Government measures to massively increase surveillance of the internet will be in place within five years. In its departmental business plan, published today, the Home Office said it aims that "key proposals [will be] implemented for the storage and acquisition of internet and e-mail records" by June 2015. The plan is the …
Where is the Joined up thinking
What really is the point to this ?
If someone uses webmail it is usually https encrypted. no one is obliged to use their ISP's mailserver or for that matter a uk mail server.
As for 'internet data' presumeably where you visit. I assume they can monitor data passed through non uk proxies, but then that point is moot as their anti freetard 3 strikes policies will force most people to use non uk vpn to get their quota of free music and movies So Terrorists using highly encrypted links are hardly going to stand out are they.
Based on the 'rist we've picked up recently, they aren't using much high tech kit. 'Cause maybe we only catch the stupid ones :-)
As to what they'll do about HTTPS to Facebook etc. I dread to think, they could request it at source, have it blocked altogether or just fiddle with your certificate validation requests (what, you dont check the checksums by hand every time ?)...
Who pays for the storage?
Is it payed for pro-rata by the government (i.e. us), or the ISP (i.e. passed on to us)?
I'm not sure I understand how this is going to work. I can just imagine our "friends" at anonymous or somewhere writing a botnet payload which, as fast as it can, connects to (almost) random IP addresses. Then drops the socket.
For each connection the hapless ISP will need to store, at a minimum: date, time, source IP, dest IP, port number, duration of connection, bytes sent, and bytes received. That would probably be about 28 bytes (maybe more with IPv6) per connection. At least quadruple that if it's stored in a database.
I'm pretty sure it only takes a few milliseconds to connect and disconnect a socket. It probably wouldn't even add significant load to the PC running the "App". Let's assume it takes about 100ms per connection (and that we don't even multithread a number of them). So that's:
10 a second x 28 bytes = 280 bytes/sec = 984 KB/hour ~ 23 MB/day = 650+ MB/month per PC. Or, lets call it, 8 GB/year/PC.
Then multiply that by a few *million* PC's....
That's on top of the actual internet usage that PC's user may be making. I wonder how many years they will archive it all for?
Lots of questions... not many answers I'm afraid.
Feel free to correct my calculations if I've made a mistake. I'd hate to mislead anyone.
Who Pays ?
You do. Pay your taxes or go to jail. We are oppressing you for your own good, after all, so it's only fair that we get you to pay for it, don't you think ? Quite, quite reasonable.
Re: Who pays for the storage?
I, as owner of a small-ish IT outift, running some B2B for certain clients of mine, would certainly hope that the government is paying for this:
1) Mail Filtering Service: £0.00025 per email < 500KB, £0.0005 per email > 500KB & < 1024KB, £0.001 pound per email > 1024KB. For the government to be happy, I have to keep 10 bytes (date/time) + 256 bytes (from email address) + 256 bytes (to email address) = 522 bytes per email. Given the current load of roughly 20.000 email filtered per day, that is 9MB of data per day, or say 3GB per year. Not much, for sure, but we run the Mail Filter Service whilst giving access to the quarantine area. In order to cope with the load of incoming mail, filtering, and the quarantine web server, we maintain two servers. These cost us roughly £1000 per year to operate, and another £500 per year to maintain. Now out of 20.000 emails per day, roughly 90% is < 500KB, whilst 7% is < 1024KB and 3% > 1024, meaning £4.5 + £0.7 + £0.6 = £5.8 / day revenue; equals £2117. If we have to take care of 3GB of data *extra* to save, the operational cost would increase with £500 (database server) + £250 (maintenance). Costs are then so close to revenue, that I would almost certainly have to bail out this service, or increase the price, which would almost certainly cost me clients.
2) Email Hosting: We operate this on a £1 / email address / month + £2 / GB / month schedule. This is GB that the use has management rights over. If I have to cope with the load of copying *every* mail so that somebody may inspect it some 3 - 5 years(??) later, I would have to buy a storage array, and get that co-hosted. Co-hosting would double the cost of server hosting, and there we have a problem. Can I hand that data to a third party? Not wise: my company is responsible for maintaining that data, and for making sure that police has access to it as and when requested. Again, the choice would be: increase end-user cost, or drop the service if the government isn't paying for the required storage.
Mine is the one with the PocketCLARiiON...
