Slashdot Mirror
UK Gov't Can Demand Backdoors, Give Prison Sentences For Disclosing Them (arstechnica.co.uk)
An anonymous reader writes with some of the latest news about the draft Investigatory Powers Bill. Ars reports: "Buried in the 300 pages of the draft Investigatory Powers Bill (aka the Snooper's Charter), published on Wednesday, is something called a 'technical capability notice' (Section 189). Despite its neutral-sounding name, this gives the UK's home secretary almost unlimited power to impose 'an obligation on any relevant operators'—any obligation—subject to the requirement that 'the Secretary of State considers it is reasonable to do so.' There is also the proviso that 'it is (and remains) practicable for those relevant operators to comply with those requirements,' which probably rules out breaking end-to-end encryption, but would still allow the home secretary to demand that companies add backdoors to their software and equipment. That's bad enough, but George Danezis, an associate professor in security and privacy engineering at University College London, points out that the Snooper's Charter is actually much, much worse. The Investigatory Powers Bill would also make it a criminal offense, punishable with up to 12 months in prison and/or a fine, for anyone involved to reveal the existence of those backdoors, in any circumstances (Section 190(8).)"
Professor of journalism at City University Heather Brook writes at the Gaurdian: "When the Home Office and intelligence agencies began promoting the idea that the new investigatory powers bill was a “climbdown”, I grew suspicious. If the powerful are forced to compromise they don’t crow about it or send out press releases – or, in the case of intelligence agencies, make off-the-record briefings outlining how they failed to get what they wanted. That could mean only one thing: they had got what they wanted. So why were they trying to fool the press and the public that they had lost? Simply because they had won. I never thought I’d say it, but George Orwell lacked vision. The spies have gone further than he could have imagined, creating in secret and without democratic authorization the ultimate panopticon. Now they hope the British public will make it legitimate."
Professor of journalism at City University Heather Brook writes at the Gaurdian: "When the Home Office and intelligence agencies began promoting the idea that the new investigatory powers bill was a “climbdown”, I grew suspicious. If the powerful are forced to compromise they don’t crow about it or send out press releases – or, in the case of intelligence agencies, make off-the-record briefings outlining how they failed to get what they wanted. That could mean only one thing: they had got what they wanted. So why were they trying to fool the press and the public that they had lost? Simply because they had won. I never thought I’d say it, but George Orwell lacked vision. The spies have gone further than he could have imagined, creating in secret and without democratic authorization the ultimate panopticon. Now they hope the British public will make it legitimate."
The scariest thing about living in a "democracy" (Republic) now is that the *majority* really don't care about their rights, as long as they can watch their reality TV and they have someone to publicly shame on Facebook/Twitter.
"I have never let my schooling interfere with my education." - Mark Twain
Since you can't disclose it, what can you do? I guess your only option is to take a vacation in Russia. Perhaps someone there will talk to you and not do something insane like try to arrest you! They might understand your frustration and try to cheer you up by giving you a few presents.
Is this like American law? If a Malaysian finds a back door in an Indian software program used by the Chinese and gives it to the Malaysian version of the NSA, will the Brits nab him when he passes through some airport in Thailand and take him back to the UK for trial?
When they write up these "drafts", usually what they just do is figure out what kind of legal crap they're already doing and put it down on paper for ratification by the "representatives".
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
The clause about penalising those who reveal the existence of backdoors created for use by British security service surveillance is classic upper class twat thinking... "If we don't tell anyone it exists then no-one will find it, tee hee". Problem is there is a world full of people smarter than them that will find the backdoors easily.
So they will be enforcing "security by obscurity" ?
Ooh it's all OK then. It'll only happen if the home secretary thinks it's "reasonable". Good job we don't have a party independent constitution which guarantees there's always a hard line nutcases as home secretary.
The answer of "is it reasonable according to the home secretary" is always a resounding "yes", with a side order of "fuck you, proles".
SJW n. One who posts facts.
So what happens if the backdoor leads to a different criminal offence - such as leaking of the medical records of millions of citizens? Will the company be allowed to disclose that the vulnerability has been introduced to comply with another law? Can the company be held liable for the consequences?
