back to article UK's new Snoopers' Charter just passed an encryption backdoor law by the backdoor

Among the many unpleasant things in the Investigatory Powers Act that was officially signed into law this week, one that has not gained as much attention is the apparent ability for the UK government to undermine encryption and demand surveillance backdoors. As the bill was passing through Parliament, several organizations …

  1. Tom 64
    Big Brother

    Well...

    I suppose she's known as the Pry Minister for a reason!

    1. hplasm Silver badge
      Thumb Up

      Re: Well...

      10e10e10 Intenets for 'Pry Minister'! Well played Sir!!

    2. The Man Who Fell To Earth Silver badge
      FAIL

      Re: Well...

      You can kiss the UK Software Industry good bye. Who would buy a software product from there now?

      No one with any brains.

      Might as well buy one's software from China as it will be much cheaper yet only equally insecure.

      1. NotBob
        Holmes

        Re: Well...

        Let's face it, if it's like it is across the pond, few casual users will notice. Businesses that depend on specific software will pay any price, even if that means software that has been hobbled in a non-business-critical way. IT folks will bang their heads against the wall over the implications, and we may see some increased use of OS, but it won't change much.

        They knew that when they passed it.

        1. This post has been deleted by its author

          1. Anonymous Coward
            Anonymous Coward

            Re: Well...

            "I dont believe this paw would last long here in the states."

            It will never pass here in the states, too many spy games. Our gov already spies on us, but to put it into law is nuts. Maybe the law was passed over there for some grand purpose, but how long until they go to get a drivers license and a online check is ran to prove you haven't driven without a license? Tweet: "Just drove down to get my license!! I'm free now!!"...oops, maybe the opposite. It's not beyond realistic that this new law will get out of hand. In fact, considering how all governments work, it will probably be much worse i.e. "Online Security Tax: .85%".

            1. Mark 85 Silver badge

              Re: Well...

              It does give some "hope" to those here in the States that want similar. Simply reference the Brit law and say: "We need something like this. Afterall, it weren't the right thing to do, they wouldn't have passed it.". And things will go to hell from there..... err.. correction... things are already going to hell.

              1. Anonymous Coward
                Anonymous Coward

                Re: Well...

                "It does give some "hope" to those here in the States"

                Think about the spy games here in the USA played out 24/7. I might retract my above post because this article might be trolling or missing something. This article makes it sound like, well... Imagine you added a locked door on your house that read "VALUABLES INSIDE: THIEVES ONLY!" Well, at least you locked the door... An invisible, unadvertised, secret door on the othet hand (USA)...

      2. P. Lee Silver badge

        Re: Well...

        >You can kiss the UK Software Industry good bye. Who would buy a software product from there now?

        Anyone know who "an operator" is? Just the commercial ones such as telco's or is this down to individuals too?

        It looks to me like a fairly logical extension of "give us your password or we'll throw you into gaol forever," to cover in-transit as well as at-rest data. Didn't MS get into trouble with the Belgians for not providing tapping capabilities to skype? Is anyone surprised its no longer p2p?

        1. SpeedEvil

          Re: Well...

          That's the fun part!

          This is 'primary legislation' - that means legislation that has passed parliament and been debated 'fully' by both houses.

          What sets the actual rules is secondary legislation - this can be passed with little or no scrutiny, and require a majority of MPs to vote against it in a seperate vote that the MPs initiate later, only once it's passed.

          The only limits to this are if the primary legislations limits cannot be read in a way to cover the powers required.

          However, in this case, the definition of 'operator' is 'a postal or telecommunications operator', and that is further defined as 'someone who provides a postal or telecommunications service'.

          Which is comedically vague, and can be (without violating the terms of primary legislation) read to mean anything from large ISPs to individuals controlling open source projects.

          It most certainly - for example - includes people who operate random wifi hotspots who may be required to install certain software or do certain things.

          1. TimB

            Re: Well...

            My postman "provides a postal or telecommunications service". Does he have to tell the Government if he gets an Xbox for christmas?

          2. John Brown (no body) Silver badge

            Re: Well...

            "includes people who operate random wifi hotspots who may be required to install certain software or do certain things."

            Will they? It seems to me that only the "big boys" will be affected as it stands due to the proviso in the bill which states "CSPs subject to a technical capacity notice".

            So those smaller ISPs who are nit currently subject to website block orders today will not be subject this backdooring. I may be wrong now, and will almost certainly be wrong as feature-creep sets in, but at least for now they won't be enforcing this on smaller companies without the money and resource to do and not on individuals either.

    3. Nick Ryan Silver badge

      Re: Well...

      What's particularly galling is that a pathetic nut job murdered a popular MP who was generally regarded as doing what she was meant to be doing: representing the people who elected her to represent them compared to Ms May who has her own personal agenda of an all invasive (thought) police state that many experts have clearly stated has no benefit to the electorate, particularly in what is meant to be a leading democracy in the "free" world.

    4. Baldy50

      Re: Well...

      http://www.sciencealert.com/this-best-selling-vpn-deal-will-protect-your-online-privacy

      Till they make them illegal.

    5. J. R. Hartley Silver badge

      Re: Well...

      She's a fucking cunt

  2. Winkypop Silver badge
    Flame

    Dad

    What did you do in the Revolution?

    1. Voland's right hand Silver badge

      Re: Dad

      There will be no Revolution here.

      A per-requisite for a revolution is the ability of likely-minded individuals to organize, prepare and serve as the catalyst for the masses to rise.

      Let's see:

      1. Organize. Let's face it - the current surveilance and anti-encryption laws guarantee that this does not happen. The government was taken by surprise 15 years ago by the fuel blockade protests and it has been ensuring that it never happens again. No organization for the proles. Ever.

      2. Prepare. Right, British law is pretty adamant on the "prepare" bit - any preparation falls under possessing materials "useful for terrorists", so this was taken care of by the previous Evil Witch.

      3. Masses to rise. Masses which are glued to the 42 inch TV set watching "I am a celebrity, get me out of here" buried under a pile of Hello, OK and Sun on Sunday are not rising any time soon. The most they will rise will be for a new bag of crisps. The masses may riot, but they will NOT rise.

      So the answer to "Dad, what did you do in the Revolution" will be "Nothing as there was not one".

      All we have left is to watch the new Great Chancellor(ess) rise and pray for the coming of Edmon Dantes (He was my father, he was my mother, he was my brother).

      1. theModge

        Re: Dad

        @Voland's right hand

        I wish you were wrong...possibly. Revolutions are messy and people who are good at leading them are not often good at governing.

        People generally won't rise whilst they still have food - countries get away with far lower standards of living than us without trouble. Note that a constantly rising standard of living has protected the Chinese regime - even a pretence at democracy isn't necessary.

        All that said I'd buy a lottery ticket with a chance of winning the right to shoot the pry minister (given how many would want in on that after the revolution it seems the only fair way)

      2. technoise

        Re: Dad

        Why do you think, long ago, in the pre-internet days, the government had to be dragged kicking and screaming to allow citizens to talk to each other by CB radio?

        1. io91

          Re: Dad

          To be fair, from the end of the war, through the darkest days of the cold war the UK government allowed people to communicate with anyone in the world (including the Soviet Block) through the amateur radio service. This was at a time when monitoring spectrum was orders of magnitude harder than it later became with the advent of SDR and wideband recording as we have it today.

          The CB debate was really about whether people needed to be technically qualified, and given the complexity and reliability of radio equipment at the time that was a reasonable demand. The second aspect of the CB concern conformance with international radio regulations which did not recognize operation for that purpose on the frequencies that CBers were using.

      3. BillG Silver badge
        Paris Hilton

        Re: Dad

        @Voland's right hand, it has to be done the way the Dems are doing it in the States right now. Get only maybe a hundred protesters, but bus them to different locations and claim it's spontaneously different demonstrations by different people.

        Paris Hilton icon, for insincere sincerity.

      4. Flywheel Silver badge

        Re: Dad

        "3. Masses to rise. Masses which are glued to the 42 inch TV set watching "I am a celebrity, get me out of here" buried under a pile of Hello, OK and Sun on Sunday are not rising any time soon"

        That's the most depressingly truthful thing on this subject I've ever read.

        1. Naselus Silver badge

          Re: Dad

          What the hell has it got to do with the masses?

          There's an old saying: When the poor go hungry, that's normal. When lawyers go hungry, empires fall.

          No-one really cares if the masses suffer. When educated middle-class types find themselves threatened, that's when the shit hits the fan. That's why it's usually colonels, doctors or lawyers who lead revolutions and coups. The masses generally figure they'll be screwed either way, but like to see the rich and powerful fall regardless.

          Which is more or less the exact setup we've been producing in the West for much of the past 20-30 years; the degree mill followed by the recession has produced a huge number of extremely highly-educated young people who now cannot get the good jobs that were promised to them when they signed up for university, and so are struggling along with large amounts of debt and still going hungry. That's fertile soil for revolutionaries.

          That's why so many people are already being radicalized by various nutjob causes like the alt-right or ISIS. The number of militia groups in the US has tripled in the last 5 years. Most of Europe is a recruitment ground for radical Islamist groups in the Middle East and far-right ultranationalist groups. I don't think we're likely to see some spontaneous civil wars, but a political revolution getting out of hand and turning violent is far from out of the question at present. Real revolutions take years or decades; the old order crumbles and the violence comes when the power vacuum is well advanced.

      5. Steve the Cynic Silver badge

        Re: Dad

        "The masses may riot, but they will NOT rise."

        Eric Blair wrote a book about that, published in 1948. 'Course he didn't write it under that name, and his timescale was a bit short, but one important observation in /1984/ was that the proles would never rise. The masses you mentioned *ARE* the proles he was talking about.

    2. Oh Homer Silver badge
      Big Brother

      Re: Dad

      Here's what I did, son...

      1. Got a VPN privacy service with servers located beyond the grasping clutches of the NSA/GCHQ.

      2. Used local asynchronous encryption on everything sync'd to Cloud storage, protecting everything in the Cloud whether or not the respective service actually supports encryption.

      3. Used whole disk encryption on everything else, including the system partition and backups.

      4. Stopped using email entirely, and switched to Bitmessage, pseudonymous social networking via VPN, and darknets.

      Although frankly, the way things are going, I think I'm just delaying the inevitable. Under the circumstances probably the only realistic, long-term measure you can take to defend your civil liberties ... is to get a passport.

      1. Charles 9 Silver badge

        Re: Dad

        "1. Got a VPN privacy service with servers located beyond the grasping clutches of the NSA/GCHQ."

        The government will then block those VPNs so the ONLY ones you can access are domestic and open to spying. Since OpenVPN requires specific credentials like IPs in their configurations, these credentials can be read and blocked.

        "2. Used local asynchronous encryption on everything sync'd to Cloud storage, protecting everything in the Cloud whether or not the respective service actually supports encryption.

        3. Used whole disk encryption on everything else, including the system partition and backups."

        See xkcd and the monkey wrench, unless you're wimpy or masochistic.

        "4. Stopped using email entirely, and switched to Bitmessage, pseudonymous social networking via VPN, and darknets."

        Serverless systems like Bitmessage, freenet, and so on are murder on data allowances. Plus what if the people you want (or NEED) to talk to don't use that stuff or have such tight data allowances it's not an option?

        "Although frankly, the way things are going, I think I'm just delaying the inevitable. Under the circumstances probably the only realistic, long-term measure you can take to defend your civil liberties ... is to get a passport."

        Which is less useful a prospect when more and more countries fall victim to the data grab. What'll you do when EVERY country starts doing it (including the EU when they abandon their privacy directives as ink on a page)?

        1. Oh Homer Silver badge
          Holmes

          Re: Dad (@Charles 9)

          I'm just following the natural progression of countermeasures available to me at any given time.

          The prospect of those countermeasures being blocked and/or criminalised in the future is a bridge I will have to cross, if and when that happens, but I have no power to prevent that eventuality, and currently there are no other alternatives*, so I'm compelled to use what's available.

          It does in fact seem very likely that VPN will either be blocked/restricted by technical measures in the future, or criminalised, or both, given the increasingly oppressive regime we live under. Strictly speaking, VPN and everything else that uses encryption is already criminalised under RIPA - legislation that dispenses with habeas corpus and the presumption of innocence, and compels you to reveal passwords or face imprisonment, without the need for evidence of any further wrongdoing. But again, this is currently the only option* available, "illegal" or otherwise.

          As for the "monkey wrench" (a.k.a. "rubber hose") vulnerability, again if your regime is so oppressive that you're subject to government kidnapping "extraordinary rendition" and torture "enhanced interrogation", then all bets are off, the question of technical measures becomes moot, and your only reasonable option* is to leave.

          * (One possible solution is plausible deniability, but current implementations are difficult and somewhat flawed.)

          The fact of any effective countermeasure being difficult or unpopular is also moot, given that it's your only option. It's also worth bearing in mind that there's a direct correlation between the popularity of such countermeasures and the degree of oppression. Eventually even the least technically adept in an oppressive regime will be conditioned into accepting complex countermeasures as a necessary evil. History teaches us how even ordinary folk adapt to the harsh conditions of oppression.

          The one saving grace is that, if all else fails, you can always escape to a freer society. The question of what to do in the event that no such society exists any more only has two possible answers: revolution or slavery.

          1. LittleTyke

            Re: Dad (@Charles 9)

            Get a copy of Ray Mears' Survival books, then become a hermit in the wilds of Canada. That country is so vast, you'll never be bothered by the authorities. Probably plenty of freshwater fish to catch and eat.

            What is happening now is beyond, way beyond, the Nazis' wildest dreams of world domination. And we're just letting it happen.

  3. heyrick Silver badge

    How long until

    The EU wakes up and shuns British based Internet services?

    1. Warm Braw Silver badge

      Re: How long until

      Those bits of the EU previously more committed to data protection seem to be less concerned, suddenly.

      And note that the intent of the Act is largely to legitimise activity that was already going on and was "perfectly legal" until it turned out perhaps not to be. Very little, if anything, has changed in practice.

      1. Dan 55 Silver badge

        Re: How long until

        ISP logging, the right to order website/software/app makers how to encrypt and back-door their products, and a vast array of government departments getting data from the first two with little oversight has changed.

      2. streaky Silver badge

        Re: How long until

        the intent of the Act is largely to legitimise activity that was already going on

        No, no it isn't.

        ISPs were not logging this data because it wasn't required for billing, unlike say phone records. That's entirely new capability. It also doesn't legitimise or de-legitimise anything GCHQ were up to, nor does in grant on oversight to civilians to take them to any sort of task; even if we assumed they were capable.

        1. Bagpuss
          Big Brother

          Re: How long until

          But whereas previously your complete browsing history was recorded by a pseudo-legal system under the pretext of National Security, and presenting that as evidence in a court of law would involve admitting their capabilities, now they can just print out the logs from the ISP and present that.

          1. Destroy All Monsters Silver badge
            Big Brother

            Re: How long until

            Meanwhile the Merkel Govnm't intends to go full retardretreat on the customary attention to data protection, I really don't know what's going on: Germany planning to 'massively' limit privacy rights

            The bill would also shut down citizens' right to know what data is being collected about them - even by private firms, if releasing that information would "seriously endanger" a company's "business purposes," the SZ quoted the draft as saying. Thilo Weichert, former data protection commissioner for the state of Schleswig-Holstein and now DVD board member, condemned de Maiziere's plans as a "massive" erosion of privacy in Germany.

            I feel an Angry Election will be next.

          2. streaky Silver badge

            Re: How long until

            But whereas previously your complete browsing history was recorded by a pseudo-legal system under the pretext of National Security, and presenting that as evidence in a court of law would involve admitting their capabilities, now they can just print out the logs from the ISP and present that.

            All they can say is you connected to a server at a certain time, which in most cases would also include thousands or millions of other people at the same time. That's not evidence of any sort. So yeah, what's this law for again?

    2. Tom Paine Silver badge

      Re: How long until

      The EU wakes up and shuns British based Internet services?

      Why would they? (a) the French and Germans certainly do the same sort of thing, and it's very likely that most other of the EU27 have some sort of lawful intercept capability; (b) there's a national security get-out clause in both the DPPD and NDPR.

    3. Anonymous Coward
      Anonymous Coward

      Re: How long until

      The EU wakes up and shuns British based Internet services?

      The unelected commission will lap up this and force its use in all EU countries. The EUSSR has been looking for some country to start this and are very annoyed by Brexit removing the UK from the fold.

    4. Anonymous Coward
      Anonymous Coward

      Re: How long until

      How long until

      The EU wakes up and shuns British based Internet services?

      Sadly, not only is that not going to happen, signs are that the EU is moving towards the US (and thus the UK) with respect to the protection of privacy, for a very simple reason: US lobbying.

      US companies have realised that there is no fixing of the Human Rights mess they made at home, so to protect their sales they are working on the next best thing: making EU privacy protection just as weak. UK's new snooping charter is but one example of others in the make, all based on the same old terrorism excuse and all suspiciously devoid of transparency.

      At least that will not be a hard one to re-negotiate post Brexit: the UK seems now ahead of events, and just as much heading back to Medieval times as a Trump driven US will be.

      Don't give up.

  4. Steve Davies 3 Silver badge

    In other news...

    The takeup of VPN services in the UK has rocketed.

    cause and effect Prime Minister?

    1. Voland's right hand Silver badge

      Re: In other news...

      If they are operating in the UK they have a legally mandated provider side backdoor now.

      1. DavCrav Silver badge

        Re: In other news...

        "If they are operating in the UK they have a legally mandated provider side backdoor now."

        You mean, if they have an office here. If they are based abroad, why exactly would they give a fuck what British law says?

      2. Paul Crawford Silver badge

        Re: In other news...

        Why on Earth would you choose a UK-based VPN provider now?

        In fact, why would you trust any UK-based company with data that might be of commercial use to the UK/USA given that we have no oversight as to why of if any interception is mandated?

        1. Charles 9 Silver badge

          Re: In other news...

          Bet you any non-UK VPNs will be blocked by order. And circumventing them made a terrorist offence. Then what?

          1. Paul Crawford Silver badge

            Re: Then what?

            Simple - I move myself and my business overseas and some other country get my tax instead.

          2. phuzz Silver badge
            Facepalm

            Re: In other news...

            Non-UK based VPNs include the ones that every company that has a branch office UK uses to talk back to head office. And when said companies include, eg, Goldman Sachs, do you really think the UK government is going to ban them?

            Banning VPNs would be economic suicide on par with the UK leaving...oh, wait a minute...

            1. Charles 9 Silver badge

              Re: In other news...

              "Non-UK based VPNs include the ones that every company that has a branch office UK uses to talk back to head office. And when said companies include, eg, Goldman Sachs, do you really think the UK government is going to ban them?"

              Yes, because you still have the requirement of having a local presence in order to bank in the UK, and I've never heard of a business willingly completely abandon over 100 million people and loads of money just to dodge a law (which is what your suggestion would require). Doing the same in the US would be even harder because it has more people and more money.

              1. CRConrad

                "Over 100 million people" ?

                Charles 9 writes: "...requirement of having a local presence in order to bank in the UK, and I've never heard of a business willingly completely abandon over 100 million people and loads of money just to dodge a law"

                What, did the UK population just grow by 50 % overnight?

                1. Charles 9 Silver badge

                  Re: "Over 100 million people" ?

                  Sorry. Was thinking Germany. Still, abandoning an entire country and its numerous people usually isn't a move to be taken lightly since that's denying potential customers. Why do you think so few people are so eager to abandon China (with its 1-billion-plus top-of-the-world population) in spite of its shameless human rights abuse?

                  To paraphrase, money talks, all else walks.

      3. Halfmad

        Re: In other news...

        but at least they don't have to log everything you're doing - yet.

        Doesn't help when it's all being intercepted by GCHQ though.

      4. Robin Bradshaw

        Re: In other news...

        Why would you use a UK VPN provider? the whole point of them is to make it look like you're in the US so you get the good Netflix :P

        Im curious though, where is the going to leave use after we get kicked out of the EU, what with all that hooha a while back with the US government having to cook up safe harbour and pinkie swear they werent going do bad things with EU citizens data.

  5. David Roberts Silver badge

    Provided by?

    They can be made to back door their encryption products on their platform.

    Still can't touch stuff encrypted on your PC for decryption on another PC. VPN to an endpoint outside the UK doesn't seem to be covered either, nor does a secure connection to your bank.

    I thought encryption back dooring was aimed at the protocols themselves.

    1. streaky Silver badge

      Re: Provided by?

      The key here is for people providing services to use libraries that are sourced from outside the UK and there isn't really anything the govt can do even if they wanted. My reply to such a demand in my software would be along the lines of "go talk to the openssl guys, I can't help you I'm not a cryptologist".

      There main specific concern here is nobody is going to trust UK crypto products ever again (assuming anybody ever did) and nobody is going to set up business here doing any kind of crypto work, but again it's not as if anybody ever seriously did anyway.

      1. Wayland Bronze badge

        Re: Provided by?

        Personally I don't think us software engineers need to do anything at all. Once everyone runs Windows 10 GCHQ has access to all of everyones data, passwords, bank accounts, the lot. As soon as you boot Windows 10 your PC's icon lights up on GCHQs huge Teamviewer screen.

        1. bobblestiltskin

          Re: Provided by?

          What is this Windows thing of which you write?

    2. Paul Smith

      Re: Provided by?

      Yes they can touch personal encryption. It is currently a jail-able offence to not reveal an encryption key when demanded - even when it is not possible to prove that there is anything encrypted.

      1. streaky Silver badge

        Re: Provided by?

        It is currently a jail-able offence to not reveal an encryption key when demanded - even when it is not possible to prove that there is anything encrypted

        This law is totally untested in the higher courts, and is the antithesis of various parts of fundamental UK constitutional law. Every time it's ever looked like being tested the governments that have been around since it's been enacted have ran away screaming - it's only there to scare people into cooperation.

        1. Anonymous Coward
          Anonymous Coward

          Reveal your keys or face imprisonment

          "This [reveal your keys or else] law is totally untested in the higher courts,"

          Is that so? Aren't there already cases where people have been locked up?

          1. Yet Another Anonymous coward Silver badge

            Re: Reveal your keys or face imprisonment

            Yes but they were all poor and being prosecuted for terrorism/child abuse with lots of other evidence so no money to take it to a higher court and no public sympathy.

            Good to get a lot of precedence set before you use it on journalists or human rights lawyers who might have the money and lawyers to take it further

      2. Anonymous Coward
        Anonymous Coward

        Re: Provided by?

        I would think that is the sort of freedom it's worth going to jail for.

      3. Richard Simpson

        Re: Provided by?

        "It is currently a jail-able offence to not reveal an encryption key when demanded"

        Yes, but that costs money! This law is all about bulk surveillance and you can only do that if the cost per suspect (sorry, citizen) is minimal. The process of demanding encryption keys involves people actually going around doing the demanding together with lots of expensive paperwork. Feasible for hundreds of suspects, but not for tens of thousands.

        I already have a VPN to a trusted overseas supplier (my mother-in-law) using only open source software which can't have been backdoored by HMG. Now, maybe one day PC Plod will turn up and demand the key. I will of course hand it over after slightly less than the maximum time allowed. They will spend ages searching for whatever interests them and presumably find nothing (yes, they could plant some evidence and convict me of any offence they like, but they could do that just as well last month). I will then re-build everything from scratch, create a new key and we can do the whole charade all over again if they want to spend some more money.

        I don't mind GCHQ reading all my email and files provided that they have to work for it!

        1. Charles 9 Silver badge

          Re: Provided by?

          "I already have a VPN to a trusted overseas supplier (my mother-in-law) using only open source software which can't have been backdoored by HMG."

          Oh? You ever thought they CAN backdoor or crack it but simply haven't told anyone?

  6. David L Webb

    GDPR

    I was at a meeting yesterday where I was told that the Government had confirmed that they would not only implement the GDPR but wanted to make it stronger since they saw having strong data privacy in the UK as a selling point for the UK in a post-brexit world. This provision for implementation of government mandated backdoors in software appears to totally undermine this. After brexit companies doing business in the EU would no longer be able to rely on the UK implementation of the GDPR since the EU are bound to consider this as making the UK implementation unsatisfactory.

    1. Voland's right hand Silver badge

      Re: GDPR

      Left hand, let me introduce you to the right hand. You are apparently attached to the same body, but you never met before and you have no clue what the other one is doing.

      A case similar to Schrems brought in front of Eu court of justice will render any agreement Britain tries to concoct with Europe obsolete in 15 minutes.

      In any case, we live in the post-agreement age. This is one of the fallouts from Snowden. The fact that everyone is violating basic data privacy required by these has come out in the open and cannot be ignored now. So the future is (like it or not) of locating data in the jurisdiction of your customers. From that perspective, does Britain implement GDPR or not is irrelevant - once article 50 procedure is complete it will not be processing any data any time soon.

  7. Ole Juul Silver badge
    Coat

    stumbling blocks

    If a Cabinet minister decides she wants a backdoor to be introduced into some software, is there anything that can stop him or her?

    Ability to code? Closed source? Lack of commit rights?

    1. Voland's right hand Silver badge

      Re: stumbling blocks

      Not the case. It applies to a CSP - communication service provider. While this is an expanded definition (most prior regs applied only if you paid for your telecoms service provider license), it does not yet apply to software developers.

      The assumption (and rather incorrect one) by the government when pushing for Putin/Bush laws in the UK is that what and how is encrypted is determined by the communications service provider as a matter of configuration. So if a communications service provider procures a piece of software + hardware it WILL have lawful intercept and they solely have to configure it so it works and make sure that the product definition does not allow for a configuration where it does not.

      What exactly does all of this mean is unclear until the government has tried to enforce the law and prevent a CSP from deploying an encryption product which has no lawful intercept and or has tried to enforce the law and implement lawful intercept on something that requires significant extra effort from the CSP - f.e. intercepting traffic on a VPN concentrator run in the cloud.

      This is made "doubly interesting" by the fact that while a telecommunication service provider business in the UK has some level of licensing, the definition of CSP is so loose - it can apply to anyone. There is no licensing either. Even Joe Average Sysadmin Bloke who has spun up a VPN concentrator in his home to run a VPN between his house and the (grand)parents can be considered a CSP - he provides service.

      1. TonyHoyle

        Re: stumbling blocks

        The definition is so loose that running an open wifi point could make you one. A&A used to (possibly still do) have a check box you could set saying 'I am a CSP'.

  8. Anonymous Coward
    Anonymous Coward

    FB, Google, Twitter etc release our data anyway

    "And in the broader picture, will the UK government be able to force the likes of Twitter or Facebook or Google or Apple to introduce backdoors and/or hand over user data?"

    I vehemently disagree with the bill for many reasons but as for the above - the likes of Google, FB, twitter don't exactly put up a fight at the moment to release data to the authorities. Really, it's a form-filling exercise with very little cross-checking. So, why the pressure for backdoors?

    Step one towards banning on private-use VPNs?

    1. Dan 55 Silver badge

      Re: FB, Google, Twitter etc release our data anyway

      There usually has to be a court order. The govt would just like to stick someone's details in and get a list back from every ISP and communications provider in the country for that person.

      1. Anonymous Coward
        Anonymous Coward

        Re: FB, Google, Twitter etc release our data anyway

        (same oc here)

        You'll be surprised.... Like I said, they stopped asking for details and just accept the form and dish over the data.

    2. Charles 9 Silver badge

      Re: FB, Google, Twitter etc release our data anyway

      "Step one towards banning on private-use VPNs?"

      How about just step one towards banning all unsanctioned encryption? And thanks to automated media manglers and data parsers, it'll be hard to hide enough pure cryptogaphic data passing those systems without leaving tells.

  9. Anonymous Coward
    Anonymous Coward

    Theresa Stasi May

    A fascist right wing authoritarian nutjob.

    1. tiggity Silver badge

      Re: Theresa Stasi May

      You missed out god botherer

      1. dwt

        Re: Theresa Stasi May

        And female. And white. Don't forget that.

    2. John Smith 19 Gold badge
      Gimp

      Re: Theresa Stasi May. A fascist right wing authoritarian nutjob.

      Which neatly points up that both the hard left Stasi and Mays hard right views are pretty much the same.

      What's the difference between a Fascist jackboot on your neck and a Communist jackboot on your neck?

      For most people, nothing.

      The real line is between Authoritarians and Democrats. One believes in the rule of the people, one the rule of the people, by themselves. I'll leave readers to work out which.

      1. lglethal Silver badge
        WTF?

        Re: Theresa Stasi May. A fascist right wing authoritarian nutjob.

        You have to wonder how utterly shite the other candidates must be in Theresa May's constituency for the People of Maidenhead to constantly re-elect her (5 times!!!).

        Can I suggest that perhaps Darth Vader should stand against her in Maidenhead next time, the People there seem to like despots!

        1. Arthur the cat Silver badge

          Re: Theresa Stasi May. A fascist right wing authoritarian nutjob.

