Never mind that this is totally unenforceable. I could write up a one time pad with pen and paper. Most won't. Crooked cops will sell data. They'll blame "hackers".
You only need look at the talktalk debacle to see how incredibly warped this govt's views are - they haven't arrested anyone at talktalk, who are tge ones who had such poor infosec that script kiddies could blow them wide open. Instead they're arresting children.
Oh, and I'm seriouslt considering redomiciling my company - we only contribute a few hundred million quid to the UK economy.
I've heard from sources inside the government that their intention is to maintain the legal status-quo dating from RIPA 2000. Which is to say that service providers have to disclose personal communications where reasonably practicable.
Since it's not possible for service providers to break end-to-end encryption, they will have a defence. Obviously this is a bit of a fudge and the position may need clarifying in court. But it's not the intention of this bill to change the legal status quo.
If they didn't mean to change the status quo, they wouldn't have introduced a bill.
As it happens, they do want to change the status quo, by making clearly acceptable for authorities to eavesdrop, something that was, er, technically illegal before, despite them doing it anyway.
So instead of punishing spooks for breaking the law, they're changing the law. Easy, innit?
Just strictly on this point, sometimes bills (or parts of bills) are introduced to clarify existing law. It may be a matter of subtle semantics, but this is often what is meant when it is claimed that a bill will not change the law.
So yeah, what they really need is a change, because current law is very clear that what they do is illegal.
And article 8 has an ill-specified "national security" exemption. http://ukhumanrightsblog.com/incorporated-rights/articles-in...
Here, the definition of "telecommunications provider" seems (to my understanding) so broad as to cover any provider of an online service, paraphrasing section 193:
"Communication" is "anything comprising speech, music, sounds, visual images or data of any description" and "signals serving either for the impartation of anything between persons, between a person and a thing or between things or for the actuation or control of any apparatus."
And a "telecommunication service" includes "any case where a service consists in or includes facilitating the creation, management or storage of communications transmitted".
Section 189 titled Maintenance of technical capability allows the Secretary of State to make obligations on telecommunication services including (paraphrasing again):
* relating to apparatus
* relating to the removal of electronic protection applied by a
relevant operator to any communications or data
* relating to the handling or disclosure of any material or
in addition to requiring them to "provide facilities or services of a specified description"; the specification apparently being deferred until notice is served on the service provider.
Conversely, the Secretary of State is required to consult before serving a "technical capability notice" and section 190 lays out a number of considerations for the Secretary of State including "technical feasibility", "likely cost", "likely benefit" etc.
But other than these apparently very weak constraints, it appears to provide carte blanche for the Secretary of State to demand new technical capabilities of any service provider for the warranted access and interception of any user data they store or transmit.
(a)to monitor or interfere with electromagnetic, acoustic and other emissions and any equipment producing such emissions and to obtain and provide information derived from or related to such emissions or equipment and from encrypted material; and
(2)The functions referred to in subsection (1)(a) above shall be exercisable only—
(a)in the interests of national security, with particular reference to the defence and foreign policies of Her Majesty’s Government in the United Kingdom; or
(b)in the interests of the economic well-being of the United Kingdom in relation to the actions or intentions of persons outside the British Islands; or
(c)in support of the prevention or detection of serious crime.
May lead to "implement backdoors and ban unknown ciphertext"
It's already being planned, see:
It will not include powers to force UK companies to capture
and retain third party internet traffic from companies based
overseas. It will not compel overseas communications service
providers to meet our domestic retention obligations for
communications data. And it will not ban encryption or do
anything to undermine the security of people’s data. And the
substance of all of the recommendations by the Joint Scrutiny
Committee which examined that draft Bill have been accepted.
Granted though, that is the single mention of encryption in the entire speech.
Draft bill is here: https://www.gov.uk/government/uploads/system/uploads/attachm...
The draft Bill will not impose any additional requirements
in relation to encryption over and above the existing
obligations in RIPA.
What is it?
27. Equipment interference allows the security and intelligence
agencies, law enforcement and the armed forces to interfere with
electronic equipment such as computers and smartphones in order to
obtain data, such as communications from a device.
Equipment interference encompasses a wide range of activity from
remote access to computers to downloading covertly the contents of
a mobile phone during a search.
Why do we need it?
28. Where necessary and proportionate, law enforcement agencies and the
security and intelligence agencies need to be able to access
communications or other private information held on computers, in
order to gain valuable intelligence in national security and
serious crime investigations and to help gather evidence for use in
Equipment interference plays an important role in mitigating the
loss of intelligence that may no longer be obtained through other
techniques, such as interception, as a result of sophisticated
encryption. It can sometimes be the only method by which to acquire
the data. The armed forces use this technique in some situations to
gather data in support of military operations.
