Tech Companies Face Criminal Charges If They Notify Users of UK Government Spying

An anonymous reader writes: Last week, Yahoo became the latest company promising to alert users who it suspected were being targeted by state-sponsored attacks (excepting Microsoft, who made a similar announcement just today). Twitter, Facebook and Google had previously assured their users that they would be warned of any potential government spying. The UK, it seems, isn't happy about this. They are pushing through a bill that will punish the leaders of any company that warns its users about British snooping with up to two years in prison. Specifically, UK ministers want to make it a criminal offense for tech firms to warn users of requests for access to their communication data made by security organizations such as MI5, MI6 and GCHQ.

End game?

What's the end game with all this? At what point do people decide not to let this crap happen, and what steps do they take to enforce it? I honestly can't imagine a civil rebellion going anyway, even in a country like America where so many people are already armed with guns. Politicians obviously have no interest in backing down. It's like a new cold war.

Re:End game?

[Endymion]

What's the end game with all this?

China is showing us one of the possible end games. Facebook is already patenting features along those lines. Combined with omnipresent spying, this "new" type of oppression will work. It's a terrifying future.

It's like a new cold war.

Dan Geer describes our situation as a cold civil war. It would be useful if more people recognized that.

Re: End game?

[kheldan]

There is not going to be any revolution. Anywhere. Ever.

Yeah, I'm sure the leaders of all the Arab Spring countries thought exactly the same thing. It would be difficult, but not impossible, for it to happen in a 1st-world country, but the consequences for the rest of the world would be devastating.

Re: End game?

There's more than one way to revolt. I agree that the "open warfare by flag waving troops" isn't going to happen. But what's far more likely is that, more and more, people simply... stop. They stop buying things other than necessities. They stop going out in the evenings. They no longer participate in society. No marriages. No offspring.

It looks like just another economic downturn at first. But there never seems to be an upturn again. Slowly, slowly, things just get a bit worse, and a bit worse, and a bit worse. Because people stop participating.

That's when governments will really go crazy. Because there's no leader of a resistance to arrest. None of those flag-waving troops to battle. There's nothing they can do. Can you make people go to the movies? Force bowling teams to form at the point of a bayonet? Demand people volunteer at the homeless food lines?

Societies build social capital over decades and hundreds of years. They can use up all that capital just as slowly, as people simply no longer give a damn. That's when things end, not with a bang, but with a whimper.

Re: End game?

The Arab Spring was a movement wanted and supported by Western powers and, especially in Lybia, it would have gone nowhere without direct Western intervention. For a more realistic outcome to any attempt at rebellion, see Tian an Men... While you still can.

Re:End game?

[flopsquad]

Your post is thought provoking, which makes it all the more frustrating you've succumbed to one of the least useful fads in modern internet culture: the everywhere video-ization of content that really just wants to be text.

Not trying to be an ass :) I honestly wanted to follow those links and read what you were talking about and then... oh, YouTube.

Re: End game?

[fnj]

The end game is: governments get what they want, a vocal minority huffs and puffs and ultimately resigns to the inevitable, the rest of the population gets on with their lives. There is not going to be any revolution. Anywhere. Ever.

Eat shit, fuck off, and die, o cowardly anonymous statist pig. There have always been revolutions and rebellions, and there will always be revolutions and rebellions. Counting on the masses to remain opiated indefinitely is a LOSER'S policy.

The establishment has certain advantages in terms of having vast, well-supplied agents of oppression, but it also suffers the disadvantage of being highly identifiable (nowhere to hide), and possessing much infrastructure which has to be protected.

Re:End game?

[DigiShaman]

Sounds like an opportunity for an AI project; to transcribe audio from a YouTube video into text. And it if was truly smart (it's not there yet) it could could summarize.

Re:End game?

[DigiShaman]

What's the end game with all this?

Techno-feudalism - where the vast majority become jobless serfs that live off the land with technology that provides a self-sufficient way of life. Not a bad way to live, just that you'll have zero political influence and thus freedom will be but a footnote in history. Beyond that post revolution, technology may provide enough of a parity in personal weaponry so as to hold back the vacuum of power in a society of anarcho-communism.

Aside from warp drive technology and the whole trekking of space thing, Gene Roddenberry was prophetic!

Re:End game?

[wxxy___]

What's the end game with all this?

Imagine a boot stamping on a human face - forever

Re:End game?

[U2xhc2hkb3QgU3Vja3M]

But almost all summaries of videos transcripts would end up being summarized into "people are a problem".

Re: End game?

[dryeo]

A lot of the driving force behind the Arab Spring was rising food prices. Hungry people will revolt, even here in the west and the powers that be know this and will keep the population well fed and entertained.

Re: End game?

[PraiseBob]

They no longer participate in society. No marriages. No offspring.

You think people are going to stop fucking because they are mad at politicians...? Or that people would cause their own economic downturn and willingly give up their jobs, and in turn food & shelter? Uhhh... No thanks.

Re: End game?

[Anubis+IV]

No marriages. No offspring.

You had me until this. Failing to procreate--both biologically and ideologically--is one of the surest ways to ensure that you lose a generational war (which is exactly what this sort of thing is). If you fail to pass your values onto your successors while your opposition is doing so, there may be an economic downturn as your side stops contributing, but it'll eventually even out as their side grows to make up the difference, after which time they'll have won and you simply won't exist.

Re: End game?

[Terwin]

They no longer participate in society. No marriages. No offspring.

