.
Unfortunately it is very hard to make useful security tradeoffs. We all know that there is no perfect security and we are used to the idea of a need to tradeoff between security and cost (how valuable is the item you are trying to secure? No point on spending more money than that on securing it).
What we very often forget about is usability. If you increase security by reducing usability (ease-of-use, performance, etc) then you are reducing the number of people who will use that security. So, your choices here will depend on whether you are aiming at committed, hardcore, tinfoil-hat-wearing security geeks or Facebook-loving grandmothers or where in between.
@AC may have preferred different choices. And I think that some Tor developers and researchers are moving towards some changes, as the threat environment and usage has changed. But I think the Tor developers have generally made pretty good choices and I certainly acknowledge that these are hard decisions with no right answers.
@AC can go ahead and fork Tor/TBB with different choices, and then try to build up enough usage to get useful levels of anonymity. But I think the better choice is to work within the Tor environment, discuss potential changes, conduct (or sponsor) research and development and operate (or fund) relays.
Ranting on El Reg is not likely to help (yes, I know I am guilty of it as well!).
There are really two ways to break Tor-based anonymity. One is to break the Tor anonymity itself (which seems like it may be possible for nation-state-level players, although it may be expensive and/or they may be reluctant to share the data with other players like law enforcement). The other is to break the anonymity above the Tor level: get the user (or, in this case their browser) to tell you who they are without ever having to break Tor!
It is the latter which is addressed in this article. This is about making the "Tor Browser" (not really anything to do with Tor itself but a browser with Tor access conveniently built in) more secure. Like any other browser, Tor Browser has bugs which could be exploited (and have been) to run code on the user's system. That code can make the system report its real name and IP address to the adversary -- allowing law enforcement to know who has accessed what pages, for example. This article is about helping to make the Tor Browser more secure by making those bugs harder to exploit.
I think that a robust on-premise gateway/firewall/IoT manager is a good idea. It would be a good idea even if the devices had decent security (for managing them all, storing historical data, etc). It just must not be:
1) Off-site -- it must always be under the full control of the user
2) Locked-in to the devices -- I should be able to choose my gateway vendor independently of the IoT devices it controls
3) Closed, or patent-protected protocols/interfaces -- I want a wide selection of gateways to choose from. I want to see Apple, Google, Facebook, etc competing for that business (yes, even with their cloud-based data slurping). And I want to see open-source versions as well for those of us who value privacy.
Why can't I find an open initiative to develop this that I could join?
renaming internet connection records as browsing history is a good first step
Yes. And we need to explain how this means everyone has a permanent police tail on them 24 hours day. Adapted from my post almost exactly 2 years ago... http://forums.theregister.co.uk/forum/containing/2225266
Collecting internet connection records is exactly the same as placing a police tail on you: the tail can't hear what you are saying but they track exactly where you go, who else is nearby, who you talk to (and for how long), what posters you stop and read, what shops and other buildings you go into. If the Snooper's Charter was in effect, the tail can even follow you inside the buildings and video everything you do there.
Having a permanent police tail on everyone seems like the clearest example of a police state that I have seen.
And now my own positive reasons to remain. Please discuss these as well...
1) The EU provides a brake on our government's fawning give-away of our rights to assist their friends in big business. The Tory government are doing this with TTIP -- they will sign it instantly if we leave the EU but are currently constrained by the EU who are (fortunately for us all) concerned about the ISDS clauses. But Labour are no better: they handed the copyright cartels all they asked for, but that is also somewhat constrained by EU work on copyrights.
2) Remaining, and keeping free movement, will gradually reduce the xenophobia, intolerance and racism that drives the extreme right and tricks some people into supporting them. It will take many more years but it will happen. Note that nowadays even Liverpudlians are allowed to live in London without being attacked :-) Seriously, not only have "No Dogs or Irish" signs disappeared for legal reasons but in fact the casual hate behind them has mostly gone.
all I have so far asked is for a positive reason to remain. I am still waiting.
