Britain and Apple Fucking Your Privacy

Ben Tasker ben at bentasker.co.uk
Mon Nov 21 07:34:34 PST 2016 

On Mon, Nov 21, 2016 at 3:02 PM, Cannon <cannon at cannon-ciota.info> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> 1. I wonder what effects this will have on encryption. Since encryption
> cannot be "decrypted on demand" if it is good encryption, this means that
> likely true encryption will be banned in UK?
>
>
They've previously said that this won't be the case. Whether that proves
true is something else, of course, especially as they've still not been
able to explain exactly how they intend those companies to decrypt.

In reality various bits are almost certain to hit the European Court and
get shot down, though it might then get resurrected post-Brexit. ICR's in
particular probably don't stand much chance of surviving.

No-one's quite sure exactly which providers are going to be expected to
keep the logs either, as there's no definition of what a CSP is. It's
almost a given that consumer ISPs will be required to, but who else?

I currently have no idea what, if any, of the various services I make
available will be affected. I'd shut down operations before even
considering complying with some of the requirements.




> 2. And what are the details on allowing hacking, does this mean that
> spooks can lawfully bulk hack anyone/everything?
>
>
Apparently they need to constrain the scope a little and be targeting
something specific, but essentially, yes.


For security concerns I propose we boycott all and any technology,
> products, services, or businesses based in UK that complies with "the law"
> and has anything to do with technology or communications out of security
> concerns.
>
>
If you're going to do that, be very vocal about the business you would have
done, and why you weren't able to trust them. Doing it quietly will change
nothing.

In particular, there's a good chance those companies won't be allowed to
disclose that they've had to comply. Warrant canaries arguably don't work
as well in the UK as (IIRC) you can be ordered to avoid doing anything that
might lead to disclosure of the order, which would include failing to
update the canary. At least, I recall reading that somewhere.



Theresa May's had a hard-on for this capability for years though, so
there's some serious determination behind seeing it all come to pass, so
it's going to be some time before common sense prevails (if ever)


-- 
Ben Tasker
https://www.bentasker.co.uk
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 3560 bytes
Desc: not available
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20161121/7ff5a224/attachment.txt>

More information about the cypherpunks mailing list