back to article Can GCHQ order techies to work as govt snoops? Experts fear: 'Yes'

The UK Home Office's ambiguous response to whether or not the Investigatory Powers Act gives the British government the authority to pressure or force people to work for GCHQ is troubling. When Reg reader Simon Clubley pointed out the unclear wording of section 190 of the new law, it generated a lively debate among legal …

  1. Warm Braw Silver badge

    Back in the cold war days...

    ... there were regional lists of Post Office Telephones staff who were to be kidnapped in the event of nuclear war and taken to bunker sites to operate and maintain the communication systems post-apocalypse.

    Setting morality aside, any plan that critically depends on the compulsion of an unwilling participant would seem to have a high likelihood of coming unstuck.

    1. Rich 11 Silver badge
      Joke

      Re: Back in the cold war days...

      I can well imagine that some people who had been forcibly separated from their families, and seen their families left to die, would be at a high risk of going postal.

      1. Anonymous Coward
        Anonymous Coward

        Re: Back in the cold war days...

        I worked in government then. My father who had been a commissioned volunteer in WW2, had signed up for the duration and emergencies, worked for a local authority. Probably because he thought I should know, he risked prosecution by telling me that he had been issued with a sidearm and a key to the local bunker. The family expected to die. He thought his death would probably be a few weeks after ours, but he would try and keep his bit of government going because it was expected of him. We did not envy him.

  2. steelpillow Silver badge

    Off the leash

    Seems to me that the curious case of the independent consultant being served a voluntary warrant is because, under the normal course of events, they would not normally be allowed to undertake such interference. It is a way of saying, "OK, boys and girls, you are off the leash." The telco itself needs stronger legal armtwisting, as it has more obligations to its users, so gets a compulsory one.

    1. Lysenko

      Re: Off the leash

      Exactly. It is almost certainly not designed to compel you do do something, it is rather a "License to Hack" and an indemnification against the Computer Misuse Act or various actions in tort that the target party might otherwise be in a position to employ.

    2. Jason Bloomberg Silver badge

      Re: Off the leash

      I would disagree. The power to do whatever they were requested to do would come with the job not through the warrant.

      There will be people doing that job, with that power, who have never been served with a warrant. The warrant is there to force or coerce those who would otherwise be reluctant to do the job.

      1. Lysenko

        Re: Off the leash

        @Jason

        English law doesn't recognise the concept of ad hoc "deputizing" civilians in the same way (some) US law does. The Executive branch (Cops) have certain implicit powers, but some others require the concurrence of the Judicial branch (Warrants). The degree to which a warrant issued to the Executive indemnifies a civilian informally providing assistance is dubious and certainly an unnecessary complication. Issuing a warrant formalises the relationship and eliminates any debate about lawful delegation of authority.

        An analogy is a landlord or hotelier demanding a search warrant before assisting with access to a room. The point of the warrant is not usually to compel the hotelier's compliance (quite probably they're perfectly happy to assist), it is to forestall any civil action that the aggrieved guest might otherwise engage in.

      2. Anonymous Coward
        Anonymous Coward

        Re: Off the leash

        @Jason Bloomberg. You wrote, "The power to do whatever they were requested to do would come with the job not through the warrant. There will be people doing that job, with that power, who have never been served with a warrant."

        No, that's not how it works. Developers with access to the systems use their own test data and are forbidden to view real data, while developers with access to user data are granted it on a strictly controlled test basis, just like any other telco engineer. They get closely monitored and I have seen bad bunnies get themselves summarily dismissed (e.g. for spying on an ex's new partner), again run-of-the-mill for this business. It takes a Home Secretary to join the dots and allow full-on exploitation.

        Of course, one cannot expect the average netizen to believe that, sigh. I fully anticipate a shedload of downvotes for spoiling everybody's hate games.

        1. dgc03052

          Re: Off the leash

          "No, that's not how it works. Developers with access to the systems use their own test data and are forbidden to view real data, while developers with access to user data are granted it on a strictly controlled test basis, just like any other telco engineer."

          Depends on the specific company. Usually until there is some critical bug, and a bunch of data is replicated for debugging, or the developer does touch the production system.

          Not all developers have access, and they might not have regular access to all the data, but plenty of data and access can be leaked, with very little tracing.

    3. Cuddles Silver badge

      Re: Off the leash

      "It is a way of saying, "OK, boys and girls, you are off the leash.""

      I suspect you may be right about the intent of the law. The problem is that when it comes to laws, intent is ultimately irrelevant, all that matters is the exact words that are written. That's the entire basis of loopholes - even if everyone knows exactly what was intended, courts often have no option but to allow unintended behaviour because they can only go with the exact letter of the law. Throw in some deliberate ambiguity in case you decided to change your mind about the intent later, or rush it through without allowing proper scrutiny, and you can easily end up with a mess like this law where the original intent may well have been one thing, but no-one is entirely sure what the final wording actually means in practice.

    4. Anonymous Coward
      Anonymous Coward

      Re: Off the leash

      The telco itself needs stronger legal armtwisting, as it has more obligations to its users, so gets a compulsory one.

      Ah, but there's an extra reason for that: the ability to intercept is a mandatory condition for obtaining a telecomms license. Go ahead, pull in telecomms licenses of practically any European telco and you'll find the condition in there. Ergo, if it involves a telco there is a certainty that intercept resources are available or they're in breach of license and may lose it. That is, intercept for phone, fax and unencrypted data - when it's encrypted I don't think there is a rational basis for demanding access to cleartext. At best they can have the raw traffic.

      The non-telco entities (or rather, the ones that are vague alluded to as being telco-ish which IMHO a lot of horse manure without a formal license, but we'll leave that aside for the moment) may be served, but can start with justifiably claiming that they have (a) no intercept capabilities available and (b) if the dear government wants it, it better coughs up for its development without any solid guarantee that it can be delivered - after all, most Internet communication except the ones which involve data at rest are nowadays explicitly designed to prevent intercept - you know, to stop the BAD guys listening in?