This is really the bottom line here. The UK is moving towards a secret court, with secret decisions, copying the US style FISA. So long and thanks for all the cups of tea.
I can't see a lot of ISP staff being happy at having to be PV Veted (Top Secret in US terms)
One part of the "snooper's charter" is that it makes the ISPs / providers liable ("their duty") to store the content of I-Net sessions and provide access to this data for service, police & the tax office (not clear how all of these entities will share the data between each other or with the outside).
De facto this makes any end-to-end encryption or zero-knowledge services impossible to provide from the UK. If this propagates across EU / US / other countries it will bring an end to many cloud-based services & many saving governments & commercial are planning or envisioning for the next years. Wild guess estimate in damages to the UK (five years) - £100Billion + long term effects.
It seems the group of people pushing on this piece of legislation so heavily since years have not learned a bit from what is / has been happening in the UK and elsewhere for many years across industries (alternative reality: they want to create an very large income stream for themselves. This will nevertheless be most likely be short-lived at the cost of the overall UK economy / competitiveness - short- & long-term).
What has been proven over-and-over again in the UK (and certainly elsewhere as well) is that government or similar oversight is not working and is constantly abused by those given access to these means when large financial amounts / incentives are available to those who "bend" these processes / regulations / e.a. to their own benefit. At the same time those so far do not have to fear any reprisal / punishment. This is another shortcoming and clearly demonstrates that the true intentions of this legislation must be completely different from the labeling publicly provided - I'm talking about punishment along the line given to so called "hackers" in the UK / US - 10 years min. - but wait - it was the UK just recently that has removed all punishment for breaking the law 100'000s of times by some of its services (they couldn't make it legal without due process through the parliament so they just removed the punishment).
Let's have a brief look into how well "oversight" works in the UK:
- News of the World (data / access sold off by government employees)
- UK Mis-selling saga with PPI - unique case as almost £30Billion in compensations have been granted - non-working financial oversight
- Gold fixing scandal - non-working financial oversight for many years / decade
- FX fixing scandal - non-working financial oversight for many years / decade
- Bailouts / 2008 financial crisis - non-working financial oversight for many years
- NHS data leaks - no due process and proper data protection
- plenty more to add ...
... crime and abuse of the rules happens when an opportunity is provided with incentives and no reprisal.
IMHO - that is the biggest danger from all these almost limitless surveillance laws and powers provided without checks.
Their previous one about UK gov "backtracking" on encryption backdoors was just as bad.
Read through it and see how 80% of it is the government's opinion about these things. It barely gives mention to what the civil liberty groups are saying.
Read the last four paragraphs of the article, for instance. They only deal with how much of a headache end to end encryption is for authorities - and leaves it at that. What about what the civil liberty groups say about how it protects security and privacy?
This is quite well known—at least to people who think about such matters. Strangely, it seems to have been missed by the majority of HN.
It's a state sponsored news agency: the BBC are the recipients of a "TV tax" (licence fee, if one watches TV).
You have to pay the licence fee even if you never watch any BBC broadcast material. A person who only ever watches ITV would have to pay the licence fee.
And non-payment of the licence fee was a criminal offence with fines, and non-payment of the fine sent many people to prison.
It feels like a tax.
 also tampons and sanitary towels, which probably don't feel like a luxury purchase.
I was informed by a TV license "officer" that provided you detune BBC channels you can still watch commercial channels. In the same way that I am permitted to listen to BBC radio channels (for which no license is required) via a Sky box.
TV licensing have to prove that you're watching on-air BBC broadcasts.
Best known one is having a car with a live video feed (e.g. a reverse camera to the dashboard) -first ones were Range Rovers and other luxury cars but these features are now arriving within more "bread and butter" cars as well.
Still better than in Germany where they recently turned it into a per-household tax to be paid even if you don't watch any TV / broadcast at all.
I used to have a TV license and cancelled it. When they asked why I was cancelling, I said that I consumed my entertainment through non-live streaming services and they were happy. That was at the end of last year and I haven't heard anything since.
Do you drive a modern car, do you have surveillance cameras at your property / your offices? - Bang you have to have a TV license in the UK even if you don't watch any TV.
Every year thousands of people in the UK are pulled to court / persuaded to pay thousands of £s to settle enforcement cases against them (or even go to prison) because they only look at half of the rules.
Whilst true that in Section 9 (Part 3) of 2004 No. 692
ELECTRONIC COMMUNICATIONS BROADCASTING The Communications (Television Licensing) Regulations 2004 a 'television receiver' is defined as:
any apparatus installed or used for the purpose of receiving (whether by means of wireless telegraphy or otherwise) any television programme service, whether or not it is installed or used for any other purpose.
It an offence to
* install or use a television receiver or
* possess or have control of a television receiver with the intent to install or use it or
* possess or have control of a television receiver and know or have reasonable grounds for believing that another person intends to install or use it without a valid TV Licence issued under the Communications Act.
