
Petition against UK Home Office plans for surveillance and encryption backdoors - ianopolous
https://act.openmedia.org/saveoursecurityuk
======
ianopolous
The actual document is here:

[https://www.openrightsgroup.org/assets/files/pdfs/home_offic...](https://www.openrightsgroup.org/assets/files/pdfs/home_office/ANNEX_A_Draft_Investigatory_Powers_\(Technical%20Capability\)_Regulations.pdf)

~~~
JupiterMoon
Is it safe to share this if a UK citizen? I.e. would a UK citizen be
criminally liable under the Official Secrets Act or similar.

~~~
nthcolumn
The Official Secrets Act must be signed by you and pertains to 'official
secrets' you may become party to as a servant of the Crown. It is not illegal
to share this as a common civilian. Whether it is safe to do so is another
matter entirely.

~~~
Guyag
If the Official Secrets Act applies to you, it's an offence to break it even
if you've not signed it.

[http://researchbriefings.parliament.uk/ResearchBriefing/Summ...](http://researchbriefings.parliament.uk/ResearchBriefing/Summary/CBP-7422)

edit: beat to it by a minute!

------
satysin
Not only is this stupid from a technical point of view but it could ruin the
UK software industry because who in their right mind would buy any software
knowing it is deliberately compromised?

~~~
mike-cardwell
Yet people and governments around the World still use IT services provided by
the USA, even though they know their data is utterly compromised by doing so.

~~~
JupiterMoon
The USA does not ban secure software completely. At the moment there is a
chance that a US or UK company's software is government compromised. If this
bill becomes law in the UK then all UK software must legally be government
compromised.

~~~
ukname
they do. Steven Levy's crypto wars highlights the lengths America went to
destroy secure software.

------
infinity0
interesting loophole:

“relevant telecommunications operator” means a telecommunications operator, or
a person who is proposing to become a telecommunications operator( b ), but
does not include a person who provides, or who is proposing to provide, a
telecommunications service only in relation to the provision by that person of
banking, insurance, investment or other financial services.

~~~
MarkMc
Smart move. I am planning to add end-to-end encryption to my UK accounting
software. Without this loophole I would have been forced to move my business
outside the UK.

------
piqufoh
> 7\. To ensure that any hand-over interface complies with any industry
> standard, or other requirement, specified in the technical capability
> notice.

... Presumably now that the "industry standard" contains a backdoor, we (the
people) can have a backdoor into this hand-over interface too?

------
ed_balls
It seems there is no official petition
[https://petition.parliament.uk/](https://petition.parliament.uk/)

------
FullMtlAlcoholc
If this comes to fruition, i will never use software originating from the UK
again.

~~~
turblety
Me and a bunch of IT colleagues are all planning to leave and goto Europe once
this and the Brexit stuff happens. The UK's going to be left with a bunch of
uneducated, old fashioned, racist and obedient zombies. So don't worry, the
UK's basically done. I'm guessing less and less products and research will
come out of the UK until it basically becomes an irrelevant country.

~~~
stevekemp
If you're really committed to leaving I suspect it would be better to do so,
and get settled, in advance. Instead of on the flag-day when "everybody" else
is also leaving.

Moving countries isn't easy, and getting settled in a new location takes time.

~~~
bazzargh
It's already too late in most cases, getting permanent residence rights
elsewhere in the EU requires you to have lived there for 5 years; but there's
under 2 years left before UK citizens lose their rights to work elsewhere in
the EU. So you'd have to emigrate as a non-EU citizen, unless you qualify
under one of the get-out clauses (eg joint citzenship, or you go to work in
the EU and then have an accident that prevents you from ever working again(!))

~~~
fauigerzigerk
No, that is not necessarily the case. It will depend on the outcome of the
negotiations.

The 5 year rule is part of the existing freedom of movement regulation. It
provides additional protection against getting kicked out in case of sickness
or unemployment.

Exercising the right to live and work anywhere in the EU before Brexit takes
effect may well mean that you can keep those rights after Brexit and acquire
permanent residence rights later on.

Anything else would mean that hundereds of thousands of people would have to
be deported, which would go against every promise made in the referendum
campaign.

------
CyberDildonics
You would think they might be a little less sympathetic to back doors with the
NHS currently having problems with ransomware

~~~
lordnacho
My bet is they will turn it into an even better reason to have back doors. And
no, logic doesn't come into it.

------
infinity0
"To provide and maintain the capability to disclose, where practicable, the
communications, equipment data and other information in an intelligible form
to standards specified in the notice and to remove electronic protection
applied by or on behalf of the telecommunications operator to those
communications, equipment data or other information, or to permit the person
to whom the warrant is addressed to remove such electronic protection."

Could this be interpreted, legally, to exempt end-to-end encryption?

\- When implemented properly (i.e. with proper key verification UIs) it should
not be "practicable" for communications operators to force disclosure of the
contents of users' communications.

\- End-to-end encryption is not "applied by [..] the operator" but rather
applied by the users' device.

~~~
rocqua
They might argue that it is 'practicable' to force-push a software version of
whatsapp that also sends the messages to the government. Alternatively, they
could argue that since e2e services can't provide this backdoor, they aren't
legal.

------
CommanderData
I've advised a few companies to register (if feasible) a company in the EU or
use Atlas to try and complicate being legally compelled in issues like these.
These ideas are dangerous and backward.

I can't see overseas companies trusting UK start ups with confidential trade
and commercial secrets. There is already enough cooperate paranoia after the
NSA was accused of spying on European corps and there seems to be evidence to
suggest such a thing actually happened.

Atleast I'm not the only person who thinks these policies are making the UK a
unpopular place to open shop as long as there are countries with not so
oppressive laws.

------
driverdan
News article:
[http://www.bbc.com/news/technology-39817300](http://www.bbc.com/news/technology-39817300)

------
hacker_9
Seriously.. how many leaks have there been in the past week?? I'm losing
track.

~~~
Symbiote
Maybe it's time to watch Yes Minister again.

