back to article Snoopers' charter rests in shallow grave - likely to rise again

The coalition government may need to bring in legislation in the final year of Parliament before a General Election is called that would allow spooks and police to see - at a "given point in time" - if a suspect could be linked to a certain IP address. In Wednesday's Queen's Speech, her Majesty made no mention of the Tory-led …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    I expect to be arrested imminently for running an open home wifi router

    1. Anonymous Coward
      Stop

      Why?

      I think you might be paranoid.

    2. Anonymous Coward
      Anonymous Coward

      Not "imminently"

      But eventually, since your behaviour is clearly intended to frustrate the need of law enforcement to identify who is using an IP address at a given point in time.

      Naughty, naughty.

      1. Anonymous Coward
        Anonymous Coward

        Re: Not "imminently"

        ''clearly intended to frustrate the need of law enforcement''

        Or to allow my elderly low usage neighbours to email their kids in Australia

        either I'm a hardened criminal organising terror vie the internet, or I'm helping out some old folk skyping their loved ones on a borrowed laptop

        could go either way

        1. teebie

          Re: Not "imminently"

          "either I'm a hardened criminal organising terror vie the internet, or I'm helping out some old folk skyping their loved ones on a borrowed laptop"

          Same thing, apparently.

        2. John Smith 19 Gold badge
          Unhappy

          Re: Not "imminently"

          "either I'm a hardened criminal organising terror vie the internet, or I'm helping out some old folk skyping their loved ones on a borrowed laptop"

          No.

          When in doubt the civil servants behind this always come down on the "He's a wron'un" view.

          Like Stalin, better a 100 innocents go down than 1 guilty man escapes.

    3. Anonymous Coward
      Anonymous Coward

      Re: running an open home wifi router

      Run a Tor exit node. Then you can plausibly deny everything.

    4. phuzz Silver badge
      Stop

      Tor

      Running a Tor exit node is pretty easy to set up, however, you'll probably find yourself getting cut off by your ISP in short order. For some reason they frown on (and often explicitly ban in their ToS) running an anonymiser on a home connection.

      You'll also get nasty letters from basically everyone and their lawyer, especially if you don't configure your node to block bit-torrent traffic.

      1. Anonymous Coward
        Anonymous Coward

        Re: Tor

        It wouldn't surprise me to read that some ISPs already carry clauses in their ToS that prohibit open Wi-Fi as well as said anonymizers.

  2. DrStrangeLug
    Childcatcher

    Please won't somebody think of the children?

    Because over 99% children will spend the majority of their lives as adults.

    Think about whether you want them to spend their adult lives with the government watching everything they do online.

    1. Crisp

      Re: Please won't somebody think of the children?

      But pedoterrorists are coming to copy our music!

  3. Mad Mike

    Stupidity

    I'm not sure who is advising (if anyone) the government and more specifically the Home Office in this. They don't seem to realise that an IP can never be linked to a single human being, no matter what they do. At best, they'll be able to track it to an endpoint. However, who's using that endpoint? Unless they mandate userid/password logon (with logs retained) for every endpoint, unless they actively see the person using it, it could be anyone.

    This also misses the fact that once the connection ends up in someones house or business, all bets are off. The best anyone (other than the owner) can say, is that it's somewhere within that house or business. No more. With NATing etc., routers, firewalls etc. in common use, anything more is practically impossible. At that point, you either make the owner of the internet connection liable for everything done over it, which is stupid, or you have no real proof of anything.

    And what of hacking and viruses etc. If your computer is taken over by someone else as part of a botnet, are you still liable for what it does? Clearly, the government and their advisers need to speak to people with some reason and understanding of how the internet works, because they're not showing any. It may be a pain for the police and intelligence communities to actually have to do some real work, rather than just looking the answer up in some log somewhere, but that's the reality. I'm not sure what GCHQ are doing, but you would have thought a person or two from there could advise the government in some sense.

