Slashdot Mirror
Tech Companies Face Criminal Charges If They Notify Users of UK Government Spying (techspot.com)
An anonymous reader writes: Last week, Yahoo became the latest company promising to alert users who it suspected were being targeted by state-sponsored attacks (excepting Microsoft, who made a similar announcement just today). Twitter, Facebook and Google had previously assured their users that they would be warned of any potential government spying. The UK, it seems, isn't happy about this. They are pushing through a bill that will punish the leaders of any company that warns its users about British snooping with up to two years in prison. Specifically, UK ministers want to make it a criminal offense for tech firms to warn users of requests for access to their communication data made by security organizations such as MI5, MI6 and GCHQ.
What's the end game with all this? At what point do people decide not to let this crap happen, and what steps do they take to enforce it? I honestly can't imagine a civil rebellion going anyway, even in a country like America where so many people are already armed with guns. Politicians obviously have no interest in backing down. It's like a new cold war.
When the GOOD guys do it it's okay! We just need to stop the bad guys who do it, but not the 'good' guys. I mean, it may be a bit hard to tell them apart but we've always been loyal to the good guys, right? Right?
Sgt. Schultz would have been so good at this!
I have problems with that.
And that is the problem. This will do NOTHING to DETER a terrorist.
If you want that, then you look for specific sites that they are going to right now. Not a year ago.
Looking at records from a year ago will only result in more "why didn't you connect the dots" crap from the idiots demanding more of this.
If the UK government can crack it then so can the Chinese government and the Russian government.
Does the UK government really want the Chinese and Russians spying on the communications of British citizens?
I think it's time for businesses to stop operating in the UK. Companies like these should pull out of the UK if they're going to pass draconian laws like this.
By the way, what's with leaders promising to end spying and other abuses until they get elected, then doing a 180? Obama did that in the US, though it seems we're slowly curtailing the spying in this country.
I remember reading an article a little while back about government agencies lashing out over 0 knowledge encryption, and how it needed some form of a back door to monitor activity.
https://en.m.wikipedia.org/wiki/Zero-knowledge_proof
Now government agencies want their cake, and eat it too? The fact that a large number of government agencies who want to mitigate encryption, and anonymously spy on people for the sake of "national security" yet want to circumvent users privacy while protecting their own is absurd and directly violates user confidentiality.
This also opens users to cyber attacks in the process. You'd think we'd learn our lesson from this after the anonymous hacks.
But hey what would I know right?
Can the act of failing to communicate be construed as notifying users? For example, consider the case of TrueCrypt where the original developers announced that they would no longer be developing or maintaining TrueCrypt and "helpfully" suggested that users install Microsoft BitLocker instead? Now you're getting into layers of abstraction and how certain groups of people might interpret a communication or a lack of communication. Laws prohibiting communication are rarely effective, except perhaps in the short run and on a temporary basis, so it's hard to see how this law will be any more effective than previous failed attempts.
You're a bit late to the party there, junior. Where were you 35+ years ago when apps first turned up?
The summary is confusing two separate situations:
State-sponsored attacks are when a government agency hacks or social engineers or otherwise obtains your data against your will AND against the will of your service provider. That's what Yahoo and Microsoft are talking about. They can safely and legally tell their users about these attempts because, if for no other reason, they can claim they don't know who's responsible for the hack.
Official government requests for users' data, like US National Security Letters, are where the government uses legal compulsion rather than trickery to obtain the data. Obviously governments can and do add legal requirements to not inform affected end users. In Australia the laws even forbid revealing that there has not been a request for users' data; no warrant canaries for us!
Notify everybody they are not being spied on until they get an order. Then when the notices stop coming you will know what's happening.
“He’s not deformed, he’s just drunk!”
Okay, let me get this straight: rip off a whole nation, defraud companies out of billions and render millions homeless...CEO not even named. No-one ever tried, no convictions.
Threaten to tell someone they're being spied on. CEO gets locked up for two years.
Well, I guess we know where their priorities are. Fucking pompous ass shits, should drag them out of Parliament and hang them from the bridge. They're a disgrace to the whole country and it's people. I'm sick of them claiming the high ground while snorting coke and banging imported underage sex slaves.
Seems like a neat way to get your boss in trouble if one already hates their job anyways.... One could notify a targetted user that they are being monitored. The leader of the company gets in trouble, and as long as you don't do anything to obviously incriminate yourself, you can just go on your merry way afterwards.