      In short, it's a mess, not helped by frankly idiotic legislators who put things in law that simply cannot be delivered. With that sort of attitude you might as well mandate that people must fly to work and then get upset that nobody complies. Morons.

      Dammit, used up all my grumble credit for the month in one go. Bummer.

      1. Doctor Syntax Silver badge

        Re: Off the leash

        "or rather, the ones that are vague alluded to as being telco-ish which IMHO a lot of horse manure without a formal license, but we'll leave that aside for the moment"

        Why would we leave it aside? If the definition doesn't specify a telecoms operator as conforming to your personal definition, i.e. being a licensed operator, then your argument collapses. The Act says what it says, not what you think it should say.

        1. Anonymous Coward
          Anonymous Coward

          Re: Off the leash

          The Act says what it says, not what you think it should say.

          Normally I'd agree with you, but what I'm alluding to is an ambiguity in how it is formulated (in itself evidence that this was rammed through with undue haste). There is already a definition out there of a telecommunications operator, one that is supported by a fairly healthy chuck of income to the government.

          They should have used a different term for it, now they have a conflict which effectively forms an escape clause for any half decent lawyer. You can't just go and redefine a term in common and legal use because you'd like it to mean more, that takes a bit more than badly drafted legislation.

          Sure, it was passed, but where it matters is where this hits the courts at some point.

  3. boltar Silver badge

    Who cares?

    I mean seriously? Other than anti-establishment SJWs and solicitors looking for their next meal ticket why would anyone give a toss about this? The chances of Mr Average IT person who hasn't signed the official secrets act ever being called up by GCHQ is so vanishingly small that its virtually non existent.

    1. Doctor Syntax Silver badge

      Re: Who cares?

      "The chances of Mr Average IT person who hasn't signed the official secrets act ever being called up by GCHQ is so vanishingly small that its virtually non existent."

      I'm not sure about that. From TFA:

      Section 261 of the Act defines that a "telecommunications operator" is anyone who provides or controls a communications network of any kind. Paragraph 10 of Section 261 talks about how you are also considered to be a telecommunications operator even if you only merely "control" the telecommunications system in question; actual ownership does not appear to be required. That would appear to obligate some third-party maintenance vendors to assist with a Bulk Equipment Interference warrant issued against equipment owned by their customers.

      "A communications network of any kind" would include a company's internal network* so a warrant could be served on a company's own BOFH to compromise his employer and be gagged from saying anything about that. It might not be intended but once the facility is there abuse tends to follow; we've certainly seen reports of this in the past.

      *It could even include a domestic WiFi link to the router!

      1. boltar Silver badge

        Re: Who cares?

        "I'm not sure about that. From TFA"

        I am. Just because something is technically legal doesn't mean it'll ever be used. They have quite enough experts of their own, they're not going to suddenly drag Admin Joe out from his day job to help them bring down some chinese cyber team.

        But hey, I got modded down because, well, gubbermint story, its the law on here that anyone who doesn't follow the Men In Black Are Out To Get Us paranoid aspie groupthink gets crucified.

        1. Doctor Syntax Silver badge

          Re: Who cares?

          "They have quite enough experts of their own, they're not going to suddenly drag Admin Joe out from his day job to help them bring down some chinese cyber team."

          No, but they might call on Admin Joe at home and tell him that when he goes into work he's going to have to set up something to copy all Fred's internal emails to HMRC/DVLA/dog warden. It would be a lot easier than going to GCHQ and asking them to spend however long it takes to gain surreptitious access to the system.

          It's not as if we've never seen overreach in the past.

          1. sabroni Silver badge
            Thumb Up

            Re: Who cares?

            Cool! The name calling part of the argument!!!

            I'm not an SJW you fascist!!!!

            1. boltar Silver badge

              Re: Who cares?

              "I'm not an SJW you fascist!!!!"

              Calling Mr Godwin....

          2. Anonymous Coward
            Anonymous Coward

            Re: Who cares?

            No, but they might call on Admin Joe at home and tell him that when he goes into work he's going to have to set up something to copy all Fred's internal emails to HMRC/DVLA/dog warden. It would be a lot easier than going to GCHQ and asking them to spend however long it takes to gain surreptitious access to the system.

            You may be closer to the truth than you think. Post 9/11, we had plenty of alerts from US sysadmins who were "encouraged" to report to certain agencies before they went to access data centres abroad..

        2. jmch Silver badge
          Facepalm

          Re: Who cares?

          "Just because something is technically legal doesn't mean it'll ever be used"

          You mean like how anti-terror legislation wasn't ever used by local councils to spy on where residents were throwing their rubbish?

        3. nijam

          Re: Who cares?

          > Just because something is technically legal doesn't mean it'll ever be used.

          How delightfully naive.

          1. boltar Silver badge

            Re: Who cares?

            "How delightfully naive."

            Really? How many welshmen have been legally murdered in chester recently then?

            If you don't know what I'm talking about, google it.

            1. Allan George Dyer Silver badge
              Headmaster

              Re: Who cares?

              @boltar - "How many welshmen have been legally murdered in chester recently then?"

              Trick question! None, because murder is defined as unlawful killing.

      2. verno

        Re: Who cares?

        Beat me to it Doctor Syntax, looking at that wording it could be applied to pretty much any IT manager of a SME...

      3. John Brown (no body) Silver badge
        Joke

        Re: Who cares?

        "so a warrant could be served on a company's own BOFH to compromise his employer and be gagged from saying anything about that."

        Like the OP said, that's just part of the job for a BOFH.

      4. Anonymous Coward
        Anonymous Coward

        Re: Who cares?

        "A communications network of any kind" would include a company's internal network* so a warrant could be served on a company's own BOFH to compromise his employer and be gagged from saying anything about that.

        Ah, but I fear the government has pretty much nailed its own feet to the floor if it ever wants to abuse that vague definition by the sheer fact that it actually sells licenses to operate to telecommunication operators. That creates by definition and its very existence a nice, sharp edge around what is and what is not a telecommunications operator.

