Slashdot Mirror

← Back to Stories (view on slashdot.org)

UK Gov't Can Demand Backdoors, Give Prison Sentences For Disclosing Them (arstechnica.co.uk)

Posted by samzenpus on from the hits-keep-coming dept.

An anonymous reader writes with some of the latest news about the draft Investigatory Powers Bill. Ars reports: "Buried in the 300 pages of the draft Investigatory Powers Bill (aka the Snooper's Charter), published on Wednesday, is something called a 'technical capability notice' (Section 189). Despite its neutral-sounding name, this gives the UK's home secretary almost unlimited power to impose 'an obligation on any relevant operators'—any obligation—subject to the requirement that 'the Secretary of State considers it is reasonable to do so.' There is also the proviso that 'it is (and remains) practicable for those relevant operators to comply with those requirements,' which probably rules out breaking end-to-end encryption, but would still allow the home secretary to demand that companies add backdoors to their software and equipment. That's bad enough, but George Danezis, an associate professor in security and privacy engineering at University College London, points out that the Snooper's Charter is actually much, much worse. The Investigatory Powers Bill would also make it a criminal offense, punishable with up to 12 months in prison and/or a fine, for anyone involved to reveal the existence of those backdoors, in any circumstances (Section 190(8).)"

Professor of journalism at City University Heather Brook writes at the Gaurdian: "When the Home Office and intelligence agencies began promoting the idea that the new investigatory powers bill was a “climbdown”, I grew suspicious. If the powerful are forced to compromise they don’t crow about it or send out press releases – or, in the case of intelligence agencies, make off-the-record briefings outlining how they failed to get what they wanted. That could mean only one thing: they had got what they wanted. So why were they trying to fool the press and the public that they had lost? Simply because they had won. I never thought I’d say it, but George Orwell lacked vision. The spies have gone further than he could have imagined, creating in secret and without democratic authorization the ultimate panopticon. Now they hope the British public will make it legitimate."

8 of 187 comments (clear)

  1. Scary stuff and nobody cares by RobinH · · Score: 5, Insightful

    The scariest thing about living in a "democracy" (Republic) now is that the *majority* really don't care about their rights, as long as they can watch their reality TV and they have someone to publicly shame on Facebook/Twitter.

    --
    "I have never let my schooling interfere with my education." - Mark Twain
    1. Re:Scary stuff and nobody cares by oobayly · · Score: 5, Insightful

      I have a colleague who is perfectly happy to throw away his rights - "I don't care what they do if it's anti-terror related" and "we need to get rid of all this human rights bullshit", which was in response to my mention of civil rights, namely being detained without charge and warrant-less access of private data.

      The problem is that civil/human rights don't feature very high up on people's priorities because they don't need the obvious ones on a daily basis, and they don't realise how much of our daily lives is made possible because of those rights. More succinctly - people don't care about their rights until they need them.

      In a way, it's very similar to how all these people are leaving their countries to join ISIL - they're blind to the freedoms they've been afforded and go off to fight the kind of regimes their parents fought to escape from.

  2. British Intelligence? by Coisiche · · Score: 2, Insightful

    The clause about penalising those who reveal the existence of backdoors created for use by British security service surveillance is classic upper class twat thinking... "If we don't tell anyone it exists then no-one will find it, tee hee". Problem is there is a world full of people smarter than them that will find the backdoors easily.

    1. Re:British Intelligence? by drinkypoo · · Score: 4, Insightful

      The clause about penalising those who reveal the existence of backdoors created for use by British security service surveillance is classic upper class twat thinking... "If we don't tell anyone it exists then no-one will find it, tee hee". Problem is there is a world full of people smarter than them that will find the backdoors easily.

      Your problem is that you assume that you're smarter than these people because they do things which are harmful to the citizenry. That's stupid. They're doing this shit on purpose. They have no illusions about being able to hide the back doors from malicious actors. They don't care about the fallout! They only want to stifle dissent, like any well-heeled fascist. If they make it illegal to talk about the back doors, then many people won't talk about them, and the full extent of the problem will be hidden from the masses. They aren't trying to avoid people discovering the back doors. They're trying to keep the masses of asses complacent.

      They are, of course, succeeding. You're glad they took your guns away. Next you'll be happy when they ban large chef's knives.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    2. Re:British Intelligence? by drinkypoo · · Score: 3, Insightful

      Tell me, "drinkypoo" when are you going to start fighting back with your guns?

      There's no point to terrorism, only armed revolt, which one can't do oneself. You claim to be against gun violence, but then you ask when the individual will use it because that's what you really want. You're dead inside, so as long as something is happening, you're excited.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  3. Shortsighted law by wienerschnizzel · · Score: 5, Insightful

    So what happens if the backdoor leads to a different criminal offence - such as leaking of the medical records of millions of citizens? Will the company be allowed to disclose that the vulnerability has been introduced to comply with another law? Can the company be held liable for the consequences?

  4. Catch-22? by NetAlien · · Score: 4, Insightful

    Does this prevent an implementer from disclosing it to the agency itself? "The Investigatory Powers Bill would also make it a criminal offense, punishable with up to 12 months in prison and/or a fine, for anyone involved to reveal the existence of those backdoors, in any circumstances (Section 190(8).)"

  5. Re:Always assume they know... by AmiMoJo · · Score: 3, Insightful

    They may have a 12 month sentence for anyone who leaks this information, but you have to assume that it will be leaked, and you have to assume that everyone (who wants to) will know how it works.

    Even if it isn't leaked, chances are someone will find it. People are constantly looking for backdoors left in for debugging or by nefarious companies/governments, or for flaws that can be exploited. It's probably worse than 50/50 that the person discovering the problem will make it public rather than just selling it on the black market, or giving it to their employer (e.g. foreign security services).

    This creates a huge problem for companies that are forced to create backdoors. When discovered will they be able to patch it immediately? Maybe the reason why some companies take months to fix problems is because GCHQ/NSA won't let them fix it. Will they be compensated for the reputational damage? If it's a security focused company a backdoor could destroy them.

    Tech companies really need to move to another EU country where they will be safe from having their business destroyed overnight on the whims of a clueless Home Secretary.

    --
    const int one = 65536; (Silvermoon, Texture.cs)
    SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC