
UK spy bill will force tech firms to disclose future products before launch - maze-le
http://www.zdnet.com/article/uk-spy-bill-will-force-tech-firms-to-disclose-future-products-before-launch/
======
PJDK
There's a lot of comments in this thread throwing up their hands about this.
That's the attitude that will let this sort of thing happen.

Bills are published like this well ahead of them even being debated so that
interested parties can comment.

There's a major faction within the Conservative party that is pro privacy
(e.g.
[http://news.bbc.co.uk/1/hi/uk_politics/7450627.stm](http://news.bbc.co.uk/1/hi/uk_politics/7450627.stm)),
and it's also pro business. This is anti privacy and anti business. It's a
winnable fight, but not if you give up at the first suggestion of a thing you
don't like.

Write to MPs, say "As CEO of awesome corp I would seriously consider
relocating to Berlin". That sort of thing will get attention.

~~~
secfirstmd
People of Ireland speaking here:

-Not a massive fan of the British surveillance state?

-Want to stay in the EU?

-Enjoy low corporate tax rate of 12.5%?

-Enjoy friendly, well educated, English speaking, Pro-American people, good beer, decent music, nice quality of life, low crime and safe green natural environment?

-Want (relatively incompetent) pro-business government to butt out of your companies launch plans?

Invest in Ireland -> [http://www.idaireland.com](http://www.idaireland.com)

This has been a public service announcement from the country next door.
#irelandlovesyou :)

~~~
iuguy
I've started putting my affairs in order in preparation to move to Ireland
should Brexit actually happen. There will be massive upheaval in the UK if it
goes ahead, and I'm not sure sticking around would be my preferred option.

~~~
tremon
As a mainland European, I'm starting to root for Brexit too. The sooner we're
rid of the toxic influence of England, the better. It's a shame though, as
England was a huge proponent of necessary EU reform as well.

~~~
vixen99
Sadly you don't have a vote! Aside from this bill which has not been passed
yet, what's the toxic influence you're concerned about?

~~~
tremon
No, I'm not sad about that. It's not my "fight".

I was mainly referring to the xenophobia expressed in the lead-up to the
official campaign. It seemed to be mostly directed at Eastern Europeans, but
the UK isn't exactly doing a stellar job accepting Syrian refugees either
(what's the latest figure? 20,000 refugees over a five year period? That's the
same figure that The Netherlands accepted just last year. Sweden admitted 4x
that figure in 2015).

But the overall repressive stance towards software/technology, or the
authoritarian stand-off between the MoH and NHS doctors doesn't help to raise
my opinion of the UK either.

------
CommanderData
Don't forget this from 2 months ago.. UK surveillance powers bill could force
startups to bake in backdoors

[https://news.ycombinator.com/item?id=11265666](https://news.ycombinator.com/item?id=11265666)

These laws WILL affect UK tech start-ups if privacy has anything to do with
their business model.

I have said so in the past, don't register your tech startups in the UK.
Boycott is sometimes an effective means for change. UK law makers know this
could back-fire, they are taking a gamble they have already lost.

------
JustSomeNobody
Between the US and the UK, this is just getting comical.

How do these governments not see that the people who would do harm to us will
get their encrypted tech from somewhere else and bring it with them.

Just adds full to the fire that this has nothing to do with protecting
citizens.

~~~
beedogs
In the end, it's about controlling citizens and predicting their behaviour,
not protecting them.

------
stegosaurus
Do we just end up in a state where the idea of a 'firm' has to radically
change?

It feels like the ultimate endgame of all of this is either that the
technology industry just freezes (because innovation is killed by
bureaucracy), or that we end up in some cryptopunk space in which the only
interesting stuff happens over Tor/Freenet/whatever else.

And of course, the latter becomes harder every day with hardware backdoors.

I think that fundamentally the idea of the state regulating commerce is
flawed.

Individuals want to be able to make choices, but at the moment they can't
because economics forces their hand. Apart from a few radicals, everyone has
to use a car, has to use the subway with its' smart card, has to use their
mobile phone for business, because otherwise society doesn't have a role for
you any more.

Can UBI help here? Or are we really just doomed to basically disable the
Internet we created because it's too powerful?

------
tankenmate
And what about open source software that anyone can download from the
internet? How does Govt UK intend to manage / police that?

~~~
tempodox
Logically, there has to follow a law that forbids using hardware, software, or
anything else for that matter, that wasn't built in accordance to the new
rules. So go dig up grandpa's type writer and slide rule...

~~~
madaxe_again
You kid, but the kremlin went back to purely mechanical typewriters a few
years ago for this precise reason - and even they can be bugged.

~~~
adrianN
[https://en.wikipedia.org/wiki/Acoustic_cryptanalysis](https://en.wikipedia.org/wiki/Acoustic_cryptanalysis)

------
deepnet
Red tape, costly, lengthy & opaque approvals process - exactly what the UK
tech industry needs to flourish. /s

The chilling effect could be that compliant companies are fast tracked, while
those who insist on due process get quagmired.

------
stuaxo
FFS, are they just trying to kill off the tech industry in the UK?

~~~
JustSomeNobody
And the US...

