back to article Snoopers' charter rests in shallow grave - likely to rise again

The coalition government may need to bring in legislation in the final year of Parliament before a General Election is called that would allow spooks and police to see - at a "given point in time" - if a suspect could be linked to a certain IP address. In Wednesday's Queen's Speech, her Majesty made no mention of the Tory-led …

COMMENTS

This topic is closed for new posts.

Page:

Anonymous Coward

I expect to be arrested imminently for running an open home wifi router

7
0
Bronze badge
Stop

Why?

I think you might be paranoid.

0
7
Silver badge

Not "imminently"

But eventually, since your behaviour is clearly intended to frustrate the need of law enforcement to identify who is using an IP address at a given point in time.

Naughty, naughty.

5
0
Anonymous Coward

Re: Not "imminently"

''clearly intended to frustrate the need of law enforcement''

Or to allow my elderly low usage neighbours to email their kids in Australia

either I'm a hardened criminal organising terror vie the internet, or I'm helping out some old folk skyping their loved ones on a borrowed laptop

could go either way

4
0
Bronze badge

Re: Not "imminently"

"either I'm a hardened criminal organising terror vie the internet, or I'm helping out some old folk skyping their loved ones on a borrowed laptop"

Same thing, apparently.

3
0
Anonymous Coward

Re: running an open home wifi router

Run a Tor exit node. Then you can plausibly deny everything.

0
0
Bronze badge
Stop

Tor

Running a Tor exit node is pretty easy to set up, however, you'll probably find yourself getting cut off by your ISP in short order. For some reason they frown on (and often explicitly ban in their ToS) running an anonymiser on a home connection.

You'll also get nasty letters from basically everyone and their lawyer, especially if you don't configure your node to block bit-torrent traffic.

1
0
Anonymous Coward

Re: Tor

It wouldn't surprise me to read that some ISPs already carry clauses in their ToS that prohibit open Wi-Fi as well as said anonymizers.

0
0
Gold badge
Unhappy

Re: Not "imminently"

"either I'm a hardened criminal organising terror vie the internet, or I'm helping out some old folk skyping their loved ones on a borrowed laptop"

No.

When in doubt the civil servants behind this always come down on the "He's a wron'un" view.

Like Stalin, better a 100 innocents go down than 1 guilty man escapes.

0
0
Childcatcher

Please won't somebody think of the children?

Because over 99% children will spend the majority of their lives as adults.

Think about whether you want them to spend their adult lives with the government watching everything they do online.

18
0
Silver badge

Re: Please won't somebody think of the children?

But pedoterrorists are coming to copy our music!

15
0
Silver badge

Stupidity

I'm not sure who is advising (if anyone) the government and more specifically the Home Office in this. They don't seem to realise that an IP can never be linked to a single human being, no matter what they do. At best, they'll be able to track it to an endpoint. However, who's using that endpoint? Unless they mandate userid/password logon (with logs retained) for every endpoint, unless they actively see the person using it, it could be anyone.

This also misses the fact that once the connection ends up in someones house or business, all bets are off. The best anyone (other than the owner) can say, is that it's somewhere within that house or business. No more. With NATing etc., routers, firewalls etc. in common use, anything more is practically impossible. At that point, you either make the owner of the internet connection liable for everything done over it, which is stupid, or you have no real proof of anything.

And what of hacking and viruses etc. If your computer is taken over by someone else as part of a botnet, are you still liable for what it does? Clearly, the government and their advisers need to speak to people with some reason and understanding of how the internet works, because they're not showing any. It may be a pain for the police and intelligence communities to actually have to do some real work, rather than just looking the answer up in some log somewhere, but that's the reality. I'm not sure what GCHQ are doing, but you would have thought a person or two from there could advise the government in some sense.

7
0
Bronze badge
Stop

Re: Stupidity

What is the difference here between 'tracking' an IP, and using telephone data? From what you are saying above the same considerations would apply to, using the endpoint of an IP address, as would also apply to telephone data as circumstantial evidence.

I.e. just like inferring conclusions from IP information, using telephone calls as evidence, unless either seen or caught on CCTV, you still don't know who actually made the call.

