Under the UK's new Snoopers Charter (AKA the Investigatory Powers Bill), the Secretary of State will be able to order companies to introduce security vulnerabilities into their software ("backdoors") and then bind those companies over to perpetual secrecy on the matter, with punishments of up to a year in prison for speaking out, even in court.
The gag orders don't stop there. The Snoopers Charter also lets the government silence people it conscripts to help it with interception, hacking, bulk data collection and data-retention.
University College London security and privacy engineering associate professor George Danezis has published an excellent analysis of the Bill, and he makes the point that this is "the last policy discussion about surveillance before the mass gagging."
As Danezis explains, this bit would be particularly problematic: "This goes way beyond protecting specific operation, since the acquisition is performed in bulk, and cannot betray any specifics. The secrecy order protects the capability to access in bulk certain categories of communication data, which in effect means shielding it from any proper scrutiny as related to its necessity, or appropriateness in the future, or any debate on that matter."
The dismal picture painted above could just be tip of the iceberg, too. The draft Investigatory Powers Bill forbids anyone involved in interception from ever disclosing that fact, including during court proceedings (section 42). As Danezis writes: "Note that this section is absolute: it does not have exceptions, for example in relation to the public interest: such as the ability to discuss the benefit or downsides of part interception activities; no exception for talking about this to MPs, or other democratic representatives; or even to exculpate anyone who otherwise would be wrongfully found guilty."
Snooper’s Charter: UK gov’t can demand backdoors, give prison sentences for disclosing them [Glyn Moody/Ars Technica]
(Image: Memorandum of Understanding on transnational crime,
Foreign and Commonwealth, CC-BY)