Just my two cents,
That's still /only/ 8PB per year, or a few thousand new servers. Not exactly peanuts but still little more than drop in the ocean compared to what Whitehall already runs. I would put money on the impracticality of being able to mine anything useful from the dross beyond mapping the connections to specific protocol/ip address combinations. Still that it itself might be useful enough to justify the investment. I trust someone actually knows the answer to that.
let's see what Anonymous says
copypasted to one of the 'chans' programming boards to see what they make of it
8PB a year is just the start
You also have to factor in their ability to match the source and destination IP addresses to actual people as well. Since all the major ISP's use some form of DHCP address allocation they will need to also store, for the same period, whose user account was using which IP address. Although if the destination is in a foreign country they're going to have a little trouble with that aren't they?
So another little addition to the above mentioned anonymous app would be to do a regular "ipconfig /renew" to bump up the logging requirement of that info too. Will they be making the ISP's use decent, as in accurate, time synchronisation as a legal requirement in future? Otherwise how will they ever know exactly which person had what IP to the accuracy they'd need?
I wouldn't want to be the poor sod who has to analyze all this dross. Imagine the workload to accumulate, merge, cross-reference and index it all! I wonder if that's going to be done in-house at GCHQ or if they'll setup a lucrative private sector programme to do it? Nice little earner for someone (EDS, CapGemini, ATOS, etc?). Think about the storage alone ... say for 10 years, plus RAID for speed and resilience. Must be well over 200 PB mustn't it? Duplicate data centres? All backed up regularly of course. We must be in the realms of hundreds of millions of pounds mustn't we?
I wonder how the ISP's are going to deliver it all to the government data keepers? Over a network link (bit risky I'd have thought)? On DVD? Blu-ray? Tapes? I think the very small ISP's should opt for paper-tape or carrier pigeon with USB key.
Will we be able to request all information they are storing about us viz the Data Protection Act? Or will it be an uncorrectable secret?
Inaugural TV speech and in the coalition document. Bastards.
"end the storage of internet and email records without good reason".
So they've basically discovered a "good reason", because knacker et al will have told them that they can't possibly deal effectively with the four horsemen of the infopocalypse - drugs, terrorists, organised crime and paedos, without "storing internet and email records".
I think it goes a little something like this :
"It's very simple home secretary, if we don't have this, all of Britain's children will be abducted by paedos before the year is out and we won't be able to do anything about it because we'll be so busy trying to arrest gangsters on crack. Then parliament will be blown up by terrorists. And I don't think we'd wish that to happen would we?"
And the Home Sec - though likely noticing that we are in fact not currently knee deep in bombed and mongled corpses - will nod sagely and go along with it, because all politicians are nasty, brutish, statist, authoritarian douchebags who sincerely believe that citizens are the chattels of the state.
Frankly the only real surprise is that anyone believed the dog fuckers in the first place.
Politicians are chattels of the wealthy
The Other Steve wrote: "all politicians are nasty, brutish, statist, authoritarian douchebags who sincerely believe that citizens are the chattels of the state"
It's worse than that - this development confirms a growing suspicion that we will get the same government no matter who we vote for, i.e. democracy is a farce in the UK. We're being fed the line that we have to make do with less and less, yet there are abundant funds to splash out on these gold-plated surveillance schemes. Our taxes are increasingly funding the security of the wealthy and powerful, including footing the bill for the systems that will ensure the poorer majority are kept in their place. These systems are not primarily to be used against criminals and terrorists, but ordinary UK citizens.
You may have missed the three magic words
"without good reason"
Summed up nicely by Lewis Carroll:
“When I use a word,” Humpty Dumpty said, in a rather a scornful tone, “it means just what I choose it to mean—neither more nor less.”
“The question is,” said Alice, “whether you can make words mean so many different things.”
“The question is,” said Humpty Dumpty, “which is to be master - that’s all.”
Trying to drink from the firehose again.
I sometimes wonder if TPTB are even aware of how much data passes over the internet every day.
Meet the new boss - same as the old boss.
1. Is the following content our just data?
2. Can they do
# dhcplookup < grep /dev/ukinternetz "secret_plan"
Says absolutely nothing
Typically of most government openness initiatives, this document seems to make multiple contradictory claims but each claim is in such weasely language that any of them can be plausibly denied simply by being gibberish.
Well, it's one above shredding the official records right before the FoI act came into force. Only a small one mind.
I think shredding ALL official documents right now is the way to go.
"Government measures to massively increase surveillance of the [Internet] will be in place within five years."
This will lead to people using more encryption, TOR etc. These measures will become stronger, commoditised and work their way further down the technical scale. It could, in fact, become HARDER for the state to intercept where there is due cause. And as the first poster points out, "suspicious" crypto channels will vanish into the noise as people secure themselves further.
