* GDS (Government Digital services)
* Anti-encryption laws being chased through the houses of parliment.
* It's illegal to not provide, when questioned, the encryption key of a device in your possession.
* ISP Logging.
I've wanted to be in tech all my life and I felt that british people have facilitated a lot of good things in the tech world- but I have never been so ashamed to carry my passport. This country is one that had great laws for librarians especially after world war 2 which aided in privacy of the people.
but now, we seem to have forgotten that once data is collected, it can be used to target and harm people in swathes- it can be used actively to destroy individual people- or even, in moderation, can cause people to self-censor (which carries it's own problems).
I'm a British citizen, I will not return to the UK while archaic laws and boneheaded policy makers are eroding the very fabric of computer culture. Looks like the next election is in 2020.
Whilst true that's not the whole picture. This law isn't actually as draconian as it sounds: the prosecutors must prove to a very high standard that you do actually know the key, and haven't really forgotten. For instance if you typed in the password the day before you were arrested, that's probably a good sign you know it. If you haven't used it for a year and claim you forgot it ... or if they can't actually prove you know the password at all ... then you don't go down for it (in theory).
Now perhaps you object to the general principle. But let me ask you what your proposed balance is? If you're against mass surveillance and bulk collection (like I am) then this leaves the question of how can governments investigate crimes? Should they be regulating technology at all? I'd really prefer not. "Tell us the password so we can investigate the contents of this device" is low tech and has very limited potential to be abused for social control because it doesn't scale. You can't use this law to do bulk surveillance. So in the end it seems like the lesser evil.
What ever happened to old fashioned law enforcement? Are the police really so lazy that they have to have your help. Somehow the US is able to function without getting rid of (yet) the right to remain silent in criminal court. Certainly, there must be enough non-encrypted evidence for most crimes of import that prosecution is possible.
And if prosecution is possible, then what is the need?
A longer discussion: http://www.publications.parliament.uk/pa/ld200304/ldjudgmt/j...
The issue is that a prosecutor may use the omission of certain facts during your interrogation as a way to cast doubt on your intentions or character. It's a very common tactic.
>do u at least have the right to have a lawyer present when you're being questioned like this?
In the US? Always.
I don't think we have a complete right of silence without - for example - being found in contempt of court.
I agree that it's a very worrying bill with several attacks on important civil liberties.
If we can expect anything, based on recent history, it is that surveillance techniques that previously required onerous human labor, will soon easily be done in automated fashion.
It could also be argued that if someone is a terror suspect, then there may be an immediate risk, but to know so they must have more access, so it is therefore urgent that they do. This is the kind of Kafkaesque circular logic I'm increasingly coming to expect from the state.
As you say, with terrorism there's not the immediate need and there's usually a bunch more information.
Those police did nothing with that information.
It's a reasonable point: Why do they want these extra powers when they've failed to protect so many vulnerable children?
That sounds incredibly draconian.
Not really, no. If the prosecution can show that the defendant EVER had or knew the key, the burden is then on the defendant to prove that they do not currently have or know the key. That's the framework set up by RIPA. Proving you do not have or know something is quite difficult. If it has been 50 years since last use and you currently have advanced Alzheimer's, you should be in good shape. Otherwise, the argument that the dog ate your homework, um I mean the encryption key, is not likely to be taken seriously.
I've had a few occasions where, after 2+ months of using a password at least 5 times a day, I roll into work and just can't login. I still know the password I used when I was 9 and dialing into AOL, but my work password rotation policy is so strict I just don't have long term storage for them anymore. I mostly rely on muscle memory the current password too.
So, all that was to say I don't think that standard is "very high" at all.
If you're used to entering your password in a specific relaxed situation and now you're filled with dread every time you think about it, damn right you might not be able to remember it. That's just basic neurology.
It's court, your entire life can be dragged over the coals if there is sufficient justification for it. Privacy is not an absolute, if I have compelling evidence you have abducted a child the facility should exist to (at the very least) search your home and possessions.
