My first reaction to this was that VPN usage will explode, but I'm not sure how a VPN server hosted in another country would work with their desire to effectively ban encryption.
I feel like the UK is slowly goose stepping its way to a Chinese style firewall.
Given the right's obsession with what I'm ordering on Amazon, and the left being essentially unelectable right now, I'm not really sure where to put my vote at the next election.
The problem with these systems is regardless of the efficacy, they are incredibly difficult to dismantle and easy to re-purpose with the stroke of a pen.
And these "tech-savvy" people are dreaming if they think that access to VPN services from the UK will remain legal in the UK, esp. after a naughty person or two is shown to have used one to commission a crime. It won't happen quickly, but #include frog_boiling.h.
Something is very rotten if we came to the point where one can not express speech freely in countries like UK. If that is the case VPNs are going to be a giant market.
I wouldn't sign up for a VPN based out of the UK. Frankly, May scares the shit out of me - her ideas about regulating communications comes across as more than slightly fascist.*
* My head of state is He-Who-Must-Be-Impeached; so I'm getting more familiar with fascism on a day-to-day basis. (I won't even use an email provider located in the US due to the way the government over here behaves).
VPNs are still legal, but may be monitored, maybe with help of the long arm of the US.
Cameron has a warped idea of "democracy" if he thinks this is compatible with it. Citizens are entitled to know the opinions of people everywhere, even the hostile or angry ones.
Not to mention the likelihood of secret blocking of more than they're telling the public. Hopefully there will be lists of what is actually blocked, from groups in countries where such investigation can be done safely.
People who cared about this in the UK; our best bet was to stay in the EU which is not nearly so extreme about it as the UK is. The current UK government is looking forwards to jettisoning the protections and human rights that were afforded us by being in the EU.
That said, the current UK government is fantastically inept. Everything they touch turns to shit, and any time BoJo says he absolutely won't do something - he'll crumble in a fortnight (see e.g. every EU negotiation, Lockdown 2.0, the feeding children fiasco, etc etc).
There are current UK ministers whose names have become bywords for incompetency and government fuckup. If the UK decided to ban encryption tomorrow, and the government put their best people on it, we'd be looking at a decade or so before they got anywhere. The EU are heading to a more moderate place, but they will get there faster by virtue of not being British; by not having to do it via the dream team of Johnson, Cummings, and whoever is in charge of screwing up everything they touch this week (Chris Grayling, the man who paid millions to a ferry company that had never owned, chartered, leased or in any other way been involved with a ferry or single ferry route, historically takes this role).
My immediate thought as well. As this law will apply to ANY service available to UK users the only feasible solution for smaller websites and app developers will be exclusion to avoid liability. So UK users will simply start using VPNs to by pass region blocks.
-A suitable VPN will make it appear that you are in a country with more enlightened censorship laws than the UK.
I can hardly see say, SwissVPN adapting the block list for customers whose traffic originates in the UK.
The upside of this whole debacle is that the UK government have finally created a strong incentive for the UK population to educate themselves on online privacy and censorship evasion; the EFF should send Theresa May a (snarky!) thank you-note.
I don't doubt that the government can make life hell for its opponents if it wants to, I just doubt that ordinary voters will allow it to get that bad. Tories have such power right now because they're taking actions (and making signals) popular with the people, whether the rest of us agree or not. I don't buy that they've so corrupted the system that it no longer matters what the voting public think, which is why I still believe this bill is not going to be implemented or enforced in a way that removes real freedoms, once the public notice.
Besides, don't plenty of despotic countries already ban VPNs around the world, to limited effect? A large, liberal country like the UK banning them would I'm sure drive improvements to VPN protocols to make them even harder for ISPs to detect.
Also, in regards to data retention - I thought the CJEU made it clear that it's against the EU Charter of Fundamental Rights. Is UK seriously pretending that never happened? It seems their strategy is "we'll just use this new law for 2 years until it gets invalidated, and then we pass a new one that we can use for another 2 years". And so on and so forth.
U.S. companies, please stop establishing headquarters in the U.K. It's on an authoritarian path as much as Russia and Turkey is (certainly under David Cameron/Conservatives, at least).
I hope this causes websites to start blocking UK users. That would cause VPNs to become more common, undermining the government's enforced logging of internet use.
Is there a possibility that this will have a positive effect of a) pushing the issue to the forefront (because it affects everyone) where it can be easily disputed in its current form; b) making services like Tor / VPNs a necessity for regular people and thus moving everyone towards a safer internet not governed by states? This has already happened with the block of thepiratebay: regular people have been pushed into a position of regularly using VPNs.
Say Cameron get this passed. Technically it is unfeasible because they can't realistically ban foreign companies from using encryption, and because some of the protocols are (for the sake of argument) unbreakable. So if you want to stay anonymous, you still can, and more people will. Furthermore, the privacy argument goes mainstream when it is WhatsApp / Google vs. the UK government, with regular people suffering immediate consequences, vs. a bunch of programmers / cypherpunks. I can't see how this would be a positive for the government in any way.
With you on the move IT / High tech out of the UK bit (also already had talks with our accountants & lawyers to relocate our company away from the UK).
One part of the "snooper's charter" is that it makes the ISPs / providers liable ("their duty") to store the content of I-Net sessions and provide access to this data for service, police & the tax office (not clear how all of these entities will share the data between each other or with the outside).
De facto this makes any end-to-end encryption or zero-knowledge services impossible to provide from the UK. If this propagates across EU / US / other countries it will bring an end to many cloud-based services & many saving governments & commercial are planning or envisioning for the next years. Wild guess estimate in damages to the UK (five years) - £100Billion + long term effects.
It seems the group of people pushing on this piece of legislation so heavily since years have not learned a bit from what is / has been happening in the UK and elsewhere for many years across industries (alternative reality: they want to create an very large income stream for themselves. This will nevertheless be most likely be short-lived at the cost of the overall UK economy / competitiveness - short- & long-term).
What has been proven over-and-over again in the UK (and certainly elsewhere as well) is that government or similar oversight is not working and is constantly abused by those given access to these means when large financial amounts / incentives are available to those who "bend" these processes / regulations / e.a. to their own benefit. At the same time those so far do not have to fear any reprisal / punishment. This is another shortcoming and clearly demonstrates that the true intentions of this legislation must be completely different from the labeling publicly provided - I'm talking about punishment along the line given to so called "hackers" in the UK / US - 10 years min. - but wait - it was the UK just recently that has removed all punishment for breaking the law 100'000s of times by some of its services (they couldn't make it legal without due process through the parliament so they just removed the punishment).
Let's have a brief look into how well "oversight" works in the UK:
- News of the World (data / access sold off by government employees)
- UK Mis-selling saga with PPI - unique case as almost £30Billion in compensations have been granted - non-working financial oversight
- Gold fixing scandal - non-working financial oversight for many years / decade
- FX fixing scandal - non-working financial oversight for many years / decade
- Bailouts / 2008 financial crisis - non-working financial oversight for many years
- NHS data leaks - no due process and proper data protection
- plenty more to add ...
... crime and abuse of the rules happens when an opportunity is provided with incentives and no reprisal.
IMHO - that is the biggest danger from all these almost limitless surveillance laws and powers provided without checks.
If May and her three Brexit stooges have their way with the UK you might rather want to provide relocation and off-shoring services ...
reply