I couldn't give two damns about free music and movies (call me strange, my Phil Collins back catalogue was bought and paid for) I just don't see why anyone should record where I go on the internet. It's not even the recording per se that's the issue, it's the potential abuse. Just the other day there was that story about the (now ex) copper looking up potential b/friends on the PNC. If she'd been slightly sharper, we probably would never have known.
Although one thing does come to mind...does this tie in the with greater public access to information? Will the unabridged Internet record of every civil servant, MP, MSP and MEP be published in the clear (purely the one they have for their job, of course)
If the public can't watch the watchers, who will?
"If the public can't watch the watchers, who will?"
... the ones we don't know about, of course.
Why on earth not?
I just don't see why anyone should record where I go on the internet.
Well we can intercept your snail mail, track your vehicle, monitor your financial transactions, read your medical records, so why fuss about your internet trail.
Unless you have something to hide!!, Just trust us
"a warrant from the Home Secretary to access. Senior intelligence and police officers can authorise access to communications data themselves."
So that means almost anyone will be able to gain access to data.
All I can say is our security services make me sick.
DID I WASTE MY LIB DEM VOTE?
From page 1 of their departmental business plan:-
"We will reverse state intrusion into people’s lives, returning freedoms lost through ID cards and the disproportionate use of surveillance powers, the DNA database and the Vetting and Barring Scheme. Citizens will not be subjected to unnecessary or disproportionate state intrusion into their lives."
From page 3:-
"5. Protect people’s freedoms and civil liberties
• Reverse state interference to ensure there is not disproportionate intrusion into people’s lives"
From page 5:-
"The Department will no longer ... intrude disproportionately on civil liberties and freedoms through ID cards and the National Identity Register, DNA records, powers of entry, counter-terrorism and security legislation and the Vetting and Barring Scheme"
And then page 20 has the resurrection of IMP, as quoted in the article here.
DID you WASTE your LIB DEM VOTE?
How do they define an ISP ?
I provide ISP services on a hosted virtual server for a few community groups and individuals. If I tunnel all my traffic from my home network using a VPN will I have to comply with this data retention directive ? If the government draw a line based upon number of users then those who wish to opt out can simply use an ISP which stays one smaller than this arbitrary limit. If the government try to include ISPs of the size of my operation there will be so many that the cost of their monitoring system will grow without bounds and couldn't be prevented from becoming public knowledge, and if they do then those who choose to opt out will relocate their servers offshore.
Of course, they'll probably get these same SQL Injection fucktards to do the work as those responsible for the RN Website story on the same page here, so relax. It won't actually work or anything.
When will they learn?
I knew it
When the defence review said that cybercrime was the biggest security threat to the UK, I knew that we would all end up being monitored.
And if I knew it, I suppose they knew that I knew it.
The only way to be secure is to have no secrets. I shall be posting my inside leg measurement and my library ticket number on the web tomorrow.
"I knew it ..."
Quite agree. In the interests of solidarity, my inside leg measurement is 30".
Just because it is possible it is not necessarily a good idea
This is mad.
Emails are scanned. Encryption is limited to what could be cracked fifteen years ago. Whenever the spooks ask they get what they want because terrorism is the priority although it kills less than 1% of road deaths.
Five years ago I did a course in creative writing. We were a class sharing our work by email. My work was the most creative which means it was the least like normal prose, or the most like code. My texts often did not get to their destinations. Try sending a gibberish attachment to an email and see what happens.
The driver of this is mobile 'phone connections data, stored at customers expense by the service providers. Whenever cops pick up anyone with good suspicion and a mob in the pocket they access all the data. The data is anonymous because all the 'phones are pay as you go. But they know where every contact was and with a bit more work they have a cloud of data that may or may not represent a supplier with peripheral dealers. That is a long way towards breaking a network so I can see why they like it.
We all accept limits to our liberties without a definition of where this should end. As machines get more powerful so the spooks will want to use this.
And why is no intercept evidence used in court ? Answer : Because then we would all know just how much of this nasty stuff happens.
Meet the new boss...
"and we shall be working with the Information Commissioner's Office on anything we do in that area."
oh and we KNOW he runs a tight ship. You don't want to cross the Information Commissioner or you might receive a mild letter in the post. Oh no.
So that's 5 years to wean yourself off of Facebook and read a book on encryption. Shouldn't be too hard for you borderline plebs.