Not too long ago, Europe objected that the US wasn't adequately protecting European citizens' data when US businesses are subject to government spying. These are legitimate concerns, but Europe is doing exactly the same thing the US is. As a US citizen whose data might be processed in Europe by multinational companies, how can I trust that my data is safe? When US companies and the US government are involved, I have the recourse of the court system. But there's no such recourse for me if the EU is spying. As a US citizen, I don't want my data shared with or processed in Europe. At least if it's in the US, I have a modicum of hope that the courts can protect me from government abuses.
UK != EU, especially when the UK's not even fully in the EU. Although reduced from what they used to be, Germany's concept of privacy far exceeds American or British standards; your data is much safer there, although ultimate privacy is an incompatability with the advent of the internet.
"Set a man a fire, he'll be warm for the rest of the night. Set a man afire, he'll be warm for the rest of his life."
Someone's misspelt Grauniad.
http://harridanic.com
One can only hope that they will leave the EU, the sooner, the better.
Does this prevent an implementer from disclosing it to the agency itself? "The Investigatory Powers Bill would also make it a criminal offense, punishable with up to 12 months in prison and/or a fine, for anyone involved to reveal the existence of those backdoors, in any circumstances (Section 190(8).)"
There will be no revolution. Surveillance will detect any trouble-raiser and they will be arrested and dealt with before they can do anything. If push comes to shove, and people take it to the street, the police will open fire on them without mercy. The was is long over, we lost without firing one shot. We waited too long. Now it's over, for us and everybody else. All hail the Ruling Elite.
The other day, I watched the new Bond. What has the world come to, if the plot of such a movie actually starts to sound realistic? Especially the bit about the own guys not being the good ones anymore?
They did that when they voted for these people. Five more years... Enjoy
“He’s not deformed, he’s just drunk!”
When I was studying IT Security and encryption, one of the things that came up a lot was that you should always assume the process of the encryption is known [as well as some of the text of the message]. Typically it's because the encryption process is a standard (AES, for example). Security through obscurity doesn't exist. And it's far easier to keep a key secret than an algorithm (or source code).
So if the UK are trying to ensure that a backdoor exists in any encryption method created, then EVERYONE IS GOING TO KNOW ABOUT IT! It will be impossible to keep the existence of a backdoor secret. They may have a 12 month sentence for anyone who leaks this information, but you have to assume that it will be leaked, and you have to assume that everyone (who wants to) will know how it works.
This, then, leads to the problem of how to implement such a backdoor in such a way that only one group can use it but everyone else can't -- simply, impossible.
This reminds me of one of the major flaws of Enigma (that a character can't be encoded as itself) that was insisted upon by people who didn't really understand encryption - a flaw that was, in a large part, responsible to helping to break the Enigma codes.
In a country where self defense is illegal in most circumstances, the legal theory is that any response to attacks on people, whether by criminals or terrorists, has to be a police matter. The price of such a philosophy is you have to keep granting the police more and more power. And then you find that's never enough.
They demand a back door -- you make it. They ask what it is, you say you are in compliance with the law and cannot disclose any information.
WIN!
All companies based in other countries, like Google, Apple, Microsoft, Cisco, etc., etc, should just cease their operations in the UK, if this bill is passes. Stop doing business with this country, stop providing services to this country. That'll get this bill reversed over night, otherwise, the UK can just go back to the modern stone age.
Another thing the citizens of the world can do, block all UK IPs at their firewalls, turn the UK into an information wasteland.
In a country where self defense is illegal in most circumstances
You oughta cite that one bud, I remember it making a splash in the news when the home secretary said it was A-OK for an old lady to stab a burglar to death.
Your data is not safe in the EU. European laws and jurisdiction are fairly reasonable and overall much better than in the US, but it takes quite some effort to get something to the European level, and the local laws and jurisdiction differ vastly from country to country. But the real problem is that politicians and local authorities seem to always find a way around European legislation anyway.
