YaY, more pissing money up the wall by the incumbent government
Good Times
Legislation relating to communications data will be yanked out of the existing Regulation of Investigatory Powers Act (RIPA) and brought under a new regulatory framework if the Home Office's plans to step up the monitoring of internet traffic passes through Parliament. Home Secretary Theresa May unveiled her proposals for the …
So after saying they were against this kind of thing when in opposition, there is no surprise that the current set of elected officials are all for it now they're the ones in power, even though a number of people will have voted for them simply because of their previous stance...
Ah well. Was to be expected...
How long before someone points out that this will be totally ineffective against the kind of things they're trying to legislate for, as all those naughty chaps already use secure VPNs and TOR?
Guessing the ISPs are rubbing their hands in glee at the thought of all this money coming their way. But if those naughty chaps only ever connect to vpnprovider.com or tor.org there'll be claims that this law has worked as no-one connects to dodgywebsite.ru anymore...
To come up with "Aaarrgh, terrorists" and "Will nobody think of the children". Disgusting!!
The police are NOT fighting crime with a hand tied behind their backs. They are free to get all the information they want IF THEY HAVE A WARRANT FOR IT. No reasonable suspicion = no warrant. I don't believe a word of 'limited access'. Once plod and gov agencies have full access to the raw data, how long is it before checking on a single suspects communications evolves into data-mining software constantly trawling through the whole data warehouse?
"So after saying they were against this kind of thing when in opposition, there is no surprise that the current set of elected officials are all for it now they're the ones in power"
Never seen and episode of Yes, Primeminister? The civil service and the security agencies are the ones pushing for this shite, the MPs are usually on the boards of security, hardware and ISP firms so they go along with it so they can cream off the profit from screwing over the common Joe in the street!
"This just turned up: http://www.opendns.com/technology/dnscrypt/"
Since the IP address is enough and all the DNS lookup does is turn a string into an IP address and going from IP address to web site is easy. I'd be surprised if the information recorded didn't contain the IP address since that's all the information that's sent when accessing a web-site (you don't send the web-sites name to the web-site you're accessing, you send it a DNS server). So, web-sites with constantly changing IP addresses would defeat this as it would be really hard to go back in time to see what was at a given IP address.
>£1.8bn over the course of 10 years.
My head hurts trying to think of how to calculate this but I would guess the cost of the disks for storing all the information required for 12 months, indexed and searchable would eat that figure up easily. Got to be disk as the information has to be available immedaitely so no waiting for a restore from tape allowed. Then there are the cabinets, power supplies, space all to be paid for by you and me. And that space that BT pays x pounds per square metre for will cost UK Gov PLC (aka you and me) 5x pounds psqm.
I don't have time to read the doct in full, but what counts as an ISP in this regard?
For instance would a company, running it's own email services, be required to keep these records and/or pass the info to the govt? What about someone running their own mail server as an individual?
Although there are obviously privacy concerns in this, I am personally worried that it will end up forcing people, like me, who run their own internet services to keep such records, which would obviously be quite a large task to such individuals.
just a guess, but I suspect they will deliberately leave the definition of ISP as vague as possible. But you raise a very valid point. How about people (like me) who have been known to run their own email servers ? I had cause to do this for a few months to help out an old employer.
I would imagine that anyone with anything to hide is already running their own servers anyway. Of course *where* those servers are could be problem. Because if I had anything to hide, I wouldn't be stupid enough to keep my server in the UK. That said, I might keep *a* server in the UK. As part of my project on looking for ET, I regularly fill up 1TB drives with recordings of the background noise of the universe. It looks suspiciously like it's encrypted too. ...
Last time I managed to get anything like an answer from the government, my micro-company, which handles email for a few dozen individuals and businesses, would not be classed as an ISP.
I don't know what proportion of internet email goes via small businesses like mine, versus the large ISPs.
Another pointless, unenforceable attempt to control the internet (along with that wonderful cookie law that most sites are ignoring, and the sites who've done something are just annoying their visitors!). Logic is proven, again, to be the polar opposite of politics.
Sorry standard VPN=FAIL.
when you start up your encrypted VPN tunnel the start-up credentials can be very carefully analysed and your session MITM DPI'ed.
