Skip Navigation


New Parliament, new snoopers charter?
Thursday 28 May 2015 09:56:19 by Andrew Ferguson

The Snoopers Charter as it is commonly known may well have resurfaced in the Queen's Speech when the new Investigatory Powers Bill was announced as part of the Speech.

With just a basic outline so far it is hard to pin down exactly what will be in the bill but the main thrust is about maintaining the ability for the police and security services to target the online activities of serious criminals with appropriate oversight. One possible sticky area may be if the SNP disagree with elements of the bill as their strong presence in Westminster since Scotland has no other say on National security and interception powers at this time.

"ISPA will work with members to scrutinise the new Bill and we urge Government to properly balance security, privacy, costs to industry, technical feasibility and the need to maintain the UK's reputation as a leading place to do business online."

ISPA Secretary General Nicholas Lansman

The concerns people are raising over data retention and access to encrypted data goes well beyond the worries over what local councils have been said to do in terms of 'spying' on people previously, since in a global economy businesses from overseas will worry about doing business with UK firms if its clear that any encrypted emails (which should be the norm for business) are readable, this covers both traditional bricks and mortar firms and the massive digital economy.

At the end of the day no-one wants the UK to become a haven for terrorists and while a ultra-safe PG-rated walled garden approach at the other end of the scale may appeal to some, the growth in global travel and communications means that any country adopting that approach will seriously harm its economy and future prospects.

Comments

Posted by baby_frogmella about 1 year ago
One easy way to by-pass the attentions of Theresa May & her motley crew is to use a DOUBLE-HOP Vpn service :)
Posted by TheEulerID about 1 year ago
Wait to see what is in the bill. Companies and individuals can already be compelled to provide decryption passwords after due legal process.

Personally I can't imagine what possible interest the state would have in my correspondence. I'm more worried about sloppy company security revealing personal information about credit cards, passwords and so on.
Posted by Spud2003 about 1 year ago
@baby_frogmella

My guess is they will eventually take some kind of action against VPN use since they are practically the first tool people use to shield their activity against prying eyes - doesn't matter if the action they take will actually make sense, just as long as action is taken ...
Posted by camieabz about 1 year ago
Some sort of privacy charter in order?
Posted by AndrueC about 1 year ago
@Spud2003: VPNs are a major feature of business practice. Used extensively for teleworking and for connecting satellite offices without the expense of a leased line.

I don't think this government is going to want to do anything much there.
Posted by mervl about 1 year ago
Empty vessels always make most noise.
Posted by Tanaka71 about 1 year ago
@AndrueC Government will demand that your use approved encryption for your VPN by law. i.e, one with a back door.
Re-encrypt the contents you might say - sure, but if your running a legitimate business, you could find yourself in trouble.

This is really bad news for businesses, and ridiculously ineffective for criminals. I would urge everyone to support https://www.openrightsgroup.org/
Posted by chilting about 1 year ago
Assuming that the majority of the population actually want this sort of legislation it has to be considered.
However, the first consideration must be to asses if any mechanism can actually be put in place that will be effective.
Personally I think that the Government is wasting time and recourses in a futile bid to do the impossible.
Posted by TheEulerID about 1 year ago
The proposal as I read it is that messages and encrypted by service providers have to be decrypted and provided to the authorities when presented with an authorised warrant. It has nothing at all to do with VPNs, and is clearly impossible to enforce in much of the world. Also, it can surely only apply to communications involving UK citizens or originating from within these shores.
I cannot imagine it impacting the average person. There is no vast army of snoopers to handle more than a tiny number of inguiries.
Posted by mpellatt about 1 year ago
@Tanaka71 - any backdoor into encrypted traffic would make it totally insecure. If the "good" guys can access it, rest assured that the "bad guys" will find a way in.
Any backdoor would also be in contravention of PCI-DSS, so you can wave goodbye to card payments over the internet if the traffic passes over any backdoored encryption.
Posted by Tanaka71 about 1 year ago
@mpellatt Agreed. See this page http://contrarisk.com/2015/01/17/clueless-about-internet/comment-page-1/ and listen to the Radio 5 discussion. What is being proposed is nuts.
Posted by TheEulerID about 1 year ago
You can't possibly know what is in the proposals as they've yet to be published. Umpteen commentators have made wild guesses, but the best we do know is the intention is to have something roughly equivalent to the ability to intercept mail or phone communication data using due process. Despite what people think, the experts in this area are not clueless. Don't forget, it was a guy from GCHQ (James Ellis) who devised the first public key encryption process.
Posted by TheEulerID about 1 year ago
Which means, of course, these people are acutely aware of what is, and what is not, technically feasible and where new weaknesses might be created. Yes, politicians (and journalists) can talk absolute rubbish about this, but it isn't either who come up with the workable elements. Those tend to be specialists.
Posted by Michael_Chare about 1 year ago
I do wonder whether our politicians are capable of passing a sensible law, as mostly they demonstrate an inability to understand the subject. The French appear to have given up on their laws against encryption. http://www.theregister.co.uk/1999/01/15/france_to_end_severe_encryption/
Posted by TheEulerID about 1 year ago
There has never been a serious proposal in this country to ban private encryption, nor do I expect one. What does exist is a law which requires the revealing of passwords after due legal process (it's a criminal offence to refuse to do this and any the credibility of any "I've forgotten" defence will be considered by a court).
You must be logged in to post comments. Click here to login.