          You have to wonder how utterly shite the other candidates must be in Theresa May's constituency for the People of Maidenhead to constantly re-elect her

          People rarely vote for the individual, they vote for the party they stand for. My (city) constituency is a marginal and has had MPs from four different parties in the time I've lived here, but the surrounding county one would vote in a dog turd if it was wearing a blue rosette. Some would argue they already did that in the past. (Current MP isn't that bad.)

  10. Dan 55 Silver badge

    This is the last backdoor

    As soon as an ISP or a call or messaging service or forum is served a notice that the government wants to start messing about, they are unable to make it public.

    Unless there are leaks by developers or something, but that will also be difficult to do when everything's recorded.

    As a foretaste, Hunt has just said yesterday he wants messaging swrvices to ban sexting for under 18s. You know, for things that 16 and 17 year olds can do legally and under 16s do anyway if so inclined. Of course this can only done by digital ID for everyone.

    1. wolfetone Silver badge

      Re: This is the last backdoor

      "As a foretaste, Hunt has just said yesterday he wants messaging swrvices to ban sexting for under 18s. You know, for things that 16 and 17 year olds can do legally and under 16s do anyway if so inclined. Of course this can only done by digital ID for everyone."

      When was sharing naked photos of under 18's ever legal?

      1. Dan 55 Silver badge

        Re: This is the last backdoor

        What sense does it have to ban sexting between two 16 or 17 year olds who are having sex? When was sexting prosecuted if it wasn't a case of revenge porn? Do over 17s never do revenge porn?

        At the very least the suggestions could be made to make the law more sensible instead of exacerbating its problems and forcing digital ID by the back door.

      2. Anonymous Coward
        Anonymous Coward

        Re: This is the last backdoor

        "When was sharing naked photos of under 18's ever legal?"

        In the UK - before the Sexual Offences Act 2003.

        That act rolled up all under-18s into one definition of "children". Previously 16/17 had been a separate category where only poses approaching hard pr0n were illegal. That was why the Sun had to stop using Page 3 pictures of women aged 16/17.

        Naked pictures of under-16s were not per se illegal in the 1970s. The recently deceased photographer David Hamilton made a mainstream career from it. He was commissioned by many major companies for products aimed at young women. It was only in the following decades that even clothed poses could be subjectively classed as "provocative" and illegal.

      3. yossarianuk

        Re: This is the last backdoor

        Before the Blair government

        You used to get naked 16 yr olds in tabloids regularly, the Sundam Sport has a countdown to Linsey Dawn McKenzie's 16th birthday when she was 15, when the countdown was over they showed her tits.

        1. anonymous boring coward Silver badge

          Re: This is the last backdoor

          "You used to get naked 16 yr olds in tabloids regularly, the Sundam Sport has a countdown to Linsey Dawn McKenzie's 16th birthday when she was 15, when the countdown was over they showed her tits."

          That's a quality publication, that is! Real quality.

    2. Phil O'Sophical Silver badge

      Re: This is the last backdoor

      As soon as an ISP or a call or messaging service or forum is served a notice that the government wants to start messing about, they are unable to make it public.

      So, what if ISPs issue a statement every Monday morning saying that they have not been served with such a notice, would that be legal? Then if, one Monday, they didn't issue the statement...

      A bit like the old AA patrolmen who used to salute members to warn them of speed traps. When that was outlawed they decided to salute all members. Of course, sometimes they forgot...

      1. LewisRage

        Re: This is the last backdoor

        The term is Warrant Canary, currently used by services that may be subject to US based request for information that also inclues a gagging order.

        Basically you post a sentence that says 'We have not been subject to a request to introduce backdoors for government surveillance'.

        When that request does come in you remove the sentence and everyone can infer that this means you have received the request. It avoids the explicit ban on informing users directly of the request. I'd be surprised if the UK gov haven't made this illegal also, although I haven't read any of hte text so thats a complete guess.

        1. Anonymous Coward
          Anonymous Coward

          Re: Warrant Canary

          Judges are not that stupid. Probably even juries are not that stupid. It will be clear to everyone that by removing the warrant canary, you have informed the users that you received such a warrant. It's fantasy to think that warrant canaries provide some sort of legal escape route.

          1. Dr. Mouse Silver badge

            Re: Warrant Canary

            "It's fantasy to think that warrant canaries provide some sort of legal escape route."

            I do not know how someone could be prosecuted for it, though.

            You place a factual statement, which is not illegal, on your website. When asked to provide info, that statement is no longer factual. You *Must*, therefore, remove it from your website, or else be done by, say, ASA. Or even be sued when someone finds out. If this is classified as having informed the public, you are put in the position of having to do one illegal thing or another.

            If I was on a jury in a case like this, I would conclude that the catch-22 was a get out. No matter the judges instructions, I would find not guilty, as it was the only moral thing a person or company could do in that situation.

            1. Roland6 Silver badge

              Re: Warrant Canary

              You place a factual statement, which is not illegal, on your website.

              Err, it might be best to post the public warrant canary on a foreign website (shades of the spycatcher case) and control it via a 1x1 traffic light pixel on your own website.

              1. Charles 9 Silver badge

                Re: Warrant Canary

                I think you can be compelled to lie by court order or have breaking the canary a contempt offense that doesn't require a jury.

            2. Anonymous Coward
              Anonymous Coward

              Re: Warrant Canary

              "I do not know how someone could be prosecuted for it, though."

              It's simple. If you removed the warrant canary (by action or inaction), you have informed people that you received a warrant. That is, after all, the entire purpose of the warrant canary. If there is a law, or a court order, forbidding you from revealing that you received the warrant, then you have broken that law or court order.

              There are defences of necessity or duress that can be used in English law, but they can only be applied in extremis. It could apply if you were forced to rob a bank by a criminal holding your family at gunpoint, for example. But if you're charged with cannabis possession, which you take for medicinal purposes because you have MS, a defence of necessity will fail - not necessary enough. Similarly, breaching advertising standards regulations is not going to provide sufficient necessity for breaking a law that's supposedly there for national security. Conceivably it could work the other way round though: you might be able to defend a false advertising charge by showing how you were compelled to make the false statement to "help defeat ISIS" or whatever.

        2. TonyHoyle

          Re: This is the last backdoor

          It's an interesting problem. Triggering a warrant canary - even by inaction - could be considered informing the public, so in that case can the law compel someone to lie?

          You could even contrive a warrant canary such that the only way to fake it would be to break the law. Can the law compel someone to break the law?

    3. Tom Paine Silver badge

      Re: This is the last backdoor

      As a foretaste, Hunt has just said yesterday he wants messaging swrvices to ban sexting for under 18s

      If you read the reports in this morning's press you'll see he's labouring under the delusion that WhatsApp, SnapChat or whatever can just flip a switch and turn on a natural language processing AI that can parse English (including all the slang, dialects, patois, loan words etc) and detect sexual content. Which, obviously, they can't. It's just another ignorant politician calling for the moon on a stick to try to curry favour with readership of the Daily Mail.

  11. Anonymous Coward
    Anonymous Coward

    IT happened here!

    It really did!

  12. wolfetone Silver badge

    RIght so can someone answer me this:

    If there is to be backdoors to encryption, where is the backdoor? Is it to the protocol or to the encryption service? I highly doubt it'd be the protocol, so to my mind it is referencing the the provider. But, realistically, if I use a company based in the USA or Switzerland, how much weight can the law in the UK have outside of these shores? It feels like the Government can ask, stamp their feet, but the provider can just ignore it?

    Further to a point Voland's Right Hand made: "If they are operating in the UK they have a legally mandated provider side backdoor now." - again, is this for a VPN company that's based here or has an endpoint here?

    The second, more important point is this: What the actual fuck do we do now?

    1. Phil O'Sophical Silver badge

      Yes, it's pointless

      And if you encrypt your message using your personal cipher software before even passing it to the provider, no number of legal backdoors at the ISP will allow the government to read your message, even if they have the whole contents served to them on a plate. Of course, possessing such software could be made illegal, but if you're planning a terrorist atrocity you're unlikely to be deterred by that.

      It's like DRM, it will make no difference whatsoever to the criminals, and will just inconvenience and criminalise ordinary people.

      1. Graham 7

        Re: Yes, it's pointless

        Indeed it will have the opposite effect.

        Currently: VPNs are used by (more informed) terrorists and tin foil hat types. Filtering out the latter is easy enough.

        Future: VPNs are used by terrorists, tin foil hat types, and a *lot* of normal people who just want to check out angry hamster videos, also their families, their friends.

        Basically, a signal that likely is used to identify something potentially of interest to the security services is now lost in the noise.

      2. Kiwi

        Re: Yes, it's pointless

        but if you're planning a terrorist atrocity you're unlikely to be deterred by that using email anyway.

        FTFY

    2. Tom Paine Silver badge

      What the actual fuck do we do now?

      Forget about it and worry about something worth worrying about, like the forthcoming climate-change induced collapse of civilisation as we know it, instead?

    3. Charles 9 Silver badge

      Any country can just block uncooperative IPs and make working around them a terrorist offense.

      1. Kiwi
        Holmes

        Any country can just block uncooperative IPs and make working around them a terrorist offense.

        Lots of things are terrorist offences these days, esp over there it seems. Offence to be in possession of things that could be of use/interest to a terrorist, right? And that fella with the truck in France (or wherever it was) recently? Or a car? (after all, lots of "terrorists" use "car bombs").

        Hell, this post of mine could be considered to in some way be promoting terrorists or of interest to them or....

    4. Anonymous Coward
      Anonymous Coward

      Tor

      It's designed for governments like these.

    5. Al fazed
      Happy

      GYO

      Grow Your Own.

      It's nothing new, just not much thought about in IT circles it appears.

      1. yossarianuk

        Re: GYO

        I didn't think we were talking about weed?

        1. Charles 9 Silver badge

          Re: GYO

          Homegrown encryption is likely to be breakable. If nothing by torture unless you're wimpy or masochistic.

          1. Anonymous Coward
            Anonymous Coward

            Re: GYO

            "Homegrown encryption is likely to be breakable."

            Where would readers classify a one-time pad?

            More DIY than home-grown. Also, guaranteed unbreakable?

            https://en.wikipedia.org/wiki/One-time_pad

            1. Charles 9 Silver badge

              Re: GYO

              But also hard to CONCEAL. That's always been the weakness of the One-Time Pad: you have to protect the pad. PLUS it's symmetric, so two parties possessing the same chunks of data are immediately both linked AND suspect.

              1. Anonymous Coward
                Anonymous Coward

                Re: GYO

                so two parties possessing the same chunks of data are immediately both linked AND suspect.

                Oh dear, my friend and I both have copies of Lord of the Rings. If he uses it as a one-time pad, I'll get locked up for being a terrist?

  13. Mr Dogshit Silver badge

    Food Standards Agency given power to read everyone's browsing history

    Is the headline in the Independent

    http://www.independent.co.uk/life-style/gadgets-and-tech/news/investigatory-powers-bill-snoopers-charter-passed-royal-assent-spying-surveillance-a7445276.html

    1. Tom Paine Silver badge

      Re: Food Standards Agency given power to read everyone's browsing history

      Did you miss the point where Evgeny Lebedev closed the print Indie and turned the online version into a skeleton-staffed clickbait mill?

      1. yossarianuk

        Re: Food Standards Agency given power to read everyone's browsing history

        But the food standard agency really do have access to your browsing history now.

        I miss your point.

        1. Roland6 Silver badge

          Re: Food Standards Agency given power to read everyone's browsing history

          But the food standard agency really do have access to your browsing history now.

          And...?

          Didn't you know they and all the other agencies listed in the bill already had access to this information if they so desired? I suggest you read the draft bill for details.

  14. Hugh Barnard

    Canaries

    Does anyone have ideas about the legal status of 'canaries' (notices that they have NOT been asked to supply data/logs etc.)?

    When a request by the government, GCHQ etc. IS made they 'lapse', thus avoiding provisions made by the government that no-one can be informed. https://riseup.net/ the left-wing provider has used this technique in the past, anyway. Obviously, the problem is not solved, but, at least it's 'signalled'.

    1. JimmyPage Silver badge
      Stop

      Re: Canaries

      Why take the risk ?

      Just shift all your traffic to an offshore VPN and be done with it.

      1. Anonymous Coward
        Anonymous Coward

        Re: Canaries

        "Just shift all your traffic to an offshore VPN and be done with it."

        And how long do you think that will be an option?

        There will still be VPN access in the UK, but only to *authorised* VPNs run by household names (BT and friends).

        All other VPNs will be blocked at ISP/wholesale level (who cares whether it's practical or not), as they are useful accessories to terrorist/paedophile/unBritish activity.

        Bring back the Stasi. They were probably less dangerous.

        1. yossarianuk

          Re: Canaries

          Even the Stasi didn't spy on everyone.

          1. Loyal Commenter Silver badge

            Re: Canaries

            Even the Stasi didn't spy on everyone.

            Having visited the Stasi museum in East Berlin, you'd be surprised at how many people they did spy on, and how many people they had on their payroll doing it (IIRC, it was in the hundreds of thousands). It could be argued that the unwieldy nature of this sort of paranoia was what caused the Soviet Union to collapse.

            Those who fail to learn the lessons from the mistakes of history are doomed to repeat them, and all that...

            1. Charles 9 Silver badge

              Re: Canaries

              But they didn't have today's computing power. Consider the data center in Utah that's probably a cover for a working quantum computer.

    2. Anonymous Coward
      Anonymous Coward

      Re: Canaries

      They're illegal in Australia. Then again, what isn't? AMIRITE?

    3. Charles 9 Silver badge

      Re: Canaries

      I wouldn't count on them to hold serious water. Killing canaries could be considered a contempt of a court order. And depending on the circumstances, I think you CAN be ordered to lie.

  15. Milton Silver badge

    Don't worry: it won't affect the bad guys

    Evildoers are perfectly capable of using any of the hundreds of file encryption programs available, including steganographic ones, and they will be able to exchange vast amounts of encrypted data irrespective of back doors.

    As usual, a bad and poorly drafted law will merely inconvenience the innocent, allow abuse by government and trouble the real criminals not at all.

    1. Emperor Zarg

      Re: Don't worry: it won't affect the bad guys

      Given how trivial it would be for the evildoers to circumvent, one could perhaps infer that the IP Act is not really intended to protect us from said evildoers.

    2. Graham Cobb

      Re: Don't worry: it won't affect the bad guys

      As usual, a bad and poorly drafted law will merely inconvenience the innocent, allow abuse by government and trouble the real criminals not at all.

      More seriously, it just makes the problems of actually tracking real suspects much harder.