Since you aren't sure what GCHQ are doing I would suggest they are advising the government along these lines?

0
0
Bronze badge
Big Brother

Re: Stupidity

You are making the assumption that the government's aim is to draw up legislation that is sensible, balanced and uses best practices to identify suspects to a high degree of accuracy.

What they usually do is to make a believable mechanism that looks just careful enough to identify people they are interested in due to other information that has been gathered already.

As an example, do some Googling on the subject of Elms House, Anthony Blunt's pardon etc. and see why the establishment is going out of its way not to look too closely at evidence of deep depravity among the ruling classes. It doesn't matter who has been abused and the aim is not to find and prosecute the guilty nor to belatedly give justice to those that deserve it. It's to ensure that the guilt of the great and the good (cough splutter!) doesn't make it into the public consciousness.

The people that want to be in charge are interested in having power over others, it's hardly surprising that many of them also have interests in using that power on the weak and the vulnerable.

6
0
Silver badge

Re: Stupidity

A telephone call is slightly different if you deal in content as well. As you might be able to voice match the participants, you might be able to prove individuals. Using the content of an email, you might possible as well. However, telephone interception does allow for the contents to be used. They're explicitly stating that content cannot be used for internet intercepts.

1
0

Re: Stupidity

But they can link an ip address at a certain time to a phone number, hence a person who pays the bill, even if the person is acting for a corporation, this is sufficient to apply pressure to investigate the usage of the connection.

See http://en.wikipedia.org/wiki/Hadopi

The bill payer is apparently responsible for the internet activity and the securing of the wifi router and connections.

0
0
Anonymous Coward

Re: Stupidity

Except that (fixed) telephones typically do not:

Change their physical location, address or owner on a frequent basis. And even mobile phones can be physically tracked by their association with transmitting equipment.

Change or renew their phone numbers on a regular basis

Have expiring phone numbers which can be re-used by other phones later.

etc.

Cyberspace is hard to police by design. Passing sweeping, ill-informed legislation helps no one, including the plods. Until her majesty and others realize that the Internet is not analogous to a hardwired telephone / telegraph network this sort of nonsense will continue.

2
0
Gold badge
Unhappy

Re: Stupidity

"They're explicitly stating that content cannot be used for internet intercepts."

Yes that concession was grudgingly inserted in the text.

I'm quite sure most of the people really behind this are mentally adding the word "yet" to the relevant sentences.

1
0
Silver badge

Re: Stupidity

This is about retaining data. They can't make them keep a copy of the whole internet, but they want every connection made. They just had to figure out how to solve the problem of knowing who made the connection... or just pretend it's not a problem.

We have this guy, we don't like the look of him, must be up to something... tell us what he has been connecting to.

He was taking pictures with his iPad, then went into a coffee shop with free wifi. Must be a terrorist!

0
0
Bronze badge
Unhappy

This will come sooner or later.

Together with outlawing of technologies like TOR and so on. As usual only the dimest of terrorist and perverts will be caught, along with a significant number of the innocent and naive.

1
0
Anonymous Coward

Re: This will come sooner or later.

The Chinese already outlaw and block TOR yet they fail to stop people from using 'bridges' to connect to the network.

If the UK follows suit, expect the UK to be listed on the "countries that restrict net access" lists and people will be nagged to help them as we do the Chinese currently.

0
0
WTF?

Bunch of knobs

Just tattoo an IP address to my face and be done it!

1
0
Paris Hilton

Re: Bunch of knobs

...and while you're at it, tattoo a MAC address to my bum cheeks! Along with my default admin password!

Insert finger to restore to factory settings!

13
1
Silver badge
Coat

Re: Bunch of knobs

"...and while you're at it, tattoo a MAC address to my bum cheeks! Along with my default admin password!"

Would that be a dirty-MAC address?

Can you hand me my—

Oh, you appear to be wearing it already yourself.

5
0
Silver badge
Happy

Re:Just tattoo an IP address to my face

I agree- but not mine...

0
0
Joke

Re: Dirty macs

I'm not a member of the mucky mac brigade! I use Windows and Android!

1
0
Anonymous Coward

Re: Bunch of knobs

Insert finger to restore to factory settings!

