UK's Snooper's Charter Hands Over Access To User Data To Several Non-Law Enforcement Agencies

from the ALL-ACCESS-PASS dept

The UK's "Snooper's Charter" was already terrible. The draft bill, finally released earlier this month, confirmed the UK government would be mandating encryption backdoors and requiring the retention of citizens' web browsing history. On top of that, the bill confirmed dragnet surveillance by UK agencies was already in place (unbeknownst to its "oversight") and, in fact, is looking to legalize the snooping after the fact.

The Investigatory Powers Act, as can be inferred by its name, would obviously allow any number of intelligence and law enforcement agencies to access the data and communications retained by ISPs. But it's not just GCHQ, M16 and various police forces being granted access to UK internet users' web browsing history. As Joseph Cox at Motherboard points out, it's also several agencies with seemingly no need for additional access to communications data.

On page 210 of the draft Investigatory Powers Bill, a planned piece of UK surveillance legislation that was announced earlier this month, is a table of “relevant public authorities.” These authorities would “have the power to obtain communications data,” according to a briefing paper on the Bill.

As you might expect, the list includes various police forces, the Secret Intelligence Service (MI6), the UK's signals intelligence agency GCHQ, and the Ministry of Defence. However, it also includes agencies such as the Department of Health, the Department for Work and Pensions, and the Department for Transport, whose need for such surveillance data is less obviously clear.

Despite the parade of child-murdering, drug-dealing, criminal-masterminding horrors that serve as slightly-less-dry interludes to the bill's text, access to "all" retained data will be provided to a long list of mundane regulatory agencies, presumably for the sake of the children.

• Her Majesty’s Revenue and Customs
• Department for Transport
• Department of Enterprise, Trade and Investment in Northern Ireland
• A fire and rescue authority under the Fire and Rescue Services Act 2004
• Food Standards Agency
• Gambling Commission
• Gangmasters Licensing Authority
• Health and Safety Executive
• National Health Service Business Services Authority
• Duty Manager of Ambulance Trust Control Rooms
• Northern Ireland Ambulance Service Health and Social Care Trust
• Northern Ireland Fire and Rescue Service Board

Most of these agencies are granted access to all "communications data." The justification for this is laid out in the table starting on page 210 of the pdf, with most of these agencies utilizing Section 46(7)(b) ("for the purpose of preventing or detecting a crime or of preventing disorder").

But the bill contains several other justifications for the obtaining of user data, not all of which seem severe enough to warrant special legislation -- like "collecting any tax, duty, levy or other imposition" or "exercising functions relating to financial stability."

Not exactly the terrorist-hunting, child kidnapper-finding wonderbill it's being depicted as -- often in its own pages. Worse, the stuff authorized here is already in place and has already been used. Jim Killock, executive director of the Open Rights Group:

“This is already happening under RIPA—there were around half a million data requests made last year. Many of these were by the police but also by organisations such as Royal Mail, the Department of Work and Pensions, and local authorities.” RIPA, or the Regulation of Investigatory Powers Act 2000, is another controversial piece of UK surveillance legislation.

In other words, the new bill is codification redundancy. The UK government is hoping to ensure the snooping it's been doing for years, via a variety of agencies, will be solidly in place for years to come.

Filed Under: investigatory powers bill, ipbill, law enforcement, regulations, snooper's charter, theresa may, uk

UK ISP Boss Highlights Technical Stupidity Of The Snooper's Charter Proposal

from the surveillance-magic dept

There's just something absolutely nutty when politicians with no technical knowledge whatsoever try to make technology policy, and it often crosses over into out-and-out slapstick when that technology policy involves surveillance. It's why we see things like talk of "golden keys" for encryption that somehow wouldn't be "backdoors" (even though they are). Over in the UK, they're going through something similar with the current "debate" (if you can call it that) over the latest Snooper's Charter bill, officially known as the "Investigatory Powers Bill" or the "IPBill."

