
UK surveillance powers bill could force startups to bake in backdoors - benevol
http://techcrunch.com/2016/03/10/uk-surveillance-powers-bill-could-force-startups-to-bake-in-backdoors/
======
p01926
"I am leaving it as I found it. Take over. It's yours." Ellis Wyatt

If you feel you're being compelled to act immorally, remember non-compliance —
whatever the immediate consequences to yourself — is the only acceptable
course of action. When we decide to spend our days building powerful tools, we
enter into an implicit agreement not to let them fall into the wrong hands. If
the government comes knocking, BURN IT DOWN. Make good on your debt to
humanity.

~~~
m0nty
> remember non-compliance — whatever the immediate consequences to yourself —
> is the only acceptable course of action

Seriously, can we get away from these fine-sounding (but otherwise utterly
useless) slogans and clarion calls? There has to be a better response than a
scorched-earth policy.

I'm a software developer based in the UK currently working on an app which
will probably be affected by this bill. Apart from destroying the product
and/or risking jail-time, are there any sensible options? Can I incorporate
somewhere else in the EU and run everything from overseas? What if I am not a
UK company but a DE company and _everything_ happens from there?

I realise it's early days, but I'd hope HN could come up with some informed
suggestions.

~~~
maze-le
I think the only viable option would be to leave the UK. Not just you
physically, all bank accounts and insurances too. When you have set up the
company somewhere else (maybe netherlands, germany or sweden) you would have
to renegotiate all contracts with all your clients, have new laywers, new
accountants, etc...

I can not think of any way other than leaving, that will not compromise either
your product, your customers or your integrity.

This is 'scrorched earth' if you will, without 'fine-sounding, useless
slogans'. Consider this: If this crap becomes law, you certainly won't be
alone when leaving. And when a critical amount of developers and entrepeneurs
leave the UK permanently, the economy will suffer... greatly I think. And
that, sad as it may sound, might be the only argument politicians would
consider, when it comes to signing this bill.

~~~
joering2
> And that, sad as it may sound, might be the only argument politicians would
> consider, when it comes to signing this bill.

Sorry to be this guy, but you do realize you're talking about UK, right??

IF you have pay attention to anything that comes out of UK politicians and
being actually implemented in the law, you would have a hard time believing
that UK citizens' disobedience, not matter how loud, will change ANYTHING AT
ALL!

Sadly, they're doomed and I cannot find a friend who left years ago and never
looked back.

~~~
Symbiote
> Sadly, they're doomed and I cannot find a friend who left years ago and
> never looked back. ￼ Is your double negative the right way round there? That
> means your British emigrant friends _are_ looking to [move back to?] the UK.

I'm British, and recently left. I've met about 6-7 British people in my new
country (I haven't been seeking them) and none have any intention of
returning. Of course, they visit family and so on, but at present there's no
reason not to.

~~~
flashm
Where did you go, out of interest?

I'm in the UK and weighing up options.

~~~
Symbiote
Denmark.

I wasn't particularly looking to move here, though it was a country I'd
thought about. Then someone forwarded a job advert to me, and I ended up with
an offer I couldn't refuse :-)

Anywhere in the EU is easy to move to, and easy to move away from if you don't
like it. The big differences are probably the ease of getting a job, speaking
the language (or not needing to) and meeting local people.

------
jensen123
I wonder if most of the politicians in the UK actually understand what they're
doing here? Some research have shown that in order to recognize brilliance,
you basically have to be brilliant yourself:

[http://www.livescience.com/18706-people-smart-
democracy.html](http://www.livescience.com/18706-people-smart-democracy.html)

In another story on Hacker News today, I find the following: "She offers a
sample math problem from the test: You go to the store and there's a sale. Buy
one, get the second half off. So if you buy two, how much do you pay? "High
school-credentialed adults, they can't do this task — on average," says Carr."