    1. Anonymous Coward
      Stop

      Re: Stupidity

      What is the difference here between 'tracking' an IP, and using telephone data? From what you are saying above the same considerations would apply to, using the endpoint of an IP address, as would also apply to telephone data as circumstantial evidence.

      I.e. just like inferring conclusions from IP information, using telephone calls as evidence, unless either seen or caught on CCTV, you still don't know who actually made the call.

      Since you aren't sure what GCHQ are doing I would suggest they are advising the government along these lines?

      1. Mad Mike

        Re: Stupidity

        A telephone call is slightly different if you deal in content as well. As you might be able to voice match the participants, you might be able to prove individuals. Using the content of an email, you might possible as well. However, telephone interception does allow for the contents to be used. They're explicitly stating that content cannot be used for internet intercepts.

        1. John Smith 19 Gold badge
          Unhappy

          Re: Stupidity

          "They're explicitly stating that content cannot be used for internet intercepts."

          Yes that concession was grudgingly inserted in the text.

          I'm quite sure most of the people really behind this are mentally adding the word "yet" to the relevant sentences.

          1. Tom 35

            Re: Stupidity

            This is about retaining data. They can't make them keep a copy of the whole internet, but they want every connection made. They just had to figure out how to solve the problem of knowing who made the connection... or just pretend it's not a problem.

            We have this guy, we don't like the look of him, must be up to something... tell us what he has been connecting to.

            He was taking pictures with his iPad, then went into a coffee shop with free wifi. Must be a terrorist!

      2. Anonymous Coward
        Anonymous Coward

        Re: Stupidity

        Except that (fixed) telephones typically do not:

        Change their physical location, address or owner on a frequent basis. And even mobile phones can be physically tracked by their association with transmitting equipment.

        Change or renew their phone numbers on a regular basis

        Have expiring phone numbers which can be re-used by other phones later.

        etc.

        Cyberspace is hard to police by design. Passing sweeping, ill-informed legislation helps no one, including the plods. Until her majesty and others realize that the Internet is not analogous to a hardwired telephone / telegraph network this sort of nonsense will continue.

    2. Anonymous Coward
      Big Brother

      Re: Stupidity

      You are making the assumption that the government's aim is to draw up legislation that is sensible, balanced and uses best practices to identify suspects to a high degree of accuracy.

      What they usually do is to make a believable mechanism that looks just careful enough to identify people they are interested in due to other information that has been gathered already.

      As an example, do some Googling on the subject of Elms House, Anthony Blunt's pardon etc. and see why the establishment is going out of its way not to look too closely at evidence of deep depravity among the ruling classes. It doesn't matter who has been abused and the aim is not to find and prosecute the guilty nor to belatedly give justice to those that deserve it. It's to ensure that the guilt of the great and the good (cough splutter!) doesn't make it into the public consciousness.

      The people that want to be in charge are interested in having power over others, it's hardly surprising that many of them also have interests in using that power on the weak and the vulnerable.

    3. Anonymous Coward
      Anonymous Coward

      Re: Stupidity

      But they can link an ip address at a certain time to a phone number, hence a person who pays the bill, even if the person is acting for a corporation, this is sufficient to apply pressure to investigate the usage of the connection.

      See http://en.wikipedia.org/wiki/Hadopi

      The bill payer is apparently responsible for the internet activity and the securing of the wifi router and connections.

  4. CAPS LOCK
    Unhappy

    This will come sooner or later.

    Together with outlawing of technologies like TOR and so on. As usual only the dimest of terrorist and perverts will be caught, along with a significant number of the innocent and naive.

    1. Anonymous Coward
      Anonymous Coward

      Re: This will come sooner or later.

      The Chinese already outlaw and block TOR yet they fail to stop people from using 'bridges' to connect to the network.

      If the UK follows suit, expect the UK to be listed on the "countries that restrict net access" lists and people will be nagged to help them as we do the Chinese currently.

