Investigatory Powers Bill

Peter Fairbrother zenadsl6186 at zen.co.uk
Sat Jul 16 17:29:54 BST 2016 

UK gov says new Home Sec will have powers to ban end-to-end encryption
http://www.theregister.co.uk/2016/07/14/gov_says_new_home_sec_iwilli_have_powers_to_ban_endtoend_encryption/

S. 226 Technical capability notices

The ostensible target may be comms providers - but the actual target is 
"relevant operators". It includes a whole lot of other things apart from 
internet and phone providers (and Apple and Facebook).

"Relevant operators" are persons who provide "any service that consists 
in the provision of access to, and of facilities for making use of, any 
telecommunication system (whether or not one provided by the person 
providing the service) [... including] any case where a service consists 
in or includes facilitating the creation, management or storage of 
communications  transmitted, or that may be transmitted, by means of 
such a system."

That would include many commercial sites who use SSL/TLS. If you put a 
"contact me" link on your web pages, you are a "relevant operator". 
Gimme your SSL keys!

That's what the Bill actually says, if you read it carefully. Like RIPA, 
it is opaque beyond the point of obscurity, and it takes a lot of reading.

Good points? Only encryption which has been applied by a  "relevant 
operator" is affected - at least until the Home Secretary makes 
regulations otherwise (which under the Bill she can do).

Bad points? It doesn't do anything at all against the clued-up terrorist 
or criminal. It decreases security for legitimate actors and businesses.

BTW, things said in the Lords (or Commons), even by Government 
spokesmen, have approximately zero legal significance. What the Courts 
look at is the wording of the Act.







Ss.228(8) "A person to whom a [technical capability notice] is given, or 
any person employed or engaged for the purposes of that person’s 
business, must not disclose the existence or contents of the notice to 
any other person without the permission of the Secretary of State."

Now I can't find anything in the Bill to say that that is enforcable by 
anything, or any penalty for breaking it in the Bill.

So is there a general duty to do things in Bills, and if so how is it 
enforced?


-- Peter Fairbrother

More information about the ukcrypto mailing list