You need an obfuscated VPN client such as the CIA's NetEraser/netCloaker/Gabriel family of communications Apps. NetEraser is a specialized program developed for In-Q-Tel/VirnetX (Central Intelligence Agency) by SAIC around the turn of the millenium.
there is hope to build a real working obfuscated VPN system like the pro's use, the NetEraser system is based on work by Professor Henning Schulzrinne of Columbia University in the 90's. He studied the SIP and RtTP protocols.
nearly all the other available internet censorship bypass tools are subverted by weaknesses, backdoors, bugdoors and simple bifurcation of cloned traffic. When the NSA does a job, they do a *great* job! Did I mention that NSA whistleblowers alleged that they just 'bought' telecom engineers in order to facilitate worldwide total information access....
There are more than one type of VPN, and I suspect your talking about PPTP (which is pretty crap in terms of real privacy) instead of OpenSSH to a site with a (double checked) certificate that you get warned if it magically changes (and where your DNS queries also go via the VPN...).
But really, they are not that interested in *you* to make the effort in most case to DPI it and break weak encryption. To bugger this up and waste the £1.8b they plan on pissing away you just need a lot of VPN users and 'trackmetnot' obscuring of the data to make the job of trawling impractically expensive.
And while most VPN providers will respond to a competent law request in their own country, again that is enough to restore sense by making the gov actually go through proper legal channels to spy on you, a process that is time & cost wasting unless they have very good reason to do so.
Which is the bit this whole thing lacks.
No it's not a fail.
We are talking about routine storage of communications data by ISPs here not what the security services can do if they really care. I am a Virgin customer. Virgin is not about to start doing man in the middle attacks on my VPN connection and if this stupid law is enacted, I shall indeed be passing all my traffic through a VPN and I shall be safe from snoopers as a result.
If MI6 decides that it's interested in me, they will break into my house and put a key logger/screen logger on my computer or network. There is nothing I can realistically do about that but I don't think MI6 cares about me.
I also think that the idiots in power (the polyshitions and the uncivil servants controlled by the lobbyist making money) are in for a big surprise in the amount of VPN traffic that will be transmitted over the coming years.
Not those who just want their personal privacy, but the vast number of average workers who will more and more be "working from home" and telecommuting. As with all these things the noise will totally smother any useful data, and the avoidance is simple for the real criminals.
Just about anywhere in the world you can buy pre-paid phones, no Id needed. They are cheap disposable and effectively untraceable and just about every villain will have easy access to these.
The fact that HMG cannot even stop these people getting phones, drugs and prostitutes while they are IN PRISON, proves just how incompetent the security forces truly are.
AC: Don't make it too easy for them :^)
"It is a vital tool for the police to catch criminals and to protect children."
...the children would come into it. Would love to see the stats of how many children were unprotected before the legislation and how many extra are protected when it comes into force. Probably many are unprotected and then most will be protected, which will prove the legislation's effectiveness in the face of the ever increasing paedophile onslaught.
Considering the expected increase in data requests, the ISPs would be better off creating a standard API and publishing this, available on request if you can prove that you are a 'public authorities' sort of person. Would save all the hassle of having to hack in and post the data.
I see in that one reason for accessing the collected data is :
"for the purpose of assessing or collecting any tax, duty, levy or other imposition, contribution or charge payable to a government department,"
This is in a long list after terrorism, detecting crime and in the interests of public safety.
Really? You can check my last year of web access because I haven't paid my council tax?
This post has been deleted by its author
This post has been deleted by its author
Unfortunately, if you read it you'll find that the arstechnica article you link states that the Tor Project are more than happy to help unmask people at the behest of "law enforcement agencies", so you best hope you have a better fallback than Tor when your dissent gets labelled "terrorism".
This post has been deleted by its author
This post has been deleted by its author
ToR is nice, just sometimes, the ToR network will - surprise - share all your data with the bad guys (insert your own definition of bad guy here)
ToR has a history of 'bugdoors' unique identifying features like a header that says I"M USING TOR - LOOK AT ME
check the ToR bug list discussion forums and see how successful the repressive nation of IRAN has been at finding ToR using activists, hidden amongst their internet gaming population.
if you use ToR nested inside some custom obfuscated RtTP steganographic tunnel, as I'm sure the *other bad boys do* then you might have freedom of censorship. until then, you will self censor, under fear of implied threat, whilst society will spiral down to the depths of Hogarth's Gin Lane.