[http://wamc.org/post/americas-high-school-graduates-look-
oth...](http://wamc.org/post/americas-high-school-graduates-look-other-
countries-high-school-dropouts)

Clearly, the majority of the voters in a democracy aren't very intelligent.
This probably means that most of the politicians in a democracy, such as the
UK, aren't very intelligent either.

~~~
rm_-rf_slash
This subject has received significant attention because as hard as it is to
accept, it is all true. There has been a deliberate "Brave New World" effort
to control the masses of democracies, under the assumption that leaving people
to their own devices will ultimately result in chaos and destruction by
someone else manipulating them (case in point: the Republican Party fiasco
regarding Donald Trump)

If you are willing to see how your life and role as a passive consumer has
been designed, watch the BBC documentary "Century of the Self," read Edward
Bernays' "Crystallizing Public Opinion," and "Propaganda," and for an extra
dose of depression, Noam Chomsky's "Profit Over People."

Sorry.

~~~
logfromblammo
I haven't seen any of those yet, but I get the sneaking suspicion that they
would all be preaching to the choir.

But I reached my current world view by extensive wearing of foil hats and
painstaking calibration of handcrafted bullshit detectors, so it would be nice
to see the analyses of those more reputable than my usual sources (by _many_
orders of magnitude), just in case they would ever be useful in an appeal to
authority.

For instance, I could tell my spouse something for years, such as "chia seeds
are a better source of omega-3s than flaxseed, because the chia seed coat is
digestible, whereas the flax seed coat has to be cracked mechanically, which
allows the oils inside to become rancid due to oxidation between milling and
ingestion." And this is dismissed and forgotten, until Dr. Mehmet Oz features
chia seeds on his television show. Afterward, I'm still the only one actually
_eating_ the chia seeds, but at least I get less flak for it when I do.

The Cassandra Phenomenon: it's horribly demoralizing.

It's even worse with my homespun political analysis.

------
CommanderData
Don't create start-ups based in the UK.

Register overseas (if possible). This is going to harm the UK economy a lot
more than they think.

Founders will think twice and will only add to risk and burdens when you are
already competing in an international, competitive, start-up space.

Remove the offending country from the equation by relinquishing legal
responsibilities. I know a few founders who have talked about doing this so I
hope the UK reverses this or never becomes a prolific start-up space (which
would be a shame).

I hope avoidance becomes common practice, the UK is not the only country that
incentivise start-ups. Others do and thankfully don't have draconian laws such
as this.

~~~
degenerate
It should be easier with Stripe's Atlas:
[https://stripe.com/atlas](https://stripe.com/atlas)

------
pmontra
If this gets approved and you're based in the UK, that's it. If you're based
somewhere else are you safe or should you refuse to create accounts for people
from the UK?

~~~
s_kilk
Piggybacking a bit here: would a startup based in the UK (as in, devs and
managers live in the UK), but incorporated in the US (maybe through the new
Stripe service), be held to this?

~~~
coreyp_1
IANAL. International laws probably vary, but by having employees in a country,
you may be subject to its laws.

For example, I am part owner of a Canadian company that sells an online
service. If we hire US employees (developers), then we must collect sales tax
and pay income tax for sales originating within the governing municipality.

Obviously, I am talking about US tax law, and your question is of a different
nature, so the best thing to do is to contact a lawyer who has expertise in
that area. I only offer my experience as evidence that the location of
employees can impact the legal responsibilities of a foreign business.

------
nomercy400
I wonder how people in the UK will respond if, for example, Google, Apple,
Facebook and Microsoft all decide to no longer provide their internet services
in the UK. How long would this bill last?

Also, it's quite concerning that four US based companies could influence a
country's policies so much.

~~~
chei0aiV
IBM managed to convince Pakistan and India not to go to war!!

~~~
pritambaral
Uhh ... some source on that please? I couldn't find anything related

~~~
dogma1138
Not sure why he credits only IBM but several large IT companies including IBM,
Microsoft, HP, Dell and many others pressured the Indian government not to
launch punitive strikes against Pakistan after the Mumbai attacks.

There was a very big fear that if India and Pakistan will go to war the global
IT business would suffer greatly because of just how much of the global IT has
been outsourced to India.

~~~
eni
Any references for this please.

------
aidos
The list of "equipment interference agencies" includes "Her Majesty’s Revenue
and Customs" (HMRC). For those of you not in the UK, that's the people
responsible for collecting tax.

Why would the tax department ever be allowed to do something like this
directly? They seem incapable of fairly collecting the taxes of the country,
what business do they have acting as an "equipment interference agency"?