When someone is targetted for monitoring, they do not tell the person they are being monitorered, but simply advise them that the law prohibits them from telling them if they are being monitored, and lets them come to their own conclusion.
Or would simply repeating the text of the law itself constitute warning someone?
By the way, is anyone else having problems staying logged into slashdot lately? Almost every time I try to post anything, I am spontaneously logged out and told I am posting as anonymous coward. I log back in, click back to the stories page, and often find I am logged out again.
File under 'M' for 'Manic ranting'
Those were applications. Apps are like mini-applications, sometimes no code even just URLs wrapped up in XML. Convenient on clumsy devices where you can't manage a bookmark list or search for web sites.
Yahoo became the latest company promising to alert users who it suspected were being targeted by state-sponsored attacks
Google had previously assured their users that they would be warned of any potential government spying
UK ministers want to make it a criminal offense for tech firms to warn users of requests for access to their communication data
The first two situations involve the government going after the companies' users without notifying the companies
The last situation involves the government issuing a request to the company for information.
Seem like two different things to me.
systemd is Roko's Basilisk.
Hailing from somewhere else: please, take UK out of the EU until you fixed your mess.
Then come back.
Even I am well past the point where I think it's anything other than a foregone conclusion. All the tech is already in place, emails are kept for extended periods of time, phone metadata is archived, financial and medical records are all electronic, cash transactions are being discouraged, cameras everywhere you look, Microsoft installing spyware as part of the operating system.. and for all I know some government jerk at a three-letter agency is reading this even as I type it (even though I'm on XP). You want a fair chance of being free and clear of any surveillance? Ditch your phone, go camping somewhere remote, or at least go ride a bike somewhere there are no cameras and no other people around. For a little while you can more or less assume you're not being watched or listened to.
Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
Does the law prohibit telling users when they're not being spied on?
So they can make that a criminal offense but things like, say, selling personal data to the highest bidder or criminal negligence when it comes to security is done with a slap on the wrist that is at worst something that becomes part of the operational cost?
Odd how they suddenly can whip out the criminal charge club against CEOs when it goes against the people they allegedly represent.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Not one bit.
So the default message on the Yahoo portal is: "To the best of our knowledge you are not being monitored by the Government". If the government starts monitoring, just remove the message.
App is just a shorthand for Application, so there's no real difference if you look at it closely.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
China would be so proud!
Or... we can start electing government officials that support jail terms for public employees that engage in mass surveillance,
From the article:
"The UK, it seems, isn’t happy about this, and is pushing through a bill that will see the bosses of any company that warns its members that British agencies are monitoring them face up to two years in prison."
If this means what it sounds like, this is very unusual. Generally speaking, heads of companies have a big shield against facing personal criminal charges. Little things like oil spills, financial meltdowns, etc, no one from a corporation goes to jail. (I guess I tipped my hand about why I would like to some corporate leaders be the first against the wall when the revolution come, eh? A Gold Star if you recognize where the "first against the wall..." was borrowed from.)
"Dear ISP, is my traffic being monitored today?" No.
"Dear ISP, is my traffic being monitored today?" No.
"Dear ISP, is my traffic being monitored today?" No.
"Dear ISP, is my traffic being monitored today?" We can neither confirm nor deny your traffic is being monitored today.
Thus, thinking from a logical perspective, it makes sense to assume, by default, that we are being spied upon, that GCHQ, MI5, Mi6, NSA, CIA etc are snooping on all our internet transmissions, that all ISPs and tech companies are in cahoots with the intelligence services, and that the reason there's 'no evidence' is because of explicit legislation banning the dissemination of such evidence. Suddenly paranoia, delusions and conspiracy theories start to become sensible, rational and logical.
John_Chalisque
Elected public officials can now doi their best to give the go-ahead for a law that would make it illegal to notify the public they are being spied on.
Given the democratic process; naturally the public has no vote here. Yes I heard, it's for my own protection. Something I cannot be trusted with; if you cannot read my emails the terrorists win...
Let us focus on more encryption, security, secrecy and obfuscation. We'll leave these morons to continue the circle jerk while we just take the effeciveness of eaves dropping out of the equation.
If you don't notify the person there data is requested then how can they use their right to challenge it in the court? They would have no legal recourse or rights in the matter, because it would be kept secret from them.