        Ergo, if the recipient in question has no license obligations, it can enthusiastically tell ye older carrier of warrant anything from just "go away" to "try some Steve Bannon acrobatics", depending on just how clearly they want to demonstrate their appreciation of the attempt to bully them with inappropriate demands. Oops.

        IANAL, but I'm pretty sure any lawyer will spot that one, even when only half awake.

        1. Simon Clubley

          Re: Who cares?

          @AC. "it actually sells licenses to operate to telecommunication operators". I'm assuming that's the public telecommunications operators. Private telecommunications operators are also covered by the IPA.

          1. Anonymous Coward
            Anonymous Coward

            Re: Who cares?

            Private telecommunications operators are also covered by the IPA.

            But that's exactly the point: the law does not seem to make that distinction. I know ambiguity in law is usually self serving, but in this case they dropped the ball because of what you could call a pre-existing condition :). If they really want to use that definition they will have to firm it up.

      5. tom dial Silver badge

        Re: Who cares?

        "Could" and "in practice would" are extremely likely to be far apart. I think that was the OPs main point.

        In the US, the judiciary is expected to enforce restrictions like probable cause and particularity, and I expect the same is true of the UK and many other countries. Under fairly ordinary circumstances this probably works fairly well.

        A major problem with this is that at times of moral panic like a major terrorist incident or attack from another country the judiciary may flinch from that duty as happened, for example, in WW II when the US and Canada interned those of Japanese origin as well as some others, many or most of them citizens of their respective countries. In the US at least, such judicial pushback as there was was spotty and ineffective, and ultimately the Supreme Court approved the internments.

    2. Afernie
      FAIL

      Re: Who cares?

      "I mean seriously? Other than anti-establishment SJWs and solicitors looking for their next meal ticket why would anyone give a toss about this? The chances of Mr Average IT person who hasn't signed the official secrets act ever being called up by GCHQ is so vanishingly small that its virtually non existent."

      There is always a delightfully uninformed uniformity to your alt-right buzzword-packed trollograms. I'm an average IT guy at a multinational and I can certainly think of a scenario where this would be a possibility.

      The clue being "multinational", the significance being the nations in question.

  4. Anonymous Coward
    Anonymous Coward

    Can I be the first to say I completely trust the government not to issue a warrant to someone that doesn't have to comply and not threaten them with releasing the existence or the warrant thereby allowing them to cuff them.

    I also believe in Unicorns and honest politicians.

    1. Anonymous Coward
      Anonymous Coward

      there does seem to be a clause missing forum the legislation here - the one that specifies the charges that will be brought against the Home Secretary / Minister if any if these powers is ever abused, misused, or extended for use in any areas that are not disclosed when MPs vote on the Bill ?

  5. smudge Silver badge
    Black Helicopters

    What if...

    ... all the individuals at a telco on which a warrant has been served refuse to co-operate?

    The duty to comply is only enforceable against a telco. But a telco consists of people, and the compliance of at least one person is required if the telco is to assist the authorities. Thus the duty to comply must be enforceable against at least one person. But it is explicitly stated that the duty to comply only applies to telcos, and not to people.

    I therefore conclude that the law is an ass.

    1. Doctor Syntax Silver badge

      Re: What if...

      "I therefore conclude that the law is an ass."

      You probably conclude wrong.

      - Warrant served against telco.

      - Telco directs employee to implement it.

      - Employee refuses.

      What happens next? Employee has refused a legitimate order (legitimised by the warrant) so can be fired without a basis for comeback although an Employment Tribunal hearing might be awkward with a gagging order in place.

      1. smudge Silver badge

        Re: What if...

        ... What happens next? Employee has refused a legitimate order (legitimised by the warrant) so can be fired

        I knew that would be a response.

        I specifically said "what if all the individuals at a telco on which a warrant has been served refuse to co-operate?" I think it's quite likely that some small ISPs might take that stance. In which case it would be unlikely for an employee to be fired for following what is in effect company policy.

        I am not a lawyer, but if I were defending an employee who had been fired - or the company board who had been charged with not implementing the warrant - my argument would be along the lines of "You can't compel someone to do something solely because they are an employee of a company, when they couldn't be compelled to do it if they were not. Even if it's legal."

        I'm thinking on the hoof here, so I'd be interested in any examples, from anywhere, that either support or don't support that argument.

        1. Anonymous Coward
          Anonymous Coward

          Re: What if...

          I'm not a lawyer either, but it seems to me that defending an employee who was fired in those circumstances should be pretty easy.

          "So, Mr Boss, why did you fire my client?"

          "Well, he refused to... erm, I can't really say."

          1. not.known@this.address Bronze badge

            Re: What if...

            <quote>

            "So, Mr Boss, why did you fire my client?"

            "Well, he refused to... erm, I can't really say."

            </quote>

            "...but please speak to the nice Men From The Ministry who are waiting at the back of the room to take you for an extended stay at Her Majesty's Government's displeasure. Have nice day!"

        2. Doctor Syntax Silver badge

          Re: What if...

          I am not a lawyer, but if I were defending an employee who had been fired...then said employee would be extremely unlucky.

    2. Jc (the real one)

      Re: What if...

      If the telco asks someone to do this , and they refuse...presumably they can fire them!

      Jc

      1. Flocke Kroes Silver badge

        Re: What if...

        Firing a skilled employee does not execute the warrant. There might not be a large number of appropriately skilled employees. What happens when there are none left?

    3. Anonymous Coward
      Anonymous Coward

      Re: What if...

      What if...

      ... all the individuals at a telco on which a warrant has been served refuse to co-operate?

      I posted elsewhere here that the term telecommunications operator isn't as vague as they would like you to think, because the government actually sells licenses to operate to telecomms operators. As far as I can see, if you're not required to have such a license, you're not a telco and thus not obligated to comply.

      However, a "proper" telco (i.e. with license) would be at risk of losing that license for non-compliance as providing intercept capabilities is an explicit requirement, and that's not just in the UK.

