gpg: failed to create temporary file '/var/lib/lurker/.#lk0x57f50100.hantslug.org.uk.894': Permission denied
gpg: keyblock resource '/var/lib/lurker/pubring.gpg': Permission denied
gpg: Signature made Fri Dec 14 10:02:51 2012 GMT
gpg: using DSA key 2099B64CBF15490B
gpg: Can't check signature: No public key
Hello,
On Thu, Dec 13, 2012 at 07:31:42PM +0000, Peter Collins wrote:
> Having seen how openly vocal people will be about such topics (Ubuntu
> Spy), I was wondering how many people have concerns over the
> Communications Data Bill and what they have done to vocalise the opinions?
I attended a workshop with ORG, and then had a meeting with my MP to
brief her on the matter. She seemed pretty shocked at the
ramifications, though did not follow through with any action of her
own as far as I can see. I didn't feel there was much more I could
personally do at that point.
> I have to admit I don't like the idea of it and hadn't signed any
> petitions, however, and I'm sure some of you will be aware, I just found
> this:
>
> http://epetitions.direct.gov.uk/petitions/32400
I'm not really aware of any epetition having had any useful
real-world effect. Personally I think the time would be better spent
informing your MP of your concerns. If you aren't confident in
expressing yourself, ORG will train you. They will train you to
articulate the issues in your own words, so it doesn't sound like a
cut-and-paste platform.
For me that didn't appear to have any useful real-world effect
either, but I still think it has more chance of being acted upon,
and ORG think so too.
This is quite weighty technical stuff and you can imagine most MPs'
eyes glazing over as they start to read a petition about it. MPs are
just normal people, with no particular technical interest. They need
to hear from their constituents in a sane and rational manner to
know that it is an issue that affects real people.
> Also how would this effect SSL?
Assuming you mean "affect" :-) , the Home Office has been asked how
they intend to get around the fact that SSL scuppers their plans and
that most major sites are moving to SSL-only connections. Their
answer was along the lines of, "we are confident we will still be
able to get the information we need" but they didn't go into any
details.
There are a few ways that SSL can be broken, but they all tend to be
very noticeable. It is possible that a manufacturer of SSL
Man-in-the-Middle devices (as used by enterprises and repressive
governments, as sold by big companies like Cisco and Blue Coat) has
cosied up to the Home Office and told them "yeah, we can intercept
that no problem!" without going into the details.
It basically boils down to either
- the government forcing a UK-based SSL certificate authority to
issue them a bogus root certificate, which would be noticed
and be commercial suicide for that company. Or;
- the government making it illegal to operate a browser without
their own trusted certificate in, which would be noticed and
worked around and would simultaneously make UK an
international laughing stock, cause fear and uncertainty
amongst banking institutions and other privacy-conscious
entities, etc. etc.
So, the reality of either of these is fairly unpalatable and I would
still be reasonably confident in the efficacy of SSL for some time
to come (not that there *aren't* many flaws in how SSL works, both
technically and as a business model).
Not to be complacent, but the lib dems have been real heroes on the
CDB issue and it seems like the bill may be on its last legs.
I generally find Zoe O'Connell posts on the subject to be quite
informative.
http://www.complicity.co.uk/blog/tag/interception-modernisation-programme/
On Twitter, look for stuff posted by Julian Huppert (LibDems), Tom
Watson (Labour) and Zoe as well..
Cheers,
Andy
--
http://bitfolk.com/ -- No-nonsense VPS hosting
