No explicit ban on encryption, but the existing RIPA obligation to decrypt when you have the capability and are made to. Potential madness in the "Equipment interference" section, although the bill claims this is already authorised under different legislation.
The Bill uses "communications data" to mean what we would call "metadata", ie everything except the contents.
"Equipment interference allows the security and intelligence agencies, law
enforcement and the armed forces to interfere with electronic equipment such as computers
and smartphones in order to obtain data, such as communications from a device.
Equipment interference encompasses a wide range of activity from remote access to
computers to downloading covertly the contents of a mobile phone during a search."
The irony - if that's the word - is that a site visit history is largely useless as metadata.
Only the most stupid people are going to visit "verydangerousterrorismsite.com" without going through a VPN. And visits to Facebook or Google are just noise without the details.
It's hard not to suspect that the real reason for the legislation is to legitimise dissident profiling, voter sentiment analysis, and thoughtcrime tracking.
I'm expecting an attempt to ban personal use of VPNs (without a commercial license) by around 2020.
"Largely useless" only to fight external threats. As you say, it's invaluable for controlling internal dissent and abuse the system. Knowledge of a visit to AshleyMadison or YouPorn becomes instant blackmail material, regardless of contents.
Note for Eurosceptics: you know what the last bastion against this autocratic movement is? Yup, the European Court of Justice, backed by all those highly-worded treaties. Lose that, and you'll get back being hostage of your national elites.
you know what the last bastion against this autocratic movement is? Yup, the European Court of Justice, backed by all those highly-worded treaties. Lose that, and you'll get back being hostage of your national elites.
Yet here we are, anyway.
Remind me which government gave us the Data Retention Directive?
> On 8 April 2014, the Court of Justice of the European Union declared the Directive invalid in response to a case brought by Digital Rights Ireland against the Irish authorities and others.
If the Snooper's Charter makes it through, the ECJ is the only hope to strike it down and keep it down, considering how Labour is hardly free of authoritarian tendencies. That's the truth, as uncomfortable as it might be for eurosceptics.
No, I'm just saying that removing the EU layer you lose another chance of fighting against the current (and/or future) wave of power-crazy national elites.
I don't see how a supranational government is any better than a national one, though. If anything, they're more remote and intransigent, and pretty much have a revolving door between the two. I trust neither when it comes to this issue.
The EU is historically influenced by "virtuous" countries, which have little interest in signing bad laws; "bad" countries benefit as a result. The European Parliament, with its proportional representation system and loose alliances, can often be more easily influenced on big, visible issues, than the hardcore-conservative first-past-post Westminster (where party loyalty is paramount).
The EU is not perfect (the Commission in particular is the root of a lot of "evil" activity), but if you believe in checks and balances, it's yet another power you can appeal to when things look dire on the home front.
The ROI of banning VPNs is very minor...What would they get in return? Providing investigators with easier access to information they can already get? Whereas banning VPNs would be an expensive legal and enforcement hurdle and has the potential to cause media/civilian backlash.
So why ban VPNs when they are already expanding they're existing ability to:
a) get access to information held by service providers (which include VPNs)
b) "remote access to computers to downloading covertly the contents of a mobile phone during a search."
In practice, a VPN does nothing to prevent them from accessing the sites you visit. Other than requiring some additional paperwork to send an information request to VPN (not even a warrant) to fill in the gaps which passive surveillance can't provide. Plus the VPN will give people a false sense of security... so they wont think twice about visiting [verybadsite.com].
It's more along the lines of using that metadata to know what time you visited a website so they can match activity on the website to your timestamp. This is also how they have in the past found you're responsible for something without having to get logs from your VPN. Another usage where this will be useful will be for peer to peer networks, now police can easily find out exactly what you have downloaded via bittorrent. And if tox.im type of 'p2p chat networks' become used, that would help them more than it would if you used a centralized chat service as it's previously been stated that the metadata (who communicates with who) is more useful than the contents.
On another note, do we know yet whether the police could bulk ask for everyone's connection history or do they need 'reasonable suspicion of a crime'?
As far as I can tell, bulk collection does require a warrant (as per the bulk powers section) and is limited to security / intelligence agencies (does that include police?).
Police have to request the ICRs for an individual on a case-by-case basis, going through a 'senior officer' who takes advice from a single point of contact (SPoC), although I can't find any criteria for SPoC selection.
In any case, there's no judicial oversight on ICR requests as far as I can see.
* "Warranted interception is used only for intelligence purposes."
* "Warranted interception is governed by RIPA."
There is of-course, no mention of unwarranted interception. One must presume that there is no unwarranted interception of communications being actioned.
The problem I think is that ICRs don't fall under the rules for interception. They seem to be a part of communications data:
A kind of communications data, an ICR is a record of the internet services a specific device has connected to, such as a website or instant messaging application.
Communications data doesn't have the same warrant requirements.
So no warrant would be needed to get a list of domains a person has visited.
Which is a great idea, because what you really want is people in high stress jobs not turning to organisations like mental health charities or alcohol support groups for help because they fear being outed, or people concerned about medical conditions not using on-line services provided by the NHS for fear of putting up insurance premiums, never mind the obvious things like compromising the high profile, married political candidate who visited bestgaypornevah.com every day last month.
The idea that any information that would normally be effectively private should be subject to government snooping without a good reason and proper oversight is inevitably a chilling effect, and it's all too likely that in the worst cases some people in the kinds of situation I mentioned before will literally die because of it. As much as I hate over-the-top political rhetoric, if we're going to have this debate for real now, I suspect the civil liberties groups are going to have start making blunt, bold statements like that to make their case.
It would also help if the people debating these issues in Parliament better understood the technical implications of some of the proposals and therefore why some of the safeguards also proposed in this debate won't or can't actually work. For example, even if we accept that logging visited web domains and making those logs subject to warrantless examination is justified, I'd like to know what technical mechanisms the average MP believes to exist for identifying and recording the domain name of all visited web sites reliably but nothing more, and how much they think it would cost ISPs to implement those mechanisms across the board.
8:40 'Security risk' of storing communications data
"A new law to govern how police and intelligence agencies and the state can access communications and data will be published today.
Preston Byrne from Eris Industries, a cryptographic communications company which is withdrawing from the UK because of the proposed law, says the government is going to be tracking metadata which is essentially "a map of what you're thinking".
