[Infowarrior] - Snooper’s Charter: UK gov’t can demand backdoors, give prison sentences for disclosing them

[Richard Forno]

Snooper’s Charter: UK gov’t can demand backdoors, give prison sentences for disclosing them

by Glyn Moody - Nov 6, 2015 8:35am EST

http://arstechnica.co.uk/tech-policy/2015/11/snoopers-charter-uk-govt-can-demand-backdoors-give-prison-sentences-for-disclosing-them/

HM Prison Wormwood Scrubs: People in the UK could end up here if they mention any backdoors they find or hear about.

Buried in the 300 pages of the draft Investigatory Powers Bill (aka the Snooper's Charter), published on Wednesday, is something called a "technical capability notice" (Section 189). Despite its neutral-sounding name, this gives the UK's home secretary almost unlimited power to impose "an obligation on any relevant operators"—any obligation—subject to the requirement that "the Secretary of State considers it is reasonable to do so."

There is also the proviso that "it is (and remains) practicable for those relevant operators to comply with those requirements," which probably rules out breaking end-to-end encryption, but would still allow the home secretary to demand that companies add backdoors to their software and equipment.

That's bad enough, but George Danezis, an associate professor in security and privacy engineering at University College London, points out that the Snooper's Charter is actually much, much worse. The Investigatory Powers Bill would also make it a criminal offence, punishable with up to 12 months in prison and/or a fine, for anyone involved to reveal the existence of those backdoors, in any circumstances (Section 190(8).)

As Danezis explains: "Secret backdoor notices (I mean 'technical capability notices') will be issued, and enterprising geek that wants to open a debate about them will either know nothing about them, or be breaking the law. There will be no debate about what kind of back doors, of when they should be used—all will be happening in total secrecy."

Similar gag orders would apply to the other main elements of the Snooper's Charter: interception (Section 43(1-7)); "equipment interference" (hacking—Section 148); and retaining communications data (Section 77). Gag orders would also be in place for bulk communications data collection (Section 133).

As Danezis explains, this bit would be particularly problematic: "This goes way beyond protecting specific operation, since the acquisition is performed in bulk, and cannot betray any specifics. The secrecy order protects the capability to access in bulk certain categories of communication data, which in effect means shielding it from any proper scrutiny as related to its necessity, or appropriateness in the future, or any debate on that matter."

The dismal picture painted above could just be tip of the iceberg, too. The draft Investigatory Powers Bill forbids anyone involved in interception from ever disclosing that fact, including during court proceedings (section 42). As Danezis writes: "Note that this section is absolute: it does not have exceptions, for example in relation to the public interest: such as the ability to discuss the benefit or downsides of part interception activities; no exception for talking about this to MPs, or other democratic representatives; or even to exculpate anyone who otherwise would be wrongfully found guilty."

It seems that the central purpose of the revamped Snooper's Charter is not so much the claimed tidying-up of existing surveillance powers, nor even the extension of those powers, although it certainly does that too. At the heart of proposed Investigatory Powers Bill is something much more insidious: an attempt to make it impossible for anyone in the know to discuss any details of the government's surveillance activities, ever. As Danezis puts it: "The gagging provisions are a clear example that calls for a mature debate around surveillance are mere rhetoric, the securocrats want one last discussion before making any discussion about surveillance simply impossible."

--
It's better to burn out than fade away.