A key element in the bill is the demand for "internet connection records." The draft bill has a whole section on these "ICRs" which it defines as:

A kind of communications data, an ICR is a record of the internet services a specific device has connected to, such as a website or instant messaging application. It is captured by the company providing access to the internet. Where available, this data may be acquired from CSPs by law enforcement and the security and intelligence agencies.

An ICR is not a person’s full internet browsing history. It is a record of the services that they have connected to, which can provide vital investigative leads. It would not reveal every web page that they visit or anything that they do on that web page.

That definition, by itself, seems somewhat self-contradictory, but we'll leave that aside for now. Adrian Kennard, the head of a small UK ISP, Andrews & Arnold, has filed some comments highlighting how technically clueless this idea is:

The explanatory notes, and one of the clauses in the bill, make use of the term “Internet Connection Record”. We are concerned that this creates the impression that an “Internet Connection Record” is a real thing, like a “Call Data Record” in telephony.

An ICR does not exist - it is not a real thing in the Internet. At best it may be the collection of, or subset of, communications data that is retained by an operator subject to a retention order which has determined on a case by case basis what data the operator shall retain. It will not be the same for all operators and could be very different indeed.

We would like to see the term removed, or at least the vague and nondescript nature of the term made very clear in the bill and explanatory notes.

From there, it goes even further, pointing out that the justification for needing these non-existent ICRs was a statement from UK Home Secretary Theresa May about how useful such info would be in finding a missing girl:

"Consider the case of a teenage girl going missing. At present we can ask her mobile provider for call records before she went missing which could be invaluable to finding her. But for Internet access, all we get is that the Internet was accessed 300 times. What would be useful would be to know she accessed twitter just before she went missing in the same way as we could see she make a phone call"

Except, as Kennard points out, that's not how the internet actually works. You don't "connect" to Twitter like that, because you're constantly connected to Twitter:

...in yesterday’s meeting I, and other ISPA members immediately pointed out the huge flaw in this argument. If the mobile provider was even able to tell that she had used twitter at all (which is not as easy as it sounds), it would show that the phone had been connected to twitter 24 hours a day, and probably Facebook as well. This is because the very nature of messaging and social media applications is that they stay connected so that they can quickly alert you to messages, calls, or amusing cat videos, without any delay.

It should be noted that it is quite valid for a “connection” of some sort to last a long time. The main protocol used (TCP) can happily have connections for hours, days, months or even years. Some protocols such as SCTP, and MOSH are designed to keep a single connection active indefinitely even with changes to IP addresses at each end and changing the means of connection (mobile, wifi, etc). Given the increasing use of permanent connections on mobile devices, it is easy to see how more and more applications will use such protocols to stay connected - making one “internet connection record” which could even have passed the 12 month time limit by the time it is logged.

Connections are also typically encrypted and have some data passing all the time, so it would not be practical for an ISP, even using deep packet inspection, to indicate that the girl “accessed twitter” right before she vanished, or even at all (just that there is a twitter app on the phone and logged in).

This seems like a rather important point: the people who put together the Snooper's Charter for spying on the internet don't seem to understand the first thing about how the internet actually works. And yet we're supposed to give them sweeping powers to spy on it? How does that make any sense?

Filed Under: adrian kennard, encryption, icr, internet connection records, investigatory powers bill, ipbill, metdata, snooper's charter, theresa may, uk
Companies: andrews & arnold

Snooper's Charter May Not 'Increase' Surveillance... But Tries To Legalize Over A Decade Of Secret, Illegal Mass Surveillance

from the oh,-look-at-that dept

Earlier this week, we wrote about the UK's release of its new Snooper's Charter bill, where we noted that the government spin on it was fairly dizzying. I noted at the time that while the government kept insisting that it wasn't adding a requirement to backdoor encryption, that was misleading because the text of the bill indicated the government believed such a mandate already existed. And that's only the least of it. The bill and the discussion around it simply confirmed that the UK government engaged in mass surveillance for many, many years, and until now only a "tiny handful" of government ministers even knew about it.

That's kind of astounding.

