back to article UK may demand tech world tell it about upcoming security features

The UK government has set in train plans to introduce legislation requiring tech companies to let it know when they plan to introduce new security technologies and could potentially force them to disable when required. The measures were announced just minutes ago in the King's Speech – when the country's monarch reads out a …

  1. navarac Silver badge

    Politicians

    Most politicians haven't a clue about computer systems, or computer security. Mind you, they haven't much of a clue about anything, except their own priorities.

    1. Primus Secundus Tertius

      Re: Politicians

      That is what representative democracy means. Politicians have a lot in common with ordinary people.

      1. ITMA Silver badge
        Devil

        Re: Politicians

        "Politicians have a lot in common with ordinary people"

        Since when?

        1. 43300 Silver badge

          Re: Politicians

          They have a lot in common with "ordinary people" whose wealth is at least seven figures! Not sure that most of them have anything in common with (or any understanding of) actual ordinary people.

      2. Elongated Muskrat Silver badge

        Re: Politicians

        Yeah, I'm glad I married the heiress to an Indian tech billionaire fortune too.

        Peh.

    2. elsergiovolador Silver badge

      Re: Politicians

      It's not about having a clue. We have probably the most corrupt government in history and they just want to know business and personal secrets.

      What do they need these for?

      Sell IP to foreign states?

      Harass undesirable groups?

      If only people could learn from history. Even a proposal of Stasi-on-steroids level of surveillance should have people proposing it given P45 and perhaps getting them sectioned.

      1. Paul Hovnanian Silver badge

        Re: Politicians

        "What do they need these for?"

        Collecting taxes?

        1. Elongated Muskrat Silver badge

          Re: Politicians

          They could be better at doing that, especially from those paying larger amounts. Of course, with all the "trickle down" bollocks (which has pretty conclusively been shown to be bollocks) that they push, it means taxing the poorest the most, but hey-ho, vote Tory, get a Tory. There's a reason the origin of that word is the Middle Irish tóraidhe, which means robber. When Ireland won its independence from Britain, the real achievement there was to get independence from Tories.

          1. 43300 Silver badge

            Re: Politicians

            'Trickle Down' is the system whereby those with the wealth piss on those without!

      2. Plest Silver badge

        Re: Politicians

        "What do they need these for?"

        Nothing....yet!

      3. Michael Wojcik Silver badge

        Re: Politicians

        probably the most corrupt government in history

        Probably not. That's a very high standard to meet. (And an arbitrary one unless you have a specific, measurable definition of "corruption".)

        But I agree that the continuing spiral down into authoritarianism, yet again, among various "democratic" nations is depressing. The UK has long had a keen surveillance regime (e.g. the fetishization of CCTV), but it's getting worse. Half the citizens in the US are eager to see a would-be strongman dictator (in his mind; a puppet in reality) in power. Israel's just gutted its judicial branch. And so on.

        These things tend to come in cycles, and if history is any guide we should eventually see a backlash that rolls back some of the worst offenses. But it may be decades away, and there's always the chance we're not going to make it there.

      4. amanfromMars 1 Silver badge

        Re: Politicians

        If only people could learn from history. Even a proposal of Stasi-on-steroids level of surveillance should have people proposing it given P45 and perhaps getting them sectioned....... elsergiovolador

        Given the present fact that so much relevant information about such people is freely available to whoever would need it, for nowadays is there really no safe and secure hiding place for anyone/anything to reside in or preside over, methinks are probably much greater fears for them entirely valid whenever so worthily earned, and so dismissive or ignorant of past dire but nonetheless extremely valuable historical lessons.

    3. Anonymous Coward
      Anonymous Coward

      Re: Politicians

      Quite right, they need that soothsayer of our time, Dominic Cummings, back in the mix to help steer this ship! His technology wisdom is legendary.

  2. theOtherJT Silver badge

    Password: ICanStillDoThis

    echo "U2FsdGVkX185WSn42PIqjIEiRYpf8M2qpeb+tnTPaat3hikN4Z//LAEyF8A5hPAznOnRyYMitPmbUizJFqrnVWizwS7yDqr4M2dmWzu0Gyqn4wVR50xKHINzabgz+xJ2" | openssl aes-256-cbc -a -d -salt

    And I'm going keep posting this every time this bloody stupid topic comes up.

    It'll just endanger legitimate users and do precisely nothing to prevent people with genuinely nefarious intent from encrypting their comms.

    1. ITMA Silver badge
      Devil

      Re: Password: ICanStillDoThis

      "...prevent people with genuinely nefarious intent from encrypting their comms"

      Such as... politicians...

      1. druck Silver badge

        Re: Password: ICanStillDoThis

        And commentards.

      2. 43300 Silver badge

        Re: Password: ICanStillDoThis

        Politicians are mostly too IT illiterate to do anything which the mainstream platforms don't offer.

    2. Yet Another Anonymous coward Silver badge

      Re: Password: ICanStillDoThis

      >"U2FsdGVkX185WSn42PIqjIEiRYpf8M2qpeb+tnTPaat3hikN4Z//LAEyF8A5hPAznOnRyYMitPmbUizJFqrnVWizwS7yDqr4M2dmWzu0Gyqn4wVR50xKHINzabgz+xJ2"

      How dare you sir ! My mother was a saint

    3. druck Silver badge

      Re: Password: ICanStillDoThis

      And I'm going keep posting this every time this bloody stupid topic comes up.

      No, it will just make you look like a twat, especially if is all double spaced lines instead of inside pre and code tags.

      1. theOtherJT Silver badge

        Re: Password: ICanStillDoThis

        I didn't realize we allowed to use code tags on here? That's good to know. Thank you.

        1. Arthur the cat Silver badge

          Re: Password: ICanStillDoThis

          I didn't realize we allowed to use code tags on here?

          Yes but El Reg double spaces both code and pre blocks for no good reason and deletes leading spaces so you get

          int main(int argc, char **argv) {

          return 0;

          }

          which is bloody useless.

          1. Yet Another Anonymous coward Silver badge

            Re: Password: ICanStillDoThis

            Evidence of el-reg's historical anti-python bias

          2. Michael Wojcik Silver badge

            Re: Password: ICanStillDoThis

            Yes, this has been a complaint about the Reg style sheet for at least a couple of decades, if memory serves. For some reason they're determined to keep it that way.

            It'd be nice if text inside a BLOCKQUOTE element wasn't double-spaced either, so that verse could be posted correctly.

    4. Michael Wojcik Silver badge

      Re: Password: ICanStillDoThis

      do precisely nothing to prevent people with genuinely nefarious intent from encrypting their comms

      Unfortunately, this isn't true, so there's always some empirical evidence to support the surveillance fans.

      The reality is that the vast majority of people, whether they're malicious or not, are too lazy to observe good operational and communications security. As we saw with EncroChat (or AN0M, which was an earlier version of the Exact Same Thing), or with various cases of SIGINT discovering plots (such as they were) from unencrypted communications, most malefactors either won't bother with encryption or will use only the most convenient of tools.

      In principle the so-called "masterminds" could ensure their henchpeople used readily-available encryption technology without backdoors, particularly since a conspiracy more or less presupposes opportunities to establish temporary secure channels to exchange keys, solving the PKI problem. But in practice they so rarely do. And even when they do, they often screw up some other way, as in the El Chapo case.

      None of that justifies backdooring consumer encryption or the surveillance powers so eagerly adopted by various governments, in my mind; but the "criminals will just do the smart thing" argument doesn't hold water.

  3. Adair Silver badge

    When did the UK Govt. ...

    become the worldwide arbiter and enforcer of who does what, when, where, and how in the global IT world?

    I'm sure they have some say locally, and are entitled to express an opinion globally, but if 'Corporation X', based in the United Republic of Erewhon, decides to release an app that can be installed anywhere someone has unrestricted access to the internet what do they care about what the UK Govt. thinks or says?

    Unless they have assets in the UK 'Corporation X' probably doesn't give a shit what the UK Govt. thinks or says.

    It's just more political posturing from a political party in the late stages of senescence and facing an immanent election.

    1. This post has been deleted by its author

    2. NewModelArmy

      Re: When did the UK Govt. ...

      The MP's are not part of the IPA which requires all internet connections and e-mail contacts to be logged. The very people who can damage the UK seriously are exempt from scrutiny.

      As we have seen, Baroness Mone has finally admitted those allegations put to her.

      The Tories have removed rights to protest in many areas, are looking to allow police to invade your home without a warrant, are behaving in a fascist manner by creating false enemies whilst setting people against one another. The Tories are excluding people who make any comment against the Tories, and this has included a range of people from chemical weapons scientist, all the way to teachers and assistants.

      The level of monitoring is increasing in our daily lives, and people are sleepwalking into a dystopian future.

      The Tories are lying just about everything, not doing what is right for the people (NHS, schools, energy, rivers etc), yet proceeding with laws which are draconian.

      If they had an ounce of integrity, they would realise that they are failures, and call a general election to get themselves out of the way, such that they cannot damage the UK even more.

      I expect more of this crap from them about surveillance or removal of rights before the next election. (unless they decide on a coup).

      1. GreenReaper

        Re: When did the UK Govt. ...

        Labour is just as keen to restrict your digital rights in the name of children, or the proletariat. Liberal Democrats as slightly better but fold when pressured with having it used against them in an election campaign.

        1. 43300 Silver badge

          Re: When did the UK Govt. ...

          Yes, quite - this isn't a left / right issue. The mainstream parties are all as bad as each other on this subject.

          1. Anonymous Coward
            Anonymous Coward

            Re: When did the UK Govt. ...

            Tho both partys are likely to be forced to drop this.

      2. Anonymous Coward
        Anonymous Coward

        Re: When did the UK Govt. ...

        > The MP's are not part of the IPA which requires all internet connections and e-mail contacts to be logged.

        The spooks did once plant IMSI catchers round Parliament. I guess with 5G and Signalling System 7, they're not needed anymore.

  4. Tron Silver badge

    Won't work.

    Tech companies just won't release stuff in the UK. Post-Brexit, it is an easy to isolate market.

    1. Yet Another Anonymous coward Silver badge

      Re: Won't work.

      And cut themselves off from one of the top 30 performing economies in Europe ?

      1. Adair Silver badge

        Re: Won't work.

        Amongst the top thirty you say. One out of thirty, plus the rest of the world (barring some basketcase distopias). On that basis I somehow think they would cope.

        1. Yet Another Anonymous coward Silver badge

          Re: Won't work.

          So apparently there are 44 countries in Europe (if you include Russia, and the Vatican), you forget all the little balkan states

          - So the UK is easily top 40

          1. SundogUK Silver badge

            Re: Won't work.

            The UK is the sixth largest economy in the world.

            1. Andy The Hat Silver badge

              Re: Won't work.

              Why the downvoter?

              We may be going bankrupt but the Government and the public are spending record amounts on pointless tat doing it.

              What happens with the next failed southern European/North African harvests? People dying of starvation in the Horn of Africa while we suffer the great crushed avacado shortage ...

              1. 43300 Silver badge

                Re: Won't work.

                Agree, but I think you will find that avocados are 'smashed' rather than crushed (I admit to not knowing why they are smashed whereas potatoes are mashed).

