[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: UK gov says new Home Sec will have powers to ban end-to-end encryption



On 17/07/16 12:37, Zenaan Harkness wrote:

First part:

Thing is, while the Bill isn't good, it doesn't have anything at all to do
with banning end-to-end encryption. Or banning any sort of encryption.


Second part:

It can require "relevant operators" to maintain some backdoors, most
obviously in mobile link encryption and some VPNs and other encrypted links
which are operated by "relevant operators".

Less obviously, it can be applied to some websites and the like.


Third part, which is really the first part repeated, for kicks:

But there is no power to ban encryption anywhere in the Bill.


TADAAA!!!


And the winner is - no one! This is sad. The bill is sad. Your
interpretation is self contradictory.


Err, how? The bill gives powers to require some backdoors [1], but it
doesn't ban encryption in any form.

Or do you think some types of mandatory backdoors and banning encryption
are the same thing?


[1] The HS doesn't control the backdoors, the "relevant operators" do.

The HS can require "relevant operators" to maintain the capability to
decrypt encryptions which they apply - but it doesn't say anything about
banning encryption which other people apply, or banning encrypted
communications where other people have done the encryption

As for doing the impossible and maintaining the capability to decrypt
encryptions other people have applied, if you can't do it, you can't do
it. There is no need or duty to do the impossible.

[...]

If you as a private person apply the encryption yourself, there is no power
in the Bill to make you backdoor it (though there have been powers in RIPA
to enforce demands for keys in some circumstances since 2001), and there is
no power to prevent you from using encryption.

OK, I'll help out here - read this paragraph just above again, then
without blinking (I'm serious now) read the following paragraph three
times:

"Relevant operators" are persons who provide "any service that consists in
the provision of access to, and of facilities for making use of, any
telecommunication system (whether or not one provided by the person
providing the service) [... including] any case where a service consists in
or includes facilitating the creation, management or storage of
communications  transmitted, or that may be transmitted, by means of such a
system."

I'm getting lazy, so I'm going to trust you to point out to us, in
simple terms, your own contradiction, e.g. how a commieputer program
running on my phone, and talking to Juan or Applebaum's phone which is
likewise running the same program, how this program for example could be
considered to be encompassed by "any service", with me, running that
program as the "relevant operator" of my telemaphone, which service so
operated consists of provision (to me the operator, likewise to Juan or
Appelbaum at the other end as mentioned) of "access to" or at the very
least "facilitates for making use of" a certain "telecommuniscations
system" provided by my ISP/Telco (and likewise by/for Juan or Applebaum
at the other end as previously mentions), and further which program
manages the latency of, facilitates the creation of the connection, and
optionally stores for the operator the data thereby transmitted, or that
may be transmitted next time I operate this sytsem, my means -of- the
system.

Again, I'll leave it to you to point out such an example for the benefit
of our loyal, deserving and patronising readers.

You are not *providing* a service. You may well be using one, but you
are not providing one. Therefore you are not a "relevant operator", and
that part of the Bill does not apply to you.

You have to read these things carefully.




You might argue otherwise, that maybe you are providing a service to
yourself. Stranger things have happened, but I very much doubt any  UK
Court would agree with you.

And even if by some dark and unlikely miracle a Court decided you are
providing a service, and are therefore a "relevant operator", what might
happen? The Home Secretary serves a Notice (which she signs with her own
withered hand) on little old you, personally, requiring you to maintain
the capability to decrypt your own comms.

At some later point, after you have returned the Notice for
reconsideration and she has consulted the relevant committees, Judge
etc, and then sent it back to you, she might require you to decrypt some
comms.

If you failed to do so because you have not maintained the capacity, she
could then institute civil proceedings for an injunction to make you
maintain that capacity in future.

But she can't send you to jail, or fine you, for having failed to
maintain that capability.


However the last four paragraphs are just fantasy, because you are not
providing a service, and therefore you are not a "relevant operator".



If you don't get it, I think the Bill is ugly, evil, stupid, invasive,
disproportionate and generally sucks big time - but it has fuck all to
do with banning encryption.


-- Peter Fairbrother