Re: UK gov says new Home Sec will have powers to ban end-to-end encryption
On Sun, Jul 17, 2016 at 03:09:17PM +0100, Peter Fairbrother wrote:
On 17/07/16 12:37, Zenaan Harkness wrote:
First part:
Thing is, while the Bill isn't good, it doesn't have anything at all to do with banning end-to-end encryption. Or banning any sort of encryption.
Second part:
It can require "relevant operators" to maintain some backdoors, most obviously in mobile link encryption and some VPNs and other encrypted links which are operated by "relevant operators".
Less obviously, it can be applied to some websites and the like.
Third part, which is really the first part repeated, for kicks:
But there is no power to ban encryption anywhere in the Bill.
TADAAA!!!
And the winner is - no one! This is sad. The bill is sad. Your interpretation is self contradictory.
Err, how?
The bill gives powers to require some backdoors [1], but it doesn't ban encryption in any form.
Peter, I think you need to read up on what is a "backdoor", what is "encryption" and how they relate to each other, and therefore how your persistent statement that the Act "doesn't ban encryption" is either a folly to say on your part (I'm only just still assuming) or an intentional furfy (hard for me to believe anyone knowledgeable would try that on this list, since everyone on this list (I assume) has no trouble identifying the folly in your many conflicting statements. Have you done any computer programming? If not, that would be a really good thing for you to do - there are some very nice languages and programming environments (IDEs, REPL shells etc) compared to what we had in our day, so it should be an enjoyable, and hopefully enlightening experience for you. There's no point repeating the mulberry bush roundabout, since it's about to get frustrating for me (and probably already has for most of the kind and patient folks on this cp list whom are probably quite a bit cleverer than you or I). Chalk this one up to a learning experience Peter and let it go for now - your enthusiasm is a good thing, but when it comes to communications security, your lack of understanding is very, very dangerous to those need actual security and who mistake your authoritative words for actual authority and actual understanding on your part - that's a dangerous thing for those who need communications security, you would be in some cases putting actual lives at risk. Stop that. Learning is fun - enjoy the ride.
Or do you think some types of mandatory backdoors and banning encryption are the same thing?
[1] The HS doesn't control the backdoors, the "relevant operators" do.
The HS can require "relevant operators" to maintain the capability to decrypt encryptions which they apply - but it doesn't say anything about banning encryption which other people apply, or banning encrypted communications where other people have done the encryption
As for doing the impossible and maintaining the capability to decrypt encryptions other people have applied, if you can't do it, you can't do it. There is no need or duty to do the impossible.
[...]
If you as a private person apply the encryption yourself, there is no power in the Bill to make you backdoor it (though there have been powers in RIPA to enforce demands for keys in some circumstances since 2001), and there is no power to prevent you from using encryption.
OK, I'll help out here - read this paragraph just above again, then without blinking (I'm serious now) read the following paragraph three times:
"Relevant operators" are persons who provide "any service that consists in the provision of access to, and of facilities for making use of, any telecommunication system (whether or not one provided by the person providing the service) [... including] any case where a service consists in or includes facilitating the creation, management or storage of communications transmitted, or that may be transmitted, by means of such a system."
I'm getting lazy, so I'm going to trust you to point out to us, in simple terms, your own contradiction, e.g. how a commieputer program running on my phone, and talking to Juan or Applebaum's phone which is likewise running the same program, how this program for example could be considered to be encompassed by "any service", with me, running that program as the "relevant operator" of my telemaphone, which service so operated consists of provision (to me the operator, likewise to Juan or Appelbaum at the other end as mentioned) of "access to" or at the very least "facilitates for making use of" a certain "telecommuniscations system" provided by my ISP/Telco (and likewise by/for Juan or Applebaum at the other end as previously mentions), and further which program manages the latency of, facilitates the creation of the connection, and optionally stores for the operator the data thereby transmitted, or that may be transmitted next time I operate this sytsem, my means -of- the system.
Again, I'll leave it to you to point out such an example for the benefit of our loyal, deserving and patronising readers.
You are not *providing* a service. You may well be using one, but you are not providing one. Therefore you are not a "relevant operator", and that part of the Bill does not apply to you.
You have to read these things carefully.
You might argue otherwise, that maybe you are providing a service to yourself. Stranger things have happened, but I very much doubt any UK Court would agree with you.
And even if by some dark and unlikely miracle a Court decided you are providing a service, and are therefore a "relevant operator", what might happen? The Home Secretary serves a Notice (which she signs with her own withered hand) on little old you, personally, requiring you to maintain the capability to decrypt your own comms.
At some later point, after you have returned the Notice for reconsideration and she has consulted the relevant committees, Judge etc, and then sent it back to you, she might require you to decrypt some comms.
If you failed to do so because you have not maintained the capacity, she could then institute civil proceedings for an injunction to make you maintain that capacity in future.
But she can't send you to jail, or fine you, for having failed to maintain that capability.
However the last four paragraphs are just fantasy, because you are not providing a service, and therefore you are not a "relevant operator".
If you don't get it, I think the Bill is ugly, evil, stupid, invasive, disproportionate and generally sucks big time - but it has fuck all to do with banning encryption.
-- Peter Fairbrother
-- Free Australia: www.UPMART.org Please respect the confidentiality of this email as sensibly warranted.
participants (1)
-
Zenaan Harkness