              2. Julian 8

                Re: Won't work.

                you can still get Avocado's ?

                our local supermakrets seem be getting low on stap[le fruits and some more non standard British veg

                1. Yet Another Anonymous coward Silver badge

                  Re: Won't work.

                  Why would you want non-British veg?

                  You should eat patriotic British Turnip-Toast (tm)

            2. Zippy´s Sausage Factory
              Meh

              Re: Won't work.

              The UK is the sixth largest economy in the world.

              For now.

              I can remember a time when it was the fourth... that was pre-Brexit though.

              Where's the "everything is terrible" icon? This'll have to do...

              1. Yet Another Anonymous coward Silver badge

                Re: Won't work.

                And most of that was fake.

                A few Bn euro of collateralised-inter-bank-hydrogenated-low-carb-gluten-free contracts go into a London bank at 5:00pm and out again at 8:00am every night somehow counts toward the GDP and means an ex-steel worker in Sunderland is richer

      2. Julian 8

        Re: Won't work.

        Sign of how far we have fallen.

      3. Michael Wojcik Silver badge

        Re: Won't work.

        Wow, there's enough whoosh from that comment to fly a kite. (Is that too American an idiom? Would something like "get the Swallow to Rio" be better?)

    2. Plest Silver badge

      Re: Won't work.

      Some have already threatened to do this and you'll know when this happens as you can see whatever puppet is currently in charge of the UK right now, suddenly appears on the BBC talking to Musk, Zurckerberg or some other boneheaded tech CEO!

    3. Number 39

      Re: Won't work.

      More to the point there will be a crippled version for the UK, (or would it just be GB?).

      1. Arthur the cat Silver badge

        Re: Won't work.

        More to the point there will be a crippled version for the UK

        Considering I compile all the code on my machines from sources hosted outside the UK, the idea that some HMG twattery would stop me using the same security code as the rest of the world is away with the fairies, even if they can pass the legislation.

    4. Anonymous Coward
      Anonymous Coward

      Re: Won't work.

      Or they force the UK gov to backtrack and they likely will.

  5. Anonymous Coward
    Anonymous Coward

    "reduce the risk of the most serious offences such as child sexual exploitation and abuse or terrorism"

    Bullshit. They will be using ring cam footage to fine people for leaving their bins out a bit too long. Don't toe the government line online (or in the real world it seems)? That's you fucked. I find it amazing that they are now equating terrorism to opinion. I may not like what some people say but I'll fight for the right for them to say it. My grandad fought in the second world war as an RAF pilot but he didn't fight for this bullshit.

    1. elsergiovolador Silver badge

      It's probably going to be used by the police to stalk their partners, exes or "love interests".

      Wouldn't be surprised if poorly paid police officers sold access as a side gig to burglars or other miscreants.

      Add to that, today announced, more powers for police to enter without a warrant, they could probably become burglars themselves. Knowing when people are not home and know that they talked where they hide money or what expensive they bought recently.

      1. Arthur the cat Silver badge

        Wouldn't be surprised if poorly paid police officers sold access as a side gig

        It's not just police officers but civilian support staff as well. We already know they sell access to the Police National Computer, including write access if you pay enough.

    2. alain williams Silver badge

      High level security features

      "reduce the risk of the most serious offences such as child sexual exploitation and abuse or terrorism"

      They may catch a few low level reprobates but those who they really want to catch, the big cheeses, will use good encryption, etc, with all the latest security features. If you are doing something that, if caught, will have you eating porridge for years do you really care if you break another law ?

      Government must either realise this or they are stupid.

      1. elsergiovolador Silver badge

        Re: High level security features

        Have they ever prosecuted this guy Epstain or something clients?

        That all you need to know how much they care. It's all about access to business and personal information.

      2. Elongated Muskrat Silver badge

        Re: High level security features

        The "big cheeses" of any sort of organised crime will by definition, be very rich. Did our government ever go after anybody very rich for wrongdoings of any kind? Can you think of one example? Nope, didn;t think so.

        The fact that some of them are, themselves, very rich, should in no way indicate that they might be crooked, of course. They all just worked very hard to become multimillionaires, or billionaires without cheating or exploiting anyone. You could do so too, you're just lazy, etc.

      3. 43300 Silver badge

        Re: High level security features

        And in reality they will routinely abuse any powers they are given and apply them to the most trivial issues. We know this - it's what always happens.

      4. Patrician

        Re: High level security features

        I also question how they are so sure that these encrypted services are being used for "serious offences such as child sexual exploitation and abuse or terrorism"? As they're encrypted how do they know this, or are they just guessing?

        1. Michael Wojcik Silver badge

          Re: High level security features

          Well, if they're not finding as many conspiracies as they expect in unencrypted communications, that must mean the masterminds are using encryption, right?

          It couldn't simply be that they're vastly overstating the problem.

    3. Plest Silver badge

      I cannot believe people buy those bloody Amazon sold spy cams. My sister-in-law bought one and I said you do know Amazon can tap in and see and hear everything right? She checked and found a load of reports about how insecure those bloody Ring things are. When I take my daily walk each day around town I see more and more of those things glued onto door frames, morons.

      I refuse to have anything like Echos or Ring in my house, they want to spy on me then they will have to do it the old fashioned way, through my browser history!

    4. Paradroid

      They always trot out CSA and terrorism as excuses to stomp all over everyone's privacy, working on the idea that nobody would dare object.

      1. hedgie Bronze badge

        Well, no one except the pervs and terrorists obviously, and they don't count. What do *you* have to hide and whatnot.