You think people are going to stop fucking because they are mad at politicians...? Or that people would cause their own economic downturn and willingly give up their jobs, and in turn food & shelter? Uhhh... No thanks.

Ever heard a phrase to the effect 'This is not a world I would want to bring a child into'?

Between abortions and contraceptives there is no need to stop having intercourse, just stop having babies. Without immigration, the population of 'first world' countries is already shrinking.

Also, the worse the economic climate, the more people will save their money against future problems. Not everyone, but those with discretionary income will be more inclined to save it up or put it somewhere safe as opposed to making more purchases or making riskier investments.

Have you heard the phrase 'jobless recovery' much in the last few years?

I doubt it is any sort of intentional protest, but if people do not have confidence in their leaders, they will tend to hold back.
(if you are stuck with the choice between Trump and Hillary, and the one you want least wins, will you celebrate by going out and buying a car?)

Re: End game?

[Dahamma]

Ever heard a phrase to the effect 'This is not a world I would want to bring a child into'?

Have you ever seen the TV show "16 and Pregnant"? (if not, you're lucky. It seems like it was meant to be a warning, but then horribly miscalculated teenage stupidity and turned into an aspiration).

You seem to think that the majority of the population is made up of reasonable, logical-thinking people who actually think before they act. I think you need to go watch Idiocracy, it's becoming more of a documentary than a comedy.

Re:End game?

[Dahamma]

Or a better AI project: cyborgs that travel back in time and assassinate people who made useless clickbait YouTube videos when they should have just written it down.

Re:End game?

[DigiShaman]

I'd be more happy if said cyborgs would just give me future stock market prices.

Re:End game?

[gweihir]

Well, the problem with a surveillance state is that it neutralizes control instances. It usually devolves into a police-state pretty fast and then more slowly into fascism. Fascism is however inherently unstable, as it kill productivity and prosperity. Usually the start wars because that is a temporarily effective means of deviating attention from how bad things are. And in the end, at some point, these regimes collapse. It can take quite a while though. If the Germans had been a bit less greedy and a bit more well-managed, they could have gotten quite a bit into the "1000 Year Reich" for example.

So, no actual end game, just greed, fear of a free population, arrogance and stupidity. The usual.

Re:End game?

[HiThere]

Live off WHAT land. The land will all be owned by someone else. This is already well underway. (Check out real estate prices.)

Interest rates are below inflation, making it nearly impossible to save. People of moderate means who own land are being slowly squeezed off of it. Sometimes because of job mobility requirements, sometimes because of taxes. Sometimes for other reasons. No one thing is doing it, it's a death of a thousand cuts. If you do maintain ownership of land, it's being hemmed about with increasing restrictions as to what you can do on it, and who is allowed to intrude without warning...sometimes violently.

Mind you, I'm just describing WHAT is happening, not why. Often the reasons are quite reasonable. If people are living close together, you don't want your neighbors burning soft coal. But individuals are generally not positioned to take advantage of the changes, or at least most of the benefits of any particular change will tend to fall to one particular group...often people who don't live in the area being regulated.

Then there's robotics. Ever hear the phrase "The power of the press belongs to the man who owns one."? Currently practical robots are EXPENSIVE. They may multiply capabilities, but only for the benefit of those who own them and can situate them advantageously. (A factory robot sitting in a home would be a net detriment.)

Then there's the DMCA. That may have been sold to the public as being for the benefit of those who produce the works, but they have received next to no benefit, and often have been severely penalized by it. The actual text of the laws makes it clear that they are not intended for the benefit of artists or musicians, and that any benefit such folk get from the laws is purely happenstance. E.g. most musicians don't have a lawyer on retainer, but without such prosecuting a violation is too expensive. (Most DMCA takedown requests are technically invalid, but there's no penalty for making a "good faith" false takedown request, and the meaning of "good faith" has been stretched to not require any human oversight, or any evidence of correctness. So it's clearly mainly intended to stop ALL sharing, whether valid or not.)

Etc.

Now we come to weaponry. Ever hear of robot soldiers? The development of them is what the current "war" in the middle east is about. And remember to take derivatives of "The power of the press belongs to the man who owns one.". (Drone regulations have just started. They are clearly necessary, and are currently being done with a light touch. But once in place they can be slowly tightened if necessary.)

Re:End game?

[DigiShaman]

Live off WHAT land. The land will all be owned by someone else

And I said the following...

where the vast majority become jobless serfs that live off the land

Definition of a SERF: A person in the past who belonged to a low social class and who lived and worked on land owned by another person

Re:End game?

[Striking7]

A good place to start is with demonsaw. It's designed to combat just this sort of thing.

Re:End game?

[KGIII]

The end game? There is no end. It's a cycle, at least that's what I'm seeing with all of the history that I've consumed.

Something about the tree of liberty needing to be refreshed from time to time and with the blood of patriots...

There will, eventually, be a step too far. It's one of the reasons that I'm so disturbed by people who advocate allowing their government to disarm them, for their own safety... It's as if they don't or won't admit that liberty comes with a price and that price is a lack of safety. Freedom contains inherent safety risks. There has to be a blend of liberty and safety and I don't think it's possible to keep that at the optimal level so long as the government makes new regulations.

Here...

For better or worse; Every single law is a restriction on someone's liberties. Now, this is not always a bad thing. When we outlawed slavery, we not only allowed slaves their freedom but we also took away the slave owner's right to own slaves. It's hard to argue that that wasn't a good thing. But it's also important to note that enacting that law did take away someone's rights. Taking away rights isn't always a bad thing.