You'd think, but technology has existed for a long time to allow secure communication, but what do the terrorists do? Simple substitution ciphers using excel:
http://www.theregister.co.uk/2011/03/22/ba_jihadist_trial_sentencing/
This jihadi even worked in IT!
If you think about, the kind of mind that is happy to blow itself up is unlikely to be rational or follow best practices.
"Home Secretary Theresa May unveiled her proposals for the UK's rehashed internet super-snoop law today, which immediately led to the Home Office's website collapsing.
At time of writing, the draft 117-page Communications Data Bill was unavailable online."
Yes, well, that says it all about traditional government competence in these novel Live Operational Virtual Environment fields of today, methinks, although they will probably blame techies for their not being able to meet public demand[s]. Some things/bodies never change, eh?
Is there a global virtual war in progress, which only super intelligence services with special forces can win?
It's a mad, bad, sad, rad world and there is no mistaking that, but it doesn't need to be whenever you have Global Control of IT and Massive Modular Media Mogul support ....... and all that requires is that one provides IT the requisite Proprietary Intellectual Property Portfolios/MkUltraSensitive Semantic NeuroLinguistic Programming Programs. IT is not as if it is difficult like sending folk into Space and thinking about colonising Mars, is it?
Now who would talk to about that simply complex project ...... Future Perfect Present Product Placement? Who provides the intelligence product for nations to speak peace unto nations ....... although that appears to be a position long vacant if one considers the present state of nations with obviously sub-prime administrations in support of that status quo?
...that we were promised when the coalition took power. Just goes to show you that George Carlin was absolutely right when he said that this shit we do every four or five years to shuffle things around means zip and is just an illusion to make you think you have control. That election shit? Doesn't mean a fucking thing. The real power lies with the lobbyists, corporations and civil servants; those don't change across parliamentary terms.
Heard it all before, the bill will never make it through as all it will take is a single FOI request asking to see what your MP does over the internet and the whole process will be derailed.
Even though the average MP is a moron, even they will have to acknowledge that this recording of information goes against basic privacy.
In the words of Kenny Everett - line 'em up against the wall and bomb the bastards!
"more communications taking place on the internet using a wider range of services, ... not as accessible as data from older communications systems like ‘fixed line’ telephones."
People surely spend more time communicating over the internet than they ever did with the phone (particularly if reading an on-line newspaper now counts as 'communication'). So no matter how they frame it, it's a massive increase in surveillance capabilities. Is this good or bad? In a democracy it should be up to the people to decide, but kicking out labor seems to have failed to make a difference on this topic. One big point in favor of Swiss-style direct democracy: Their stupid laws at least reflect a democratic will.
and the bad guys will go low-tech. So while MIx are sitting at their little terminals, congratulating themselves on having secured the internet, they completely miss the terrorist cells who hand-deliver their communications.
Al-Quaeda stay well under the tech radar by faxing each other. And unsportingly, they do it in handwritten arabic. Not sure what the current backlog at the NSA is, but unless a lot more people have learned arabic in the US, it'll be days at least.
.. that those who vote for it share every detail of their life, publicly. I know from experience that once the resources are there they WILL be abused, so it is this best to exposed the "Ye" voters to what is really going to happen.
I must admit I am a tad curious about what is so fascinating about the lives of ordinary citizens that they are so enthusiastically trying to gain access to it. Or did they buy Facebook shares and now seek to help the company to some more customer data to haul the share price back to a point where they can finally shed the stock?
I really don't have anything to hide, but that still doesn't mean I want someone jacking a scope up my rear end whenever they feel like it - I do not need to defend wanting privacy, that is my right. They need to defend why they want the privilege to invade it, and "think of the children" isn't exactly cutting it.
The key problem is trust. They would have had a much easier ride if it hadn't been very clear that abuse will actually precede proper use (we've seen enough of that with anti-terror laws), and without the ability to supervise use this should not even be considered as a law if they genuinely only had benign motives (let's turn this around: in an alleged democratic government, THEY should have nothing to hide). Transparent release of its use (which can be delayed to protect ongoing investigations, but never omitted) is required, as well as punishing the heaving crap out of the PEOPLE (not companies or institutions, PEOPLE) who abuse this privilege instead of using cheap escape clauses that even Tony Blair would not have deigned to use.
I acknowledge the need for crime fighting tools. I do not acknowledge the need to make those tools easy to use. And I certainly disagree with the traditional attempts to avoid accountability.
