Slashdot Mirror

← Back to Stories (view on slashdot.org)

Using The Web to Fight Bad Legislation

Posted by Nik on from the np-paint-it-black dept.

Over in the UK, the Regulation of Investigatory Powers Bill is in severe danger of becoming law. In a nutshell, ISPs will be classed as telecoms operators, the Home Secretary can demand taps on ISP traffic with little deliberation -- and without publicity -- and you can be jailed for not handing over decryption keys, even if the police can't prove that you ever had those keys in the first place. There's more on this at the URL above; it's difficult to do it justice in this space. Anyway, the good folks over at STAND are a bit concerned about this. After their earlier @dopt an MP campaign, and their Operation Dear Jack photostory, they've unveiled their latest attempt to involve people. They've set up a web/fax MP gateway. Tap in a few details, including your postcode, and then compose your message. The backend determines who your local MP is, and then faxes your carefully crafted comments off to them. What could be easier? Just remember that it's only for British constituents, and naturally, you should only use your own postcode.

2 of 174 comments (clear)

  1. Intercepts not the problem by DaveHowe · · Score: 5
    1. Unfortunately, this posting has missed the two main thrusts of the bill. ISPs have been "cooperating" for years with the LEAs provided they produce the correct paperwork (most insist on a court order; some don't) but this is pretty normal - I don't think anyone can really object to the police having a right to tap any communication device given a suitable bench warrant. The *real* problems are these:-
    2. The RIP "orders" don't require a judge's signature - they can be issued based on several different people's authorisation, don't have any time or size limits, and don't need to justify their existance to anyone
    3. Give the authorised authorities, without judicial review, the right to write out an order as follows:
      • Demand from an *innocent* person, not suspected of any crime, their secret decryption keys - on the basis that the demanding officer thinks that it appears *to him* that some data he has seen was encrypted
      • Emprisonment if you don't produce a key - not HAVING a key is not a defence unless you can prove you never had it; this is impossible anyhow, and could make the common procedure of expiring keys and generating new ones at regular intervals a criminal offence
      • Emprisonment if you tell anyone you have been required to hand over a key - even by changing your key if the LEA thinks that will tip people off (and yes, this does let them continue to read your mail indefinitely)
      • No requirement to safeguard the key once they have it - so if you are a bank, and are forced to hand over your electronic funds transfer key, you may find the local plod's cleaners can pick it up.
      • No legal right to appeal (apart from to a closed board not required to publish or justify their decisions) or compensation (there *is* a discressionary compensation scheme, but I suspect if your business loses four or five billion after a competing firm gets details of every bid you put in (and undercuts you by one dollar :+) you may find they don't think you are entitled to it.
    There are just SO MANY reasons why this is wrong and open to abuse - none of which seem to have been considered while drafting it.
    --
    --
    -=DaveHowe=-
  2. She doesn't have a decryption key? She's a witch! by LeSwoosh · · Score: 5
    Back a few short centuries ago, if you didn't like someone you could accuse them of being a witch. This would result in, among other abuses,

    a) Instant arrest.
    b) Torture until confession.
    c) Death upon confession.
    d) Death upon claim of innocence.

    In fact, it was common practice for the accusers and torturers and especially the church to split up the accused's estate.

    Back a few short decades ago, in the USA, if you didn't like someone you could accuse them of being a communist. This would, among other abuses, often result in,

    a) Swift arrest.
    b) Interrogation and humiliation.
    c) Blacklisting upon confession.
    d) Blacklisting upon insistance of innocence.

    Often, the only way to clear your own name was to finger other friends and associates as being communists.

    Now we have this new legistlation being considered in the UK. It has much in common with the travesties above. With this proposed law, one of the dangers is that if someone doesn't like you, they will simply have to send you encrypted email, then cry encrypter! This will result in, among other things,

    1) Sudden search, seizure, and probable arrest.
    2) Interrogation and humiliation.
    3) Jail sentence upon confession.
    4) Jail sentence upon claim of innocence.

    This will happen regularly by jilted lovers, angry employees, school children, and the police. It is no trouble at all to put files on someone's computer. It will be especially easy for the police, who if they decide not to take the encrypted email route, will instead be able to waltz in your home, shove you out of the way, and directly plant any files they want anywhere on your system. When you are asked for your decryption key, well, gosh, officer, I don't have one.

    The burden of proof should NEVER have to reside with the accused.

    Just like that, because you pissed off the wrong guy, you get two years.

    You will if this insane law gets passed, that is.

    She's an encrypter! Burn her!

    --
    -Jason