However, we've taken away a lot of rights and every law is just another removal of rights. Yet, the government's primary purpose seems to be the creation of more laws which, logically, results in said government taking away more rights. A fantastic session would be one where they returned not with new laws but with striking some of the old ones from the books.

That's not going to happen. So, you end up with greater and greater restrictions on your rights as time passes. Things build up, pressure builds, there's either a voluntary change of power, a revolution, or a civil war.

The tree of liberty is refreshed by the blood of patriots and the cycle begins anew.

Instead of ensuring that doesn't happen, we've grown fat, lazy, and distracted. It's our fault as much as it is theirs. When was the last time you spent a vacation day observing the courts to see if they were upholding the spirit of the law? When was the last time you petitioned for redress? When was the last time you spent your time and effort communicating with a legislator in person? When was the last time you even attended a public meeting or visited your town hall?

It's not just you... It's most of us.

And so, the cycle continues, the rights get stripped, the people snap, the revolution happens, and we begin all over again - each time thinking we're the pinnacle of civilization and humanity. Each time we think we're correct and that we've finally got the answers. Each time we KNOW we're right and that other guy is wrong.

Oddly enough, the wheels keep spinning. I'm surprised we've not completely eradicated the species.

Re:End game?

[AHuxley]

Its really back to the 1950's with a collect it all digital layer. MI5,6, GCHQ collecting all, local government workers getting a look too.
Academics been told what not to publish or talk about in public, UK maths and crypto education enjoying a nice chilling effect.
A push down on brands to include a gov ready trap door, back door when needed.
Exported software and hardware are collect it all ready by design.
Re: "what steps do they take to enforce it?" will be what was always done to ensure every system sold and communications network was/is 5 eyes ready.
A fancy new D-Notice https://en.wikipedia.org/wiki/... to warn academics away from looking too deep into any new issues???
Tech publications will be like Eastern Europe in the 1950-80's... A red line and chat downs if comments on found gov code is published.
Self-censorship sets in to avoid yet another gov visit.
Nations with press and academic protections will pick up the readers and skill sets long term.

Re:End game?

[HiThere]

What can you do for them that would cause them to live on their land? (Hint: see the Enclosure Acts for a past analogy.)

Piss off!

[khasim]

Part of the proposed legislation would require tech firms to store usersâ(TM) data for up to twelve months, including a record of every internet site visited, and allow government agencies unfettered access to the data.

I have problems with that.

While the bill is being put forward as a deterrent against terrorism, online monitoring at this level has been banned in the US, Canada, and every other European nation.

And that is the problem. This will do NOTHING to DETER a terrorist.

If you want that, then you look for specific sites that they are going to right now. Not a year ago.

Looking at records from a year ago will only result in more "why didn't you connect the dots" crap from the idiots demanding more of this.

The bill could also allow the UK government to demand that companies weaken the encryption on messaging services such as WhatsApp and iMessage to enable agencies to evesdrop on conversations, a proposal that Apple is strongly against.

If the UK government can crack it then so can the Chinese government and the Russian government.

Does the UK government really want the Chinese and Russians spying on the communications of British citizens?

Re:Piss off!

[cdrnet]

How is this any different to National Security Letters which the US uses broadly to the same effect? The UK just want the same...

Re:Piss off!

One of the big differences is that, by law, US NSLs can only request access to transactions like financial records, who a person called on the phone, or addresses a person emailed. They are not legally allowed to request any content of messages. While law enforcement has pushed to access to encrypted content, that can't be done with an NSL. However, if the UK is trying to include access to encrypted messages, that extends beyond the power of a US NSL. This seems even more draconian than the US spying.

Re:Piss off!

[yacc143]

The difference is that NSL can be used to acquire existing data, but not to force someone to design broken systems.

Re:Piss off!

[drinkypoo]

The difference is that NSL can be used to acquire existing data, but not to force someone to design broken systems.

How do you know? If someone gets a NSL they can't tell you about it... how do you know what they're being used for? Remember the lesson of Qwest.

Re:Piss off!

[Sique]

You completely misinterpret the Government's intentions.

Until now, they weren't able to find the needle in the haystack. And now they have the solution: More hay!

What About Not Notifying Users?

Can the act of failing to communicate be construed as notifying users? For example, consider the case of TrueCrypt where the original developers announced that they would no longer be developing or maintaining TrueCrypt and "helpfully" suggested that users install Microsoft BitLocker instead? Now you're getting into layers of abstraction and how certain groups of people might interpret a communication or a lack of communication. Laws prohibiting communication are rarely effective, except perhaps in the short run and on a temporary basis, so it's hard to see how this law will be any more effective than previous failed attempts.

State-Sponsored Attacks != Government Requests

[jaa101]

The summary is confusing two separate situations:

State-sponsored attacks are when a government agency hacks or social engineers or otherwise obtains your data against your will AND against the will of your service provider. That's what Yahoo and Microsoft are talking about. They can safely and legally tell their users about these attempts because, if for no other reason, they can claim they don't know who's responsible for the hack.

Official government requests for users' data, like US National Security Letters, are where the government uses legal compulsion rather than trickery to obtain the data. Obviously governments can and do add legal requirements to not inform affected end users. In Australia the laws even forbid revealing that there has not been a request for users' data; no warrant canaries for us!

I forget the name for it

[fustakrakich]

Notify everybody they are not being spied on until they get an order. Then when the notices stop coming you will know what's happening.

