UK Backs Off From Banning Reidentification Research

An anonymous reader writes: The United Kingdom has recently debated banning reidentification in its new data privacy law. This proposal has quickly been identified as dangerous and criticized, as it was argued this is not only ineffective but would also put at risk legitimate security and privacy researchers. Following public outcry, the UK government amended the bill to include safe-guards allowing researchers to study anonymization weaknesses. Researchers will also gain a new channel of disclosure via the Information Commissioner Office (ICO). According to The Guardian, "Researchers will have to notify the ICO within three days of successfully deanonymizing data, and demonstrate that they had acted in the public interest and without intention to cause damage or distress in re-identifying data."

What was the UK gov so protective of?

[AHuxley]

That some of the malware discovered domestically and only in the UK would have been the work of/contractors for the security services?
Create bespoke code for every mission that no AV or OS will ever know about?
Unique code only every seen in select locations in the UK and Ireland would stand out to any researcher.
Use international malware thats not been discovered in the wild but might be discovered at any time? It might collect all for hours, days, months, years?
Until the OS, AV tells the user about the infected OS, files.

What to do with all the research in the UK that will find UK sensitive security service code litter online, on devices, in the telco networks?
Code never seen outside the UK, Ireland that no OS, AV was aware of?
Another domestic Operation Socialist gets found? https://theintercept.com/2014/...
https://en.wikipedia.org/wiki/... How to accept such discoveries and tell the researcher that their work will result in an OS patch, AV update as needed?
Centralise legal malware reporting in the UK and keep the researchers productive and feeling like their efforts get better results than talking to the global AV community.

Re:What was the UK gov so protective of?

[Pinky's+Brain]

Its monopoly. Their security agencies being able to do reverse ID lookups on snippets of data gives them power. When Google and everyone else start doing it nilly willy it tips off the bad guys, costs them power.

So hurray for governments greedy of power I guess ...

Re:What was the UK gov so protective of?

I read that as "domestic-operation Socialist gets found" and was about to furrow my brow wondering. Operation Socialist, duh. I knew that. Not like Karl Marx did pizzagate or something.

Re:What was the UK gov so protective of?

[AHuxley]

Re "reverse ID lookups"
The fun part is all the early social media that got kept over the years. All that past data can uncover many cover stories used by the once protected clandestine services/police/mil.
Faith groups, criminals, other nations brands, embassies are running complex background investigations on anyone new getting to near them.
Who was in the mil, went to university to study law, law enforcement, engineering related topics but present as another occupation, unrelated skill set.
Not the person they try to present as and social media kept the party, university, friend pictures, video files.
On anyone undercover been introduced as been trusted to a faith group, criminal group. Getting informants and undercover teams in is a task in finding people who have never done social media and who are trusted by the UK gov...
Trying to recreate old social media now is a fail as so many private sector investigative brands kept the old social media in real time. Later cover story alterations show up against what was collected and save by the private sector years ago. Pay enough and get social media played back over years as saved at that time.
Hard to hide that new face with a new addition to old online social media files by the security services.

Criminals and faith groups are happy to suggest people in the community become informants, join the police, mil, security services just to ensure investigative busy work. Only so many usable surveillance teams to try and stay in the many no go areas :)
With background investigations not stopping a person from not getting a UK gov/mil/clandestine service job, such people of faith/crime can rise up the gov/mil ranks.
Reverse ID lookups by faith groups then get even more productive once inside the gov, mil for generations.

It is a new sport!

[HornWumpus]

24 hour felonious programming (in England) contest. Prize: Free trip to London, all expenses paid.

This will be some good trolling.

Find the Queen. Find Chuck! Just don't do it in English jurisdiction. Good fun!

"proof of intent"? Who is kidding whom?

Proving intent in either the civil or criminal context is inherently difficult. -- American Bar Association

The people that run the UK

[Hal_Porter]

... think that intelligence led counter insurgency consists of beating information out of suspects.

Actually it consists of very clever SIGINT intelligence gathering cooperating with the every helpful folks at Fort Meade to identify the suspects followed by a tip off off to the intelligence services of whatever third world shithole they travel to to blow shit up. Then the local secret police beat the information out of them and we pass it back to Fort Meade.

Re:The people that run the UK

[AHuxley]

Re " intelligence led counter insurgency"
That worked well until the GCHQ and SAS found the supplies the US was allowing to flow into Ireland.
The UK asked the US police to stop that flow. Nothing resulted in such direct law enforcement to law enforcement discussions.
So the UK intelligence services had to get active in the USA and the US secret police never worked how the direct flow of funds and hardware from the US to Ireland just stopped.
Skilled UK SIGINT intelligence ensured UK teams working deep in the USA never got caught.
Good counter insurgency often has to go to very unexpected places.

RE? Identification

Lets consider Google.

Google obtains the location (from its location services), name (as specified by you), email (gmail needed for android), ip address (lots of ways), browser profile (lots of ways), real name (credit card used on Google Play), real address (credit card), car driven (from Android Car sync), websites visited (google analytics, Google adverts, Google tag manager,Google content delivery network etc), telephone number (Android), friends and contacts telephone numbers (Android), Wifi passwords of every network around you (Android cloud backup), who you are with at the moment (sniffs surrounding Wifi under guise of location services), your future plans (Google Calendar), your words (Google Assistent), your conversations (chat/email), probably an insane shitload of other stuff you and I don't know about.

It also gives itself permission to cross link that data.

It tells you a tiny fraction of the data it links based on the account id.

OK, so now imagine a dictator or his puppet with that data and you have control. e.g. Puppet put into UK leadership with help of foreign attacking government, signs access to that data to UK security service (already done), who then are instructed to share that data with foreign attacking government to tackle some exaggerated threat... muslims..... mexicans...china..... or something.

Re: RE? Identification

sounds profitable