  5. LinkOfHyrule
    WTF?

    Bunch of knobs

    Just tattoo an IP address to my face and be done it!

    1. LinkOfHyrule
      Paris Hilton

      Re: Bunch of knobs

      ...and while you're at it, tattoo a MAC address to my bum cheeks! Along with my default admin password!

      Insert finger to restore to factory settings!

      1. Brewster's Angle Grinder Silver badge
        Coat

        Re: Bunch of knobs

        "...and while you're at it, tattoo a MAC address to my bum cheeks! Along with my default admin password!"

        Would that be a dirty-MAC address?

        Can you hand me my—

        Oh, you appear to be wearing it already yourself.

        1. LinkOfHyrule
          Joke

          Re: Dirty macs

          I'm not a member of the mucky mac brigade! I use Windows and Android!

      2. Anonymous Coward
        Anonymous Coward

        Re: Bunch of knobs

        Insert finger to restore to factory settings!

        Shouldn't that be

        Insert finger to reset / reboot

        Insert dick to restore to factory settings!

        ?

    2. hplasm
      Happy

      Re:Just tattoo an IP address to my face

      I agree- but not mine...

  6. Anonymous Coward
    Anonymous Coward

    The Price of Freedom

    is eternally telling the Home Office to get a grip.

    Apparently, a Home Office spokesman recently said: "Crime continues to fall – recorded crime is down by more than 10% under this government. England and Wales are safer than they have been for decades."

  7. IDoNotThinkSo

    It clearly isn't the politicians that come up with these ideas. Someone 'persuades' them by telling all sorts of horror stories.

    Who is the ringleader in the civil "service" at the Home Office? That's where the problem lies.

    1. Mad Mike

      I'm not so sure.

      I have a strong suspicion this actually is politicians. With many high profile cases around the internet and criminals using it, they see it as an opportunity to show themselves as 'tough on crime' to the masses. Unfortunately, in this case, the masses probably know more about the technology than the politicians and therefore see right through the scam. Unfortunately, politicians aren't reknowned for having the intellect to know this.

      1. Primus Secundus Tertius

        Re: I'm not so sure.

        In our Great British democracy, politicians are much more representative of ordinary people than are civil servants. And half the population have below average intellect.

        It would be rather more worrying if all politicians were above average. But we have, for example, an anti-scientific idiot representing somewhere in Leicestershire.

      2. Anonymous Coward
        Anonymous Coward

        Re: I'm not so sure.

        Don't forget the criminally stupid masses that think that the dailymail is the gospel truth!

    2. taxman
      Big Brother

      Wrong Office

      Your assumption is likely off target in that it would be from the 'ringleaders/advisors' in the Cabinet Office rather than civil service proper and the guys in the 'Doughnut' (yes we Brits spell words correctly).

      Just linking a single bit of information to an IP address wouldn't be of any use. But monitoring one or several over a period would allow a half decent analyst to build up a profile of the users and pinpoint who they are with a great degree of accuracy. Without the need for the Home Secretary to allow the 'line' to be tapped.

    3. Anonymous Coward
      Anonymous Coward

      the ringleader in the civil "service" at the Home Office?

      Charles Farr. HTH.

      https://en.wikipedia.org/wiki/Charles_Farr

    4. John Smith 19 Gold badge
      Unhappy

      "Who is the ringleader in the civil "service" at the Home Office? That's where the problem lies."

      There is a "Communications Capabilities Modernisation unit" within the Home Office.

      You might like to start putting them under surveillance.

  8. Anonymous Coward
    Anonymous Coward

    Worse Than Jason Voorhees

    This bill will keep coming back until it passes because the security services want it. Both the Tories & Labour seem hellbent on introducing it (it's probably only the Lib Dems who've prevent it's introduction), so we'll get it at some point in the future. Why is it terrible for places like China to have mass surveillance but for democracies like the UK it's reasonable? When we criticise China all they will do is point to us & say we have the same thing they do.