Of course the only communications you ever see from criminals are the ones they want you to see (unless they're dumb, in which case do we really need to put effort into catching them? - usually they turn up at the scene of the crime and accidentally break their skull, leaving any potential victims relatively unharmed). Nobody can make military grade explosives in a bath tub.
but at least I FEEL safer.
Another dumb, easily circumvented scheme
Who dreams up these things?
The e-mail one is easily circumvented (think intelligent mail forwarding).
And I though they were trying to save money!
Our secure mail only has one address - a remote forwarder
Our important e-mail that might be of interest to third parties only goes to one address that of an email forwarding system that reads the encrypted contents, locates the addressee, then forwards it to the appropriate addressee, through a separate e-mail address.
One our techs used to work for government and he replicated their system. All you need is a third country, or a rebellious ISP, who either has tight data security or couldn't care less what goes on in the InterNet. Never use countries in conflict or are patsies of Washington.
One good thing about all these discussions is that everyone now understands governments snouts are in your pants and anxious to learn everything. The challenge is not to let them.
Kicked into the long grass, then
2015 is after the next general election, so it won't happen unless the *next* government thinks it is a good idea.
The big question. Will they take a peak inside your packest "Just to make sure"
they are what you've said they are.
What's the spec on the Dettica snoop boxes that BAe will be flogging them?
And while we're at it what is the aggregate bandwidth of the UK Internet bandwidth?
Because to a first approximation that is what this nonsense will be planning to archive.
And of course just to really add insult to injury the civil servants whose collective cranio-rectal insertions have been running this plan from day 1 will be doing it "For *your* safety"
Wake Up! RATM
Need to play Rage Against The Machine very loud at this point.
Alex Jones style bull horn because there is no Matrix style monitor screen with green text dribbling down.
Yeah, right - and just whose pockets are going to be rifled to pay for all this electronic book-keeping? Yup, you've guessed it - eventually those good ol' boys, Joe Public, son et al. Seems some back-pedalling on election temptations is going on here, to my way of thinking.
Tinfoil hats at the ready...
Those GCHQ MapReduce boff's are gearing up the digital doughnut to receive all our Pfizer emails, tweets, and Facebook rants. The gig's up ladies and gents. No more skiving during work hours. Oh well, we had a good run!
Now, I wonder how long it'll be before that intentionally infected email makes it's way onto the database they're not having GCHQ build?
What's an ISP?
Anyone with a domain name and a cheap PC can run a mail server.
All they'll end up collecting are emails from those too lazy or stupid to use something secure.
The police state.
In the text it was stated that the last government shelved the plan, and that the new government has reinstated it.
This is not an accident...
All of this crap comes from the REAL government, spearheaded by the unelected politburo in Brussels.
Our so-called government is a puppet administration, it has to enact EU directives within a certain period, there is little room for interpretation, although it is traditional for UK government to "gold plate" these directives. They go all the way and more, unlike the Spanish, for instance who keep their citizens onside by enacting the barest minimum of a given directive. Of course it doesn't stop there, there are regulations and decisions, hundreds of thousands of them, and these have to be enacted without debate, implicitly.
People have a choice if they don't like living in a police state:
1: Leave the country (and the EU), there are very few places left that are free, but think third world.
2: Vote for one of the smaller parties that want out of the EU, although only one party has the complete solution... There are various socialist parties that do not accept the concept of rule by the EU, such as Scargill's socialists, No2EU, and the BNP, however they all believe in a powerful state, that demands obedience. The only choice is the UKIP, which not only wants to withdraw from the EU, it also wants to trim the power of the political elites with the implementation of direct democracy. Lastly there are still some people that think that the elements within the large established parties that disagree with their leaderships will have some influence. I say that that they have not managed any form of influence since it was decided that this was the way the UK was going, which was way back in the 1950's, and so this is a non-solution.
3: A campaign of civil disobedience and escalating violent protest leading to insurrection, as attempted by the IRA, this is easily the worst option, but also the inevitable option, if people don't get off their arses and THINK.
The above is what is really happening, it is up to people to put 2 and 2 together, it is a drip feed dictatorship, and one day the ONLY option will be violence.
Oh, and yes Sarah Bee... The last time I wrote stuff like this, was the last time this publication wittered on about some previous loss of freedom. The response of SB was hilarity... Feel free... You can weep later.
@AC The Police State
No hilarity lol. Reading you comment I either conclude you are paranoid, or you are a stooge for UKIP/BNP.
'Never attribute to malice what can be adequately explained by stupidity. '..... or in this case the thrashing around of excesses of bureaucracy.
Your first statement is incorrect on both counts...
Your second statement suggests that I feel government to be malicious, again not true... The first part explained why something that had apparently gone away, had suddenly come back in almost the exact format. The reason, as you seem to have forgotten, is that it's not their idea, it comes from the federal EU, and must be enacted within a given time, as it is in response to a directive there is a small amount of room for interpretation. There is no stupidity involved it is carefully calculated, but I will grant you that there is an excess of bureaucracy.
The second part of my post included the various limited available options, none of which I am particularly in favour of, but the options are becoming more limited by the year, and eventually (after I am dead) the only option will be violent conflict.
If you are still a young person, enjoy it!
And only 10% of people will use encryption, just all the people they really need to monitor. And they will somehow ban encryption, so it will be hidden in JPG images. Are these government-types all fools, or do they not say why they are really doing what?
Remember folks email is a postcard style service - anyone running a "hop" can read your email! And it happens.
So how best to "cheese" thier results?
SAV would hopefully create a vast amount of traffic logs for thier noo puta's to scan. I suspect they will scan envelope initially then headers and finally content in short order.
And if you think corps will not *pay* for access to this highly lucrative data...
So this is what Cameron meant by "rolling back the database state" and "reducing the surveillance state".
Politician tells lie to get into power, meanwhile in other news, night follows day, shock
Condems FAIL AGAIN!
Yet another tory promise they have gone back on.
Well done English tory voters, can you be anymore gullible.
Roll on the spam...
So, they log every communication, then you get spam from a criminal organisation, will you be considered a person of interest?
If you aren't, how do they know that there isn't a codeword in there that triggers your bombing spree.
Ultimately, even if nobody uses "encryption", this is a fail.
Encryption could be as simple as "me sell Viagr@" meaning blow something up. Send that to half a billion email addresses round the world along with a bucketload of other spam and you've got your target and the authorities would need to find a straw shaped needle in a haystack.
People have been using classified ads in the same way for years (according to the media).
Once upon a time it was drugs we were to fear...
then it became terrorism/religious extremism and now they want to gear the public up to be fearful of cyber-terrorism, most likely with the usual government view of "its only your liberty we are taking and it is for your own good, how else shall we keep you safe from those evil cyber-terrorists, now be good and go back to watching X Factor, hey we might even mention it in parliament to show how in touch we are with our slaves, sorry serfs, sorry citizens"
Will we see adverts on the underground in a similar vein to the "multiple mobile phones, must be a terrorist" only revised to "They have more than one PC, maybe even a laptop as well, can you trust this person? they might be a cyber-terrorist! So shop them now, don't worry if we cannot get them for terrorism then we might be able to squeak something through with the extreme porn laws and hey presto!"
or am I just being too cynical of government (again)?
One More Reason to Use Encryption
At this point there can't be much doubt, can there? The US has been monitoring all internet traffic for quite some time and building their TIA database. Now, we learn the UK wants to join the fun.
In the end, I suspect more and more people will start using encrypted email via TrulyMail, PGP, GPG, etc. They will start using TOR to hide their browsing habits. People will always find ways, if they are motivated. This new step will motivate more and more.
Re: One More Reason to Use Encryption
Encrypted email is fine until the government chooses to exercise their law requiring you to fork over the private key and password, or face prison. As has already been tested. Twice.
CON-DEM's are at it again
No surprises here
"Confusingly, today's Home Office document says it will "end the storage of internet and email records without good reason" via "proposals for the storage and acquisition of internet and email records"."
How are they going to know if they have good reason to store internet and email records if they don't read them first? And of course they will need to store them because there is no way they can read all that information real time to see if they have a reason to store it. So they won't really be "storing" the data will they? It will just be sitting in a buffer waiting to see if they need to store it.
You know, I started typing that thinking it was sarcastic and by the time I got to the end of it I realised it was probably exactly how their reasoning ran.
I told you so
Democracy is a sham. All politicians are worthless, lying, self serving, power crazy bastards. Whatever party they represent.
Not being smug about it, either. Just bitterly disappointed that nobody could see the truth of it until now. I just bet the country gets collective amnesia come the next election, too.
this just about sums it all up
Well worth a watch:
- Geek's Guide to Britain INSIDE GCHQ: Welcome to Cheltenham's cottage industry
- 'Catastrophic failure' of 3D-printed gun in Oz Police test
- Game Theory Is the next-gen console war already One?
- Analysis Spam and the Byzantine Empire: How Bitcoin tech REALLY works
- VIDEO Herschel Space Observatory spots galaxies merging