Hacker News new | comments | ask | show | jobs | submit login

* MI5.

* GCHQ/Tempora


* GDS (Government Digital services)

* Anti-encryption laws being chased through the houses of parliment.

* It's illegal to not provide, when questioned, the encryption key of a device in your possession.

* ISP Logging.

I've wanted to be in tech all my life and I felt that british people have facilitated a lot of good things in the tech world- but I have never been so ashamed to carry my passport. This country is one that had great laws for librarians especially after world war 2 which aided in privacy of the people.

but now, we seem to have forgotten that once data is collected, it can be used to target and harm people in swathes- it can be used actively to destroy individual people- or even, in moderation, can cause people to self-censor (which carries it's own problems).

I'm a British citizen, I will not return to the UK while archaic laws and boneheaded policy makers are eroding the very fabric of computer culture. Looks like the next election is in 2020.

> It's illegal to not provide, when questioned, the encryption key of a device in your possession.

Whilst true that's not the whole picture. This law isn't actually as draconian as it sounds: the prosecutors must prove to a very high standard that you do actually know the key, and haven't really forgotten. For instance if you typed in the password the day before you were arrested, that's probably a good sign you know it. If you haven't used it for a year and claim you forgot it ... or if they can't actually prove you know the password at all ... then you don't go down for it (in theory).

Now perhaps you object to the general principle. But let me ask you what your proposed balance is? If you're against mass surveillance and bulk collection (like I am) then this leaves the question of how can governments investigate crimes? Should they be regulating technology at all? I'd really prefer not. "Tell us the password so we can investigate the contents of this device" is low tech and has very limited potential to be abused for social control because it doesn't scale. You can't use this law to do bulk surveillance. So in the end it seems like the lesser evil.

10 years ago, I would tell you I agree. Now, I think this sounds incredibly open to abuse. This is the cabal of governments that sends people to third world countries to waterboard them. Are they really trustworthy with this power? My answer, today, would be "no".

What ever happened to old fashioned law enforcement? Are the police really so lazy that they have to have your help. Somehow the US is able to function without getting rid of (yet) the right to remain silent in criminal court. Certainly, there must be enough non-encrypted evidence for most crimes of import that prosecution is possible.

And if prosecution is possible, then what is the need?

"But it may harm your defense if you do not mention when questioned something which you later rely on in court."...do u mind explaining to me (american) exactly what that means? like if the cops arrest me and ask where i was last night and I don't tell them i was having dinner with their chief's wife (and thus not murdering mine), does that mean i absolutely cannot use that fact as part of my defense if my lawyer decides during trial it might be a good idea?" and do u at least have the right to have a lawyer present when you're being questioned like this?

https://en.wikipedia.org/wiki/Right_to_silence_in_England_an... is a good summary. You can claim it later, although the jury are entitled to infer from your not mentioning it earlier that you've made it up since the initial questioning. It has to be related to factual matters which you're actually questioned about. You're entitled to shut up until you get your lawyer present for the police questioning, but at that point you have to have your story straight.

A longer discussion: http://www.publications.parliament.uk/pa/ld200304/ldjudgmt/j...

> like if the cops arrest me and ask where i was last night and I don't tell them i was having dinner with their chief's wife (and thus not murdering mine), does that mean i absolutely cannot use that fact as part of my defense if my lawyer decides during trial it might be a good idea?

The issue is that a prosecutor may use the omission of certain facts during your interrogation as a way to cast doubt on your intentions or character. It's a very common tactic.

>do u at least have the right to have a lawyer present when you're being questioned like this?

In the US? Always.

i was asking about britain

https://www.gov.uk/arrested-your-rights/legal-advice-at-the-... explains things quite well. IIRC you're obliged to identify yourself when questioned but don't have to give any other details. You then have the right to legal representation, a free independent lawyer is provided on request if you don't have one.

I don't think we have a complete right of silence without - for example - being found in contempt of court.

It won't result in contempt of court, but it will result in a direction to the jury that they're entitled to consider unsupported statements you've made in court (but not earlier) as false.

There is nothing to gain by telling the police anything. If it's beneficial to your case, tell your lawyer. Don't talk to police!


The rules of evidence are different in the UK. Be careful giving US-specific advice to a world audience.