No, you are not waiting. The GDP issue was posted earlier and is a positive reason to remain.
You may not agree it is important, or you may not even believe it. But it is certainly a positive reason to remain and has been provided. So, over to you to discuss it...
I have written to my MP several times. On no occasion have I had a reply I agreed with, and in many cases I received an obviously stock reply. In one case, I sent an email and the assistant tasked with responding accidentally copied me on their email to Conservative Central Office asking for the stock reply :-)
However, I continue to do it on occasion. Not so much because I think my MP will actually read it or even hear my carefully argued points, but because they measure public opinion by weight. Getting lots of letters on a subject does put the wind up ministers (why else did the PM overrule the proposals on the BBC?).
Better to have the ability to haul any potential asteroid-mitigating technology inro orbit, and / or wirk towards a self sustaining extraterrestial colony.
Genuine question: Why?
Of course, I don't want humanity destroyed but I am not that bothered. If it happens, it will make no difference to the universe. Nor will it mean anything to all of us who die.
Also, it is extremely unlikely to happen any time soon. So unlikely that attempting to "assure our survival" is a pointless waste of time. Better to spend the resources on faster scientific progress and being able to do a better, and more efficient job, some time in the future.
What we need is an open standard for local (in the home) connectivity, with many competing implementations of the home hub with different features and capabilities. Some might be really simple to use but restrictive, for example provided by Apple and fully integrated with their ecosystem for people who use that. At the other extreme, some might be really geeky: running on OpenWRT and configured by editing text files with vi. In between, there would be some which integrate well with other ecosystems (Samsung, Xbox, etc) and have various levels of controllability, security and privacy.
Within the home, it must be possible to have devices (IoT devices and controllers like phones) talk to each other, without any information passing outside (like using DLNA to control your home media today).
In some cases (for example for remote access when travelling) it may be useful to have internet servers to co-ordinate and secure access -- but those must be able to be chosen independent of the hub manufacturer and selected by the user just as they choose email services today. In the same way as for email, these must also be able to be self- or community- hosted, not just owned by big internet companies.
None of that will stop Apple, Google, Samsung, etc being big players in IoT -- many people will choose their products, just as they choose their phones, TVs, and email services today. But the discerning or privacy-conscious consumer should be free to choose alternatives which match their requirements, lifestyle, language, community norms, etc.
Who is representing consumers (and geeks) in these discussions?
I would extend Ben's prison sentences and ban from access to data to include anyone attempting any form of de-anonymisation, wherever performed, whether successful or not, for whatever reason (however noble), and whether it would lead to actual identification (name, address, email, etc) or just a description of a unique person.
And whistle-blower protection/reward needs to be explicitly provided for in the law.
With that I would probably be willing. But the opt-out still needs to be there for those who will not accept the remaining risk (which is mainly that even if someone is punished, the leaked information will still have been leaked).
Off topic: you might want to read the "separated by a common language" blog. Although I don't think she has really addressed this jarring with words which do have the same meanings but where the most frequently used senses are different.
They were surprised by the vehemence of my concern and by my proposed solution: massive budget cuts to bring them under proper control and focus their minds on the things that are really important. Needless to say, they did not agree. Not that they were in a position to do anything about it anyway (as far as I know, of course).
That is what I said to someone I know who works at GCHQ just after the Snowden leaks. GCHQ have, by their actions over the last 20-30 years, voided our trust. They will never again be allowed, by my generation, to have the same power again.
Until those of us who remember their crimes are gone they can beg, whine, scream, threaten or corrupt as much as they like but they will be fighting the population.
The abuse had been going on since the 70s: completely illegal and dis-proportionate abuse of powers to monitor legitimate political parties (including the Labour party!) and trade unions. Later, helping the police to drive towards a police state for anyone who dares to protest (see the John Catt case). Finally their "climate of fear" pushing of a serious but very infrequent crime (terrorism) as if it was a serious threat to life or liberty.
The actual threat to liberty is the abuse of extremely dangerous powers which should be being used maybe once a year, not on the whim of a politician or police officer.