There are very good reasons to have something like our 5th amendment that apply to people who are indeed not guilty according to the law. It's not about telling lies, it's about not providing truthful information that can be used against you in ways designed to make you look guilty even when you are not.
The founders of our country who made sure we had a 5th amendment knew the importance of this -- they didn't put it in there to protect the guilty.
GDS build the .gov.uk websites, they're a software development house that are competent (unlike most other government IT initiatives, most of their developers are Ruby/Rails engineers).
Nothing sinister about them at all, the only reason I can see for them being here is that you're terribly misinformed.
The people I see who defend gov.uk seem to always be people who never actually use the government websites other than for a few basic things like driving licence applications or passport renewal. It's easy to be impressed by fancy new css styles when you don't use the site. Actual users of the sites were pretty dismayed by the changes.
Firstly they removed massive amounts of good content from government websites. For example things relevant to bootstrapping a startup like example EULAs and example contracts. As far as I can tell the logic was that it's more economically stimulating to make everybody pay a lawyer hundreds of pounds to copy paste a copyrighted standard EULA or contract (they used a silly example about bees to try and cloud what was a major policy change about the amount of value the government online services would provide to citizens).
They also made it a lot harder to find a lot of the important content on the government websites. Old speeches, press releases and policy white papers etc used to be easy to find and have now mostly disappeared. Access to that kind of material is vital for people trying to hold government departments to account.
Secondly they are using lot of 'startup best practice'. Like installing Google Analytics everywhere. Is a tracking service that reports to a corporation based in a foreign country an appropriate thing to use on government websites where you apply for passports or fill in tax returns or 'anonymously' report sex crimes?
Thirdly the gov.uk project has extended itself to take over the online presence of what were previously independent agencies that were intended to be arms length from central government and not under direct political control. The web presence of organisations like Natural England has been combined back into the direct control of central government under gov.uk.
Of course that only applies to self-assessment bills paid through the online system. You can still post them a cheque if you like. The vast majority of tax is paid through business bank transfer for PAYE or VAT settlement.
Although they've made taxing a car a painless and efficient process. If that's not suspicious from a government agency I don't know what is.
Just wait till you learn of the French VDM...
The doctor gave me a cream for it... cleared up nicely.
And to many libertarians, something as seemingly innocuous as tax collection or child protective services are oppressive.
Hence the hate.
I look forward to hearing more of these libertarian ideas.
They are good at web pages though.
For a lot of sites GTM and GA is quiet good enough
Great laws for librarians?
You cannot investigate at any point, someones library history.
* The right to shush people without prejudice
* The right to bear cardigans
A sensible compromise would be to accept a regime where the security services could read all the internet communications of particular individuals, or compel that individual to reveal decryption keys, subject to a warrant from a judge sitting in a public court who has decided there is reasonable grounds for suspicion.
Sadly, the proposed bill appears to still give too much power to the executive branch of government.
The chilling effect is bad enough, but having agencies that sit outside of the light of public/democratic scrutiny is a foul thing.
How much you can trust the alternatives? That's a trickier question.
I personally knew people who were regularly harassed because of membership in legal political organizations.
One was the newspaper editor of the newspaper "Friheten" ("Liberty"), linked to the communist party, who told me how he for years was now and against stopped by officers from the police surveillance service (POT; now PST) who would make a point out of commenting on conversations that he and his wife had face to face in his home to prove they were listening in. There was no legal basis for the surveillance - POT had legal powers to initiate surveillance in cases where there were legitimate surveillance needs, but this surveillance never went through proper channels because they knew full well it wouldn't have been approved.
Another was a trade union rep whose commute to work had him walking past the Soviet embassy, which was the only reason he could think of for why he was tailed to and from work every day for years. They didn't try to hide it - making it obvious was part of their regular harassment.