Shouldn't that be

Insert finger to reset / reboot

Insert dick to restore to factory settings!

?

0
0
Anonymous Coward

The Price of Freedom

is eternally telling the Home Office to get a grip.

Apparently, a Home Office spokesman recently said: "Crime continues to fall – recorded crime is down by more than 10% under this government. England and Wales are safer than they have been for decades."

9
0

It clearly isn't the politicians that come up with these ideas. Someone 'persuades' them by telling all sorts of horror stories.

Who is the ringleader in the civil "service" at the Home Office? That's where the problem lies.

3
1
Silver badge

I'm not so sure.

I have a strong suspicion this actually is politicians. With many high profile cases around the internet and criminals using it, they see it as an opportunity to show themselves as 'tough on crime' to the masses. Unfortunately, in this case, the masses probably know more about the technology than the politicians and therefore see right through the scam. Unfortunately, politicians aren't reknowned for having the intellect to know this.

4
0
Big Brother

Wrong Office

Your assumption is likely off target in that it would be from the 'ringleaders/advisors' in the Cabinet Office rather than civil service proper and the guys in the 'Doughnut' (yes we Brits spell words correctly).

Just linking a single bit of information to an IP address wouldn't be of any use. But monitoring one or several over a period would allow a half decent analyst to build up a profile of the users and pinpoint who they are with a great degree of accuracy. Without the need for the Home Secretary to allow the 'line' to be tapped.

2
0
Anonymous Coward

the ringleader in the civil "service" at the Home Office?

Charles Farr. HTH.

https://en.wikipedia.org/wiki/Charles_Farr

4
0
Bronze badge

Re: I'm not so sure.

In our Great British democracy, politicians are much more representative of ordinary people than are civil servants. And half the population have below average intellect.

It would be rather more worrying if all politicians were above average. But we have, for example, an anti-scientific idiot representing somewhere in Leicestershire.

0
0
Anonymous Coward

Re: I'm not so sure.

Don't forget the criminally stupid masses that think that the dailymail is the gospel truth!

0
0
Gold badge
Unhappy

"Who is the ringleader in the civil "service" at the Home Office? That's where the problem lies."

There is a "Communications Capabilities Modernisation unit" within the Home Office.

You might like to start putting them under surveillance.

0
0
Anonymous Coward

Worse Than Jason Voorhees

This bill will keep coming back until it passes because the security services want it. Both the Tories & Labour seem hellbent on introducing it (it's probably only the Lib Dems who've prevent it's introduction), so we'll get it at some point in the future. Why is it terrible for places like China to have mass surveillance but for democracies like the UK it's reasonable? When we criticise China all they will do is point to us & say we have the same thing they do.

10
0
Silver badge

Re: Worse Than Jason Voorhees

Do the security services really want it though? Surely, any tech savvy person in the security services knows the information is of very limited use as it would rarely identify an individual 'beyond reasonable doubt' and therefore would add little to any trial. So, what's the point? Either, they're not really asking for it, or they intend to target people (and maybe prosecute them) using information that does not meet the required court standards. Maybe that's why they're very keen on secret courts and trials?

Why not cut out the middle man and simply charge anyone they fancy whenever they like on the basis there's something we don't like about them. Would make about as much sense.

4
0
Silver badge
Happy

Re: Worse Than Jason Voorhees

"Do the security services really want it though?"

Not really, they have enough to do but the management in said services need to have some sort of justification for all the money they siphon from our taxes. Junkets to far flung places and new Bond style gadgets need to be paid for somehow!

1
0
Anonymous Coward

Re: Worse Than Jason Voorhees

"Why not cut out the middle man and simply charge anyone they fancy whenever they like on the basis there's something we don't like about them.

What a retired policeman once said was the policeman's favourite - a "Martini Law" - "anyone, any time, any place"

3
0
Childcatcher

"In order to know who has actually sent an email or made a Skype call, the police need to know who used a certain IP address at a given point in time. Without this, if a suspect used the internet to communicate instead of making a phone call, it may not be possible for the police to identify them." -- This information is already stored by the ISPs in the form of DHCP/ARP logs and can be accessed by Police already. What's the problem, why is more legislation needed if they already have what they need?