He warns the data could be compromised - citing the recent TalkTalk hack - and says this could lead to blackmail. And he argues that
criminals and terrorists" don't use normal communication channels" so only the law-abiding people will be affected by the bill."
Preston Byrne has a point.. even common people are using VPNs and TORs. How come the terrorists bare their communications for surveillance?
"...he argues that criminals and terrorists" don't use normal communication channels..."
That part is true, and is known to government, the public (not at large, but it's no secret) and criminals.
The problem is a simple one, and identity checks at borders are a good example. You ask non-nationals, for example, to fill in a landing card to indicate where the traveller is staying during his or her visit.
If left blank the traveller is interrogated and risks deportation. If however the traveller lies and provides any plausible address, be it hotel or residential, he or she is allowed through without suspicion.
The manpower doesn't exist to verify these details. The technology doesn't exist that verifies these details.
The net result is that technical solutions will only catch stupid people. The outliers, the ones you really want, know how to game the system and don't get caught. No matter how much snooping, back-dooring, breaking of encryption or other nefarious thing is done.
It's economics + psychology. You spend what you have to ensure you cover 99% of the problem. The remaining 1% requires 1 or more orders of magnitude of resource to catch, which is simply not viable.
> The manpower doesn't exist to verify these details.
No, but that's not the point. The point is having yet another data point they can use to incriminate you, regardless of the actual crime they decide you must have committed. Say, you declare you'll stay at this hotel for a week, but actually check out after a day to [go sell drugs || see-sight in another city]; if they decide you must have been selling drugs, even though they can't prove it, they can get you for lying on your entry paper.
The more laws and regulations you have, the easier it is to punish anyone regardless of whether they can prove bad things actually happened. It's a degeneration of the "Capone" approach, and it's extremely common in authoritarian regimes. The fact that this sort of pointless law is becoming quite common across the EU is a worrying trend.
I agree it's not the point. It is one of many root causes though. It's a very interesting root cause because that economical situation gives authoritarian regimes, as you call them, the power to be authoritarian.
As an aside, while I used to be hugely concerned about this state of affairs, I am less so now. Maybe because I'm older and know a lot more than I used to. They may have the ability to "punish anyone", but not everyone. And while it is becoming more common in the EU, it is already fact in the US.
My reality is that I am unwilling to do anything about this situation, because I'm already devoting my time to other things - things I know I can influence. If I'm unwilling to do anything, I'm also technically disqualifying myself from advocating a course of action.
They also have banned some forms of pornography. The UK government has made it a priority to restrict and intrusively scrutinize the lives of its citizens, removing their ability to resist.
They're rapidly arriving at fascism. The public seems listlessly along for the ride, as usual.
> They also have banned some forms of pornography.
While I get that it's not what you mean, I believe most of the world bans certain type of pornography - namely child pornography? (Although the world doesn't agree on what a "child" is in terms of age).
I'm not sure it's controversial to ban some forms of expressions that are considered to be more or less universally only possible by harming the innocent (see also: bestiality).
Personally I have an issue with possession of data being a crime, as it is such a dicey proposition when it comes to planting evidence etc. But I don't have any problem with it being illegal to eg: manufacture child pornography.
What do you expect? In the days of Henry the 8th, they beat people up when they refused to pay tax. We still have our monarchy, it's British nature to just let our rulers do whatever they want to us, we wont fight back.
Any material judged to be obscene under the
current interpretation of the Obscene Publications
Act 1959 (could include bestiality, bondage, rape simulation, etc.) People have even been charged for writing stories, though I don't think anyone has ever been successfully prosecuted (https://en.wikipedia.org/wiki/R_v_Walker)
How on earth can that act be deemed as this government banning 'some forms of pornography'? Even R v Walker is 2009 - a year before even the last government. Although UK production and distribution of some acts were banned last year, the pre-Coalition governments were far more draconian with their criminalisation of certain material involving consenting adults.
1 and 3 were on their manifesto. Given that they have a majority it is only a matter of time before they achieve them.
P.S. as I understand it 3 if achieved means that they either have to pass new almost identical legislation compatible with the UN convention on human rights or the UK would be in breach of our UN commitments...
Being in the EU is of debatable value (I think it's overall a good thing but I understand that there is some bad). Being in the UN is basically a requirement for being a country in the modern world.
The BBC is being a good state mouthpiece today - the fact that they're quoting May as saying it doesn't hold previously contentious matters (I.e. Breaking encryption) is disingenuous to say the least. The bill will say that "unbreakable" encryption is illegal - which means all encryption, as if it's breakable, well, it's not really encrypted, is it.
Never mind that this is totally unenforceable. I could write up a one time pad with pen and paper. Most won't. Crooked cops will sell data. They'll blame "hackers".
You only need look at the talktalk debacle to see how incredibly warped this govt's views are - they haven't arrested anyone at talktalk, who are tge ones who had such poor infosec that script kiddies could blow them wide open. Instead they're arresting children.
Oh, and I'm seriouslt considering redomiciling my company - we only contribute a few hundred million quid to the UK economy.
The bill will not say unbreakable encryption is illegal.
I've heard from sources inside the government that their intention is to maintain the legal status-quo dating from RIPA 2000. Which is to say that service providers have to disclose personal communications where reasonably practicable.
Since it's not possible for service providers to break end-to-end encryption, they will have a defence. Obviously this is a bit of a fudge and the position may need clarifying in court. But it's not the intention of this bill to change the legal status quo.
> it's not the intention of this bill to change the legal status quo.
If they didn't mean to change the status quo, they wouldn't have introduced a bill.
As it happens, they do want to change the status quo, by making clearly acceptable for authorities to eavesdrop, something that was, er, technically illegal before, despite them doing it anyway.
So instead of punishing spooks for breaking the law, they're changing the law. Easy, innit?
Plus, with the new "websites visited" retention rules - extendable at whim, there will be a permanent record, for example of that episode of Frasier that you downloaded from a Torrent site. A permanent record that is, of you "stealing something".
>If they didn't mean to change the status quo, they wouldn't have introduced a bill.
Just strictly on this point, sometimes bills (or parts of bills) are introduced to clarify existing law. It may be a matter of subtle semantics, but this is often what is meant when it is claimed that a bill will not change the law.