There needs to be compulsary notification of the person under surveillance, and a proper court order to keep it secret (and then only for a short time during investigations). Otherwise its just a police state with a judicial system only there to rubber stamp prosecutions.
What's we learned back in November is that they've been doing mass surveillance for years, despite Parliament rejecting this snoopers charter., And UK has its own Parallel Construction with prosecutors briefed on surveillance data in secret, who then conceal the true details from judges and courts. So perjury and conspiracy to pervert the course of justice have been common place.
Cameron, William Hague and Theresa May were apparently briefed on the situation and helped conceal it up from Parliament.
William Hague also moved Parliaments emails system to Microsoft's cloud. While he kept the mass surveillance secret from them. Presumably he gets to check their private emails to see if anyone is raising concerns that need to be stamped on. Because he's basically handed their emails to NSA and GCHQ.
It's really a full on coop d'tat, if they get this law, then *LEGALLY* Hague/May/Cameron can snoop on Parliaments emails, and it will be a crime to tell them what he's up to. The leading party will have mass surveillance of any opponents and their supporters, secret briefings of prosecutors against them, and the defendant won't be able to see the evidence against them to challenge it.
Like maybe a little icon in the corner that means "you are not being snooped on" which would disappear once you are being snooped on. I believe they call it a warrant canary.
Microsoft to begin alerting users about suspected government snooping http://www.theregister.co.uk/2...
?
APK
P.S.=> This is all mind-boggling & imo, insane - however, this was some GOOD news (that those who favored all of this madness & lunacy are being spied on themselves & DO NOT LIKE IT WHEN IT'S TURNED ON THEM -> http://yro.slashdot.org/story/... )
There's one huge difference here - while shit was being done in the dark there was NO way for us to challenge it.
At least with bills and laws trying to be passed, there's opportunity to stop them being legalised, or in future allow us to repeal these laws when everyone wakes the hell up.
Well sure, if you use the luddite definition of app. Real app users know the power of apps and use the technology driven app definition of apps.
I say we cut the submarine cables that connect the UK to the rest of the world and then build a wall around them.
Are the governments gonna monetize your personal information including your data? and if not what is the big deal with the spying? The old POTS phone system for the past 2+ decades were tapped by NSA or MI5,MI6(UK) and in the 1990's 20/20 did a whole segment on this.
If you don't want the spying just get rid of your phone and stop putting your personal stuff on the cloud. It still is unconstitutional and illegal for U. S government to spy on you without a warrant on your own property so a NSA OS and application back door would be a big NO NO regardless of the patriot act. I think U.S no longer collects bulk data but they can get a warrant to access a particular one from the telecom companies.
i'm sick of these inbred fucks dragging down western society. should have let the nazis have them.
the UK is headed in a terrible direction, and they will be cut off by tech companies that plain flat out don't want to screw around with those wreckers. cut off.
if this is supposed to be a new economy, how come they still want my old fashioned money?
IF it came to pass would be that none of these tech providers would choose to have a UK base. We already rip CDs illegally with impunity because the law is stupid and unenforceable. Oh wait...what's that knock on the door....
(nevermind the fact that the rootkit scanner in MS Sysinternals hasn't been updated in how many years?)
Hopefully software like Detekt[1][2] will remain and continue to push out updates.
[1] http://github.com/botherder/de...
[2] https://github.com/botherder/d...
Sounds like it's time to cut England loose... let them build their own search engine and social platforms. How much money would really be lost (taking into account all that is being spent on compliance)?
I honestly wanted to follow those links and read what you were talking about and then... oh, YouTube.
The full text of the second one, Cybersecurity as Realpolitik, Dan Geer's hour-long speech, is on his web site as a text file.
He skipped over a couple items during the speech, as unnecessary for that particular audience (given the limited time) and said they'd be in this posting, so it may be more complete and useful. (I haven't read it through yet, having just watched the youtube...)
I found it extremely insightful and highly recommend it. I won't attempt to characterize it because it covered several related aspects and tied them together brilliantly.
(The first was an {also insightful} analysis of the be-a-better-citizen game the Chinese are deploying as we speak.)
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Hey, remember that Loony Tunes episode where Sylvester suceeded in catching Tweety Pie?
If I was the CEO of these companies, my push back would be simple:
Either I get to warn my users of your illegal snooping without fear of being put in prison, OR I turn off my services in your country. Choose which you would prefer.