I am so sorry about that! I misread and thought it was US-specific.

great video but not sure this applies if you are in britain right?

Actually, part of the new bill allows this to all happen without judicial oversight or process if the case is "urgent" (aren't they all?), at the sole behest of the home secretary - with an ex-post-facto judicial review. They can indeed force you, and if you won't present, they can then hack you, detain you, do whatever they wish, essentially.

Currently "urgent" refers to situations where someone is in immediate risk of death or severe harm. This is unlikely to change - they don't have the staff to include more stuff.

I agree that it's a very worrying bill with several attacks on important civil liberties.

This is unlikely to change - they don't have the staff to include more stuff.

If we can expect anything, based on recent history, it is that surveillance techniques that previously required onerous human labor, will soon easily be done in automated fashion.

Indeed. Probably has something to do with the fact that they quietly (and not so quietly, in some cases) took an axe to the judiciary a few years back.

It could also be argued that if someone is a terror suspect, then there may be an immediate risk, but to know so they must have more access, so it is therefore urgent that they do. This is the kind of Kafkaesque circular logic I'm increasingly coming to expect from the state.

Oh, the urgency I'm talking about is children being raped by gangs of men. This is a much more common use of police intelligence needing urgent access to phone records than terrorism.

As you say, with terrorism there's not the immediate need and there's usually a bunch more information.

How is the inquiry into the Rotherham non-investigation going, anyway?

Why pick out that case?

IN that case the police didn't need any special surveillance powers. They were being approached by children who said "I am being repeatedly gang raped by men who have groomed me with money and drugs, and who are now selling me as a child prostitute"; and by sexual health clinics who were providing abortions and STI services to children; and by teachers; and by social workers.

Those police did nothing with that information.

It's a reasonable point: Why do they want these extra powers when they've failed to protect so many vulnerable children?

>For instance if you typed in the password the day before you were arrested, that's probably a good sign you know it. If you haven't used it for a year and claim you forgot it [you might get off]

That sounds incredibly draconian.

> This law isn't actually as draconian as it sounds: the prosecutors must prove to a very high standard that you do actually know the key, and haven't really forgotten.

Not really, no. If the prosecution can show that the defendant EVER had or knew the key, the burden is then on the defendant to prove that they do not currently have or know the key. That's the framework set up by RIPA. Proving you do not have or know something is quite difficult. If it has been 50 years since last use and you currently have advanced Alzheimer's, you should be in good shape. Otherwise, the argument that the dog ate your homework, um I mean the encryption key, is not likely to be taken seriously.

the prosecutors must prove to a very high standard that you do actually know the key, and haven't really forgotten. For instance if you typed in the password the day before you were arrested, that's probably a good sign you know it.

I've had a few occasions where, after 2+ months of using a password at least 5 times a day, I roll into work and just can't login. I still know the password I used when I was 9 and dialing into AOL, but my work password rotation policy is so strict I just don't have long term storage for them anymore. I mostly rely on muscle memory the current password too.

So, all that was to say I don't think that standard is "very high" at all.

Not to mention how badly stress can screw with memory.

If you're used to entering your password in a specific relaxed situation and now you're filled with dread every time you think about it, damn right you might not be able to remember it. That's just basic neurology.

Which is why we need to wash all that stress out of your head by holding it under water for arbitrary amounts of time...

Yes! There are times when my motor memory recalls the password just fine. But, if I specifically think about the password and can't consciously recall it, at that point the motor memory seems to reset and fails too.

It's sad if the only solution to (potentially) protect your privacy is to lie in court, pretending that you have forgotten your password. (which could be dangerous if they later find some way to prove that you know it)

> It's sad if the only solution to (potentially) protect your privacy is to lie in court

It's court, your entire life can be dragged over the coals if there is sufficient justification for it. Privacy is not an absolute, if I have compelling evidence you have abducted a child the facility should exist to (at the very least) search your home and possessions.

But should the facility exist to force one to testify against themselves?

Yes, why not? The only reason I see not to tell the truth is that you're guilty according to the law; that then only seems morally justified if the law is unjust, in which case you should challenge the law IMO.

