The government will call on BT and other big communications firms to monitor small ISPs' customers and keep private information on them under European data retention rules, the Home Office has revealed. Officals fear the cost of paying every small ISP to retain every customers' communications data. Instead, they will fund BT and …
This clears things up
So thats why UK.gov isnt too keen to do anything about Phorm.
A) It sounds pretty much like what they want to do, so it suits them fine.
B) BT bears the cost, not UK.gov.
C) UK.gov needs a big favour from BT (ie getting BT to do the dirty work in data collection), so it becomes a "you scratch my back, I scratch yours" situation.
Use a proxy/VPN with encryption and an endpoint outside the UK.
Absolutely no reason not to any more.
Does this mean that BT will be able to forward non-customer's data to Phorm?
"requires every ISP to retain IP addresses and session data for a minimum of six months"
Session Data eh? I wonder what that could contain.
I suppose it's all in the name of "the war against terror". What is the point, it's not difficult to use other communication methods that are completely anonymous. I can only see it helping convict terrorists AFTER whatever "act of terror" has happened.
That is bullshit, this system is about providing big companies (such as Viacom) with the evidence to prosecute file sharers. In the future it will be there as a massive deterrent to anyone thinking of looking at / reading / *insert on-line activity here* on the internet that the government's thought police don't want you doing.....becuase if you do, then "they" will know......and they will.
See the game?
The small ISPs are required to keep their customer data private, even from BT. The game here is to make a proxy contractor to collect that data that they cannot disclose except in response to a legal process.
Once you have a proxy contractor, it comes down to *who* it is, not *whether* they should have that data at all. So Jacqui can then say, well, we already receive the data from BT to a server run by EDS (or similar large contractor), so why not move all that data all the time to this *other* server. After all it's still not in our hands, it's in private contractor hands.... so we haven't strictly broken the Data Retention Directive, and if anyone has it's the customers ISP.
Except really they're just moving it to an agent that has no contract with the consumer and no liability if they hand over data to UK.GOV fishing expeditions.
So the customer will have no recourse, if, for example, they were Boris Johnson and Keith Vaz examined their telephone logs to see if he could pin some false accusation against them, they would not be able to sue BT because BT has the data under a contract with their telecoms company and it's the original contract that broke their right to privacy, not the subsequent release of private telephone logs to Vaz.
sealand here we come!!
I hope you enjoyed the Internet
coz now it's 'proper fucked'.
At last it all becomes clear
THIS is Gordongrad, where everything you do and say is monitored and if they don't like what you say or do, you disappear. The "government" sees the internet, the expression of free speech and thinking contrary to their own diktats as threats to them, threats that must be suppressed.
I've heard stuff like this before. History repeating itself and all that kind of thing.
@ AC 10:14 "Use a proxy/VPN with encryption and an endpoint outside the UK." - please could you put that into non-techie speak? I'm sure that lots of people who aren't techies would like to know what this is and how it's done.
Time to start saving to leave the country...
Phorm... the truth revealed
So this is the reason .GOV hasn't cracked down on BT/Phorm, I hope the EU Commissioner is reading this.
Piracy forever.. MWHAHAHAHA!
(Disclaimer: In no way do I condone the unauthorised copying of copyright material)... MWHAHAHAHA!
Are they forgetting something?
HM.gov(tm) flogged off BT some time back, do they think that BT are still some sort of Whitehall run outfit they can tap in to whenever they fancy?
BT have told HM.gov to bugger off before and with the recent huge losses with BT finally closing down Global I doubt if BT will want to be made official snoopers unless we (that's us 'stake holders') cough up a huge wedge.
Another chocolate teapot
Retaining all this data will be just like keep all the CCTV recordings - useless until after the event.
I thought it was all about crime PREVENTION. If our guvmint dealt with the social issues that lead to the actions by the murdering fuckpigs then maybe we could live in peace.
Just my two bobs worth (yeah, I remember them).
I'm a small ISP ..
But how small is small? I maintain a small number of servers for myself and my customers, and I resell a wholesale ADSL service - I do this for VoIP and email (and web) use. My customers themselves are (eg) web design companys, etc. and these servers handle the websites, email and phone calls for the end-users.. I've got a few 1000 email accounts spread over all my servers - for individuals and small businesses, but as yet, I've not been contacted by anyone - or do I need to be pro-active and contact uk.gov myself?
It's not that clear to me, at all.
As for keeping logs - I already do - for a week, but keeping 6-12 months worth online?