        I go out to dinner sometimes with a friend, and a couple of years ago, she admitted that when she first met me, she thought that I was a paranoid tinfoil hat wearing type. And then followed it up with "and I think that you're probably right".

  6. Aleph0

    "King's Speech – when the country's monarch reads out a speech that is written by the ruling political party"

    Disclaimer, being from abroad I'm totally unfamiliar with the British political system, but after reading this fine article I'm kinda curious whether the monarch has the option of saying to whoever is handing the text "Nope, I won't read this shit"...

    1. Ken Hagan Gold badge

      Queen Anne refused the Royal Assent to (i.e. vetoed) a bill in 1708. Since then, nothing much.

    2. ITMA Silver badge
      Devil

      There is this thing called the "Royal Assent" by which the monach can refuse to enact a Bill thus preventing it from becomming law.

      However, it being done would cause major constitutional problems:

      https://en.wikipedia.org/wiki/Royal_assent#:~:text=The%20only%20situation%20in%20which,the%20bill%20from%20becoming%20law.

      Damn - Ken beat me to it!

      1. Mark 65

        Yeah, but Charlie could become a legend if he did it. Just imagine this getting a regal "go get f*cked".

        1. ITMA Silver badge

          Become a right "Charlie" LOL

          He wasn't too bad at being a "thorn in the side" of government when he was the "understudy". Now he's moved on to the main role he will more than likely remain silent.

        2. John H Woods

          I imagine I wouldn't be the only person to have become a monarchist overnight if he had.

        3. Plest Silver badge

          He's waited his whole life for a crack at the to spot, now he's there he can't fart without 9 royal lackeys recording it and advising him on the correct way a monarch should fart! He's a puppet, just like Sunak, Starmer and the whole damn bunch.

          You want to know who's really in charge? Watch "Yes, (Pri)Minister" and you'll learn that it's a bunch of Sir Humphrey's in Whitehall that are really calling all the shots!

          1. Elongated Muskrat Silver badge

            Whilst the Sir Humphreys do undoubtedly exist in Whitehall, those are far from the people in charge of the current government. Look to where the money is coming from, always.

            If anything, the Sir Humphreys provide a useful scapegoat for the culture war against the vast majority of actual, low paid, overworked, civil servants.

          2. Anonymous Coward
            Anonymous Coward

            Having seen the Covid Inquiry and how those in Whitehall worked, we are probably even more f*cked than we realise...

    3. This post has been deleted by its author

    4. JimmyPage
      Flame

      All you need to know

      is the Queen was "forced" to sign the bill that illegally prorogued parliament.

      And that blew up a lifetimes fiction that we have a Monarch "to stop tyranny".

      Bollocks they do.

      1. Yet Another Anonymous coward Silver badge

        Re: All you need to know

        >And that blew up a lifetimes fiction that we have a Monarch "to stop tyranny".

        That's why the Monarchy need a constitutional right to bear arms.

        1. Elongated Muskrat Silver badge

          Re: All you need to know

          Yeah, but bears are extinct in the wild in the UK, so where are they going to get any of their body parts from?

          1. Yet Another Anonymous coward Silver badge

            Re: All you need to know

            They have bear skin hats. Obviously from the flocks of bears at Balmoral

            1. Elongated Muskrat Silver badge

              Re: All you need to know

              Good point. More likely to be at Sandringham, though, in the wilds of Norfolk.

        2. Anonymous Coward
          Anonymous Coward

          Re: All you need to know

          Speaking as someone who wouldn’t harm and an animal (bordering on the Buddhist approach) who is also a vegetarian……..I fail to see the point in killing a bear just to provide King Charles with the poor creature’s arms.

          1. Yet Another Anonymous coward Silver badge

            Re: All you need to know

            Pity he's so anti-GMO, otherwise we could genetically engineer a monarch-bear hybrid

            Compared to Hapsburgs, it wouldn't be the weirdest result

    5. Barrie Shepherd

      Listening to him reading it it sounds like he was bored to death with it.

    6. Anonymous Coward
      Anonymous Coward

      It came to light a few years ago that parliament was passing laws (Queens consent) to the Royals before putting them through parliament and letting them make adjustments to protect their interests and hide their wealth.

      https://www.theguardian.com/uk-news/2021/feb/08/royals-vetted-more-than-1000-laws-via-queens-consent

      I'm sure that still goes on to this day.

      1. Andy The Hat Silver badge

        As is detailed (if you read hard enough), if this "consent" for the legislation is requested by the Government it is always granted. Whether or not changes are lobbied for behind the scenes is another issue but it is up to Parliament to debate whatever is presented to them and suggest changes as it goes through the Parliamentary procedure, sometimes including those suggested by lobbyists who may or may not be visible to public scrutiny.

    7. Long John Silver
      Pirate

      We are fortunate to have a monarch capable of reading; that's so long as the text does not contain long words (i.e. > 7 letters).

      1. TimMaher Silver badge
        Coat

        Re:- > 7 letters

        So how do they remember passwords?

        Oh, actually, Windsor is 7. But, there again, Buckingham is 10.

        Hmm…

        1. Elongated Muskrat Silver badge

          Re: > 7 letters

          Saxe is four, Coburg is six, and Gotha is five, just saying.

    8. Anonymous Coward
      Anonymous Coward

      I was a bit surprised the king didn't stumble when reading out the bit about providing licences for more oil and gas extraction to enable us to transition to green energy....

      1. Yet Another Anonymous coward Silver badge

        It always seems unfair that he has to say "my government...", he didn't vote for it. If anything he should say "your government...." - it's your fault, this is what you voted for

  7. SVD_NL Silver badge

    Hmmm

    "No we will not require companies to backdoor their security"

    law passes

    "We will however require advance notice before they implement (any?) data security system! Oh and don't forget, think of the children and screw terrorists!"

    I do hope this will be as vaguely worded as the rest of the bill, because that will allow tech companies to take advantage of that...

    "rolling out of technology by multinational companies that precludes lawful access to data." Leaves a lot of potential to spam the government with the most inconsequential changes.

    1. Anonymous Coward
      Anonymous Coward

      Re: Hmmm

      Are you thinking time-based ciphers?

    2. StrangerHereMyself Silver badge

      Re: Hmmm

      I advise all Brits to watch the movie "V for Vendetta" again and to correlate what's happening there to what's happening in the UK today.

      1. Anonymous Coward
        Anonymous Coward

        I advise all Brits to watch the movie "V for Vendetta"

        Prothero: Do you believe this crap, Dascombe?

        Dascombe: It's not our job to believe it, Lewis. Our job is to tell the people --

        Prothero "Exactly what they tell us." I Know but do you think that people will believe it?

        Dascombe: They will if it's you that's telling it to them. Now let's try it again.

        1. ITMA Silver badge
          Devil

          Re: I advise all Brits to watch the movie "V for Vendetta"

          Or the other V for Vendetta quote:

          Patricia: You think people will buy this?

          Dascombe: Well, why not? This is the BTN. Our job is to report the news, not fabricate it. That's the government's job

        2. StrangerHereMyself Silver badge

          Re: I advise all Brits to watch the movie "V for Vendetta"

          "There's something very wrong with this country. And you need only to look in the mirror to find the guilty ones."

        3. Anonymous Coward
          Anonymous Coward

          Re: I advise all Brits to watch the movie "V for Vendetta"

          Go a bit farther and read the original comic by Alan Moore instead, makes the movie look mediocre by comparison.

          1. Michael Wojcik Silver badge

            Re: I advise all Brits to watch the movie "V for Vendetta"

            Agreed. It's not my favorite Moore work, but I'd call it far superior to the film. Which isn't surprising, really; adapting print to film is difficult enough, and when the result is meant to be an action "popcorn" movie the compromises will likely be severe.

            1. amanfromMars 1 Silver badge

              Re: I advise all Brits to watch the movie "V for Vendetta"

              And if you want to savour one/many of the flavours that AI can favour for you, "Colossus The Forbin Project” (1970) is well worth an educating and entertaining watch. Not so easily come by, but freely available from here ....... https://archive.org/details/colossus-the-forbin-project-1970

              And to realise it was released over half a century ago is quite remarkable.

      2. Anonymous Coward
        Anonymous Coward

        Re: Hmmm

        >I advise all Brits to watch the movie "V for Vendetta" again and to correlate what's happening there to what's happening in the UK today.

        Or better still, the original source material by the great Alan Moore.

    3. Yet Another Anonymous coward Silver badge

      Re: Hmmm

      >We will however require advance notice before they implement (any?) data security system!

      I was think of turning the lock on my box of 3.5" disks - who do I inform before I do this ?

      1. John H Woods

        Re: Hmmm

        If they pass it we should notify them of each and every instance of increased security. Or even changed security. Password changes? Or even a new key exchange every time you browse to an https site.

        1. Michael Wojcik Silver badge

          Re: Hmmm

          Every fix contributes to security. Many features do — improved usability aids security, for example. Flood the idiots with change reports and make them sift through it all.

  8. may_i Silver badge

    Total isolation is coming

    If the UK keeps up their "trust big brother" strategy, I can see the country's isolation from the rest of the world reaching the point where their Internet peers unplug the connections leading to the UK. It's probably the right thing to do. Let the island descend into its dystopian future while the rest of us carry on without it. I certainly can't see tech companies keeping any presence in the UK when law after law gets passed which aim to turn every tech company into the UK's bitch and make them complicit in the dismantling of privacy, freedom of expression and freedom of thought.

    This kind of crap makes me ashamed to admit that I was born in and grew up in the UK. Thank $deity I don't live there any more. I will not ever be returning.

    1. Mike007 Silver badge

      Re: Total isolation is coming

      A significant amount of the transatlantic capacity lands in the UK, therefore a lot of European traffic to US servers and US traffic to European servers has no choice but to transit GCHQs network.

      1. ibmalone

        Re: Total isolation is coming

        Kind of irrelevant, if it's only through-traffic then these laws can't be applied and strong encryption can still be used. Unless the UK wanted to bang any strong encryption coming via the UK and also own up to packet-inspecting everything going through, in which case people might start finding alternative routes sooner rather than later. Whether GCHQ can break strong encryption? With enough computing power thrown at it we know it's possible, but they couldn't decode all traffic. Do they have any exploits? Aside from whether we'd have this nonsense if they did (possibly to keep it secret), it's long past Turing's day I think.

    2. Version 1.0 Silver badge
      Meh

      Re: Total isolation is coming

      El Reg, an icon update will help ... I've suggested a new "pair of wire-cutters" icon appearing for years now to illustrate total network security. That's the only way to enable tech companies to create security technology that is 100% effective - certainly it can be disabled when required but it's a security option that can be "reinstalled 100% effective" in a second.

      I don't see any other methods that are totally effective, these days everything in the Internet has more people working to hack and bypass the security than the programmers working fantastically hard in every company to try and make security work for them ... but too often it's just a little effective and the upgrades can create new problems. I'm currently working to install and verify two pfSense firewalls - one works but the other "updated" firewall has an issue ... I'm not going to document or discuss it to keep all the risks lower.

    3. Plest Silver badge

      Re: Total isolation is coming

      You seriously think anywhere else is any better? What are you a 8 years old?

      Where there's money there's power and vice-versa, the US, Germany, Australia, Russia, you name it. Wherever the ruling elite can screw we peasants for taxes and make themselves rich, they're making sure we all remain stupid, docile and ignorant. Heck the modern education system is only in operation at the behest of powermongers as they need a tech literate workforce in order to make more money!

      Stop fooling yourself and realise we're all in system and not one of we peasants gets out of here alive ( nor with little more than we arrived with! ).

  9. Omnipresent Silver badge

    nobody trusts

    the eeeeeeeevilllllllll at play in tech anymore.

  10. Anonymous Coward
    Anonymous Coward

    Shirley

    The beauty of encryption is that you can tell everyone exactly how it works and that is precisely zero help in cracking it. Just stay away from any random number generators recommended by the NSA/GCHQ

    1. Yet Another Anonymous coward Silver badge

      Re: Shirley

      Except in Australia where the law of parliament trumps the laws of Mathematics

      1. Kane
        Joke

        Re: Shirley

        "Except in Australia where the law of parliament trumps the laws of Mathematics"

        Ahh, does Pi equal 3 there, then?

        1. elsergiovolador Silver badge

          Re: Shirley

          No, ˙˙˙ᔭ1˙Ɛ

        2. Long John Silver
          Pirate

          Re: Shirley

          Yes, if you want it to. All that's necessary is to legislate suitable curvature for space.

          Enforcement will be easy. Every new building and every new mechanism constructed after the Act is passed which fails to topple down or seize up will be evidence of criminality by architects and designers.

        3. Yet Another Anonymous coward Silver badge
  11. Duncan Macdonald
    Black Helicopters

    One time pad - with a twist

    If you need to send a message that needs to be kept secret - encrypt it with a one time pad. (That is the normal bit.)

    Then the twist - take an innocent message of the same length and derive a one time pad as the exclusive OR of the innocent message and the encrypted message.

    If forced to decrypt the message by the police - use the derived one time pad to give the innocent message.

    One defining feature of a one time pad is that the encrypted message gives no indication apart from the size of the original message content.

    An encrypted string "bivbh jwhxjpwnkhtesq23" could decrypt to "Birthday party tomorrow" or "Bomb Moscow on Monday." depending on the one time pad.

    1. Emir Al Weeq

      Re: One time pad - with a twist

      It's a shame your downvoter didn't comment: I'd like to hear their reasons.

      Granted the exchange of one time pads is not always easy and, in this case you'd also need to prepare innocent messages so that both sides' versions agreed. (The real message would probably need to be padded to match length.) But it is a solution, albeit an ugly one.

      1. GreenReaper

        Re: One time pad - with a twist

        I downvoted for talking about downvotes. You're welcome.

        1. LogicGate Silver badge

          Re: One time pad - with a twist

          And I ****voted you for doing the same :)

      2. Brewster's Angle Grinder Silver badge

        Re: One time pad - with a twist

        I didn't downvote. But OTP-fanatics are the crypto-equivalent of gold bugs.

    2. Cruachan Bronze badge

      Re: One time pad - with a twist

      I've been saying that for years as long as this shit has come up - as soon as encrypted channels are backdoored anyone doing things they shouldn't be doing will (assuming they aren't already, which they probably are) encrypt their payloads.

      And as usual Joe Public has nothing to fear, as long as they have nothing to hide. Can't remember where I saw it now, might have been here or in one of Dabbsy's columns, but someone shot this argument down by pointing out that everyone has frosted glass on their bathroom window because they legitimately have something to hide.

    3. JimboSmith

      Re: One time pad - with a twist

      It’s a shame that the Numbers stations of old are not still around because they were a great example of the successful use of the One Time Pad. I was explaining years ago once about encryption to someone who was doing a school project on that topic. The thing was supposed to be based on historical i.e. the ancient examples they had been learning about in class e.g. scrambling such as done by writing on a long thin piece of paper that is wrapped round a stick, substitution ciphers etc. but they lacked any for the time modern examples. This predates the internet as we know it today by a long time and I took a shortwave radio with me to their house. I explained that at the top of the next hour we would listen to a radio station.

      Picked up the Lincolnshire Poacher broadcasting loud & clear with a message encrypted using a One Time Pad. Having explained the OTP system and how it was used on air I then mentioned that this required random data to begin with and reuse of the data was a serious no no. I explained that the Russians had reused material and that it had allowed the Americans to decrypt various cables in a project known as Venona. My copy of Spycatcher was well read and in that Peter Wright had done a lot of explaining. She got an A for her project and the teacher wrote on the thing, whoever taught you about the modern stuff knows more than me.

  12. TheMaskedMan Silver badge

    When the online safety bill passed, I commented that I suspected that those in government would find a way to get their snooping desires over the line despite the "when possible" clause. And here it is.

    Tech companies told the government they couldn't change things to suit political agendas, so the government preempts that in future. Persistent little shits, aren't they.

    1. Anonymous Coward
      Anonymous Coward

      You spelled "c*nts" wrong

  13. Boris the Cockroach Silver badge
    Big Brother

    I think

    we're all missing the obvious question to be asked of any politician whos backing all these new spying laws.

    "What are you so afraid of that means no one can have a private chat without being listened to? '

    1. Cruachan Bronze badge

      Re: I think

      Being caught looking at "tractors" on your phone during PMQs I would assume.

  14. Howard Sway Silver badge

    forced to get permission from the UK government if they want to make changes to security features

    Hmmm, let's introduce a captcha style test where you get presented with a photo containing government ministers and have to "select every square containing a corrupt or clueless arsehole".

  15. Tron Silver badge

    Starting soon.

    Microsoft, Google and Apple are going to have ensure that their software updates, especially virus checking (which might block snooping) fully geocheck before working, so they cannot function in the UK. So no updates for UK users on their operating systems or browsers. The USG will support this, as they don't want a foreign power to have a back door into their systems, even an ally.

    The aggressive stance against backwards compatibility in browsers will soon lock UK users out of much of the net.

    It will be an issue for UK banks, as users will rapidly have browsers that are not secure, so a reversion to offline banking will be required - cheque books, paper statements etc.

    Foreign companies operating in the UK would not be able to use insecure systems that allowed the UK government to snoop on them, and most software would no longer be available here anyway, so they would have to up sticks and move out.

    Privacy will be an issue for things like medical data, if a back door is enforced. The NHS, which isn't that secure as it is, will have to move back to paper records, and it then won't be flogging data to US companies. Unless it pays folk to type it all in from paper records on disconnected systems.

    You could still develop next gen tech in the UK (if you were crazy enough, or too poor to do it elsewhere), but should not release it in the UK, as it wouldn't be considered safe internationally and insurers wouldn't permit it for corporate use. Again, geocheck out functionality in the UK with an ISP check, with GPS as a second line of defence.

    There could actually be a few quid to be made licensing code that reliably blocks functionality in the UK, if you get your skates on.

    1. Anonymous Coward
      Anonymous Coward

      Re: Starting soon.

      The reality is, as you make all common encryption weak/backdoored everyone seeks alternate solutions and so you cannot get want you want. I look at the parallels to the huge taxes Australia places on tobacco these days forcing the price of a packet of smokes to ~US$25 a pack. Unsurprisingly this has fueled black-market sales. Whether you agree with the policy or not is irrelevant as I'm merely referring to the consequences of the action. Weakening the encryption of regular products will drive the use of those not willing to play the game. Ne'er-do-wells will already have their own means of avoiding this.

      It's both stupid and pointless.

    2. elsergiovolador Silver badge

      Re: Starting soon.

      It will be an issue for UK banks, as users will rapidly have browsers that are not secure, so a reversion to offline banking will be required - cheque books, paper statements etc.

      This is the UK. If someone loses money thanks to that it will be their fault, never a bank's fault.

      Foreign companies operating in the UK would not be able to use insecure systems that allowed the UK government to snoop on them, and most software would no longer be available here anyway, so they would have to up sticks and move out.

      They will get exemptions for VPNs etc. It's all about brown envelopes coming, these types of legislation.

      Privacy will be an issue for things like medical data, if a back door is enforced. The NHS, which isn't that secure as it is, will have to move back to paper records, and it then won't be flogging data to US companies. Unless it pays folk to type it all in from paper records on disconnected systems.

      I think it is going to be "It is what it is" and nobody is going to care about privacy anymore. Big pharmaceutical companies are going to love that.

      You could still develop next gen tech in the UK

      Government could always deploy the nuclear option and create a law that any citizen could be "asked" and couldn't refuse to spy for the government and they wouldn't be able to tell anyone about the request.

      This way UK workforce would no longer be trusted worldwide and anything developed here.

      1. Anonymous Coward
        Anonymous Coward

        Re: Starting soon.

        More likely the UK gov will backtrack on this when push comes to shove, they will backdown and drop this bill.

    3. Plest Silver badge

      Re: Starting soon.

      On the upside banks will have to open branches again with no working online presence, then again with the economy in tatters as no one will trade here anymore I guess we'll have no need for banks as we'll have no jobs and no money!

      MAD MAX UK style is coming!

  16. deaglecat

    UK exceptionalism strikes again

    The world is a bigger place than we seem to think.

    ... oh and Newsflash: we don't have an empire anymore.

    1. Anonymous Coward
      Anonymous Coward

      Re: UK exceptionalism strikes again

      What about Northern Ireland?

      1. Anonymous Coward
        Anonymous Coward

        Re: UK exceptionalism strikes again

        .... "Ulster says No!" without exception..

        1. deaglecat

          Re: UK exceptionalism strikes again

          Thus was it ever so.

    2. Anonymous Coward
      Anonymous Coward

      Re: UK exceptionalism strikes again

      We may not have outposts in Umma Gumma land anymore, but we do run about 50% of the dodgy offshore tax havens in the Carribbean though. The City of London isn't just a bunch of offices and bankers, it's a powerhouse of finding the most efficient ways to hide rich sods money out of the clutches of whatever local taxman is coming after them and we do a damn fine job at it too!

  17. DS999 Silver badge

    It would be almost impossible to write up such a law

    Is patching a security hole a "security feature"? Is fixing a bug found in key exchange a "security feature"? Is making it so group chats are end to end encrypted instead of just person to person a "security feature"? Is strengthening or replacing an encryption algorithm a "security feature"?

    They would either require notification of almost every software release/patch, or leave enough gray area that companies notify of nothing and courts uphold their (in)action.

    And what are they expecting, the ability to approve/disapprove of each one? Probably moving at typical bureaucrat speed so they'd say "let us know about your upcoming features and we'll get back to you in six to nine months with whether you're allowed to use them or not."

    Hopefully big tech gives them the big finger, and once everything from Microsoft, Apple, Google, Linksys etc. is stops getting updates in the UK and it becomes a hacker's paradise, enough citizens show up with pitchforks and torches that whoever thought up this dumb idea is forced to flee the country!

    1. Anonymous Coward
      Anonymous Coward

      Re: It would be almost impossible to write up such a law

      Is patching a security hole a "security feature"?

      If it is one of the flaws the spooks are using...yes.

    2. Kane
      Big Brother

      Re: It would be almost impossible to write up such a law

      "Is patching a security hole a "security feature"? Is fixing a bug found in key exchange a "security feature"? Is making it so group chats are end to end encrypted instead of just person to person a "security feature"? Is strengthening or replacing an encryption algorithm a "security feature"?"

      Don't you worry your pretty little head about that, my dear, we'll set up a new arms-reach (hah!) non-governmental department in order to determine, on a case-by-case basis which of those are classed as "Security Features". Which will then be swiftly passed on to our in-house "technical experts" in order to "analyse" the feasibility of deployment of said feature, along with some "recommendations" in order to get it moved along.

      Or Else.

  18. Roland6 Silver badge

    It’s wider than “Tech” companies

    > "rolling out of technology by multinational companies that precludes lawful access to data."

    The guidance notes don’t restrict this to the IT industry, so any multinational company eg. A pharmaceutical company, or even a company with a UK and say a Paris office, would need to get UK government consent to the rollout of new digital communication security arrangements…

    1. Anonymous Coward
      Anonymous Coward

      Re: It’s wider than “Tech” companies

      That why the UK gov will drop this fast when push comes to shove.

  19. Barrie Shepherd

    The result of this rank stupidity will be that every IT product developed or manufactured in the UK would have the same security risks, or at least thought to have, as the Government claims Huawei equipment has - it's just a different administration sniffing around.

  20. Anonymous Coward
    Anonymous Coward

    Come now chaps

    You see, we need access in case one of our chums “inadvertently” stumbles across a nasty while “researching”.

    Can’t have a boy incarcerated for an honest mistake.

  21. wolfetone Silver badge

    You can see where this is going.

    Meta announce plans for you to undelete WhatsApp messages. UK Gov see this, and ask how far back does this go? Meta says "well, 2014 I suppose".

    UK Gov: "Nah mate, you can't do this. You can't allow users to undelete WhatsApp messages".

    Meta: "Eh, why?"

    UK Gov: "Because everyone will see what we were up to during COVID".

    The United Kingdom of Great Bullshit and Tyranny.

  22. safetysam

    Article image

    Is the image for this article AI generated? Because it's awful.

  23. Long John Silver
    Pirate

    Blind spot?

    Odd, is it not, that justification for intrusive surveillance is never framed in terms of bankers' and others' malfeasance in the City of London, or tracking illicit flow of money to offshore havens?

  24. Long John Silver
    Pirate

    Putting hair on the chest of the Home Secretary?

    Cruella Braverman is emulating the crass stupidity of a previous harridan who held the same Office of State. I refer to Teresa May. Oops! Did I mistakenly mention a porn star? Never mind, said 'star' most likely betters her insignificant namesake with respect to intelligence, charm, and photogenicity.

    Cruella and her boss would more convincingly hold posts as Whitehall chaiwallahs.

  25. cuna

    0.84% of the world's population lives in the United Kingdom.

    That's it, we are less than 1% of the world. We account for just 3 and a bit percent of the world's GDP and this figure is rapidly decreasing.

    Yet our government wants to do this.

    Why should any international care about the government of a small country in Europe?

    We are 0.17% of the land area in the world excluding Antarctica and Greenland. Less than 0.2%!

    It will be easier to ignore the UK than to comply with its laws.

  26. StrangerHereMyself Silver badge

    Ludicrous

    This entire law is completely ludicrous and could only have been dreamed up by clueless politicians and civil servants.

    Facebook: "We want to add quantum proof encryption to WhatsApp to make messages safe from future decrypting."

    Britain: "No you don't."

    1. Elongated Muskrat Silver badge

      Re: Ludicrous

      Facebook: "Here's a million quid we found down the back of Zuck's sofa."

      Britain: "On second thoughts, off you go. No problem here."

      This is nothing whatsoever to do with protecting people from padeoterrorists or about reining in big tech (Sunak is literally married to a big tech heiress). It will only ever (adversely) affect users, and ordinary people like you and I.

      1. StrangerHereMyself Silver badge

        Re: Ludicrous

        I too wonder how many plebs still believe the fairytale that these laws are about preventing crime instead of hunting down "undesirables."

  27. Potemkine! Silver badge

    Similar in France

    In France, our lawmakers want to protect everyone from the bad things on Internet too, so they want to oblige browsers makers to implement a filter directly in the applications. Who decides what the filter would contain is a 'council' with no democratic control named ARCOM . Of course, this council is 'independent', on the 9 members, 3 members being nominated by the President of the National Assembly, 3 by the President of the Senate (giving indirectly to the Legislative branch Judiciary powers, something totally undemocratic), 1 by the Conseil d'Etat ("State council", an administrative instance made of public servant), 1 by the Judiciary branch, 1 by the President of the Republic. Don't worry, it's for your own good, and of course to protect the children.

    "L'enfer est pavé de bonnes intentions" ('Hell is paved with good intentions" => "The road to hell is paved with good intentions")

  28. Anonymous Coward
    Anonymous Coward

    Apologies to Pink Floyd...

    Good morning, Worm your honor.

    The crown will plainly show

    The prisoner who now stands before you

    Was caught red-handed hiding feelings

    Hiding feelings of an almost human nature;

    This will not do.

    Call the schoolmaster!

  29. Anonymous Coward
    Anonymous Coward

    The Investigatory Powers reforms bill sound like a bigger unworkable mess then the Online safety bill and may be dropped half way through.

    1. 43300 Silver badge

      Surely the Online Safety Bill demonstrates that the government isn't too bothered about trivialities such as whether legislation is actually workable?!

  30. Groo The Wanderer

    Wouldn't be easier for the UK government to stop deluding itself that it has power over the global tech industry's moves? That most REPUTABLE companies would rather drop the UK market that cripple the security of their systems?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like