Investigatory Powers Bill
Peter Fairbrother
zenadsl6186 at zen.co.uk
Sat Jul 16 17:29:54 BST 2016
UK gov says new Home Sec will have powers to ban end-to-end encryption
http://www.theregister.co.uk/2016/07/14/gov_says_new_home_sec_iwilli_have_powers_to_ban_endtoend_encryption/
S. 226 Technical capability notices
The ostensible target may be comms providers - but the actual target is
"relevant operators". It includes a whole lot of other things apart from
internet and phone providers (and Apple and Facebook).
"Relevant operators" are persons who provide "any service that consists
in the provision of access to, and of facilities for making use of, any
telecommunication system (whether or not one provided by the person
providing the service) [... including] any case where a service consists
in or includes facilitating the creation, management or storage of
communications transmitted, or that may be transmitted, by means of
such a system."
That would include many commercial sites who use SSL/TLS. If you put a
"contact me" link on your web pages, you are a "relevant operator".
Gimme your SSL keys!
That's what the Bill actually says, if you read it carefully. Like RIPA,
it is opaque beyond the point of obscurity, and it takes a lot of reading.
Good points? Only encryption which has been applied by a "relevant
operator" is affected - at least until the Home Secretary makes
regulations otherwise (which under the Bill she can do).
Bad points? It doesn't do anything at all against the clued-up terrorist
or criminal. It decreases security for legitimate actors and businesses.
BTW, things said in the Lords (or Commons), even by Government
spokesmen, have approximately zero legal significance. What the Courts
look at is the wording of the Act.
Ss.228(8) "A person to whom a [technical capability notice] is given, or
any person employed or engaged for the purposes of that person’s
business, must not disclose the existence or contents of the notice to
any other person without the permission of the Secretary of State."
Now I can't find anything in the Bill to say that that is enforcable by
anything, or any penalty for breaking it in the Bill.
So is there a general duty to do things in Bills, and if so how is it
enforced?
-- Peter Fairbrother
More information about the ukcrypto
mailing list