Feeds

back to article Queen unveils draft internet super-snoop bill - with clauses

The Queen has detailed the government's upcoming programme of law-making on a grey day darkened by the gloom of a double-dip recession and plans to massively increase surveillance of the internet in the UK. Opening the new session of Parliament, Her Majesty confirmed on Wednesday that "draft clauses" would be introduced to allow …

COMMENTS

This topic is closed for new posts.

Page:

Boffin

Question

There's much hoopla over this but is it any different than the police and security forces having access to your telephone conversations and call history (as long as warrants are needed just like for phonecalls)

1
17

Re: Question

That's the problem, we don't really know what it entails yet, and it likely won't contain any technical detail as that will be left to the ISPs to implement (and pass the cost on to us customers).

The real problem is that it is likely to be blanket monitoring in retrospect (that is your past years worth of internet activity will be available, could be more), whether or not the requirement is a warrant, everyone is being watched and recorded.

The assurances that it won't contain message data, just comms data, is a lie. At some point in the system everything will be looked at. A packet may contain part of another protocol and the whole thing needs to be read and stored until enough data is available to reconstruct that 'communications data' but that may also include lots more bedsides. The rest may not get stored for long, but it is read at some point...

10
2
Anonymous Coward

Re: Question

Yes there is a difference.

You might speak to perhaps a few tens of people by phone, but these days much more communication is done via email so maybe it would be fair enough that email addresses are captured with warrants required for their contents. I could just about live with that, although I'd prefer not to.

But this bill wants logs of every website address too, the equivalent of following someone about to see where they go. Query strings give away even more information. All without any warrant apparently. I guess website addresses will become more obfuscated.

What opening post delivered by Royal Mail? Why not if it's all for our own good?

20
0

Re: Question

Remember that this information will be logged and saved in advance.

So acess to call records & call content via a court order means that they will gain access to your records for as far back as the phone company have them (5 years ?). Also they could tap your phone to record your phone calls.

Now under this proposal they will log all the sites you visit, the content of all the emails you send and much more. They then have to get a court order to access that data but it would be already there on their equipment.

However it's not like there are 3rd parties involved (eg BT) so it would be trivial to lower the requirements. Putting this into the phone context everyone knows it's comparable to them recording all your phone calls (& text msgs) and then promising that they'll ask before listening to them.

6
0
Paris Hilton

Re: Question

IS QUEEN EVEN TOGETHER ANY MORE I THOUGHT THERE LEAD SINGER DIED OR SOMETHING

14
15
Coffee/keyboard

Re: Question

yeah thanks, I wasnt expecting to laugh reading this comments! :oD

Don't stop me now

I'm having such a good time

Looking at your interwebz!

4
2
Anonymous Coward

Re: Question

reproducing the answer (to "is it any different") "From Lawful to Massive Interception: Aggregation of Sources" Slide (c) Amesys 2008

Features: ........Lawful Interception....Massive Interception (CCDP)

-----------------------------------------------------------------------

Recording target's communications..OK.................OK

Social Network for targets...............OK.................OK

Search in the past for newly identified targets.........OK

Identification of new potential suspects.................OK

Discovery of new targets on:

- Keywords.........................................................OK

- Key topics........................................................OK

- Social Network..................................................OK

Information synthesizer & top-level intelligence......OK

Creation of intelligence notes for the Authority......OK

Full Country traffic monitoring..............................OK

Behavioural analysis of Data Flow........................OK

(geo)Localisation.............................................OK

Multi-captor system..........................................OK

0
0
JDX
Gold badge

Nothing to worry about

Why would anyone be concerned that the government can access you entire browsing history for X years when it's taking decades for them to be able to track your medical history?

4
3
Unhappy

Re: Question

Privacy should be "on" by default, with an option to snoop only in exceptional circumstances*. The proposal is to set privacy to "off" by default.

* Granted, every government writes its own terms of meaning for "exceptional circumstances" but the right to privacy should be there first and foremost.

4
0
Anonymous Coward

Re: Question

I'm the invisible man, it's criminal how I can, see right though you!