As for getting BT to do it - not happy about it, but then BT would need to employ "deep packet inspection" to track each ADSL connection, assuming people connect in via ADSL, and then do the same on each leased line that my customers data goes over. (And what about leased lines from Virgin, and the other independent fibre providers?) My own email is handled by my own office server - as is many of the small companies I helped setup. Who keeps the logs for that?
It's a complete nightmare. Bonkers, etc. We're not sleepwalking into a surveillance society, we're heading into it at a full-on sprint, and who's going to suffer? uk.consumer, and uk.small-business, that's who.
Heard this before?
Isn't this what the stazi did?
Cab we have a "black helecopter overhead" icon please - in the distance is a long lost age of freedom in communist britain now
sleepwalking into a surveillance society
It's time we woke up from this trance!
It seems to me we do have some forces of our own. BitTorrent, VPN, SSH, TOR, PGP.
The government is propsing to spend vast sums of money monitoring who comunicates with who. Even pubs are being closed, in favour of clubs where your attendance is logged.
In typical UK government style they will get the businesses to do the spying and enforcement. (Is that what fascist means?)
Burglar alarms are linked back to the alarm company and contracted in by your insurace. CCTV is going the same way, the technology is available and I know businesses offering this service. How long before the government passes a law that says firms operating such systems must link with the government system?
The components of T.I.A (the Total Information Awareness spy network) are being connected, just as networks became the Internet.
The article sights the 7/7 bombings for the reason why we need this extra monitoring. The cameras on the bus and the trains were actually broken that day. Watch 7/7 Ripple Effect to see that the 7th July 2005 bombings were a done by a private security firm working for the government. The suicide bombers actually had alibis.
'@ AC 10:14 "Use a proxy/VPN with encryption and an endpoint outside the UK." - please could you put that into non-techie speak?'
My thoughts exactly (using an encrypted VPN that is). Having an endpoint outside the UK involves renting a virtual private server in a country whose laws and enforcement you have reason to trust more than the UK. VPN means virtual private network. This tunnels your internet connection using strong cryptography. Those monitoring the connection just see scrambled packets between your home and the virtual server. Those you interact with using the Internet see all your connections as if these originate from or terminate at your virtual server as opposed to your home address.
Cost of a VPS: about £15/month, cost of OpenVPN: free
As you need an interpreter, you'll probably also need to hire a Linux consultant to set this all up and manage/support it for you. Ask at your local Linux user group or a LUG local to the endpoint server in country of your choice.
This spying thing is getting out of control. At least you can order an internet connection under a false name. The only name is with my card that I pay it with, and that's not even my card. The house that the connection is in has 4 tenancies in it.
Eat that, BT.
All at Sixes and Sevens ..... ie they haven't got a clue and that makes them vulnerable, Mr C.
"B) BT bears the cost, not UK.gov.
C) UK.gov needs a big favour from BT (ie getting BT to do the dirty work in data collection), so it becomes a "you scratch my back, I scratch yours" situation." ... By Jonathan Posted Monday 16th February 2009 10:04 GMT
If BT are Smart, they can groom Government to do as they wish, should they discover through the Internet Service which they provide, Metadata Analysts more able at Controlling Information and Communications than any in the Labour/Conservative/Liberal Democrat gangs/cabals ...... for that is really all they are.
A Point of Fact which was confirmed by Tessa Jowell who Passion for the Olympics and its wonderful 2012 delivery [Tessa Jowell MP – Minister for the Olympics and Paymaster General] is only a passion if Labour are not kicked out of offfice in the next General Election.....
0545 minutes into this interview ... http://link.brightcove.com/services/player/bcpid1529573111 ... with Channel 4's, Krishnan Guru-Murthy
I'm having a hard time with this.
Not the proposal, you understand, more the reaction. How did any of you not expect this? It's been coming since Smith, Hoon and Burnham discovered t'Internet (about 18 months ago when the three of them were shocked to realise that it wasn't just Farcebook and Youtube vids of happy-slappings after Blears showed them a critical-of-Nu-Labour blog) and said to themselves "A huge number of proles in immediate, unmonitored and uncontrolled contact with one another is not the party's idea of a good idea."
One wonders how BT is going to decrypt the TLS connections between SMTP servers, though, even if Bruce Schneier does know Bob and Alice's shared secret and sees a pseudo-random stream as plaintext (if you haven't read the Schneier facts , shame on you). I'm yet to see a well set up mail server without TLS. That's not even starting on things like Skype, where there's more encrypted supernodes than one can shake a stick at and nobody monitoring that mess knows which packet originated from where. Still, not my job to point out the deficiencies of this idea. Let them make their own mistakes, says I.
