Leaked: The UK's secret blueprint with telcos for mass spying on internet, phones – and backdoors The UK government has secretly drawn up more details of its new bulk surveillance powers – awarding itself the ability to monitor Brits' live communications, and insert encryption backdoors by the backdoor. In its draft technical capability notices paper [PDF], all communications companies – including phone networks and ISPs …
The one everyone is missing, is how 'normal' historic Speed Limits are being reduced (with little to no opposite, using "Experimental Planning Notices" (i.e. no authority to do so, no Safety reason) to make Camera Enforcement effective, by setting the bar low enough to "head clip" everyday drivers making slightest of mistakes.
They are removing the permissable margin of error. Why? because Speed enforcement/Speed Cameras make very good (regressive) revenue streams.
It’s a great pity that people with zero understanding of what they doing, command large taxpayer (or more appropriately borrowing) funded budgets that they’re allowed to waste on futile endeavors, perhaps the UK should introduce a Tokugawa approach to the civil service, where wastage was punishable.
So now I need to communicate with my friends using CB radio or the Post Office for the inconsequential, and dead letter boxes for anything else. Why the assumption (by HMG and everyone else) that the WHOLE communications story involves mobile phones or the internet?
i was recently in the US and had a play on their CB, i learnt that there's a movement afoot for turning to low-tech de-centralised comms, like CB and Ham radio.. though Ham radio, hugely diverse hobby that it is, does have a couple of global data and voice systems that do use internet.
the spies do of course listen on radio, they have been since the invention of radio, but obviously that's harde for them to intercept, much of the time & if done right.
MESH networks and heavy encryption must become the norm, and low tech comms need to be rediscovered.
everything that is old is new again, or can be. we use 2 way radio for off-net comms.
so liberating, no data plans, wifi, spam, daily recharges, junkmail, cat videos, updates,
works anywhere, (comparitavely) low tech, decentralized, fun,.
thankfully Lumberjack shirted, mustachioed, cowboy hat wearing CB died in the 80s,
now it's accessible, license free, shiny new sets and PC programmable etc, empty space.
it's becoming time to make off-grid comms fashionable again.
even (none CB) cheap $20 FM chinese UHF walkie talkies usually ship with some basic encryption in.
plenty of high tier hi tech TDMA or CDMA ex mil stuff available too.
All those empty channels waiting to carry comms, around towm, around the country or even globe (occasionally) too bad it doesn't carry cat videos and share 'Like' buttons or it may have caught on already.. most people dont actually care. We do on here, most dont. we will have to work 'round it.
In the UK at least, it's illegal to transmit encrypted content over the radio - if you're using a broadcast channel, eg. VHF, then it must be cleartext. I'm a bit hazy on the source of this info but that's how I remember it. I'm sure there must be a HAM here to back this up?
What's good for the goose is good for the gander is something APT for such snoopy systems admins to be wary and aware of.
SMARTR IntelAIgent Servers for Services is an AIDevelopment Klondike with No Earthly Bounds to ITs Virtual Powers and Zero Day Energies ...... Singularity Synergies.
And that delivers to Astute Anonymous ACTive Vendors more than just a wealth shaming Croesus with Greater IntelAIgent Games Play Leads.
Capiche? Are you ready for the Future with ITs AI Realisation of Greater Unknown Unknowns?
He [amfM1] loses it a bit in the middle but the beginning and end make a lot of sense.... need more dried frog pills. Frankly I am surprised it took so long for someone to mention the old pros. …. James 51
Hi, James 51,
You might like to consider that rather than he losing it, you just don’t yet get what is currently HyperRadioProActively happening and forever changing the nature of realities all around you, and everyone and everything else too for that matter, in and with CyberSpace Command and Control Centres of Virtualised Excellence.
Would you expect that to be in a Blighty context, more of a secretive MOD/Military Industrial Complex/snoopy MI5 thing or a civilised GCHQ/spooky MI6 thing, if not something else Rogue and Renegade in an Almighty Revolutionary Underground Movement conversing with Followers who be Leaders and Followers alike.
To consider and accept that greater intelligence is confined and resides in old established institutions and attending spooky secretive services is to prove to one and all that one is not thinking anywhere near deep and far enough to be an effective help in ....... well, Future Business AIdDVentures.