Next time I bid for something on eBay I will decide how much I am willing to bid and then make sure I only bid on auctions posted by women. If they get lower prices I am less likely to have to go to my top bid! Sounds great to me.
On the other hand, maybe the study is just crap.
Perhaps you'd be happy flying on a plane knowing no one had bothered to check the luggage because the 200 or so of you on there is less than the daily roadkill so who cares if you die?
Absolutely yes. Without a doubt. Unless the stats had changed so that the risk of flying came near to the other risks -- which would happen after a while, of course, if we stopped checks which are actually useful.
If some check has little impact on the risk numbers (for example, if it is ineffective, like much security theatre) then I have no problem going without it. A few hundred deaths a year won't worry me, until it gets to be comparable with other risks I take every day (like driving to the airport).
You would almost think our legislators have shares in the VPN business.
Not the VPN business... the Media business (and not just shares: very lucrative donations, revolving doors and cosy relationships). I assume this is being pushed by Big Media, who are very annoyed at the censorship of films in cinemas, on DVD, and on TV which is bypassed by porn sites.
Of course it helps that it plays well with the authoritarian wing of the Tory party, but there is no money in that so that can't be the real driver.
...it may be that they're going to be regularly exposed as having given offenders the means of committing their crimes. Now that's not going to look good in the papers.
Why? It doesn't seem to do car companies, electricity companies, or grocery stores any problem that they are used by criminals as well as non-criminals. What makes you think it would be a problem for Apple?
The reason to have all email using TLS is to make it normal. Pre-Snowden, all email was in the clear and spooks could just sweep up everything by tapping a few links. You could even, easily, see whether the mail was end-to-end encrypted and, even if it was, the addresses of both sender and receiver. At that time, anything which was encrypted was a red flag that this was likely to be worth looking at.
Over time, much email is now TLS encrypted. It cannot be just swept up "just in case it is useful one day". And it is impossible to see which are the interesting messages, which messages are encrypted, and who they are to and from. To make that stronger, even the most boring messages should be encrypted. I am looking forward to being able to turn off all non-TLS email receiving on my personal servers.
In today's world, encryption isn't about protecting YOUR messages, it is about protecting EVERYONE ELSE'S messages.
While you are right, anything which names and shames the players who don't use TLS in the hop to/from gmail would be welcome. Use of TLS on that hop doesn't mean that the mail was secure but it, at least contributes to making TLS use not suspicious. When we, eventually, have certificate checking as well (using DANE or something else) then TLS may actually start to make a useful contribution to security.
On my personal mail server I already flag all incoming mail which has not been received using TLS. Unfortunately my emails to the senders to complain are invariably ignored.
So what do we do about it? I have much the same experience -- I tear my hair out over how to get TTIP onto people's awareness. At the moment, if I write to my MP about TTIP, he treats me like a green ink nutter.
Campaign suggestions on a postcard...
Isn't there some way to support free internet for India's poorest, while not turning them into fodder for the Facebook and Google machines?
To be honest, I am amazed that Zuck hasn't done this. I am certain that he could come up with a subsidy offer that does not require a walled garden, was (at least) financially break-even and which would gather him MASSIVE positive support, and a billion new customers, in the world's largest democracy.
Why not just sponsor (limited speed) internet access, with no site restrictions but with massive advertising and promotion of facebook, and (financially contributing) partner sites. Completely neutral and advertising subsided. The way things work in other markets!
Demonstrably, they are. Basics is live in 37 countries and has been shut down by the elites in just two.
Many, but by no means all, countries have legislation preventing the sale of physical goods at below-cost prices, to help prevent monopolisation. Just as in this case, whether to make that illegal is a national decision, taking into account their own national circumstances and their national approach to regulation. Does that mean that the poor in Belgium, Canada and South Africa are being treated unfairly?
if this could be done well it really would be invaluable for research, which really could bring material benefits to people
So, we need a two pronged approach: good anonymisation (but leaving data useful for research) combined with extremely strong privacy enforcement. There must be strong legal penalties against any deanonymisation attempt (however much it might help the research), starting with prison time for managers who allow it on their watch -- a very effective deterrent against white collar criminals, as the H&S industry has demonstrated. This must specifically criminalise any use of the data in marketing, insurance assessment, discrimination (housing, jobs, etc) or for any purpose other than the approved clinical research (with both criminal and civil penalties).
