YaY, more pissing money up the wall by the incumbent government
Legislation relating to communications data will be yanked out of the existing Regulation of Investigatory Powers Act (RIPA) and brought under a new regulatory framework if the Home Office's plans to step up the monitoring of internet traffic passes through Parliament. Home Secretary Theresa May unveiled her proposals for the UK …
YaY, more pissing money up the wall by the incumbent government
Especially when the issue is fixed by three letters: V, P, and N. Even the 6pm news item dismissed the plans.
Yes; it's nearly as expensive as the two wars that the last lot got us into...
So after saying they were against this kind of thing when in opposition, there is no surprise that the current set of elected officials are all for it now they're the ones in power, even though a number of people will have voted for them simply because of their previous stance...
Ah well. Was to be expected...
How long before someone points out that this will be totally ineffective against the kind of things they're trying to legislate for, as all those naughty chaps already use secure VPNs and TOR?
Guessing the ISPs are rubbing their hands in glee at the thought of all this money coming their way. But if those naughty chaps only ever connect to vpnprovider.com or tor.org there'll be claims that this law has worked as no-one connects to dodgywebsite.ru anymore...
All politicians are radicals in opposition then feed us shit when they're in power.
I'm drawing a massive shite on my next ballot.
Anon - while it lasts
To come up with "Aaarrgh, terrorists" and "Will nobody think of the children". Disgusting!!
The police are NOT fighting crime with a hand tied behind their backs. They are free to get all the information they want IF THEY HAVE A WARRANT FOR IT. No reasonable suspicion = no warrant. I don't believe a word of 'limited access'. Once plod and gov agencies have full access to the raw data, how long is it before checking on a single suspects communications evolves into data-mining software constantly trawling through the whole data warehouse?
"So after saying they were against this kind of thing when in opposition, there is no surprise that the current set of elected officials are all for it now they're the ones in power"
Never seen and episode of Yes, Primeminister? The civil service and the security agencies are the ones pushing for this shite, the MPs are usually on the boards of security, hardware and ISP firms so they go along with it so they can cream off the profit from screwing over the common Joe in the street!
As the old saying goes:
It doesn't matter who you vote for because the Government will always win.
This just turned up:
"This just turned up: http://www.opendns.com/technology/dnscrypt/"
Since the IP address is enough and all the DNS lookup does is turn a string into an IP address and going from IP address to web site is easy. I'd be surprised if the information recorded didn't contain the IP address since that's all the information that's sent when accessing a web-site (you don't send the web-sites name to the web-site you're accessing, you send it a DNS server). So, web-sites with constantly changing IP addresses would defeat this as it would be really hard to go back in time to see what was at a given IP address.
"you don't send the web-sites name to the web-site you're accessing, you send it a DNS server"
Errr. Most HTTP1.1 clients do:
It's why you can host multiple domains on a single IP.
The consultation paper doesn't feature the word 'encrypt' which is a shame.
Because that is a word the Government are going to hate.
The URL host is used.to.route many shared sites. IP is not enough.
True, but they propose to record website visited and if a single server is hosting many sites then recording the IP is not enough. You need to record the URL in the GET request..
>£1.8bn over the course of 10 years.
My head hurts trying to think of how to calculate this but I would guess the cost of the disks for storing all the information required for 12 months, indexed and searchable would eat that figure up easily. Got to be disk as the information has to be available immedaitely so no waiting for a restore from tape allowed. Then there are the cabinets, power supplies, space all to be paid for by you and me. And that space that BT pays x pounds per square metre for will cost UK Gov PLC (aka you and me) 5x pounds psqm.
Have a little script that works during the moments your not using the internet, to visit random sites and send random emails, visit random vpn locations etc...
If we can't persuade them it's a bad idea at least bleed the budget dry.
Needs seedwords for the email- a bit like those godawful spam messages that are full of nonsense text.
Might I suggest:
Obvious icon is obvious.
You mean like TrackMeNot (it's a Firefox add-on that attempts to pollute Google tracking data by issuing random search requests at random times).
That will only work if you can do this collectively. Personally, I think this is what is missing from the Tor project: traffic obfuscation (basically doing what you propose, but distributed over a large set of nodes).
National smokescreen. Garbage in garbage out
Garbage in Garbage out?
The government does a good enough job of that already.
I don't have time to read the doct in full, but what counts as an ISP in this regard?
For instance would a company, running it's own email services, be required to keep these records and/or pass the info to the govt? What about someone running their own mail server as an individual?
Although there are obviously privacy concerns in this, I am personally worried that it will end up forcing people, like me, who run their own internet services to keep such records, which would obviously be quite a large task to such individuals.
just a guess, but I suspect they will deliberately leave the definition of ISP as vague as possible. But you raise a very valid point. How about people (like me) who have been known to run their own email servers ? I had cause to do this for a few months to help out an old employer.
I would imagine that anyone with anything to hide is already running their own servers anyway. Of course *where* those servers are could be problem. Because if I had anything to hide, I wouldn't be stupid enough to keep my server in the UK. That said, I might keep *a* server in the UK. As part of my project on looking for ET, I regularly fill up 1TB drives with recordings of the background noise of the universe. It looks suspiciously like it's encrypted too. ...
Last time I managed to get anything like an answer from the government, my micro-company, which handles email for a few dozen individuals and businesses, would not be classed as an ISP.
I don't know what proportion of internet email goes via small businesses like mine, versus the large ISPs.
Another pointless, unenforceable attempt to control the internet (along with that wonderful cookie law that most sites are ignoring, and the sites who've done something are just annoying their visitors!). Logic is proven, again, to be the polar opposite of politics.