And, amazingly, the government is using this fact to argue that the new bill is a good thing because it actually "limits and restricts" activity that it secretly engaged in for years and years. Everyone feared the "new" powers in the bill. And the astounding thing is that the government is now twisting this to quietly reveal that it secretly and illegally spied on people for years.

The government finally admitted on Wednesday that the mass surveillance of British citizens began in 2001 after 9/11 and was stepped up in 2005, using powers under national security directions largely hidden in the 1984 Telecommunications Act.

It is not known if government law officers sanctioned the use of the act in this way, but it appears the intelligence and security committee responsible for parliamentary oversight was not informed, adding to the impression of a so-called deep state operating outside the scrutiny of parliament.

It seems like it took a day or two for people to realize all of this, as everyone was so focused on the "new" powers they expected to be in the bill. It took everyone by surprise to find out that the bill was more about trying to "legitimize" illegal mass surveillance that had been going on without any oversight for over a decade.

Filed Under: investigatory powers bill, ipbill, mass surveillance, snooper's charter, surveillance, uk

UK Releases Snooping Bill, Attempts To Mislead Everyone

from the and-off-we-go dept

Earlier today we reported on a story in the Telegraph, claiming that the upcoming "Investigatory Powers Bill" in the UK would mandate encryption backdoors. The full draft of the bill has been released and the UK government is prattling on about how it doesn't "ban" encryption. But note the subtle difference in language here. No one expected a ban on encryption: they expected backdoors. The bill is actually stupidly vague on this point. Here's what the explanation says about "communication service providers in the UK and overseas."

First it notes that under RIPA (the Regulation of Investigatory Powers Act), "CSPs" are already required to maintain "the ability to remove any encryption applied by the CSP to whom the notice relates." In other words, the government is already claiming mandates to backdoor encryption, and then goes on to note:

The Investigatory Powers Bill will bring together these obligations in a single, comprehensive piece of legislation. It will provide an explicit obligation on CSPs to assist in giving effect to equipment interference warrants. Only intercepting agencies will have the ability to serve such warrants, which must be authorised by the Secretary of State. The draft Bill will not impose any additional requirements in relation to encryption over and above the existing obligations in RIPA.

The draft Bill will provide for the Secretary of State to require CSPs to maintain permanent capabilities relating to the powers under the draft Bill. This will replace the current obligation to maintain a permanent interception capability and will provide a clear basis in law for CSPs to maintain infrastructure and facilities to give effect to interception and other warrants.

The new power will also require CSPs to provide wider assistance to law enforcement and the security and intelligence agencies in the interests of national security. This will replace the general power of direction under the Telecommunications Act 1984. The new power will be subject to strict safeguards that will prevent it from being used to authorise any activity for the purpose of interference with privacy, such as authorising or requiring the disclosure of communications data.

So... is that mandating backdoors? It seems pretty likely that the government will use this combination of factors to do exactly that, but claiming that such backdoors are already required under RIPA -- and thus it's not "expanding" those powers, even as it also says that the new bill requires providing "wider assistance to law enforcement" and "intelligence agencies." The explanation does note that "overseas" companies may have some exceptions, but again it's vague. First it notes that "the draft Bill places the same obligations on all companies providing services to the UK or in control of communications systems in the UK" but then the vague exception: "the draft Bill will include explicit provision to take account of any potential conflict of laws that overseas companies may face."

Right. Clears everything up.

Meanwhile the draft bill has tons of other problematic language, including requirements for data retention for your web browsing history. Also, it broadens GCHQ's ability to hack into computers around the globe, with the innocuous sounding phrase "authorisations to interfere with property." Specifically with regards to the GCHQ, the bill states:

GCHQ can 'make use of' as well as 'monitor or interfere with electromagnetic, acoustic and other emissions and any equipment producing such emissions and to obtain and provide information derived from or related to such emissions or equipment and from encrypted material'. This clarifies that GCHQ may, in the performance of its functions, make use of communications services in the manner in which it was intended they would be used. This could be used for public communications as well as for investigative purposes.

Home Secretary Theresa May's introduction to the draft claims that:

Powers to intercept communications, acquire communications data and interfere with equipment are essential to tackle child sexual exploitation, to dismantle serious crime cartels, take drugs and guns off our streets and prevent terrorist attacks.

In fact, the draft is weirdly peppered with "case studies" about gangs, criminals, exploited children and more as if to scream out "WE'RE SPYING ON YOU FOR YOUR OWN GOOD AND THE CHILDREN, SO SUBMIT." This bill is not about protecting the public. It's about giving much more surveillance and spying power to the government. It's about fearmongering to get you to give up your privacy and safety so that the government can have more powers over the general public.

Filed Under: data retention, encryption, gchq, going dark, mass surveillance, snooper's charter, surveillance, uk

UK's Snooper's Charter Includes Mandatory Backdoors For Encryption

from the crypto-wars-move-overseas dept

Remember earlier this week when we mocked the silly reports claiming that the UK government had "backed down" on its demands for a Snooper's Charter. As we noted at the time, it did not appear they were backing down at all, but pulling out a bogus publicity campaign where they decided to "ditch" some absolutely crazy ideas that never really would have been included in the first place, but still leaving in plenty of terrible ideas.

And, now we know that includes mandatory backdoors into encryption -- a stupid and dangerous policy that will directly put UK citizens at risk. While, thankfully, those pushing for crypto backdoors in the US have realized that it's a politically untenable idea, the UK's new "Investigatory Powers Bill" has gone in the other direction, and will mandate encryption backdoors and ban any encryption offerings where there is no backdoor for law enforcement.

Companies such as Apple, Google and others will no longer be able to offer encryption so advanced that even they cannot decipher it when asked to, the Daily Telegraph can disclose.

Measures in the Investigatory Powers Bill will place in law a requirement on tech firms and service providers to be able to provide unencrypted communications to the police or spy agencies if requested through a warrant.

UK Prime Minister David Cameron and Home Secretary Theresa May will undoubtedly make a big show of this over the next few months, claiming that they need this to keep the public safe, but that's a load of hogwash. Backdooring encryption does the opposite. It puts everyone at serious risk. It's a technically dangerous solution by technically clueless people. If there are backdoors in encryption you are opening up a massive attack vector for those with malicious intent -- and that doesn't even get into the question of authorities abusing such powers. This has been explained over and over again, and it appears that Cameron's government simply decided to ignore all the technical experts and go with a "but they have to!" approach.

If you recognize the long history of governments using surveillance powers for nefarious reasons this should worry you. But even if you 100% trust the government, this should worry you, because what they're asking for, on a technological basis, is to make your information significantly less safe and much more open to hackers and online criminals.

A Home Office spokesman said: “The Government is clear we need to find a way to work with industry as technology develops to ensure that, with clear oversight and a robust legal framework, the police and intelligence agencies can access the content of communications of terrorists and criminals in order to resolve police investigations and prevent criminal acts. “That means ensuring that companies themselves can access the content of communications on their networks when presented with a warrant, as many of them already do for their own business purposes, for example to target advertising. These companies’ reputations rest on their ability to protect their users’ data.”

This belief that law enforcement needs this information to do its job is hogwash. For all of history prior to this, people have had methods of communicating entirely in secret, and since the dawn of civilization it was still possible to track down criminals and conspirators through traditional detective work. This belief that the content of these communications is absolutely necessary would seem to suggest that UK law enforcement is currently terrible at doing its job. I'd like to believe that's not true.

The big tech companies may now face a pretty big fight in the UK. Over the last few years, they've increasingly ramped up their efforts to provide more real privacy solutions that can actually protect your information. The UK wants to send things back to the stone age, and that's dangerous. Hopefully, companies like Apple -- which has made a big show of pushing non-backdoored-encryption -- take a stand here and refuse to give in. And, other tech companies that haven't been quite as vocal, including Google, Facebook, Microsoft and Twitter need to speak out against this, potentially to the point of threatening to pull out of the UK if the government doesn't adjust its policy. Without such a strong threat, it seems unlikely the UK government will recognize just how much danger they're putting the public in with this proposal.

