Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
United Kingdom Communications Crime Facebook Google Privacy Social Networks The Internet Twitter Yahoo! Technology

Tech Companies Face Criminal Charges If They Notify Users of UK Government Spying (techspot.com) 152

An anonymous reader writes: Last week, Yahoo became the latest company promising to alert users who it suspected were being targeted by state-sponsored attacks (excepting Microsoft, who made a similar announcement just today). Twitter, Facebook and Google had previously assured their users that they would be warned of any potential government spying. The UK, it seems, isn't happy about this. They are pushing through a bill that will punish the leaders of any company that warns its users about British snooping with up to two years in prison. Specifically, UK ministers want to make it a criminal offense for tech firms to warn users of requests for access to their communication data made by security organizations such as MI5, MI6 and GCHQ.
This discussion has been archived. No new comments can be posted.

Tech Companies Face Criminal Charges If They Notify Users of UK Government Spying

Comments Filter:
  • End game? (Score:3, Insightful)

    by Anonymous Coward on Thursday December 31, 2015 @02:19AM (#51214223)

    What's the end game with all this? At what point do people decide not to let this crap happen, and what steps do they take to enforce it? I honestly can't imagine a civil rebellion going anyway, even in a country like America where so many people are already armed with guns. Politicians obviously have no interest in backing down. It's like a new cold war.

    • Re:End game? (Score:5, Interesting)

      by Endymion ( 12816 ) <slashdot.org@tho ... t ['e.n' in gap]> on Thursday December 31, 2015 @03:19AM (#51214389) Homepage Journal

      What's the end game with all this?

      China is showing us one of the possible end games [youtube.com]. Facebook is already patenting features along those lines. Combined with omnipresent spying, this "new" type of oppression will work. It's a terrifying future.

      It's like a new cold war.

      Dan Geer [youtube.com] describes our situation as a cold civil war. It would be useful if more people recognized that.

      • Re:End game? (Score:5, Insightful)

        by flopsquad ( 3518045 ) on Thursday December 31, 2015 @08:16AM (#51214989)
        Your post is thought provoking, which makes it all the more frustrating you've succumbed to one of the least useful fads in modern internet culture: the everywhere video-ization of content that really just wants to be text.

        Not trying to be an ass :) I honestly wanted to follow those links and read what you were talking about and then... oh, YouTube.
        • Comment removed based on user account deletion
        • I honestly wanted to follow those links and read what you were talking about and then... oh, YouTube.

          The full text of the second one, Cybersecurity as Realpolitik, Dan Geer's hour-long speech, is on his web site as a text file [tinho.net].

          He skipped over a couple items during the speech, as unnecessary for that particular audience (given the limited time) and said they'd be in this posting, so it may be more complete and useful. (I haven't read it through yet, having just watched the youtube...)

          I found it extremely in

          • Thanks for that!
          • The text helps. Here is an insightful quote: The four verities of government are these: . Most important ideas are unappealing . Most appealing ideas are unimportant . Not every problem has a good solution . Every solution has side effects Although I'd say those are the four verities of not just government but *any non-trivial centralization*. Certainly applies to any IT department.
    • Comment removed based on user account deletion
      • by HiThere ( 15173 )

        Live off WHAT land. The land will all be owned by someone else. This is already well underway. (Check out real estate prices.)

        Interest rates are below inflation, making it nearly impossible to save. People of moderate means who own land are being slowly squeezed off of it. Sometimes because of job mobility requirements, sometimes because of taxes. Sometimes for other reasons. No one thing is doing it, it's a death of a thousand cuts. If you do maintain ownership of land, it's being hemmed about with

    • What's the end game with all this?

      Imagine a boot stamping on a human face - forever

    • the UK is headed in a terrible direction, and they will be cut off by tech companies that plain flat out don't want to screw around with those wreckers. cut off.

    • by gweihir ( 88907 )

      Well, the problem with a surveillance state is that it neutralizes control instances. It usually devolves into a police-state pretty fast and then more slowly into fascism. Fascism is however inherently unstable, as it kill productivity and prosperity. Usually the start wars because that is a temporarily effective means of deviating attention from how bad things are. And in the end, at some point, these regimes collapse. It can take quite a while though. If the Germans had been a bit less greedy and a bit m

    • A good place to start is with demonsaw [demonsaw.com]. It's designed to combat just this sort of thing.
    • by KGIII ( 973947 )

      The end game? There is no end. It's a cycle, at least that's what I'm seeing with all of the history that I've consumed.

      Something about the tree of liberty needing to be refreshed from time to time and with the blood of patriots...

      There will, eventually, be a step too far. It's one of the reasons that I'm so disturbed by people who advocate allowing their government to disarm them, for their own safety... It's as if they don't or won't admit that liberty comes with a price and that price is a lack of safety

    • by AHuxley ( 892839 )
      Its really back to the 1950's with a collect it all digital layer. MI5,6, GCHQ collecting all, local government workers getting a look too.
      Academics been told what not to publish or talk about in public, UK maths and crypto education enjoying a nice chilling effect.
      A push down on brands to include a gov ready trap door, back door when needed.
      Exported software and hardware are collect it all ready by design.
      Re: "what steps do they take to enforce it?" will be what was always done to ensure every syste
  • by khasim ( 1285 ) <brandioch.conner@gmail.com> on Thursday December 31, 2015 @02:31AM (#51214263)

    Part of the proposed legislation would require tech firms to store usersâ(TM) data for up to twelve months, including a record of every internet site visited, and allow government agencies unfettered access to the data.

    I have problems with that.

    While the bill is being put forward as a deterrent against terrorism, online monitoring at this level has been banned in the US, Canada, and every other European nation.

    And that is the problem. This will do NOTHING to DETER a terrorist.

    If you want that, then you look for specific sites that they are going to right now. Not a year ago.

    Looking at records from a year ago will only result in more "why didn't you connect the dots" crap from the idiots demanding more of this.

    The bill could also allow the UK government to demand that companies weaken the encryption on messaging services such as WhatsApp and iMessage to enable agencies to evesdrop on conversations, a proposal that Apple is strongly against.

    If the UK government can crack it then so can the Chinese government and the Russian government.

    Does the UK government really want the Chinese and Russians spying on the communications of British citizens?

    • Re:Piss off! (Score:5, Interesting)

      by cdrnet ( 1582149 ) on Thursday December 31, 2015 @02:37AM (#51214271)

      How is this any different to National Security Letters which the US uses broadly to the same effect? The UK just want the same...

      • by Anonymous Coward

        One of the big differences is that, by law, US NSLs can only request access to transactions like financial records, who a person called on the phone, or addresses a person emailed. They are not legally allowed to request any content of messages. While law enforcement has pushed to access to encrypted content, that can't be done with an NSL. However, if the UK is trying to include access to encrypted messages, that extends beyond the power of a US NSL. This seems even more draconian than the US spying.

      • by yacc143 ( 975862 )

        The difference is that NSL can be used to acquire existing data, but not to force someone to design broken systems.

        • The difference is that NSL can be used to acquire existing data, but not to force someone to design broken systems.

          How do you know? If someone gets a NSL they can't tell you about it... how do you know what they're being used for? Remember the lesson of Qwest.

    • by Sique ( 173459 )
      You completely misinterpret the Government's intentions.

      Until now, they weren't able to find the needle in the haystack. And now they have the solution: More hay!

  • by Anonymous Coward

    Can the act of failing to communicate be construed as notifying users? For example, consider the case of TrueCrypt where the original developers announced that they would no longer be developing or maintaining TrueCrypt and "helpfully" suggested that users install Microsoft BitLocker instead? Now you're getting into layers of abstraction and how certain groups of people might interpret a communication or a lack of communication. Laws prohibiting communication are rarely effective, except perhaps in the shor

  • by jaa101 ( 627731 ) on Thursday December 31, 2015 @02:56AM (#51214309)

    The summary is confusing two separate situations:

    State-sponsored attacks are when a government agency hacks or social engineers or otherwise obtains your data against your will AND against the will of your service provider. That's what Yahoo and Microsoft are talking about. They can safely and legally tell their users about these attempts because, if for no other reason, they can claim they don't know who's responsible for the hack.

    Official government requests for users' data, like US National Security Letters, are where the government uses legal compulsion rather than trickery to obtain the data. Obviously governments can and do add legal requirements to not inform affected end users. In Australia the laws even forbid revealing that there has not been a request for users' data; no warrant canaries for us!

    • by Anonymous Coward

      If you don't notify the person there data is requested then how can they use their right to challenge it in the court? They would have no legal recourse or rights in the matter, because it would be kept secret from them.

      There needs to be compulsary notification of the person under surveillance, and a proper court order to keep it secret (and then only for a short time during investigations). Otherwise its just a police state with a judicial system only there to rubber stamp prosecutions.

      What's we learned ba

  • Notify everybody they are not being spied on until they get an order. Then when the notices stop coming you will know what's happening.

    • by jaa101 ( 627731 )

      Warrant canaries. Governments can make them illegal too. Or, at least, they can in Australia; maybe the US's constitutional protections around freedom of speech could make it harder there, but I wouldn't bet on it.

      • Governments can make them illegal too.

        Are you serious? They prohibit telling people they are not being spied on? Fascinating. Oh well, I guess the voters don't really mind... I have to remember how conservative people really are, and that most of them approve. To me this just shows what weak knees the liberals have. They can't win elections worth shit.

        • by ranton ( 36917 )

          Are you serious? They prohibit telling people they are not being spied on? Fascinating.

          It just says you cannot report on the existence or non-existence of certain types of warrants. I doubt such language is even necessary (warrant canaries have not been tested in USA courts yet) since using a warrant canary shows clear intent to break the law. In my opinion tech companies only use them for good PR since the financial penalties are not that high.

          • In my opinion tech companies only use them for good PR since the financial penalties are not that high.

            Same here. I just didn't know the government can compel a person to tell a lie, or prohibit the mere mention of warrants at all (Australia). I guess, with the lack of resistance at the voting booth, people are okay with it, or even demand more of the same when I look at the election results. It is hatred at work really. Pretty damn sad.

      • by Z00L00K ( 682162 )

        Warrant canaries can come in many forms, so it's hard for authorities to get proof that something is a warrant canary or not.

        • Uh, for something to be a warrant canary, it has to be generally known that its a warrant canary - thats the entire point of it, it has to be fecking obvious.

          Or do you think a company can come up with something hush hush that only certain members of its secret club would know about, except that all its customers are invited to that club and initiated into the secrets? Yeah, lets see how swearing 5 million people to silence about the "not a warrant canary *wink*" turns out...

          • by gweihir ( 88907 )

            No. You only have to get the message to somebody that is not affiliated with the company (so under no legal threat) and have them explain the meaning of the canary.

      • by gweihir ( 88907 )

        They can make them illegal, but that is very, very hard to do in a way to make a difference. What are you going to do? Put the one doing the signature in jail until he complies? Or even forcing a company to stay in business? Right.

        People making laws are among the most disconnected from reality on the planet. Enforcement of such laws still has to have some dealings with reality so may well fall short.

    • by Anonymous Coward

      Warrant canaries work in the USA because the USA has constitutionally guaranteed freedom of speech. This includes not being forced to say something. That way you can say you haven't received a NSL until you have, and then nobody can force you to keep saying it. The UK does not have freedom of speech. People like to think that freedom of speech is a universal thing in "the west", but in most countries it actually does not have the force of constitutional law and is thus much more malleable by oppressive legi

      • by ranton ( 36917 )

        I seriously doubt a warrant canary would hold up in courts in the USA either. There is no settled case law on this matter that I know of so no one knows for sure. But even if warrant canaries worked in some cases, I would be very surprised if there was no way to word legislation in a way that makes warrant canaries illegal.

        What has been held up in court is the government's ability to prevent citizens from speaking publicly about law enforcement investigations. The FBI uses gag orders on national security su

        • by Anonymous Coward

          I seriously doubt a warrant canary would hold up in courts in the USA either. There is no settled case law on this matter that I know of so no one knows for sure.

          At least, the EFF [eff.org] thinks they are. Here are some of the quotes from that article:

          "Is it legal to publish a warrant canary?

          There is no law that prohibits a service provider from reporting all the legal processes that it has not received. The gag order only attaches after the ISP has been served with the gagged legal process."

          "Have courts upheld compelled false speech?

          No, and the cases on compelled speech have tended to rely on truth as a minimum requirement. "

          • by ranton ( 36917 )

            "Is it legal to publish a warrant canary?

            There is no law that prohibits a service provider from reporting all the legal processes that it has not received. The gag order only attaches after the ISP has been served with the gagged legal process."

            There may be no law that specifically prohibits that, but judges make rulings based on the intent of laws and the intent of criminals all the time. Just look to the Supreme Court decision regarding the Affordable Care Act, where they used the spirit and purpose of the law as guidance when ignoring a pedantic gotcha that threatened to scuttle the whole law.

            Even if such a narrow loophole did hold up in court, it seems a simple gag order stopping a site from disclosing if they have or have not received any oth

  • by Anonymous Coward

    Okay, let me get this straight: rip off a whole nation, defraud companies out of billions and render millions homeless...CEO not even named. No-one ever tried, no convictions.

