Some of us, the Paranoid, delusional, conspiracy theorist types, have been mentioning that we are worried about the ever growing police state mentality of our Tory government.
I've done previous blogs on the subject and more than a few online posts about Theresa 'Police State' May and her endless drive to give the security services access to every aspect of our lives in the name of 'National Security' despite the harm such measures will do to actual security.
Well here we have yet another example to add to The Investigatory Powers Act which is now Law, along with such fine examples of freedom and transparency as imprisoning Whistle blowers and journalists for up to 14 years for revealing, holding or obtaining information the government doesn't want them to have or the changing of National Security to be anything the government considers to be crucial information rather than the old fashioned definition of anything that would be a threat to the security of the nation.
A draft document was released to the Open Rights Group yesterday by someone clearly concerned by yet another step toward an Orwellian level of governmental intrusion into our digital lives.
The Draft policy document, the "draft technical capability notices paper", has been given to the major ISP providers for a four week consultation, though it has already been through a consideration period and been cleared to continue, by the UK's Technical Advisory Board, which consists of BSkyB, BT, Cable and Wireless, O2, Virgin Media and Vodafone and six representatives of the security services who want access to the data such as GCHQ.
So the draft consultation to the major ISP providers is something of a token given most of the major providers have already agree to the proposal.
Prior to the leak the document was classified and not available to anyone outside of the small circle of people who had been reviewing it. Now, thanks to the leak, which, remember, could be punished by up to fourteen years in prison if the government gets its way with another of it's draft security proposals, we can see what all those major Internet Service Providers have already agreed to.
And it has alarming implications!
The technical capability notice is mentioned in the Investigatory powers act but not specified, this draft proposal does the specifying. Note, I call it a draft proposal but given that it has already been approved by six of the major service providers I don't see much stopping it from the governments side though mass objection from the population may push it underground until it comes back under a new name in six months.
(Note. The document contains a number of provisions, I have selected a few which stood out.)
So. What does this document specify :
To provide and maintain the capability to carry out the interception of communications or the obtaining of secondary data and disclose anything obtained under the warrant to the person to whom the warrant was addressed, or any person acting on that person’s behalf, within one working day, or such longer period as may be specified in the technical capability notice, of the telecommunications operator being informed that the warrant has been issued.
Provide and maintain the capability. Interception of communications and secondary data under a warrant. Within one day. OK, to be fair there is nothing here that isn't already covered in the Investigatory Powers Act other than the "One Day" thing. What it boils down to is that EVERY ISP must keep the ability to rapidly intercept communications or secondary data for all of its clients.
Which in real terms means that every ISP will be forced to record vast amounts of its customers communications data just so it can respond to that One Day response time. In effect it pushes the burden of recording everything that is happening, every email sent, every web site visited, onto the Internet Service companies so the Security services can wander in with a warrant and help themselves.
Not huge, but it does suggest that EVERYTHING will be recorded. Wonder who is goping to pay for the storage capacity for that lot?
To provide and maintain the capability to simultaneously intercept, or obtain secondary data from, communications relating to up to 1 in 10,000 of the persons to whom the
telecommunications operator provides the telecommunications service to which the
OK. This one has implications. The government, BY LAW, will force the Internet Service Providers to set up the capability to monitor 6,500 people at a time. Not in terms of the scale since that isn't a lot of people but in terms of setting up the hardware and software to put in place all but permanent monitoring of people.
Not by the security services, but by the Internet providers themselves, which I consider to be a worrying expansion. The more people and companies we have monitoring everything we do the more vulnerable it becomes and when it is the LAW which forces people to monitor and record they will, invariably, record and monitor more than needed. To be on the safe side.
To provide and maintain the capability to disclose, where practicable, the content of
communications or secondary data in an intelligible form and to remove electronic protection applied by or on behalf of the telecommunications operator to the communications or data, or to permit the person to whom the warrant is addressed to remove such electronic protection.
And we have the big one. The Biggest one. This one if so FUCKING HUGE ITS DYSTOPIAN!
Excuse my French there but go back and read this one again. Slowly.
capability to disclose.
content of communications or secondary data.
in an intelligible form.
remove electronic protection applied by or on behalf of the telecommunications operator.
permit the person to whom the warrant is addressed to remove such electronic protection.