      Most people do not have a problem with court-ordered targeted surveillance or even forced decryption as long as it is very much limited to specific targets and with real independent oversight and protections. In that world (just yesterday), you don't see much takeup of uncrackable end-to-end encryption: people are perfectly happy that big company products will protect them from criminals. There is little noise about real end-to-end encryption and almost everyone, even those on the edges of or at low levels in terrorist organisations, do not bother with them.

      But, with these over-the-top and anti-democratic powers, everyone will rapidly adopt tools just to protect their own privacy. Every teenager wanting to find information about their sexuality, or concerned about a medical issue or getting involved in political activity, will use them. So, they will quickly become completely normal and the security services really will go dark. It won't be the fault of those of us concerned about privacy, it will be the fault of the government for being so stupid!

      I can only hope that people realise this soon and punish the government at the next election for seriously endangering us with these actions.

      1. Anonymous Coward
        Anonymous Coward

        Re: Don't worry: it won't affect the bad guys

        "[...] and punish the government at the next election for seriously endangering us with these actions."

        Labour are as bad as the Tories in these respects - and we are still effectively a two party state. It is doubtful that UKIP would be any different - in fact they are the ones who appear more likely to abuse such facilities.

        The Lib-Dems have a leader who does not invite any confidence either - even though the party's ideology and track record are pro-privacy. Their support is too evenly spread across the country to get round the First Past The Post electoral handicap. Th electorate proved last time that they were willing to give the Tories a free hand - by blaming the Lib-Dems for the policies the Tories managed to get through.

        The other parties are generally insignificant. The SNP could be "spoilers" - and the Greens could benefit from a protest vote.

        It is not the English way to overthrow a government by force - such civil strife usually opens the door to a dictator.

        1. Anonymous Coward
          Anonymous Coward

          Re: Don't worry: it won't affect the bad guys

          "such civil strife usually opens the door to a dictator."

          And what do we have right now? It sure ain't democracy in any meaningful way.

          The revolution will not be livestreamed, twitted, or Periscoped.

          https://www.youtube.com/watch?v=qGaoXAwl9kw

      2. anonymous boring coward Silver badge

        Re: Don't worry: it won't affect the bad guys

        " So, they will quickly become completely normal and the security services really will go dark."

        Yes. Politicians have no clue as to the potential of technology. All they do is read some report, nod their politician's head, and approve "more protection for the people". All because an atrocity during their term in power will reflect badly upon them.

        Why don't we start comparing numbers of deaths, and see where the real dangers are instead?

        How does Islamist terrorism in the UK stack up against traffic deaths? Any politician care to raise her hand?

        There is no need for the UK to go down the "hyper-nervous, scared of its own shadow" route that USA has taken.

        1. John H Woods Silver badge

          Re: Don't worry: it won't affect the bad guys

          How does Islamist terrorism in the UK stack up against traffic deaths?"

          No need to invoke traffic... they have not even been able to keep up with stinging insects since 2000

          1. Loyal Commenter Silver badge

            Re: Don't worry: it won't affect the bad guys

            How about compared to deaths directly caused by government policies? *cough* IDS *cough*

            1. Charles 9 Silver badge

              Re: Don't worry: it won't affect the bad guys

              Look, they won't care unless it's deliberate crimes commited by humans on humans, so accidents and animal attacks won't count. Plus there's always the specter of threats to sovereign security, which are by definition existential in nature.

  16. yossarianuk

    Open source

    How can they force open source protocols to code to make it easier for the UK government to spy on its citizens?

    Take Tor for example

    1. Paul Crawford Silver badge

      Re: Open source

      Realistically you cannot trust closed source providers any more as they can be notified to change and not tell you. The big players like MS, Google, Facebook, etc, are all business-driven (mostly whoring you to advertisers) so they will just roll over and "follow local laws" no matter what.

      I'm not sure how this would go with binaries from an open-source repository - they could ask a UK based company to modify the ones distributed not to match the source but that might get caught. I guess the simple and sad fact is you have to treat any UK-based supplier of software and services as untrustworthy now since they are under this odious law.

      1. yossarianuk

        Re: Open source

        > they could ask a UK based company to modify the ones distributed not to match the source but that might get caught.

        They would do, the md5sum would be different, many package managers using gpg signatures (yum, apt, pacman) would not even allow you to install the package unless forced.

        1. tiggity Silver badge

          Re: Open source

          Don't trust checksums too much

          https://www.win.tue.nl/hashclash/SoftIntCodeSign/

    2. Tom Paine Silver badge

      Re: Open source

      They can't, of course, Duh.

  17. Pen-y-gors Silver badge

    To paraphrase Scotty

    Ye cannae cheat the laws of mathematics - pity we don't have any mathematicians in the government.

  18. JimmyPage Silver badge
    Stop

    Practical effect on UK IT provision ?

    Surely this bill must make the UK impossible as a location for IT provision to elsewhere in the world ? How many countries have laws requiring their companies to protect citizens data which means they now cannot use UK based suppliers ?

    Along with Hard Brexit and a seeming determination to rip up established treaties, this is a clear signal that the UK is closing down for business.

  19. ForthIsNotDead Silver badge

    Sorry El Reg...

    ...but I think you missed the big whopper:

    "among other things"

    AMONG OTHER THINGS? WTF is that supposed to mean? How should one interpret that one in a court?

  20. TheProf
    Unhappy

    Island mentality

    Welcome to the Great British Dictatorship.

    Please leave your ideas of democracy at the border.

    No foreigners allowed.

    No mobile devices.

    No privacy.

    Compulsory subscription to either The Daily Mail or The Daily Express.

    1. Tom Paine Silver badge

      Re: Island mentality

      Island mentality

      Welcome to the Great British Dictatorship.

      Please leave your ideas of democracy at the border.

      No foreigners allowed.

      No mobile devices.

      No privacy.

      Compulsory subscription to either The Daily Mail or The Daily Express.

      I'm sorry, but that's not even satire -- it's just bollocks.

      1. Dr. Mouse Silver badge

        Re: Island mentality

        "I'm sorry, but that's not even satire -- it's just bollocks."

        Is it?

        We have lost our rights to privacy in one fell swoop with this law.

        The public have been showing their hatred of foreigners (racist and xenophobic attacks up by a large amount since referendum).

        Democracy has been pretty bad for a while: No democratic vote has been run on an honest campaign for a fair while, all are done using half truths, twisted logic, and outright lies. Very few actually fact check anything they are told. Democracy without informed opinion is no true democracy.

        I can see a policy in future whereby a mobile device brought into the country would have to be checked for compliant (i.e. compromised) software, and confiscated if not.

        We are not quite at the point he describes yet, but that's the trajectory, and it's closer than you may think.

        1. Kiwi

          Re: Island mentality

          I can see a policy in future whereby a mobile device brought into the country would have to be checked for compliant (i.e. compromised) software, and confiscated if not.

          MicroSD, factory (or other) image, concealed somewhere on your body/luggage.. Or stored on your laptop, perhaps in one of the special "hidden" places, such as a deleted file waiting for "undelete"...

  21. Eclectic Man

    'Technically feasible'

    I read the requirement for the Secretary of State to consider the technical feasibility of the requirement to remove electronic protection as allowing for strong encryption without a backdoor. The text in the Act quoted in the article does not seem to me to require CSPs to provide only encryption services with a 'backdoor'. So if there is no feasible means of decrypting the data, that would be a defence,

    Of course, in that case the CSP may then be considered to have deliberately frustrated the powers of a Secretary of State by providing strong encryption without a backdoor. But then the CSP could argue that parliament included the feasibility statement to allow for technical considerations of whether something is in fact possible.

    The first few test cases may be interesting.

    (Now where is that article form those nice people at Pincent Masons explaining the whole thing?)

  22. Graham Cobb

    Is anyone working to overcome this?

    Does anyone know of a group that is seriously working to overcome this illiberal measure? I would be interested in contributing my time, experience, skills and maybe even money to (legal) activities designed to defeat these measures and eventually result in their replacement by sensible liberal and proportionate measures.

    I am looking for a chance to contribute to real activities, on the political, publicity, education, legal, technical and commercial fronts.

    I realise not everyone would support this -- feel free to ask about groups doing the opposite if you wish. But the time has come to go beyond the Don't Spy on Us campaign coalition and some of us with technical and commercial experience might be interested in contributing to helping people legally bypass the unacceptable parts of the IP and DE bills.

    1. Anonymous Coward
      Anonymous Coward

      Re: Is anyone working to overcome this?

      "Does anyone know of a group that is seriously working to overcome this illiberal measure?"

      Not immediately, but does the name Adrian Kennard mean anything to you and others of similar inclination? Revd Kennard is top man at boutique UK ISP Andrews+Arnold (AAISP) and has been gadding about a bit in public view on this and related issues in recent months. Even if he's not the man you want, it may lead you somewhere.

      www.revk.uk

    2. Tom Paine Silver badge

      Re: Is anyone working to overcome this?

      Does anyone know of a group that is seriously working to overcome this illiberal measure?

      Open Rights Group: openrightsgroup.org

      Liberal Democrats (the only party who opposed it in Parliament): http://www.libdems.org.uk/snoopers_charter

      1. Gio Ciampa

        Re: Is anyone working to overcome this?

        "Liberal Democrats (the only party who opposed it in Parliament)"

        And the odds of them continuing to do so if they ever get a sniff of power again...?

        1. Anonymous Coward
          Anonymous Coward

          Re: Is anyone working to overcome this?

          And the odds of them continuing to do so if they ever get a sniff of power again...?

          They stopped it completely when they were in the Coalition.

    3. Bogle

      Re: Is anyone working to overcome this?

      I'll add my +1 to Andrews & Arnold ISP [http://www.aa.net.uk/] and the Open Rights Group [https://www.openrightsgroup.org/].

      I use A&A ISP and the service is good and I pay my subs to the ORG. "Put your money where your mouth is" is a decent idea, I think. (Though my recent political bets on the results of both the EU Referendum and the USA's Presidential Election aren't good examples ...)

      1. Graham Cobb

        Re: Is anyone working to overcome this?

        Thanks for the suggestions. I also use A&A and have paid my dues to ORG and other campaign groups for many years.

        But I think the time has come to move on from campaigning to actually doing some things aimed not at geeks (like A&A) or even politicos (like ORG) but at ordinary people. I am thinking about creating apps, setting up offshore companies to provide services, creating and publicising howtos, helping commercial players understand how they need to change their policies around anonymity and Tor in the light of these UK actions, etc. I am looking for a group of people brainstorming ideas for how to actually deal with this. I would be happy to join something led by RevK if he wants to do that but, if not, is there anyone else?

        1. Charles 9 Silver badge

          Re: Is anyone working to overcome this?

          Unless you can make all that turnkey easy enough for Joe Stupid to get, the poles are a lost cause that'll drag everyone else to Hades.

          Oh, and any offshore property you set up, they can block by sovereign power.

          1. Kiwi
            FAIL

            Re: Is anyone working to overcome this?

            Unless you can make all that turnkey easy enough for Joe Stupid to get, the poles are a lost cause that'll drag everyone else to Hades.

            You may find this rather strange, but.. Some companies actually have people capable of learning how to do the quite simple things he's suggesting.

            Oh, and any offshore property you set up, they can block by sovereign power.

            And another thing easy to defeat. Government orders "linuxmint.com" is blocked. Someone registers "linuxmint1.com" and aliases that to "linuxmint.com", problem solved. Government blocks 192.168.1.x, people start using 10.x.

            Or people just start ignoring the government wholesale - like people do with downloading music/movies/software, traffic rules, various "morality laws", you name it. Sure there's a risk of legal trouble, but the prison and court systems only have so much capacity.

    4. Joe Burmeister

      Re: Is anyone working to overcome this?

      https://www.openrightsgroup.org/

      1. Bronek Kozicki Silver badge

        Re: Is anyone working to overcome this?

        Thanks for the link to ORG guys, signed up (already A&A customer - the service is absolutely brilliant)

  23. PassiveSmoking
    WTF?

    Fuck!

    Fuck fuck fuck, fuck fuckity fuck. Fucky fucky fuck, fuckit.

    1. GrapeBunch Bronze badge

      Re: Fuck!

      "Fuck fuck fuck, fuck fuckity fuck. Fucky fucky fuck, fuckit."

      Decoded, that means "Meet you by Gioconda at 2. Bring lunch." The perfect encryption, indistinguishable from noise.

  24. King Jack Silver badge

    The Plan is revealed

    Ever wondered why there was no outcry about Windows 10 spying? Well now you know.

  25. Werner McGoole

    I guess this might in fact be progress

    Probably all this has been going on secretly (and apparently illegally, despite the assurances) for years. The security services have clearly been very keen to keep it secret and I suspect that's because they know that putting it into law makes it easier to attack.

    There may be direct legal challenges. There may also (when the public wake up), be political challenges. There may be economic forces arising from the now explicit risk to data security in the UK. There may be pressure from the fact this law makes the UK look like a tin-pot dictatorship and undermines its arguments against others. Now that the law exists, whistle blowers may feel empowered to speak out if the security services go beyond it.

    So, small crumbs, but if one accepts that this has always been going on, then perhaps this is a small measure of progress. Obviously there's still quite a bit of work to do, though.

  26. John Sanders
    Big Brother

    This boils down to a single thing...

    If you have many muslims in your country you live in a surveillance state.

    And this is a massive slippery slope

    When the next atrocity happens the government will claim they need even more powers to stop the next one.

    Watch out what will happen in France in the next 4-6 years it is an indication of what happens in the rest of Europe.

    http://mediamatters.org/video/2016/09/19/radio-host-mark-steyn-more-muslims-you-have-more-terrorism-you-have/213191

    Before you jump on your chair, answer this, what problem is there that requires the government to spy on the entire population? The "cosa nostra"? The IRA? ETA? The Red Brigades? the Nazi party?

    And then think about this, if next government is a despotic government they will have a fantastic infrastructure to use for repression of dissenting individuals. Consider before you dismiss all of this as nonsense that a non-despotic government has already been prosecuting people for posting the wrong opinion on social media...

    http://www.dailymail.co.uk/news/article-3506275/Publicity-boss-asked-Muslim-woman-street-explain-Brussels-deluged-angry-hilarious-Tweets-reply.html?ito=social-twitter_dailymailUK

    https://www.theguardian.com/uk-news/2016/feb/16/man-arrested-facebook-posts-syrian-refugees-scotland

    How long until we can not express the wrong thoughts in places like this?

    1. Anonymous Coward
      Anonymous Coward

      Re: This boils down to a single thing...

      Basically, pick your poison. The Police State or Anarchy. ANY attempt to create a third option will be subverted to produce one of the two.

      1. Yet Another Anonymous coward Silver badge

        Re: This boils down to a single thing...

