UK Proposes Even More Stupid Ideas For Directly Regulating The Internet, Service Providers
from the well-fuck-the-users-I-guess dept
The UK government has made no secret of its desire to convert providing encryption into a criminal act. The fact that some things are beyond the government’s reach is unacceptable. While lawmakers may suggest this will only target “criminal” purveyors and users, there’s no reason to believe this won’t be expanded every time law enforcement finds it slightly difficult to access information it believes it’s entitled to.
The same government apparently believes it can directly regulate content people have access to, even if that content isn’t illegal. For several years, the UK government has attempted to implement “porn filters.” The sales pitch is that this is for the children who can far too easily access porn via the internet. But what the UK government really wants to do is limit porn consumption by everyone — something it hoped to achieve by forcing adults to express their desire to consume porn to their service providers.
This effort failed. But this failure has taught the UK government nothing. It still believes it’s capable of directly regulating the internet. Its comments on proposed updates to the 1990 Computer Misuse Act suggest the government still thinks it can make the UK safer by unilaterally granting itself a bunch of new powers.
First, the government proposes it should be able to seize domains and IP addresses at will… for the greater good, of course. In order to take down botnets or other offenders (fraudsters, purveyors of contraband, etc.), the UK government is suggesting it should be given these powers:
Once law enforcement have taken control of the domains or IP addresses other possibilities also become available to them. For example, they could choose to “sinkhole” (see glossary of key terms) the incoming victim communication attempts. This “sinkholed” data can be used to identify how many victims there are, what IP address they are on, and on occasions further details about the infected device – such as its operating system, which can help defenders find it and clean it. Sinkholed data can be disseminated through existing channels to notify victims around the globe that they may be infected.
We believe that the UK would benefit from law enforcement agencies being given the right to cede control of the domain and/or IP addresses to trusted parties for management and sinkholing efforts, to remove the need for law enforcement agencies to renew millions of domain names every year to ensure they do not fall back into criminal hands.
The government wants to save UK residents from malicious entities by hijacking domains and IP addresses. This sounds fine if you believe the government is incapable of error or abuse. It looks far worse when you realize there’s no government in the world incapable of error or abuse.
The second half of the proposal would allow the government to swiftly divest itself of blowback by handing over the management of the perceived problem to non-government agencies, allowing them to take the heat for any errors or abuse.
The proposal also seeks to allow the government to prevent domain name creation by demanding registrars ignore domain names generated by algorithms. The government assumes only malicious entities would bother using a domain generation algorithm. And, based on that assumption, the government believes it is in the right to demand service providers refuse or cut off access to anything appearing to have been generated by something other than a human.
It’s not just blocking being proposed. The government wants to handle any domain name it doesn’t like in any way it sees fit, utilizing the altered law to compel cooperation from all involved private parties.
A request to take down, seize or prevent the creation of a domain name would be served on the relevant party who was in control of the domain, such as the Registry (who create it and ensure that only one instance of it exists), a Registrar (who effectively leases it) or the Registrant (who rents it and deploys their content).
A request to seize control of an IP address would be served on a network provider that controls that IP address. They might be required it to tunnel that IP to another in the control of law enforcement or other trusted party.
The proposal suggests the UK government has some idea how these powers would be best wielded. But that illusion is shattered by this request, which suggests something else entirely.
We propose that this power is available to specified public authorities, and would welcome views on which agencies should be able to use it.
Perhaps the UK government believes these powers should be granted to any and all agencies asking for access to them. This request does nothing more than ask for sales pitches from agencies the government (as a whole) believes should have access unless specified otherwise by entities whose opinions the government values. Opinions from government agencies are presumably more trustworthy than opinions offered by residents, who are assumed to not know what’s actually good for them.
At least there will be some sort of court review involved. Government agencies would have to show the targeted domains are linked to criminal activity to secure a court order. Of course, most of this demonstration of facts will involve plenty of boilerplate and the limited attention of judges who often believe law enforcement wouldn’t target sites unless they were host to criminal activity. The better limitation is this:
The person required to carry out the action should have the right to appeal to the court to remove the suspension, as should the registrant where domain names have been registered.
This makes the process a bit more adversarial. But only a little bit…
However, the suspension should remain in place while the appeal is taking place and refusal of the request by the person on whom it is served will result in a fine.
Since refusal is almost always likely to result in a fine (if the government prevails in court), suspensions and other government actions will continue while the court shifts the burden to the recipient to prove the government is wrong. The proposal suggests served parties can be compensated for lost revenue if a court rules the government erred, which may deter some abuse, but the presumption of being in the right still seems to be mostly on the government’s side throughout the process.
And there’s more. The government wants data preservation to be far less voluntary.
Data is preserved voluntarily at the request of law enforcement agencies, and this process works well. However, given the need for electronic evidence to be available for investigations in an increasing number of cases, we believe that it is necessary for the UK’s law enforcement agencies to have access to a power that requires the preservation of data where a person is unwilling to do so voluntarily.
This would not require a court order. Instead, apparently indefinite data retention could be triggered by nothing more than a “senior officer’s” signature. The recipient can appeal the retention demand via the courts, but will be required to collect, hold, and maintain the data while this appeal is underway.
The government also wants to change the definition of theft to include the copying of data. Since illicit copying of data triggers lower criminal penalties than actual theft, the government wants to make the making off with unapproved copies more akin to someone stealing your actual car (rather than just downloading it).
We would like to consider whether there is a need to create a general offence for possessing or using illegally obtained data, and would welcome views on the necessity.