Proceed. Because they will. The Internet, 1983 (the migration of ARPANET to IPv4) to 2009, R.I.P. I'm stunned and amazed that the free Internet survived for almost sixteen years past the eternal September.
@Watch 7/7 Ripple Effect...
People like you are part of the problem. Dribble like this makes everyone concerned with the destruction of our privacy and rights look like a paranoid loon.
You want to help? Then STFU.
Didn't you see the news at the weekend that .gov.uk is thinking of renationalising BT because (allegedly) its pension fund was guaranteed by the taxpayer as a privatisation sweetner and now has a huge black hole. The claim is that it would be "cheaper" to renationalise BT than bail out the pension fund. Yeah, right!
Blair said they ALREADY RECORDED the data
Remember when EU data retention directive was discussed and Blair's main argument was that this data is mostly already recorded, so it's no more or less than already happens and therefore is not more of a privacy violation.
Now that it comes to be implemented, they have billions in contracts to implement it, agreements with BT to collect the data for smaller ISPs, and other major infrastructure works, but none of this would have been necessary if what Blair had said had been true.
Who would have thought he was lying?
Creeping Towards Total Information Awareness
I've come to one conclusion having read all there is to read in the media & on the internet about things like data-sharing, Phorm, the Interception Modernisation Plan, ID cards, ant-terror laws, etc: nothing less than the total tracking from birth to death of every person in this (& probably every other) country. Everything will be open to scrutiny: medical records, financial transactions, purchases, internet browsing, reading material, private conversations, the lot. It will all be done automatically, with only those deemed 'suspicious' investigated by people. Stalinism will be a walk in the park.
Have you any idea how many more questions this is going to generate at my place of work?
Thumbs down, as I wanted an easy life. BT are just a pain in my ......
Connect through Sweden... https://www.relakks.com/?cid=gb
Used it a while back and it worked, turns out it's still around. Obviously your traffic is being squeezed through a much smaller pipe, so you don't anything like full broadband speed.
If this bonkers legislation goes ahead I can see loads VPN services like this popping up.
The cost of the deep packet inspection routers and storage arrays will be mind-boggling and who will have to pay? Oh yeah, you and I.
Welcome to the "I Can't Believe It's Not The... Democratic Peoples Republic of Great Britain & Northern Ireland"
Session data includes
Reading from part 3:
" 12.—(1) In the case of internet telephony, the user ID or telephone number of the intended
recipient of the call.
(2) In the case of internet email or internet telephony, the name and address of the subscriber or
registered user and the user ID of the intended recipient of the communication. "
So, err, just use Skype (or other encrypted transport such as a SSH tunnel) to defeat it. Madness. Couldn't the money be better spend *not* screwing us over ?
tried to warn you
yes, last week i posted a comment on a phorm story that posed this very question.. being that BT own most of the physical infrastructure, they can 'apply' phorm to any and all communications.
however, it was not deemed a suitable comment by el reg mods and/or their overlords. (surprise surprise)..
and now what do we see happening? the very thing i suspect would and tried to warn you of.
Apology re: "All at Sixes and Sevens ...... "
Ooops. Sorry. That link should have been ....... http://link.brightcove.com/services/player/bcpid1184614595?bctid=12797414001
I can only see it helping convict terrorists AFTER whatever "act of terror" has happened.
I'm not sure it's possible to convict BEFORE the act has occured. You can't reasonably convict someone for thinking of doing something..
Requirements for democracy
(c) freedom of speech.
i.e. the secret ballot.
The original Internet promised these things.
Governments have realised that the Internet could make governments themselves obsolete. Hence, an all out war against (a,b,c), so draw your own conclusion
Other course, its all in the name of "The War On Terror" isn't it?
Use cryptography as far as possible. Mathematics cannot be threatened or bribed.
@ Ben Bradley
'Connect through Sweden... https://www.relakks.com/?cid=gb'
Sweden's government is currently proposing to monitor all cross-border traffic, so that might not work for much longer. However, unlike the UK, the Swedish public have been outraged by the prospect of being snooped on, the government has been hit hard, a senior intelligence official has stood down in protest, and they've even upset their neighbours in Norway.
Over here, business as usual amongst the public - Jaaaade, Posh, Becks, Corrie...