Well, in this case the proposed act will basically supersede the Human Rights Act, by excluding authorities from respecting its article 8 ("Right to Privacy"), under which they've been repeatedly challenged (and defeated) since Snowden's revelations. Which is really a change in law, not a clarification.
So yeah, what they really need is a change, because current law is very clear that what they do is illegal.
No, it doesn't (and can't) supercede the HRA; there is actually no mechanism in UK law for doing that other than explicit repeal (Factortame principle).
IANAL but I've been chewing my way through the ~300 pages of the published draft bill. What catches my attention is that the bill appears does not appear to sufficiently constrain the Secretary of State's powers to oblige a "telecommunications provider" to render technical capabilities deemed necessary to "assist in the in the implementation of warranted activity".
Here, the definition of "telecommunications provider" seems (to my understanding) so broad as to cover any provider of an online service, paraphrasing section 193:
"Communication" is "anything comprising speech, music, sounds, visual images or data of any description" and "signals serving either for the impartation of anything between persons, between a person and a thing or between things or for the actuation or control of any apparatus."
And a "telecommunication service" includes "any case where a service consists in or includes facilitating the creation, management or storage of communications transmitted".
Section 189 titled Maintenance of technical capability allows the Secretary of State to make obligations on telecommunication services including (paraphrasing again):
* relating to apparatus
* relating to the removal of electronic protection applied by a
relevant operator to any communications or data
* relating to the handling or disclosure of any material or
data
in addition to requiring them to "provide facilities or services of a specified description"; the specification apparently being deferred until notice is served on the service provider.
Conversely, the Secretary of State is required to consult before serving a "technical capability notice" and section 190 lays out a number of considerations for the Secretary of State including "technical feasibility", "likely cost", "likely benefit" etc.
But other than these apparently very weak constraints, it appears to provide carte blanche for the Secretary of State to demand new technical capabilities of any service provider for the warranted access and interception of any user data they store or transmit.
So, it doesn't, but it does say that GCHQ have carte blanche to break encryption at will without warrant, in clause 187 section 423 - which may as well be the same thing, given that they can break far more than they let on, as they've more than likely factorised the most commonly used primes in standard implementations of cryptographic protocols.
That clause simply adds "make use of" to the beginning of the existing paragraph in the existing legislation[0]:
(a)to monitor or interfere with electromagnetic, acoustic and other emissions and any equipment producing such emissions and to obtain and provide information derived from or related to such emissions or equipment and from encrypted material; and
They're still bound by the second clause in it:
(2)The functions referred to in subsection (1)(a) above shall be exercisable only—
(a)in the interests of national security, with particular reference to the defence and foreign policies of Her Majesty’s Government in the United Kingdom; or
(b)in the interests of the economic well-being of the United Kingdom in relation to the actions or intentions of persons outside the British Islands; or
(c)in support of the prevention or detection of serious crime.
With cryptographic protocols that rely on the difficulty of factoring large semiprimes, aren't you supposed to use primes that no one else has used before? If you use the same primes to make your key, then you would have the same key as someone else.
It will not include powers to force UK companies to capture
and retain third party internet traffic from companies based
overseas. It will not compel overseas communications service
providers to meet our domestic retention obligations for
communications data. And it will not ban encryption or do
anything to undermine the security of people’s data. And the
substance of all of the recommendations by the Joint Scrutiny
Committee which examined that draft Bill have been accepted.
The draft Bill will not impose any additional requirements
in relation to encryption over and above the existing
obligations in RIPA.
However, under "EQUIPMENT INTERFERENCE" it discusses the following:
What is it?
27. Equipment interference allows the security and intelligence
agencies, law enforcement and the armed forces to interfere with
electronic equipment such as computers and smartphones in order to
obtain data, such as communications from a device.
Equipment interference encompasses a wide range of activity from
remote access to computers to downloading covertly the contents of
a mobile phone during a search.
Why do we need it?
28. Where necessary and proportionate, law enforcement agencies and the
security and intelligence agencies need to be able to access
communications or other private information held on computers, in
order to gain valuable intelligence in national security and
serious crime investigations and to help gather evidence for use in
criminal prosecutions.
Equipment interference plays an important role in mitigating the
loss of intelligence that may no longer be obtained through other
techniques, such as interception, as a result of sophisticated
encryption. It can sometimes be the only method by which to acquire
the data. The armed forces use this technique in some situations to
gather data in support of military operations.
In other words, if you use "sophisticated encryption" then we'll just hack you, and that is about to be perfectly legal. Previously, "we" just used to do it anyway. Now we are going to make it legal, and have a FISA style "yes whatever officer" court in the UK, like you have in the US.
This is really the bottom line here. The UK is moving towards a secret court, with secret decisions, copying the US style FISA. So long and thanks for all the cups of tea.
With you on the move IT / High tech out of the UK bit (also already had talks with our accountants & lawyers to relocate our company away from the UK).
One part of the "snooper's charter" is that it makes the ISPs / providers liable ("their duty") to store the content of I-Net sessions and provide access to this data for service, police & the tax office (not clear how all of these entities will share the data between each other or with the outside).
De facto this makes any end-to-end encryption or zero-knowledge services impossible to provide from the UK. If this propagates across EU / US / other countries it will bring an end to many cloud-based services & many saving governments & commercial are planning or envisioning for the next years. Wild guess estimate in damages to the UK (five years) - £100Billion + long term effects.
It seems the group of people pushing on this piece of legislation so heavily since years have not learned a bit from what is / has been happening in the UK and elsewhere for many years across industries (alternative reality: they want to create an very large income stream for themselves. This will nevertheless be most likely be short-lived at the cost of the overall UK economy / competitiveness - short- & long-term).
What has been proven over-and-over again in the UK (and certainly elsewhere as well) is that government or similar oversight is not working and is constantly abused by those given access to these means when large financial amounts / incentives are available to those who "bend" these processes / regulations / e.a. to their own benefit. At the same time those so far do not have to fear any reprisal / punishment. This is another shortcoming and clearly demonstrates that the true intentions of this legislation must be completely different from the labeling publicly provided - I'm talking about punishment along the line given to so called "hackers" in the UK / US - 10 years min. - but wait - it was the UK just recently that has removed all punishment for breaking the law 100'000s of times by some of its services (they couldn't make it legal without due process through the parliament so they just removed the punishment).