    4. StargateSg7 Bronze badge

      Re: What if...

      I would tell GCHQ to sod off and go stick a fork in it!

      NO ONE is gonna be telling ME if and WHEN i will cooperate on anything!

      If I see the warrant I will send them a nice big email

      in 240 point font telling them in TWO WORDS to go

      &*(^&*% OFF and THEN I would POST the entire

      warrant/security letter front and centre on my

      offshore web page with email copies sent

      to friends, family and many reporters!

  6. Anonymous Coward
    Anonymous Coward

    Seems purposefully vague or overly board in its reach. A little like tightening the screws on everyone who might be remotely related to having the ability to comply. Somewhat like the Stasi having everyone so frightened that much of the population spied on everyone and people did just to be sure they complied and were safe from detention. Sounds like the start of a Fascist's wet dream.

    1. nijam

      > Seems purposefully vague or overly broad in its reach

      Bear in mind that most laws are designed (upto a point) to have sections which are vague and/or obscure, simply to provide long-term future employment to others in the legal profession.

  7. Nick Kew Silver badge
    Black Helicopters

    Supply chains

    A lot of things go in to telecoms equipment. Software, both open and closed source. Ditto chips.

    Does this mean that a developer could be served a warrant by GCHQ to cooperate in smuggling an exploitable vulnerability into a general-purpose software project? Most obviously a crypto project such as OpenSSL, but it could be applicable much more widely. The warrant might then constrain the developer's behaviour: for example, to post GCHQ's responses rather than his own when a relevant commit is questioned.

    1. Graham Cobb

      Re: Supply chains

      It is this case which worries me. Could (for example) Alan Cox be served with a warrant requiring him to sneak a tiny vulnerability into the Unix kernel? He is certainly sufficiently clever, well known and trusted to be able to do it (so the "not practical" exemption doesn't apply). Although I suspect he may also be bloody-minded enough to be a poor choice (thankfully).

      More realistically, maybe, a one-man maintainer of a very popular Github project (plenty of those -- for example rclone) could be served a warrant. And if the project was to do with communications, and had over 1000 users, he might even qualify as a telecom operator!

  8. poohbear

    "if I received such a warrant, I would simply tell the government to get lost"

    May we remind you that your passport is due for renewal next year.

    Hate for there to be a problem with that...

    1. Anonymous Coward
      Anonymous Coward

      That's fine, I'm quite happy to brave the rain in Bognor Regis next 'summer'.

    2. Simon Clubley
      Big Brother

      @poohbear. My passport _is_ due for renewal next year...

      (Seriously. :-))

    3. Dan 55 Silver badge
      Black Helicopters

      And what happens if you accept the job and are seriously bad at it?

      If you are served a warrant, are your passport privileges and job prospects based on results and non disclosure?

  9. Pascal Monett Silver badge

    "threats about what would happen if they revealed its existence"

    Um, sorry but issuing warrants is one thing, having them automatically accompanied with a gag order is another issue entirely.

    Are we in democracy or not ? Since when is the proper functioning of Justice supposed to be secret ? Secrecy is the tool of oppressive regimes and dictatorships, not the tool of political regimes that respect the individual.

    If I was faced with a warrant, I would likely comply, but if I were threatened to keep it silent I would most strongly consider shouting the fact from the rooftops by sheer spirit of resistance. And with a lawsuit if necessary. I do not consider saying "I am constrained by a warrant" to be a matter of National Security.

    1. Doctor Syntax Silver badge

      Re: "threats about what would happen if they revealed its existence"

      "Are we in democracy or not ?"

      Any answers?

      1. Anonymous Coward
        Anonymous Coward

        Re: "threats about what would happen if they revealed its existence"

        "Are we in democracy or not ?"

        Yes !!! :)

    2. Flocke Kroes Silver badge

      Re: "threats about what would happen if they revealed its existence"

      Secret policeman: This is a warrant requiring you to ...

      Reseacher: Wait! Telling anyone about those warrants is illegal. Are you sure you want to complete that sentence?

      Later:

      Clerk of the court: You are charged with failure to comply with ...

      Reseacher: Wait! ...

      It goes down hill from there. Hands up everyone who has ever seen a warrant (my hand is up). Keep your hand up if you could tell just by looking at it is a warrant is genuine (my hand is down). If it is a fake, you can seek legal advice to find out if it is real. If not, getting advice is a crime. Complying with a fake warrant to install malware is crime. Imagine you get caught obeying a genuine warrant - you cannot mention the warrant as part of you defence without breaking the law.

      1. Adair

        Re: "threats about what would happen if they revealed its existence"

        'If it is a fake, you can seek legal advice to find out if it is real. If not, getting advice is a crime. Complying with a fake warrant to install malware is crime. Imagine you get caught obeying a genuine warrant - you cannot mention the warrant as part of you defence without breaking the law.' - @ Flocke Kroes

        In which case 'the law' is obviously bollocks -- in terms of justice and in terms of morality. It may be a bureaucratic authoritarian wetdream, but as far back as Magna Carta, etc. this is exactly the kind of self-serving immoral kind of injustice that generations of people have sought (to the point of bloodshed in some cases) to prevent.

        So, what is the betting that if a case of this ever actually came to trial that, sans dictatorship, our lovely Govt. would get the kicking it richly deserved. 'They' are betting on fear and bully tactics ensuring that day in court never happens, as the kind of scum who promulgate this kind of thing always have done, and always will.

    3. jmch Silver badge

      Re: "threats about what would happen if they revealed its existence"

      Completely in agreement. Secret Warrants are an abomination unto Nuggan

    4. DougS Silver badge

      Re: "threats about what would happen if they revealed its existence"

      Interesting idea.

      So if you wanted to eavesdrop on your ex-wife or the kid that stole your lunch money once in 3rd grade, you could prepare an official looking warrant that includes a gag order clause, buy a nice fake gub'mint badge on eBay (delivered by eParcel from China, no doubt!) and rent a big black SUV (if in the US, substitute appropriate vehicle for the UK) and show up at the door of a telco.

