UK gov says new Home Sec will have powers to ban end-to-end encryption

Peter Fairbrother peter at m-o-o-t.org
Sun Jul 17 08:08:50 PDT 2016


On 17/07/16 12:37, Zenaan Harkness wrote:

> First part:
>
>> Thing is, while the Bill isn't good, it doesn't have anything at all to do
>> with banning end-to-end encryption. Or banning any sort of encryption.
>
>
> Second part:
>
>> It can require "relevant operators" to maintain some backdoors, most
>> obviously in mobile link encryption and some VPNs and other encrypted links
>> which are operated by "relevant operators".
>>
>> Less obviously, it can be applied to some websites and the like.
>
>
> Third part, which is really the first part repeated, for kicks:
>
>> But there is no power to ban encryption anywhere in the Bill.
>
>
> TADAAA!!!
>
>
> And the winner is - no one! This is sad. The bill is sad. Your
> interpretation is self contradictory.


Err, how? The bill gives powers to require some backdoors [1], but it
doesn't ban encryption in any form.

Or do you think some types of mandatory backdoors and banning encryption
are the same thing?


[1] The HS doesn't control the backdoors, the "relevant operators" do.

The HS can require "relevant operators" to maintain the capability to
decrypt encryptions which they apply - but it doesn't say anything about
banning encryption which other people apply, or banning encrypted
communications where other people have done the encryption

As for doing the impossible and maintaining the capability to decrypt
encryptions other people have applied, if you can't do it, you can't do
it. There is no need or duty to do the impossible.

[...]

>> If you as a private person apply the encryption yourself, there is no power
>> in the Bill to make you backdoor it (though there have been powers in RIPA
>> to enforce demands for keys in some circumstances since 2001), and there is
>> no power to prevent you from using encryption.
>
> OK, I'll help out here - read this paragraph just above again, then
> without blinking (I'm serious now) read the following paragraph three
> times:
>
>>>> "Relevant operators" are persons who provide "any service that consists in
>>>> the provision of access to, and of facilities for making use of, any
>>>> telecommunication system (whether or not one provided by the person
>>>> providing the service) [... including] any case where a service consists in
>>>> or includes facilitating the creation, management or storage of
>>>> communications  transmitted, or that may be transmitted, by means of such a
>>>> system."
>
> I'm getting lazy, so I'm going to trust you to point out to us, in
> simple terms, your own contradiction, e.g. how a commieputer program
> running on my phone, and talking to Juan or Applebaum's phone which is
> likewise running the same program, how this program for example could be
> considered to be encompassed by "any service", with me, running that
> program as the "relevant operator" of my telemaphone, which service so
> operated consists of provision (to me the operator, likewise to Juan or
> Appelbaum at the other end as mentioned) of "access to" or at the very
> least "facilitates for making use of" a certain "telecommuniscations
> system" provided by my ISP/Telco (and likewise by/for Juan or Applebaum
> at the other end as previously mentions), and further which program
> manages the latency of, facilitates the creation of the connection, and
> optionally stores for the operator the data thereby transmitted, or that
> may be transmitted next time I operate this sytsem, my means -of- the
> system.
>
> Again, I'll leave it to you to point out such an example for the benefit
> of our loyal, deserving and patronising readers.

You are not *providing* a service. You may well be using one, but you
are not providing one. Therefore you are not a "relevant operator", and
that part of the Bill does not apply to you.

You have to read these things carefully.




You might argue otherwise, that maybe you are providing a service to
yourself. Stranger things have happened, but I very much doubt any  UK
Court would agree with you.

And even if by some dark and unlikely miracle a Court decided you are
providing a service, and are therefore a "relevant operator", what might
happen? The Home Secretary serves a Notice (which she signs with her own
withered hand) on little old you, personally, requiring you to maintain
the capability to decrypt your own comms.

At some later point, after you have returned the Notice for
reconsideration and she has consulted the relevant committees, Judge
etc, and then sent it back to you, she might require you to decrypt some
comms.

If you failed to do so because you have not maintained the capacity, she
could then institute civil proceedings for an injunction to make you
maintain that capacity in future.

But she can't send you to jail, or fine you, for having failed to
maintain that capability.


However the last four paragraphs are just fantasy, because you are not
providing a service, and therefore you are not a "relevant operator".



If you don't get it, I think the Bill is ugly, evil, stupid, invasive,
disproportionate and generally sucks big time - but it has fuck all to
do with banning encryption.


-- Peter Fairbrother







More information about the cypherpunks mailing list