Re:I forget the name for it

[jaa101]

Warrant canaries. Governments can make them illegal too. Or, at least, they can in Australia; maybe the US's constitutional protections around freedom of speech could make it harder there, but I wouldn't bet on it.

Re:I forget the name for it

[fustakrakich]

Governments can make them illegal too.

Are you serious? They prohibit telling people they are not being spied on? Fascinating. Oh well, I guess the voters don't really mind... I have to remember how conservative people really are, and that most of them approve. To me this just shows what weak knees the liberals have. They can't win elections worth shit.

Re:I forget the name for it

Warrant canaries work in the USA because the USA has constitutionally guaranteed freedom of speech. This includes not being forced to say something. That way you can say you haven't received a NSL until you have, and then nobody can force you to keep saying it. The UK does not have freedom of speech. People like to think that freedom of speech is a universal thing in "the west", but in most countries it actually does not have the force of constitutional law and is thus much more malleable by oppressive legislation.

Re:I forget the name for it

[Z00L00K]

Warrant canaries can come in many forms, so it's hard for authorities to get proof that something is a warrant canary or not.

Re:I forget the name for it

[Richard_at_work]

Uh, for something to be a warrant canary, it has to be generally known that its a warrant canary - thats the entire point of it, it has to be fecking obvious.

Or do you think a company can come up with something hush hush that only certain members of its secret club would know about, except that all its customers are invited to that club and initiated into the secrets? Yeah, lets see how swearing 5 million people to silence about the "not a warrant canary *wink*" turns out...

Re:I forget the name for it

[ranton]

I seriously doubt a warrant canary would hold up in courts in the USA either. There is no settled case law on this matter that I know of so no one knows for sure. But even if warrant canaries worked in some cases, I would be very surprised if there was no way to word legislation in a way that makes warrant canaries illegal.

What has been held up in court is the government's ability to prevent citizens from speaking publicly about law enforcement investigations. The FBI uses gag orders on national security subpoenas (NSLs) to prevent the recipient from publicly stating they have been served with the subpoena, and they have held up in court as not violating the 1st amendment. A law similar to the Patriot Act (which gives authority to these NSLs) could prevent warrant canaries IMHO.

Although I doubt new laws would even be necessary to get around warrant canaries. The law seems pretty straight forward. Warrant canaries involve going out of your way to communicate information you are not legally allowed to communicate. Intent to break the law is undeniable.

Re:I forget the name for it

[ranton]

Are you serious? They prohibit telling people they are not being spied on? Fascinating.

It just says you cannot report on the existence or non-existence of certain types of warrants. I doubt such language is even necessary (warrant canaries have not been tested in USA courts yet) since using a warrant canary shows clear intent to break the law. In my opinion tech companies only use them for good PR since the financial penalties are not that high.

Re:I forget the name for it

[fustakrakich]

In my opinion tech companies only use them for good PR since the financial penalties are not that high.

Same here. I just didn't know the government can compel a person to tell a lie, or prohibit the mere mention of warrants at all (Australia). I guess, with the lack of resistance at the voting booth, people are okay with it, or even demand more of the same when I look at the election results. It is hatred at work really. Pretty damn sad.

Re:I forget the name for it

I seriously doubt a warrant canary would hold up in courts in the USA either. There is no settled case law on this matter that I know of so no one knows for sure.

At least, the EFF thinks they are. Here are some of the quotes from that article:

"Is it legal to publish a warrant canary?

There is no law that prohibits a service provider from reporting all the legal processes that it has not received. The gag order only attaches after the ISP has been served with the gagged legal process."

"Have courts upheld compelled false speech?

No, and the cases on compelled speech have tended to rely on truth as a minimum requirement. "

Re:I forget the name for it

[gweihir]

They can make them illegal, but that is very, very hard to do in a way to make a difference. What are you going to do? Put the one doing the signature in jail until he complies? Or even forcing a company to stay in business? Right.

People making laws are among the most disconnected from reality on the planet. Enforcement of such laws still has to have some dealings with reality so may well fall short.

Re:I forget the name for it

[gweihir]

No. You only have to get the message to somebody that is not affiliated with the company (so under no legal threat) and have them explain the meaning of the canary.

Re:I forget the name for it

[ranton]

The law does not and cannot forbid you from saying that you haven't been served a NSL. The law can not compel you to say that you haven't been served a NSL if you have indeed been served a NSL. The freedom not to say what you don't want to say is fundamental.

First off, there is no case law on this matter so you cannot make many of the claims you are making.

Why can't the law forbid you from saying you haven't been served with an NSL? Do you think you can get around a gag order just because a journalist asks you the right questions? If you have a gag order saying you can't disclose the amount of a settlement, a journalist cannot just keep asking "was it under $100k? $500k? $1 million?", and just wait for the interviewee to stop saying "No" and start saying "I can't answer that". The correct answer to all of these questions is "I can't disclose that information".

And the correct answer to questions about certain subpoenas and warrants that cannot be discussed openly is "I can neither confirm nor deny its existence". I assume any more shows clear intent to break the law, but that is just my opinion. I don't think anyone knows the answer to that until it is challenged in court.

Re:I forget the name for it

[ranton]

"Is it legal to publish a warrant canary?

There is no law that prohibits a service provider from reporting all the legal processes that it has not received. The gag order only attaches after the ISP has been served with the gagged legal process."

There may be no law that specifically prohibits that, but judges make rulings based on the intent of laws and the intent of criminals all the time. Just look to the Supreme Court decision regarding the Affordable Care Act, where they used the spirit and purpose of the law as guidance when ignoring a pedantic gotcha that threatened to scuttle the whole law.