Depending on what the something is, typically you would not pay income tax on it, but CGT. If you sell your xbox on ebay, theoretically you should be paying CGT on the increase in value of the item, but since it has very likely depreciated in value, there is no tax to pay.
"Law enforcement agencies – the police, the Serious and Organised Crime Agency and Her Majesty’s Revenue and Customs – account for the overwhelming majority of annual requests for access to communications data under the Regulation of Investigatory Powers Act ('RIPA') 2000."
HMRC, eh? Wasn't this all to stop teh t3rr0rists and t3h p33d0s?
Aldous Huxley once wrote:
“If offered the choice between liberty and security, most people would unhesitatingly vote for security”
As long as we can trust the UK government to look after us, I guess its not such a big deal. But if all that snooping power falls into the wrong hands, things could get very messy indeed!
this bill will require ISP's to record data about the communications, essentially a syslog output from the ISP's interface to your modem. for those unfamiliar with syslog output from a cisco or juniper router ACL it'll likely contain time stamp, source IP & port, & destination IP & port, state of connection.
This will give the searchers enough to build a 'web of connections' to determine what you have been upto & who was there (at the same time, previously or after).
IPv6, without randomizing the last 64 bits, will reveal the unique address of the devices network interface positively identifying a device & its purchaser. Of course this can be obfuscated but the masses won't be able to do this, this may detectable & the media will ignore that fact..
the common people will get unduly harassed and this will only stop when a celebrity gets unduly caught up in this and can afford to successfully fight the system!
The draft bill places oblications on telecommunications operators.
In the draft bill:
“telecommunications operator” means a person who—
(a) controls or provides a telecommunication system, or
(b) provides a telecommunications service,
“telecommunication system” means a system (including the apparatus comprised in it) that exists (whether wholly or partly in the United Kingdom or elsewhere) for the purpose of facilitating the transmission of communications by any means involving the use of electrical or electro-magnetic energy,
“communication”—
(a) in relation to a telecommunications operator, telecommunications service or telecommunication system, includes—
(i) anything comprising speech, music, sounds, visual images or data of any description, and
(ii) signals serving either for the impartation of anything between persons, between a person and a thing or between things or for the actuation or control of any apparatus,
Which would seem to make anyone with wi-fi or even a hi-fi or an electric front-door bell subject to the requirements of the draft bill.
Is it just me thats sceptical that just before this pedo/terrorist finding bill is announced that the news stories are all about how there is a pedo around every corner
http://www.bbc.co.uk/news/uk-politics-18422204
http://www.bbc.co.uk/news/uk-18428289
http://www.bbc.co.uk/news/technology-18445200
http://www.bbc.co.uk/news/uk-18442288
Good way to make everyone believe that if they don't allow the government to monitor everything on the internet then the pedos will get your children
"Nothing in these proposals will authorize the interception of the content of a communication."
This has been the line though out the lead up to the proposed bill today. It is a statement that stretches things a far amount to say the least. The gov believes that internet surfing history is analogous to phone call history. This is completely untrue.
When you have a record of the number someone has called, you can see the address and company or person it belongs to. You may see that it is a sex chat line and assume the caller discussed things of a sexual nature, but that is it.
With a fully qualified internet address you can see the exact content that user saw. So the web page address is all you need to see the 'content' of the communication. The two are in no way analogous. At most the only thing that should be available without a warrant is numerical IP address of the site visited and that's it.
So no, the idea that these proposals will not expose the content of communications without a warrant is pretty false. Unfortunately since most journalists don't have much technical knowledge, they are unable to challenge MP's on this, when they repeatedly, make these in-accurate assertions.
Some of the reports claim that they will only store the web site and not the individual page.
(What's the betting that will silently be changed at the earliest opportunity after the system is brought in?)
But that would presumably mean that if a web page shows an image that's sourced from alqaeda.org then anyone viewing that page will be recorded as visiting that site?
Logging the content would actually be safer.
So it logs that you connected to 123.123.123.123. That server hosts KnittingPattern.com, but it also hosts NakedTherasaGorman.com and JihadWeekly.com - they just didn't record what you accessed.
It logs that you made a cellphone call to a certain number and somebody on their terrorist watch list made a call to the same number later. You were ordering a curry and somebody in their kitchen has a relative that's a bit naughty - but now you are logged as part of a terrorist network.