    1. Mad Mike

      Re: Worse Than Jason Voorhees

      Do the security services really want it though? Surely, any tech savvy person in the security services knows the information is of very limited use as it would rarely identify an individual 'beyond reasonable doubt' and therefore would add little to any trial. So, what's the point? Either, they're not really asking for it, or they intend to target people (and maybe prosecute them) using information that does not meet the required court standards. Maybe that's why they're very keen on secret courts and trials?

      Why not cut out the middle man and simply charge anyone they fancy whenever they like on the basis there's something we don't like about them. Would make about as much sense.

      1. Amorous Cowherder
        Happy

        Re: Worse Than Jason Voorhees

        "Do the security services really want it though?"

        Not really, they have enough to do but the management in said services need to have some sort of justification for all the money they siphon from our taxes. Junkets to far flung places and new Bond style gadgets need to be paid for somehow!

      2. Anonymous Coward
        Anonymous Coward

        Re: Worse Than Jason Voorhees

        "Why not cut out the middle man and simply charge anyone they fancy whenever they like on the basis there's something we don't like about them.

        What a retired policeman once said was the policeman's favourite - a "Martini Law" - "anyone, any time, any place"

  9. Miek
    Childcatcher

    "In order to know who has actually sent an email or made a Skype call, the police need to know who used a certain IP address at a given point in time. Without this, if a suspect used the internet to communicate instead of making a phone call, it may not be possible for the police to identify them." -- This information is already stored by the ISPs in the form of DHCP/ARP logs and can be accessed by Police already. What's the problem, why is more legislation needed if they already have what they need?

    1. Mad Mike

      Nope

      But, that's the whole point. The information is not stored by the ISP. They can identify which endpoint (from their perspective) was associated with that IP at that time. However, that doesn't give a person. At best it identifies a house or business etc. Many people could have been using the internet service from within those addresses. So, what are they going to do? Make the owner of the line responsible for everything done by everybody on the line? That would be madness. The truth is that attribution can only be achieved through credentials and not any physical entity, whether ISP connection or whatever.

      On the one hand, politicians always go on about getting everyone connected and the great business benefits and opportunities the internet brings. On the other hand, they're constantly trying to bring in stupid legislation like this, which will simply impinge on it.

      1. Richard 12 Silver badge
        FAIL

        Re: Nope

        This can't even identify a business or household either.

        All it takes is for a connection to 'bounce' into and back out of one of them for the existing DHCP/ARP log and the purported IP connections logs to be completely and utterly useless.

        How could that happen? Botnet, internal corporate network, distributed VOIP (torrents, Skype!)... All of which already exist and are in common usage, and except for the botnets for perfectly law-abiding reasons as well as the presumed 'black hats'.

        There is no possible way to know if a given connection 'in/out' is in any way related to another 'in/out' connection from the logs - short of DPI with man-in-the-middle attacks and logging all the transmitted data. (How many petabytes per day?) Even that would only require encryption done 'mid-bounce' to make it utterly useless.

        So truly, this is worse than useless in every possible way - not only does it require a loss of privacy on the part of every UK resident, even if it worked (which it can't), it could only serve to make the haystack several orders of magnitude bigger for the security services.

        1. preppy

          Re: Nope

          Agree completely. Scenario: I war-drive and find someone's open wi-fi, and use it to set up half a dozen one-time use free email addresses. Then I go down to Starbucks for a couple of hours, and use their "free wi-fi" signed on with some of these one-time email addresses. Of course, I'm spoofing my MAC address, and I pay with cash! How in the world will "the authorities" link my transactions at Starbucks back to me, unless the content I transmit or consume identifies me directly?

      2. Miek
        Linux

        Re: Nope

        "So, what are they going to do? Make the owner of the line responsible for everything done by everybody on the line" -- That's how it works as I understand it.