1
0
Gold badge
Trollface

Re: Question

Do not feed.

0
0
Happy

Re: Question

Not trolling, I've just seen so many conflicting opinions that collapse into screaming matches that I was looking for the definitive answer ;)

0
0
Bronze badge
Big Brother

Note for GCHQ:-

Expect large uptick in highly encrypted email.

15
0
Bronze badge

Re: Note for GCHQ:-

And VPNs leading to servers outside the UK...

5
0
FAIL

Re: Note for GCHQ:-

Or even just using webmail over https on servers located in some country which is less than friendly to the UK (Argentina, France, somewhere like that). And of course persuading all your <insert terrorist organisation of choice here> buddies to do the same.

Wait... they already do that :-(

1
0
Silver badge

Re: Note for GCHQ:-

Looks like a business opportunity to me. Start researching Swiss law now, for a service you can sell to respectable people who worry about journalists, PIs and spouses getting access to logs that are supposed to be for MI5 only.

Swiss, because they're a country that will cooperate with law enforcement agencies, but where they still believe in privacy. The really bad guys will find other more bribeable jurisdictions ... or possibly, put their servers afloat in the Pacific garbage patch or in orbit!

0
0

Re: Note for GCHQ:-

Is there a market for CDs full of true random numbers ? They could be sold in pairs for convenience. At least when the plod comes round and demands the keys you would know they were watching you.

0
0
Alert

Re: Problem with that, Alan

The problem is that at some point they will turn up and demand the keys and of course you will not be able to provide them. A court would choose not to believe your explanation so you would get banged up despite committing no crime.

0
0
Boffin

@Alan, Re: Note for GCHQ:-

No market since around 1975.

Such a one time pad is only useful if you never reuse the pad. You've also got the problems of generating the CD contents, duplicating these and sending these around by trusted courier (That's similar to how the UK diplomatic service did it. I've seen their old paper punched tape OTP machinery in use up to the seventies now on display at Bletchley Park).

You are now doing much, much better having a new long enough key (128 bits or longer) randomly generated and exchanged using the Diffie Hellman protocol at the start of each session and securely disposed of at the end of a session. Secure disposal of the key after the session means that plod who calls around and obtains all known secrets after the session has ended (e.g. using RIPA or some other kind of rubber-hose cryptanalysis) has no way of decrypting his copy of the encrypted stream; this property is called 'perfect forward secrecy'. Diffie Hellman on its own doesn't protect against a man in the middle attack (e.g Eve pretending to Alice she is Bob while also pretending to Bob that she is Alice), so you need to use DH key exchange in connection with RSA signature or similar to authenticate the other end.

0
0
Anonymous Coward

I've Already Installed Tor...

... I will also investigate investing in a VPN; though I can see a few years down the line that'll be the next area the government targets with legislation. It's an uncomfortable fact but as the internet becomes more imbedded in everyday objects & surveillance technology improves our lives will come under ever more scrutiny. Most people haven't kicked up a fuss so whatever government is in power will implement this.

3
1
Anonymous Coward

Re: I've Already Installed Tor...

Obviously you have something to hide..... I'm sure running Tor will get you onto at least one list.

Slight tangent, I wonder how many Tor nodes are spook run ? Can someone running all the nodes from request to exit node trace source and target IP ? I'm sure I read that was a Tor weakness so if I was wanting to monitor Tor I'd have a server room packed with as many nodes as possible modifed to try and trace requests.

1
4
Anonymous Coward

Re: I've Already Installed Tor...

"Most people haven't kicked up a fuss.."

Most people do not understand their computer, let alone the impact of such a bill.

We all know how to obfuscate information using techniques already mentioned here. But your mum/aunt/grandmother/etc... have no clue. Its 'normal peoples' conversations being impacted. Those 'underhanded' persons will already be implementing counter surveillance techniques.

It's a waste of time and money really.

8
0

Re: I've Already Installed Tor...

"Obviously you have something to hide..... I'm sure running Tor will get you onto at least one list."