And now that the European idea is crumbling due to a new rise in right-wing nationalism and Nazi movements in Germany, France, the UK and many other countries, I wouldn't count on the EU too much in the long run. If the current trends continue, some countries in Europe might nuke each other in 50 years from now.
As it would be rather difficult to force someone to put an invisible government backdoor in an open source source project, does this bill mean that companies will be forced to put backdoors in proprietary components only, violate the GPL by publishing a modified version without providing access to their modifications or replace GPL component with a different component upon government request?
Can a government bill demand people to lie? If not a simple question "Did you put a backdor in your product" would have to result in "no" or "under the penalty of prison I'm not allowed to comment". No reasonable company would shoot themselves in the foot with the 2nd answer unless they're forced to.
Yes, I and, several other British overlords are taking some serious consideration to moving to Amsterdam or Berlin, for good.
This is after the impending EU referendum which, anyone with a brain will be voting against so that we can actually stay in Europe.
- Dan
Here's one:
A guy gets 8 years jail for defending himself against a home invasion.
http://news.bbc.co.uk/2/hi/uk_...
Since you can't disclose it, what can you do?
Does discontinuing a service entirely, as Lavabit did, constitute "disclosing it"? Or does this bill allow the government to force a private British citizen to provide a service to the public against his will?
You read the bit where he stabbed a guy 4 times with a samurai sword, right? I know in Texas that sort of thing is fine, but in the UK that's not considered self defence.
Also, that article is from 11 years ago, can you not find a more relevant example? We've had 2 (semi) different governments since then.
I have a colleague who is perfectly happy to throw away his rights - "I don't care what they do if it's anti-terror related" and "we need to get rid of all this human rights bullshit", which was in response to my mention of civil rights, namely being detained without charge and warrant-less access of private data.
It's fine if it's other people:
* https://en.wikipedia.org/wiki/First_they_came_...
What's missing from the story is the fact that Lindsay was a drug dealer. The men entered posing as drug buyers, Lindsay chased them outside repeatedly stabbing one of them in the back with a sword he kept to protect his "business".
What perverse place is it if a home intruder has a implied right to safety, while committing a crime armed breaking and entering...and threatening the resident. What kind of fuxed up logic is that?
"Carl Lindsay from Walkden, Greater Manchester, stabbed Stephen Swindells after he and three accomplices arrived at Lindsay's home armed with a gun."
Some guys break in you house and brandish a gun, and the home owner gets jailed for protecting himself and his property.....
I would like to read the judgement on that, couldt not find it online, but I am not from the uk it might be blocked.
this could be as simple, he stabbed the robber once - OK , robber started fleeing and he stabs the robber 3 more times to make it fatal, make him the attacker, it is simple as that
So how does that work for open-source software?
File under 'M' for 'Manic ranting'
On one hand you get the cost of a breach from deliberate flaws in a product. On the other hand you get the revenue from operating in the UK, less the possible cost of developing a second product crippled with these backdoors for the UK region. Is it going to be worth doing business in the UK under these terms?
Overseas security companies and the Streisand effect. Anonymous tip-offs by post with false return addresses of backdoors to security researches will be published. Streisand effect can't be stopped by 1 rogue nation on the global internet. Search for photos of Barbara's coastal home, Tienanmen square, German concentration camps, etc.
The truth shall set you free!
I once wanted to go to Australia, NZ and Scotland. No more. Every time I think they can't slide further into the abyss they do. Heck I don't even want to go to Canada any more.
"We have not been instructed by HM Government to put any back doors in our software."
But this guy isn't a gun nut. He's a samurai.
"Germany's concept of privacy" will be forgotten after the first terror attack
So, let me be clear; you're saying it's alright for the government to deny one the natural right to protect ones body and life from mortal danger, if they don't like some activity you engage in?
He is saying that if you are engaged in illegal activity, not just an activity "they don't like", then any harm that results from your illegal actions that is a reasonably foreseeable consequence, including the death of a person who attacks you trying to steal your contraband, is considered your fault since it wouldn't have happened if you weren't breaking the law. The law is the same in the United States. You can defend yourself, but you will still be considered guilty of causing the other person's death.