        >Basically, pick your poison. The Police State or Anarchy.

        That's unfair - there's no reason (with the current government) you can't have both

        1. Charles 9 Silver badge

          Re: This boils down to a single thing...

          Actually, there is a good reason. The Police State by definition IS a total ruling order. Anarchy is the LACK of a ruling order: every one for oneself. Mutually exclusive, in other words. And all human society eventually becomes one or the other, simply shifting between the two ends as time passes. To use a poker analogy, either someone wins all the chips or someone flips the table.

          1. Destroy All Monsters Silver badge
            Flame

            Re: This boils down to a single thing...

            Anarchy can be a Good Thing or a Bad Thing depend on the levels of trust and interaction.

            A Police State is a Bad Thing no matter what.

            And I don't appreciate the false dichotomy between Police State and Anarchy. I think an percussive attitude adjustment is in order.

    2. Yet Another Anonymous coward Silver badge

      Re: This boils down to a single thing...

      >If you have many muslims in your country you live in a surveillance state.

      Or catholics, or miners

      The new technology just means they don't have to have spies on the ground in each group

  27. Tom Paine Silver badge

    so here we are. Web browser histories logged by ISPs 24/7, and the looming possibility of crippled cryptography. There may be not much point using a VPN to conceal your web activities if it can be blown open by a technical capability notice.

    Unless Her Majesty's Government has acquired the power to change mathematics by issuing a judicial order, I really don't see how this can be made to work. If I rent a server in a US colo and tunnel all my traffic out to it via IPSec or suchlike, my SP can't unwrap the crypto even if they want to. If GCHQ or Special Branch or whoever decide I might merit closer surveillance, they're quite capable of compromising the server, or my own clients. What have I missed?

    1. Missing Semicolon Silver badge
      Mushroom

      It's simple

      @Tom Paine. They don't have to re-write the laws of maths. Merely declare their use in a manner that defeats the (now lawful) intercept methods illegal. Right now it's just commercial providers of end-to-end encrypted services (Skype, Whatsapp, Facetime, Dropbox, Tresorit etc) that fall within the scope of the bill.

      Next, they will go after any software that generates uncrackable traffic - OpenVPN, IPSec, HTTPs.

      This is not Tin-foil-hattery. This is in the bill.

      1. Tom Paine Silver badge

        Re: It's simple

        They don't have to re-write the laws of maths. Merely declare their use in a manner that defeats the (now lawful) intercept methods illegal.

        Right. Two things -- (1) if they do that, they're banning internet commerce and online banking, so I can't really see it happening, can you? and (2) if they ever DO try to do it, that's when I'll start giving a toss. Right now, they're not.

        Right now it's just commercial providers of end-to-end encrypted services (Skype, Whatsapp, Facetime, Dropbox, Tresorit etc) that fall within the scope of the bill.

        As far as I know, the jurisdiction of UK law doesn't extend the California.

        Next, they will go after any software that generates uncrackable traffic - OpenVPN, IPSec, HTTPs.

        Which, obviously, they will never ever do, because that would be impossible as well as utterly insane. How do you propose they'd order the OpenVPN or OpenSSL or OpenSSH developers to add backdoors for the UK government?

        1. anonymous boring coward Silver badge

          Re: It's simple

          "Which, obviously, they will never ever do, because that would be impossible as well as utterly insane. How do you propose they'd order the OpenVPN or OpenSSL or OpenSSH developers to add backdoors for the UK government?"

          Sure. For now. Of course, if you are using such services, and the snoopers want to know what you are up to, they will now have every justification in invading your machine getting to the plaintext data. I expect this will happen routinely from now on. Perhaps the OS vendors will only be too happy to oblige, making it easy, seamless and invisible.

          1. Anonymous Coward
            Anonymous Coward

            Re: Perhaps the OS vendors will only be too happy to oblige

            Perhaps at least one of them already did, almost two decades ago. Perhaps the same one continues to do so as it acquires globally-significant products and services.

            E.g. readers may wish to review coverage of the _NSAKEY story, originally revealed in 1999. Do it soon, while coverage is still presumably available, and in reaching your verdict, consider the disclosures of Snowden and others.

        2. Bogle

          Re: It's simple

          Okay, I'm with you, but " because that would be impossible as well as utterly insane" really describes what we're looking at here! It's perhaps the best description of the legislation possible.

        3. Al fazed
          Megaphone

          Re: It's simple

          By contributing code to the open projects, er did anyone notice MS products in the Linux package manager libraries ?

        4. Anonymous Coward
          Anonymous Coward

          Re: It's simple

          There is a very simple backdoor in SSL/TLS based protocols ...

          1) record all IP packets between client and server (see ISP or any vampire tap in an internet exchange DC)

          2) request and receive the server certificate's private key (see RIPA)

          3) decode encrypted traffic using server private key (see Wireshark etc)

          So, not impossible, just mostly unwarranted (pun intended).

          1. John H Woods Silver badge

            Re: It's simple

            "There is a very simple backdoor in SSL/TLS based protocols ...

            ... 3) decode encrypted traffic using server private key (see Wireshark etc)"

            Not if the peers use foward secrecy

            1. Charles 9 Silver badge

              Re: It's simple

              Forward secrecy only protects the past. It won't help when the key allows you to decipher the entire conversation at hand, given the private key allows you to break the handshake.

        5. Charles 9 Silver badge

          Re: It's simple

          "Right. Two things -- (1) if they do that, they're banning internet commerce and online banking, so I can't really see it happening, can you? and (2) if they ever DO try to do it, that's when I'll start giving a toss. Right now, they're not."

          They could and consider it a GOOD thing. Most e-commerce will be international in nature, and domestic people can always go back to bricks & mortar. More secure and keeps the money home. Win-win.

          "Which, obviously, they will never ever do, because that would be impossible as well as utterly insane. How do you propose they'd order the OpenVPN or OpenSSL or OpenSSH developers to add backdoors for the UK government?"

          They wouldn't. They'll just block all offshore encrypted connections by law. That should limit things to steganography which could be sniffed at automatically (to look for odd color patterns, spacings, etc.) and then further checked by the humans since they won't have to check the points of entry so much.

    2. Roland6 Silver badge

      crippled cryptography

      There is no requirement to cripple crytography!

      In both the draft bill and the final act it is clear that what is being requested is that those ie. CSP's, who perform communication encryption and decryption actions provide the mean's whereby the unencrypted communication is made available to a man-in-the-middle inspection.

      So you are free to use 256-bit and double encryption to protect your communications from eavesdroppers; however, if the end-point of the encrypted connection is in the UK, TPTB reserve the right to ask for a tap/intercept to be placed on all (unencrypted communications going into the VPN/encrypted pipe and coming out of that pipe).

      It's not difficult really. For example, my WiFi AP operates a full WPA2-PKI service - according to 802.11. However, only the over-the-air communications leg between client device and AP is actually encrypted, all communcations between the AP and my router are subject to separate encryption - currently none. Hence simply placing a network monitor on the AP's LAN port would be sufficient to satisfy the demands of the IB.

  28. Tom Paine Silver badge

    At the end of the day, will the UK security services be able to read your email, your messages, your posts and private tweets, and your communications if they believe you pose a threat to national security? Yes, they will.

    So I should bloody well hope! That's what we pay them for.

    1. DasWezel

      Have you completely lost your mind?

    2. Dave 15 Silver badge

      no.

      I pay the security services to stop people invading my country not to snoop into my sordid affair with typing pool Suzie

      Seriously, do you REALLY think there is a REAL terrorist threat in the UK? Orwell might be close to the fact with the occasional bomb falling on a city to remind folk of 'the war' which was why they needed monitoring (through the televisor rather than their internet browsing but much the same) and of course the people we were at war with was continually rewritten to suit the time (er, any relation to censoring parts of the internet you aren't happy with today????)

      Look at what a terrorist COULD do if they wanted...

      Any large tunnel on any motorway or A road in the country (such as the Dartford tunnel)... large enclosed tube with plenty of people, potential for long term damage and unguarded access to large lorries full of explosive fertiliser mixture and perhaps scrap metal

      Most airports (especially Stansted) massive queues for the security check! In Stansteds case trapped in fixed metal barriers) of people EXPECTED to be carrying bags, rucksacks and the likes. Blow yourself up in the middle of that and you would make the headlines, and this is BEFORE security and all you need to do is buy a plane ticket... doesn't even have to stand up to scrutiny because the entrance to the security queue just checks you have a boarding pass, not whether it is Fred, Fredas or Sues...

      And then we still have buses, undergrounds and trains... sure these people in the security service will claim it is their hardwork that stops the terrorist plots but really... come on, its not as if I even have to go to jihadi websites to see pictures of 'innocent children' damaged in the war the BBC carry those... Most of the things you need to create these bombs and so on are visible in history books just as much as on the web.

      The whole thing is total and utter baloney.

      What IS true is that since the last petrol tanker drivers strike there has been NO - nada, zilch, not one protest in the UK with any real effect... I assume all nipped in the bud making sure the rich can continue to award themselves more power, more pay, more privilege while the rest of us get ever less of the cake.

      1. Anonymous Coward
        Anonymous Coward

        The whole thing is total and utter baloney.

        Correct.

        Give somebody four (maybe even three) pairs of people with readily available DIY tools in the right readily accessible places, and they can put (almost all of) the UK in powerless darkness for days. It's not rocket science.

        Something doesn't add up.

        1. Anonymous Coward
          Anonymous Coward

          Re: The whole thing is total and utter baloney.

          But what happens if a nuke goes off in London and it DOES get traced back to Muslims willing to start World War III?

          1. Destroy All Monsters Silver badge

            Re: The whole thing is total and utter baloney.

            > Nuke goes off in London

            What. How. Nukes are State Things. They are delivered by ballistic missile, generally. They don't just "go off in London".

            > Muslims willing to start World War III?

            Who exactly? The only one ready to do so on the latest list was Clintobama (one part of which is kinda muslim, I agree).

            1. GrapeBunch Bronze badge

              Re: The whole thing is total and utter baloney.

              " > Nuke goes off in London "

              Fred Hoyle's characterisations may have been wooden, but he was a genius (not just in Science but) in picking subjects that would still be of interest decades later:

              https://www.amazon.co.uk/The-Westminster-disaster-Fred-Hoyle/dp/0060120096

          2. anonymous boring coward Silver badge

            Re: The whole thing is total and utter baloney.

            "But what happens if a nuke goes off in London and it DOES get traced back to Muslims willing to start World War III?"

            Yeah, right.

            You got hold of a NUKE and managed to keep it secret.

            Now you are going to start talking about it in emails, publish it on some websites. Browse, from home, about how to best detonate nukes. That seems likely.

            And you are planning to use compromised encryption to discuss the secret with your fellow terrorists?

            Yeah...

    3. yossarianuk

      What about HMRC, DWP, the food standards agency, the environment agency, the NHS and various other organisations?

      Do we pay them so they can monitor everyone's browsing history ?

  29. M7S

    So, on your next trip to Infosec

    Ask the vendors:

    1. Is this system utterly secure against all known and reasonably anticipated threats?

    2. Is this system also compliant with any technical requirements imposed by HMG, which may include new features in future service packs?

    It would seem that reputable companies would only want to purchase a system for which the answer to both is "yes" however it would seem that one precludes the other.

    Am I missing something?

    1. Tom Paine Silver badge

      Re: So, on your next trip to Infosec

      Ask the vendors:

      1. Is this system utterly secure against all known and reasonably anticipated threats?

      2. Is this system also compliant with any technical requirements imposed by HMG, which may include new features in future service packs?

      That's a great way to save money, cos there's not a hardware or software system on the planet that meets those criteria.

  30. Zippy's Sausage Factory

    Can you imagine Facebook, Apple, Google or other big companies liking this?

    No, neither can I. Especially if people start asking them on social media whether they've made changes to accommodate the law...

    1. Dave 15 Silver badge

      Re: Can you imagine Facebook, Apple, Google or other big companies liking this?

      These companies have ALL complied in China, Russia and USA anyway so why do you think they care? They want your money they dont care about anything else.

      Further, dont forget most of the orders for this come with a side regulation that they cant disclose it!

      1. Charles 9 Silver badge

        Re: Can you imagine Facebook, Apple, Google or other big companies liking this?

        "Further, dont forget most of the orders for this come with a side regulation that they cant disclose it!"

        And thanks to recent court cases, that INCLUDES "by inaction," which defeats warrant canaries by (a) allowing court orders to compel you to lie, and (b) rendering tampering with the canary a contempt of court offense (because you violated the court order): no jury necessary.

  31. Zimmer
    Unhappy

    Blackmail! (remember Monty Python?)

    Over-simplification, I know, but.....

    The mass collection of all this data gives whoever has access to it the ability to pressure anyone in public office to 'do their bidding'. Notwithstanding the fact that it should be a trivial exercise for our 'security' services to poison a browser history with all sorts of links etc and that this type of information can now be regarded as 'evidence' (I guess this, since it is now legal to collect the data that it should be acceptable in court).

    It's MP's and civil servants who will be top of the watch-list for a potential dictator (or 'ruling party') .. to ensure they toe the line.. not a pretty prospect for the country.

    1. Anonymous Coward
      Anonymous Coward

      Re: Blackmail! (remember Monty Python?)

      "The mass collection of all this data gives whoever has access to it the ability to pressure anyone in public office to 'do their bidding'. "

      It's been that way for a while now.

      Pre-Snowden, those close to power (MPs, civil servants, etc) were told in no uncertain terms that they could be snooped on and therefore ought to toe the line, just in case. The Party Whips have had this role for decades but technology has simplified their snooping.

      During that same era, anyone in the great unwashed who suggested that unlawful snooping might be going on was accused of being a tinfoil hatter. Those discreetly recruiting for the snooping services even had to invent all kinds of fanciful cover stories (I know, I was interviewed, along with some senior architects I knew from a major telco equipment manufacturer).

      Post Snowden, lots of folk know that mass snooping was and is possible and indeed know it's been going on, legally or otherwise, while the same folks that were making tinfoil hattery accusations have changed their tune to "everyone knew it was going on, where's the problem?".

      And the politicians, civil servants, etc, still have to toe the line, if they value their careers.

      Blackmail: https://www.youtube.com/watch?v=ACg6IuFfMJE (not legitimately available in UK :()

    2. Graham Cobb

      Re: Blackmail! (remember Monty Python?)

      And not just the powerful... How do you think they will get everyone to watch and inform on everyone else (not fanciful -- that is exactly what the Stasi did)?