So, the government want to be able to spy on named individuals, subject to the Home Secretary's personal signature on each warrant. Much like demanding that the Post Office allow them to read the mail of named suspects, even if the envelope is sealed and locked in a van. Oh, my, they can do that already, is there no hope for mankind? (Be sure to encrypt your holiday postcards, boys and girls. We recommend a onetime pad passed by a different route.) But who is this named individual, "Mass", the surveillance is targeted at? Is Mr Mass the new Mr Big, or what?
I delighted you decided to boost not-based-in-the-UK businesses with these proposals. You see, those proposals are so full of holes they will never properly work and will keep you in court for years to come, but you will have scared so many people that they will seek protection from this lunacy.
The problem: you effectively ban this sort of protection in the UK, thus handing a solid chunk of business to the exact foreigners you tried to ditch with Brexit. Well done.
From all those damn foreigners, a well felt Thank You.
Will the last sane person leaving Whitehall please switch off the lights? Don't worry, the rest won't notice anyway.
I mean come on, the SS7 protocol is as leaky as a rusted bucket. 99.99% of telco's use it.
The GSM Spec offers an encrypted voice on/off switch. The default is on, All telco's already have the ability to turn it on & off at will.
Data, would you trust a telco / ISP's encryption of your data transfers? I'm pretty sure nobody posting here would. Or any legit business for that matter. Surely there wouldn't be a market for VPN's if it was secure enough already (which we all know it clearly isn't).
It is rather strange that the UK Gov is insisting that already compromised comms security must be given MORE backdoors. The Gov already have the technology to eavesdrop already.
There must be a financial reason behind all this. Make the Telco's / ISP's pay for the monitoring instead of it coming out of GCHQ's future budgets.
How is this going to work with the likes of Apple who say no to their law enforcement agencies who ask them to break/weaken their encryption?
How will the UK government get people like apple/whatsapp to weaken their software or provide backdoors. I realise they could say you can't sell your products in the UK if you don't do this... but how can you stop someone who already has an iPhone or whatapp installed? I don't think these companies are going to bend over backwards just because the UK government says they have to weaken their stuff... I can't see it happening.
I can see shitty ISPs not having any trouble with it and handing over your data willy nilly... but how is say Virgin Media going to hand over unencrypted whatsapp traffic?
FBI Director Comey (re: I DID NOT screw over Hillary Clinton. It was purely professional and I came away slightly nauseated!) essentially frothed at the mouth during his open Congressional Oversight Committee hearing this week concerning Apple and encryption. He all but openly labeled Apple an "enemy of state security." During his remarks, it was made quite clear that both he as FBI director, and the Republican leaders of the Oversight Committee, will move forcefully and purposely to deal with the problem of backdoor-less encryption.
Please remember that Our Trumpeter-in-Chief and his Pygmy Bigot *, Attorney General of the US Jefferson Beauregard Sessions, have long ranted that all Human Rights are "contingent on State security" and they have a new portfolio of security safeguards. Encrypted communications is top of the list to eliminate (excepting Corporate & Shareholder Financial Data, of course.)
* JBS has no overt prejudice against those of the Pygmy persuasion, as there are too few in Alabama to fear/resent/oppress. He only resembles the pygmy.
"Apple has a quarter of trillion in cash in non US jurisdictions."
Right. But in recent years, Apple has borrowed huge amounts of money in the USA (by issuing bonds), and in not many years time, people who bought those bonds will want their money back. The two topics are rather closely related.
2013: https://www.forbes.com/sites/timworstall/2013/04/30/with-all-of-apples-cash-why-is-it-issuing-bonds/#3dce9bab5bad (worstall?)
2016: http://www.dailymail.co.uk/news/article-3451420/Apple-s-latest-tax-avoidance-ruse-Tech-giant-issues-12bn-bonds-doesn-t-money-low-tax-offshore-havens-pay-dividends.html
"* Apple announced it issued $12billion in bonds despite a huge cash reserve
* Scheme is reportedly to ensure they don't pay US tax on profits abroad
* The tech giant has $215billion in the bank - more than the US Treasury
* The company now has a total of £37billion in long term debt despite its reserves"
2017 (if paywalled, go via Google):
https://www.ft.com/content/2f8315b8-018c-3d1a-827e-eacfb5334649
etc
"Not to say you're not right"
Thank you :)
"both of those sources [DM, Forbes] are demonstrably more interested in grinding axes than reporting facts"
Fair comment. So, discount those two particular sources, the relevant facts are still widely reported elsewhere, and over a number of years (and a number of iterations of bond issues).