0
0
Silver badge

Nope

But, that's the whole point. The information is not stored by the ISP. They can identify which endpoint (from their perspective) was associated with that IP at that time. However, that doesn't give a person. At best it identifies a house or business etc. Many people could have been using the internet service from within those addresses. So, what are they going to do? Make the owner of the line responsible for everything done by everybody on the line? That would be madness. The truth is that attribution can only be achieved through credentials and not any physical entity, whether ISP connection or whatever.

On the one hand, politicians always go on about getting everyone connected and the great business benefits and opportunities the internet brings. On the other hand, they're constantly trying to bring in stupid legislation like this, which will simply impinge on it.

2
1
Silver badge
FAIL

Re: Nope

This can't even identify a business or household either.

All it takes is for a connection to 'bounce' into and back out of one of them for the existing DHCP/ARP log and the purported IP connections logs to be completely and utterly useless.

How could that happen? Botnet, internal corporate network, distributed VOIP (torrents, Skype!)... All of which already exist and are in common usage, and except for the botnets for perfectly law-abiding reasons as well as the presumed 'black hats'.

There is no possible way to know if a given connection 'in/out' is in any way related to another 'in/out' connection from the logs - short of DPI with man-in-the-middle attacks and logging all the transmitted data. (How many petabytes per day?) Even that would only require encryption done 'mid-bounce' to make it utterly useless.

So truly, this is worse than useless in every possible way - not only does it require a loss of privacy on the part of every UK resident, even if it worked (which it can't), it could only serve to make the haystack several orders of magnitude bigger for the security services.

2
0
Silver badge
FAIL

I can't see how any of what they want to do is even possible....

I really would like to see them offer a scenario where they actually need to identify someone via the IP address...

So you know a skype call was made between two people... how?

track who sent an email, again how do you have the IP?

This is a serious fail by the governments advisors...

0
0

Re: Nope

Agree completely. Scenario: I war-drive and find someone's open wi-fi, and use it to set up half a dozen one-time use free email addresses. Then I go down to Starbucks for a couple of hours, and use their "free wi-fi" signed on with some of these one-time email addresses. Of course, I'm spoofing my MAC address, and I pay with cash! How in the world will "the authorities" link my transactions at Starbucks back to me, unless the content I transmit or consume identifies me directly?

0
0
Gold badge
Unhappy

" What's the problem, why is more legislation needed if they already have what they need?"

They have to ask about someone specifically which needs things like evidence and "probable cause," what this gives them ( supposedly only "The Security Service," but RIPA demonstrated where those can be delegated down to) everyones without having to ask anyone for it.

0
0
Linux

Re: Nope

"So, what are they going to do? Make the owner of the line responsible for everything done by everybody on the line" -- That's how it works as I understand it.

0
0
Silver badge

Re: Nope

"That's how it works as I understand it."

To my knowledge, there has never been a case upheld in court (UK), where the owner of the connection has been held liable for what's been done over the line, unless it can be proven it was them. This is why they raid the house and seize computers etc. for analysis. If it was as simple as you suggest, once the connection is identified, you simply need to charge and it's job done. This isn't the case or what happens.

0
1
Linux

Re: Nope

"3.4. In addition to and without prejudice to your obligations pursuant to our Terms and Conditions, you agree to comply with (and ensure that others using the Services comply with) all applicable laws, statutes and regulations in connection with the Services. As the User of record, you are responsible for all use of your account, irrespective of use without your knowledge and/or consent. " -- Bam! Suck on that you ignorami

Excerpt taken from the following page: Virgin Media, Cable customer's Acceptable use policy

0
0
Silver badge
FAIL

Re: Nope

> Bam! Suck on that you ignorami

Fortunately Virgin's T&Cs do not constitute statute law, at least that's how it was the last time I looked.

You never know, though. Richard is pretty influential these days....

0
1
Silver badge

Don't forget cell phones

I go to one of the "what is my IP" sites and I see a public IP address. I look at the status on my phone and I see 10.200.x.x The cell phone network is using NAT.

Police need to know who used a certain IP address? Don't know could be hundreds of people using that address.

0
1

Page:

This topic is closed for new posts.

Forums