"Any company with operations in the UK -- including Apple, Facebook, Google,
Microsoft, and Twitter, which have submitted written evidence calling on the
British lawmakers to revise the bill -- would have to comply with the rules."

~~~
czechdeveloper
This will not kill US tech companies. Maybe their UK market.

I'd love to see those companies just leave UK ale let them have what they
asked for.

~~~
azazqadir
This will affect US companies though.

------
antihero
Idea: Create a company who's explicit purpose is to create and submit billions
of iterations of the same software for their auditing purposes which
horrifically unreadable/obfuscated code that completely swamps whatever agency
is responsible for the process, and effectively DoSes them until literally
nobody can release software at all.

------
nunobrito
From today's Dilbert:
[http://assets.amuniversal.com/721c8690d8e901334e5c005056a954...](http://assets.amuniversal.com/721c8690d8e901334e5c005056a9545d)

------
kempe
Sounds like 1984 coming closer and closer each day.

I wonder however about the negative consequences to the tech industry, why
would a company purchase a service they can not trust anymore due to weak
encryption?

They government probably also will miss their target completely as criminals/
terrorists etc will simply choose other products and services.

------
tempodox
We're really living in the age of overreaching surveillance. Law makers seem
rabid and unable to consider reason: Just because surveillance is possible, it
also has to be taken to the very top. They cover their asses while ruining
everything else in the process.

------
chris_wot
Say goodbye to the tech industry in the UK!

~~~
fit2rule
Indeed. Won't be buying British at all from now on. In fact, I'm putting UK on
my blacklist of places to go, and places to buy from/invest in.

Sorry Brits. You are letting your state fall into absolutel disaster. I'm
putting you in the same bag as North Korea, now - your state cannot be trusted
one bit.

~~~
stuaxo
I'm curious where you are based, as someone in the UK, I'm not keen on going
to the US because of the crazy border controls amongst other things.

~~~
fit2rule
I am in middle Europe, in the sort of country where the lessons of these sorts
of shenanigans are not, generally, over-ignored by the general populace at
large, and the citizenry indeed feels genuinely responsible for not letting
these apparat re-emerge as a means of social control.

Alas there are generations and generations of Westerners - after all, we are
stateless here in the HN frame - who are, moreover, completely willing to
overlook the crimes of their state and just let it all happen, "for whatever
reason". This is why I, also, choose not to ever live in the US. (It is the
only reason: that I chose not to.)

Members of states currently erecting apparatus of human social control, with
explicit intent to violate human rights of any individual, no matter their
non-/statehood, need to do one thing to change it all: move. Keep moving.
Abandon your culture, and acclimate to a new one. Repeat, ad inf.

~~~
switch007
300,000+ people a year emigrate from Britain. What number is required to
"change it all"? Have you experienced a revolution of any kind? Studied
revolutions in detail perhaps? I haven't, but I do live in the UK.

Perhaps you believe if we just voted for the other party, everything will
change? It's so much bigger than that.

~~~
fit2rule
Yes, well, its a start ..

------
jamedjo
First thought was that people would protest this by flooding the relevant
department with product updates, maybe triggered on each commit. Then I
noticed the caveats:

\- Updates don't count: only significantly large changes need disclosing.

\- Can't be forced on companies with fewer than 10,000 users. Maybe
commercially led open source products could claim that users are spread across
many forks each with fewer users.

\- New product disclosures only applies to communications companies already
forced to backdoor existing products. Maybe we'll see companies akin to
Alphabet evading the need to backdoor new products by forming separate
companies.

Overall I'm more worried by the requirement to backdoor communications than
having to disclose new services. Security shouldn't be sacrificed.
Additionally the gagging order would prevent companies from being honest with
their users as well as making it harder for them to fight against it.

------
jackgavigan
Worth remembering that this has effectively been in place for some time:
[https://news.ycombinator.com/item?id=6893947](https://news.ycombinator.com/item?id=6893947)

~~~
15thandwhatever
In the US, we've had this[1] in place for some time on products for phone
networks.

1:
[https://en.wikipedia.org/wiki/Communications_Assistance_for_...](https://en.wikipedia.org/wiki/Communications_Assistance_for_Law_Enforcement_Act)

------
fsloth
So the UK intelligence wants the capability provided by the Echelon
surveillance network back?

It's actually not as chilling in the sense that this would be nothing new -
rather, I'm sure the spooks are grieving the fact that people are moving to
secure technologies.

I'm pretty sure that before the internet no envelope or phone call was
inaccessible.

------
willow9886
This is quickly shaping up to be another "War on Drugs"... It's hard to
determine whether UK lawmakers actually think bills like this will make them
more secure, or if it's just one incremental move in a long term strategy to
remove any assurance of privacy.

Either way the UK gov is looking highly incompetent.

------
fsloth
And I thought the character of 'C' in the Spectre(2015 film) was a bit over
the top. How silly I was, the fact that it culminated only on one character
was actually a massive understatement

------
knorker
So it's prior restraint?

------
7952
Could this be applied to browsers I wonder?

~~~
tempodox
Absolutely. The fact that it's a crackbrained idea won't stop law makers. To
quote a sentence I once heard: “It's the law, reason doesn't enter into it”.
You had better not get caught using the wrong browser in the U.K.!

~~~
coldcode
Simply mandate IE6 for everyone. Easy to hack, no longer supported so hacks
keep working, no need to announce new versions, problem solved.