~~~
nixgeek
They have an investigatory arm of their own and have been known to go after
corporate data, particularly email, as part of looking into what they believe
may be tax fraud.

One could reasonably question why this isn't a department or division of
another agency, perhaps NCA, but I think it's a fair statement that forensic
accounting and investigation is a somewhat specialised skill.

------
mseebach
You wouldn't know from reading the TC article (which is almost criminally
poor), but yes, this is very, very bad.

Read the actual proposal instead, it's written in natural language and
perfectly readable:
[https://www.gov.uk/government/uploads/system/uploads/attachm...](https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/504238/Equipment_interference_draft_code_of_practice.PDF)
\-- Chapter 7, begins at page 57.

~~~
benevol
All these new US & UK laws literally _scream_ "Snowden is a traitor!".

Who wants to live in such a society?

~~~
noir_lord
Would I want to? Hell no.

Unfortunately the sands are shifting under me and since we are about two steps
back from full idiocracy I can't see it changing.

We have an electorate is willfully almost gleefully uninformed, ruled over by
politicians who are venal and rarely if ever held to account.

The whole system is bullshit from council to ministers.

The interesting question for me is more "has it always been this bad and we
didn't know or are things actually worse now", I'm leaning towards the former
as if you look at the history of government (in this country and most
countries tbh) it's a litany of abuse after abuse.

------
joesmo
I think it's safe to say that if this passes, UK security companies will no
longer exist for all intents and purposes. I'm not saying they'll immediately
go out of business, but I can't imagine anyone in their right mind trusting
any UK business again, especially companies outside the UK. I'm not simply
talking about companies whose main line of business is security, but
essentially every technology company that even has an SSL'd website.
Considering the wide variety of global competition, how could a serious CTO
allow his company to do business with any UK company knowing he's exposing his
own company to risks that could shut it down? No one in their right mind would
do that.

The same can be said if the FBI wins the Apple case. I cannot see how this
will not destroy at the very least the country's technology infrastructure.
I'm not sure about the UK, but certainly in the US such actions would lead to
a recession or worse considering that technology is pretty much the only
sector to have recovered since the on-going recession. I suspect similar
consequences for any country whose economy relies so heavily on technology,
however.

------
huuu
People who can enter a back door:

    
    
      1. people with a key
      2. people with the skill to open the door (burglar)
    

It's strange the UK thinks number 2 will never happen.

~~~
coreyp_1
#3. People who receive the key from #1 (in the future).

This may be next year's elected official, or the official elected in 10 years,
or the spy who will work in the office 7 years and 2 months from now. Can you
guarantee the intentions and actions of every single future government
employee and official? This, in my opinion, is the biggest threat!

~~~
jacquesm
You can't even guarantee the intentions and actions of the government in its
entirety, good governments have historically been succeeded by bad ones in
roughly the same way that rain eventually follows sunshine and the other way
around. To assume infinite stability of government is a major mistake.

------
josscrowcroft
As a UK-based founder (of a service with more than 10,000 users, which I guess
could be targeted): what real steps could I take to make it _technically
impossible_ to comply with an order like this?

I would sooner leave the UK than sell out on our users and be forced to _keep
quiet and carry on_.

~~~
hlandau
Use your imagination.

The key tool in the box, I think, is to give people orders that you expressly
state can't be later revoked. You can use this to construct something like the
human equivalent of an HSM. (An HSM, after all, is something that you give
orders that in general can't later be superceded, namely about how to control
access to cryptographic keys, thus allowing you to reason strongly about the
security it provides.)

These people will need to be outside the UK, and be people you trust doubly:
firstly to secure whatever cryptographic materials you escrow with them, and
secondly because they can by virtue of that escrow hold your company hostage.

Some possibilities include setting things up so they have to review all source
code changes (making it impossible for you to sneak anything by them); and
some manner of non-duress verification protocol. One possibility off the top
of my head for such a protocol is to declare that a failure to state a certain
password in any conversation constitutes a duress indication. Obviously for
this to work all such conversations must be secure. The idea is that when
you're the subject of a notice and are asking them to backdoor things with the
government breathing down your neck (possibly literally), the person on the
other end starts acting oddly mutinous, but you appear to be doing everything
you can to get them to comply. So long as the government can't prove you've
done anything to be unhelpful - can't prove the existence of the non-duress
password - it seems like it would be hard to find a case to prosecute you.

------
Kenji
Am I mistaken or is the UK moving more towards authoritarianism every time its
politics hit the news? Disgusting.