Even if such a narrow loophole did hold up in court, it seems a simple gag order stopping a site from disclosing if they have or have not received any other NSL gag orders would suffice. If the government decided to do that. Australia did enact similar laws, and there is nothing inherent in the first amendment that would prevent that in the USA.

Odd legal repercussions

Okay, let me get this straight: rip off a whole nation, defraud companies out of billions and render millions homeless...CEO not even named. No-one ever tried, no convictions.

Threaten to tell someone they're being spied on. CEO gets locked up for two years.

Well, I guess we know where their priorities are. Fucking pompous ass shits, should drag them out of Parliament and hang them from the bridge. They're a disgrace to the whole country and it's people. I'm sick of them claiming the high ground while snorting coke and banging imported underage sex slaves.

Re:Odd legal repercussions

[Ungrounded+Lightning]

Threaten to tell someone they're being spied on. CEO gets locked up for two years.

This sounds like a strong motivator for CEOs to move their operations out of the UK, as a risk mitigation measure.

Possible workaround?

[mark-t]

When someone is targetted for monitoring, they do not tell the person they are being monitorered, but simply advise them that the law prohibits them from telling them if they are being monitored, and lets them come to their own conclusion.

Or would simply repeating the text of the law itself constitute warning someone?

By the way, is anyone else having problems staying logged into slashdot lately? Almost every time I try to post anything, I am spontaneously logged out and told I am posting as anonymous coward. I log back in, click back to the stories page, and often find I am logged out again.

Re:Possible workaround?

[N1AK]

Or would simply repeating the text of the law itself constitute warning someone?

Regardless of whether the government should or shouldn't be restricting companies from warning customers about government activity, if they are going to do it then the laws will be pretty broad and won't be easily dodged by semantic games like this. We already live in a world where intent and/or motive can be criminal (for better of worse), thus "teaching someone chemistry" can be illegal (in the UK at least) if the lessons were focused on producing viable explosives and you could be reasonably assumed to know the person you were teaching had criminal intent.

The issue with so much of the debate around privacy is that the vast majority of people accept that the government should have the ability to override protections; that majority is then split into thousands of different camps on where the limits are and what the safeguards should be. I was speaking to an intelligent relative the other day who thought that the powers the government of the UK want to stop unbreakable encryption was reasonable but thought it was somehow different to, the entirely unacceptable in his opinion, concept of the government being allowed to open all written correspondence due to speed of distribution. After a brief introduction to the concept of one time pad encryption (where the pad could easily be sent via post) his perception changed considerably; but there are millions of voters who aren't technically informed enough to be aware of such concepts and we can't viably inform them all.

Re:Possible workaround?

[Transist]

It took me like 20 minutes of searching, but I knew that what you're describing already has a term and I was struggling to remember what it was. https://en.wikipedia.org/wiki/...

Re:Possible workaround?

[mark-t]

Not quite.... since a warrant canary requires that it be triggered by the warrant itself, where what I am suggesting only involves telling them only what the person is directly permitted to know, perhaps only in direct response to a customer inquiry, unless the law explicitly requires either the company to say an outright falsehood to any monitored customer who asks, or be evasive with any non-targeted customer who does so.

Re:Possible workaround?

[AHuxley]

One time pad on paper. The real chilling part is the academic creativity in trying to talk about emerging issues found on networks.
Is it bespoke and unique? Possible gov code, dont publish... never comment, is not a good way to secure local networks.
Domestic hardware, software gov ready modifications that get left in or are not removable on export systems.

Re:Use APPS, not LUDDITE services!

[Darinbob]

Those were applications. Apps are like mini-applications, sometimes no code even just URLs wrapped up in XML. Convenient on clumsy devices where you can't manage a bookmark list or search for web sites.

How are these the same thing?

[wonkey_monkey]

Yahoo became the latest company promising to alert users who it suspected were being targeted by state-sponsored attacks

Google had previously assured their users that they would be warned of any potential government spying

UK ministers want to make it a criminal offense for tech firms to warn users of requests for access to their communication data

The first two situations involve the government going after the companies' users without notifying the companies

The last situation involves the government issuing a request to the company for information.

Seem like two different things to me.

Re:How are these the same thing?

[AmiMoJo]

Indeed. What is troubling though is that law enforcement should be required to ask a court for a gag order, so that there is oversight and an opportunity to challenge it. It shouldn't be the default.

MI5 want it to be the default because they hate oversight. They argue that it takes too long etc, but it's essential. I'd rather die in a terror attack than have them run amok with this power.

As always, encrypt everything.

Re:How are these the same thing?

[AHuxley]

It rally depends on what the demand is.
An upgrade to an always on "software" ready splitter?
New onsite hardware and a dedicated gov optical link deep into the brands systems? An in place hardware splitter.
Or a classic per person/account request for all logs...
The "access" part sounds like ongoing, collect it all gets a result and then legal requests gets started vs legal action begins the logging.

Brexit, please!

Hailing from somewhere else: please, take UK out of the EU until you fixed your mess.

Then come back.

Re:Brexit, please!

[Opportunist]

Who the fuck would want them back?

Re:Brexit, please!

[Z00L00K]

Time to topple the mess the EU is as well.