Filed Under: backdoors, david cameron, encryption, going dark, snooper's charter, theresa may, uk
Companies: apple, facebook, google

UK Gov't Pretends That It's 'Backed Down' On Snooper's Charter

from the but-it-still-looks-bad dept

Back in May, we noted that the UK government had decided to go totally Orwellian in pushing for a ridiculous "Snooper's Charter" that gave the government incredible snooping powers. David Cameron's speech in support of this contained a few incredible statements, including this: "For too long, we have been a passively tolerant society, saying to our citizens: as long as you obey the law, we will leave you alone." Message read loud and clear: tolerance is over, Big Brother is here to smack you down for anything you say or do that it doesn't like.

Now, with the details finally set to come out, it appears that UK Home Secretary Theresa May is trying to soft pedal them, claiming that the government has been "forced to backtrack" on the plan, because they agreed to remove just a few of the most ridiculous aspects of the original plan.

In a statement, senior sources said that rather than increasing intrusive surveillance, the bill would bar police and security services from accessing people’s browsing histories – a power demanded by the security services – and that “any access to internet connection records will be strictly limited and targeted”.

They also revealed that ministers had ruled out plans to restrict or ban companies from encrypting material on the internet that had alarmed privacy and technology campaigners.

In what they said was a further change, ministers would not, as they had previously suggested, demand that UK communication service providers (CSPs) should capture and store internet traffic from companies based in the United States.

These are welcome changes, but they're fairly limited. "Restricting or banning" encryption was always a non-starter. The much bigger concern is requiring backdoors. And, also, as the Intercept's Ryan Gallagher points out, the claim of not keeping web browsing data is laughable, since GCHQ already does it.

Wired UK has an article detailing many of the other expected problems with the UK's proposal, so don't fall for the claim that the government is "backing down" on surveillance. It sounds like they just realized people were going to be pissed off and decided to pretend they had "backed down" by dropping a few of the really crazy aspects of the plan, while still planning to push through the rest.

Filed Under: data retention, encryption, snooper's charter, surveillance, theresa may, uk

UK Data Retention Snooping Law Thrown Out One Year Later

from the now-let's-stop-the-repeats dept

Almost exactly a year ago, we wrote about how the UK Parliament rushed through a dangerous data retention bill, known as the Data Retention and Investigatory Powers Bill, or DRIP, with little debate. As soon as it became law, challenges were filed -- and now the UK's High Court has struck down the law. As you may also recall, the rush to pass DRIP was in response to an EU Court of Justice ruling that said widespread data retention violated privacy rules. And, rather than take the hint, the UK government used it as an excuse to try to just rewrite the rules to let them continue snooping on the public.

Not surprisingly, the current UK government (which has been looking to expand its snooping powers rather than limit them) has made it clear that it will appeal this ruling. Furthermore, the court is allowing the government until early next year to see if it can fix the law by itself:

The judges said that the first section of Dripa "does not lay down clear and precise rules providing for access to and use of communications data" and should be "disapplied".

But the judges said their order on disapplication should be suspended until after March 31 2016 "to give Parliament the opportunity to put matters right".

That's an interesting way of going about things: we see you've been violating the rights of the public for a year now, and so we'll give you another 9 months to do so and hope that during that time you'll figure out a way to maybe not violate the public's rights so much.

Filed Under: data retention, david cameron, drip, high court, privacy, snooper's charter, theresa may

David Cameron Promises To Do Away With 'Safe Spaces' On The Internet

from the treating-everyone-like-terrorists dept

Earlier this year, there were some questions raised when it appeared that UK Prime Minister David Cameron was suggesting that he wanted to undermine all encryption on the internet. Later, some suggested he was looking more at undermining end point security. However, after being re-elected, and apparently believing that this gave him the mandate to go full Orwell, Cameron is making it clear that no one should ever have any privacy from government snoops ever.