And this is why we need samurai control laws and mandatory background checks on samurai.
Yes, it was considered to be amazing news when the Secretary said that yes, if you feel your life to be in real danger, it's okay to resist an attacker so long as sone overzealous prosecutor doesn't feel you violated his treasured Marquis of Queensbury rules of engagement.
So far, Britain has been steadfast under threats by Big Knife, though fork control has been less successful.
What we need are Google, Apple, Facebook, Twitter and other companies in the communication business cease all operations in Great Britain when this (or similar legislation) passes.
Let the people of the UK deal with the government when Apple, Google, Facebook, Twitter, etc. stop doing business with them because of this law. If suddenly the people of England couldn't buy a smart phone, update their status, or tweet their latest selfie because of the government, they would take to the streets and they would have a new government in a few days!
"Grab them by the pussy" -- President of the United States of America
We set up a public database where companies can register the fact that they are not creating any backdoors. This registration has to be renewed each year. This registration is not illegal - it simply informs the public that the government has not made any special demands, which is perfectly lawful.
Of course, if the government does make any special demands, the company cannot register the lack of backdoors anymore, and the registration will automatically be removed from the database. From that point we know that company is under government orders to include backdoors.
I plead guilty to an offense where I'd defended a third party (he was hitting his girlfriend outside of a bar) and I was sued in civil court for it because I'd not stopped when the threat was concluded. Interestingly and tangentially related, I did get away with breaking a police officer's jaw. He had grabbed me from behind without identifying himself. I did spend the weekend in jail as they would not let me bail out without seeing a judge. The latter case was dismissed in criminal court, the former was one where I simply pleaded guilty and was credited with time served. In both cases, I lost in civil court and was obligated to statutory damages and medical costs.
So, in the above, my actions were fine until I sat on the guy's chest and slapped him around a little. My actions were also fine (it was self-defense - case not even brought before a judge beyond arraignment) criminally with the police officer but I was still culpable civilly due to the act having "probably" (difference in burden of proof) not having been committed had I not already been in the process of a criminal act - namely that of slapping the guy silly while taunting him. I was a bit drunk at the time, not overly so but enough for me to not think of the consequences.
They might have been able to pursue a criminal case with the assaulting an officer but that would have been difficult to prove so it was dismissed with the caveat that I would, indeed, be facing a civil trial and the officer would not be reprimanded for failing to follow the protocol that insists he clearly articulate that he's an officer of the law.
It was a costly lesson in law. It may not have been costly enough as I'm still entirely uncertain of what I'd do if faced with similar circumstances in the future. Hopefully, I'd stop when the threat was no longer a threat. Perhaps not though. Poor self-control has been an issue for me, when I get excited. Heaven forbid, you put me in a room with a big red button that says, "Do Not Push."
"So long and thanks for all the fish."
More details. Carl Lindsay was a drug dealer, the 3 men showed up to purchase some pot and pulled a gun on him. The robber / victim, Stephen Swindells received 4 wounds, all inflicted from BEHIND and all inflicted AFTER chasing him from the home.
If you aren't part of the solution, then there is good money to be made prolonging the problem
How is stabbing someone in the back while they're running away "self defence"?
I'm happy to live in a country that recognises there should be limits on unjustified violence.
If the cannot get mobile phones, network equipment, computer OSes, etc., they may notice how utterly stupid they have become. Then, maybe not.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
So, let me be clear; you're saying it's alright for the government to deny one the natural right to protect ones body and life from mortal danger, if they don't like some activity you engage in?
He's saying that first, the men entered, then pulled the gun.
And he's also saying that chasing someone down the street to stab them repeatedly is more akin to murder and not self-defense. Self-defense is saving yourself from imminent threat. Killing someone fleeing from you is not self-defense.
That would bring some companies to a grinding halt....
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Big Fork has been very successful at keeping below the radar.
Sleep your way to a whiter smile...date a dentist!
UK != EU, especially when the UK's not even fully in the EU.
Yes, yes, France makes sure that everybody knows this.
