On Sat, Jul 16, 2016 at 06:02:57PM +0100, Peter Fairbrother wrote:
On 16/07/16 09:28, Georgi Guninski wrote:
Hope this is not duplicate, the personal drivels were quite noisy.
http://www.theregister.co.uk/2016/07/14/gov_says_new_home_sec_iwilli_have_po...
UK gov says new Home Sec will have powers to ban end-to-end encryption
Very sound, nice and democratic...
First part:
Things said in the Lords (or Commons), even by Government spokesmen, have approximately zero legal significance. To a very close approximation. Practically speaking, indistinguishable from zero.
What the Courts look at is the wording of the Act.
Which in this case is pretty bad, but not a power to ban end-to-end encryption.
In fact, it doesn't affect most in-use forms of end-to-end encryption at all.
Second part:
"Relevant operators" are persons who provide "any service that consists in the provision of access to, and of facilities for making use of, any telecommunication system (whether or not one provided by the person providing the service) [... including] any case where a service consists in or includes facilitating the creation, management or storage of communications transmitted, or that may be transmitted, by means of such a system."
That would include many commercial sites who use SSL/TLS. If you put a "contact me" link on your web pages, you are a "relevant operator". Gimme your SSL keys!
I'm not sure how you can say the first part above, in the face of quoting and saying what you do in the second part.
That's what the Bill actually says, if you read it carefully. Like RIPA, it is opaque beyond the point of obscurity, and it takes a lot of reading.
You quoted the relevant part, thank you. That part does not take much reading to see how bad it truly is, even though the rest (unquoted) of the bill may be massively opaque.
Good points? Only encryption which has been applied by a "relevant operator" is affected -
So something is good, or potentially good - let's find out what:
at least until the Home Secretary makes regulations otherwise (which under the Bill she can do).
In other words, the bill doesn't automatically affect the status quo of existing websites (website certificates?) because, well who knows, that's the current interpretation but tomorrow's interpretation can just as well be "hand over your keys bitch, or you're going to jail" even if you are Facebook or Google (though the "going to jail" bit, if it were possible, would be a good outcome for Facebook for example ... alas, I dream)! And the determination of who has to hand over keys (i.e. who is a "relevant operator") is nothing more than whatever the Home Secretary (currently female it seems) says! Perhaps next week is her bad week of the month and your free speech website (nicely TLSed with personally issued and in person verified certificate provider keys etc) happens to have a discussion which pushes her (the Home Secretary's) trigger word buttons. And you say this is GOOD?! WTF? Am I misunderstanding something here? Sounds as good as North America's endless extra-judicial drone killings (that's murder, and despotic, in case it's not otherwise obvious to you).
Bad points? It doesn't do anything at all against the clued-up terrorist or criminal. It decreases security for legitimate actors and businesses.
You say that as though there are good points, see above.
BTW, things said in the Lords (or Commons), even by Government spokesmen, have approximately zero legal significance. What the Courts look at is the wording of the Act.
Thanks for quoting the relevant part of the act, and letting us know that the definitions for "relevant operator"s will be handed down extra- judicially by the Home Secretary. How very, democratic we might as well call it..