    Threaten to tell someone they're being spied on. CEO gets locked up for two years.

    Well, I guess we know where their priorities are. Fucking pompous ass shits, should drag them out of Parliament and hang them from the bridge. They're a disgrace to the whole country and it's people. I'm sick of them claiming the high ground while snortin

    • Threaten to tell someone they're being spied on. CEO gets locked up for two years.

      This sounds like a strong motivator for CEOs to move their operations out of the UK, as a risk mitigation measure.

  • When someone is targetted for monitoring, they do not tell the person they are being monitorered, but simply advise them that the law prohibits them from telling them if they are being monitored, and lets them come to their own conclusion.

    Or would simply repeating the text of the law itself constitute warning someone?

    By the way, is anyone else having problems staying logged into slashdot lately? Almost every time I try to post anything, I am spontaneously logged out and told I am posting as anonymous

    • by N1AK ( 864906 )

      Or would simply repeating the text of the law itself constitute warning someone?

      Regardless of whether the government should or shouldn't be restricting companies from warning customers about government activity, if they are going to do it then the laws will be pretty broad and won't be easily dodged by semantic games like this. We already live in a world where intent and/or motive can be criminal (for better of worse), thus "teaching someone chemistry" can be illegal (in the UK at least) if the lessons were

    • It took me like 20 minutes of searching, but I knew that what you're describing already has a term and I was struggling to remember what it was. https://en.wikipedia.org/wiki/... [wikipedia.org]
      • by mark-t ( 151149 )
        Not quite.... since a warrant canary requires that it be triggered by the warrant itself, where what I am suggesting only involves telling them only what the person is directly permitted to know, perhaps only in direct response to a customer inquiry, unless the law explicitly requires either the company to say an outright falsehood to any monitored customer who asks, or be evasive with any non-targeted customer who does so.
    • by AHuxley ( 892839 )
      One time pad on paper. The real chilling part is the academic creativity in trying to talk about emerging issues found on networks.
      Is it bespoke and unique? Possible gov code, dont publish... never comment, is not a good way to secure local networks.
      Domestic hardware, software gov ready modifications that get left in or are not removable on export systems.
  • by wonkey_monkey ( 2592601 ) on Thursday December 31, 2015 @03:54AM (#51214481) Homepage

    Yahoo became the latest company promising to alert users who it suspected were being targeted by state-sponsored attacks

    Google had previously assured their users that they would be warned of any potential government spying

    UK ministers want to make it a criminal offense for tech firms to warn users of requests for access to their communication data

    The first two situations involve the government going after the companies' users without notifying the companies

    The last situation involves the government issuing a request to the company for information.

    Seem like two different things to me.

    • by AmiMoJo ( 196126 )

      Indeed. What is troubling though is that law enforcement should be required to ask a court for a gag order, so that there is oversight and an opportunity to challenge it. It shouldn't be the default.

      MI5 want it to be the default because they hate oversight. They argue that it takes too long etc, but it's essential. I'd rather die in a terror attack than have them run amok with this power.

      As always, encrypt everything.

    • by AHuxley ( 892839 )
      It rally depends on what the demand is.
      An upgrade to an always on "software" ready splitter?
      New onsite hardware and a dedicated gov optical link deep into the brands systems? An in place hardware splitter.
      Or a classic per person/account request for all logs...
      The "access" part sounds like ongoing, collect it all gets a result and then legal requests gets started vs legal action begins the logging.
  • by Anonymous Coward

    Hailing from somewhere else: please, take UK out of the EU until you fixed your mess.

    Then come back.

  • Even I am well past the point where I think it's anything other than a foregone conclusion. All the tech is already in place, emails are kept for extended periods of time, phone metadata is archived, financial and medical records are all electronic, cash transactions are being discouraged, cameras everywhere you look, Microsoft installing spyware as part of the operating system.. and for all I know some government jerk at a three-letter agency is reading this even as I type it (even though I'm on XP). You w
  • by Anonymous Coward

    Does the law prohibit telling users when they're not being spied on?

  • So they can make that a criminal offense but things like, say, selling personal data to the highest bidder or criminal negligence when it comes to security is done with a slap on the wrist that is at worst something that becomes part of the operational cost?

    Odd how they suddenly can whip out the criminal charge club against CEOs when it goes against the people they allegedly represent.

