[Warp__]

Gov't can easily MITM HTTPS connections.

[redcalx]

True. Anyone know if this new IP law allows the gov to do this? I.e. if they tried to prosecute and it came to light that the logs were obtained using a MITM attack, would the evidence be nullified?

[tehmaco]

It would probably come under the "Equipment Interference" section, which legalises hacking of devices.

[Warp__]

I don't know.

I imagine that MITM on a large scale is par for the course for GCHQ.

[redcalx]

Sure, but can data obtained by that be used in a court of law. I /think/ those are two different things (but not sure).

[martin-adams]

I did not know this. How do they do that?

[Warp__]

http://security.stackexchange.com/questions/143387/is-there-...

That's pretty clear. It does depend of what level/technology is used in the Encryption, but broadly, against nation state actors with full virtual and physical hardware access, you are to put it bluntly, stuffed.

[herge]

To anyone reading this, the link says: "It is unclear whether such rules would apply to companies which don't operate directly in the UK", so it is literally not pretty clear.

[Warp__]

The _legality_ isn't clear. The technical methodology is quite clear.