      You'd have to pick a smaller one, a big one probably has people with government connections who can verify these sorts of things, but a small rural one? If you are convincing, it just might work!

  10. phuzz Silver badge
    Headmaster

    "The Home Office statement indicates that paragraph (3)(f) of Section 132 of the IPA comes into play, so that anyone served with a warrant - even if they are under no obligation to assist the government - is still liable to prosecution simply by revealing they had been served with a warrant"

    In these circumstances, would I still be allowed to talk to my lawyer?

    1. Anonymous Coward
      Anonymous Coward

      "Hello, is that Messrs S, G & R? I need to talk to you about a sensitive matter. Unfortunately I can't tell you what it is, because of paragraph (3)(f) of Section 132 of the IPA."

      (you'd probably still get a bill?)

    2. Anonymous Coward
      Anonymous Coward

      In these circumstances, would I still be allowed to talk to my lawyer?

      Yes. In legal terms, the lawyer is your representative. He'd be bound by confidentiality rules, but lawyers (and judges) have a bit of a special status in the legal system, for obvious reasons. Otherwise the law could not work, for the exact reasons you so nicely illustrated :)

    3. Simon Clubley

      [I'm the same person mentioned in the article. Thanks to everyone for your feedback.]

      @phuzz. Section 133, paragraph 4 comes into play here. According to that section, you are allowed to make disclosures in connection with any legal proceedings which have been initiated against you.

      Before you get to that stage, you are also allowed under that section to seek the advice of your professional legal adviser, but only your professional legal advisor, for matters relating to the provisions of the IPA after you have received the warrant.

    4. Wayland Bronze badge

      It's all about intimidation and fear. What do you fear them doing to you if you just say no? You're not going to talk your way out of it, even with a lawyer. All you can do is call their bluff. Are they really going to kidnap you and throw you in a cell as an extremist? Maybe. Are they going to investigate all of your life for the past 30 years? Maybe. Will they freeze your bank accounts and get you fired? Maybe.

      The chances are they will move to someone with less backbone than you and intimidate them into helping them.

  11. Anonymous Coward
    Anonymous Coward

    I have to work on this?

    Sure no problem, just give me a minute......Ooopsie. Don't think I should of done that.

  12. Anonymous Coward
    Anonymous Coward

    "This leaves the government free to shop around, serving warrants on multiple experts, until they find one they can intimidate into working with them," according to Clubley.

    I know it's deeply unfashionable these days, but you never know; it's just possible that they come across some expert who is actually willing to help put some scumbag in jail.

    1. Anonymous Coward
      Anonymous Coward

      I'm sure there are some people who think you are a scumbag. I wouldn't be happy if the state asked me to help jail you!

      You might not be too hot on thinking but that's not a jail-able offence in my book....

    2. Doctor Syntax Silver badge

      "it's just possible that they come across some expert who is actually willing to help put some scumbag in jail."

      Indeed. I have been that very expert. But (a) it was part of my job and (b) it was part of a long-established legal process. It would have been somewhat different if it involved mass surveillance of a sort which has already been struck down in court in a previous guise, which I might fear to be illegal under over-arching European legislation (which, thankfully, still exists to protect us against government overreach) and which, in my view, goes against the long established principle of the presumption of innocence.

      OTOH if I found myself in an employment situation where I discovered such scumbag activity I would probably find myself becoming a whistle-blower although oddly enough intelligence agencies don't seem favourably disposed to these.

      1. Anonymous Coward
        Anonymous Coward

        ...although oddly enough intelligence agencies don't seem favourably disposed to these.

        And you know that how?

        1. Doctor Syntax Silver badge

          "And you know that how?"

          Have you heard of a Mr Snowden?

          1. rpi3parallax

            Mr Snowden?

            @Doctor Syntax Mr Snowden didnt work alone, Mr Stallman & Julian Assange helped.

            As a long suffering Mac OS user, I can tell you I was not keen on XServe or XCPU being in Darwin!

            An to think it I once used to program in Debian..

            XNU Kernel - 10's Not Unix! :P

          2. Anonymous Coward
            Anonymous Coward

            @Doctor Syntax,

            Have you heard of a Mr Snowden?

            Well, he didn't work for the British. He worked for the Americans. Whatever he felt about the options he had for raising concerns within his employer's organisation has zero bearing on the culture / environment in a British agency.

            So I ask again. How do you know?

      2. bazza Silver badge

        @Doctor Syntax

        Hmm, well I think given that the act makes specific provisions for people to get a hearing, I think European courts would be the last port of call.

        I think another way of looking at this is, invited / asked, that it's an opportunity to help get the job done properly.

        Someone asked to help who then refuses to help can't very well then go on to criticise them for how they've gone about doing the job without that help.

        Warrant's True Purpose

        I think that one thing everyone has forgotten is that for anyone to do anything investigatory, they need the legal top cover offered by the warrant.

        Without the warrant an expert cannot legally assist the authorities in their investigatory actions, even if they wanted to. Without the warrant the expert would likely be breaking the law. I think that the act is saying that if an expert is asked, and volunteers, they are protected from prosecution for things they do within the terms of the warrant. Important to have...

        A telecoms company cannot just tap a phone conversation that's running over their wires; that's illegal. They themselves need the warrant to carry out what has been requested.

        It's the same for the authorities; they themselves cannot act without a warrant saying they can act (which has always been the case).

        That's my interpretation of what the act is really getting at. It's likely just an unfortunate turn of phrase with an unforeseen interpretation.

        The fact that the act says that only a telecoms company is obliged to respond to a warrant I think gives weight to this line of thought.

        What do you reckon?

        1. Anonymous Coward
          Anonymous Coward

          A telecoms company cannot just tap a phone conversation that's running over their wires; that's illegal. They themselves need the warrant to carry out what has been requested.