Been there since long before my labour was liberated from here.
And there's axes to grind and simple facts. Apple borrows inside the US in order to pay dividends and buy back stock. This means it does not have to repatriate foreign profits and then pay US corporate income tax to do so.
As to whether this is a good idea or not that can be axe grinding. But the simple facts are just that, the simple facts.
you believe Apple ?
At the moment, yes, for a very simple, ultra-American reason: they make money that way. Apple figured out early that security was a sales argument and has worked to keep it that way.
I can't predict what will happen when it becomes more financially beneficial to ship flawed hardware, but I do know that Apple would lose a fairly vast chunk of its client base if anyone discovered suggestions of a backdoor so I suspect there will be a major barrier for Apple to change its ways.
Follow the money. It's the American way.
"I don't think these companies are going to bend over backwards just because the UK government says they have to weaken their stuff... I can't see it happening."
GOVT: dear company. you have not complied with the law regarding giving us backdoor access to user X.
COMPANY: we are not a British based company so will not be complying with your demands.
GOVT: you are not allowed to sell your product in the UK your UK assets are frozen your UK Directors are being held on Remand while we investigate, UK offices closed, servers shut off, Nominet domains suspended and you will pay 10% of your global profits as a fine every 24 hours you do not comply.
GOVT: telcos you are ordered to block all traffic to these IP addresses, domains and any other technical resources belonging to company X and respond to any requests with the statement " Company X is blocked as requested by the GOVT they are being investigated for a Criminal breach of their legal responsibilities in assisting the GOVT in protecting the Country and its Citizens"
Company: But its not technically possible to give you the information its e2e encryption.
GOVT: thankyou for your comment but you are in breach of the law its not our fault you ignored your legal responsibility when designing and selling your service/product for sale in the UK, For your records So far your fines for the last 24 hours have paid for 10 nurses, 2 x F35 aircraft and 1 days foreign aid budget. and the MP's annual pay rise. we await your response, please take as long as you need as you are helping the GOVT balance the Budget and trade deficit.
There are undoubtedly people who for whatever reasons want to get their own way by indiscriminate violent means. The logic being, that if by perpetrating atrocities, they can show the elected authorities to be ineffective, public opinion will force the elected to give in. It rarely works and usually what happens is; after a ceasefire period talks take place with an implicit threat of chaos may be resumed.
Targeted eavesdropping may well uncover some plans but for all their moral emptiness the organisers of atrocities are not dumb. They will come up with alternative methods of encouragement and communication. The latest 'lone wolf' truck assaults show this. I doubt any form of Internet monitoring would have spotted these individuals before the event.
Like most people I don't think I have anything to hide, the odd emabarassing web search maybe, but I am concerned that such a law could be severely misused.
Imagine if the UK was in a state of emergency as France has been and still is. Our Home secretaries are controlling enough in normal times.
Sorry to disturb your slumber, but most (not all) of these so-called "lone wolf" attacks are in fact perpetrated by nation-states. Where the fuck do you think ISIS gets all its arms / funding from ?
(Turkey, Israel, Saudi Arabia etc.). Most of these individuals (often patsies) are "spotted before the event" - this is usually reported as "these individuals were known to {insert intelligence agency} prior to {insert pointless waste of life event pushing government agenda}". May I politely suggest you do some research on said events on non-MSM sites.
What is a 'communications provider'? The wires of the transport network or the establisher of the communications protocol?
What if banks for instance could be regarded as "communications providers" because they implement 'secure' e2e comms protocols for financial transactions directly between their server and a client over the internet? What about Paypal, Amazon, your doctor or dentist or anyone else initiating something as simple as an https connection? The entire eBusiness system could fall on it's knees as an insecure (backdoored by law) system.
That would be scary.
the last page of the document on ORG specifically excludes those operators who are providing telecomms for financial services, including banking.