Let's have a brief look into how well "oversight" works in the UK:
- News of the World (data / access sold off by government employees)
- UK Mis-selling saga with PPI - unique case as almost £30Billion in compensations have been granted - non-working financial oversight
- Gold fixing scandal - non-working financial oversight for many years / decade
- FX fixing scandal - non-working financial oversight for many years / decade
- Bailouts / 2008 financial crisis - non-working financial oversight for many years
- NHS data leaks - no due process and proper data protection
- plenty more to add ...
... crime and abuse of the rules happens when an opportunity is provided with incentives and no reprisal.
IMHO - that is the biggest danger from all these almost limitless surveillance laws and powers provided without checks.
The BBC has been a mouthpiece for both the UK and the US government for quite a few years. That's why I've always disliked seeing their articles here, and I'd prefer another source like TheGuardian instead.
Their previous one about UK gov "backtracking" on encryption backdoors was just as bad.
Read through it and see how 80% of it is the government's opinion about these things. It barely gives mention to what the civil liberty groups are saying.
Read the last four paragraphs of the article, for instance. They only deal with how much of a headache end to end encryption is for authorities - and leaves it at that. What about what the civil liberty groups say about how it protects security and privacy?
It's an organization funded by tax payers. That doesn't automatically mean it is a state mouthpiece. Unfortunately, they have not been very bold in their reporting since the Hutton Inquiry:
The BBC is not funded by tax payers. It's funded by the TV License which is not compulsory. If you choose not to watch live broadcast television then you don't pay for a TV license.
Your definition would mean VAT isn't a tax. Just avoid the luxuries[1] and you avoid the VAT.
You have to pay the licence fee even if you never watch any BBC broadcast material. A person who only ever watches ITV would have to pay the licence fee.
And non-payment of the licence fee was a criminal offence with fines, and non-payment of the fine sent many people to prison.
It feels like a tax.
[1] also tampons and sanitary towels, which probably don't feel like a luxury purchase.
I was informed by a TV license "officer" that provided you detune BBC channels you can still watch commercial channels. In the same way that I am permitted to listen to BBC radio channels (for which no license is required) via a Sky box.
TV licensing have to prove that you're watching on-air BBC broadcasts.
In the UK even if you do not watch TV at all (live or recorded) you have to pay the BBC Tax / TV license fee under certain circumstances.
Best known one is having a car with a live video feed (e.g. a reverse camera to the dashboard) -first ones were Range Rovers and other luxury cars but these features are now arriving within more "bread and butter" cars as well.
Still better than in Germany where they recently turned it into a per-household tax to be paid even if you don't watch any TV / broadcast at all.
Incorrect, I pay no license fee as I only watch things through non-live streaming services such as Netflix, NowTV and iPlayer.
I used to have a TV license and cancelled it. When they asked why I was cancelling, I said that I consumed my entertainment through non-live streaming services and they were happy. That was at the end of last year and I haven't heard anything since.
just half true - you're right with regard to recorded broadcast, but...
Do you drive a modern car, do you have surveillance cameras at your property / your offices? - Bang you have to have a TV license in the UK even if you don't watch any TV.
Every year thousands of people in the UK are pulled to court / persuaded to pay thousands of £s to settle enforcement cases against them (or even go to prison) because they only look at half of the rules.
No, you don't. You're reading the legislation incorrectly which can happen if you just read it sequentially. Nobody goes to prison because their car has a reversing camera, that's absurd.
Whilst true that in Section 9 (Part 3) of 2004 No. 692
ELECTRONIC COMMUNICATIONS BROADCASTING The Communications (Television Licensing) Regulations 2004[0] a 'television receiver' is defined as:
any apparatus installed or used for the purpose of receiving (whether by means of wireless telegraphy or otherwise) any television programme service, whether or not it is installed or used for any other purpose.
...the key part is Section 363 of Part 4 of the Communications Act 2003[1] which states:
It an offence to
* install or use a television receiver or
* possess or have control of a television receiver with the intent to install or use it or
* possess or have control of a television receiver and know or have reasonable grounds for believing that another person intends to install or use it without a valid TV Licence issued under the Communications Act.
If you own or possess a television set without installing or using it as a TV receiver (e.g. you only use it to watch videos or DVDs, or as a monitor for a games console) then you don’t need a TV Licence. This is what the ''television programme service' refers to in Section 363 - the key part being that a TV receiver is concerned with the reception of live or 'virtually live' broadcasts.
This has been confirmed many times and directly by the BBC in this FOI request[2]
> In the UK even if you do not watch TV at all (live or recorded) you have to pay the BBC Tax / TV license fee under certain circumstances.
This isn't true.
You can quite happily watch iPlayer or 4OD or Netflix and not be liable to pay the license fee as long as what you're watching isn't live or being broadcast at that very moment.
You can avoid the TV License Fee if you only watch BBC iPlayer, or stick to things like Netflix.
It basically applies to any TV being watched as it is being broadcast at the time so you are liable to pay anything if you only watch shows after they have been aired.
Myself I tend to watch Netflix, some iPlayer and 4OD stuff and I do not have to pay anything.
That doesn't stop them sending letters once in a while to check though.
wrong - you need a TV license for "ANY" live broadcast in the UK - as mentioned in another comment here this includes any live camera feed (surveillance / in cars / etc) - so even if you never watch any TV (recorded or live) there a plenty of cases where by the law (under threat to go to prison) you have to sponsor the BBC.
The BBC is the only recipient of TV license fees in the UK - of course after plenty of cost created on the way between the consumer / license payer to the BBC / payee.
BTW the BBC is also the TV licensing authority in the UK and is authorised by the government via the Communications Act 2003 to collect and enforce the TV license fee. One of the companies in the Capita conglomerate has been "entrusted" by the BBC / the government to collect the TV licensing fees.
Well, representatives and the documentation from the TV Licensing authority themselves that they provided me with would seem to disagree with you.
A lengthy correspondence with them led them to conclude that because my TV was not connected to a TV aerial or cable, and I only used it to watch Netflix and iPlayer from my computer, I did not in fact need a TV license.
I've been through this dance with them three or four times.
Previously, when I looked, the BBC stated that they received a substantial sum from direct taxation in addition to the license fee. On that basis you pay in part and the BBC is funded [partially] by tax payers. IIRC it amounted to about 5% of the take from license fee payers.