          Correct (disclosure: many years ago I worked in legal intercept). There is a second, much more business related reason for correct paperwork: such intercepts are not free of charge. I haven't read this law if it carries cost provisions for an intercept, but I can assure you that intercepts are billable to the government and there's no telco on earth that will deprive itself of the opportunity to bill something, and for that it needs the warrant. Absolutely nothing will happen without a warrant because it combines legal protection of the activity with an opportunity to recover costs on the kit they were obliged to install to comply with their operating license.

          Ironically, the costs in turn slow down enthusiasm for a high volume of lawful intercepts - as far as I know it's not cheap.

        2. Doctor Syntax Silver badge

          "What do you reckon?"

          I reckon over-broadly worded legislation straying well beyond centuries-old legal limits parading ministerial authority as due process of law and under-scrutinised by Parliament is a dangerous thing.

          I also reckon that possibly the notion that a warrant could be served on an individual and binding on a telecoms provider may have been intended to allow someone to collar a bloke driving an Openreach van and tell him, as a representative of a telecoms provider to put a tap on a given line without going through too much paperwork. I further reckon that even if that's the case it's open to misuse far beyond that.

          1. bazza Silver badge

            @Doctor Syntax,

            I reckon over-broadly worded legislation straying well beyond centuries-old legal limits parading ministerial authority as due process of law and under-scrutinised by Parliament is a dangerous thing.

            I also reckon that possibly the notion that a warrant could be served on an individual and binding on a telecoms provider may have been intended to allow someone to collar a bloke driving an Openreach van and tell him, as a representative of a telecoms provider to put a tap on a given line without going through too much paperwork. I further reckon that even if that's the case it's open to misuse far beyond that.

            Hang on a minute. A warrant is not and never has been an order, instruction, something compelling. It is permission to act in a way that would otherwise be illegal, those actions being judged a necessity to advance a specific investigation by a minister and/or judge and/or someone else duly empowered to make such decisions. It is not served on anyone, it is given to someone.

            The dictionary definition of a warrant is "a document issued by a legal or government official authorizing the police or another body to make an arrest, search premises, or carry out some other action relating to the administration of justice". The key word is authorise; there's no compulsion.

            An ordinary policeman who wants to enter a property needs a warrant, but once it has been obtained they're not actually obliged to bust down the relevant door. AFAIK the only way someone can be compelled to do anything is by direct order from a high court judge (or greater), but that's a very different beast to a warrant.

            If a warrant were an irrisistable order, there'd be no need to specifically mention telecoms companies in the acts. They are mentioned because a warrant is simply permission, not an order, so the act has to specifically state that telecoms have to help out with the warrant.

            I don't see why anone would collar a wireman out on the streets - I'm pretty sure that the networks are more nationally reachable than that. And, strictly speaking, a warrant is basically the only paperwork that someone needs to take an action that would otherwise be illegal. And it's not going to be carte-blanche to do anything, it's going to very specific.

            I think that this whole thing has come about because whats-his-name has misunderstood what a warrant actually is. If one considers the act in the context of a warrant being permission (specifically permission for someone who can and wants to assist to actually provide that assistance), and not an order, the wording makes a lot more sense and is far less 1984 than whats-his-name has been making out.

    3. Cynic_999 Silver badge

      "

      it's just possible that they come across some expert who is actually willing to help put some scumbag in jail.

      "

      The problem is that you would not know that. Just because the police *say* that the suspect is a paedoterrorist does not mean that he *is*. Remember Jean Charles DeMenezes? Harry Stanley?

      1. Anonymous Coward
        Anonymous Coward

        And helping out would make that situation worse? Exactly how?

  13. Anonymous Coward
    Anonymous Coward

    Does that mean

    that if I let anyone use my broadband via my router, or anyone that enables BT openzone on the hub (or equivalents) becomes a provider and subject to the provision?

    I also assume that the telecoms providers can outsource their expertise and therefore the provider will not have the ability to fulfull any warrants. That could also be an interesting option.

    1. Anonymous Coward
      Anonymous Coward

      Re: Does that mean

      and what about coffee shops / pubs that provide Wi-Fi for customers? are they operators under this?

      1. Doctor Syntax Silver badge

        Re: Does that mean

        "and what about coffee shops / pubs that provide Wi-Fi for customers? are they operators under this?"

        If the summary given in the article is correct then it would appear that they are. Whether that's by intent or by carelessness is a matter for conjecture. It's an aspect that should have received scrutiny in Parliament If my ex-MP's attitude was anything to go by I doubt there was much enthusiasm for such scrutiny, at least on the govt. side.

        In a way I'm a little sorry he isn't still my MP, if he were I could keep asking him to clarify such issues that he voted for so unthinkingly.

      2. Wayland Bronze badge

        Re: Does that mean

        It would probably extend to web servers and web sites and maybe email servers. I don't just see it as the information on the wire since that's not all that helpful. It's only when it's reached a destination does it assemble into something meaningful. Ie the customers computer or the web site they were looking at. In the website there could be account names and messages. Lets say the spooks wanted to investigate activity on a forum. They would contact the site owner or someone who could make them a moderator. The owner of the server could do this going behind the site operator.

        As for the customers computer, who runs that. OK the customer but then also anyone who wrote software that's on that computer. They could be compelled to put spies in there.

  14. Anonymous Coward
    Anonymous Coward

    FFS!

    "That would appear to obligate oblige some third-party..."

    1. Simon Clubley

      Re: FFS!

      @LeeE. Thanks for the correction.

      On the plus side at least I now know you were interested enough to read the whole article. :-)

      1. Anonymous Coward
        Anonymous Coward

        Re: FFS!

        @Simon Clubley: You're welcome - don't do it again ;)

        Hearing or reading the word 'obligate' is as pleasant an experience as a Punji stick in the eye and only a masochist could derive gratification from using it. I can't help feeling that it's only employed by people who believe that using words with more syllables, intrinsic awkwardness of pronunciation and inelegance makes them look more cleverer.

        1. Pedigree-Pete
          Coffee/keyboard

          Re: FFS!