~~~
EliRivers
It's moving towards a kind of Daily Mail fantasy land, in which there are
peedos and brown-skinned terrorists everywhere, simultaneously wanting to live
their lives taking advantage of the country, and also destroy it.

I see my tax bill going down, knowing that the few hundred quid extra I have
per year (which is basically lost in the financial noise for me - meaningless)
means that somewhere someone who really needed that money or the service it
paid for is now being fucked over. I don't even know who; Cameron and chums (I
go sailing sometimes with a chap who used to share a house with Dave Cameron;
apparently he was a self-entitled tosser then as well) are fucking poor people
over on my behalf, presumably thinking that this is what I want. Or maybe they
don't even think it's what I want; maybe they're on some bizarre Randian kick,
living in the Westminster bubble in which poor people simply don't deserve any
help, and this is some kind of moral crusade from their messed-up Westminster
bubble. The benefit to me; zero. The cost to the people at the bottom;
devastating.

I see our "leaders" acting as absolute cowards; these are the people who
should be inspiring us, but instead they rush to surrender our freedoms as
fast as they can. Again, presumably because the Daily Mail tells them that
this is what we want. The other lot aren't any better. Remember when Harman
wanted to introduce compulsory ID cards? She had a long record of voting in
favour of more government power and fewer civil liberties. Intellectual and
moral cowards, the lot of them.

~~~
alextgordon
This is what I struggle with. Are they evil, blind, or both? The Conservatives
are firmly in power now. Labour, the Lib Dems and even UKIP have been
neutered. Corbyn is not going to lead Labour to victory in 2020.

You would _think_ that they could relax. They no longer need to pander to the
tabloids. If they liked, they could dismantle the media and rebuild it in
their image. They could build a gigantic statue of Theresa May. They could go
to war. The potential for evil doings is endless.

Instead they spend their time fucking over disabled people. I mean... _why_?
What's in it for them?

------
reacweb
Would you accept a bill to force TSA locks on all houses ?

~~~
nixgeek
This is a slightly different situation since it's within the realm of
possibility for companies to implement security measures which make it
difficult (or impossible) for interception of data by LEO.

That isn't really true in the case of houses so there's no need to legislate
for "TSA locks" (master key system). Obtaining a warrant is still required but
once you have authority, you can bash in the door, drill the lock, etc.

~~~
AnthonyMouse
> This is a slightly different situation since it's within the realm of
> possibility for companies to implement security measures which make it
> difficult (or impossible) for interception of data by LEO.

I don't understand why people imagine this to be a novel situation. LEOs can't
get documents if the suspect always destroys them immediately after reading
them. If you keep your secrets in a box in a hole in the middle of the desert,
a warrant isn't going to find it or even prove it exists.

That has never been an excuse to ban paper shredders or track everyone's
movements 24/7 in case they ever went to a secret place to do a secret thing.

------
pif
That's not different from what has always happened with telephone companies in
many countries, maybe worldwide. And nobody was ever shocked about it!

------
naveen99
What stops rich evil people from buying or incorporating a small town (with
its own police force) just to get access to these powers nationwide ?

------
wuliwong
I was wondering how I might be affected as a non-UK app user? It sounds like
any company which has employees in the UK could be compelled to install a
backdoor if this legislation becomes law. I'm not sure how this would play out
but I'm hoping that if this becomes law it isn't essentially a law forcing a
backdoor into all the apps that I use on a daily basis. My guess is that the
companies would release geo-targeted versions of their backdoored apps for UK
users downloading them from the various app stores and non-UK users would
still be downloading the non-backdoored versions. But maybe not?

------
philip142au
So simply if someone hacks into that startup company they can use all those
backdoors to spy on what the government employees do with their phones.

People need to think of the consequences of getting what you want.

------
chippy
I believe that whilst a CSP (small IT company with >10K users) cannot directly
publish details about a warrant, they are able to publish things like "We have
responded to 2 warrants in the first quarter".

7.21 in the notes pdf about section 115 in the Bill

"This includes provision for CSPs to be able to publish information in
relation to the number of warrants they have given effect to. In order to
ensure that this does not reveal sensitive information that could undermine
the ability of the security and intelligence and law enforcement agencies to
do their job, further information on the way in which this information can be
published is set out in regulations. The regulations make clear that
statistical information can be published on the number of warrants that a CSP
has given effect to within a specified range rather than the exact number. "

So a company can both disclose the number of warrants and are authorized to
disclose information about warrants in general and not particular ones.

For example, a company would be allowed to publish how much warrants have cost
them and taxpayers.

------
vixen99
Meanwhile in the UK: "Fingerprints and DNA of at least 45 terrorist suspects
must be destroyed after police forces failed to complete paperwork which would
have allowed them to be stored indefinitely in anti-terror databases, a
watchdog has disclosed. The error means potentially vital forensic evidence
will be lost at a time when Britain is in a high state of terror alert. "

[http://www.telegraph.co.uk/news/uknews/terrorism-in-the-
uk/1...](http://www.telegraph.co.uk/news/uknews/terrorism-in-the-
uk/12190961/Fingerprints-and-DNA-of-at-least-45-terror-suspects-must-be-
destroyed-report-reveals.html)

------
xrorre
Better wording of a back door is donwgraded security. For an institution whose
sole purpose is to engender security, they do the opposite. It's like saying
they have better, more expensive guns than the rest of us.

Which collectively if you think about it, and round up all the PCs in each
home, and all the security that goes into them, it's (collectively) the most
militarized group of computers there is, and they obviously don't feel
outgunned.

