Slashdot Mirror
UK Gov't Can Demand Backdoors, Give Prison Sentences For Disclosing Them (arstechnica.co.uk)
An anonymous reader writes with some of the latest news about the draft Investigatory Powers Bill. Ars reports: "Buried in the 300 pages of the draft Investigatory Powers Bill (aka the Snooper's Charter), published on Wednesday, is something called a 'technical capability notice' (Section 189). Despite its neutral-sounding name, this gives the UK's home secretary almost unlimited power to impose 'an obligation on any relevant operators'—any obligation—subject to the requirement that 'the Secretary of State considers it is reasonable to do so.' There is also the proviso that 'it is (and remains) practicable for those relevant operators to comply with those requirements,' which probably rules out breaking end-to-end encryption, but would still allow the home secretary to demand that companies add backdoors to their software and equipment. That's bad enough, but George Danezis, an associate professor in security and privacy engineering at University College London, points out that the Snooper's Charter is actually much, much worse. The Investigatory Powers Bill would also make it a criminal offense, punishable with up to 12 months in prison and/or a fine, for anyone involved to reveal the existence of those backdoors, in any circumstances (Section 190(8).)"
Professor of journalism at City University Heather Brook writes at the Gaurdian: "When the Home Office and intelligence agencies began promoting the idea that the new investigatory powers bill was a “climbdown”, I grew suspicious. If the powerful are forced to compromise they don’t crow about it or send out press releases – or, in the case of intelligence agencies, make off-the-record briefings outlining how they failed to get what they wanted. That could mean only one thing: they had got what they wanted. So why were they trying to fool the press and the public that they had lost? Simply because they had won. I never thought I’d say it, but George Orwell lacked vision. The spies have gone further than he could have imagined, creating in secret and without democratic authorization the ultimate panopticon. Now they hope the British public will make it legitimate."
Professor of journalism at City University Heather Brook writes at the Gaurdian: "When the Home Office and intelligence agencies began promoting the idea that the new investigatory powers bill was a “climbdown”, I grew suspicious. If the powerful are forced to compromise they don’t crow about it or send out press releases – or, in the case of intelligence agencies, make off-the-record briefings outlining how they failed to get what they wanted. That could mean only one thing: they had got what they wanted. So why were they trying to fool the press and the public that they had lost? Simply because they had won. I never thought I’d say it, but George Orwell lacked vision. The spies have gone further than he could have imagined, creating in secret and without democratic authorization the ultimate panopticon. Now they hope the British public will make it legitimate."
You are 100% right that the majority does not care. If they did, it would be simple enough to assume that all British companies are backdoored and to drive them out of business by using alternatives in other countries. Granted, those other companies might also be backdoored, but the point is to make a point to the local authorities.
Is this like American law?
No, it isn't. In the 90s, there was an effort by the Clinton Administration to implement a key escrow system whereby all encrypted transmissions would have been required to submit encryption keys to some agency, so that the government could eavesdrop on those transmissions. The IT community here in the U.S. had a shit fit, and eventually defeated that idea, even though the Clinton Administration tried to scare us into thinking that if they couldn't monitor such transmissions, all sorts of awful things might happen. Except for the attacks on September 11, 2001, nothing has happened here, and our government still had plenty of warning about those attacks even without these system in place.
There have been other stories more recently where large telecommunications companies have been cooperating with the U.S. Government in essentially making a copy of all transmissions over the Internet. While those companies were not required to comply (and there were a few who chose not to), they did anyway. There was a huge stink made about that as well, and as far as I know, those operations have been shut down (I'm sure someone will correct me if I'm wrong).
As far as I know, nobody here in the U.S. is required to install back doors into their systems so that government agencies can gain access at-will. After the kerfuffle in the 90s, I seriously doubt such a measure would pass into law. In a way, this highlights the silliness of the UK undertaking such a measure in their law. If UK concerns are required to put in back doors, but nobody else in the world has the same requirement, it means the UK government is essentially spying on their own citizens. They are also increasing the likelihood that a foreign concern (government, company or individual) could break into these systems and make it easier for them to effectively spy on the UK. This would drive people to host their email and web sites (among other things) on foreign servers (likely US or Canada), and could put UK hosting providers out of business, along with other consequences.
If I were a British subject, I would complain to my representatives, LOUDLY, that this is a really bad idea.
That's not the point at all. It's not about keeping the backdoors secret but about stopping people from advertising that they exist. Companies like Apple and Google and Facebook and even the BBC would comply with the request to put back doors in but they would put a notice on the log in screen (for British customers only) along the lines of
"Although we respect your privacy, be aware that, by order of the British Government we have to make your data available to them on request".
There's nothing like having a reminder every time you use Facebook, that your own government wants to snoop on you for driving up opposition.
All I want is a secure system where it's easy to do anything I want. Is that too much to ask ~~ Randall Munroe
In a country where self defense is illegal in most circumstances, the legal theory is that any response to attacks on people, whether by criminals or terrorists, has to be a police matter. The price of such a philosophy is you have to keep granting the police more and more power. And then you find that's never enough.
I kind of wonder if this law would impact ARM Holdings, which has potential implications for the smartphone industry.
Since you can't disclose it, what can you do?
Does discontinuing a service entirely, as Lavabit did, constitute "disclosing it"? Or does this bill allow the government to force a private British citizen to provide a service to the public against his will?