      Need someone to report on (or maybe make up, so they are seen to be valuable) goings on at the local mosque? Quick database search (sorry, not a "database", just "filters" -- oh, how we IT people laughed when we heard that!) to find a Muslim teen worried about whether he might be gay: "you wouldn't want anyone finding out you are gay, would you? We can make sure those records are all deleted if you just help us out".

      The big concern is not just that this is not targetted on suspects, not even the potential for blackmail of specific people, but the collection of data on everyone allowing potential fishing expeditions and correlation with other data to search for vulnerable people to target.

      Do you want to reduce the number of people turning out for a animal-rights/pro-life/pro-abortion/anti-globalisation/anti-immigration/whatever demonstration? Just correlate web browsing records with ANPR data and stop the cars of the people most likely to be relevant activists from even getting to the event. The police wouldn't do that? 20 years ago I lived near a cat farm which was subject to massive animal rights demonstrations. The police took to literally stopping anyone driving towards the area in a beat-up old car and turning them round if they were heading to the demonstration (they never stopped me, but I drove a nice car). How much easier now they can know the number plate of anyone who has ever accessed a relevant campaign web site!

      1. Anonymous Coward
        Anonymous Coward

        Re: Blackmail! (remember Monty Python?)

        20 years ago I lived near a cat farm which was subject to massive animal rights demonstrations. The police took to literally stopping anyone driving towards the area in a beat-up old car and turning them round if they were heading to the demonstration

        That happened in the miners' strike over 30 years ago. The police stopped some colleagues on their way to a client site on the suspicion they were flying pickets.

        1. Graham Cobb

          Re: Blackmail! (remember Monty Python?)

          That happened in the miners' strike over 30 years ago. The police stopped some colleagues on their way to a client site on the suspicion they were flying pickets.

          Which is why I really don't understand why Labour did not oppose this. I realise that they are just as authoritarian as the Tories, but can't they see that trade unionists (let alone Momentum sympathisers) will be some of the first victims of this? The first time there is serious disruption caused by industrial action, both the spooks and the police will be looking up in the database who has been visiting extreme left wing sites!

          Labour have so much more to lose than the Tories do (no one is going to be targetting people who visit the Country Life website).

          1. Yet Another Anonymous coward Silver badge

            Re: Blackmail! (remember Monty Python?)

            Because they remember previous Labour governments being brought down by the unions. New Labour had far more reason to control the unions than the Tories ever did.

  32. anonymous boring coward Silver badge

    Despite all these snooping powers, it seems not a single potential terrorist has been stopped.

    Well, they can waste our tax money snooping on 60 million mundane web surfers.

    Anyone with ill intent will know not to use tracable electronic communication.

    1984, here we come!

    1. Tom Paine Silver badge

      Despite all these snooping powers, it seems not a single potential terrorist has been stopped.

      Where on earth do you get that idea?

      http://www.bbc.co.uk/news/uk-england-london-33417300

      1. Dave 15 Silver badge

        BBC ... news ??? Really???

        For heavens sake the best they ever manage is to repeat a press release they NEVER investigate anything except arts stories. I wouldn't trust a single thing they say. For example Rory STILL thinks the iPhone was the first smartphone... despite it being 10 or more years after the others. Today they were publishing range figures for Tesla without pointing out that to get that range you couldn't use the 'awe inspiring acceleration' they also talked about in the article... I bet none of them checked how far you can ACTUALLY go in real world driving... that would represent doing work!

        Also see my other post, given the wide variety of targets any self respecting terrorist threat would manage more than 2 potential plots per year... remember the IRA and London EVERY Christmas? They did 20 or 30 a season... and had to be VERY much more careful because the Irish planted the bombs and walked away to plant another instead of blowing themselves up..

        Really, get a grip on reality. ALL of this snooping is NOT to do with terrorist threat as they publish it, it is entirely to do with the threat that the general population will eventually get so pissed off with seeing the bosses and civil servants taking 25% pay rises while those who actually do the work take pay CUTS made worse by REAL inflation being many times the small number they try to pretend it is.

  33. Missing Semicolon Silver badge
    Mushroom

    Doesn't that put UK cloud providers in the same state as US ones?

    Since Section 217 5) (c) has the same effect as the PATRIOT act in the US. Without even the figleaf of "safe harbour".

    Certainly, post-Brexit, European customers will be justified in shunning UK-based services on the grounds that they do not comply with the Privacy Directive related to overseas data processing.

  34. Doc Ock
    Big Brother

    In a rebranding excise by the Government, the UK shall now be officially known as Airstrip One

    1. Dave 15 Silver badge

      thats the polite version

      Ever since they left our American cousins have wanted us over a barrel

      In ww1 they managed it (read David L Georges war diaries... I have a pre internet censorship printed copy) ... they s**** us over on arms because our then government had failed to provide the manufacturing capability to defend ourselves. Having financially taken all they could they then proceeded in arms talks to ensure they had more than we did

      In ww2 they added to the pain by stealing entire tracts of land, all remaining gold, most of our large companies and sticking us in hoc to them for 50 years or so ... apparently as a friend... heaven help their enemies (which were never the Germans... Germany received a vast amount of money for helping the Americans ruin what was left of our country)

      In the Suez crisis our friends supported us by selling the pound until we had to pull out or be bankrupt

      In the Falklands they did squat but try and persuade us to give in to the Argentinian invasion

      In the Gulf war they shot our troups (yes I know we killed a lot of our own troops in cockups in previous wars but to be honest it says very little about their technology or ability that in todays battle field they still make the same mistakes)

      In the discussion about the EU our 'very close friends' basically told us we could go and boil our heads because they wouldn't do a trade deal... that was probably because we have already paid for their development of an inferior version of the harrier which they are supplying to us at huge profit and late.

      The rebranding is more to do with the fact our government is so often keen to bend over, smile, think of England and if they are feeling really brave they might plead the Americans use some vaseline.

      1. Destroy All Monsters Silver badge
        Facepalm

        Re: thats the polite version

        > because our then government had failed to provide the manufacturing capability to defend ourselves

        Dude! T'was the British Empire back then, with India and everything, what are you even talking about. And who would have thunk that the UK would enter a continental brawl to guarantee the neutrality of a rapacious colonial midget???

  35. Nick Kew Silver badge
    Alert

    Please sir. Point of order!

    We have - and always have had - forms to fill for the US government whenever we release software with cryptographic capabilities. Just a box to check, alongside things like internal processes and intellectual property audit with any software release. I don't know about operating it for customers: that's not my field.

    I wonder if this will look any different in practice? Maybe El Reg could commission your tame lawyers to give us an expert analysis?

    1. Rob Willett

      Re: Whats this GUI thingy?

      I produce a free Android and Apple app for personalised London Traffic information, Jambuster.

      It's made in the UK (I wrote it), it's only available in the UK, I only use https for traffic as Apple more or less forces me to.

      Because I use https (and its not a banking app), I had to fill in and get US govt approval for my UK app if I wanted to put it on the Apple store, an Encryption Registration JBL0001. I had to submit this to Apple manually for the first few times for each release. Apple now give me a key to put in my XML file which means I don't have to submit the PDF again.

      So a free UK app for a UK market needs US approval for the 'standard' cryptography in it, https. No data is stored in the US, no money passes through to the US, its free, I don't have any US traffic.

      It may be box ticking, but its a pain for me.

      Rob

      1. Anonymous Coward
        Anonymous Coward

        Re: Whats this GUI thingy?

        Is this just an Apple requirement? I've released a few apps on the *cough*Windows 10*cough* store which use HTTPS to talk to external services and I've never noticed this as a requirement

        1. Kiwi
          Trollface

          Re: Whats this GUI thingy?

          Is this just an Apple requirement? I've released a few apps on the *cough*Windows 10*cough* store which use HTTPS to talk to external services and I've never noticed this as a requirement

          HTTPS is a form of security, and can also server to protect privacy. This sort of thing is unknown in the Windows universe, hence no one knows to ask about it.

  36. anonymous boring coward Silver badge

    A well worn quote, but more valid now than ever:

    "The road to Hell is paved with good intentions"

    1. Roj Blake Silver badge

      You're implying that there are some good intentions behind this egregious travesty.

  37. This post has been deleted by its author

    1. Kiwi
      Linux

      Re: Seems Messy - Some Questions

      Therefore, is there a Linux program that logs all websites visited (not just Firefox or Chrome history) which can be used as repository for web sites visited, TCP sessions etc, even if you are using a VPN ?

      There may be a better way but... I'd look at dnsmasq(sp) or Bind, which are DNS servers. Have them log all your DNS requests, which should help. It may not show every page visited (eg "http://forums.theregister.co.uk/forum/containing/3042161") but it would show the sites visited (forums.elreg...).

      I am not sure how this would work with VPN but assume that if you install it on your machine and have all traffic then funneled via the VPN (Firefox -> Bind (dns request) -> VPN -> next DNS server), then all of that sort of thing should be logged.

      I could be wrong of course, this is a few steps away from anything I've looked at myself. This would also log all 3rd party DNS requests etc as well (eg El Reg's ad brokers and so on). And that assumes I've correctly read your request as well :)

      HTH

  38. Anonymous Coward
    Anonymous Coward

    Sad, sad day.

    To see the country that introduced the Magna Carta that rewrote the rules of the absolute power of the monarchy, a country that killed its own kings when they hurt their people, a country where a mans home was literally his castle and sacrosanct from unlawful trespass by the authorities. The country that banned slavery and made everyone else ban it too, even though it nearly bankrupted them. A country that introduced mandatory education for all. A great and proud country that used to show the rest of the world how to live with honour, dignity and respect and was willing to fight not one, but two world wars, not to acquire territory, resources or influence, but to defend a way of life. To see such a country hand over unlimited and unsupervised powers to the snivelling, cowardly, suspicious cravens that you call politicians because they claim they can protect you from the terrorists, I ask you, how many people do the terrorists hurt every year? How many do they degrade and humiliate? How many do they make suffer in a myriad of ways that you need the politicians protection? Now I ask you, how many do the politicians hurt? How many do the politicians degrade and humiliate by removing their jobs and their homes? The politicians you put in power! Who is going to protect you now?

    1. Roj Blake Silver badge

      Re: Sad, sad day.

      Does Magna Carta mean nothing to these people? Did she die in vain? That brave Hungarian peasant girl who forced King John to sign the pledge at Runnymede and close the boozers at half past ten? Is all this to be forgotten?

      - With apologies to A.A.Hancock

    2. Destroy All Monsters Silver badge
      Facepalm

      Re: Sad, sad day.

      A great and proud country that used to show the rest of the world how to live with honour, dignity and respect and was willing to fight not one, but two world wars, not to acquire territory, resources or influence, but to defend a way of life.

      In spite of recent political tarts' efforts to retcon WWI into a fight for "the freedoms", this is and stays utter ahistorical bullshit and you should be ashamed to be take the history rewriting enema from your masters.

      WWI is and stays a war between colonial powers, with the UK getting into it to guarantee a continental balance of forces. That's all there is. Someone in your family died? You have been had. Suck it up!

    3. Stevie Silver badge

      Re: Sad, sad day.

      "the Magna Carta that rewrote the rules of the absolute power of the monarchy,"

      My favorite part is the bit that drones on interminably about the setting up of fish weirs.

      Don't cite Magna Carta to me unless you've read a copy (even in translation). It gave no power to the ordinary people like you'n'me, Sir Coward, but moved it from one over-privileged git to a bunch of different over-privileged gits.

      You'n'me still got to walk ten paces holding a red hot iron bar to see if we were guilty as charged, assuming your specific over-privileged git didn't just chop you in half to save time.

    4. Anonymous Coward
      Anonymous Coward

      Re: Sad, sad day.

      I think this legislation needs to be extended to local councils so they can check that individuals didn't collude to put their bins out on the wrong day or that their child actually lives two streets away from the catchment area of the much better school.

      Won't terrorists just switch to using post or even Puffin Party?

  39. Anonymous Coward
    Anonymous Coward

    All this is ironic when the people that have managed to waste the most money, and kill the most people are our neoliberal politicians - £75 billion down the drain and hundreds of thousands dead in Iraq to give us ISIS, £275 billion wasted on PFI, £375 billion on bank bailouts after disastrously de-regulating them, smart meters £25 billion, corporate tax avoidance by multinationals up to £80 billion/year - the list of incompetent corrupt failure from neoliberals in both main parties goes on and on.

    If anyone needs snooping on it isn't the public - but the 'elite'. Unfortunately this is building a system where an future sociopath PM can blackmail fellow MP's and constituents. Its a poorly thought out, disastrous policy. Unless of course you are trying to build a Utopian neo feudal society of overlords and plebs.

    I doubt a single terrorist is ever going to be caught with these measures. Unless of course they are going to bomb us with pasties filled with explosives and the Food Standards Agency manages to intercept them...

  40. Dave 15 Silver badge

    snoopers charter... criminals playground

    These backdoors will be found and then there will be one of two things...

    a) The users whole browser history will be sifted through in order to prove they had visited some porn site in the past and therefore of course it was a virus and nothing bad with the governments law

    b) It will be based on blaming the operating system regardless of fact so that the government can still claim their law didnt cause the loss of the privacy

    Either way I lay a pound to a pinch of shit that the government will never ever admit that it was plain wrong.

  41. SnakeChisler

    What is the point in this complete waste of resources

    Oh look I've bought a VPN router and subscribed to a service

    And that's what all the crims and terrorists will do if they didn't do it already + now use voip service through a tunnel.

    Me and millions of others do not want the government pawing through my life 24/7 so whats next ban VPN's

    1. Charles 9 Silver badge

      Re: What is the point in this complete waste of resources

      And if England BLOCKs all such foreign points? Changing VPNs (especially OpenVPN ones) is nontrivial because you need new config files, usually.

  42. Haefen

    The problem isn't how they play the game called democracy

    The problem isn't how they play the game called democracy, the problem is democracy, or rather what it has become.

    Consider the 5 eyes. Once outstanding examples of democracy, today no one suggests those Nations have the interest of their citizens as top priority. Most democracies today see citizens as something to be managed, lied to during elections and sold out while in office. The change that needs to be made is much more fundamental than the wording of any one law.

    Democracy, at least how it is practiced today, has failed the people, the citizens, the Nations using it.

    I suspect democracy failed because as a system it loses built in self correction features as it gets larger. Look at individuals and one can clearly see what is in the interest of those individuals and their Nation. Look at 10,000, 100,000 or one million and they become a statistic. For democracy to work representation must be local. Sending your vote hundreds or thousands of kilometers away to be added to millions of others to select a person from a different culture, from a different land, with a different history and different vision of your future to represent you results in the democracy we have today.

    Voting as we have been is only changing the players, what is needed is a change of game.