If I was the politicians, the LAST thing I would want to be held responsible for is the turning off of Google, Twitter, or Facebook in my country because of some stupid decision that made the CEO remove those services. The voters would rebel, not only because they lose their beloved services, but also because they lost them because I want to spy on them.
This is a stupid idea, and the politicians need to back the fuck away from OUR internet.
There is a real difference, especially if one looks closely: One word is correctly pronounced and written, while that combination of three letters is nothing but an abomination created by those who cannot pronounce polysyllabic words.
Similar to the recent 48 hour whatapp injunction in Brazil (which was overruled after 12 hours), trying to punish a company offering a free service for not complying to evidential requests will only end up punishing the populus i.e. VOTERS.
I can see that issuing an interception warrant across borders is difficult, but mandating a deviation to accepted law of the targeted nation will only end up getting your warrants overruled.
It is pretty clear to me that the government simply wants to watch anybody, at any time, and for any reason that it arbitrarily chooses, without having any accountability to anyone.
Clearly, if one feels they have any reason to even *suspect* that they are being monitored, then they might as well consider that as a sufficient basis to carry on their actions as if they actually *were* being monitored, which effectively amounts to doing what they would do if they had actually been alerted they were being monitored anyways.
The only way this isn't true is if the government's actual intent behind the law prohibiting notification is if they simply want monitor individuals who have not ever done anything wrong, and would not have had any reason to suspect they were being monitored.
Thus, this law is clearly being put in place to eavesdrop on innocent communications, not those of people who are breaking the law. It seems incontrovertible.
File under 'M' for 'Manic ranting'
Tomorrow the sun will rise, Obama will raise more millions and you will go back to your job making artisinal toast.
Probably blasting the hype. In which case it sit around "I'm going to allow this." in my book.
True and to join in with the AC below...
See, yes, you and I shortened "applications" to "apps" all those years ago. We were "installing apps" and "writing apps." We were "working with apps" and "managing apps."
Alas, today, they've gone and changed the common usage definition and what we call apps are now referred to by their full name - namely applications. Some of us are a bit more specific and we'll call them "phone apps" or "mobile apps." I think we're in the minority.
This appears to happen quite a bit. See the RC enthusiasts who are, through no fault of their own, no longer piloting RC model aircraft but are "drone operators."
Another example is I'm a Libertarian. Except, now that refers to the hard right instead of the loony left. I'm much more in common with a Socialist than I have in common with the caricature that most envision when I say that I'm a Libertarian. They automatically assume that I'm a Randian and it's a whole lot of work to show them the difference - they simply weren't alive, didn't know, or haven't learned that there's much more to it.
So, we're kind of old (some of us) and to us, apps is short for application. We difference them by saying mobile apps or even mobile applications. To others, probably too young or too uneducated, they aren't aware of the history and so they see "apps" and drop the "mobile" (which was, I think, in common usage earlier in time) and think that anything called an "app" is specifically for a mobile platform.
We can go with the flow, argue it, be confused, try to teach them, or just continue talking amongst ourselves. I try to reference them as "mobile apps" if need be. Given my distaste for most mobile platforms, that's seldom a concern. I've tried - I've bought quite a few tablets... I just can't appreciate the platform for anything other than consumption and I'm not even overly fond of that. Oddly, I don't mind my phone for some types of content consumption. I'll use it to read and even comment on a site. I have no use for a tablet. I'm going to try again with a Surface Pro but I am going to make sure that I can install Ubuntu on one before I bother wasting my time.
Then again, it will probably get used if I buy one. I bought one for the missus for the holiday and the kids seemed to both like them. I suspect that they'd abscond with one and make good use of it if I bought it and found that I didn't like it even with Ubuntu loaded. The missus prefers Linux these days but seems genuinely happy with the Surface. I've poked at it and I'm reasonably impressed with the speed, layout, display, and accuracy of the inputs. I'd still rather it have Ubuntu on it.
"So long and thanks for all the fish."
Wow you really are a luddite tool, and not a tool in the good sense of the word... but a tool
Much like "distro" which makes me cringe.
Could a warrant canary (https://en.wikipedia.org/wiki/Warrant_canary) be used to get around such gagging? Yahoo, MS, Google, etc., could have a page that you can go to that either says "You are not the subject of a state-sponsored attack via us" or is blank. When it's blank you can assume that the spooks are prying. You could even sign up for regular emails stating the same. When those emails stop you know to go check your page.