back to article Leaked: The UK's secret blueprint with telcos for mass spying on internet, phones – and backdoors

The UK government has secretly drawn up more details of its new bulk surveillance powers – awarding itself the ability to monitor Brits' live communications, and insert encryption backdoors by the backdoor. In its draft technical capability notices paper [PDF], all communications companies – including phone networks and ISPs …

Anonymous Coward

like you are doing right now by typing and putting a comment on the register?

0
1
Silver badge
Big Brother

They like to watch

Resistance is futile

0
0

I have my pitchfork, but no use for it

I have to admit, that after reading title, I dived into article fully ready to be angry. But this is no "mass-surveillance" is normal legal intercept. For details, 6500 people at the time is not much for the country of the UK size and there is some resemblance of legal process. Only the encryption bit is stupid.

Is not like the GHCQ tapping Vodafone proxy to spy on third of the Europe in the same time.

All in all, this is something to be discussed, which is surprising in these times.

3
3

investigatorypowers@homeoffice.gsi.gov.uk.

the email address does not work

The data that the government trawls is rarely used by security agencies but shared by over 60 other government departments who like the hse and environment agencies just use to prosecute small businesses for petty regulation infringement .

They are making a very good living from this process like speed cameras , not about safety just generating money electronically

4
1
Anonymous Coward

A stepped lowering of Speeds limits, so people don't notice/object.

The one everyone is missing, is how 'normal' historic Speed Limits are being reduced (with little to no opposite, using "Experimental Planning Notices" (i.e. no authority to do so, no Safety reason) to make Camera Enforcement effective, by setting the bar low enough to "head clip" everyday drivers making slightest of mistakes.

They are removing the permissable margin of error. Why? because Speed enforcement/Speed Cameras make very good (regressive) revenue streams.

0
0

emperors new clothes

It’s a great pity that people with zero understanding of what they doing, command large taxpayer (or more appropriately borrowing) funded budgets that they’re allowed to waste on futile endeavors, perhaps the UK should introduce a Tokugawa approach to the civil service, where wastage was punishable.

4
0

Re: emperors new clothes

Hah. That would probably amount to lengthy insufferable punishment for Ms May.

1
0
Silver badge

Re: emperors new clothes

If you want to know who would invariably get the short end of any "punishable wastage" laws, you only need ask who the ones doing the judging would be, and who is it that they don't particularly like. Does that sound like a great idea to you...?

0
0
Anonymous Coward

Then there is"old school" communication...

So now I need to communicate with my friends using CB radio or the Post Office for the inconsequential, and dead letter boxes for anything else. Why the assumption (by HMG and everyone else) that the WHOLE communications story involves mobile phones or the internet?

5
0
Anonymous Coward

Re: Then there is"old school" communication...

i was recently in the US and had a play on their CB, i learnt that there's a movement afoot for turning to low-tech de-centralised comms, like CB and Ham radio.. though Ham radio, hugely diverse hobby that it is, does have a couple of global data and voice systems that do use internet.

the spies do of course listen on radio, they have been since the invention of radio, but obviously that's harde for them to intercept, much of the time & if done right.

MESH networks and heavy encryption must become the norm, and low tech comms need to be rediscovered.

2
0
Anonymous Coward

i vote for Radio Re: Then there is"old school" communication...

everything that is old is new again, or can be. we use 2 way radio for off-net comms.

so liberating, no data plans, wifi, spam, daily recharges, junkmail, cat videos, updates,

works anywhere, (comparitavely) low tech, decentralized, fun,.

thankfully Lumberjack shirted, mustachioed, cowboy hat wearing CB died in the 80s,

now it's accessible, license free, shiny new sets and PC programmable etc, empty space.

it's becoming time to make off-grid comms fashionable again.

even (none CB) cheap $20 FM chinese UHF walkie talkies usually ship with some basic encryption in.

plenty of high tier hi tech TDMA or CDMA ex mil stuff available too.

All those empty channels waiting to carry comms, around towm, around the country or even globe (occasionally) too bad it doesn't carry cat videos and share 'Like' buttons or it may have caught on already.. most people dont actually care. We do on here, most dont. we will have to work 'round it.

2
0
Silver badge

Re: i vote for Radio Then there is"old school" communication...