(To be clear, while most of this surveillance was directed at left wing groups, the most likely instigator was the Norwegian social democrats in the 50's and 60's, not the right wing - the social democrats were if anything more worried about the groups to their left than they were about the conservatives at the time)
This was rolled up in the mid 90's, and during the parliamentary investigation it was revealed that one of the committee members - a socialist MP - was under illegal surveillance by POT while he was investigating them...
POT was "rebranded" the Police Security Service (PST), and we were assured it won't happen again, but the oversight is a total joke. Last year one of the largest papers revealed extensive amounts of illegal IMSI catchers in Oslo, for example, and it's all just petered out. The various agencies insisted it was nothing to worry about awfully quickly for someone who also denied having anything to do with it - if they had nothing to do with it, presumably they'd have been all over figuring out what was going on; their fast denials only makes sense if they denied because they knew exactly who and why.
Norway has also figured in Snowden documents as providing significant intelligence to the NSA.
Sweden has the infamous "FRA law", a signals intelligence law that makes every signal that passes the Swedish border free game for Swedish military intelligence. Which is pretty nasty when you consider that the host interchange points that a lot of European internet traffic travels through.
So don't assume you can escape this, because we can't. The only option is to find ways to fight back.
It's an open secret that I don't believe is against the rules, though if somebody knows better, you're invited to chime in.
Your last statement is absolutely correct -- time to fight back!
It would be nice to see at least one country in the Eurozone use freedom of information as a selling point to come work there. I imagine there are many who work in IT in the UK who would move there out of principle.
> I like the way Germany is going
Germany recently planned (or passed?) a law requiring mandatory data retention, that's Germany going the wrong way IMO.
edit: I've just researched it and realized the mass uproar lead to the data retention being cancelled. And I found a nice list of other European countries who don't have data retention (Cyprus, Czech Republic, Germany, Greece, and Romania), nice.
Very tough to live and and work in though for a non-native speaker.
Things like the encryption key law make sense to me, you can still mount a defence of why you may not have the key but far too often the debate around encryption is geeks making a "haha I've found a way to hack the law" case, which the courts, everywhere, have always taken a very hard line on. Personally I'm sympathetic to the argument that follows from it being a modern day safe and you're being asked, legally, to open it.
If you define the "very fabric of computer culture" as some form of anarchic society in which consequences to the fabric of the real world are ignored in favour of some broad principle then fair enough. But I'd far rather have a discussion about how as technology matures and becomes adopted by the masses we need to discuss how it fits into our existing legal and societal structures. Having rational debates about why something is or is not over-reach compared to say the government's previous ability to inspect all mail that left the country is a valid discussion.
The web history one is an interesting one, especially in terms of "the police". Oversight of the police has increased in the UK to massive proportions, I doubt there any other nation has the same degree of oversight in the world. It isn't perfect and at times poorly drafted laws get over-used, but on the other hand it is updating a capability to the 21st century.
One example that is used, and as a former volunteer police officer one I've experience before - missing persons. Previously if you were reported missing I would have gone and looked through your diary, your mail, spoken to friends and family etc to build up a picture of where you might be, who you had spoken to etc. Now you'll find a laptop and be stuffed. Perhaps you took your mobile with you - this isn't a TV show, I can't just go "where is phone X" and get an immediate response. If we find your body in suspicious circumstances, then we'll start dumping phone data, or if you're a child and missing, but otherwise it's most aimless driving around looking. Fortunately the vast majority of missing people are repeat customers and turn up eventually, but I'd far rather loosen the ability for communications data to be used in those instances. But then of course the internet erupts as "the police can track your phone and view your web history without a warrant"...
Elveden is particularly important here; in an environment where journalists are weaponising private information for smear articles with no real public interest justification, any information the police can easily get at may be leaked by bribed police.
UK trust in the police is still generally pretty high, but the War On Terror erodes trust everywhere it touches.
Currently researching jobs and residency procedures in other countries.