People Power .....Use IT
Come on all you useless plonkers modelling ermine and pearls, get your act together. And how very jolly for HM to have a shiny new web site.
Pssst, Lizzie ..... shades of Nero fiddling while Rome burns, m'dear. Time for a Spring Clean of Advisors/Sycophants, methinks ....... and some Better Beta Action from HMGCC. The Real and Present Danger in doing Nothing is that you become Irrelevant and that does not bode well for the Future Wellbeing of the Franchise/Institution/Constitution.
And this is most appropriate, as it sums everything up in a rather nice fashion ...... http://www.youtube.com/watch?v=dib2-HBsF08
Power Flowers in ITs People. Don't get Mad, get SMART.
And for AIRight Royal dDessert, ...... http://www.youtube.com/watch?v=MTN3s2iVKKI&feature=related
well looks like thats it for teh intermagical tinterwebs.
any word on this challenge from "small countries" being relaunched?
there would be no problem with this (as far as I am concerned) if the people who ended up with the information concerned were infallible, credible and insurmountable, and of course it had been put to a public vote prior to even being planned.
But its the fucking government. Tossers.
They do not have the right to do this, and they know it.
The government are *servants* of the people, not our masters. They cannot be trusted with ANY information, as it has been shown time and time again (just scroogle* for "laptop left on a train"), and even though they keep losing it, like a bunch of alcoholics they try every trick their manipulative little minds can think of to get more of what they *think* they need.
The people should be spying on their government, maybe then they would get away with less.
as others have suggested, i think its time to get myself a vps.... or would that just say to them
"look at me, i have something to hide, break my encryption pretty please"?
* if you are concerned with your privacy on the web, http://www.scroogle.org instead of google. google record stuff aswell as your ISP you know.
Re: Use a proxy/VPN with encryption and an endpoint outside the UK.
Why place it outside the UK? The point is that the data should be inaccessible to anyone you don't have a contract with, so is there any reason why small ISPs couldn't set up anonymisation for their own customers? The spooks at BT would then see that all internet traffic in the UK came from a few dozen "users" and if they wanted to know more they'd have to get a bleedin' warrant.
Would this work? Is it a service that people would pay for?
@ AC 10:45 GMT
"I hope the EU Commissioner is reading this."
Make no mistake, the EU has its own agenda for establishing a network of Gauleiters.
Presumably there is something of a squabble going on as to who should have what sort of control over this data, between UK government departments, the UK police forces, departments of the EU, Europol, and various defence spook agencies.
With data farms being touted at £12 billon a pop, and with interdepartmental rivalries plus some genuine security concerns, it can't be that easy to find a working solution, let alone one that will be acceptable to the public as the impact of what is planned becomes more widely appreciated.
Sadly the apparent loophole, where ISPs with less than 10,000 subscribers were not required to store traffic data, seems to have been closed. Maybe, in cities at least, we will see local area wireless co-operative networks being set up. Maybe.
@ Elmer Phud
The correct word to describe the system evolving in the UK is "fascist". The boundaries between government and non-government become increasingly blurred until you end up with a monolithic power structure responsible to not much of anyone at all.
The British government's love of quangos is part and parcel of this evolution as it erodes the principle of ministerial responsibility.
If this evolution is to be reversed, an important part of the process will be to re-incorporate all quangos into the formal structures of government, or else hive them off into the private sector: no more fence-straddling.
I thought all ISP had to do if for free
I thought the UK government required all ISP to provide means for the security service to monitor all ISP traffic at the ISP's expense, why do they need to do it again?
So no Content is Recorded?
If none of the content of an e-mail is recorded, what is the point? (And no thats not a suggestion for a better system)
If Achmed (love that vid!) decides to blow up some building, and the after effect is a query on the database, what happens next? Interviews with people Achmed contacted sometime before his death? What if Achmed was previously a spammer? If he's sent me an e-mail trying to sell me something to 'make her love you' will I get interviewed for more information on Achmeds plan? If that's the case, then I'm likely to seem very suspicious as the e-mail probably got junked as spam, so I won't even know I received the e-mail in the first place!
Similarly what if you run a restaurant of some sort? Perhaps Achmed fancied a pizza? Would you remember him? Are you likely to know _Any_ details of his life? Are they likely to assume you might be lying (I doubt a terrorist is going to say - OK you got me)
Without content, the systems useless, with content its a major privacy issue (like far bigger than it is now!)