And he's also saying that chasing someone down the street to stab them repeatedly is more akin to murder and not self-defense.
That depends. Are they likely to come back if you don't? That seems to be a bit of a grey area. Since he's engaged in criminal activity, he can't utilize law enforcement services for protection. The government created this particular class of crime willfully in exchange for a little more power in court.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
You normally aren't allowed to kill people because you think they'll try to kill you. You can kill someone if they're trying to commit grievous injury at that time, and if lethal force is necessary to stop it.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
If they're within your abode, they're already on the offensive. Just because they make a retreat doesn't mean they don't intend to continue their assault; only an idiot would assume otherwise.
Just so you know, the Castle Doctrine is that when you're in your own abode and it is being invaded, you have no responsibility to attempt to retreat and/or attempt to leave your own home, and are permitted to use any means necessary to neutralize the threat.
If they are in your house, they are probably there to harm you. There relative position to you, be it retreating to find a better weapon against you or actually running upon realizing that you won't go down without a fight, is not really important. If they didn't want to face a lethal end, they should not have threatened your life and home by breaking in and then subsequently trying to steal or kill or whatever.
I don't believe any of that violence in unjustified. Better to be tried by twelve than carried by six. Dude did a service to society by removing the type of man that barges into other people's homes, threatening their lives with his gun and demanding their property. I'm happy to live in a state that recognizes that men who defend themselves in this manner should have an affirmative defense in civil and criminal court. 8 years in jail indeed. That guy should get some therapy, some steak, and a goddamned medal.
The threat was already neutralised. Had there been an extant threat and it would have been self defense.
You normally aren't allowed to kill people because you think they'll try to kill you.
Unless you are a cop. Then apparently you can kill anyone that instills any fear in you, whether they are armed or not.
isn't concealed, they're PROUD of it.
well alot of people would probably use to much violence on defence and on the heat of the moment, there have been several cases of that here were people get convicted as they did more after the first punch
It is "a lot" - "alot" is not a word. :-) I say that because I presume you to be an English as a Second Language speaker - not to be a jerk but to be helpful. I'd say that they should be allowed to engage in willful combat with one another, up to and including the use of weapons. They should have a declared and agreed upon outcome. If two people are willing to risk death and are of sound mind then they should be, in my opinion, able to act on their wishes without fear of legal repercussions. I admit, I'm a bit extreme in my love for the right of the individual to have freedom.
However, they should have an agreed on conclusion. The fight stops immediately when one person submits or a third party determines that the other is unable to consent to fight further. The fight stops immediately at the sight of blood. The fight stops immediately on incapacitation. The fight stops immediately at death. Any of those are acceptable to me so long a both parties are of sound mind when making the agreement.
As I said, I'm a bit extreme in my desire to allow the individual the right to make decisions about themselves and affecting only themselves.
"So long and thanks for all the fish."
We need an algorithm that can generate good one-time use codes, that can be coded in Excel or other trivial environments and that does not include a backdoor. Once such a simple algorithm is distributed, then we can roll-our-own coded messages, in a massive civil disobedience movement. If such an algorithm already exists, we need to put it on bumper stickers, carve it into bank walls, spread it in flyers in coffee shops and stand back to see what the unintended consequences are.
"There is no god but allah" - well, they got it half right.
well that sounds alot like ufc beside the death thing, and I say alot instead of a lot and I know its wrong
but the thing is, if atleast two people are involved they are not making a decision that affects individually themselves, as one party is agreeing to not only be the one to get hurt\killed but also agreeing to hurt\kill the opposing party else even if both parties have agreed on it
They are - they're agreeing to accept death as a potential consequence of their actions. That affects only themselves. You can try to interpret it differently but I'd strongly disagree. Their decision impacts nobody, by default, except themselves. The other may act on it - and would, presumably, if they were to take the same risks. There's some shared responsibility but the decision is their own and impacts only them. The other isn't deciding that they've a right to kill you - you're giving them the right to do so and they're electing to act on it by their own free will.
"So long and thanks for all the fish."
That's why it's called human rights. everyone has them, even murderer and nazis.