Sadly: Just assume you're always being spied on

[kheldan]

Even I am well past the point where I think it's anything other than a foregone conclusion. All the tech is already in place, emails are kept for extended periods of time, phone metadata is archived, financial and medical records are all electronic, cash transactions are being discouraged, cameras everywhere you look, Microsoft installing spyware as part of the operating system.. and for all I know some government jerk at a three-letter agency is reading this even as I type it (even though I'm on XP). You want a fair chance of being free and clear of any surveillance? Ditch your phone, go camping somewhere remote, or at least go ride a bike somewhere there are no cameras and no other people around. For a little while you can more or less assume you're not being watched or listened to.

Canary

Does the law prohibit telling users when they're not being spied on?

Wait, may I hear that again?

[Opportunist]

So they can make that a criminal offense but things like, say, selling personal data to the highest bidder or criminal negligence when it comes to security is done with a slap on the wrist that is at worst something that becomes part of the operational cost?

Odd how they suddenly can whip out the criminal charge club against CEOs when it goes against the people they allegedly represent.

To the best of our knowledge...

[peterofoz]

So the default message on the Yahoo portal is: "To the best of our knowledge you are not being monitored by the Government". If the government starts monitoring, just remove the message.

Re:Use APPS, not LUDDITE services!

[Z00L00K]

App is just a shorthand for Application, so there's no real difference if you look at it closely.

China would be so proud!

[Bamfarooni]

China would be so proud!

Re:Stop doing business in the UK

[hughbar]

Yes, please do, we can do without Modelez, Goldman Sachs (et al.), Monsanto, KFC, Coca-Cola, McDonalds, Spire Health, Dollar Financial Group (payday loans) and the NFL. Close the door on your way out, thank you.

Re:Anti-spying

[unrtst]

Except that all your examples are greatly exaggerated in both directions, to the point of being false.

You are not allowed to handle nuclear weapons, but government agencies can.

Only specific agencies, and only specific people in them, with loads of safeguards in place. Conversely, ordinary citizens *can* go to school and learn all about nukes and eventually handle very sensitive stuff - more safeguards and such, which is very similar.

You are not allowed to take the life of another, and yet government agencies can.

You can take the life of another in certain situations. Conversely, the government can not take lives willy-nilly, and especially not those of its law abiding citizens (this is true even in war on foreign soil - there are limits). Setting these up as polar opposites is disingenuous.

My contention is that government agencies are given additional rights in order for them to perform their obligations.

At least in the US, the government has no rights except what the people allow it (in theory, at least). They do not just get a bunch of extra rights that ordinary folks do not get. They actually have more restrictions (great example - first amendment, freedom of speech). That said, they seem to be running amok with very few people actually standing up to it.

Dear ISP, is my traffic being spied on today?

[niks42]

"Dear ISP, is my traffic being monitored today?" No.

"Dear ISP, is my traffic being monitored today?" No.

"Dear ISP, is my traffic being monitored today?" No.

"Dear ISP, is my traffic being monitored today?" We can neither confirm nor deny your traffic is being monitored today.

Re:Dear ISP, is my traffic being spied on today?

[Richard_at_work]

That would be a breach of the order, since it is a notification of change. Don't think that the government can be confused and bamboozled by stupid kids games like this and others in these comments - if it constitutes a notification, its a notification. It doesn't have to come in the form of "I, Yahoo!, hereby notify you that we have had a warrant issued against us for your data", it simply has to be a notification.

If a company has a warrant canary in its annual statements, or on your account etc, then the law would make sure it would be unusable for the purposes of notification. Either the company leaves it in permanently and its useless, or the company removes it with a statement to the effect of "The removal of this means nothing, as the warrant canary is now meaningless with regard to current legislation as we cannot use a warrant canary for its intended purpose anymore."

Re:Dear ISP, is my traffic being spied on today?

[fnj]

That would be a breach of the order, since it is a notification of change.

Liar. It is a response to a specific question, not a notification[*]. Sheesh. This criminalization specifically avoids attempting to compel you to lie, which would be grossly transparent tyranny. And you completely miss the point of a warrant canary. If the warrant canary dies, it doesn't matter what the accompanying narrative (if any) is. Anyone with a working brain would realize there is a problem even if the domain is seized and some bullshit "never mind; ir doesn't mean anything that we changed established procedure" message is posted.

[*] Think of it this way. Nobody can legally force you to voluntarily tell the police when you break a law, but using due process they can make you either incriminate yourself in answering questions under oath, or resort to claiming protection under the fifth amendment.

Worrying logical consequences

[John+Allsup]

Thus, thinking from a logical perspective, it makes sense to assume, by default, that we are being spied upon, that GCHQ, MI5, Mi6, NSA, CIA etc are snooping on all our internet transmissions, that all ISPs and tech companies are in cahoots with the intelligence services, and that the reason there's 'no evidence' is because of explicit legislation banning the dissemination of such evidence. Suddenly paranoia, delusions and conspiracy theories start to become sensible, rational and logical.

Re:Worrying logical consequences

[fnj]

Corrollary: for communications that matter, simply layer on your own encryption that the bastards can't decrypt. That's the idea behind PGP and Enigmail.

Re:Worrying logical consequences

[Anubis+IV]

Those of us who've been using encryption by default have been treating that as fact for years, even though we knew it likely wasn't actually the case yet. The only difference now is that they're sadly making our assumption a reality.

Re:Worrying logical consequences

[Ungrounded+Lightning]

Suddenly paranoia, delusions and conspiracy theories start to become sensible, rational and logical.

Being a "conspiracy theory" doesn't automatically disqualify a theory, despite the (convenient for conspirators) meme that such theories are always false and a symptom of madness.