I realize this only applies to the US, since we have the 5th amendment, but watch the video (as mentioned above) --


There are very good reasons to have something like our 5th amendment that apply to people who are indeed not guilty according to the law. It's not about telling lies, it's about not providing truthful information that can be used against you in ways designed to make you look guilty even when you are not.

The founders of our country who made sure we had a 5th amendment knew the importance of this -- they didn't put it in there to protect the guilty.

Or you're protecting legal secrets that protects other people. Like secrets about where somebody who is stalked is, crypto keys to security systems, etc... Or hobbies of family members that the rest of the family really do not approve of. And so on... Sometimes it just isn't justified to demand access to such information and punish the person of anything is left out or covered up. Sometimes demanding that the person tells the truth is worse than not to.

> GDS (Government Digital services)

GDS build the .gov.uk websites, they're a software development house that are competent (unlike most other government IT initiatives, most of their developers are Ruby/Rails engineers).

Nothing sinister about them at all, the only reason I can see for them being here is that you're terribly misinformed.

That depends how sinister you think it is to have Google Analytics used on the websites where you fill in your tax return.

The people I see who defend gov.uk seem to always be people who never actually use the government websites other than for a few basic things like driving licence applications or passport renewal. It's easy to be impressed by fancy new css styles when you don't use the site. Actual users of the sites were pretty dismayed by the changes.

Firstly they removed massive amounts of good content from government websites. For example things relevant to bootstrapping a startup like example EULAs and example contracts. As far as I can tell the logic was that it's more economically stimulating to make everybody pay a lawyer hundreds of pounds to copy paste a copyrighted standard EULA or contract (they used a silly example about bees to try and cloud what was a major policy change about the amount of value the government online services would provide to citizens).

They also made it a lot harder to find a lot of the important content on the government websites. Old speeches, press releases and policy white papers etc used to be easy to find and have now mostly disappeared. Access to that kind of material is vital for people trying to hold government departments to account.

Secondly they are using lot of 'startup best practice'. Like installing Google Analytics everywhere. Is a tracking service that reports to a corporation based in a foreign country an appropriate thing to use on government websites where you apply for passports or fill in tax returns or 'anonymously' report sex crimes?

Thirdly the gov.uk project has extended itself to take over the online presence of what were previously independent agencies that were intended to be arms length from central government and not under direct political control. The web presence of organisations like Natural England has been combined back into the direct control of central government under gov.uk.

Hey, don't forget the wild profiteering WorldPay are engaging in - taking a slice of the entire damn country's tax revenue! Quite the gig.

Can you elaborate on that claim? WorldPay is taking a percent of tax revenue, for what reason?

I assume he's referring to https://www.gov.uk/government/news/new-online-payment-servic...

Of course that only applies to self-assessment bills paid through the online system. You can still post them a cheque if you like. The vast majority of tax is paid through business bank transfer for PAYE or VAT settlement.

Don't forget also that gov.uk is actually pointing at Fastly, a CDN, headquarted in San Francisco.

> Nothing sinister about them at all

Although they've made taxing a car a painless and efficient process. If that's not suspicious from a government agency I don't know what is.

Not only is there nothing sinister about them, one of the primary reasons devs join GDS is to play a small part in making the government better.

What exactly is your issue with GDS? I thought they just build tech infrastructure for public services with a more modern approach.

Yep, that's what they do. They do a good thing, and they do it well. I know a number of people in and around GDS, it's really, really, strange for me to see their name in that list.

Throwing in lots of three letter acronyms will typically scare people by implying that there's something sinister going on.

Just wait till you learn of the French VDM...

> Just wait till you learn of the French VDM...

The doctor gave me a cream for it... cleared up nicely.

It's not that strange. Many people do not consider improving the efficiency with which the state can oppress its citizenry a good thing.

And to many libertarians, something as seemingly innocuous as tax collection or child protective services are oppressive.

Hence the hate.

So, you'd rather pay an inefficient government more taxes to oppress you inefficiently.

I look forward to hearing more of these libertarian ideas.

Google Analytics may be modern but that doesn't make it good (or legal) to install on government websites.

To be fair, they are actually very transparent about their use of Google Analytics [1][2], and anonymise some of the data [3]. That is not too bad keeping in mind they share a huge chunk of that data with the public [4][5].