"Grants from Government departments
For the year ended 31 March 2014, the BBC World Service
received Grant-in-Aid from the Foreign & Commonwealth
Office. Previously, BBC Monitoring also received a grant from
the Cabinet Office. These grants have been drawn down to
meet estimated expenditure in the year but unspent amounts
do not have to be repaid, as long as they fall within
predetermined limits. The grants are recognised as income in
the financial year that they relate to."
Very minor nitpick: you should say "consume live broadcast TV" as blind people don't watch but still have to pay.
A newspaper cannot be neutral. The real problem with the BBC is that it is officially proud to be neutral but it is not. I way prefer a lot of non neutral papers, where I know before hand their base political/economic/social views. This way I can go and read both sides of the story or if not that important, read just one side knowing that it is a partial view.
The BBC is by far the most neutral news source I have ever encountered. It's constantly subject to attack by both the government and the public, to the extent that it's terrified to take a stance on any issue.
This is what you think and this is the problem because you are not alone at all. I highly recommend you reading this book: "NEWSPEAK in the 21st Century". It is highlighting the fact that the BBC is not neutral for a lot of critical issues. This is why I prefer "opinionated" papers.
Sorry for this thread going maybe a bit off-topic, but this a subject I am pretty attached too. Again, I am not saying that the BBC is not doing great work, but just that it is not as neutral as what the opinion think it is.
Having worked in news for some years and seen how (esp. online) news are produced and weighted for priority, it is to say, that it is quite a sad state of affairs.
I stopped reading the news, following any news at all. If news do reach me and my interest exceeds a internal threshold, I start investigating the topic further.
So having a view from outside my home country might be interesting.
Cowardice is not neutrality. This is how we get global warming denialism given unreasonable amounts of airtime, using the "Views On Shape Of Earth Differ" approach.
Hold on - there's no 'it' (it can rarely be said to speak with one voice) and where do you get 'terrified' from? 'Attack' is also pejorative. It is entirely appropriate that a public broadcasting organization paid for license holders to the tune of £3.7 billion or so, is subject to extensive positive and negative critical comment.
There are basically no neutral papers in the UK. The Independent sort of tries, and the FT/Economist tend to be accurate with the facts but reflexively probusiness/neoliberal.
There's no requirement to or expectation that they will be. Papers are not required to present any kind of balance, as long as what they say is broadly true (external pluralism), for a given value of true. The broadcast media (the free-to-air ones) are required to be demonstrably internally pluralistic, to show a variety of sources and viewpoints within their output - and that applies across BBC, ITV, Ch4 and Channel 5, but not Sky News; goes back to when Radio came on stream in the 1930s.
The FT is not that neoliberal, it is fairly generally liberal, and generally more left wing than most of its readership by quite a margin, although it is quite varied.
Left and right are increasingly meaningless labels.
These days it is more pro-establishment vs anti-establishment.
For example, the most vocal people on privacy are an amalgam of independent thinkers on the "left" (The Guardian, etc) and independent thinkers on the "right" (Ron Paul, etc.)
While the "leftist" Hillary Clinton calls Snowden a traitor (so do a lot of "right"-wing people, too).
Stop it – this article is completely fine. It quotes the government, explaining what the plan is. It explains the views of other parties and what they think is wrong with the proposals. It quotes a civil liberties group, who explain why it's bad.
This is exactly what news should be. If you want more in-depth analysis or opinions, you should be looking elsewhere.
Hang on - he has a point, the BBC has become very pro government with its commentary and the way they choose to present information. Particularly above the fold.
I never understand this viewpoint, I read the BBC for online news and the Telegraph at home, it's very easy to see which one is pro government/pro Tory.
The BBC is basically going to be gutted by the current government, I don't buy into this world where they're pro government, I find they're fairly neutral while a lot of the people criticising it are almost certainly anti Tory.
Being less pro-Tory than the Telegraph is hardly a challenge. The Telegraph is the propaganda arm of the Tory party. As in they literally run press releases from CCHQ as news stories.
The BBC should aim for their coverage to reflect facts, not just be a the-truth-is-in-the-middle triangulation of Labour and Tory positions. Their neutrality and balance mostly consists of getting a comment from the Tories and then getting a comment from Labour, with the assumption that doing so will cover all sides of any issue. One of the aims of any decent media organisation should be to challenge the establishment, but when the BBC is constitutionally unable to criticise positions where Labour and Tories both agree then it's unable to fulfil that role.
The BBC is being a good state mouthpiece today - the fact that they're quoting May as saying it doesn't hold previously contentious matters (I.e. Breaking encryption) is disingenuous to say the least.
No, it's not.
The bill will say that "unbreakable" encryption is illegal - which means all encryption, as if it's breakable, well, it's not really encrypted, is it.
Source please – I've not seen this language indicated anywhere.
they haven't arrested anyone at talktalk, who are tge ones who had such poor infosec that script kiddies could blow them wide open. Instead they're arresting children.
Poor information security isn't a crime. Breaking into computer systems is.
Thanks for the source, it's interesting that The Telegraph is the only paper reporting this. IOW, I'll believe it when I see it.
The Data Protection Act does not in practice criminalise poor information security – it does criminalise the lack of things like a risk assessment. Short of actual negligence, nobody will be prosecuted due to the hostile actions of a third party. Probably not a bad thing, as it would be obviously ludicrous to do so.
Poor information security is a crime when that information involves personal information. The Data Protection Act requires that personal information is kept secure. Just because no one has been prosecuted yet doesn't mean they couldn't or shouldn't be.
UK law basically says "assess the risk and take appropriate measures." Short of criminal negligence, it's extremely unlikely that anybody will be prosecuted.
The Talktalk data leak actually seems like criminal negligence. I don't know the British law, but that level of negligence at least should be criminal.
"Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data."
TalkTalk did not take appropriate measures against unauthorised processing.
Actually, it can be, for example if it results in data protection violations[1]. However, UK law is slightly unusual in this respect, in that while there are technically criminal offences involved, at present the main ones can't lead to arrest or jail time, only monetary fines. A couple of years ago there was talk of consulting on changing this, though I'm not sure what the situation is following the recent general election.
A bank not locking their vaults would probably be slapped with a few dozen criminal charges in court. Why would that not apply for electronics? If you've committed to protecting the data, you're supposed to make a reasonable effort to actually do so.