So what? What will they do, stop my flying to the USA? Fat chance... I'm not flying there anyway. If I want that kind of "intimate attention" from another person, I'll buy the girlfriend flowers and a nice dinner.

"Slight tangent, I wonder how many Tor nodes are spook run ?"

Probably a lot, but it doesn't matter. Data inside the network is encrypted, and data leaving the network only has the data you put into it readable by the exit node. Those folk who were caught in the drug sale sting gave out their shipping details. As is typical of data protection, "they" only get as much data as you give them. Encrypt the data before sending it (HTTPS anyone?) and don't go applying for credit or accessing your personal email account, and nobody will know who you are anyway.

2
0
Anonymous Coward

Re: I've Already Installed Tor...

Just making the point that running Tor makes you look like a "Bad Person" in some people's eyes.... and running Tor may one day be a amber/red flag in someone's data warehouse report. Just take steps to hide the Tor useage.

Who said anything about the USA ?

This is the UK goverment and they'll just knock on your door (possibly heavily) if they want to chat.

Question answered, cheers

0
1
Silver badge
Linux

Re: I've Already Installed Tor...

I'm not sure why people keep going on about SSL, it is completely readable when you have intercepted the entire communication from it's initiation.

Get your hands out of my cookie jar.

0
2
Anonymous Coward

Re: I've Already Installed Tor...

And how long will it be before the bill is amended so that you are required to register for a special government license entitling you to deploy any kind of encryption technology?

Default exemption for corporates and bankers - compulsory for wankers.

0
0
Vic
Silver badge

Re: I've Already Installed Tor...

> it is completely readable when you have intercepted the entire communication

No it isn't.

Vic.

2
0
Black Helicopters

Re: I've Already Installed Tor...

> I'm not sure why people keep going on about SSL, it is completely readable when you

> have intercepted the entire communication from it's initiation.

No it isn't, you'd need access to the private certificate on the server to decrypt it. Only the public certificate is sent out, to allow the other end to encrypt stuff.

You can do a 'man-in-the-middle', where you decrypt SSL on the way then re-encrypt it, but it'll set the alarm bells off in the browser as the server name won't match the destination address.

1
0
Boffin

@Miek

"I'm not sure why people keep going on about SSL, it is completely readable when you have intercepted the entire communication from it's initiation."

If you do know how to break current SSL implementations, then please publish your reproducible attack method in full. Your publications and conference keynotes would then be worth a considerable amount of dosh. I'm also not including manipulating the CA system to get a false signed cert which we all know is doable but expensive to the CA that gets caught doing this, see Diginotar.

0
0
Anonymous Coward

In the speech? Damn.

I expect them to do a Digital Economy bill on this one, make no mistake we will get it because its in the speech regardless of how unpopular it is. Even if they have to sneak it through the disgrace that is the Parliamentary "Wash up" to get it on the books we will have it forced on us.

What's the betting that p0rn filter comes along with this as well.

7
0
Anonymous Coward

Re: In the speech? Damn.

Cool. I relay 30Gb/Day for the tor network, I started relaying more after all the recent discussion on the snoop laws.

You should look into relaying either internally in the network or as an exit relay.

3
0
Big Brother

Whether a warrant is required is largely immaterial

because the ISP will have to inspect and record the data first, so it still exists should a warrant be issued within 12 months.

0
0
Black Helicopters

No communication contents?

So maybe they can explain this

To quote:

"May and her department have tried to bat aside criticism from civil liberties groups by saying that "no emails would be read in real-time"."

To support

"The proposed bill described communications data as being "information about a communication, not the communication itself"."

If there is no communication content held, then how can they say that no email will be read in real-time, implying that they can (or will) be read after 'real-time' ie 1 seconds later by a person or batch job.

this puts me in mind of the Great Wall of China, unfortunately not the nice stone one......

Now, where is that tin foil hat of mine....

5
0
Bronze badge
Megaphone

Re: No communication contents?

"no emails would be read in real-time".

OK, delay by a second or two. Not 'real-time' then!