Responding to a somewhat nonsensical question about if he believed the recent attacks in Tunisia meant that the big internet companies need to "understand that their current privacy policies are completely unsustainable?" Cameron insisted that the UK always needed to be able to read communications. It is, of course, not at all clear what the privacy policies of Google, Facebook and Twitter (the three named by the questioner) have to do with the price of tea in China, let alone the attacks in Tunisia, but... alas:

"We just want to ensure that terrorists do not have a safe space in which to communicate. That is the challenge, and it is a challenge that will come in front of the House.

"We have always been able, on the authority of the home secretary, to sign a warrant and intercept a phone call, a mobile phone call or other media communications, but the question we must ask ourselves is whether, as technology develops, we are content to leave a safe space—a new means of communication—for terrorists to communicate with each other.

"My answer is no, we should not be, which means that we must look at all the new media being produced and ensure that, in every case, we are able, in extremis and on the signature of a warrant, to get to the bottom of what is going on."

Of course, he also insisted that you regular people shouldn't worry:

"Britain is not a state that is trying to search through everybody’s emails and invade their privacy..."

Except, well, it is. This whole thing seems to be based on the idea that it's blatantly obvious who is a "terrorist" and who is a good citizen of the UK. Cameron can't really be so naive as to think that "terrorists" are somehow easily differentiated from everyday people, can he? Then again, this is the same guy who once pushed for this Snooper's Charter by talking about how fictional TV crime dramas proved it would be a useful tool.

This is extremely troubling. Cameron's desire to undermine encryption is dangerous for the privacy and security of everyone, especially those in the UK that Cameron is supposed to be helping to protect, because lots of people really do need "safe spaces in which to communicate." The only way to take those away for "terrorists" is to take them away for everyone, and that means not just for the purpose of government snooping, but for others as well. Introducing backdoors breaks security and makes everyone much, much, much more vulnerable to all sorts of attacks.

And, again, this is the same guy who said:

For too long, we have been a passively tolerant society, saying to our citizens: as long as you obey the law, we will leave you alone.... This government will conclusively turn the page on this failed approach.

Does that really sound like someone who will only use such snooping powers to track down terrorists? He's blatantly admitting that he will use it against law abiding citizens, admitting that merely "obeying the law" should not leave you free from being hassled by the government.

These kinds of statements are cartoonishly evil. They're the kind of ridiculous statements one would have hoped you'd only see in late night TV fictional TV dramas, not coming from an actually elected leader of a major western power.

Filed Under: david cameron, encryption, privacy, snooper's charter, uk
Companies: facebook, google, twitter

Berners-Lee Urges Britons To Fight The Snooper's Charter, But For One UK Tech Company It's Too Late

from the doing-things-even-the-Americans-weren't dept

Tim Berners-Lee not only made the Web happen (and gave it away for free), he has continued to defend his creation and its users from various attacks. As Techdirt has reported, he's stood up for net neutrality, condemned NSA surveillance and called for a bill of rights for online users (although he's not always on the side of the angels….) Now he's added his voice to those warning about the UK's Snooper's Charter, soon to be resurrected, as The Guardian reports:

Tim Berners-Lee, the inventor of the world wide web, has urged Britons to fight the government's plans to extend the country's surveillance powers, and act as a worldwide leader for promoting good governance on the web.

Berners-Lee is probably being too optimistic about the likelihood that the UK government will suddenly come to its senses, pull back from going full Orwell, and turn into a shining example to others. After all:

"It has lost a lot of that moral high ground, when people saw that GCHQ was doing things that even the Americans weren't," Berners-Lee said. "So now I think, if Britain is going to establish a leadership situation, it's going to need to say: 'We have solid rules of privacy, which you as an individual can be assured of, and that you as a company can be assured of'."

The economic argument that online businesses need an environment in which privacy is respected, is probably one of the few that David Cameron might listen to. As Berners-Lee notes, if a tech startup can't promise potential users basic protection for their personal data, then its product is seriously hobbled before it's even launched. That means that once the Snooper's Charter is in place -- assuming there is no rebellion by freedom-loving Conservative MPs when it comes to the vote -- people will think twice about choosing the UK as the base for a new tech company. In fact, people have already started leaving because of what the Snooper's Charter will do to their businesses:

Last week, less than one quarter of the electorate in the United Kingdom voted to give the Conservatives a 12-seat majority parliament. To those of you who voted Tory, I say great job: you're the reason Ind.ie (and thus Laura, Jo, and myself) are leaving the United Kingdom.

