Facebook, Google, Microsoft, Twitter and Yahoo Balk At UK's Investigatory Powers

Mark Wilson writes: The Investigatory Powers Bill may only be in draft form at the moment, but the UK government has already received criticism for its plans. Today, scores of pieces of written evidence, both for and against the proposals, have been published, including input from the Reform Government Surveillance (RGS) coalition. Five key members of the coalition are Facebook, Google, Microsoft, Twitter and Yahoo. In their written evidence, the quintet of tech companies express their concerns about the draft bill, seek clarification from the UK government, and issue warnings about the implications of such a bill. The evidence (document IPB0116) says that any surveillance undertaken by the government need to be 'targeted, lawful, proportionate, necessary, jurisdictionally bounded, and transparent'. The coalition notes that many other countries are watching to see what the UK does.

Re:stupid uk gov vs big bad corps. which is worse?

[Opportunist]

My guess is that the bill would let the UK demand user data, which is what the five would rather want to sell than to give out for free.

Re:Balance of power

[greenfruitsalad]

UK is a BIG english-speaking market, where people buy more goods online than in any other country in the world ( http://www.telegraph.co.uk/new... ). right now, these companies are just trying to save faces before they start applying lubricant to all orifices. by the time UK government says "bend over", they'll be waiting in line with pants around their ankles.

Why did UK politicians even comment?

[AHuxley]

The UK gov and mil has had total control over all communications systems since 1914.
From the Defence of the Realm Act 1914 https://en.wikipedia.org/wiki/... to every phone line domestically and in and out of Ireland to all calls on Intelsat via CSO Morwenstow/GCHQ Bude.
The ability to collect all and then use parallel construction over the decades was never really fully worked out by the press, lawyers, human rights campaigners, tech experts or academics.

All MI5/6 and the GCHQ had to do in closed courts was to ensure a protected "witness" could be presented to confirm what "collect it all" had originally found.
Legal experts would assume someone had been turned and offer immunity or a deal. Few in public really understood the collaboration between the US, UK tech sectors, academics and the UK gov over decades.
All the UK political experts should have said was that VPN, US consumer grade cryptography, onion routing was a complex issue that the government was spending money on trying to understand over time.

Generations of interesting people would have continued to be fooled into using fully tracked VPN services, gov malware ready cell phones, tracked telecommunications products, junk consumer grade encryption, IP reporting onion routing applications. All networking would have been under full UK gov observation with only hints that sock puppets could have been used to counter.

Projects like Tempora https://en.wikipedia.org/wiki/... would have given the UK the world if UK politics would have just been more vague about global collection.
Why did the UK intelligence services even allow UK political talking points to the formulated and talked about on topics like trapdoors, backdoors, new gov keys to all UK encryption?
Academics and software developers to help to trapdoor crypto by design and sharing of extra keys with the UK gov?

Now everyone knows "Designed in the UK" is code for the UK gov and mil listening in by default over all generations of UK products and brands.
Local manufacture is now synonymous with hardware tracking and default backdoors out of the box.
If only decades of clever policy surrounding crypto ambiguity had been allowed to continue.

Re:stupid uk gov vs big bad corps. which is worse?

[IamTheRealMike]

Were quite cooperative. Not any more.

Years ago, companies like Facebook and Google had fairly cordial relationships with police departments around the western world. If a government came and said we need access to account X because we think it's engaged in child porn or terrorism, the companies asked them to fill out the right paperwork and then got on it. Sometimes they'd even tip governments off, if they spotted someone doing stuff that was clearly criminal. It wasn't really an adversarial relationship. There was an assumption of good faith on both sides. The UK was especially dependent on this kind of relationship because it has comparatively little influence over these companies, none of whom have major engineering centers or fixed assets there (the London development offices of Google and Facebook only got reasonably big very recently indeed and neither are critical to the firms).

That all changed post Snowden. You can read about this change in UK newspapers. Post Snowden these companies stopped assuming good faith and started doing everything they could to slow things down, because they were understandably upset that governments had been secretly hacking their systems and intercepting their fibre connections. Google in particular encrypted all the inter-datacenter traffic that GCHQ had been intercepting, which made the intelligence agencies dramatically less useful, as so much of the data they wanted was hosted there. Whereas previously these firms might have not worried too much if the i's and t's weren't dotted and crossed, now they insisted on it as a matter of principle. They started challenging everything automatically. Most seriously of all they started saying "the data for this account is under the control of our US subsidiary so you need to get an MLAT to access it". An MLAT is a Mutual Legal Assistance Treaty and is a process for one country to formally request legal help from another. The MLAT process is extremely slow and bureaucratic so Silicon Valley's newfound insistence that it always be used effectively put a halt to most of the snooping that the UK had been doing.

So now the UK wants their old powers back. What they REALLY want, of course, is for Google/Facebook/Yahoo/Apple to decrypt their wires and devices so GCHQ can go back to snaffling all of it. They know they probably can't get that though, but an automatic "we say jump, you say how high" process with no safeguards and no mutual legal assistance treaties is the next best thing.

The risk here, for the UK, is that the UK needs Silicon Valley more than SV needs the UK. It'd be very easy for Google, Facebook, Twitter etc to simply shut down their offices in London and offer the engineers a relocation package. The sales staff can be rehired elsewhere. They'd rather not do this as it'd be disruptive, but nothing in their business requires a presence in London. It's not like most companies where they have factories and other immovable assets. Google can sell services into the UK from Ireland just fine and did so for years. If the UK pushes these companies too hard there's a risk they'll simply leave. UK isn't going to block these websites. It's clear from comments by Tim Cook especially that this isn't some abstract business decision for these firms, the CEOs see it as a moral issue. Now the Twitter CEO went back to being Dorsey it's possible he'll see things the same way too. Not sure about Facebook but the cultures are fairly similar.