To me (a UK citizen) this is like the government tracking the title and author of every book I read, "but don't worry, not the contents or page numbers you looked at". The idea this is any meaningful barrier to finding out what you're really up to is ridiculous. Phone metadata is one thing - and still highly revealing - but much of the web is public! It's enough to make me think twice about where I browse, wondering "if I ever got challenged over it, how will it look that I browsed to this site?". That seems pretty harmful to the web - possibly even in an economically measurable way?
Think about what happens when you hit theverge.com: 40-odd requests sent sites you've never heard of. So-called internet connection records are a huge mess of noise even without considering obfuscation.
It is trivial for anyone to embed hidden iframes or send silent ajax requests to child abuse and terrorist forums without giving the visiter the slightest clue what's happening. In the case of iframes, there would probably be cached 'evidence' left on the target's pc. Try explaining that as your defence in court when you get set up by some script kiddie.
If they want to frame you they don't need hidden iframes and stuff. They can just manufacture it. Because it's all secret/confidential, someone who has a friend or pays someone inside can incriminate someone and make his life a hell.
We were warned of PIDE in school for a good reason (PIDE was the Portuguese Stasi). People will abuse it.
There is a lot of Tory bashing going on here but this policy runs deeper, Labour tried to put through similar legislation. The coalition dropped it but is back. Each Home Secretary seems to become more hard line and blinkered, like they are being poisoned by the fear emanating from the security services.
Indeed, one of the strongest critics (David Davis) is a Conservative and resigned his position as Shadow Home Secretary and MP under the Labour government to protest and highlight the issues.
My first reaction to this was that VPN usage will explode, but I'm not sure how a VPN server hosted in another country would work with their desire to effectively ban encryption.
I feel like the UK is slowly goose stepping its way to a Chinese style firewall.
Given the right's obsession with what I'm ordering on Amazon, and the left being essentially unelectable right now, I'm not really sure where to put my vote at the next election.
I've been living in the UK for 2 years now, and just came back from several months in China.
Having been fairly 'cautious' about the surveillance situation in China, I returned only to realise it isn't a whole lot better here, and not improving.
Kinda glad I won't be staying in the UK, this is not a good direction to be going.
It's very sad to read this. Often you read comparisons from Westerners comparing UK privacy laws to China's and it's easy to brush it off as being sensationalist. But to hear that from someone living in China is really worrying.
Corbyn: so "unelectable", he got elected Labour leader. If you don't like the idea of electing Corbyn, don't vote for him, but don't let his "unelectability" put you off.
Quite. The people who insist loudest that he's unelectable are members of the Labour Party who just lost the UK general election, lost every single seat in Scotland but one, and know so much about how unelectable Corbyn is in elections that they couldn't beat him in an election themselves even though the only voters were Labour supporters.
Appealing to Labour voters who vote in leadership elections is not the same as being elected by the general population to be Prime Minister, by any stretch.
True, but the electoral logic that says Labour must be a centre-right party to get elected is the electoral logic of 1997, mixed with a heady selection of conscious and unconscious biases.
In reality I don't think anybody is qualified to state as fact that Corbyn is "unelectable". To me it's much more likely a statement intended to influence rather than inform.
If we vote to leave the EU there is an exit process that takes two years and will lead up to the next election, if it doesn't go well I would say he stands a fair chance of being elected.
And with their recent blocking of the removal of child tax credits, they are going to be promoting their liberal privacy policies for the next election.
We must still remember, the UK people voted in this current government.
We must still remember, the UK people voted in this current government.
That is a weak argument, though.
For one thing, the last election was the best (worst?) demonstration in recent history of how a first-past-the-post electoral system can lead to wildly disproportionate power (or lack of power) in Parliament compared to actual levels of popular support for the various parties.
For another thing, what the current party in power said to get people to vote for them and what they do once safely in government are not necessarily the same thing, and there is little practical way to hold them to account for deviating from their pre-election claims until the next election comes around five years later.
It was actually 37% of those who voted. Only two thirds of the electorate did, so in fact fewer than 1 in 4 of the electorate actually voted for the party that now has an absolute majority in the House of Commons.
That actually wasn't the biggest quantitative statistical unfairness of the night -- that award surely goes to the dramatic under-representation of UKIP and the Lib Dems in MPs compared to the popular vote they attracted -- but given the implications of an outright majority in Parliament, the disproportionate Tory representation is probably the most practically significant of the statistical anomalies that night.
Before 1 of November I got a VPN endpoint Switzerland (non-EU) and in Slovenia. Even better I did this before PE broke net neutrality rules. Zurich feels safer.
I also use Switzerland, but you should read up on BÜPF, they're wanting to go down the direction of the UK. Hopefully the direct democracy lets people throw the law out :\
What practical steps can we take if this becomes law? If police and local councils are given access to browsing records, abuse is inevitable.
There are already well-documented examples of councils using terrorism legislation to spy on people 1)suspected of using the wrong type of rubbish bin [1] 2)sending their children to school outside of their catchment area. [2]
This type of abuse and overreach will happen frequently. Not to mention crooked police/council officials selling data, and others pursuing personal vendettas & checking up on current and former romantic partners.
The UK will become a horrible, paranoid place.
What can I do to protect myself? Use a VPN for all internet access? Use Tor (which seems too slow for most practical purposes)? What else can we do?
These days, Tor is not slow for practical purposes (except maybe for low-latency things like online gaming). Use it, it pisses GCHQ off quite a lot. :)
I don't think you actually know that it 'pisses GCHQ off quite a lot'. Public news about this can be misleading on purpose. Perhaps the cunning plan is to frighten those with something to hide into using Tor for which (who knows?) they have developed tracking techniques via a variety of approaches. If true, they'd be crazy to make that public. Herd your mice along the Tor route by discouraging use of the non encrypted internet.
All irrelevant really since anyone can arrange to communicate via an innocuous looking one-time pad whatever the weather irrespective of any possible moves that a government can make short of shutting everything down!
Enough voters are so easily led by fear and minsinformation that I'm starting to think that there is nothing at all we can do.
I am a member of the Open Rights Group. I make monthly donations and attend their conferences. I petition and write to MPs and MEPs and nothing works. I don't even get replies.
Which is why I am now considering moving out of the country. I'm currently weighing up my options.
There is very little about Britain, its politics and the majority of the voterbase that I have anything in common with, apart from being born on the same patch of dirt.
