Discussing UK law. Links: swarb.co.uk | law-index | Acts | Members Image galleries

Running a blog over HTTPS is an act of terrorism?

The law relating to media, internet, telecomms etc

Running a blog over HTTPS is an act of terrorism?

Postby 3.14 » Mon Oct 10, 2016 8:03 pm

Hide in the noise. #hackerwisdom
User avatar
3.14
 
Posts: 2104
Joined: Thu Nov 01, 2012 2:58 pm

Re: Running a blog over HTTPS is an act of terrorism?

Postby dls » Tue Oct 11, 2016 5:05 am

Sorry but the story is rubbish if the principal suggestion is that it is the use of https which is suspicious.

IEncryption has always been quasi military. Until the late 90s its export required a DOT license as dual-use military technology.
David Swarbrick (Admin) dswarb@gmail.com - 0795 457 9992
User avatar
dls
Site Admin
 
Posts: 12085
Joined: Thu Nov 01, 2012 1:35 pm
Location: Brighouse, West Yorkshire

Re: Running a blog over HTTPS is an act of terrorism?

Postby diy » Tue Oct 11, 2016 9:59 am

The first link has mal ware on it and is spoofing its security credentials.. I wouldn't click it.
My suggestions are not legal advice
User avatar
diy
 
Posts: 2530
Joined: Fri Nov 02, 2012 10:06 pm

Running a blog over HTTPS is an act of terrorism?

Postby 3.14 » Tue Oct 11, 2016 1:09 pm

diy wrote:The first link has mal ware on it and is spoofing its security credentials.. I wouldn't click it.
It does nothing to my machine. Are you sure? Anyway, here is the story on it.


In the UK, running a blog over HTTPS is an act of terrorism, says Scotland Yard

In a bizarre case, Scotland Yard is accusing a person for six separate acts of preparing terrorism. Those six acts include researching encryption, developing an “encrypted version” of his blog, and instructing others how to use encryption.

This is one of those cases where you do a double take. As reported by Ars Technica, UK’s Scotland Yard is charging a Cardiff person with preparing for terrorism – but the list of charges shows activities we associate with very ordinary precautionary privacy measures. “Developing an encrypted version of a blog” can be read as, and probably means, publishing it over HTTPS – such as this blog and many others, simply because it’s considered best practice.

He was also charged with having a flash drive in a cufflink with a bootable operating system, presumably Tails. Using open and free operating systems with the capacity for general-purpose encryption is now an act of terrorism?

UPDATE: Scotland Yard describes the case here in much more detail. The two charges discussed here are items 3 and 5:

Count 3: Preparation for terrorism. Between 31 December 2015 and 22 September 2016 [name redacted], with the intention of assisting another or others to commit acts of terrorism, engaged in conduct in preparation for giving effect to his intention namely, by researching an encryption programme, developing an encrypted version of his blog site and publishing the instructions around the use of programme on his blog site. Contrary to section 5 Terrorism Act 2006.

Count 5: On or before 22 September 2016 [name redacted] had in his possession an article namely one Universal Serial Bus (USB) cufflink that had an operating system loaded on to it for a purpose connected with the commission, preparation or instigation of terrorism, contrary to section 57 Terrorism Act 2000.

While this adds significant nuance to the Ars article above, the primary point still stands as to count three: the criminal act was researching encryption, developing an encrypted version of a blog site (which describes publishing over HTTPS and a few other things), and teaching encryption. The intent of this criminal act was to aid and assist terrorism, but the criminal act was still researching, deploying, and teaching cryptography. This is a hugely important nuance – quoting a comment from user Withabeard on Reddit:

He hasn’t been charged for helping terrorists.

He has been charged for having an encrypted blog. The reason authorities have chosen to charge him, is because that blog may contain material that helps terrorists. The distinction is small, but it has a massive impact on how we apply laws in the UK.

Helping other people conduce killing of other humans is already illegal in the UK, so that is what he should be charged with if there is evidence he did it.

But he has literally been charged with “instruction or training in the use of encryption programmes”.

It shouldn’t matter what the encryption was going to be used for, no-one should ever be charged with doing that.

Three things are noteworthy in this bizarre case, in terms of predictions coming true.

The first is that four years ago, I predicted that the UK won’t just jail you for encryption, but for carrying astronomical noise, too. It’s already a crime to not give up keys to an encrypted document in the UK (effectively making encryption illegal), but it’s worse than that – it’s a five-years-in-prison offense to not give up the keys to something that appears encrypted to law enforcement, but may not actually be. In other words, carrying astronomical noise is a jailable offense, because it is indistinguishable from something encrypted, unless you can pull the documents the police claim are hidden in the radio noise from a magic hat. This case takes the UK significantly closer to such a reality, with charging a person for terrorism (!) merely for following privacy best practices.

The second observation is that in the cat-and-mouse game between surveillance and encryption, there will come a point where authorities start mistaking a right to attempt breaking into somebody’s privacy with a right to succeed with breaking into somebody’s privacy. Such a right has never existed, of course: even if law enforcement gets a search warrant for a house, including a right to attempt breaking a safe, there is never a right to succeed breaking into a safe, or a right to magically find what they think is there.

The third observation is the bizarre charge of “researching encryption” and “instructing others in how to use encryption”. According to Scotland Yard, learning and teaching mathematics is apparently terrorism. This would affect lots of efforts – for example, EFF’s HTTPS Everywhere and Linux Foundation’s Let’s Encrypt. Possibly even all the Linux repositories, as they contain lots of encryption and instruct others in setting it up.

This is a case that needs to be closely watched and Scotland Yard, being beyond dumb and outright dangerous to society, needs more than a slap on the wrist here.

Privacy remains your own responsibility.


Rick Falkvinge
ABOUT RICK FALKVINGE
Rick is Head of Privacy at Private Internet Access. He is also the founder of the first Pirate Party and is a political evangelist, traveling around Europe and the world to talk and write about ideas of a sensible information policy. Additionally, he has a tech entrepreneur background and loves good whisky and fast motorcycles.
Hide in the noise. #hackerwisdom
User avatar
3.14
 
Posts: 2104
Joined: Thu Nov 01, 2012 2:58 pm

Re: Running a blog over HTTPS is an act of terrorism?

Postby diy » Thu Oct 13, 2016 8:27 am

I guess researching fertilizer would also be an act of terrorism if it could be proved that I had the intent to turn it in to some sort of bomb.

In any case nothing in that pot would protect his viewers, they could be tracked in an instant.
My suggestions are not legal advice
User avatar
diy
 
Posts: 2530
Joined: Fri Nov 02, 2012 10:06 pm


Return to Media

Who is online

Users browsing this forum: No registered users and 2 guests