UK gov says new Home Sec will have powers to ban end-to-end encryption

Zenaan Harkness zen at freedbms.net
Sun Jul 17 08:12:46 PDT 2016 

On Sun, Jul 17, 2016 at 03:09:17PM +0100, Peter Fairbrother wrote:
> On 17/07/16 12:37, Zenaan Harkness wrote:
> 
> >First part:
> >
> >>Thing is, while the Bill isn't good, it doesn't have anything at all to do
> >>with banning end-to-end encryption. Or banning any sort of encryption.
> >
> >
> >Second part:
> >
> >>It can require "relevant operators" to maintain some backdoors, most
> >>obviously in mobile link encryption and some VPNs and other encrypted links
> >>which are operated by "relevant operators".
> >>
> >>Less obviously, it can be applied to some websites and the like.
> >
> >
> >Third part, which is really the first part repeated, for kicks:
> >
> >>But there is no power to ban encryption anywhere in the Bill.
> >
> >
> >TADAAA!!!
> >
> >
> >And the winner is - no one! This is sad. The bill is sad. Your
> >interpretation is self contradictory.
> 
> 
> Err, how?
>
> The bill gives powers to require some backdoors [1], but it
> doesn't ban encryption in any form.

Peter, I think you need to read up on what is a "backdoor", what is
"encryption" and how they relate to each other, and therefore how your
persistent statement that the Act "doesn't ban encryption" is either a
folly to say on your part (I'm only just still assuming) or an
intentional furfy (hard for me to believe anyone knowledgeable would try
that on this list, since everyone on this list (I assume) has no trouble
identifying the folly in your many conflicting statements.

Have you done any computer programming?

If not, that would be a really good thing for you to do - there are some
very nice languages and programming environments (IDEs, REPL shells etc)
compared to what we had in our day, so it should be an enjoyable, and
hopefully enlightening experience for you.

There's no point repeating the mulberry bush roundabout, since it's
about to get frustrating for me (and probably already has for most of
the kind and patient folks on this cp list whom are probably quite a
bit cleverer than you or I).

Chalk this one up to a learning experience Peter and let it go for now -
your enthusiasm is a good thing, but when it comes to communications
security, your lack of understanding is very, very dangerous to those
need actual security and who mistake your authoritative words for actual
authority and actual understanding on your part - that's a dangerous
thing for those who need communications security, you would be in some
cases putting actual lives at risk. Stop that.

Learning is fun - enjoy the ride.


> Or do you think some types of mandatory backdoors and banning encryption are
> the same thing?
> 
> 
> [1] The HS doesn't control the backdoors, the "relevant operators" do.
> 
> The HS can require "relevant operators" to maintain the capability to
> decrypt encryptions which they apply - but it doesn't say anything about
> banning encryption which other people apply, or banning encrypted
> communications where other people have done the encryption
> 
> As for doing the impossible and maintaining the capability to decrypt
> encryptions other people have applied, if you can't do it, you can't do it.
> There is no need or duty to do the impossible.
> 
> [...]
> 
> >>If you as a private person apply the encryption yourself, there is no power
> >>in the Bill to make you backdoor it (though there have been powers in RIPA
> >>to enforce demands for keys in some circumstances since 2001), and there is
> >>no power to prevent you from using encryption.
> >
> >OK, I'll help out here - read this paragraph just above again, then
> >without blinking (I'm serious now) read the following paragraph three
> >times:
> >
> >>>>"Relevant operators" are persons who provide "any service that consists in
> >>>>the provision of access to, and of facilities for making use of, any
> >>>>telecommunication system (whether or not one provided by the person
> >>>>providing the service) [... including] any case where a service consists in
> >>>>or includes facilitating the creation, management or storage of
> >>>>communications  transmitted, or that may be transmitted, by means of such a
> >>>>system."
> >
> >I'm getting lazy, so I'm going to trust you to point out to us, in
> >simple terms, your own contradiction, e.g. how a commieputer program
> >running on my phone, and talking to Juan or Applebaum's phone which is
> >likewise running the same program, how this program for example could be
> >considered to be encompassed by "any service", with me, running that
> >program as the "relevant operator" of my telemaphone, which service so
> >operated consists of provision (to me the operator, likewise to Juan or
> >Appelbaum at the other end as mentioned) of "access to" or at the very
> >least "facilitates for making use of" a certain "telecommuniscations
> >system" provided by my ISP/Telco (and likewise by/for Juan or Applebaum
> >at the other end as previously mentions), and further which program
> >manages the latency of, facilitates the creation of the connection, and
> >optionally stores for the operator the data thereby transmitted, or that
> >may be transmitted next time I operate this sytsem, my means -of- the
> >system.
> >
> >Again, I'll leave it to you to point out such an example for the benefit
> >of our loyal, deserving and patronising readers.
> 
> You are not *providing* a service. You may well be using one, but you are
> not providing one. Therefore you are not a "relevant operator", and that
> part of the Bill does not apply to you.
> 
> You have to read these things carefully.
> 
> 
> 
> 
> You might argue otherwise, that maybe you are providing a service to
> yourself. Stranger things have happened, but I very much doubt any  UK Court
> would agree with you.
> 
> And even if by some dark and unlikely miracle a Court decided you are
> providing a service, and are therefore a "relevant operator", what might
> happen? The Home Secretary serves a Notice (which she signs with her own
> withered hand) on little old you, personally, requiring you to maintain the
> capability to decrypt your own comms.
> 
> At some later point, after you have returned the Notice for reconsideration
> and she has consulted the relevant committees, Judge etc, and then sent it
> back to you, she might require you to decrypt some comms.
> 
> If you failed to do so because you have not maintained the capacity, she
> could then institute civil proceedings for an injunction to make you
> maintain that capacity in future.
> 
> But she can't send you to jail, or fine you, for having failed to maintain
> that capability.
> 
> 
> However the last four paragraphs are just fantasy, because you are not
> providing a service, and therefore you are not a "relevant operator".
> 
> 
> 
> If you don't get it, I think the Bill is ugly, evil, stupid, invasive,
> disproportionate and generally sucks big time - but it has fuck all to do
> with banning encryption.
> 
> 
> -- Peter Fairbrother

-- 
Free Australia: www.UPMART.org
Please respect the confidentiality of this email as sensibly warranted.

More information about the cypherpunks mailing list