So your argument is to have more of the content available without a warrant so that the innocent will not be caught up with the guilty because in the current climate, people are considered guilty by association. Rather than arguing for more invasive warrantless survalence because innocent until proven guilty as a principle has fallen by the wayside. How about re-affirming that principle instead.
Everybody sit still for this. After all, we sat still for video surveillance on every corner, government hoovering of personal data from government agencies, banks, the NHS, credit card companies, credit reporting agencies. We sit still every day for government chucking our personal data in dustbins, losing it in the mail, losing it on the train, leaving it on the back seats of their cars.
Of course there's no alternative to this. Well, except........ the existing process of if you want access to an individual's private information you apply to a judge for a warrant to get it.
But no matter. This is not about the government gathering and aggregating our personal data. This is not about 'monetarising' that data. This is not about warehousing and analysing that data so that potential malefactors can be singled out and controlled.
At least it's not if we all sit still and do nothing about it.
Tor should be pretty effective at providing good anonymity here. Consequently, two things will happen:
(i) Tor will be made illegal.
(ii) Tor users will end up as suspects and subject to other kinds of surveillance.
Madness. E-petition, anyone? http://epetitions.direct.gov.uk/petitions/32400
(ii) Tor users will end up as suspects and subject to other kinds of surveillance.
Well, you'd think. Problem is, thanks to other measures, you are going to have a *lot* of people using VPN/TOR type solutions to remain anonymous. If 1 in a 1000 was using it, then HMG might have just gotten away with a tactic of trying to prosecute by insinuation ... "Only bad people use that sort of technology, therefore the person we are prosecuting is bad". Bit like the way whenever a terrorist "suspect" is arrested, they always seem to find "indecent images" on their computer.[1].
But when the number rises to say, 1 in 10, it's a much harder sell. Statistically, that would mean at least one juror would be using TOR/VPNs.
When you are looking for a needle in a haystack, it's probably not such a good idea to call your neighbours, and ask them to add their haystacks to yours.
[1]Bear in mind "indecent" has no meaning at all. Got a cute pic of your baby, in nappies. It's "indecent".
I ordered 3 weapons by email this morning and they should arrive in time for me to use in a public area surrounded by hundreds if not thousands of people.
Ok they are late Roman (350-410CE) javelin heads and I am a re-enactor but I doubt this is relevant to any investigation this triggers...
Just read (and copy infringed) this from Tech dirt comments on the same story:
>The reason this is enforced against the government on most levels is that unlike other countries, Americans have guns, guns, guns, guns and guns. Lots of them. No matter how powerful your arguments or friends, if you get shot you usually die. Guns are great equalizers of power, because they basically tell our government "If you get too out of hand, we'll fucking KILL you!" on a constant basis.<
I used to be anti-gun, but nowadays - not so much, the power has shifted too far to those in power, time to equalize the situation. Arm your citizens!
When you think of the stink the phone hacking has caused for MP's and celebutards, imagion what the effect of someone publishing all their web browser activity could cause.
Hacking an ISP known to be used by MPs/Lords/Z-listers would be the perfect target for getting dirt on them.
I bet they have not thought of that.
This line is interesting
Checking communication records, not content, is a crucial part of day-to-day policing and the fingerprinting of the modern age – we are determined to ensure its continued availability in cracking down on crime.
How many of us have been fingerprinted without actually doing anything to provoke suspicion of needing to be fingerprinted?
I have no problem with tracking people that there are suspicions against, much as we would fingerprint them. See how people would feel if the government announced they were going to finger print everyone by force..... Oh didn't they do that a few years ago with a DNA database...that went well for them too....
They will get away with this simply because most people do not understand. And most organisations have not realised that this requirement will need to be forced on to them next so perpetrators using their networks can be traced. This will involve a lot more spending...
I'm sure that somewhere along the line, even Hitler used the "for the (German) Children" argument to forward his agenda of genocide. We have to stop falling for this old excuse like mindless sheeple.
So this is how freedom dies - not with a bang or a whimper, but with a phrase - "Do it for the Children". Those who would trade safety for freedom do not deserve either safety or freedom.
ESC because that is what I want to do - escape to another planet where politicans are shot on sight.
It seems to have been overlooked by just about everyone, but this bill doesn't just mandate the collection of all electronic data, but the tracking of all letters & parcels as well (section 25 apparently). This just proves to me that the intention is nothing really to do with crime & an attempt to keep tabs on everyone's communications.