In the UK at least, it's illegal to transmit encrypted content over the radio - if you're using a broadcast channel, eg. VHF, then it must be cleartext. I'm a bit hazy on the source of this info but that's how I remember it. I'm sure there must be a HAM here to back this up?

1
0
Silver badge

In another earlier time and austere place was its service named STASI

What's good for the goose is good for the gander is something APT for such snoopy systems admins to be wary and aware of.

SMARTR IntelAIgent Servers for Services is an AIDevelopment Klondike with No Earthly Bounds to ITs Virtual Powers and Zero Day Energies ...... Singularity Synergies.

And that delivers to Astute Anonymous ACTive Vendors more than just a wealth shaming Croesus with Greater IntelAIgent Games Play Leads.

Capiche? Are you ready for the Future with ITs AI Realisation of Greater Unknown Unknowns?

3
1
Silver badge

Re: In another earlier time and austere place was its service named STASI

He loses it a bit in the middle but the beginning and end make a lot of sense.... need more dried frog pills. Frankly I am surprised it took so long for someone to mention the old pros.

4
0
Thumb Up

Re: In another earlier time and austere place was its service named STASI

Upvote for the dried frog pills reference!

1
0
Silver badge

Re: More Dried Frog Pills

He [amfM1] loses it a bit in the middle but the beginning and end make a lot of sense.... need more dried frog pills. Frankly I am surprised it took so long for someone to mention the old pros. …. James 51

Hi, James 51,

You might like to consider that rather than he losing it, you just don’t yet get what is currently HyperRadioProActively happening and forever changing the nature of realities all around you, and everyone and everything else too for that matter, in and with CyberSpace Command and Control Centres of Virtualised Excellence.

Would you expect that to be in a Blighty context, more of a secretive MOD/Military Industrial Complex/snoopy MI5 thing or a civilised GCHQ/spooky MI6 thing, if not something else Rogue and Renegade in an Almighty Revolutionary Underground Movement conversing with Followers who be Leaders and Followers alike.

To consider and accept that greater intelligence is confined and resides in old established institutions and attending spooky secretive services is to prove to one and all that one is not thinking anywhere near deep and far enough to be an effective help in ....... well, Future Business AIdDVentures.

0
0
Bronze badge
Devil

Who is this Mr. Mass?

So, the government want to be able to spy on named individuals, subject to the Home Secretary's personal signature on each warrant. Much like demanding that the Post Office allow them to read the mail of named suspects, even if the envelope is sealed and locked in a van. Oh, my, they can do that already, is there no hope for mankind? (Be sure to encrypt your holiday postcards, boys and girls. We recommend a onetime pad passed by a different route.) But who is this named individual, "Mass", the surveillance is targeted at? Is Mr Mass the new Mr Big, or what?

0
1
Anonymous Coward

Re: Who is this Mr. Mass?

it does perhaps seem worthwhile that any assumptions that the postal service is more secure for comms might er, warrant further thoughts on how encrypted your paper mail ever was. it wasn't, as steelpillow correctly suggests

1
0
Anonymous Coward

Thank you, UK government, THANK YOU

I delighted you decided to boost not-based-in-the-UK businesses with these proposals. You see, those proposals are so full of holes they will never properly work and will keep you in court for years to come, but you will have scared so many people that they will seek protection from this lunacy.

The problem: you effectively ban this sort of protection in the UK, thus handing a solid chunk of business to the exact foreigners you tried to ditch with Brexit. Well done.

From all those damn foreigners, a well felt Thank You.

Will the last sane person leaving Whitehall please switch off the lights? Don't worry, the rest won't notice anyway.

6
0

Re: Thank you, UK government, THANK YOU

Maybe it would be a good thing you go to Whitehall and switch off the light because that last sane person was in such a hurry leaving a long time ago and forgot.

4
0
Anonymous Coward

Who on earth would trust a Telco's encryption services anyway?

I mean come on, the SS7 protocol is as leaky as a rusted bucket. 99.99% of telco's use it.

The GSM Spec offers an encrypted voice on/off switch. The default is on, All telco's already have the ability to turn it on & off at will.

Data, would you trust a telco / ISP's encryption of your data transfers? I'm pretty sure nobody posting here would. Or any legit business for that matter. Surely there wouldn't be a market for VPN's if it was secure enough already (which we all know it clearly isn't).

It is rather strange that the UK Gov is insisting that already compromised comms security must be given MORE backdoors. The Gov already have the technology to eavesdrop already.

There must be a financial reason behind all this. Make the Telco's / ISP's pay for the monitoring instead of it coming out of GCHQ's future budgets.

2
0
Anonymous Coward

Re: Who on earth would trust a Telco's encryption services anyway?

plenty of people.. that aren't tech savvy (most people)

0
1

How is this going to work with the likes of Apple who say no to their law enforcement agencies who ask them to break/weaken their encryption?

How will the UK government get people like apple/whatsapp to weaken their software or provide backdoors. I realise they could say you can't sell your products in the UK if you don't do this... but how can you stop someone who already has an iPhone or whatapp installed? I don't think these companies are going to bend over backwards just because the UK government says they have to weaken their stuff... I can't see it happening.

I can see shitty ISPs not having any trouble with it and handing over your data willy nilly... but how is say Virgin Media going to hand over unencrypted whatsapp traffic?

0
0
Windows

Apple meet Corer

FBI Director Comey (re: I DID NOT screw over Hillary Clinton. It was purely professional and I came away slightly nauseated!) essentially frothed at the mouth during his open Congressional Oversight Committee hearing this week concerning Apple and encryption. He all but openly labeled Apple an "enemy of state security." During his remarks, it was made quite clear that both he as FBI director, and the Republican leaders of the Oversight Committee, will move forcefully and purposely to deal with the problem of backdoor-less encryption.

Please remember that Our Trumpeter-in-Chief and his Pygmy Bigot *, Attorney General of the US Jefferson Beauregard Sessions, have long ranted that all Human Rights are "contingent on State security" and they have a new portfolio of security safeguards. Encrypted communications is top of the list to eliminate (excepting Corporate & Shareholder Financial Data, of course.)

* JBS has no overt prejudice against those of the Pygmy persuasion, as there are too few in Alabama to fear/resent/oppress. He only resembles the pygmy.

3
0
Anonymous Coward

you believe Apple ?

2
0
Anonymous Coward

you believe Apple ?

At the moment, yes, for a very simple, ultra-American reason: they make money that way. Apple figured out early that security was a sales argument and has worked to keep it that way.

I can't predict what will happen when it becomes more financially beneficial to ship flawed hardware, but I do know that Apple would lose a fairly vast chunk of its client base if anyone discovered suggestions of a backdoor so I suspect there will be a major barrier for Apple to change its ways.

Follow the money. It's the American way.

1
1
Anonymous Coward

Saying NO to the GOVT

"I don't think these companies are going to bend over backwards just because the UK government says they have to weaken their stuff... I can't see it happening."

GOVT: dear company. you have not complied with the law regarding giving us backdoor access to user X.

COMPANY: we are not a British based company so will not be complying with your demands.

GOVT: you are not allowed to sell your product in the UK your UK assets are frozen your UK Directors are being held on Remand while we investigate, UK offices closed, servers shut off, Nominet domains suspended and you will pay 10% of your global profits as a fine every 24 hours you do not comply.

GOVT: telcos you are ordered to block all traffic to these IP addresses, domains and any other technical resources belonging to company X and respond to any requests with the statement " Company X is blocked as requested by the GOVT they are being investigated for a Criminal breach of their legal responsibilities in assisting the GOVT in protecting the Country and its Citizens"

Company: But its not technically possible to give you the information its e2e encryption.

GOVT: thankyou for your comment but you are in breach of the law its not our fault you ignored your legal responsibility when designing and selling your service/product for sale in the UK, For your records So far your fines for the last 24 hours have paid for 10 nurses, 2 x F35 aircraft and 1 days foreign aid budget. and the MP's annual pay rise. we await your response, please take as long as you need as you are helping the GOVT balance the Budget and trade deficit.

0
3
Bronze badge

Re: Apple meet Corer

@Graybyrd

Apple has a quarter of trillion in cash in non US jurisdictions. It could move to Switzerland. It could break any government. It is formidable. They will have to move carefully.

1
0
Anonymous Coward

Re: Apple meet Corer

"Apple has a quarter of trillion in cash in non US jurisdictions."

Right. But in recent years, Apple has borrowed huge amounts of money in the USA (by issuing bonds), and in not many years time, people who bought those bonds will want their money back. The two topics are rather closely related.

2013: https://www.forbes.com/sites/timworstall/2013/04/30/with-all-of-apples-cash-why-is-it-issuing-bonds/#3dce9bab5bad (worstall?)

2016: http://www.dailymail.co.uk/news/article-3451420/Apple-s-latest-tax-avoidance-ruse-Tech-giant-issues-12bn-bonds-doesn-t-money-low-tax-offshore-havens-pay-dividends.html

"* Apple announced it issued $12billion in bonds despite a huge cash reserve

* Scheme is reportedly to ensure they don't pay US tax on profits abroad

* The tech giant has $215billion in the bank - more than the US Treasury

* The company now has a total of £37billion in long term debt despite its reserves"

2017 (if paywalled, go via Google):

https://www.ft.com/content/2f8315b8-018c-3d1a-827e-eacfb5334649

etc

0
0
Silver badge

Re: Apple meet Corer

Christ, Is Worstall writing for Forbes now?

You're quoting the Daily Mail and a former UKIP press officer. Not to say you're not right, but both of those sources are demonstrably more interested in grinding axes than reporting facts, and I have to discount them.

0
0
Anonymous Coward

Re: Apple meet Corer

"Not to say you're not right"

Thank you :)

"both of those sources [DM, Forbes] are demonstrably more interested in grinding axes than reporting facts"

Fair comment. So, discount those two particular sources, the relevant facts are still widely reported elsewhere, and over a number of years (and a number of iterations of bond issues).

0
0

Re: Apple meet Corer

Been there since long before my labour was liberated from here.

And there's axes to grind and simple facts. Apple borrows inside the US in order to pay dividends and buy back stock. This means it does not have to repatriate foreign profits and then pay US corporate income tax to do so.

As to whether this is a good idea or not that can be axe grinding. But the simple facts are just that, the simple facts.

0
0
Silver badge

94 comments....

94 commetns here so far. Let's hope there are at least that many submissions to the consultation exercise. After all it's not /all/ that much harder than posting on El Reg...

1
0
Anonymous Coward

Re: 94 comments....

indeed .. if typing would actually change anything tangible

2
0

here we go again, back to the 90s

Into every generation one is born who think s this is possible and a good idea.

1
0
Silver badge

An assesment of threat.

There are undoubtedly people who for whatever reasons want to get their own way by indiscriminate violent means. The logic being, that if by perpetrating atrocities, they can show the elected authorities to be ineffective, public opinion will force the elected to give in. It rarely works and usually what happens is; after a ceasefire period talks take place with an implicit threat of chaos may be resumed.

Targeted eavesdropping may well uncover some plans but for all their moral emptiness the organisers of atrocities are not dumb. They will come up with alternative methods of encouragement and communication. The latest 'lone wolf' truck assaults show this. I doubt any form of Internet monitoring would have spotted these individuals before the event.

Like most people I don't think I have anything to hide, the odd emabarassing web search maybe, but I am concerned that such a law could be severely misused.

Imagine if the UK was in a state of emergency as France has been and still is. Our Home secretaries are controlling enough in normal times.

3
0
Anonymous Coward

Re: An assesment of threat.

Sorry to disturb your slumber, but most (not all) of these so-called "lone wolf" attacks are in fact perpetrated by nation-states. Where the fuck do you think ISIS gets all its arms / funding from ?

(Turkey, Israel, Saudi Arabia etc.). Most of these individuals (often patsies) are "spotted before the event" - this is usually reported as "these individuals were known to {insert intelligence agency} prior to {insert pointless waste of life event pushing government agenda}". May I politely suggest you do some research on said events on non-MSM sites.

1
1
Silver badge

What is a 'communications provider'? The wires of the transport network or the establisher of the communications protocol?

What if banks for instance could be regarded as "communications providers" because they implement 'secure' e2e comms protocols for financial transactions directly between their server and a client over the internet? What about Paypal, Amazon, your doctor or dentist or anyone else initiating something as simple as an https connection? The entire eBusiness system could fall on it's knees as an insecure (backdoored by law) system.

That would be scary.

2
0

Banks etc

the last page of the document on ORG specifically excludes those operators who are providing telecomms for financial services, including banking.

As far as the e-commerce stuff is concerned, this only covers encryption services provided by the telco or isp. It might, for example, be a nice selling point for a telecom/isp to offer me a fully encrypted service. This paper would make that ineffective as that provider is required to be able to decrypt my communications on demand, if they are the ones providing the encryption. If I take the standard service offered today, and choose to encrypt the data I send over it (using https for example), that has nothing to do with this paper.

0
0
Anonymous Coward

Apps, phones ? sacrifice your convenience & habits & share less.

seems to be a few people talking about apps and phones.

If you cared abour privacy, you won't use a smartphone.

no smartphone, no app.

i know cell companies can and do track everything on their networks.

they *have to* yes, even ancient 2g Nokia phones, you know,

the ones where the battery only lasted a week.

But people buy smartphones and move their focus of paranoia at the apps.

No. focus on the OS and the hardware itself. see the bigger picture, and

don't buy a smartphone, well, not expecting privacy. You can't realistically disappear,

but you can share a bit less info, so don't buy smartphones, smart TVs, IOS, Android or any OS

you cant or dont trust enough to slimdown, debloat, tighten up and more, or stop fooling yourself.

0
2

hmmm

for me the key wording is

"to disclose, where practicable, the content of communications or secondary data in an intelligible form and to remove electronic protection applied by or on behalf of the telecommunications operator to the communications or data"

So your ISP who may be using l2tp needs to be able to provide the Gov with an unencrypted copy of your traffic with 24 hours. As they encrypt the traffic they have to be able to decrypt it (or if they use a 3rd party the 3rd party needs to be able to). Now the question is does say a VPN provider or an app the encrypts the data before transmission class as a telecommunications operator.

Add to that the complexity of what happens if I use an app or vpn provider thats not goverened by UK law, my ISP can not have the capability to decode that traffic, and they cant demand the app/vpn provider supply unencrypted traffic. When will they go oh now you cant use these services because they are secure turning the user into the criminal.

This is where we need a telecommunications operator to stand up and say ok fine we will develop a service that is encrypted in such a manner that we do not have the technical cabability even under duress to decrypt. Sell that as a service to the public saying we care about privacy we use X technology, but oh dear UK gov we cant comply we would love to but its not possible. Will they be in breach of the law or would they be clear as its not "practicable".

0
0

Re: hmmm

This is where we need a telecommunications operator to stand up and say ok fine we will develop a service that is encrypted in such a manner that we do not have the technical cabability even under duress to decrypt.

The whole point of this paper is make doing that illegal. You (as the telco) will be required to able to decrypt anything that you encrypt, if you can't do that you would be in breach of this proposed law.

0
0
Anonymous Coward

Slightly on a tangent

Why are Cable and Wireless on the Technical Advisory Board when they don't operate in the UK any more? Ok, they're head-quartered here, but they don't provide services to UK consumers.

2
0
Anonymous Coward

Re: Slightly on a tangent

Cable & Wireless were bought by Vodafone afaik...

1
0

Smoke and mirrors

I hate to break it to ya'll. Especially as you most likely know it anyhow, but this really isn't worth wasting typing time on. Unless of course, you want to spend time discussing the finer points of a certain level of civil servants keeping themselves amused.

There is no online security, once you're on you are out there, and nothing devised so far is inaccessible, or unbreakable to those that have the gear and will to do it. And certain entities have a lot of gear. And they have the will.

The only way you can tell a secret, or even just have a private conversation is to talk to someone face to face, in a place that is difficult to eavesdrop.

The days of privacy, and respect for privacy are gone - if such a time ever existed.

In fact its ludicrous notion to expect to be connect to the 'world' (not the nice one on the other side of your office window) and to assume that those connections aren't monitored. It's like walking down the street naked, and not expecting anyone to notice you have a little tinkle.

So go take a walk, get some fresh air, accept that this technology doesn't only empower you. Just remember to put some clothes on

0
4
Silver badge

Mother, should I trust the government?

Insert awesome David Gilmour solo here ----> *

1
1
Silver badge

Would this new law cover UK data centres?

If your a data centre business has to be able to monitor all the traffic in and out your going to find a lot of your customers moving their servers to outside the UK jurisdiction

2
0

is linux a solution ?

just thinking if switching to linux makes sense ,

0
0

>> straight out of an Orwellian nightmare

Yet another one that is cooked up by May and her idiots amirite?

1
0

UK is the new China

UK is the new China, just like US

3
0

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2017