So, the government wants to be able to punish ethical hackers, leakers of non-public info, people who obtain or share the results of data breaches, and anyone else who happens to have data no one specifically said they could have.
Also on the table: extraterritorial investigations and prosecutions, increased mandatory sentences for “computer” crimes, and increased powers for government agencies who claim they’re only participating in cyber-defense work.
All of this looks bad. Some of it looks incredibly terrible. At this point, at least, it’s only a proposal. But without significant pushback, a lot of these bad ideas will become law.
Filed Under: encryption, surveillance, uk
Comments on “UK Proposes Even More Stupid Ideas For Directly Regulating The Internet, Service Providers”
When a government outlaws encryption, do they then arrest children for talking in pig latin?
Re:
No decoder rings for you!
Re:
Of course not. You just have to provide proof of your age so the government can verify you are, in fact, a child. However, Latin is clearly unsafe for children as there are many Latin words that are clearly damaging. So pig latin must also be bad on it’s face and unsafe for children and if children are found utilizing it…I don’t know, we sue Latin America?
Re: Re:
Hey, British government.
Pedicabo ego et tu irrumabo.
From Catullus 16.
I expect to be extradited for spreading such filth.
Re: Re: Re:
You kiss your mater with that mouth? 🙂
Re: Re: Re:2
Only if they consent! 🤣
Re: Re: Re:
I, caco in petasum. (Go, do something with your hat.)
Re: Re:
Fun fact: in the Victorian era, there was the publication of newly discovered Roman texts that were quite scandalous to the society of the time. They were published with English translations alongside the original Latin, but only the English side was censored. The thought being that such ideas could not be trusted with the great unwashed, but if you were educated enough to know Latin, then it would be safe to allow you to read such filth.
I’d guess a similar thing would happen here. If people were to start using Latin in any form for encryption, then you would only come under suspicion if you were educated under the commoner system of schools. But, if you were educated at Eton, then your classical education must mean that you are above suspicion of wrongdoing and wouldn’t be investigated. The problem being, of course, that most of the corrupt, destructive forces causing the country to disintegrate from the halls of power right now were in the Eton old boys club.
Re: Re: Re:
Only if the news were interested in doing actual investigative research.
Re: Gov?
When the gov. outlaws encryption, you have to ask, DOES THIS include you(gov.) and the Corps?
If we are all equal, then we are TREATED equal.
It's not called 1984 because they were supposed to do it then
Someone really needs to take all the dystopian fiction books away from the UK government and remind them that those are meant as warnings not How-to guides.
To many ways
There are to many ways to get around encryption.
#1 is where the encryption starts. At your computer with an encrypted Browser or after the VPN.
Problem with a Browser is Somewhere along the way something has to convert it.
VPN? Everything UPTO the VPN is easy to see. ANd a very large number have been Cracked.
I’m starting to think the UK is going full-on police state. How in the hell does this square with Rabb’s desire to make the UK “the next Silicon Valley”?
Cause if even half of these bad ideas make it into policy, it’s gonna crush what’s left of the UK Tech Sector.
Everyone who believes that the powers they are asking for will stop at malware, fraud, and bots, raise your hands.
Nobody? okay, then.
The residents don’t know what’s good for them? Hire every resident in the UK. Now everyone will know what’s good for them. Problem solved.
Oh, I just remembered that I have to clear up space on my hard drive. This has nothing to do with downloadable cars, just so you know.
Freedom of internet expression burning bright in the darkness
Seriously if one looks at it this way (and countrywide censorships wouldn’t be a thing otherwise) then liberal democracies are winning the internet like crazy by being this sort of beacon. It seems to me that there is a reason there was a big uptick in Persian language pornhub uploads in the recent times by people from there taking a big risk to make a statement. This particular issue of course is not a matter of utmost importance, however it shames some of my elders to not realize they are trying to take a thing that at least in part some not irrelevant number of freedom minded peoples are striving for in a place such as that.
By the way, the Tories has been talking to a christian university about porn, and they got caught arranging a meeting with “ex-gay therapy” (conversion therapy) advocates in IIRC 2021.
https://www.bbc.co.uk/bbcthree/article/cacc0b40-c3a4-473b-86cc-11863c0b3f30
Decades ago, the Tories were responsible for the infamous Section 28 which prohibited discussing homosexuality within schools.
The Tories are extremely paranoid and conspiratorial about anything to do with porn or technology.
what a shame that there is never a name to the stupid asshole who ‘invents’ these rules and who thinks they will work, keeping the internet a safe place to go! however, given the ridiculous notions the UK government and it’s knowledgeable security services have, i wonder how long it will take to realise that what they want (and i’ll bet) will bring into law, will, just like the USA, fuck the internet up completely? the annoying thing is that no one will actually say what they are trying to achieve, ie, that the USA entertainment industry wants complete control of the internet as far as what can be made available, what can be downloaded and uploaded and those thieving fuckers in every country, you know who i mean, the rich, the famous and all friends who want to be able to do whatever the fuck they want with no come-backs but not ever get found out, but who equally want to know everything going about us ordinary people, what we do, say, read, write, where we go and for whatever reason! of course, there’s no malice intended by them against us! as if there would be!! anything to remove power, control and freedom from us is the order of the day and so many cant even realise that once it’s gone, it’s gone for good!! may just as well have let Hitler do what he wanted because we’re handing back every right that was fought for so the elite few can dominate and enslave us yet again!!
Wtf the uk gov protect the pedo ring in the military, police and even in the gov.