[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: UK gov says new Home Sec will have powers to ban end-to-end encryption



On 16/07/16 09:28, Georgi Guninski wrote:
Hope this is not duplicate, the personal drivels were quite
noisy.

http://www.theregister.co.uk/2016/07/14/gov_says_new_home_sec_iwilli_have_powers_to_ban_endtoend_encryption/

UK gov says new Home Sec will have powers to ban end-to-end encryption

Very sound, nice and democratic...


Things said in the Lords (or Commons), even by Government spokesmen, have approximately zero legal significance. To a very close approximation. Practically speaking, indistinguishable from zero.

What the Courts look at is the wording of the Act.

Which in this case is pretty bad, but not a power to ban end-to-end encryption.

In fact, it doesn't affect most in-use forms of end-to-end encryption at all.

And it doesn't say anything at all about applying your own encryption.


Details below, if interested.

-- Peter Fairbrother




The ostensible target may be internet/phone service providers, to force backdoors in mobile links and VPNs - but the actual target is "relevant operators". It includes a whole lot of other things apart from internet and phone providers (and Apple and Facebook).

"Relevant operators" are persons who provide "any service that consists in the provision of access to, and of facilities for making use of, any telecommunication system (whether or not one provided by the person providing the service) [... including] any case where a service consists in or includes facilitating the creation, management or storage of communications transmitted, or that may be transmitted, by means of such a system."

That would include many commercial sites who use SSL/TLS. If you put a "contact me" link on your web pages, you are a "relevant operator". Gimme your SSL keys!

That's what the Bill actually says, if you read it carefully. Like RIPA, it is opaque beyond the point of obscurity, and it takes a lot of reading.

Good points? Only encryption which has been applied by a "relevant operator" is affected - at least until the Home Secretary makes regulations otherwise (which under the Bill she can do).

Bad points? It doesn't do anything at all against the clued-up terrorist or criminal. It decreases security for legitimate actors and businesses.

BTW, things said in the Lords (or Commons), even by Government spokesmen, have approximately zero legal significance. What the Courts look at is the wording of the Act.