          @Lee. " look more cleverer" You owe me a new keyboard. Almost as good as an ex-colleague who intentionally used much more cleaverer and much more betterer coz he know it niggled.

  15. John Smith 19 Gold badge
    Gimp

    So intimdating legal BS from the masters of intimdating, but unenforcible legal BS

    And if you tell them to f**k off you can't tell anyone they are shopping around for someone they can pressure into doing this.

    Smells like the usual high standard of work from the department of data fetishists.

  16. Yet Another Anonymous coward Silver badge

    Convenient excuse

    You're nicked for hacking that bank.

    But I was doing it for the security services

    Look here is a warrant PDF - it looked official to me, and it says I'm not allowed to ask a lawyer so I was just obeying orders...

  17. Anonymous Coward
    Anonymous Coward

    "The law says what the law says, and interpretation is up to the courts – who may chose to take into account other information like statements in Parliament, but may not."

    IMHO such interpretations only happen when the case reaches the higher appeal courts. There have been cases in the past*** where the minister allayed fears by saying a law wouldn't apply in some particular circumstances. Then the police and CPS promptly used the wording of the law to prosecute and convict people.

    ***Using Public Order offences against naturists to circumvent their implicit protection in the Sexual Offences Act 2003. The minister had said that would not happen.

  18. Will Godfrey Silver badge
    Happy

    Escape route?

    I don't know anything like enough about either telecoms or OSs to be of any value to the spooks, but I think my response would be to appear suitably cowed, and work quite diligently, but you know, I find it remarkably common that I make mistakes when under pressure. It is just so easy to put a semicolon in the wrong place or forget the braces around a code block - or even put them on the wrong lines.

    When the data inadvertently gets leaked all over the place I'd obviously be greatly upset and immediately offer to put things right, but I guess I'd be dismissed for incompetence. Shame that.

    P.S. I had to make several edits of this little bit of text!

  19. Marketing Hack Silver badge
    Unhappy

    "none of them really gave themselves sufficient time to examine the wording"

    Again, that's not a bug in the legislation, its a feature. It's just a feature that benefits them, not us.

    1. Wayland Bronze badge

      Re: "none of them really gave themselves sufficient time to examine the wording"

      It's not really important how they word it since you're not going to word your way out of it if they decide to get you for it. Less and less of this counties activities are governed by the law and more and more by what ever it is they are trying to do. The law is just there to force you to do what they say.

  20. albegadeep
    Paris Hilton

    I'm a telecom operator?

    "Section 261 of the Act defines that a "telecommunications operator" is anyone who provides or controls a communications network of any kind."

    I have a home network that I control and administrate. Does that make me a telecom operator???

    (Thankfully, I'm in the US, and we don't have crazy surveillance laws... never mind...)

    1. Anonymous Coward
      Anonymous Coward

      Re: I'm a telecom operator?

      Now that's funny. It's good to see that comedy can be brought to a serious topic. :)

    2. This post has been deleted by its author

  21. Dm4

    Sir Humphrey Appleby

    Straight from a yes prime minister script

  22. GrumpyKiwi Silver badge
    Big Brother

    It's nice to get official confirmation...

    ...of our status as slaves of the state isn't it.

    Not much different from conscription, only with less opportunity to object on the grounds of being a pacifist.

  23. Matt Bryant Silver badge
    FAIL

    What a load of complete cobblers!

    1. Did you miss the word "warrant"? As in court-issued and approved? The UK courts do not give out warrants compelling people to provide services for anyone, they issue warrants relating to specific equipment and data searches for specific suspected crimes which compel people to obey the request to give up said equipment or data. The idea that a court would issue a warrant to force someone to go spy for HMG is simply so farcically paranoid it beggars belief! I find it hard to believe anyone not on seriously mind-altering substances was arguing that.

    2. If I wanted to spy on anyone the last thing I would want to do was include an unwilling and probably antagonistic person into my secret investigation. Seriously, the idea is just too stupid for words. Not only are they very likely to not work to the best of their skills, they are far more likely to deliberately hinder the investigation and ensure the target escapes, if only because they "hate The Man".

    3. Please stop for a moment to consider that the GCHQ, NSA and other chums already have not only a more than capable set of well-trained staff with plenty of skills, they also have external parties that are already vetted and approved to help provide assistance when required. The idea they would need some self-trained haxor to assist them is simply comic and speaks more of self-preening egotism than a firm grasp on reality.

    The only people bound to comply with this law are telco staff receiving court warrants demanding they recover something like a backup to show the texts between two telephone numbers of interest explicitly stated in the warrant. They are not going to be asked to hack anything. That El Reg would see fit to publish a click-bait article implying such nonsense is bordering on fake news.

    1. Anonymous Coward
      Anonymous Coward

      Re: What a load of complete cobblers!

      Matt,

      "Did you miss the word "warrant"? As in court-issued and approved?"

      Which part of the Act is it where you saw the Court issuing bulk equipment interference warrants? I couldn't' find it, but been a long day, so I haven't read entire thing.

      Huge amounts of it, including bulk equipment interference warrants, are not down to the courts, they're controlled by the Secretary of State. Bulk equipment interference warrants are issued by the Secretary of State, not a court. They are then subject to review by a Judicial Commissioner (appointed by ..), but if she/he says "no" then the Secretary can appeal to the Investigatory Powers Commissioner (appointed by ..). However, if the Secretary thinks it's urgent, it comes into effect anyway.

      In the case of the bulk equipment interference warrants, which I have to admit is the part I read (not the whole act), issuing of warrants can be delegated to an official?

    2. Doctor Syntax Silver badge

      Re: What a load of complete cobblers!

      "The UK courts do not give out warrants compelling people to provide services for anyone"

      Well, they certainly don't in these cases. It's the Sec of State (a certain Amber Rudd of proven keen intellect) or someone wielding her rubber stamp.

      That's one of the concerns.

      Warning: this post may contain traces of sarcasm.

