The Investigatory Powers Bill - The Snoopers Charter - 1984 - The end of privacy if she gets her way.

amlwwalker (25)in #encryption • 7 years ago

Preface

It's not something that we all can really understand, so I thought I would outline a letter I would write to 10 Downing Street on the topic of secrecy/privacy/encryption/the banning of the former(s)/the fact that our government is not fit to make these decisions.

A letter to Theresa May

Dear Theresa,

Before you go passing laws affecting the way technology is used in this country, please can I just say:

The Investigatory Powers Bill. It says so many things, but in a nut shell:

Targeted Interception

For interference to be considered targeted it must relate to:

particular person or persons

organisation or organisations

reference

In other words an individual can be hacked by the state if they are suspected of a crime.

Bulk Interception:

allows for the
interception of large volumes of communications in order to acquire the
communications of terrorists and serious criminals that would not otherwise be available

reference

In other words we can all be hacked by the state if it would help to catch a criminal.

The way the documents outline how they would be used is that the bulk interception would give them general coverage of what is going on, and when they have suspicions about somebody, targeted interception would be used, i.e hack their phones, computers, bug their house whatever whatever.

The documents actually outline a whole load of stuff basically stating that the security services need to be able to catch criminals in an internet age. Actually I have no problem with this as a statement. Yes they do need to be able to catch criminals....... however.....

These documents are using fear at the highest level to pass laws that are similar to the powers of the Stazi, or the KGB. Mass surveillance.

Earl Howe said:

Law enforcement and the intelligence agencies must retain the ability to require telecoms operators to remove encryption in limited circumstances, subject to strong controls and safeguards, to address the increasing technical sophistication of those who would seek to do us harm

This tells us a few things:

He has absolutely no idea what he is talking about (power and ignorance is terrifying anyway)
Security services already have physical access to the infrastructure that the internet is carried along. He thinks they just need a logistical adjustment to be made (flick a switch by the telecomms companies to turn off the encryption (data protection) so that the data is in plain text and readable.)
Fear is the tactic they are going for to pass this.

Why should they not have this power?

Privacy argument

This is an infringement on privacy. The government is in place to protect our security. Security is a privilege that we pay taxes for. Privacy is a human right that they are not voted in to affect.
- Go back to your ancesteral caveman days. In your cave you had a right to that cave, just as the next person had a right to theirs. No one had a right to take the privacy of that cave away from you.
- If you can find a bigger caveman to be your security guard and pay him in sabertooth meat, then so be it, but that's a privilege.
They have never had powers like this before. They have had the ability to break the locks off doors, smash open safe's tear up your house to find things. Even bugging your house is well within their capabilities, but it does not remove your right to privacy before you've enabled it.

Insider threat argument

58% of threats come from an insider. I.e when we think about the security of an organisation, and a breach of that organisation 58% of the time, it's because someone within that organisation either knowingly, or unknowingly allowed the breach to occur.

reference

Government is an organisation!
- Even if we trust the people at the top of government, who's to say that the people within it can be trusted. And even if they can be, who's to say that they are secure.
- In fact with access to "bulk internet data" you could make a fortune. All trades coming out of Canary Wharf could be monitored if you happened to be seated in the right place in Government. It's not a big leap of the imagination to start conjuring up reasons why someone might just take a peak at something they shouldn't
  - Prism, is the name the NSA gave to their bulk surveillance program. Think Edward Snowden
  - Congress in the US were under scandal for insider trading, to line their own pockets. It's not exactly the same as what I am proposing could happen, however it shows that these things happen. reference

Why it's so stupid

Back to Earl Howe's comment I quoted earlier. He doesn't understand the encryption space, and by that I mean, he doesn't understand what encryption is (and I suspect nor does most of Government). It may be possible to get a telecomms company to flick their switch that turns off their encryption. Fine.
Take, Whatsapp as an example, Whatsapp as an organisation could turn off the encryption at their end if forced to. But the devices (I.e your and my phone, when we communicate) encrypt the data before sending it. Then when it is received on your phone, it is decrypted. Only you and I can do that. Whatsapp can't. So this law actually is giving them a power over a telecomms that won't help the situation. Just gives them more powers.
Part of the Snooper's Charter is to ban this End-to-End encryption. This is now saying that I can run certain apps on my phone, but not others. That's like saying, "If I don't understand it, you can't have it".
Encryption is an unfeasible thing to stop. To the naked eye, encryption is garbled data that could look like:

AtB/Rx42d2TSK2/zn0w3XtHxWGuSWkKAYHO1AXiJcyT/UusGc02NjKkF

However it might not look like that. The point I'm making is there is no way for you or anyone to know if the above is actually encrypted data, or I just hammered my keyboard. For my own glee, I won't tell you which it is.

I could make an app, if I was bothered, that we all put on our phones, and when we send each other messages, it instead sends strings of completely random text like the above. Completely meaningless.
- If I were more obtuse, I might actually do that. Flooding the internet with huge amounts of random data, that the security services would have to pour over to work out whether it was infact real encrypted data, and arrest me, or just random data.
  - It would be the most awesome peaceful middle finger ever.
If you want to read another of my blogs on this topic that demonstrates the insanity of this, see here. It will explain what encryption really is and how this has nothing to do with technology or sophistication.

Why it's so terrifying

All this is doing is giving powers to unelected people. By that I mean, The PM is not going to sit and monitor the data, someone else is.
The people putting these laws through don't understand what they are doing, and have clearly not asked the experts
The internet is scaring Government. They realise that they can't control it. So they are twitching and becoming irrational. Dealing with an irrational beast is not something we should want to have to do.

This is hopefully straight forward enough to boil down some of the facts and what it means in reality. If it's not, I would like comments about how to make it that. This is a serious bit of legality that is being discussed and the members of the UK are not getting the exposure to the facts.

Yours,

If you would like to speak to me about what I think should be done to manage criminals on the internet, I'm sure if you monitor my Amazon orders you can find my address, or alternatively, ask that cold caller from Shenzhen. They seem to have my number.

#government #messaging #secrecy #cryptography