Likewise: I'm a member of ORG and have written to my MP with no response. The general population either don't care or, as you say, are misled with bias and what amounts to emotional blackmail ("Think of the children", etc.)... We're doomed. The thing is, there doesn't really seem to be anywhere that isn't close behind.
In a past HN thread someone posted the same conclusion, of just moving country. I feel the exact same as well, but utopia doesn't exist, so what country do people suggest?
Finland, Switzerland, Czech Republic or South American countries (Costa Rica, Panama, etc) are the countries I have in mind. I'd gladly move to Switzerland but it costs too much. Romania appears tech friendly but it's too poor there. South America is nice but it's too far away from the UK, so going to my family for Christmas would be a problem.
I know this is a UK related thing, but I've honestly felt this way about the US lately as well (and the situation isn't much different). Not sure where to look, everyone seems to have their problems dealing with the disruption and possibilities technology is bringing.
A few places I've considered and researched so far are Norway, Denmark, Iceland, Germany, Belgium, and Switzerland.
Some of these countries are worse than others when it comes to similar surveillance or civil liberties issues but they all at least appear to be very much preferable to Britain and the path it is on.
The language barrier in issue in some of these places more than others, although I am open to learning a new language. I began taking German lessons recently just for fun.
The actual process of gaining citizenship or even residency can be difficult too, especially for somewhere like Iceland from what I have learned.
It's obviously a massive decision to make and not one that can be made quickly and rashly.
I just can't see myself wanting to stay here in the UK much longer. I don't feel any kinship with this place.
Iceland IMO would only be good if the Pirate Party actually wins the election, but at the moment I think it's too soon to consider that country an option for myself. Norway, Denmark, Germany & Belgium censor websites for corporations which rules them out for me and some of them also appear to be going down the same path as the UK. I want somewhere where I can operate my websites without having to constantly suffer from a Chilling Effect, as I do currently in the UK.
From personal experience, language barrier wouldn't be an issue in Belgium for a tech job. Due to existent Flemish/French division, English often becomes the local esperanto, although it may depend on the company policy.
Yeah I imagine professionally (as a developer) my English language wouldn't be a major hurdle in many of these countries.
I think that I would have some problems socially though. Naviagting my way around the country, buying goods and just trying to talk to people would pose more of a problem.
This is a proposed bill and will be debated in parliament. You should talk to your MP, ideally in person, or at least via email / letter (Talktoyourmp)
Generally it's a good idea for everyone to support EFF, most of data about you, your family, friends is in the US. If EFF or ACLU or wikimedia can make a good change in the US, everyone will benefit.
"For more intrusive surveillance - involving the detailed content of the communications - security services need to obtain a warrant."
The way this is worded makes me wonder if the 'detailed content' will be harvested with everything else and then retroactively looked at with a warrant.
The proposal (as I understand it, from media reports) is that ISPs will be the ones required to intercept and log the data. So it's unlikely that they will store anything more than required, if only for cost reasons.
By their (lack of) logic, they should also have an officer following every citizen and logging where people go, so that they can know John left his house at 9:17 and checked in at local grocery shop at 9:28. With a warrant they could then obtain information that he has bought a large cucumber - let's arrest him, because he is probably cheating on the government with cucumber. He told the grocer, that how government fucks him is not making him satisfied, so he has to finish the job with a cucumber.
We should also ban alleyways, as criminals can hide in them too.
Also noisy pubs and bars, because they provide an excellent environment for criminals to converse without people overhearing them.
And possibly the postal service, because criminals can use them to send messages, explosives, drugs and children to other criminals, without the police knowing the approximate contents of the communications.
With location data and browsing habit metadata they already have that kind of info (with warrants). But their logic is still flawed in assuming criminals won't use a VPN and HTTPS.
It seems they want historical data so that they can run algorithms on large datasets and identify potential threats. In theory it's great as it will catch your average low level idealists, so rationally we can conclude that they're trying to focus on identifying, for example, potential IS recruits rather than organised crime.
That's so 00s. We need something that can't be easily fooled by scarf. I wonder when body odour recognition will arrive
joking aside, facial recognition has still some challenges, it can track a face wherever it goes but it's hard to assign a face to an identity unless it's constantly retrained (especially as people age/change)
I read the article, but I'm no clearer on what the criteria for issuing a warrant is.
A few years ago it seemed like the answer was "because TERRORISTS", now they're also talking about organised crime and child abusers.
This government have already branded the leader of the opposition a 'treat to national security'. Which leads me to concluded that they are either lying, incompetent, or reading all his internet history too.
Furthermore, I've heard no compelling arguments as to why the idea of an independent judiciary (who should be the only people who can issue these warrants) is broken, or how it should not apply when it comes to the online world.
But the drip drip drip of obfuscated and fear motivated erosions to the balance of powers continues, and it's making me deeply worried about what kind of country my grandchildren will live in.
If we can't get privacy using crypto, we could always use chaffing to make their database useless. We just need a list of sensitive websites that want to hide their true users, and an ad-serving network that randomly serves up links to those sensitive websites on other web pages (but doesn't display them). In this way, everyone's browsing history will look suspicious, so the data won't be of any use.
>"Such data would consist of a basic domain address, and not a full browsing history of pages within that site or search terms entered."
Am I right in understanding they will have access to this data without a warrant? And then any 'further' data would then need a warrant.
>"For more intrusive surveillance - involving the detailed content of the communications - security services need to obtain a warrant."
So with more and more websites using https, where does this 'detailed content' come from? Is the Government expecting ISPs to collect data that doesn't exist? As far as I was aware, as long as you view a website in HTTPS, there was no way your ISP knew what individual pages you are visiting.
The full text hasn't been released yet - just going on statements over the last few days. It's likely that you'll have to give the government your private keys, or be able to decrypt any encrypted communication that passes through your network.
Again, it's likely unenforceable, in no small part as there's no such thing as a "communications provider", which is the term they keep on using. Skype, Apple, etc., don't work in a vacuum - data transits via peers (are they communications providers?), your computer (is that a communications provider?), your ISP (they're almost certainly a communications provider), and so-on.
The purpose of this bill is likely to break large tech corps, rather than smaller operators, but it could also have the effect of essentially closing the technology market to all but large operators who can afford to be compliant.
> but not the specific pages they have viewed without a warrant, under new government plans."
No worries, there is another paragraph for this.
> The new powers could include giving Britain’s spying agencies the power to take over a phone remotely and access all of the documents – including text messages and emails – and photos that are stored on it. They will then be able to install software that will allow them to look in on the messages and data of people at any time, according to reports.
Also, in regards to data retention - I thought the CJEU made it clear that it's against the EU Charter of Fundamental Rights. Is UK seriously pretending that never happened? It seems their strategy is "we'll just use this new law for 2 years until it gets invalidated, and then we pass a new one that we can use for another 2 years". And so on and so forth.
U.S. companies, please stop establishing headquarters in the U.K. It's on an authoritarian path as much as Russia and Turkey is (certainly under David Cameron/Conservatives, at least).
Wild conspiracy theory - London is becoming the playground of world elites. So security is paramount. These bills are not to keep pedophiles at bay but to prevent some forms of "London spring" of the underclasses or other forms of physical harm towards your friendly neighborhood billionaire that could damage real estate prices. The conservatives goal is to make elites know they are safe here so they could switch to lower profile security details.
I have no better explanation why UK is pushing so hard on its own populace.
> I have no better explanation why UK is pushing so hard on its own populace.
My explanation is that we're reaching the final stage of capitalism -- its inevitable collapse -- and they're going to need some way to keep us all from climbing the fences of their gated communities slitting their throats in the night.
From the text there is exception about banking - it is said as legitimate use of encryption. The explicit goal is to prevent the plebs from communicating in secret.
The core of legislation is proposed to the Government by the upper echelons of civil service. Those Permanent Secretaries et al don't change when a new Government is elected, unlike the US, so they can play a long game.
This type of meme simply hurts the quality of politics and pushes us towards the type of highly polarised governance that the US suffers from. Politics should be a nuanced process but that's so much harder when each side holds that the others are simply malicious. An interesting writeup of a Tory meeting the protestors at this year's Conservative party conference brings that home: http://www.conservativehome.com/platform/2015/10/george-gran...
I don't see anywhere in the bill what EXACTLY an Internet Connection Record is, and since there is no such thing as a standard Internet Connection Record in any of our existing network infrastructure, I assume this has been left vague so that it can be extended to whatever they want.
Nor does it define the exact kind of Internet Service Provider that the law is suppose to be enforced against. (Is this only suppose to apply to those supplying bandwidth or do all websites/services count?).
> Law enforcement agencies would not be able to make a request for the purpose of determining – for example – whether someone had visited a mental health website, a medical website or even a news website.
This seems to imply that there must be a whitelist of domains for which ICR collection is required. But there is no mention of such a list nor how it would be curated.
Having the govt require ISPs to collect this data about us will result in ISPs "aggregating" the data and selling it to advertising / marketing firms, insurers or anyone willing to cough up a few £ for your private data.
Section "3. The information we collect" then "5.iv. To third parties from whom you have chosen to receive marketing information."...
Which means they can give your browsing history, numbers you call etc to any company who you have agreed to receive marketing information from. Eg: Tesco Club Card, that-random-website-you-forgot-to-untick-the-box-on.com etc.
>The draft bill also places a legal duty on British companies to help law enforcement agencies hack devices to acquire information if it is reasonably practical to do so.
To guard against terror. Terror coming from a certain group of people, we are pushed to choose between living without potential terrorists, and without the stasi, or with the potential terrorists, and with the stasi. Stasi and multiculturalism - both or neither.
The way it is reported it makes it almost sound like this is the current state of affairs. Thus a feeling of "no need to fight it, its already implemented".
Am I right in thinking this is a proposal that is yet to be passed into law?
The right wing party (Conservatives aka Tories) just won a general election in May and now have a majority for the first time since 1997. They have been in power since 2010 but were moderated to some extent (at least on these kinds of issues) by needing to form a coalition with the Liberal Democrats.
So they are now moving forwards with a bunch of things like this that they wanted to do previously but were unable. See also: repealing human rights legislation.
It's worth pointing out that they only got 37% of the votes, but ended up with just over 50% of the seats in parliament because of the first past the post system. So the majority of people in the UK don't agree with them.
> So the majority of people in the UK don't agree with them.
It's also "worth pointing out" that a majority government is exceedingly rarely formed from >50% raw votes.
You also cannot infer that the majority of people disagree with them. By making the subject "the majority of people" you could imply that the British public agrees with no one party. Which would be correct.
But the Conservative Party forms HM Government at present because more "agree with them" than with any other party.
It sounds like you're proposing a system where we're perpetually under a coalition government to ensure that enough MPs to represent 50% raw votes are involved. No thanks.
>You also cannot infer that the majority of people disagree with them.
The majority of people voted for non-Tory politicians.
>It sounds like you're proposing a system where we're perpetually under a coalition government to ensure that enough MPs to represent 50% raw votes are involved. No thanks.
I'm not at all sympathetic to your argument. Especially when the Tories said that a Labour-Lib Dem coalition in 2010 would have been illegitimate since it didn't have over 50% of the popular vote. What's so bad about coalition government anyway?
In 2015 the Tories got 36.8% of the vote and ended up with 330 seats (50.8%). Labour got 30.5% of the vote and got 232 seats (35.7%). The SNP got 4.7% of votes for 8.6% of seats. UKIP got 12.7% of votes for 1 seat. The Lib Dems got 7.9% of votes and 1.2% of seats. The Greens 3.8% of votes for 1 seat.
So you have a situation where 24.4% of the voters are represented by only 10 seats, which is only 1.5% of the seats! That kind of democratic deficit isn't sustainable.
It is worrying when a private company has access to this sort of information.
It is urgently alarming when a government has access to that same information.
Governments have a long, proven history of abusing that information in ways that result in undermining of democracy, immoral imprisonment of political opponents, mass murder and genocide, and other niceties.
Governments should be afraid of the people, not the other way around.
https://www.gov.uk/government/uploads/system/uploads/attachm...
No explicit ban on encryption, but the existing RIPA obligation to decrypt when you have the capability and are made to. Potential madness in the "Equipment interference" section, although the bill claims this is already authorised under different legislation.
The Bill uses "communications data" to mean what we would call "metadata", ie everything except the contents.
"Equipment interference allows the security and intelligence agencies, law enforcement and the armed forces to interfere with electronic equipment such as computers and smartphones in order to obtain data, such as communications from a device. Equipment interference encompasses a wide range of activity from remote access to computers to downloading covertly the contents of a mobile phone during a search."