  24. cantankerous swineherd Silver badge

    tories for totalitarianism.

  25. Doctor Syntax Silver badge

    OK, to lighten up this debate - assuming a warrant comes with a gag order how do TPTB prosecute someone who refuses to obey the warrant?

  26. TheElder

    Forced to work?

    First words you will hear is I'M FIRED

    Tories for Torytarianism.

  27. amanfromMars 1 Silver badge

    Welcome to the Jungle

    Section 261 of the Act defines that a "telecommunications operator" is anyone who provides or controls a communications network of any kind.

    Most everyone posting anything of note and assistance in comments hosted here on El Reg can be defined a refined telecommunications operator. And aint that the gospel.

    The controlling of free thought and command over the distribution of novel thoughts and revolutionary thinking is the end game of all super failed states and that would appear to be government play with ambiguities in the Investigatory Powers Act.

    When do government acts be easily defined and refined as enemy actions, for such is a current clear and present danger with any kind of designedly unclear legalese of their own invention?

  28. Justin Case

    Anything you want - you got it!

    I for one welcome our spooky overlards. They have the guns and the trained thugs - who am I to disagree or antagonise them in any way?

    1. StargateSg7 Bronze badge

      Re: Anything you want - you got it!

      I can! I have more guns, high end firepower and training than THEY DO!

      This is America! The 2nd and 4th Amendments apply here!

      We shoot back! AND HARD!!!!

      They come to our property and trespass we get to use state

      STAND YOUR GROUND and YOUR HOME IS YOUR CASTLE

      doctrines and NO jury will convict in those circumstances!

  29. Wayland Bronze badge

    Words are not important....

    ....when you have the FORCE to ENFORCE them.

    We are arguing about the meaning of these words but they are just basic tools used as weapons. They don't have to be beautifully crafted if they are to smash your skull.

    When your bosses company is threatened and he wants to comply with the spooks then he will make you do what he says or get fired.

    This method of leverage is increasingly being used. Like ID, you can't get a new bank account or rent a home without ID. Not because the gov say you have to carry ID but because the pressure has been put on the companies you use when living your life.

  30. R69

    for gods sake

    Stop moaning about this sort of stuff and just get on with it. Legislation such as this is there to proactively prevent harm to the majority of the population - its no good reactive to a terrorist incident or major security incidents as the damage is done at that point.

    The risk of a few people in a total population of 65 million having their civil rights ever so slightly infringed in order to provide a safe environment for the other 99.9999% of the population are negligible. Get over it.

    1. Wayland Bronze badge

      Re: for gods sake

      Nice bit of trolling.

      How much broken glass was there at the Ariana Grande concert? None. A bomb filled with nuts and bolts goes off and no glass gets broken. All the fluorescent tubes OK, skylight OK as can be seen from the drone footage.

      GCHQ would have known all about that one. Which leads to them being part of a multi-disciplinary co-ordinated anti-terror operation with only the Greater Manchester Fire Brigade not invited.

      So don't expect these powers to stop terrorism. Terrorism will stop once the government has all the powers over us it can think of.

  31. Anonymous Coward
    Anonymous Coward

    Arbeit macht frei

    Ordered to write a backdoor into our software...?

    Hmmm....

    Goodbye Meyers, Stroustrup, ANSI, STL, MISRA, Git, static analysis, deodorant, unit tests and code reviews.

    Hello to warnings-off, backup zip files, tabs, not-invented-here, assembly, globals, custom-builds-of-gcc, goto, spaghetti, poor personal hygiene and 'How To Write Unmaintainable code'. Did you know most software projects fail? What am I working on? Can't tell you. Are you sure I can discuss time estimates with you? Some of these specifications seem vague, I've just got a few more questions... That last release crashes all the time? Works fine on my machine. Although, my machine is really slow, and I am using CUDA to speed up compilation so I really need a couple of those new nVidia cards to get speed things up. Fuck, my tunnel-carpel is playing up again... Time for another coffee.

    1. TheElder

      Did you know most software projects fail?

      The average rate for large projects exceeds 50 percent and can be much higher. This is especially the case with projects that use large amounts of data such as anything in the medical industry.

      For a bit of an eye opener just do a search on this: medical industry corruption

      We are having major problems here right now. The government is trying to switch to a new patient data monitoring and wide ranging record keeping system. Doctors are refusing to use it due to serious problems and mistakes threatening lives. They are now using paper. I predicted this over a year ago and informed people at the local newspaper.

      They have been following my advice about just what is wrong with the system and my advice has proven to be correct numerous times. I have written code that deals with large amounts of data and am doing the same now.

      What I am seeing is very likely corruption at the top levels. Possible payoffs to buy a ridiculously expensive system that has already been involved in massive failures in the U.S. The failure rate in this sort of system can exceed 70%.

      The one good thing is that the government just changed hands politically. We shall see if that makes a difference. Unfortunately those gears grind very slowly.

  32. Lord_Beavis
    Black Helicopters

    I'm glad I'm in the States...

    You Fuck Nuts are headed toward V for Vendetta territory at an alarming rate.

    Although, I can't even begin to imagine the black bag ops that might go on here if shit were to start falling apart at the seams...

  33. TheElder

    headed toward V for Vendetta territory at an alarming rate.

    Somewhat like North Korea...

  34. rpi3parallax
    FAIL

    Fail

    The Wiretap Act, codified by 18 U.S. Code § 2511, is a federal law aimed at protecting privacy in communications with other persons. Typically, when you think of a "wiretap," the first thing that comes to mind is someone listening to your telephone calls. But the Act protects more than that. Under the Act, it is illegal to:

    intentionally or purposefully

    intercept, disclose, or use the contents of

    any wire, oral, or electronic communication

    through the use of a "device."

  35. rpi3parallax

    no magic bullet!

    Communications systems are not your legislative playground to do with as you please, get over it!

    Your talking about "Billions of Dollars" in transactions and you'd like to look at it, im sure we all would...

    But thats why it's illegal in the first place!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019