0
0
Bronze badge
Black Helicopters

Re: No communication contents?

"May and her department have tried to bat aside criticism from civil liberties groups by saying that "no emails would be read in real-time"."

no, they're not reading them in real time... just delayed by a couple of microseconds...

1
0
Bronze badge
Thumb Down

"Oh... email..."

"Wouldn't one of those be lovey... and an internet as well... are they types of dog Phillip?"

...said a doddery old pensioner with a crown earlier today.

Hands up if anyone thinks that old Liz actually has a clue about anything she reads in Parley-a-ment...

4
4
Thumb Up

Re: "Oh... email..."

I'd hazard a guess that Her Maj is a bit more technically clued-up than you'd think.

Maybe not to the level of most of us reading tech news sites like this, but I'm sure she'll at least know how to switch on a PC and do a bit of casual web browsing in between her royal duties. Probably won't stretch to downloading torrents though!

0
0

Re: "Oh... email..."

The Queen sent her first email in 1976.

0
0
Vic
Silver badge

Re: "Oh... email..."

> anyone thinks that old Liz actually has a clue about anything

She's far more clued-up than you might imagine.

She was a driver/mechanic during the war, and she was introduced to email before most of the rest of us.

That she talks such utter bollocks in the "Queen's Speech" is down to it being written by the government, not by the monarch.

Vic.

0
0
Bronze badge
Windows

Lord Chancellor handing Her Most Majestic Majesty the speech..

1) Doubt if She's seen it before..

2) Doesn't She - as an octogenarian - need glasses to read?*

*Actually, zooming in a lot, She does seem to have them on.

0
0
Anonymous Coward

Lie back and think of England

ya munchers! Or, actually, bend backwards, as a good herbivore would. Even it if hurts a little... ultimately, it's for your own good, even if ya don't getit into ya thick skull!

1
0

Soo..

This means they can snoop officaly then eh

0
0
Alert

What difference who announces it?

What difference does it make who announces this bill? Can the Queen refuse to announce it or will they dock her pay?

0
0
Silver badge
Childcatcher

Child Labour at the Mother of Parliament?

So who's that young lad in the picture with Her Maj? Looks to be of school age to me, so why's he not at school?

0
0
Anonymous Coward

Re: Child Labour at the Mother of Parliament?

It's not illegal to employ under 16's. See paperboys(persons?) and the early Harry Potter films for reference.

0
0
Silver badge
Thumb Down

"CCDP"? My problem is I am not sure, given what one suspects they would like to do, that....

.......they did not mean "CCCP". *

*Younger members may need to google that. -:P

10
0
Anonymous Coward

Pff - not an issue.

We already provide secure email, comms and IT services to UK companies, the more the merrier. :).

The problem of an evident lack of control, transparency and trustworthy oversight is not new, just that the process to legalise the abuse has now started. Any UK company that outsources IT to a UK based or controlled organisation already has the risk of backdoor intercept - compel the IT provider and the company in question may never find out (the magic word remains "terrorist").

Not a good position to be in if discretion is part of your business. Banks, lawyers, medical practises..

0
0
FAIL

person of intrest ...

just like the tv program there working towards a computer that can see and hear everything .. but don't be afraid till they knock on your door ..

just how many mp's will be watched and the queen herself .. nope just the baaa baa's then off to slaughter

0
1
Big Brother

Alternative approach.

How about a little background process that , every 30 minutes or so, would google "ANARCHY BOMB TERRORIST BESTIALITY AL-QUEDA SEXTRAFFIC" and bounce off a random half-dozen of the websites produced?

A million or two PCs doing that 24/7 ought to fuck up the statistics a bit.

14
0
Boffin

Re: Alternative approach.

I'm actually semi-serious about this. Of course it would need to be more sophisticated than I'm making it, but is there any reason why this shouldn't happen? Going by my experience, there are enough people (even non techies) objecting to the bill to suggest there would be enough of a user base to make a difference.

My coding skillz are rusty as fuck these days, but I reckon even I could put together something like this.

3
0

Page:

This topic is closed for new posts.