(1) In all cases of major terrorist attack in the last 15 years the
attackers have been known to the intelligence
agencies. Furthermore adding more data just adds more noise. Why,
then do we need mass interception warrants?
(2) Depending on the specific retention requirements, it is likely to
require DPI. It's expensive. Also, as a service provider, it's
none of my business what's in my customer's packets. They pay me
to send them where they're supposed to go. Looking at them more
than is required to debug network problems is unethical. I don't
have any DPI kit, and I don't want any. I can mirror a port and
run tcpdump if I need to.
(3) The definition of telecommunications service is so vague that it
can catch anything from community organisations to GCHQ. Just who
is meant to be subject to this law?
(4) There are numerous gags and coersions. My favourite one is how, if
you are a (vaguely defined) telecommunications operator, and any one
of dozens of officials think you don't have some data but can get
it, they can ask you to get it for them in whatever way, and you
have a duty to do it. Without a warrant. And jail if you blab.
(5) The mass surveillance capabilities aren't meant to be used in the
UK, but it appears to be possible to acquire data from the entity
doing that, again without a warrant.
(6) If you are accused of some crime and the evidence involves
interception, it is not allowed to even refer to this in court --
the provenance is therefore unquestionable. But no matter, this
will never happen because only evidence acquired without a warrant
from that retained by service providers will be used in court. The
interception will just let them know what to ask for.
(7) The section on forcing companies to remove "protective measures"
is either a fantasy, or a recipe to kill the UK tech industry. Or
both. Nobody sane who expects people to trust their software would
touch the UK if this becomes law. And any semi-competent criminal
will very quickly figure out what safe end to end encryption
software to use.
There's lots more. But to summarise, the law is buggy, even if it
weren't it wouldn't work and it would be very expensive both in terms
of operational cost and social cost.
-w
--
William Waites <[email protected]> | School of Informatics
https://tardis.ed.ac.uk/~wwaites/ | University of Edinburgh
https://hubs.net.uk/ | HUBS AS60241
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.
pgptMlgSHw21U.pgp
Description: PGP signature