People organize to advance their own interests. When in conflict with others, or when their plans are otherwise likely to provoke opposition (for instance, if what they're doing is illegal and/or oppressive), and often when it is not, they keep this organizational communication to themselves. This is the very definition of a conspiracy.

People in government, throughout the world and throughout history, have a track record - up until recently - of such conspiracies, which usually come to light only after some time has passed. Is it reasonable to believe we are living in a new golden age of absence of actual conspiracies? Or is is reasonable to believe that the current conspiracies just haven't come to light?

If the latter, what form might these current conspiracies take? Some benign non-interesting form, or the same forms seen throughout history: spying, covert harm to perceived opponents, acquisition and use of broader power over others?

The problem, of course, is that because such conspiracies are necessarily secret, it's hard to determine what (if anything) is actually going on. So many theories about current conspiracies are wrong, sometimes on details, sometimes about the actual existence of such a conspiracy. (Further, those whose business is such conspiracies help to keep the average down by spreading their own, false, and often ludicrous, theories. See the "second cover" technique I've described previously.)

So I generally assume (and have for decades) that many in government are engaged in such conspiracies - to improve their own circumstances at the expense of others - and that we just don't know the details of what's going on currently (until some of it leaks, and not necessarily even then).

Government seems to be an institution that promotes, and runs on, such conspiracies, deriving great benefit for itself from them. So I am never surprised when those in it misbehave. Whether you view it as a weed or a fruit tree, as long as it exist it seems to need regular trimming back.

There needs to be compulsary notification

If you don't notify the person there data is requested then how can they use their right to challenge it in the court? They would have no legal recourse or rights in the matter, because it would be kept secret from them.

There needs to be compulsary notification of the person under surveillance, and a proper court order to keep it secret (and then only for a short time during investigations). Otherwise its just a police state with a judicial system only there to rubber stamp prosecutions.

What's we learned back in November is that they've been doing mass surveillance for years, despite Parliament rejecting this snoopers charter., And UK has its own Parallel Construction with prosecutors briefed on surveillance data in secret, who then conceal the true details from judges and courts. So perjury and conspiracy to pervert the course of justice have been common place.

Cameron, William Hague and Theresa May were apparently briefed on the situation and helped conceal it up from Parliament.

William Hague also moved Parliaments emails system to Microsoft's cloud. While he kept the mass surveillance secret from them. Presumably he gets to check their private emails to see if anyone is raising concerns that need to be stamped on. Because he's basically handed their emails to NSA and GCHQ.

It's really a full on coop d'tat, if they get this law, then *LEGALLY* Hague/May/Cameron can snoop on Parliaments emails, and it will be a crime to tell them what he's up to. The leading party will have mass surveillance of any opponents and their supporters, secret briefings of prosecutors against them, and the defendant won't be able to see the evidence against them to challenge it.

Re:Stop doing business in the UK

[malditaenvidia]

Let's see how you handle the lack of Spam.

Re:We're the good guys!

[jandersen]

When the GOOD guys do it it's okay!

Yes, well, there is a continuum from what most people see as acceptable: that 'somebody' (including police and intelligence services, but also journalists and the public) keeps a discreet eye open for what certain individuals and organisations do, to the unacceptable: that the same 'somebody' spies on everybody's most private and personal secrets - like when police (or journalists) hack into mobile phones etc. As far as I can see, there isn't a fundamental difference between the two ends of the scale, it's only a question of how much is acceptable. And how do we decide what is the right balance? Except by trying to gauge, democratically, what people as a whole, society, thinks about it? There is an ongoing debate about it - governments, police forces and intelligence agencies have their opinions, but they are far from the only ones to make their views known, and the debate not over - it probably never will be.

What will they do vs. Microsoft?

Microsoft to begin alerting users about suspected government snooping http://www.theregister.co.uk/2...

?

APK

P.S.=> This is all mind-boggling & imo, insane - however, this was some GOOD news (that those who favored all of this madness & lunacy are being spied on themselves & DO NOT LIKE IT WHEN IT'S TURNED ON THEM -> http://yro.slashdot.org/story/... )

2nd tech desert: UK. (first is North Korea)

[swschrad]

the UK is headed in a terrible direction, and they will be cut off by tech companies that plain flat out don't want to screw around with those wreckers. cut off.

The net result

[dhaen]

IF it came to pass would be that none of these tech providers would choose to have a UK base. We already rip CDs illegally with impunity because the law is stupid and unenforceable. Oh wait...what's that knock on the door....

Here's one of 'em

[Ungrounded+Lightning]

I honestly wanted to follow those links and read what you were talking about and then... oh, YouTube.

The full text of the second one, Cybersecurity as Realpolitik, Dan Geer's hour-long speech, is on his web site as a text file.

He skipped over a couple items during the speech, as unnecessary for that particular audience (given the limited time) and said they'd be in this posting, so it may be more complete and useful. (I haven't read it through yet, having just watched the youtube...)

I found it extremely insightful and highly recommend it. I won't attempt to characterize it because it covered several related aspects and tied them together brilliantly.

(The first was an {also insightful} analysis of the be-a-better-citizen game the Chinese are deploying as we speak.)

Re:Here's one of 'em

[flopsquad]

Thanks for that!

Re:Here's one of 'em

[cgmurray]

The text helps. Here is an insightful quote: The four verities of government are these: . Most important ideas are unappealing . Most appealing ideas are unimportant . Not every problem has a good solution . Every solution has side effects Although I'd say those are the four verities of not just government but *any non-trivial centralization*. Certainly applies to any IT department.