~~~
diskcat
>For an institution whose sole purpose is to engender security, they do the
opposite.

Well the security they engender is mostly physical security i.e. not getting
blown up by terrorists while the security they want to breach is information
security. I could see why some people would not mind trading privacy for
reducing the chance of getting blown up, all else being unconsidered.

~~~
pjc50
The problem is that some privacy is essential for democracy to function: you
can't have the secret police going around bugging political parties and
feeding information to their preferred candidates. Breaching encryption is
like _Watergate_ but without all the tedious need to physically break into a
hotel.

~~~
pif
> Breaching encryption is like Watergate but without all the tedious need to
> physically break into a hotel.

I don't agree. When I'm in a hotel room, I'm supposed to enjoy some privacy.
If this bill passes, you will know _a priori_ that electronic communication is
under judiciary control. As I said before, it will be the same as it has
always been with telephone.

Really, absolutely-private remote communication didn't even exist before the
advent of computers. And now it looks like it's a fundamental human right and
no discussion is possible. I don't think that such a bill should be forced on
UK (or any other) people, but fighting criminality is at least as important,
and I'm not shocked that compromises are being proposed and discussed.

~~~
pjc50
Remote communication other than by courier didn't exist at all prior to the
19th century and the telegraph. That's why it was left out of the construction
of the 4th Amendment.

You can make an argument for crimefighting, but then you have to stay within
the judicial boundaries: limited access, requiring a warrant, limited _use_ ,
requirement for basis for suspicion. The crimefighting process is there to
produce _evidence_ which is then presented to a _court_ in _public_.

The problem with the IPbill is that it comes from the military intelligence
point of view instead. The process produces _intelligence_ which is then
_classified_ and is illegal for the public to see. There are warrants to be
issued under the IP bill: it is a criminal offence for the people on whom the
warrant is served to "to disclose to any person, without reasonable excuse,
the existence or contents of the warrant." This provision does not come with a
time limit. You can be ordered to hack activists or opposition parties or
human rights lawyers and not allowed to whistleblow, ever.

There are some extraordinary little subclauses like 154.(9):

"Any conduct which is carried out in accordance with a bulk equipment
interference warrant is lawful for all purposes"

~~~
pif
You make a sensible point against this particular bill.

I just can't understand why any resemblance of a limitation of the privacy
over electronic communication is greeted with such outrage. I do understand
that encryption can be either controllable XOR secure. But my point is that
secure encryption has never been a right: actually, the discussion has just
started, due to the recent spread of its usage.