As far as the e-commerce stuff is concerned, this only covers encryption services provided by the telco or isp. It might, for example, be a nice selling point for a telecom/isp to offer me a fully encrypted service. This paper would make that ineffective as that provider is required to be able to decrypt my communications on demand, if they are the ones providing the encryption. If I take the standard service offered today, and choose to encrypt the data I send over it (using https for example), that has nothing to do with this paper.
seems to be a few people talking about apps and phones.
If you cared abour privacy, you won't use a smartphone.
no smartphone, no app.
i know cell companies can and do track everything on their networks.
they *have to* yes, even ancient 2g Nokia phones, you know,
the ones where the battery only lasted a week.
But people buy smartphones and move their focus of paranoia at the apps.
No. focus on the OS and the hardware itself. see the bigger picture, and
don't buy a smartphone, well, not expecting privacy. You can't realistically disappear,
but you can share a bit less info, so don't buy smartphones, smart TVs, IOS, Android or any OS
you cant or dont trust enough to slimdown, debloat, tighten up and more, or stop fooling yourself.
for me the key wording is
"to disclose, where practicable, the content of communications or secondary data in an intelligible form and to remove electronic protection applied by or on behalf of the telecommunications operator to the communications or data"
So your ISP who may be using l2tp needs to be able to provide the Gov with an unencrypted copy of your traffic with 24 hours. As they encrypt the traffic they have to be able to decrypt it (or if they use a 3rd party the 3rd party needs to be able to). Now the question is does say a VPN provider or an app the encrypts the data before transmission class as a telecommunications operator.
Add to that the complexity of what happens if I use an app or vpn provider thats not goverened by UK law, my ISP can not have the capability to decode that traffic, and they cant demand the app/vpn provider supply unencrypted traffic. When will they go oh now you cant use these services because they are secure turning the user into the criminal.
This is where we need a telecommunications operator to stand up and say ok fine we will develop a service that is encrypted in such a manner that we do not have the technical cabability even under duress to decrypt. Sell that as a service to the public saying we care about privacy we use X technology, but oh dear UK gov we cant comply we would love to but its not possible. Will they be in breach of the law or would they be clear as its not "practicable".
This is where we need a telecommunications operator to stand up and say ok fine we will develop a service that is encrypted in such a manner that we do not have the technical cabability even under duress to decrypt.
The whole point of this paper is make doing that illegal. You (as the telco) will be required to able to decrypt anything that you encrypt, if you can't do that you would be in breach of this proposed law.
I hate to break it to ya'll. Especially as you most likely know it anyhow, but this really isn't worth wasting typing time on. Unless of course, you want to spend time discussing the finer points of a certain level of civil servants keeping themselves amused.
There is no online security, once you're on you are out there, and nothing devised so far is inaccessible, or unbreakable to those that have the gear and will to do it. And certain entities have a lot of gear. And they have the will.
The only way you can tell a secret, or even just have a private conversation is to talk to someone face to face, in a place that is difficult to eavesdrop.
The days of privacy, and respect for privacy are gone - if such a time ever existed.
In fact its ludicrous notion to expect to be connect to the 'world' (not the nice one on the other side of your office window) and to assume that those connections aren't monitored. It's like walking down the street naked, and not expecting anyone to notice you have a little tinkle.
So go take a walk, get some fresh air, accept that this technology doesn't only empower you. Just remember to put some clothes on
I would think that banking technology providers in the UK will be required to build all bank security technology with back doors. Does this mean that no international companies should use or purchase UK provided, owned or developed Banking software. This would also apply to the entire blockchain space. I suggest that Level 39 and all of the tech providers should immediately announce their plans to move to Ireland as a PR stunt and let's see how long these plans continue. It just requires an appropriately worded British dry humor PR that articulates how due to governments desire to eliminate cyber security we have no choice but to explore a move of the corporate office to Dublin. ( or even worse Paris) ......... This is a legal space that will bend to economic blackmail performed out in the open. A great example has been the protests in North Carolina to stupid bathroom laws. These are stupid encryption laws. Over the top is here to stay and we are building the foundations to make the crypto strong, embedded, and part of everyday services. The economy that will win is the one that figures out this new model of subscriber-service provider globally and build the first multi-billion customer secure global digital empire. BT is to focused on pension programs to be a player anymore.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