        1. Mad Mike

          Re: Nope

          "That's how it works as I understand it."

          To my knowledge, there has never been a case upheld in court (UK), where the owner of the connection has been held liable for what's been done over the line, unless it can be proven it was them. This is why they raid the house and seize computers etc. for analysis. If it was as simple as you suggest, once the connection is identified, you simply need to charge and it's job done. This isn't the case or what happens.

          1. Miek
            Linux

            Re: Nope

            "3.4. In addition to and without prejudice to your obligations pursuant to our Terms and Conditions, you agree to comply with (and ensure that others using the Services comply with) all applicable laws, statutes and regulations in connection with the Services. As the User of record, you are responsible for all use of your account, irrespective of use without your knowledge and/or consent. " -- Bam! Suck on that you ignorami

            Excerpt taken from the following page: Virgin Media, Cable customer's Acceptable use policy

            1. Anonymous Coward
              FAIL

              Re: Nope

              > Bam! Suck on that you ignorami

              Fortunately Virgin's T&Cs do not constitute statute law, at least that's how it was the last time I looked.

              You never know, though. Richard is pretty influential these days....

    2. MrXavia
      FAIL

      I can't see how any of what they want to do is even possible....

      I really would like to see them offer a scenario where they actually need to identify someone via the IP address...

      So you know a skype call was made between two people... how?

      track who sent an email, again how do you have the IP?

      This is a serious fail by the governments advisors...

    3. John Smith 19 Gold badge
      Unhappy

      " What's the problem, why is more legislation needed if they already have what they need?"

      They have to ask about someone specifically which needs things like evidence and "probable cause," what this gives them ( supposedly only "The Security Service," but RIPA demonstrated where those can be delegated down to) everyones without having to ask anyone for it.

    4. Tom 35

      Don't forget cell phones

      I go to one of the "what is my IP" sites and I see a public IP address. I look at the status on my phone and I see 10.200.x.x The cell phone network is using NAT.

      Police need to know who used a certain IP address? Don't know could be hundreds of people using that address.

  10. This post has been deleted by its author

  11. g e
    Holmes

    Sounds like a doorslammer to me

    Is that the right negotiation phrase? Something like that...

    Ask for something outrageous in order to allow yourself to be negotiated back to where you wanted to actually be in the first place.

    Rinse and repeat.

  12. DavCrav

    I must admit I'm not an expert in this area, but how exactly does an ISP determine which of my encrypted communication with Google is my e-mail, and which is me filling in a webform, for example to comment on this? And this doesn't sound difficult to circumvent by transmitting encrypted communications to a server outside the UK, which then sends the e-mail for you.

    Of course if you have nothing to hide, you have nothing to fear. But criminals do have something to hide, so they will simply use, for example, a shared GMail account saving drafts only (idea courtesy of the film Traitor). And they will have nothing to fear.

    1. andy 45
      Unhappy

      "Of course if you have nothing to hide, you have nothing to fear."

      I can't believe you just said that.

      1. DavCrav

        Re: "Of course if you have nothing to hide, you have nothing to fear."

        ""Of course if you have nothing to hide, you have nothing to fear."

        I can't believe you just said that."

        Where did those El Reg sarcasm colours go? Ah, found it:

        http://www.theregister.co.uk/2001/02/01/the_color_of_irony/

        It should have been burgundy.

  13. JimmyPage Silver badge
    Stop

    Remember what happened last time IP addresses were used to "identify" criminals ?

    Operation Ore.

    1. Crisp

      Re: Remember what happened last time IP addresses were used to "identify" criminals ?

      That worked out really well for all concerned didn't it?

    2. Anonymous Coward
      Anonymous Coward

      Re: Remember what happened last time IP addresses were used to "identify" criminals ?

      In fact it bears highlighting here. Especially the last paragraph.

    3. Primus Secundus Tertius

      Re: Remember what happened last time IP addresses were used to "identify" criminals ?