  • So the default message on the Yahoo portal is: "To the best of our knowledge you are not being monitored by the Government". If the government starts monitoring, just remove the message.
  • by Bamfarooni ( 147312 ) on Thursday December 31, 2015 @04:56AM (#51214593)

    China would be so proud!

  • "Dear ISP, is my traffic being monitored today?" No.

    "Dear ISP, is my traffic being monitored today?" No.

    "Dear ISP, is my traffic being monitored today?" No.

    "Dear ISP, is my traffic being monitored today?" We can neither confirm nor deny your traffic is being monitored today.
    • That would be a breach of the order, since it is a notification of change. Don't think that the government can be confused and bamboozled by stupid kids games like this and others in these comments - if it constitutes a notification, its a notification. It doesn't have to come in the form of "I, Yahoo!, hereby notify you that we have had a warrant issued against us for your data", it simply has to be a notification.

      If a company has a warrant canary in its annual statements, or on your account etc, then th

      • by fnj ( 64210 )

        That would be a breach of the order, since it is a notification of change.

        Liar. It is a response to a specific question, not a notification[*]. Sheesh. This criminalization specifically avoids attempting to compel you to lie, which would be grossly transparent tyranny. And you completely miss the point of a warrant canary. If the warrant canary dies, it doesn't matter what the accompanying narrative (if any) is. Anyone with a working brain would realize there is a problem even if the domain is seized and so

  • by John Allsup ( 987 ) <slashdot@chal i s q u e.net> on Thursday December 31, 2015 @07:03AM (#51214861) Homepage Journal

    Thus, thinking from a logical perspective, it makes sense to assume, by default, that we are being spied upon, that GCHQ, MI5, Mi6, NSA, CIA etc are snooping on all our internet transmissions, that all ISPs and tech companies are in cahoots with the intelligence services, and that the reason there's 'no evidence' is because of explicit legislation banning the dissemination of such evidence. Suddenly paranoia, delusions and conspiracy theories start to become sensible, rational and logical.

    • by fnj ( 64210 )

      Corrollary: for communications that matter, simply layer on your own encryption that the bastards can't decrypt. That's the idea behind PGP and Enigmail.

    • Those of us who've been using encryption by default have been treating that as fact for years, even though we knew it likely wasn't actually the case yet. The only difference now is that they're sadly making our assumption a reality.

    • Suddenly paranoia, delusions and conspiracy theories start to become sensible, rational and logical.

      Being a "conspiracy theory" doesn't automatically disqualify a theory, despite the (convenient for conspirators) meme that such theories are always false and a symptom of madness.

      People organize to advance their own interests. When in conflict with others, or when their plans are otherwise likely to provoke opposition (for instance, if what they're doing is illegal and/or oppressive), and often when it is no

  • by Anonymous Coward

    Microsoft to begin alerting users about suspected government snooping http://www.theregister.co.uk/2... [theregister.co.uk]

    ?

    APK

    P.S.=> This is all mind-boggling & imo, insane - however, this was some GOOD news (that those who favored all of this madness & lunacy are being spied on themselves & DO NOT LIKE IT WHEN IT'S TURNED ON THEM -> http://yro.slashdot.org/story/... [slashdot.org] )

  • IF it came to pass would be that none of these tech providers would choose to have a UK base. We already rip CDs illegally with impunity because the law is stupid and unenforceable. Oh wait...what's that knock on the door....
  • Similar to the recent 48 hour whatapp injunction in Brazil (which was overruled after 12 hours), trying to punish a company offering a free service for not complying to evidential requests will only end up punishing the populus i.e. VOTERS.

    I can see that issuing an interception warrant across borders is difficult, but mandating a deviation to accepted law of the targeted nation will only end up getting your warrants overruled.

  • It is pretty clear to me that the government simply wants to watch anybody, at any time, and for any reason that it arbitrarily chooses, without having any accountability to anyone.

    Clearly, if one feels they have any reason to even *suspect* that they are being monitored, then they might as well consider that as a sufficient basis to carry on their actions as if they actually *were* being monitored, which effectively amounts to doing what they would do if they had actually been alerted they were being mo

  • Could a warrant canary (https://en.wikipedia.org/wiki/Warrant_canary) be used to get around such gagging? Yahoo, MS, Google, etc., could have a page that you can go to that either says "You are not the subject of a state-sponsored attack via us" or is blank. When it's blank you can assume that the spooks are prying. You could even sign up for regular emails stating the same. When those emails stop you know to go check your page.

Life is a whim of several billion cells to be you for a while.

Working...