The third leg of this stool has to be that individuals can still opt-out. If I am paranoid (clinically or otherwise), or I have a lot to lose (in the public eye?), or I just have a different trade-off between my risk and the benefit to society, then I must be able to opt-out of being included in any released data.
Why is this so hard?
But I think I'm right in saying that if that email is sent to a foreign (**) email server via a STARTTLS-ed SMTP session, the spooks probably can't even tell whether it uses PGP or not because the metadata was encrypted in that case too
You are right that TLS encryption of SMTP exists and hides the metadata from easy interception. On the other hand, it has numerous weaknesses, including:
1) In most cases, TLS is set up opportunistically -- most servers do not insist on TLS and will drop back to sending without it if the receiver doesn't (appear to) accept it. Most servers prefer not losing email to link security. My personal servers insist on TLS for submitting mail for sending but are forced to accept incoming mail from anyone (although I do add a header to tell me it arrived without using TLS -- and I sometimes complain to the sender that they should turn it on).
2) In many cases no certificate validation is done, so it is easy to MITM. For example at international gateways.
3) It is not end-to-end, it is link-by-link, so if the receiving system is compromised, or if it can be convinced to forward the message on to another system without using TLS (see 1) then the metadata is exposed.
4) There are some attempts to help with problems 1 & 2 by setting up information that says "my mail server always wants to see TLS -- if you try to connect to me and don't get TLS then don't send" and "my certificate looks like this -- if you don't see that certificate don't send". But it is hard to do and fragile and, in practice, no one implements it (search for DANE TLS for more info).
Sadly, statistically few people will use it, because so few people understand the need for privacy all the time, not just some of the time.
More importantly, the problem is that so few people understand that it is nothing to do with your need for privacy: by using all the available privacy tools all the time you are protecting the people who do need privacy and who are important to you. That may be journalists, campaigners, battered wives, or even politicians.
Eh? Tax isn't about taxing some piece of money, it is about taxing transactions. Otherwise, every time the government printed a pound it could only tax it once!
Of course we paid tax when we earn't the money, then paid tax when we spent it, then the company needs to pay tax when they earn it and should also pay tax when they spend it (in fact, companies do not -- mostly they pay tax only on profits, apart from employers NI and some transaction costs, but certainly not on revenues). And the shareholders and employees get taxed when they receive it, and round we go again. That is how tax works.
Yes, but the days of LI are over. I have several end-to-end encrypted and uncrackable communications systems on my PC today (PGP email, Bitmessage, pgpphone, Tor, ...), and that is without installing any of the apps the terrorists are apparently writing for themselves!
GCHQ has some really, really smart people. We need their out-of-touch bosses (and the never-in-touch politicians) to let those smart people work on risk management in the new reality. Let them work on the problems of how you do targetted SIGINT to protect us, without LI.
All LI provides now is a way to intercept law-abiding people. Only dictatorships need that.
No thanks. Why should I lie? I just choose not to do business with people under terms that are not acceptable to me. When possible I tell them that that is why I am not doing business with them.
We should all do more of that: lying about date of birth, email address, phone number, etc just makes it appear that collecting such data is acceptable.
I wish they would add "social policies" to their list of critical issues. I am all for creating technical standards, and certainly in favour of sorting out privacy and security, but I think a really important issue about IoT is to get it out of the hands of major corporations and into the hands of open-source developers, community projects, peer-to-peer services and garage-based entrepreneurs.
That would help with many of the issues such as privacy and ethics and would really allow British innovation to flourish. The UK has nothing to gain by buying into the perverse definition of IoT as something done by big cloud providers: Google, Amazon, Samsung, LG, etc are not British companies.