Look at that lot and weep. Seriously, weep. Because this crap makes private encryption illegal. The capability to disclose the content of communication or secondary data. That's the contents of your emails and messages, ALL OF THEM. Not just under a warrant, but the law would require all telecoms companies and ISPs to be able to disclose the contents of all digital traffic when required!
In an Intelligible form, removing ALL electronic protection put in place by the ISP or telecoms company, or allowing the removal of electronic protection by third parties. Any form of encryption, any form of end to end privacy, any form of security. Anything at all whether put in place by the ISP or by anyone else.
A British law that requires all ISPs who do business with UK customers to retain the ability to not just break their own encryption but that of anyone else who uses that ISP. Which taken to its logical result means that ISPs are required by LAW to break encryption from anyone or they will be guilty of breaking the LAW. Leaving them no choice but to block the use of any independent encryption they can't get into.
Otherwise they wouldn't be able to remove electronic protection applied by or on behalf of the telecommunications operator to the communications or data, or to permit the person to whom the warrant is addressed to remove such electronic protection, which this as LAW would force them to.
And that bit about where practicable, yea right. Sorry Tory government, we can't do that becasue it's not practical. What's that, our license to operate in the UK.
Some of you should be weeping by now, others may be shaking your heads and asking why is this so bad, am I just being paranoid.
I am but that doesn't mean I'm wrong.
The capability to disclose, in intelligible form, that means to access the contents of any and all of your digital activity in a way that the government, OR ANY HACKER WITH THE ABILITY TO DO SO, to read and understand the content of any digital communication.
ANY digital communication, because the Law would require the companies sending the communication to have the ability to break it's encryption. An ability that means government and corporate back doors, the blocking of independent encryption that doesn't have back doors, the requirement that ALL companies and businesses who want to use those ISPs either create back doors for the ISPs and government to use or to hand encryption codes to those ISPs and government representatives.
ISPs who are hacked weekly, government offices who are infamous for data leaks, back doors that will allow any hacker, criminal or spotty sixteen year old in their parents' house to access your banking details, your online shopping, your medical records, your private life. Every dammed bit of it.
Nothing will be secure because the government is making it LAW that both the government and the ISPs who provide our digital communications have access to everything we do online which means that any criminal who can hack those ISPs and government sites has the same access.
The first backdoor that is hacked will be all over the dark web and the hacker communities in hours. Your bank account will be empty even faster. You do use on line banking don't you, lots of people do. How about credit or debit cards, do you check your card balance or pay it online, using encrypted sites between your bank and card. Not encrypted any longer.
This is 2017. A huge number of us live in the digital world, I haven't used a check or had to go into my local branch to pay a bill this century. Because I can do it from my desk, from my computer, tablet, phone. We rely on encryption to keep us safe, to keep our finances safe, to keep our identities safe.
Or at least we do currently.
This, abomination, this product of Theresa "Police State" Mays government and it's headlong charge into a totalitarian Dystopia of total control and an end to privacy is so short sighted and badly thought out it makes me want to scream.
To deliberately try to end ALL encryption, not caring what that encryption is, putting in place back doors, forcing companies to hand over encryption keys or be blocked from doing business in the UK. Keeping those back doors safe with ISPs and the government, who are some of the most leaky digital sources around.
Madness. Absolute madness.
But it's not that bad. Is it?
Yes it bloody well is. The capability to read the contents of ALL digital communications, back doors, vulnerable encryption. Do you have your card details anywhere on line, or your bank account details. Online banking, shopping on Amazon, checking your balance. These are all communications, a terrorist message could be hidden in them so they must be just as accessible as your emails.
To the ISPs, to the government.
To being hacked.
I may be paranoid but, JESUS FUCKING WEPT! Does anyone in this government have the slightest idea how vulnerable this stupidity is to criminals or anyone else wanting to abuse it, the damage it will do to online shopping, banking, business of any form. Not just your emails are at risk here, but your jobs as well if you do anything online.
Yet again the Tories surprise me by demonstrating HOW UTTERLY FUCKING STUPID THEY ARE !