[1] https://www.blog.gov.uk/cookies/#googleanalytics [2] https://insidegovuk.blog.gov.uk/2015/05/22/upgrading-to-univ... [3] https://assets.digital.cabinet-office.gov.uk/spotlight/javas... [4] https://www.gov.uk/performance/web-traffic [5] https://www.gov.uk/performance/about

Being transparent doesn't make it right. It (and the fact they use and advocate the use of Gmail in government) worries me. They're the people's government and that implies they're there on behalf of the people, to serve the people. That sentiment doesn't exist at GDS. They believe they're right about everything they do, are recalcitrant and take criticism very badly.

They are good at web pages though.

why? not all sites need the full adbobe / ensigten tools set and its costs.

For a lot of sites GTM and GA is quiet good enough

> This country is one that had great laws for librarians especially after world war 2 which aided in privacy of the people.

Great laws for librarians?

Librarians are protected from any investigation and library records are kept from the government.

You cannot investigate at any point, someones library history.

I think he's referring to the public library and museums act of 1964, which enshrined in law:

* The right to shush people without prejudice

* The right to bear cardigans

There is a big difference between mass surveillance, and a system of mandatory logging by private companies with warrant based access to individual's records for security officials.

A sensible compromise would be to accept a regime where the security services could read all the internet communications of particular individuals, or compel that individual to reveal decryption keys, subject to a warrant from a judge sitting in a public court who has decided there is reasonable grounds for suspicion.

Sadly, the proposed bill appears to still give too much power to the executive branch of government.

Such a regime isn't reliably possible. A backdoor for an individual is a backdoor for a nation.

What are the alternatives, and how much can you trust these alternatives?

I can't speak for the OP, but the Nordic countries seem to be pretty progressive in this aspect. I'd gladly relocate to a country that doesn't have this invasiveness (hint hint, 20 odd years in software and devops, hook me up).

The chilling effect is bad enough, but having agencies that sit outside of the light of public/democratic scrutiny is a foul thing.

How much you can trust the alternatives? That's a trickier question.

Norwegian secret services for decades conducted illegal political surveillance going far beyond "just" phone taps.

I personally knew people who were regularly harassed because of membership in legal political organizations.

One was the newspaper editor of the newspaper "Friheten" ("Liberty"), linked to the communist party, who told me how he for years was now and against stopped by officers from the police surveillance service (POT; now PST) who would make a point out of commenting on conversations that he and his wife had face to face in his home to prove they were listening in. There was no legal basis for the surveillance - POT had legal powers to initiate surveillance in cases where there were legitimate surveillance needs, but this surveillance never went through proper channels because they knew full well it wouldn't have been approved.

Another was a trade union rep whose commute to work had him walking past the Soviet embassy, which was the only reason he could think of for why he was tailed to and from work every day for years. They didn't try to hide it - making it obvious was part of their regular harassment.

(To be clear, while most of this surveillance was directed at left wing groups, the most likely instigator was the Norwegian social democrats in the 50's and 60's, not the right wing - the social democrats were if anything more worried about the groups to their left than they were about the conservatives at the time)

This was rolled up in the mid 90's, and during the parliamentary investigation it was revealed that one of the committee members - a socialist MP - was under illegal surveillance by POT while he was investigating them...

POT was "rebranded" the Police Security Service (PST), and we were assured it won't happen again, but the oversight is a total joke. Last year one of the largest papers revealed extensive amounts of illegal IMSI catchers in Oslo, for example, and it's all just petered out. The various agencies insisted it was nothing to worry about awfully quickly for someone who also denied having anything to do with it - if they had nothing to do with it, presumably they'd have been all over figuring out what was going on; their fast denials only makes sense if they denied because they knew exactly who and why.

Norway has also figured in Snowden documents as providing significant intelligence to the NSA.

Sweden has the infamous "FRA law", a signals intelligence law that makes every signal that passes the Swedish border free game for Swedish military intelligence. Which is pretty nasty when you consider that the host interchange points that a lot of European internet traffic travels through.

So don't assume you can escape this, because we can't. The only option is to find ways to fight back.