I would quite like an intelligent thermostat. However, I have no interest in buying one which sends any data outside my home, nor in paying for it as a service or with advertising. Sell me a box to replace the box which is my current thermostat, but which I can configure to receive weather forecasts and can control remotely. That is the sort of IoT which would be worth paying for.
But the mobile phone companies' block lists are even worse!
Personally I use a PwSafe format file and various different PwSafe-compatible programs to access it on different devices (Password Gorilla on my main desktop). The file is automatically synced to a location in the web so I can easily access it from elsewhere when needed.
Does anyone need it? After all, apparently the whole advertisement has been reproduced as an article by a formerly reputable, interesting and independent IT news site.
I am quite surprised that no one mentions the Gran'daddy of them all: PwSafe. It uses a local database (which you sync yourself) and has been around a long time. It is open, and free, so there are many different clients available which can read and write the PwSafe database format.
I have used PwSafe (both with the original client and several other clients) for a long time. What do these other (local, not cloud) apps do that PwSafe clients don't? Which of them are open source?
I am a Linux and open source guy. All my personal machine are Linux (although my employer supplies a Win 7 system for work).
One day I will retire, and I acknowledge that I may need a Windows system occasionally. In fact, I acknowledge the unfortunate fact that Outlook is a great PIM -- and much better than any of the free alternatives (including Kdepim and Evolution). I will probably decide that I find Outlook sufficiently useful to be willing to pay Microsoft for a licence for it and for the OS to run it on. I don't begrudge them their licence fee but I don't want to find, after the fact, that MS have been snooping on me because I hadn't heard about some new privacy violating service they have installed.
So, does anyone maintain a script to configure a Linux VM that can be used to run Windows in a limited environment, with the network config for the VM set up to go through a firewall blocking anything but a few whitelisted sites? I know it isn't rocket science but it seems like others must have done this already.
I think the mistrust is based on much more serious abuses than those you mention. It is things like: using the police to infiltrate political campaign groups and unions (since the 1970's and probably before), trying to replace the rule of law with arbitrary power for politicians (statements like "It would be totally irresponsible of government to allow the legal system to dictate to us on matters as important as terrorism", and "For too long, we have been a passively tolerant society, saying to our citizens 'as long as you obey the law, we will leave you alone'"), stop-and-search, giving private companies their own police (CoLP), etc.
The reason the politicians want this is because they are busy trying to save money by cutting numbers of police. Their wet dream is reducing police "investigation" to remote, back-office research (and then maybe outsource it to the lowest bidder?). So, they want everything available electronically -- and what better source than the phone everyone carries with them?
If terrorism is becoming more of a real threat (it was great while it was just a justification for repressive actions -- such as raising the "threat level" just before important parliamentary votes!) then it is going to be really hard to keep cutting police jobs. That is what is motivating these outbursts.
What we need, is proper funding of the police, combined with good management that will prioritise putting actual officers on the street for important investigations (including a reasonable number of small investigations such as burglary). Get rid of the culture of cutting police numbers, fund the police appropriately, and appoint good managers as senior policemen.
Alternatively, you could set up a second encryption gate where the fuzz have the other key, but the interface to this second gate is only accessible physically.
But which fuzz? If I am a UK citizen, in the UK, I am subject to UK laws. Why should US or Chinese or Saudi Arabian or Indian or Russian fuzz be able to access my data (particularly if it is important to the economic wellbeing or security of the UK)? It isn't possible to have a system where law enforcement access can be permitted for some countries and not others. It is either physically possible to legally compel access or it isn't -- and not all legal systems are, in reality, equal.
If no compromise is found, the powers that will be will just stomp all over device-end encryption with their jack-boots to the point where even owning a device capable of running an app on it that performs that function could become a crime.
No, they won't. Major IT countries (including the US and Western Europe) won't because (as described in the article) it will sign the death warrants for their economically important major IT companies (users will go elsewhere). Other countries, with a less developed IT industry may try it but they will find massive bypassing of the rules.