    1. Dave 15 Silver badge

      Re: The problem isn't how they play the game called democracy

      Several problems with democracy

      Yes, you are right, we are nothing more than statistics to be lied to and manipulated to get what 'they' want

      We also send our votes away and have no real way of checking if we are being lied to

      We don't have any representation in the UK, the MPs who are supposed to represent us are all trying to climb the greasy pole and are yes men to the party leader, regardless of what their constituents say

      We don't have democracy in the sense that the party leader always gets the votes of 'his' MPs, the parties mainly win over all majorities and therefore the leader is a dictator, reinforced by the media who term any MP voting by conscience or some idea of his constituents... a 'rebel'

      We have a situation where we don't have a vote on each law, so you can't cherry pick from the parties what is best, you get a package deal. Worse a package deal where the package isnt what it said on the tin. Even worse is that in most cases (EU, spying on the net, censorship, restriction of rights to protest, bombing the fuck out of another country because the yanks say so) there is no actual choice, no opposition, no questioning.

      We have allowed anyone to vote... including those who have no interest in what is going on, those to set in their ways to think and those to plain stupid to wipe their own arse never mind think...

      I have several examples from recent elections...

      "Cant vote for Milliband, his suit doesn't fit"... yes apparently important because he is representing us on the world stage, of course, the person in question didn't even have a chance to vote for Milliband as he wasn't standing in our constituency.

      "Conservatives have lower taxes" ... totally in the face of fact but also amusing as the person concerned doesn't pay tax

      "Conservatives always win here so voting for anyone else is a wasted vote".... even when I pointed out that if they always win then voting for them was also a waste it didn't click

      From a while back...

      "The Sun says that if Labour get in the minimum wage will kill my job" (as a waitress in a fast food chain... a chain who don't pay tax here or a decent wage

  43. EnviableOne Bronze badge
    Coat

    Quick save us ECJ

    Perhaps we should take advantage of our EU membership while we still can an challenge it in the ECJ. they are just mad enough to overturn it out of post-Brexit spite

  44. This post has been deleted by its author

  45. Anonymous Coward
    Anonymous Coward

    If people didn't want this...

    Why did they vote the Conservatives in, last time round?

    You get the government you deserve.

    Enjoy!

    1. Howard Winter
      FAIL

      Re: If people didn't want this...

      "Why did they vote the Conservatives in, last time round?"

      I didn't - in fact most people didn't!

      Only the crappy election system that we have resulted in this mob got in with full control on a minority vote.

      The idea that you get 1 vote every 5 years, which may be wasted if you are in a "safe seat", is frankly ludicrous as a way to run "democracy". I voted to replace it with a slighly less crappy way of doing it, but unfortunately the lies perpetrated by the other side meant that people were conned into voting for the status quo, and the current tragedy is the result.

    2. Dave 15 Silver badge

      Re: If people didn't want this...

      Points...

      a) Both the major parties had this in their manifesto Labour - page 53, Cons page 63)

      b) To be fair the libdems at least offered a bill protecting privacy... but they didn't really elaborate

      c) Only a third of the country wanted the Conservatives.... yup, an unstoppable majority on 37% of the vote. The idiots who are the voters were offered a better solution to this sort of unbelievable mess but turned it down because the established parties told them how bad real democracy was.

      d) The third largest vote was for ukip (yes, the system is so broken that this was 1 seat!) had no promise to snoop on us and at least one promise to do away with some snooping!

      Frankly as usual the political 'elite' have decided to carry on roughshod over the people, most of the people are too stupid and wrapped up in their own problems to give a monkeys. Even in 1984 most of the population ignored the obvious.

  46. Slx

    Brexit for IT companies

    It's quite likely this is in gross violation of European Data Protection legislation, so it more or less will end the ability of UK ISPs, telcos or UK businesses hosting data in the UK or passing it through the UK from doing any sort of business in the European Union and possibly also in the associated EEA countries too.

    To me, this looks like it will sink the UK's thriving telco and ISP business and end your role as a hub of communication in Europe.

    1. Dave 15 Silver badge

      Re: Brexit for IT companies

      Can guarantee that the luvies have already checked that out, nope, it will be inline with eu regulation. Dont forget the eu already exports all your bank details to the usa so it has no more qualms about snooping than may of the gestapo

  47. Jeremy Allison

    There is something everybody can do.

    https://www.torproject.org/projects/torbrowser.html.en

    Please install and use this on all systems. Use it instead of "private browsing" mode.

    I'm installing new computers for my family in the UK over Christmas. I'll be putting the link to the new browser prominently in the "programs" bar.

    1. Charles 9 Silver badge

      Re: There is something everybody can do.

      Um, you know they regularly find HOLES in the Tor Browser. Odds are the plods can crack TOR open like an egg anytime they like and are just stringing people along with their silence.

      1. Kiwi
        FAIL

        Re: There is something everybody can do.

        Um, you know they regularly find HOLES in the Tor Browser.

        [CITATION NEEDED]

        May get the odd hole found in it (usually by some serious efforts needed to exploit), but still beats the alternative.

        And the more people who use tools like TOR, the greater the protection. Many of those "holes" work by being able to analyse traffic patterns. If you have one red car on a motorway, it's pretty easy to track. If you have a million of them...

        And before you make some silly "but the government will just outlaw it" claim, answer this question : Do you still have murder in the UK?

  48. Krebbin

    Self moderated swear wrd (insert your own) **** this, I'm moving to Belize.

  49. Anonymous Coward
    Anonymous Coward

    Despicable

    This is really sneaky. I know who will be first up against the wall, come the revolution!

    1. Dave 15 Silver badge

      Re: Despicable

      What revolution?

      Most of the idiots that make up the UK population consider that if the police, security services and ministers say this is good and needed to stop terrorists then brilliant, bring it on.

      Most of them consider the fact that there are no terrorists to be proof that all the snooping is working (not proof it really isn't needed)

      Most of them would happily shoot their first born if they were told to because they are too stupid to see it is wrong.

      Don't forget also that through out the western world (UK, Europe and USA) food is plentiful and for most affordable (even if affordable means you can get some at a food bank), as many have noticed in the past no one but no one goes off and sparks a revolution on a full stomach. Simply we are no better than a bunch of cows led to the slaughter room by the nose.

  50. jay_bea

    Curtailing Dissent

    How better to stop dissent than to make people fear that their views might get them into trouble. The legislation creates a modern day, electronic, Panopticon, less about what the Government can or wish to do with the your personal data, and more about creating an environment where people are put off expressing or seeking out views that might dissent from those of the wider public or government.

    Sure, you could use Tor or a VPN to hide what you are looking for, but how long before your browsing history becomes a valid area of investigation in a job interview? You want to become a teacher, or drive a train, but oh dear, your browsing history is hidden through the use of a VPN, so clearly you have something to hide, and you are not suitable for a responsible position.

    Toe the line, use the internet for cat videos and to read news and political information that has been deemed appropriate by Facebook and Twitter, like the other 95% of the population, and you have nothing to fear. The remaining 5% are the ones to watch because they either have something to hide or they are mavericks.

    1. Kiwi
      Holmes

      Re: Curtailing Dissent

      Sure, you could use Tor or a VPN to hide what you are looking for, but how long before your browsing history becomes a valid area of investigation in a job interview? You want to become a teacher, or drive a train, but oh dear, your browsing history is hidden through the use of a VPN, so clearly you have something to hide, and you are not suitable for a responsible position.

      Encourage people to use Tor. When it's use becomes commonplace, it is not suspicious to use it.

      A long time back people started to use digital cordless phones which made it impossible to easily listen in to the conversation. Some regarded it as suspicious that someone would want to protect their calls, as if they had nothing to hide.... Nowadays, who even gives this a thought? All phones are secure. Make it the same for TOR or other privacy tools, and no one will give it a thought.

      Pretty much everyone has curtains on their windows.

  51. Haku

    "No such backlash happened in the UK over the Investigatory Powers Bill"

    That's because just about fucking nobody knows what's going on in relation to their online activities being snooped on by the very people who are supposed to protect them!

    I've been telling everyone I know about this snoopers charter, only ONE of them knows of its existance and what it entails, and that's because his job is computers & networks, EVERYONE else is totally ignorant to this draconian shit being forced on us because it's just not being reported on enough in the mainstream media.

    I expect more people know what their favourite celeb had for breakfast than what's happening to their civil liberties.

    1. Dave 15 Silver badge

      Re: "No such backlash happened in the UK over the Investigatory Powers Bill"

      Few people can be bothered to do more than read the sports pages of a paper or watch the BBC scream "aren't you all lucky that the police and security forces can check the terrorists emails to keep you safe.... look what happened in France!!!!"

      The problem is the same as it was in all of history it take one strong guy and the rest will follow like sheep.... Ghengis did it, Stalin did it (despite not taking part in the actual revolution), Hitler did it (he was bought to power by a democratic system), and many others ... May is supposed to be female but actually the same applies anyway.

      And the alternative was just a different name, not a different policy.

    2. Bloggs as DataProtector

      Re: "No such backlash happened in the UK over the Investigatory Powers Bill"

      Get over it mate - you're in a very small camp of people who care about this stuff. There are many more people worried about animals being mistreated than the intricacies of the IP Act - or about Ed Balls leaving Strictly.

      1. allthecoolshortnamesweretaken Silver badge

        Re: "No such backlash happened in the UK over the Investigatory Powers Bill"

        Why the downvotes? This is depressingly accurate.

        As long as there is plenty of bread & circuses... and if that doesn't work as advertised, prop up a suitable external enemy and start a war. Plenty of proof-of-concept data in the history books.

        1. Kiwi
          Thumb Up

          Re: "No such backlash happened in the UK over the Investigatory Powers Bill"

          Why the downvotes? This is depressingly accurate.

          Agreed. Most people sadly don't care so long as they don't perceive it to be costing or hurting them in some way. And if they percieve a benefit (oh look, the PTB don't need to work to read the nasty people's emails, they already have them!)

          Consider my vote for you also as an extra upvote for the OP.

  52. martinusher Silver badge

    Government, meet Mathematics

    The idea of a backdoor to encryption is tantalizing but it really doesn't exist. Any time you introduce a backdoor into a secure environment that environment immediately becomes insecure. But then we're dealing with a legal regime that thinks that deleting DNS entries in a database stops a website from existing so I suppose there's no point in arguing with them -- leave them with their illusions. The masses will get 24/7 surveillance, the bad guys will surf over the top hidden in all the noise.

    "It all makes work for the working man (or woman) to do"

    1. Charles 9 Silver badge

      Re: Government, meet Mathematics

      Unless they just ban all encryption (and they won't care about e-commerce anymore because it'll likely be international in nature anyway--keep the money home). Want to shop or bank? Go back to the bricks & mortar like the old days.

  53. Anonymous Coward
    Anonymous Coward

    "Does it prevent the UK government from breaking encryption? It absolutely does not. In fact, it foresees it."

    Doesn't this bill only affect the way the companies subject to it store the data? I.E AES256 Encryption is still as strong as it was yesterday. However, a company subject to these rules must store the keys so that they can be handed over to the UK Gov on request?

    So they aren't necessarily breaking encryption just kind of banning it? So under the rules certain companies could not implement End-to-End encryption in the way (for example) WhatsApp does because it would mean they don't have the keys to decrypt the data

    1. Dave 15 Silver badge

      From what I understood it is not about the isps having keys to unlock a copy of the data they store (of course they will), what it is revolves around anyone implementing any security software on any device (whether this is as part of the windows-linux-android-apple operating system, or an application like email) will have to present that software source to the government and let them fiddle with it to make sure that the government can hack your solution and read anything from anyone at any time... including your emails, porn history, company documentation, banking data... everything.

      We know that security systems are not foolproof and do get hacked (we did it in the '40s, and kept it quiet for decades), but when they are deliberately broken and the user is not aware this leads to all sorts of unpleasant thoughts. I suspect the NSA is already perfectly capable of reading anything sent via secure email on any American based product.

  54. Stevie Silver badge

    Bah!

    The UK has a software industry?

    1. Yet Another Anonymous coward Silver badge

      Re: Bah!

      For now - yes,

      It takes a while for the foreign take-overs to be processed and we haven't got round to deporting all the foreign engineers yet

      1. Dave 15 Silver badge

        Re: Bah!

        NOPE, we don't have. We have a few hangers on who are there handing over what little is left to India, China or just about anywhere as long as it isn't here

        After all, the UK government itself did that with the NHS computer system (to India via France) and the tax system (to America) and so on.

        This is the same government behaviour that led to them buying BMW police cars and us paying people in Birmingham to stay at home rather than build Rovers, or buying Spanish tanks and letting those that build them in the UK fester, buying American planes with American engines for the RAF leaving factories in the UK idle and empty.... the list goes on and on, it is because frankly the British government loathes, despises, hates and doesn't trust a single British person. If you are unemployed and dependent on them for food you will be behaved. If you are temporarily employed you are so shit scared of the alternative you will be well behaved, if you are at the top of the tree you are screwing the system and making a stack of money so don't give the proverbial

  55. Anonymous Coward
    Anonymous Coward

    Tories - Enemies of freedom and democracy

    Every last one of them.

    Not ONE voted against the bill:

    https://www.indy100.com/article/map-did-your-mp-vote-for-the-controversial-snoopers-charter--ZJo7_WwyVb

    1. Dave 15 Silver badge

      Re: Tories - Enemies of freedom and democracy

      Naturally they did.

      They were told to - by their boss the PM. The fact that they should be representing their constituents doesn't matter a damn.

      The whips probably told them that if they 'rebel' (as voting according to the wish of your constituents is termed when - as it often does - this means not voting the way of the boss in number 10).... if they rebel then they will be pointed out as someone willing to help terrorists in the face of the natural good work of the police and security services, would be accused all over the media of being a closet terrorist and would never again even get selected.

  56. fraunthall

    Fascism/Totalitarianism knows no boundaries

    For years now I have been referring to the UK, Canada, the US, NZ and Australia as the 'former democracies'. In some ways it has been true that we used to enjoy some aspects of democracy. But certainly any more.

    You poor Brits. CCTV now spies on your every move outside your homes and, now, all of your most important communications are subject to complete spying on by the government. Yet, no doubt, the liberal-minded (whatever that means in the above context), rushed to judgment about President-elect Donald Trump being a new 'Hitler'. Obviously, few among the lefties and near-lefties know what the 'Hitler' label really means.if they support or tolerate the police state now occupying the UK. I fear Canada will soon follow. We have used Fascist laws before. You may have read how Junior Trudeau, our newest Prime Minister,has revealed his love for murderous dictators, such as Fidel Castro, the Chinese dictatorship and the Moscow bunch, just as his Dad did, several decades ago. In fact, Senior Trudeau cavalierly imposed marshal law across Canada in October, 1970, in a completely dishonest move to destroy a civic election populist movement about to unseat a Liberal Partyt favourite, then Mayor Drapeau of Montreal. Long Live The Dictatorship of Left-Wing Politics!.

    1. Rattus Rattus

      Re: Fascism/Totalitarianism knows no boundaries

      You started off making sense, then descended into an incoherent foam-flecked diatribe about "the left", whatever that really is. 3/10, must try harder.

      1. fraunthall

        Re: Fascism/Totalitarianism knows no boundaries

        Rattus - You must be one of the liberal/lefties I referred to. Whether you like it or not, the worst political criminals include the leftists and liberal-leftists who believe that their 'academic expertise' or knowledge of Marxism makes them superior to the 'common crowd', which justifies depriving them of democratic and human rights because they are either too ignorant or stupid to make their own decisions. Stalin, Mao, Hitler, Castro, Pol Pot and others like them and their supporters are among the leftists of history of whom I speak. Even the Canadian darling of the left, socialist politician Tommy Douglas, was a believer in Eugenics (just like the Nazis) until he finally realized its evil nature.

        1. anonymous boring coward Silver badge

          Re: Fascism/Totalitarianism knows no boundaries

          "Rattus - You must be one of the liberal/lefties I referred to. Whether you like it or not, the worst political criminals include the leftists and liberal-leftists who believe that their 'academic expertise' or knowledge of Marxism makes them superior to the 'common crowd"

          Just about everyone is superior to the redneck crowd, which you manage to sound an awful lot like.

          Have you heard of other types of socialism than the runaway communist type? You have taxes there, don't you? Do you have schools? Hospitals (just kidding)?

        2. Rattus Rattus

          Re: Fascism/Totalitarianism knows no boundaries

          *yawn* Let me mark you down to 2/10, it's obvious you haven't studied the material. Here's a hint: Fascism is a right wing ideology. And wipe your chin.

  57. Adrian Tawse

    VPN?

    I am not a security expert but I am not sure this even achieves the intended objectives. Does this prohibit the establishment of a VPN hosted on some country willing to be uncooperative, if only just to be a nuisance. Russia do I hear. There is plenty of strong open source encryption software already. This bill still does not stop any crims communicating at will while staying legal. As to offering a new service, just offer it from the US and host it there. Software could still be written in the UK

    1. Charles 9 Silver badge

      Re: VPN?

      And what if England just blocks the IPs?

      1. Kiwi

        Re: VPN?

        And what if England just blocks the IPs?

        Just out of interest... How easy would that be to do with IPv6? I've not looked at it myself, but I've heard a lot of Sysadmins with far more experience than myself mention that they have concerns about v6 as it is much harder to block/redirect than v4.

        And in reality.. Takes bugger all to change IP if you really want to, especially if you want to change host. Shit, on my buggy-probably-pwned ancient POS telco-provided crapfest SOHO router, all I gotta do is disconnect and reconnect - a process that takes a whopping 10 seconds! If I'm lazy, open router web page, click "restart" - done in 20 seconds. If not so lazy, open router web page, click "connection", click "disconnect", click "reconnect" - done in 10 seconds.

        1. TonyHoyle

          Re: VPN?

          It's not harder at all - You'd block the /64, since the bottom 64 bits refer to a local network and can change fairly easily (/48 possibly if you want to block an entire site owner).

    2. Dave 15 Silver badge

      Re: VPN?

      You will have to try and find a way to import the unhacked vpn, you wont be able to download it (the ip will be blocked, or maybe silently redirected to a hacked version), you wont be able to bring it in on media or devices they will be scanned (if not now very shortly when some terrorist outrage is caused by someone circumventing the obviously 'very sensible' laws)

      1. Kiwi
        Holmes

        Re: VPN?

        You will have to try and find a way to import the unhacked vpn, you wont be able to download it (the ip will be blocked, or maybe silently redirected to a hacked version), you wont be able to bring it in on media or devices they will be scanned (if not now very shortly when some terrorist outrage is caused by someone circumventing the obviously 'very sensible' laws)

        Micro SD cards are easy to conceal. You can delete files and easily undelete them. Sure, TPTB will have knowledge of that, but how long can they spend scanning all these devices? A hidden Micro SD (one that is truly hidden as opposed to "stuck somewhere safe and easy to find but not necessarily obvious to you while making perfect sense to me") would appear suspect if found, but it has to be found and found to be in a suspicious place. Even a hidden pouch in a traveler's bag is not suspicious if you use it to try and protect sensitive stuff like passport or credit cards.

        Deleted files.. Not so hard to find. But if your SD card "has been used a lot" and has thousands of deleted files on it? Deleted partitions are harder to find and restore.. Unless you know what you're doing..

        The one thing I must look more into is IP6 and what can be done with routing/detection/redirecting. All else is relatively trivial including blocking importing media.

        And terrorists? Likely they will use sneakernet or act alone. Whatever means they use won't "circumvent" these laws, they'll use methods that the laws don't cover.

      2. Adrian Tawse

        Re: VPN?

        I am not sure the RIPA actually gives the th UK government the right or power to block an IP. There is no great firewall of UK.

  58. TechieSid

    Big Brother ...

    Ahh, George Orwell is alive and well ...!! :-)

  59. Anonymous Coward
    Anonymous Coward

    This solves nothing....

    All this has terrified me, because the terrorists have instilled terror in everyone, especially the UK government.

    It wont be the crypto backdoors (which could compromise internet banking for everyone), that will drop the data to people who will abuse it, it will be a government agency giving it to another third party, the more copying, the more it can slip through the fingers of people that are there to protect the citizen.

    The crypto backdoors will only increase financial firms to move to the EU. Britians biggest export: Financial Services.

    As for the rest of it, this is only monitoring of citizens, at home, on their contract mobiles, living normal, lawful lives.

    Monitoring their shopping habits for the FSA, TV and movie habits for the DCMS.

    Smells more of corporate big data grab than terrorist and paedo catching.

    I've seen little to no proper discussions between anti-terror agencies, and internet security agencies prior to this bill.

    This is not only a backword step for the common people, and it's two steps away from there the real offenders are playing.

    Remember malcontents make themselves anonymous and difficult to catch buying second hand disposable phones, PAYG sims, all with cash. Hell they might the foreign sims using roaming over UK networks. They use public wifi (coffee shop, pub or even public library). They use vpns and proxies, and TOR.

    Using these services might be all well and good to protect yourselves from the government, but in doing so might well tar yourselves with the same brush as the malcontents.

    1. Dave 15 Silver badge

      Re: This solves nothing....

      Terrorism? What terrorism?

      Yup, there is NONE.

      A couple of attacks a decade or more back possibly made by the security forces and some unsubstantiated claims of blocking 1 or 2 more a year.

      The IRA managed several dozen a year when they were trying. If any modern terrorist were inspired there are hundreds of ways of attacking, no need even to club together in groups and talk to your friends.

    2. Rattus Rattus

      Re: "might the foreign sims using roaming over UK networks"

      Oh come now, not even the Saudis could afford to bankroll that!

  60. boatsman
    Coat

    it is time to start using the secure pub/private key exchange network.

    and that's all it takes to make this law ineffective, null and laughable. especially if we, the people, start using it *always*, producing an insurmountable money-black_hole of encrypted communication.

    perhaps a good idea for firefox / thunderbird & all other open source software to build it in by default.

    1. Charles 9 Silver badge

      Re: it is time to start using the secure pub/private key exchange network.

      Um, you forget Room 101. That's always an option because it only needs humans to work it.

      1. Destroy All Monsters Silver badge

        Re: it is time to start using the secure pub/private key exchange network.

        Not at all. Amazon will probably loan out the hardware and AIs for a nominal fee at some point.

  61. rtb61

    Will they ban FOSS

    They'll be having fun with FOSS software. Demand a back door, sure no problem, right there lines 2300 to 2350 and it you are lazy here is the script to delete and recompile that coding element to get rid of the back door. They will have to ban FOSS software because there is no way they can get a back door in without people being able to take it right back out again.

    1. Dave 15 Silver badge

      Re: Will they ban FOSS

      come it isnt some lines of basic you can recompile

      even if you take the time to disassemble the mamouth mountains of modern software you will be looking for a needle in a haystack. The hack wont look like if(governmentinspector) then revealall(); It will be something subtle, a ++ on an integer somewhere, a < rather than <= on an if... this is all they will need to ensure the encryption is compromised enough for them to decrypt it. It is a mathematical formula nothing more, and get the coding wrong and the whole premise falls apart.

  62. MrZoolook

    And here was I thinking this Government wanted the UK to be a financial business hub of some kind. Makes you think that successive months of post EU Referendum job losses et all, really would have happened when those same businesses should have been leaving at this announcement anyway!

    What bank (for example) would host its business on these shores knowing now, when its customers transactions are going to be put in the public domain, or left on buses on unencrypted memory sticks. That was a problem before this, but now with data encryption effectively becoming illegal, you may as well use plain text and sign a waiver allowing your bank to posting your transaction history on Facebook.

    If only there was a way to prevent that!!

    1. Anonymous Coward
      Anonymous Coward

      Total State Control (Pick Up That Can!)

      Well, Luxembourg has no such snooper's charter but for some reason disgruntled employees regularly abscond with harddrives full of customer information. These they then pass on to authorities of neighboring countries which then accept the gifts gratefully, oblivious to the fact that what they are doing is just illegal data grabbing lipsticked with the government-approved manufactured outrage of "tax evasion".

      When the next time comes $PERSECUTED_MINORITY will be unable to abscond in the middle of the night like in the 30s...

  63. Peter Fairbrother 1

    What a load of bollocks!

    Somebody has been picking phrases out of a Bill without considering the whole. That can be very dangerous. The new law is pretty effing horrendous, but not for the reasons stated in the article.

    Section 254 (5)(c): "The obligations that may be specified in regulations under this section include [..] obligations relating to the removal by a relevant operator of electronic protection applied by [..] that operator.."

    First, if you aren't a "relevant operator" then it doesn't apply to you. Software developer? nope, you are not a relevant operator, it doesn't apply to you. Write all the crypto code you like (though beware ITAR etc when distributing it).

    Second, any obligation on a "relevant operator" which amounted to Interception, ie if anyone new can access the plaintext after the obligation is complied with, would be illegal under s.3 .

    What section 254 (5)(c) really means is that the SOS will be able to require operators to retain the capability to decrypt ciphertext, where they applied the encryption. So for example if they used TLS with a Diffie-Hellman Forward Secrecy suite, then they couldn't delete the keys, but would have to retain them in case they were required to comply with an Interception Order.

    But that's about all it means. The SoS doesn't get the keys, or access to a backdoor (for domestic communications anyway).

    However, note that 254 (5)(c) applies to "relevant operators", which includes quite a bit more than ISPs - it includes websites like Apple where members can communicate between themselves - but probably not [1] shopping sites, banks, clouds, etc which do not perform communications service functions.

    [1] this is complex, and arguable either way - but probably not. However, that is something which should have been made clear in the Lords-Commons argy-bargy.

  64. Bloggs as DataProtector
    Thumb Up

    Some back door

    What do you mean a back door? Who didn't know about this power? And if the spooks didn't have it, how on earth would they be able to carry on with the lawful interception work they've been doing ever since telcos started to encrypt phone calls?

  65. TrueAnorak

    We should make an api that constantly has new features (maybe we could do 'ability to access service over port n') and constantly make requests

  66. Anonymous Coward
    Anonymous Coward

    VPN can work but far from ideal

    It is highly unlikely they'll be able to block all the VPN providers out there because you have to remember anyone anywhere can host a VPN server.

    Only problem is an offshore VPN server introduces several quality of life issues, aside from the fact that you're forced into paying for VPN:

    - Localization. Every site you visit you have to adjust to be displayed in your chosen language or for your location. That is, if the site even allows it -- sometimes it's just locked to GeoIP.

    - Latency. Multiplayer gaming, etc.

    Those are only two issues I can think of off the top of my head. There's likely more.

    What's funny is I've never had any concerns about NSA/GCHQ (NSA's pet) being able to intercept my data (with some work that is, not just through some effortless backdoor), because they're looking for terrorists so it shouldn't affect me... but what totally p****s me off is the idea of lower authorities (local government, local police, fire dept, food regulator?!, tax office, etc) having any kind of access, with or without effort -- F them, F the government and F Theresa May.

  67. GrapeBunch Bronze badge

    Doesn't the UK already have form

    ... for fouling its own tech nest? Bletchley + Official Secrets Act and suddenly USA invented the electronic computer (hint: it didn't). The kind of thing that if achieved by a foreign power would be considered an act of war, or if by a compatriot, treason, when accomplished by one's own government seems to elicit sighs and yawns.

    1. Dave 15 Silver badge

      Re: Doesn't the UK already have form

      If I were the next PM the very first thing I would do would be to clear out the entire civil service, every last man jack of them, send the lot to prison. It is difficult to find an example of any part of the civil service which isn't complicit in the continued undermining of the UK... from the debacle over the negotiations to leave the EU back through the amazing goings on with 'defence' (ships with no missiles, guns with no bullets, squadies with foreign uniforms), to the Falklands (basically telling the Argies they could have the Falklands), the continued attempts to offload Gibraltar to the Spanish... back through history. You couldn't make it up

      1. Anonymous Coward
        Anonymous Coward

        Re: Doesn't the UK already have form

        " clear out the entire civil service, every last man jack of them, send the lot to prison."

        I don't think you need *all* of them, not immediately anyway.

        Jail the entire mass of top-level civil serpents e.g. the First Division Association, and any other civil serpent with a PPE degree, and see how much that helps.

        Straight talking. Honest politics.

  68. Dave 15 Silver badge

    Ah... an idea

    OK

    So the messages, browsing etc. are linked to mac addresses and they can also tell which ip (&therefore router)

    Make ALL our routers open. After all the scare stories a couple of years back that people could get to your pc because they could get to your router are bollocks... if they weren't then I could hack anyones PC on the works network.

    Then buy and sell once a week or month at a car boot ...

    Then the records will be pretty much pointless and useless.

  69. Nathan 13

    Will affect most people, but not serious criminals or terrorists.

    Just like the snooping law that was "only to counter terrorism and serious organised crime" but led to fines for for putting out bins on the wrong day.

  70. LittleTyke

    The Investigatory Powers Bill recalls the The Locomotive Act 1865, which stipulated that a man with a red flag must proceed before a "locomotive" on the public highway. The government of today is going totally over the top as well. This new Bill will turn out to be as unworkable, too.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019