AC because they already know who I am
Paris because I'd like to dig through her content
The draft says nothing
Is it just me or does that draft bit of legislation make no real sense at all. It doesn't tell me what they want to retain at all.
It says they need to keep track of who has which IP address, whoopy do, in my case "whois" has done this for donkey's years.
It say that if I use IP telephony they must log the phone number I call. Well I thought the Germans were already trying to put spy software onto people's PCs to keep track of what Skype was doing coz they couldn't make any sense of it, it's a P2P encrypted network.
It doesn't seem to say anything about web access
For email they want to log who emails are sent too. Of course once the Government know this I should be able to sue to Police for not taking out SPAM drones. They should easily be able to spot them amongst the data so if they don't stamp out UK sourced stuff they must be complicit with it and I must be able to sue Waki's arse off.
Of course I can also use encrypted email connections and then the recipient won't be in plain text, just the MX host that was connected to. I'm sure the crims will some find a few obliging open relays to bounce this stuff off.
Of course most people don't really use the email protocols, they have an https connection to their chosen email provider who offers all sorts of web connections not just email. They then send email to their mates who also access their email via another https connection. So unless the ISP who provides the email service (not BT and probably not in the UK - far too expensive!) gives them the data how are they going to know?
If this means that BT are to use deep packet inspection of all the traffic that goes over their bits of string on the way to my ISP, I'll be suggesating to my ISP that they start to offer an encrypted service. It would be a piece of piss to have the link from home to the ISP make use of IPSec. Of course it would add to the cost as the ISP would need a lot more processing power but it would be a premium service beyond the eyes of the Phorm and other theives of data (I trust my ISP a lot more than them).
As with all this sort of legislation it will not protect anyone from a well organised terrorist gang, it will just mean that the fool hardy will loose the right to a private life. The people you really want to keep an eye on will just hide their traffic. They will generate tons of perfectly innocuous traffic and then use anonymous or stolen SIMs as end points to send encrypted connection out of the security services reach.
Sweden is also the country which tried to send a publisher to prison for publishing a graphic novel of the bible without removing all the rape, murder and other squicky things that make Christianity great.
I'd rather a VPN somewhere censorship- and snoop-unfriendly.
Not willing to support this
I would stop buying online if this goes ahead, would not click on any advert would look for ways to block them. might even decide to stop using the internet.
I will vpn into my webhosting and surf from that.
Do NOT take this lying down UK citizens
If BT agree to do this I would advise all Internet users to immediately cancel their phone lines with them and move to an LLU provider if you can, or cable. That assumes only BT take it on as the sugegstion is all big network carriers would likely have to commit to it and funded by the governement in part (That meanns you and I as tax payers will be hit with it).
I know not everyone can just cancel their communication services but it would be sufficiently damaging to BT and others who can if sufficient volumes of people do so.
I'm so incensed at this that I'll vote for the first time in my life to get the labour government out and in fact will vote for the blah party as none of the others are capable of running this country in nothing less than a nanny state condition.
I work in the Telecoms industry and have done for years now but if this goes through I will remove my internet access, mobile phone and landline phone services and not pay any of them a penny more. In fact the only way they'll eaves drop on what I'm doing is if they send the man in the van with his dark glasses and big jug ears to follow me.
Every person in the UK and Europe should be totally outraged at this invasion of our civil liberties it's disgraceful and we should not stand for it any longer.
Constructive action is needed nothing more and what better than to hit them where it hurts the most - In their pockets.
You should not accept this under their bullshit of anti terroism or whatever line they feed you - Your no less at risk today than you were from the IRA in the 70's but boy wouldn't they like to worry you into thinking you were.
Don't stand for it! I'm not.
Fortunately managed to escape from America's "unsinkable aircraft carrier".
Seems to me that "unsinkable" is a relative term. Sinking into the sea would be unfortunate, but not nearly so bad as sinking into the depths of moral depravity that NULab seems determined to plunge the country into.
There's a copy of Fowler in the pocket, and I know I shouldn't have ended a sentence with a preposition - but who cares any more?
Small ISP vs BT
I run a micro-ISP, and I'm keen to know exactly where the f**k BT actually come unto the picture. I supply co-location space and internet connectivity to a number of customers, and none of this goes anywhere near BT's infrastructure. So WTF?
I've also heard nothing about what exactly I am supposed to log about who? I don't (yet) supply ADSL and all my client connections are static IPs. I'm not even sure yet if I DO have to log anything. I've heard talk of some EU legislation, which means I'm probably in violation of that, but how the hell do I find out what it is?