The trade body for ISPs has today cautiously welcomed news that the government does not plan to build a massive, centralised database of communications data, but voiced fears about the cost to its members. ISPA was responding to the Home Office's consultation on the Interception Modernisation Programme (IMP), published this …
More wasting of Public Money
"Such a system will mean providers will need to hire new staff and buy new equipment. ISPA said the government had to ensure it covered the costs with public money."
Excelolent news. This is truly a genius move by Waqui Jaqui. Find soemthing which nobody wants, that no body believes will help catch "terrorists" then throw a ridiculous amount of "public money" at it.
Since this money comes out of our taxes, its fair to say i am paying the government to watch what I do online. Wouldn't it be easier and cheaper to just tell them in, for instance, a court of law, under, say, oath?
So whilst Mr Darling is floundering around liek a beached whale about to be dynamited, trying to save money to dig us out of one of the worst financial crisies of all time, our batshit crazy hoem secratary is throwing "public money" about like it's going out of fashion.
The problem that i see is this: The term "Public Money" is going to cause the same problems you ahve with "Public Parks". Everyone has the incentive to use it too the full, but has no incentive to take good care of it.
So yeah, Save the 2Billion by not bothering with this ridiculous scheme. instead maybe use the existing one which does exactly the same thing, just needs a warrant issuing. like normal legal procedures.
Mine's thaving his public money taken out of his coat.
Paying the ISPs!!!!!
I imagine the ISPs are doing cartwheels right now. Just pass the costs onto HMG. Brilliant. This could exceed even the worst government IT project in history. Every ISP is going to need to bolster their networks to carry the extra load ;-). Honest guv. That'll be billions please. Oh, and a couple of billion more for storage. And a few billion for the deep packet inspection hardware. And a few billion for staff costs..............................................
At this rate, the banking crisis could be small fry.
Now call me cautious..
but given that we're already the thick end of a trillion in the hole, why the hell are we wasting money on this madwoman's idiocies?
A billion here, a billion there; soon we're talking *real* money.
Is this some rarely occuring leap month?
"Home Secretary Jacqui Smith ruled the idea out today, citing privacy concerns."
We seem to have two April Fools' Days this year
Virgin Media said: "As a responsible ISP, Virgin Media understands the needs of law enforcement groups, however any policy changes must not sacrifice customers' privacy."
Unless we phorm the policy changes ourselves.
I have a feeling..
That the TOR network in the UK will be pretty fast soon enough.
Virgin Media said: "As a responsible ISP, Virgin Media understands the needs of law enforcement groups, however any policy changes must not sacrifice customers' privacy."
Well tell Phorm to phuck off, then
Lib Dems Falling Short?
"The Liberal Democrats called for strong safeguards around access to the surveillance data ISPs will collect."
Is that all? That would be so disappointing if that's as far as the Lib Dems are going in opposing this Orwellian stuff. If they're going to keep falling short on civil liberties, they're going to lose my vote.
I don't know why...
Anyone cares if there is one central database or 10 smaller databases. Whatever way they choose to do it they will still have access to all of the data. Multiple databases may make it harder, or less likely, that the information will be lost. Needless to say this is merely a way of putting people's minds at ease whilst not actually doing anything about it. It is a high price to pay for the "hopeful" capture of a few criminals. How long will it be before these laws are used to check what we are spending and how and then asked "How can you afford that sir?". I had better not mention that I may have overloaded my bin to a friend on facebook or the council will be all over me like a rash.
Any idiot terrorist with even half a brain cell will just encrypt his email and send it through a third party SMTP server either via an open Wi-Fi point or using something like Tor. This system will do nothing except let the government snoop on ordinary people.
...dress as sheep, call it a sheep. Hope noone notices the claws.
It's the same f*cking thing.
So what, now instead of having a database of info at http:\\intranet.snoopingspooks.gov they have to go via a form at http:\\giveustheinfo.fromisp.net and wait a few hours for it all to be sent to them. Wow. We can all relax, everything's OK now.
What a absolute joke. If it wasn't so serious it would be hillarious. Do `they` honestly think that thinking people will believe this makes ANY difference to the end result? They are still snooping on EVERYTHING EVERY normal person does, just by proxy....
we did notice
...that the conservatives appear to think this is a good idea... - apparantly they were not concerned about the invasion of privacy - they only disliked the idea that the data would be held by government... - its ok then if the same thing is done by the private sector on behalf of government instead (as long as the taxpayer carries the cost of being treated as a criminal?).
... that for the liberal democrats it appears to be ok to invade peoples privacy as long as there are some unspecified information safety measures put in place...
... that there is no hope for people living in this country then - is there? as everyone appears to agree on the basic agenda to enhance the surveillance of the population indiscriminately as a whole...
Monitoring Homeworkers Email
I note from the article that UK Govt. expects ISPs to monitor connections to third party sites such as Facebook etc. going over their network - but I wonder about monitoring some homeworkers mail.
I work from home. All my mail goes out via my employer's mail server, not my ISP's. The mail goes over an encrypted TLS tunnel, precisely because I don't want it monitored in transit.
Obviously, the Government could petition my employer to hand over the logs of whom I've been holding conversations with, but we won't hold them for any longer than absolutely necessary.
I don't imagine I'm the only homeworker who only uses his ISP as a conduit for email transmission.
A big boost in the arm for the post office though.
My friends and I have already returned to using the royal mail for all our nefarious government toppling communications. At least they need actual people to intercept it and a warrant to look inside.
Does Jaqui really want everyone to know just how many porn sites get visited from her second home?
"...instead maybe use the existing one which does exactly the same thing, just needs a warrant issuing ..."
Except it doesn't. The hundreds of official bodies that can ask to see your comms data currently are self-authorising when they do so. IMP is to let them get more, to get it more easily as a matter of practical arrangement, and to get it in a more readily used and cross-matched form.
Were warrants and a reasonable suspicion based on evidence presented to an independent judge required, then most of the objections of civil libertarians would go away.
Almost a tad scarier?
OK, so the IMP was a bad idea - guvmint with big feckoff database.
However, are ISPs any better at constructing the said database? Should the public trust an ISP more than their government? Will this monitoring work be subject to FOIA now it's no longer in the public sector?
" Virgin Media said: "As a responsible ISP, Virgin Media understands the needs of law enforcement groups, however any policy changes must not sacrifice customers' privacy." "
So.. now CORPORATIONS are protecting me (were I a VM user) from the Privacy snatching GOVERNMENT.
This is so arse-backwards. Especially considering we pay both of these people.
This passing down to ISPs is just a saving-face way of letting it die. Unless they really do wnt to spend billions so each small ISP can hire a person and a multi-petabyte server to save useless crap that'll almost never prove useful.
I'd rather have a tax rebate thanks, c-nuts.
while there at it
while there at it, why don't we spend a few billion developing equipment that can read all our snail mail without opening the envelopes / packages, as people may relise every private communication on the Internet is watched and revert to older methods.
Next step is to add we can fit mic's in babys heads when there born and record every conversation.
if you dont say anything wrong what have you to hide?
Actually, if it was just within the UK that would still be trackable; they'd know who connected to who. So you'd have to make sure that that TOR node you connected to was outside the UK. Or even the EU/OZ/USA.
So essentially you're saying that most of the UK's traffic has to pass through Lagor or Cairo before they'll not be able to find out where you were. And do you trust that the Nigerian and Egyptian governments would be immune to bribery/payment for monitoring communications coming from the UK?
TOR isn't a way of hiding, unfortunately.
...You'll realise how much safer we'll all be once this all comes into effect. Safer from all those paeodphiles and terrorists Jaqboots insists are waiting, hiding, just around the next URL. And you'll thank NuLabour for taking away all of our freedoms, all of our privacy, because, in the end although we'll be watched 24/7 by the Government, by the police and by their private sector contractors (why, it's almost as if we cannot be trusted to act responsibly on our own)... in the end we'll all be safer.
All your data are belong to us
Now stop all your nefarious online behaviour, I'm trying to clean my image up!
The document says "[who's sending messages to whom] is universally regarded as a vital tool for national authorities." but no one is required to put a sender address on a letter in the post, are they?
Am I reading this right?
It seems like she wants at the very least, every ISP to be running tcpdump on their servers, counting UDP packets and TCP connect/disconnects. But reading the doc it seems clear that she also wants some deep packet inspection to read what html page I'm requesting, who that email is going to, whose blog I'm reading, etc. etc.
But my (rural) ISP gives me a NAT address behind a NAT adddress behind a NAT address, so they're going to have to do the logging down at the bottom level servers and pass that info up to the logging machine, which probably means doubling the bandwidth on the uplink ... :-(
And if they looked at my on-line habits all they'll see is various encrypted connections to the
US of A, and Germany, which won't help them see who I'm emailing, the odd DNS lookup or
10, and of course me spending too much time reading El Reg, bbc news, etc.