That comes from Aral Balkan, a well-known developer in the UK, who put the Snooper's Charter as one of four key reasons why he and his team at ind.ie will be seeking another country that still values freedom and privacy. Sadly, it seems more likely that others will be decide to follow their example than that the UK government will heed Berners-Lee's warning and change direction here.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Filed Under: aral balkan, internet, internet freedom, privacy, snooper's charter, tim berners-lee, uk

UK Government Goes Full Orwell: Snooper's Charter, Encryption Backdoors, Free Speech Suppression

from the 1984-wasn't-a-manual dept

The old joke goes "George Orwell's 1984 was a warning, not a 'how to' manual." But that joke is increasingly less funny as the UK really seems to be doing everything it can to put in place Orwell's fictitious vision -- just a few decades later. Right after the election a few weeks ago, we noted the government's plan to push forward with its "extremist disruption orders" (as had been promised). The basic idea is that if the government doesn't like what you're saying, it can define your statements as "extremist" and make them criminal. Prime Minister David Cameron did his best Orwell in flat out stating that the idea was to use these to go after people who were obeying the law and then arguing that the UK needed to suppress free speech... in the name of protecting free speech. Really.

For too long, we have been a passively tolerant society, saying to our citizens: as long as you obey the law, we will leave you alone. It’s often meant we have stood neutral between different values. And that’s helped foster a narrative of extremism and grievance.

This government will conclusively turn the page on this failed approach. As the party of one nation, we will govern as one nation and bring our country together. That means actively promoting certain values.

Freedom of speech. Freedom of worship. Democracy. The rule of law. Equal rights regardless of race, gender or sexuality.

We must say to our citizens: this is what defines us as a society.

It's a fairly amazing speech where Cameron can -- within just a few sentences -- both argue for the rule of law and that obeying the rule of law should not keep you out of trouble.

Earlier this week, the Queen gave her traditional "Queen's Speech" which lays out the legislative agenda for the new Parliament, and it went quickly down the Orwellian path as well. Apparently, suppressing free speech and civil liberties will be done in the name of mandatory "social cohesion."

Measures will also be brought forward to promote social cohesion and protect people by tackling extremism. New legislation will modernise the law on communications data, improve the law on policing and criminal justice, and ban the new generation of psychoactive drugs.

That first sentence is about the extremism orders, but the second part may be even more troubling. It's the Queen making it clear that the Snooper's Charter is returning -- but even worse than before. If you don't recall, the UK government has been trying to pass this bill that would grant the government massive surveillance powers. David Cameron insists this is necessary because he's seen it work on fictional crime shows that he watches on TV (really). The last major attempt to push this through failed thanks to then Deputy Prime Minister Nick Clegg blocking it. But with Clegg out of the way following the last election, the government is going for the gold in pushing for an even broader Snooper's Charter including mandatory backdoors into encryption:

In a surprise move, the government is to introduce an investigatory powers bill far more wide-ranging than expected. The legislation will include not only the expected snooper’s charter, enabling the tracking of everyone’s web and social media use, but also moves to strengthen the security services’ warranted powers for the bulk interception of the content of communications.

Of course, as we've been discussing for quite some time now, such backdoors into encryption are monumentally stupid and counterproductive. They weaken the security and privacy of everyone. And, of course, we've already discussed how once one country demands its own backdoors, others will want them as well. And, of course, such backdoors always come back to bite everyone by opening up avenues for malicious and nefarious attacks -- no matter how often law enforcement insists that it can keep things safe. You are, by definition, opening up a vulnerability. And it will lead to less safety and security.

Filed Under: backdoors, bulk collection, david cameron, encryption, extremism disruption orders, free speech, investigatory powers, mass surveillance, queen's speech, snooper's charter, uk