This has been confirmed many times and directly by the BBC in this FOI request
This isn't true.
You can quite happily watch iPlayer or 4OD or Netflix and not be liable to pay the license fee as long as what you're watching isn't live or being broadcast at that very moment.
It basically applies to any TV being watched as it is being broadcast at the time so you are liable to pay anything if you only watch shows after they have been aired.
Myself I tend to watch Netflix, some iPlayer and 4OD stuff and I do not have to pay anything.
That doesn't stop them sending letters once in a while to check though.
The BBC is the only recipient of TV license fees in the UK - of course after plenty of cost created on the way between the consumer / license payer to the BBC / payee.
BTW the BBC is also the TV licensing authority in the UK and is authorised by the government via the Communications Act 2003 to collect and enforce the TV license fee. One of the companies in the Capita conglomerate has been "entrusted" by the BBC / the government to collect the TV licensing fees.
A lengthy correspondence with them led them to conclude that because my TV was not connected to a TV aerial or cable, and I only used it to watch Netflix and iPlayer from my computer, I did not in fact need a TV license.
I've been through this dance with them three or four times.
Has this changed in the last 2 years?
Previously, when I looked, the BBC stated that they received a substantial sum from direct taxation in addition to the license fee. On that basis you pay in part and the BBC is funded [partially] by tax payers. IIRC it amounted to about 5% of the take from license fee payers.
Ah, decided to track it down ... http://downloads.bbc.co.uk/annualreport/pdf/2014-15/BBC-FS-2..., p.34 - "grant-in-aid" funding £243.6 Million up to March 2015 (6.5% of the license fee income).
However it looks like this has stopped in 2015:
"Grants from Government departments
For the year ended 31 March 2014, the BBC World Service
received Grant-in-Aid from the Foreign & Commonwealth
Office. Previously, BBC Monitoring also received a grant from
the Cabinet Office. These grants have been drawn down to
meet estimated expenditure in the year but unspent amounts
do not have to be repaid, as long as they fall within
predetermined limits. The grants are recognised as income in
the financial year that they relate to."
Very minor nitpick: you should say "consume live broadcast TV" as blind people don't watch but still have to pay.
Sorry for this thread going maybe a bit off-topic, but this a subject I am pretty attached too. Again, I am not saying that the BBC is not doing great work, but just that it is not as neutral as what the opinion think it is.
Having worked in news for some years and seen how (esp. online) news are produced and weighted for priority, it is to say, that it is quite a sad state of affairs.
I stopped reading the news, following any news at all. If news do reach me and my interest exceeds a internal threshold, I start investigating the topic further.
So having a view from outside my home country might be interesting.
For example, the most vocal people on privacy are an amalgam of independent thinkers on the "left" (The Guardian, etc) and independent thinkers on the "right" (Ron Paul, etc.)
While the "leftist" Hillary Clinton calls Snowden a traitor (so do a lot of "right"-wing people, too).
This is exactly what news should be. If you want more in-depth analysis or opinions, you should be looking elsewhere.
The BBC is basically going to be gutted by the current government, I don't buy into this world where they're pro government, I find they're fairly neutral while a lot of the people criticising it are almost certainly anti Tory.
The BBC should aim for their coverage to reflect facts, not just be a the-truth-is-in-the-middle triangulation of Labour and Tory positions. Their neutrality and balance mostly consists of getting a comment from the Tories and then getting a comment from Labour, with the assumption that doing so will cover all sides of any issue. One of the aims of any decent media organisation should be to challenge the establishment, but when the BBC is constitutionally unable to criticise positions where Labour and Tories both agree then it's unable to fulfil that role.
No, it's not.
The bill will say that "unbreakable" encryption is illegal - which means all encryption, as if it's breakable, well, it's not really encrypted, is it.
Source please – I've not seen this language indicated anywhere.
they haven't arrested anyone at talktalk, who are tge ones who had such poor infosec that script kiddies could blow them wide open. Instead they're arresting children.
Poor information security isn't a crime. Breaking into computer systems is.
>Poor information security isn't a crime.
The Data Protection Act does not in practice criminalise poor information security – it does criminalise the lack of things like a risk assessment. Short of actual negligence, nobody will be prosecuted due to the hostile actions of a third party. Probably not a bad thing, as it would be obviously ludicrous to do so.
TalkTalk did not take appropriate measures against unauthorised processing.
Actually, it can be, for example if it results in data protection violations. However, UK law is slightly unusual in this respect, in that while there are technically criminal offences involved, at present the main ones can't lead to arrest or jail time, only monetary fines. A couple of years ago there was talk of consulting on changing this, though I'm not sure what the situation is following the recent general election.