If they want to reverse DNS the connections, they'd have to do that query almost packet
by packet, as at least one of the servers I talk to is on a dynamic IP, except that it probably won't
give an answer because of the policies of that server's ISP. I guess the alternative is for each subscriber they maintain a cache of what the DNS servers returned to them (more content logging).
Nice big data-centre, and lots of extra fibre, I guess.
And of course there's also Granny's wireless network which gets hijacked by the half the kids on her road.. There's going to be a lot of traffic that she doesn't know about (even though she's unwittingly providing the connection)... and I bet Granny won't be able to do that sort of packet sniffing and logging, even if her little wireless router let her know it was shipping data for anyone else in the first place...
Sorry Jacqui, the internet hasn't been designed to provide that data, and the encryption side
of it that has been designed to hide data from criminals is just as good at hiding it from the police.
What can be recorded, is set out in the directive and doesn't include what she wants to record.
Who can record it, is also set out: the service provider. So no deep packet inspection by third parties of ISPs data, no snooping by a 'Bob Quicks Telecoms services Ltd', or any other 3rd party.
What can be done with it under this directive is RETENTION, *NOT* PROCESSING. i.e. no construction of a 'stasi folder' is permitted by this directive. Why on earth would you create a spying portfolio on everyone unless the intention is to use it?
Any departure from that and it must be proportionate, which clearly anything that applies to everyone clearly isn't proportionate.
What gets me is the processing part, I think she's hiding something there. e.g. perhaps BT is running Echelon style data mining programs on surveillance data for the Government, and she's just realized she's gone and broke the law and needs a cover for it.
What about Gmail
Does the Govt. expext to get logs from Gmail, Hotmail and the like. I connect to my Gmail service using HTTPS, always. My ISP, who happens to be Virgin although I can access my Gmail account from anywhere on the planet, only knows I've connected to Gmail, they can't tell if this is to read or write an email nor to who.
Has the Govt forgotton that not everyone uses their ISPs email service?
Also interesting in light of Virgin outsourcing all email to Gmail!
Stop Press: Entire UK database found to be too big to fit on a data key
In other breaking news, Jacqui "Two homes, one office, dozens of secretaries" Smith has discovered that her cunning plan, of downloading the entire nation's internet habits onto an electronic data key and leave them on a bus, somewhere, were foiled, when it was found that there was simply too much of the stuff to leave lieing around. A government study showed that, in order to cause a data breech of the kind for which the present government has become justly famous, it would require the coordinated efforts of a many as three dozen forgetful middle-rank civil servants at once.
Since there is no point gathering vast, unstructured piles of data, about people'ss private lives, unless you plan to leave them on public transport, she has, instead, come up with a new way of securing all our futures. Ms Smith intends to hand the responsibility for all this data over to the kinds of underpaid, overstretched system administrators employed by companies like Tiscali and Virgin Broadband. In a blinder of a move, she relaised that (while employing some sort of government body to handle this sort of thing, might imply some degree of direct oversight) latest results seemed to show that most government bodies, far from hiring sinister, humourless obsessives, employed sweet, dizzy, scatterbrains. Certainly , these people have proven capable of causing the kinds of slip ups that can compromise major criminal investigations, but in no way, could they be relied upon to actively try to sell an entire nation's data to the first criminal they should come across.
Instead, she realises that, in order to protect the UK from Islamist extremists, the correct response would be to hand the job over to a bunch of companies whose first move, during a recession, is to seek out some ghetto, in Malaysia, to outsource all their IT support work to. National Security: remember, your system was built by the lowest bidder!
It's no good moaning about "NuLabour"
They're all at it.
The Tories are just as keen to spy on you, as are the Lib Dems by the sound of their cop-out.
Just when I was thinking of voting for one of them too. I may have to consider spoiling my ballot at this rate.
AFAIK, if you are using TOR, all the ISP logs can reveal is the IP address of the first node. As the data is encrypted, that's all Wacqui's clowns will be able to tell.
The downside to TOR is that the final 'hop' to the site is 'in the clear'. If you are running that TOR node and the originator is accessing a dodgy web site, then Wacqui's logs will record *you* visiting that site.
We are not talking about avoiding targeted intercepts here, merely keeping off Wacqui's ISP logs, and, AFAIK, TOR should accomplish this.
Make the ISPs do it...
Because we can't create a DB that works?
An if (when) it gets hacked... not our fault.
Clued up thinking
1. It would be a good idea to have a register for pedophiles email addresses. As it is obvious that registered pedophiles only use their officially registered email address if they intend to return to their unsavioury online habits.
2. Collecting email addresses is as straight forward as collecting phone numbers e.g. its a matter of just asking the ISPs for their customers "mail address book".
3. Terrorists and criminals are by default going to follow the law in their usage of internet.
4. Grand scale losses of personal data by public servants is an inconvenience and not a threat of any real significance to the common population.
5. Police powers and authorities are by definition unmistakenly always acted upon with great benevolence and correctness for the purpose to protect the common population.
Come on brothers...
The glorious day is at hand, let the lynchings begin.
If we act quickly we can use our spare kettle leads to hang all the politicians, bankers, police and parking attendants in one fell swoop!
Here's hoping the "post anonymously" tick box keeps me off the MI5 hit list!
I remember not so many years ago when the west was showing us all the horror of the Stazi interceptions room just after the Berlin wall fell.
Seems to me we're going further than they did.
Good ol' Gordon and Whacky Jacqui
....wait, I hear a knock at the door
Instead of reprimanding them for it, .gov are going to PAY BT with TAXPAYERS MONEY to implement phorm. Explains the two-fingered response from BT.
What the fuck are they going to do with recorded Skype data?
I mean the last time I checked, it's hard to determine that a given stream of data is a Skype transmission even using deep packet inspection, plus it's reasonably well encrypted. The ISP would have trouble determining when a call took place, let alone to where it was destined, and since Skype uses a p2p architecture to steal users' bandwidth, it might be difficult to determine where the call even originated.
And I like the idea of recording Facebook traffic, which just seems to be a way around the fact that Facebook isn't based in the UK, and thus the UK gov can't just obtain the information they want directly with a little legal pressure. Maybe they aught to just make an app and steal personal data the way everyone else does.
Doublespeak from doublechin
'We're not going to build a Government database... we'll force ISPs to build one for us instead.'
Time For ISP Co-operatives?
Is it time to join or set up ISP co-operatives?
1. Owned by the customers.
2. Run by the owners/customers.
3. Truly answers to the customers/owners.
If I decide to run a mail server does this mean this somewhat idotic bunch of rules applies?
and where do I send the bill?
or will they simply 'decide' that larger ISPs can do this for the smaller ones, i.e. a nice way of shovelling cash at BT yes?
ignore for now how this won't work due to encryption of whatever, that will be taken as a sign of guilt. with RIPA we are bordering on:
1, state accusation
2, user provides key
3, state discovers whatever they thought was in file isn't
4, state demands second key
5, user states there isn't one
6, state indicates user must be guilty, after all they are obviously hiding something
I'm not an ISP, I think?
I tried asking the Home Office about this, as I provide email and other services from a couple of small dedicated servers. The nice man who eventually phoned me back explained that I needn't worry about logging anything until the Home Office asked me officially. I can see small dedicated servers becoming more popular, especially ones in foreign countries, along with email client support for PGP and SSL connections for everything. Might actually end up being a Good Thing for internet security awareness amongst the general public!
Anon, in case they change their mind!
It will always be an oppressive law ...
... if the information is not equally available to defendants. The prosecution, ie the police, will rarely request ISP records that support a defendant's alibi or otherwise contradict the prosecution's story. Thus, the law might support justice, but only when justice coincides with the desires of the police.
It shares this arbitrariness with the application of DNA databases and CCTV, both being further examples of this government's seemingly uncritical love of surveillance technology.
That will be the well known VoIP client. The one with at least one hidden function, which is for the Chinese versions to forward copies of IM messages to a Chinese government server?
I say at least one as with their multiple checksum booby traps (to crash debugger attempts. It catches viruses as well but as it dies without a message saying why that's unlikely to be its goal).
The VoIP client with dynamic loading of DLLs (which are then distorted to prevent a read out of what actual functions are loaded) The one that uses RC4 which seems quite breakable?
While quite a lot of its architecture has been documented and does seem to use mostly secure crypto algorithms you have to wonder. It's P2P. For all I know certain numbers are designated to use only certain peers, which will faithfully record the decrypted stream.
Blame Blair and Brown
Had Tony not been up George W's butt over bowling into Iraq, none of this bollix would have been 'needed' by this hopeless government anyway. Thanks to our fab and far-sighted politicians - the ones who lied and lied to us about WMDs - and the same ones who couldn't tell you the difference between IT and TGI Friday, we now have to peek through the curtains to see which religious nutter is going to be next to blow us all up in our beds.
It's clear that Jacqui and her colleagues haven't the knowledge or the IQ to understand the games they play. The Tories will get in at the next election and probably add extra bells and whistles to the entire process, so we won't even be able to tell our Facebook chums what a shitty day we had without a rozzer being present in the room.
Mine's the coat with the ticket to Mars in the pocket.
Says it all really...
Home Office 'colluded with Phorm'
@ AC - Time For ISP Co-operatives?
This would depend on security through obscurity, which is difficult to implement. It needs a sufficiently large number of users whose communications are intermingled unobservably so that they are impossible to separate or identify.
In order to provide secure anonymity the last quarter-mile or so would have to use some form of local network - open source and amenable to inspection. Or maybe some sort of roaming wireless network like that added into BT's home-hub would do the trick.
There remains a problem with payments. There is a cost to data transmission after all and it isn't easy to make 'white bicycle' schemes work. What happened to Beanz and similar micro-cash ideas?
Didn't DEC have a workable system with Digicash just before they folded into Compaq? This provided for efficient and secure micropayments down to a fraction of a penny that were as anonymous as cash. The patent will have run out by now.
Why do they even bother?
I can see encrypted VPNs being common in the future with all this anti piracy and government wire tapping. Is this really what they want? it will just make it harder for them to catch people for the real crimes in the future as the use of these tools will become the norm.
All they end up doing is driving people underground, and the people who were stupid enough to commit serious crimes that leave traces on ISPs server logs will not be.
And whats to stop the so called terryists from using public wifi? so what does this actully achieve?
@ David Pollard
What on earth are you going on about?
I was talking about co-operatives. As in the Co-op. As in not a PLC, or a public sector body.
As in: http://en.wikipedia.org/wiki/Cooperative
I don't know what you thought I was suggesting, but it's nothing to do with "security through obscurity", or anything like that.
My thinking was that a co-operative ISP would act in the interests of its customers, as it would be owned by its customers. This is in contrast with, say, PLCs, which act in the interests of their share-holders.
Returning to postal services is of no use, they intend to track those...
"anything, such as addresses or markings, written on the outside of a postal item (such • as a letter, packet or parcel) that is in transmission;"
"online tracking of communications (including postal items and parcels).Service Use"
Funny that whilst IMP is "needed" to keep pace with technology, they are including one of the oldest methods of communication there is!
Garbage In, Garbage Out...
According to Microsoft, 97% of email is spam. Anyway, a few months back I started sending myself spam asking me to buy vi@gra and other mEdZ. Why did I do this? I thought I might be interested in buying these MeDZ. Seriously though, this really did happen, but it wasn't me sending myself stuff. It appeared to be that the webmail access of my ISP had been cracked by spammers, so it looked like I was sending myself meDz mail. As this is illegal under the 1990 Computer Misuse Act, why can't these spammers be arrested and charged? They're probably outside the UK. Oops, WJ fails at life. If copies of all mails are to be stored centrally (whether in teeny databases or one huge one, they are both centralised) how long will it be before hackers crack these systems and delete all the data? Still, if they want my spam (CC to WJ), I'll just configure OE to leave the messages on the server, and hope my ISP provides me with a unviversally sized mailbox. Still, if it stops terrorists...
@It will always be an oppressive law ...
Too true, in addition, those who wish to could use this kind of nonsense to create false alibis (give their phone to a friend to prove they were miles away from a crime for example), no doubt in such a case the police would choose to ignore such a record yet in the case of someone perfectly innocent the opportunity to obtain the relevant records would not be available!
The more dependent on technology they make this, the easier it will be to falsify
Case-study: communications diversity
In what possible way can the blanket recording of information beyond the needs of the telephone, internet etc company (for marketing, QOS etc) regarding the cricket watching habits of Ian, Michael, and Stuart be considered necessary and proportionate?
Pubs/Coffee shops, god forbid that two people would want to communicate face to face, surely there must be an obligation on such facilitators to record who meets with who and when?
Libraries, if they know which websites you might surf, then surely they will need to know which books you might read?
Additionally, the "consultation" mentions TV and music providors (challenges, 12), why on earth would they need to record those??!!
Education education edukayshun, but they no nuffin
@ Barry Lane
WJ has an Oxford education, as do many other MP's. Doesn't say much does it?