WTBS

May has been trying to push this for something like 5 years. It has been rejected by the EU / European Court for Human Rights on several occassions as being illegal under EU human rights legistlation. They have toned it down twice and still couldn't get it through. Now that the Brexit is in full swing, they seem to be ignoring the EU and have pushed it through.

This was one of the main arguments I used when talking to my family in the UK about Brexit, that the EU had so far stopped this act becoming law in the UK. My family thought I was joking or off my trolley... I guess the laugh is now on them, and unfortunately the rest of you.

As I stated in the Brexit thread on a couple of occassions, this will make it next to impossible for businesses in the UK to do business with mainland Europe, as it breaks EU data protection laws (RIPA goes much further than just the real time surverillance part) and thus the businesses won't be able to guarantee that the data will processed and stored in a way that is compliant with EU law. The UK would need to create something like the US Privacy Shield in order for UK businesses to continue doing business here (they wouldn't, for example, be able to store any customer or personally identifiable data on their systems in UK jurisdiction).

And if that goes through, you can say goodbye to online banking and online purchases, as the ISP will have to do a legally mandated man in the middle attack on their customers, thus making all online transactions insecure. It would destroy the UK finance industry.

Big-D please understand the facts regardless of any EU rules, regulations, laws (relating to the EU) whatsoever or of any kind, we will not have a deal with the EU. the EU will have to ask us to trade not the other way around.

the UK is in the driving seat not the EU and the EU can demand, jump, scream and shout as much as they like. we win ...

How can they possibly remove encryption of the content?

They act as a man in the middle. Instead of creating a secure connection with, say, Amazon, the proxy server at the ISP intercepts the request, gives you a fake certificate, claiming to be Amazon and makes the secure connection itself, All traffic passing backwards and forwards between you and the site you want to communicate with is then captured in clear text by the ISP and can be stored or passed on to whoever.

This is common practice in larger businesses. The anti-virus software and border protection systems cannot check for malware if the connection is encrypted, so the border of the network has a proxy that does exactly this. Therefore, if you send email, shop or bank from work, the company can look into everything you do. In the future the ISP will do this as well. Home Internet Security products also do this.

Another problem is, these systems are often not current and have security holes, which mean that your connection is even less secure and hackers can listen to the traffic, because the proxies often use older, insecure encryption technologies.

Security companies have received a lot of bad press over the last couple of years, because they make the connections weaker and make big problems.

Some services, like WhatsApp, Signal etc. would not be affected by this, because the client encrypts the message and the recipient decrypts it, but the data is currently sent in encrypted form. Even if the ISP can remove the encryption on the stream, the message itself is still encrypted. The government will try and force the services which are available in the UK to remove this protection. That either means no more WhatsApp and co. or the apps are no longer secure.

Give what a small percentage of EU trade goes through the UK, compared to, say the USA, I think you are dellusional. If they can force the USA and Canada, as well as other countries, to comply with EU data protection laws for any data on/from EU citizens and entities, I don't see how the UK will get around it.

The UK makes a small fraction of the EUs trade, compared to the rest of the world, and much of what the UK provides is also available in Europe - for financial services, you can easily go to Frankfurt and other cities across Europe, where international financial organisations are located. The UK is not self-sufficient and what it does offer, is available elsewhere. The UK has a weak bargaining position.

when we leave the EU without any deal, trading only under WTO, there will not be any bargaining position available. we win.

also please note. this is no longer in the UK a battle about remain or leave (that will be put to bed at the GE) this is now a mindset between the UK and EU ...

So what if you use a VPN? How could they intercept it at the ISP if the data between your PC and the VPN server is encrypted.
Surely that man in the middle attack would fail?
Also, if it's that easy to fake a certificate, how come every cybercriminal in the world isn't doing it?

Bloody difficult woman? Staggeringly arrogant, thick bitch would be more like it.

VPN should work, although that would probably raise a red flag and have plod breaking your door down in the early hours...

The certificates that the AV companies use for their devices are released by a qualified certificate authority (this is one of the reasons why Symantec is in such deep do-do at the moment with Google and Mozilla, they have issued certificates without checking the authenticity of the applicant, for extended validation certificates, and they were also caught issuing root certificates to AV companies, which allows them to issue "valid" certificates from their border protection devices.

The AV software for PCs and smartphones gets around it by adding their self-signed certificate to the trusted certificate store of the device, thus they can issue "valid" certificates on the fly for every site you visit.

This has caused a lot of commotion in the security industry over the last 3 years, as this is a VERY bad practice and opens the user up to attack - one of the major players had their self-signed certificate exposed a couple of years ago, which did lead to malware using the certificate to allow them to perform phishing attacks on PCs running that AV software.

The talk in the USA at the moment is, that ISPs could, now that they are allowed to data mine their customers, force their customers to install the ISPs root certificate, so that they can listen in on all traffic.