On Mon, Nov 21, 2016 at 3:02 PM, Cannon <cannon@cannon-ciota.info> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

1. I wonder what effects this will have on encryption. Since encryption cannot be "decrypted on demand" if it is good encryption, this means that likely true encryption will be banned in UK?


They've previously said that this won't be the case. Whether that proves true is something else, of course, especially as they've still not been able to explain exactly how they intend those companies to decrypt.

In reality various bits are almost certain to hit the European Court and get shot down, though it might then get resurrected post-Brexit. ICR's in particular probably don't stand much chance of surviving.

No-one's quite sure exactly which providers are going to be expected to keep the logs either, as there's no definition of what a CSP is. It's almost a given that consumer ISPs will be required to, but who else? 

I currently have no idea what, if any, of the various services I make available will be affected. I'd shut down operations before even considering complying with some of the requirements.


 
2. And what are the details on allowing hacking, does this mean that spooks can lawfully bulk hack anyone/everything?


Apparently they need to constrain the scope a little and be targeting something specific, but essentially, yes.
 

For security concerns I propose we boycott all and any technology, products, services, or businesses based in UK that complies with "the law" and has anything to do with technology or communications out of security concerns.


If you're going to do that, be very vocal about the business you would have done, and why you weren't able to trust them. Doing it quietly will change nothing.

In particular, there's a good chance those companies won't be allowed to disclose that they've had to comply. Warrant canaries arguably don't work as well in the UK as (IIRC) you can be ordered to avoid doing anything that might lead to disclosure of the order, which would include failing to update the canary. At least, I recall reading that somewhere.



Theresa May's had a hard-on for this capability for years though, so there's some serious determination behind seeing it all come to pass, so it's going to be some time before common sense prevails (if ever)
 

--