Thanks for sharing this, it was really informative. I agree, we have to find ways to fight back and stand up against this stuff at home. Telling yourself that you can just retreat to the Nordic countries (like they're some kind of utopia - give me a break) just leads to a false sense of security and increased complacency.

Thanks, whipped down thoroughly, I must have had my wires crossed with other policies I liked. If this gets through anyway, I seem to have been rate limited.

Direct replies within a conversation are soft-rate limited to discourage heated replies. The "reply" button is hidden for a time, but can be bypassed (oddly) by clicking the "x minutes ago" button and replying directly.

It's an open secret that I don't believe is against the rules, though if somebody knows better, you're invited to chime in.

Not against the rules; it's just a speed bump. We should probably have more of those.

Some more information can be found here: https://en.wikipedia.org/wiki/Lund_Report

Wow! Thank you so much for sharing this. There really is nowhere that is safe, is there?

Your last statement is absolutely correct -- time to fight back!

Currently I like the way Germany is going. They've been down the surveillance state rabbithole before (with the Stasi) and learnt how fucked up it is when the Government has that much power. It seems unlikely they'd repeat history.

It would be nice to see at least one country in the Eurozone use freedom of information as a selling point to come work there. I imagine there are many who work in IT in the UK who would move there out of principle.

Sadly, GEMA is a stranglehold on internet freedom over there.

> I like the way Germany is going

Germany recently planned (or passed?) a law requiring mandatory data retention, that's Germany going the wrong way IMO.

edit: I've just researched it and realized the mass uproar lead to the data retention being cancelled. And I found a nice list of other European countries who don't have data retention (Cyprus, Czech Republic, Germany, Greece, and Romania), nice.

Iceland is probably the most promising.

Very tough to live and and work in though for a non-native speaker.

Alternatively we're a country which has led the way in terms of governing the activities of our intelligence services through legislation. Something which even other European countries (France specifically) are still taking the stance that they can effectively do whatever they like. We've had some very illiberal laws I'll concede, from all political parties but I'd hardly write off the direction as travel as being so authoritarian as to be ashamed of my country or to live abroad.

Things like the encryption key law make sense to me, you can still mount a defence of why you may not have the key but far too often the debate around encryption is geeks making a "haha I've found a way to hack the law" case, which the courts, everywhere, have always taken a very hard line on. Personally I'm sympathetic to the argument that follows from it being a modern day safe and you're being asked, legally, to open it.

If you define the "very fabric of computer culture" as some form of anarchic society in which consequences to the fabric of the real world are ignored in favour of some broad principle then fair enough. But I'd far rather have a discussion about how as technology matures and becomes adopted by the masses we need to discuss how it fits into our existing legal and societal structures. Having rational debates about why something is or is not over-reach compared to say the government's previous ability to inspect all mail that left the country is a valid discussion.

The web history one is an interesting one, especially in terms of "the police". Oversight of the police has increased in the UK to massive proportions, I doubt there any other nation has the same degree of oversight in the world. It isn't perfect and at times poorly drafted laws get over-used, but on the other hand it is updating a capability to the 21st century. One example that is used, and as a former volunteer police officer one I've experience before - missing persons. Previously if you were reported missing I would have gone and looked through your diary, your mail, spoken to friends and family etc to build up a picture of where you might be, who you had spoken to etc. Now you'll find a laptop and be stuffed. Perhaps you took your mobile with you - this isn't a TV show, I can't just go "where is phone X" and get an immediate response. If we find your body in suspicious circumstances, then we'll start dumping phone data, or if you're a child and missing, but otherwise it's most aimless driving around looking. Fortunately the vast majority of missing people are repeat customers and turn up eventually, but I'd far rather loosen the ability for communications data to be used in those instances. But then of course the internet erupts as "the police can track your phone and view your web history without a warrant"...

Oversight of the police has increased in the UK to massive proportions



Elveden is particularly important here; in an environment where journalists are weaponising private information for smear articles with no real public interest justification, any information the police can easily get at may be leaked by bribed police.

UK trust in the police is still generally pretty high, but the War On Terror erodes trust everywhere it touches.

British citizen here.

Completely agreed.

Currently researching jobs and residency procedures in other countries.

And the leader of the Opposition is a Marxist as near as damn it. They have a great tradition of human freedom and anti-snooping or perhaps not.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact