Probably also worth remembering: even if we were inclined to let Airstrip One stew in its own dystopia, there would appear to be no reason why the âcompelled secret backdoorâ powers could not be used against any individual or company with enough connection to Britain that they can meaningfully be threatened, even if the eventual target of the attack is not in the UK.
Say, for instance, that pesky iPhone that the US feds have been fighting with Apple about. If Britain were in the mood to be a good Five Eyes Freedom Pal, they could use this law toâŚpolitely requestâŚthat Apple(who certainly has enough of a presence in the UK that they could likely be made agreeable) produce and sign a backdoored OS update; then pass that on to the feds of a different jurisdiction. If memory serves, the iOS signing mechanisms allow for per-device granularity(this is how âtestâ apps signed only with developer keys but not blessed by Apple for distribution can run on a limited number of test devices), so they might not be able to just compel a universal backdoor update when Apple can argue that they can provide the requested access on a more granular level; but thatâs what asking repeatedly is for.
Given that the UK is enough of a market that a fair few people with interesting signing keys have some sort of nexus through which they can be prosecuted there, the spillover could be considerable.
The most obvious candidates are online services, ISPs, and telcos in the UK; but the world is absolutely stuffed to the gills with hardware and software that will trust whatever binaries you feed it more than you trust your mother, so long as you can sign them properly. This suggests that even if you arenât in the UK, and even if you are using equipment from a vendor that isnât primarily in the UK, you could still be the recipient of a neatly gift-wrapped little software update that will cut through all but the most paranoid defenses like a thermic lance through butter on a hot day.
My read of this is that the software development industry in the UK is effectively dead. Except forâŚI dunnoâŚwhat backdoored software would people be okay running?
I agree. This will suck suck suck for Sophos.
This must also mean that open source software cannot (in the UK) be audited since it might âillegallyâ expose a backdoor, and that people in the UK cannot (legally) read on foreign websites or newspapers that a backdoor is present in a given software.
People of the UK. Why did you vote for this?
I was just wondering if software companies in the UK could declare their product open-source, and then shift to acting as âsupport teamsâ or whatever for that particular piece of open-source software?
Really, the whole damn thing is ridiculous, and Iâm as baffled as @monostatos as to how this got through the govât.
I didnât. The local Labour candidate (who has voted in favour of this kind of crap before) got over 50% of the vote regardless of how I voted.
Unfortunately, itâs probably partly also because the politicians literally donât understand it themselves. Iâm not giving them a get-out here, you realise, but itâs far simpler to believe in cock-up than conspiracy. This problem is exacerbated in confrontational governmental systems (like the UK and the US) where even mere suggestions that something might not be a good idea are treated as treason or heresy - or even as conspiracy themselves. And this then leads to fiascos like TPP, where negotiations conducted behind closed doors and in secret donât even get as far as even hearing about possible problems, let alone addressing them.
I am moderately optimistic that this particular Bill is unravelling so fast that it wonât make it much past the scrutiny committee in its current form, but itâs good that its problems are at least being debated in public.
A huge problem in the US with all three arms of the government. And my reading skills are failing meâI thought this had already been signed into effect. I hope the UKâs elected leaders will scrap this nonsense, pronto.
Of course, the US has led the way in promoting software backdoorsâŚanyone remember the Clipper Chip fiasco? NSA developed a chip that would allow for backdooring of telecommunications info and (among other nutbag LEO types) demanded that it be inserted into all new telephones just in case Aunt Mary was communicating with Saddam Hussein or other bad guys.
-ahem-
Interestingly enough, some of the smart folks who resisted the Clipper Chip (involving luminaries such as Bruce Shneier and Matt Blaze) published âThe Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryptionâ way back in 1997.
Lo and behold, they got back together and published âKeys Under Doormats: mandating insecurity by requiring government access to all data and communicationsâ just this year. Both should be required reading for any UK leaders considering the Snooperâs Charter.
Oh god, donât! That is far too close for comfort.
The fight goes on i suppose. 
Minesweeper?
Pretty muchâI was thinking games, but hell, games are just as networked and complex as MS Office is now and they offer just as large an attack surface as the standard office suite.
Iâm just glad I live in the U.S., where this sort of nonsense isnât tolerated.
Vodafone revealed last year that they were obliged to participate in mass surveillance - http://www.theguardian.com/business/2014/jun/06/vodafone-reveals-secret-wires-allowing-state-surveillance
At least at the time they were not breaking the law in revealing this.
Most of us didnât.
Is the western world staffing some sort of contest for most twisted authoritarian dystopia?
Or is it âwho can score the most rotations as Orwell turns over in his graveâ?
Until Hinkley Point C is running the rotating Orwell powers most of the UK. Iâm sure the dystopian laws will be abolished as soon as security of electric supply is given.
We didnât vote for them. The main problem is far too few people bothered to vote for anyone else.