Surely all you need to do is use a VPN Tunnel to somewhere outside the UK which doesn't log any activity and then they can't track you?
Lucky then that international terrorists, crime bosses and the like will never think of that!
Sorry standard VPN=FAIL.
when you start up your encrypted VPN tunnel the start-up credentials can be very carefully analysed and your session MITM DPI'ed.
You need an obfuscated VPN client such as the CIA's NetEraser/netCloaker/Gabriel family of communications Apps. NetEraser is a specialized program developed for In-Q-Tel/VirnetX (Central Intelligence Agency) by SAIC around the turn of the millenium.
there is hope to build a real working obfuscated VPN system like the pro's use, the NetEraser system is based on work by Professor Henning Schulzrinne of Columbia University in the 90's. He studied the SIP and RtTP protocols.
nearly all the other available internet censorship bypass tools are subverted by weaknesses, backdoors, bugdoors and simple bifurcation of cloned traffic. When the NSA does a job, they do a *great* job! Did I mention that NSA whistleblowers alleged that they just 'bought' telecom engineers in order to facilitate worldwide total information access....
There are more than one type of VPN, and I suspect your talking about PPTP (which is pretty crap in terms of real privacy) instead of OpenSSH to a site with a (double checked) certificate that you get warned if it magically changes (and where your DNS queries also go via the VPN...).
But really, they are not that interested in *you* to make the effort in most case to DPI it and break weak encryption. To bugger this up and waste the £1.8b they plan on pissing away you just need a lot of VPN users and 'trackmetnot' obscuring of the data to make the job of trawling impractically expensive.
And while most VPN providers will respond to a competent law request in their own country, again that is enough to restore sense by making the gov actually go through proper legal channels to spy on you, a process that is time & cost wasting unless they have very good reason to do so.
Which is the bit this whole thing lacks.
No it's not a fail.
We are talking about routine storage of communications data by ISPs here not what the security services can do if they really care. I am a Virgin customer. Virgin is not about to start doing man in the middle attacks on my VPN connection and if this stupid law is enacted, I shall indeed be passing all my traffic through a VPN and I shall be safe from snoopers as a result.
If MI6 decides that it's interested in me, they will break into my house and put a key logger/screen logger on my computer or network. There is nothing I can realistically do about that but I don't think MI6 cares about me.
I also think that the idiots in power (the polyshitions and the uncivil servants controlled by the lobbyist making money) are in for a big surprise in the amount of VPN traffic that will be transmitted over the coming years.
Not those who just want their personal privacy, but the vast number of average workers who will more and more be "working from home" and telecommuting. As with all these things the noise will totally smother any useful data, and the avoidance is simple for the real criminals.
Just about anywhere in the world you can buy pre-paid phones, no Id needed. They are cheap disposable and effectively untraceable and just about every villain will have easy access to these.
The fact that HMG cannot even stop these people getting phones, drugs and prostitutes while they are IN PRISON, proves just how incompetent the security forces truly are.
AC: Don't make it too easy for them :^)
I'm from the government. I'm here to help you.
"It is a vital tool for the police to catch criminals and to protect children."
...the children would come into it. Would love to see the stats of how many children were unprotected before the legislation and how many extra are protected when it comes into force. Probably many are unprotected and then most will be protected, which will prove the legislation's effectiveness in the face of the ever increasing paedophile onslaught.
Considering the expected increase in data requests, the ISPs would be better off creating a standard API and publishing this, available on request if you can prove that you are a 'public authorities' sort of person. Would save all the hassle of having to hack in and post the data.
I was about to say something along those lines.
Saying "think of the children" tends to have the opposite effect on me to that intended though, as I think it is so cliched I can't help but wince.
If it was about protecting children, I suspect there are plenty of better ways of spending £1.8 billion.
Has no one else noticed the large increase in pedo related stories in the news in the last week or so? I suspected something like this was about to be announced.
ooh, I'm so angry I could write a pithy comment on a tech press message board, that'll fix it
I'd have all my customers install TOR, then keeping track of where everyone went and what they did would be really easy...."They all went that-a-way, Officer"
"I don’t think we should pass broad laws on a promise from government that they will never abuse them."
I think Julian Huppert is a bit late...
I think we all know who the threat to our civil liberties is here
Terrorists have won, we're destroying ourselves
Open Rights Group
Doing it right
Everyone here already knows it's a bad idea. Write to your MP and tell them so.
I see in that one reason for accessing the collected data is :
"for the purpose of assessing or collecting any tax, duty, levy or other imposition, contribution or charge payable to a government department,"
This is in a long list after terrorism, detecting crime and in the interests of public safety.
Really? You can check my last year of web access because I haven't paid my council tax?
"Really? You can check my last year of web access because I haven't paid my council tax?"
or that parking fine from last month.
Or because you're suspected of placing the wrong type of material into your recycling bin.
Unfortunately, if you read it you'll find that the arstechnica article you link states that the Tor Project are more than happy to help unmask people at the behest of "law enforcement agencies", so you best hope you have a better fallback than Tor when your dissent gets labelled "terrorism".
ToR is nice, just sometimes, the ToR network will - surprise - share all your data with the bad guys (insert your own definition of bad guy here)
ToR has a history of 'bugdoors' unique identifying features like a header that says I"M USING TOR - LOOK AT ME
check the ToR bug list discussion forums and see how successful the repressive nation of IRAN has been at finding ToR using activists, hidden amongst their internet gaming population.
if you use ToR nested inside some custom obfuscated RtTP steganographic tunnel, as I'm sure the *other bad boys do* then you might have freedom of censorship. until then, you will self censor, under fear of implied threat, whilst society will spiral down to the depths of Hogarth's Gin Lane.