UK gov says new Home Sec will have powers to ban end-to-end encryption

Peter Fairbrother peter at m-o-o-t.org
Sat Jul 16 10:02:57 PDT 2016 

On 16/07/16 09:28, Georgi Guninski wrote:
> Hope this is not duplicate, the personal drivels were quite
> noisy.
>
> http://www.theregister.co.uk/2016/07/14/gov_says_new_home_sec_iwilli_have_powers_to_ban_endtoend_encryption/
>
>> UK gov says new Home Sec will have powers to ban end-to-end encryption
>
> Very sound, nice and democratic...


Things said in the Lords (or Commons), even by Government spokesmen, 
have approximately zero legal significance. To a very close 
approximation. Practically speaking, indistinguishable from zero.

What the Courts look at is the wording of the Act.

Which in this case is pretty bad, but not a power to ban end-to-end 
encryption.

In fact, it doesn't affect most in-use forms of end-to-end encryption at 
all.

And it doesn't say anything at all about applying your own encryption.


Details below, if interested.

-- Peter Fairbrother




The ostensible target may be internet/phone service providers, to force 
backdoors in mobile links and VPNs - but the actual target is "relevant 
operators". It includes a whole lot of other things apart from internet 
and phone providers (and Apple and Facebook).

"Relevant operators" are persons who provide "any service that consists 
in the provision of access to, and of facilities for making use of, any 
telecommunication system (whether or not one provided by the person 
providing the service) [... including] any case where a service consists 
in or includes facilitating the creation, management or storage of 
communications  transmitted, or that may be transmitted, by means of 
such a system."

That would include many commercial sites who use SSL/TLS. If you put a 
"contact me" link on your web pages, you are a "relevant operator". 
Gimme your SSL keys!

That's what the Bill actually says, if you read it carefully. Like RIPA, 
it is opaque beyond the point of obscurity, and it takes a lot of reading.

Good points? Only encryption which has been applied by a  "relevant 
operator" is affected - at least until the Home Secretary makes 
regulations otherwise (which under the Bill she can do).

Bad points? It doesn't do anything at all against the clued-up terrorist 
or criminal. It decreases security for legitimate actors and businesses.

BTW, things said in the Lords (or Commons), even by Government 
spokesmen, have approximately zero legal significance. What the Courts 
look at is the wording of the Act.

More information about the cypherpunks mailing list