Again, telephone and (thanks for reminding) courier have always been
controllable, thus not secure. Deciding whether a non-controllable medium of
remote communication should exist, and who may use it, is a social and
political question (like, for example, cloning: it is technically possible,
but drastically controlled by laws). I understand it's quite natural for us
HN-ers to stand on one side, but the world is bigger that HN.

~~~
pjc50
_the discussion has just started_

I'm afraid it's been going on for decades:
[https://www.epic.org/crypto/clipper/](https://www.epic.org/crypto/clipper/)

And that's partly why the mistrust exists. Law enforcement agencies are not
given the benefit of the doubt on this because of previous abuses. There's a
history here which is too long to #include every time the subject comes up.

 _Deciding whether a non-controllable medium of remote communication should
exist, and who may use it, is a social and political question_

"Controllable" is a word shift from "secret", and that's what the US 1st
Amendment guarantees: the existence of non-controllable means of remote
communication. After all, one of the founding heroes of the US was a
""terrorist"" who brought messages to the other members of his anti-government
cell.

The UK situation is much worse, and a full discussion would have to involve
the abuses of the last generation of antiterrorist police and military action
in Northern Ireland.

------
MarcScott
I suspect that there will be a massive drive from early adopters, such as HN
readers, to shift toward FOSS and decentralised services, where such laws
wouldn't apply (I'd have thought), in order to avoid state intrusion on their
private affairs.

Others would then follow, and although a lucrative industry might suffer, in
the long run we may all be better off.

------
girkyturkey
After reading this article, news about this scares me. What happens when we
leave a governments power unchecked? There have been too many times throughout
history where unchecked power can lead to disastrous consequences. We need our
voices to be heard, not silenced by the government.

------
gripusa
One option could be to introduce a third party user driven based end-2-end
encryption on the data. This would mean, you can say "Man i am happy to
cooperate but i have nothing in my control".

------
spacecowboy_lon
I think tech crunch is panicking Given that this is for CSP ie ISP or Telco to
facilitate tapping (as all ready happens)

It looks likely that 95% of the startups in the UK wont be covered

~~~
TheOtherHobbes
No - because the definition of CSP is vague enough to include _any_
professional provider of online content and/or services.

So it's more likely that 100% of UK startups (with at least 10,000 users) will
be covered.

This doesn't mean that startups have to build in backdoors now. But it does
mean that if someone from the Ministry of Something or Other or MI5/6 or the
Police turns up and demands a backdoor and/or access to records, the startup
has to comply.

I have no idea where this leaves Apple, providers of VPNs, or startups trying
to provide secure communications.

At a guess it means they'll probably try to stay outside of UK jurisdiction.
And I won't be even slightly surprised if banning VPNs is the next step.

It's obvious this is going to collide head-on with the Apple vs FBI case in
the US. But this time we won't be able to follow it, because the legislation
includes a press and reporting gag.

