UK Encryption Backdoor Law Passed Via Investigatory Powers Act

UK Encryption Backdoor Law Passed Via Investigatory Powers Act

-- Tom

 

Sad day. The super obvious thing is a resident in the UK concerned about encryption security will download software from other countries, which contains no such backdoor.

 

UK Members of Parliament exempt themselves from spying law

-- Tom

 

Biiiig surprise!
Seriously. This all is like directly out from 1984 and animal farm.

 

ENISA says crypto backdoors are a bad idea

https://www.helpnetsecurity.com/2016/12/14/crypto-backdoors-bad-idea/

 

They love their CCTV's there.

 

They sure do.
You probably can't even *** in the park at night there without some "candid camera" recording you.

 

There's apparently 32 CCTV's just outside Orwell's old residence.

"4.2million CCTV cameras - one for every 14 people in the country - and 20 per cent of cameras globally. It has been calculated that each person is caught on camera an average of 300 times daily."
http://www.standard.co.uk/news/george-orwell-big-brother-is-watching-your-house-7086271.html

 

https://www.theregister.co.uk/2017/03/03/uk_privacy_shield/

 

There's more privacy chaos in EU than that, I think. Sure, the UK is arguably the worst. But damn.

 

https://techcrunch.com/2017/05/27/could-the-uk-be-about-to-break-end-to-end-encryption/

 

Or they'll have to manage themselves such that they can't be forced to comply

I wonder how they'll deal with Tor onion services and exit relays.

 

I don't think I agree with the analysis that the companies will have to comply with the UK law with that being "enforced". Take WhatsApp for sake of argument, being "required" to remove end-to-end. Clearly, there is significant market demand for this feature - IMO largely driven by the unprincipled mass surveillance (including that by foreign governments).

In FB's position, there would a substantial global commercial loss if they were to comply with order, because some people would switch to competitors. Of course, with a UK operating company (mainly a sales office for advertising), they would have a corporate body that would be directly subject to UK judicial sanction. But it's only an operating company, so it might be in their interests to simply withdraw from the UK market and shut the UK offices. That threat on its own, if it were serious, would be a large condemnation of UK policy, with attendant loss of jobs.

That would then leave the UK government trying to pursue FB in the US courts, using legislation that has not been passed in the US. Can't see that flying.

Much more likely is the behind-the-scenes fudge, that would allow them to issue dodgy certs in the exchange for particular users, on the quiet. But, this is not going to be easy to achieve without someone leaking that fact.

 

Can't say I'm overly concerned but then I'm not a terrorist nor do I belong or wish to belong to any form of extremism.

 

It's clear there is a big market demand for e2e, otherwise there wouldn't be the products. It's obvious there are legitimate uses of e2e, for which being protected against govt. or commercial snooping is important. For instance, it's quite clear that if you are engaged say as a director of an international company, you might be failing in your duties if you did not do so. Likewise lawyers, IP conversations with agents, medical dialog or medical records, anyone under an NDA, journalists keeping sources safe, anything covered by data protection legislation, the list goes on. Plus anyone concerned with the perils of false positives. The demand for the protection is perfectly rational. It's clearly not the case that t'rrists or extremists are the only users of these products. Nor is it clear that preventing access to e2e on popular platforms will actually degrade the capabilities of t'rrists or extremists much, whereas it will do so for "regular" users. But these costs are not borne by the security services or the government.

The sad thing is that these products have been produced in reaction to a market demand driven by the over-reach of western governments and security services.

 

As I said its no concern of mine, if it helps capture those that conduct slave trade from eastern Europe and Africa, captures paedos and the perpetrators of ransomware and its ilk its got to be good..When I pass through the customs green channel there's no sweat on my brow and I don't sweat using the internet.

 

- my bolding
It probably won't help, since those criminals will just switch to other services that don't have backdoor.

 

It's not only that - it's the "its got to be good" statement. Society makes judgements all the time that affect people's lives and wellbeing, although it tends to be hypocritical and irrational about doing so - and this is the case in terms of security and privacy. Nevertheless, we trade safety for money and convenience, and its quite rational to do so. Unfortunately, there are those who trade their safety for our money which isn't so good.

Furthermore, society has long-established norms about what the government can do in terms of steaming open letters and so on - you need an articulated warrant. What's gone wrong in terms of electronic communications is the mass-surveillance without articulated cause and warrant, including on foreign citizens - hence the perfectly rational demand for e2e.

One cannot rationally assert that some things are beyond "price" because we are actually making those judgements all the time.

I'm pleased that there are some people still blissfully happy in their insouciance about false positives that they can transact without caution on the internet. Sadly, given what I know and a basic knowledge of history, I'm not one of them. What I'm not OK with is those people handing away my rights on the basis of blanket assertions without critical evaluation.

 

Well take some action to prevent it!...I wish you all the best



Edit, I know they're not out to get me because there's nothing to get

 

Government probably not - if you don't have anything to hide. What about bad guys that will eventually find out and use same backdoors to attack law abiding citizens?

 

http://www.zdnet.com/article/governments-stand-ready-to-regulate-a-cyberscape-they-do-not-understand

 

Well, that's why I'm here! And likewise to you, enjoy.

 

Listen to this guy ^^^. *Everyone* has something to hide from *someone*, whether they know it or believe it.

 

http://telecoms.com/482536/the-uk-is-walking-a-fine-line-between-security-and-privacy/

 

It really is the same issue that Orwell raised in 1984. I mean, the government needed those cameras and microphones for lawful access. As they saw it, anyway. And there are tons of public cameras in the UK. So hey.