Re:The company 'bosses' would face prision

[Ungrounded+Lightning]

Generally speaking, heads of companies have a big shield against facing personal criminal charges. Little things like oil spills, financial meltdowns, etc, no one from a corporation goes to jail.

Generally speaking the laws under which corporations are created deliberately generate a "corporate veil" that makes the corporation, as a corporation, liable for its actions, but the people who invested in and operate it are shielded from this - UNLESS they DELIBERATELY engage in CRIMINAL behavior (at which point the corporate veil may be "pierced" by the justice system and the lawbreakers penalized).

This is to encourage investment and enterprise, while still deterring criminality: As long as the investors, execs, and workers stay within the law, they may lose their investments and/or jobs, but no more. The corporation, on the other hand, may go bankrupt and "die", with all its assets distributed to those it harmed.

Everybody who voluntarily interacts with the corporation knows this up front, and being forced to INvoluntarily interact with the corporation is generally on the same legal basis with being required to interact with a person: Either it's something within that person's rights (or corporate pseduo-person's rights - essentially the same rights as those of its constituent members) or it's criminal - and you're in "pierce the corporate veil" territory.

How exactly?

[ramriot]

Similar to the recent 48 hour whatapp injunction in Brazil (which was overruled after 12 hours), trying to punish a company offering a free service for not complying to evidential requests will only end up punishing the populus i.e. VOTERS.

I can see that issuing an interception warrant across borders is difficult, but mandating a deviation to accepted law of the targeted nation will only end up getting your warrants overruled.

Ineffective, and hugely invasive.

[mark-t]

It is pretty clear to me that the government simply wants to watch anybody, at any time, and for any reason that it arbitrarily chooses, without having any accountability to anyone.

Clearly, if one feels they have any reason to even *suspect* that they are being monitored, then they might as well consider that as a sufficient basis to carry on their actions as if they actually *were* being monitored, which effectively amounts to doing what they would do if they had actually been alerted they were being monitored anyways.

The only way this isn't true is if the government's actual intent behind the law prohibiting notification is if they simply want monitor individuals who have not ever done anything wrong, and would not have had any reason to suspect they were being monitored.

Thus, this law is clearly being put in place to eavesdrop on innocent communications, not those of people who are breaking the law. It seems incontrovertible.

Re:Use APPS, not LUDDITE services!

[KGIII]

True and to join in with the AC below...

See, yes, you and I shortened "applications" to "apps" all those years ago. We were "installing apps" and "writing apps." We were "working with apps" and "managing apps."

Alas, today, they've gone and changed the common usage definition and what we call apps are now referred to by their full name - namely applications. Some of us are a bit more specific and we'll call them "phone apps" or "mobile apps." I think we're in the minority.

This appears to happen quite a bit. See the RC enthusiasts who are, through no fault of their own, no longer piloting RC model aircraft but are "drone operators."

Another example is I'm a Libertarian. Except, now that refers to the hard right instead of the loony left. I'm much more in common with a Socialist than I have in common with the caricature that most envision when I say that I'm a Libertarian. They automatically assume that I'm a Randian and it's a whole lot of work to show them the difference - they simply weren't alive, didn't know, or haven't learned that there's much more to it.

So, we're kind of old (some of us) and to us, apps is short for application. We difference them by saying mobile apps or even mobile applications. To others, probably too young or too uneducated, they aren't aware of the history and so they see "apps" and drop the "mobile" (which was, I think, in common usage earlier in time) and think that anything called an "app" is specifically for a mobile platform.

We can go with the flow, argue it, be confused, try to teach them, or just continue talking amongst ourselves. I try to reference them as "mobile apps" if need be. Given my distaste for most mobile platforms, that's seldom a concern. I've tried - I've bought quite a few tablets... I just can't appreciate the platform for anything other than consumption and I'm not even overly fond of that. Oddly, I don't mind my phone for some types of content consumption. I'll use it to read and even comment on a site. I have no use for a tablet. I'm going to try again with a Surface Pro but I am going to make sure that I can install Ubuntu on one before I bother wasting my time.

Then again, it will probably get used if I buy one. I bought one for the missus for the holiday and the kids seemed to both like them. I suspect that they'd abscond with one and make good use of it if I bought it and found that I didn't like it even with Ubuntu loaded. The missus prefers Linux these days but seems genuinely happy with the Surface. I've poked at it and I'm reasonably impressed with the speed, layout, display, and accuracy of the inputs. I'd still rather it have Ubuntu on it.

Re:Anti-spying

[AHuxley]

Collect it all gets the end ip, start ip, content, context and historical play back.
The "back door" is a US consumer grade OS's that allows bespoke key loggers crafted per user to get the plain text as a message is created (typed in) before any powerful new software can even encrypt.
The real revolution over the past decades is the low cost to keep it all and then sort rather that just watching for keywords or new connections with known people of interest.

Re:Trump Solution

[Teun]

They (Cameron and cohorts) are since years building it all by themselves, no need to help them :)

Re: Use APPS, not LUDDITE services!

[cthulhu11]

Much like "distro" which makes me cringe.

Warrant canary to get around censorship?

[doobydoobydoo]

Could a warrant canary (https://en.wikipedia.org/wiki/Warrant_canary) be used to get around such gagging? Yahoo, MS, Google, etc., could have a page that you can go to that either says "You are not the subject of a state-sponsored attack via us" or is blank. When it's blank you can assume that the spooks are prying. You could even sign up for regular emails stating the same. When those emails stop you know to go check your page.