The UK's Home Office is notorious for being stuffed full of authoritarian
paranoiacs, and they're always doing stupid shit like this. You can't even
blame the current gov because it was the same story with the previous crowd -
although the authoritarian paranoiacs in power now seem to be trying to take
things to the next few levels.

~~~
spacecowboy_lon
The definition of CSC is key and I suspect will need to be defined in law
quitly lobbying a few Lords or sympathetic MP's to ammend the bill would be
better - praying Apples very weak case against the FBI in aid wont help.

------
merpnderp
How will this impact operating systems like Ubuntu? Will they be forced to put
a back door into anything that connects to the internet?

------
wepple
it mandates providing capability for interception, interference, and
acquisition.

I wonder if we're going to see companies making increased efforts to make as
much customer information completely unavailable to themselves to make these
warrants not worth applying for? Unfortunately most businesses cannot operate
in this manner fully, obviously.

------
cinquemb
>“Small companies (with under 10,000 users) will not be obligated to provide a
permanent technical capability, although they may be obligated to give effect
to a warrant.”

I can imagine someone getting creative and redefining what they call a user…
though I can imagine this devolving into if you have under x page views… and
then x time spent on site… how much bandwidth over the wire… etc.

Such a joke, I hope everyone is enjoying their view of the circus lol

------
ConfuciusSay02
Please, I urge you to put backdoors in all your startup apps.

Sincerely, Russia & China

------
easytiger
People are missing the point a lot here. I have good reason to believe that
this is being pushed and supported by those seeking punitive enforcement of
copyright laws. Combine this with recent internet tracking laws and you have a
serious problem

------
narrator
I think there was this idea that crypto nerds could just ignore politics and
seek liberty via technological solutions and live in their own little make
believe geek data haven wonderland. Wrong.

------
Huhty
Little by little, month by month, our privacy is going out the window.

It's similar to how they are making smoking less and less popular by making
new laws, increasing prices, and raising the legal smoking age.

------
hathym
admit it, we live in a fu __* up world.

------
deepnet
Lie to the machines !

Under the spreading chesnut tree, I sold you and you sold me.

Be Vigilant. Be Pure. Behave.

------
throwaway21816
>UK Does something evil

No way!

------
Mullefa
I'm creating my own startup at the moment. I haven't got a front door, let
alone a back door...

------
andy_ppp
I looked through the draft bill a few months ago and I couldn't find the "we
will force you to put backdoors in your software" anywhere in the bill.

Most of it seems like bureaucrats trying to get access to information after
they have obtained warrants. It all seems a lot more boring and a lot less
cloak and dagger if you actually dredge through the bill here:

[https://www.gov.uk/government/uploads/system/uploads/attachm...](https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/473770/Draft_Investigatory_Powers_Bill.pdf)

The document mentions encryption four times and backdoors no times. One of
those times is to say that the bill does not change anything about encryption
that isn't already in law under this bill, RIPA:
[https://en.wikipedia.org/wiki/Regulation_of_Investigatory_Po...](https://en.wikipedia.org/wiki/Regulation_of_Investigatory_Powers_Act_2000)

Really actually more scared of RIPA (which is already law) than this:

"In October 2014, it was revealed that RIPA had been used by UK police forces
to obtain information about journalists' sources in at least two cases. These
related to the so-called Plebgate inquiry and the prosecution of Chris Huhne
for perversion of the course of justice."

It's amazing to me that the first two cases are absolute abuses of power; I
thought we were still being told that these laws were to stop terrorists and
paedophiles, not find out journalists sources...

~~~
sh1989
Section 189(4)(c) of the Draft Investigatory Powers Bill places "obligations
relating to the removal of electronic protection applied by a relevant
operator to any communications or data".

A relevant operator includes telecommunications services, defined in s193(11)
as "any service that consists in the provision of access to, and of facilities
for making use of, any telecommunication system (whether or not one provided
by the person providing the service)"

This has been slightly changed, now that the IP bill is no longer a draft:
[http://www.publications.parliament.uk/pa/bills/cbill/2015-20...](http://www.publications.parliament.uk/pa/bills/cbill/2015-2016/0143/16143.pdf)

The above draft is now re-written as:

s217(4)(c): "obligations relating to the removal by a relevant operator of
electronic protection applied by or on behalf of that operator to any
communications or data".

There's an appeals process, but the gist is that they're not outright banning
backdoors. But if they come knocking, you better find a way to remove any
protection that's there. Which is rather chilling.

~~~
andy_ppp
If the government goes to a judge and gets a court order to access information
this is what I consider reasonable and in fact a good thing!

It seems to suggest that technical feasibility and cost needs to be taken into
account as well. If it's technically impossible due to Spider Oak style end to
end encryption or for example the new iPhones (6+6s) having some very advanced
encryption features I'm not certain that there is a requirement to insert a
backdoor.

If the security services were monitoring a person who was genuinely planning
to kill people and they asked you to put in a limited back door?

Most services remember do not have encrypted backend systems and it'll
probably always be this way.

Mass surveillance is the complete opposite of this and is a totally
unreasonable intrusion.

~~~
ConfuciusSay02
Except if you put in the back door it's not limited to that one person
planning to kill people. It would be for everyone, in which case it is
potentially mass surveillance.

Not to mention that the "someone planning to kill a bunch of people" scenario
never actually happens. Typically these tools are used when prosecuting
regular people for regular crimes, or looking for information after an attack
has already happened (San Bernadino). Nobody has yet been able to point to a
case of consequence where this type of surveillance was ever used for someone
actively planning an attack.

~~~
andy_ppp
I like that you pointed out it never prevents the attack, always worth
remembering. Does finding connections from an attack work either?