      I thought it was credit card numbers they used.

      Unfortunately, at least some of those had been 'id-thefted'.

  14. Anonymous Coward
    Anonymous Coward

    These policies arise because the people with their little empires and the corporations that receive the money; continually want more.

  15. Colin Brett
    Black Helicopters

    NAT, routers etc

    Commenters above have mentioned that NAT, routers and other kit make identification by IP address difficult, if not impossible, and not "beyond reasonable doubt" in a court. These commenters are technically correct (the best kind of correct).

    But what happens next?

    Maybe the government will push for IPv6 rollout? Then everyone can have their own IP address, which would be required to make your mobile, smartphone, desktop, laptop or tablet connect to the internet. Then the police and intelligence services will know who sent the messages (unless the alleged sender can prove their device was stolen or otherwise compromised).

    Is that a helicopter I hear?

    1. Mad Mike

      Re: NAT, routers etc

      I don't really see what IPv6 has to do with this. You can just as easily NAT an IPv6 address as any other. They would have to ban NATing, which is impossible to do from a practical point of view. I don't care what type of IP address you're using, there are plenty of ways of obscuring that. Even if your device is allocated a unique IPv6 address and you're not NATing, you could just change that to another address. Who's going to know. Even if they only allow some addresses on an internet connection (bugger for any sort of shared or public access point), all you have to do is set someone else's IP address. By their logic, everything you then do is the other persons responsibility!! Madness. MAC addresses are no use as they can be changed. Effectively, you would have to assign the IP address to the NIC and physically prevent changing it. Even then, you could borrow someone elses ethernet card and stick it in your desktop.

      Bonkers. Absolutely bonkers. Anyone supporting this in parliament should be sacked on the grounds they're too dumb to be even MPs. On this basis, you should probably put them to sleep as that means they're too dumb for any job.....

  16. Anonymous Coward
    Anonymous Coward

    Hmmn

    we will be looking at "...the who, when, where and how of a communication, but not its content"

    And yet, I thought the information you need to identify a crime would be the content. As far as I was aware is not illegal to communicate with somebody else, but WHAT you communicate may be illegal.

    "This is not about indiscriminately accessing internet data of innocent members of the public."

    So they will only gather data on people who have been convicted then? As I'm pretty sure we are innocent unless proven guilty. Or does this mean only people (or sites/organisations) who are 'suspected' of committing a crime - in which case show your evidence and get a court order to monitor the person, site, organisations, under suspicion. What this bill clearly suggests to me is that in the eyes of the government we are all suspects and need to be monitored as part of a single 'court order' :

    Name of suspect - tbc

    Suspected crime - tbc

    Evidence - tbc

    1. andy 45

      Re: Hmmn

      I think that's the kicker here. They want the ability to monitor who's speaking to whom and which websites you're visiting etc without having to get a judge to sign one of those pesky court orders each time.

    2. Anonymous Coward
      Anonymous Coward

      Re: Hmmn

      re

      a. Name of suspect - tbc

      b. Suspected crime - tbc

      c. Evidence - tbc

      For http/https

      a. ip address -> telno -> bill payer/responsible person/person to be accused/person will dob in actual person

      b. on the said date

      c. accessed bad site, of which we have a copy for evidence purposes at the time they accessed it,

      so there is your content, its all down to correlation.

      For email in its various guises

      a. ip address -> telno -> bill payer/responsible person/person to be accused/person will dob in actual person

      b. on the said date

      c. contacted nasty person for some purpose, so they are suspect by implication.

      so maybe there is your content, its all down to correlation and the ability to read emails.

      For other means, skype etc, well as most of these systems are not open source one has to assume they are not secure, to do otherwise is terminal stupidity.

  17. bag o' spanners
    Devil

    This reminds me of plodsworths stopping people taking architectural photos in London and elsewhere on bogus "national security" pretences. I carry a netbook, and introduce them to Google Streetview, and ask them when they're going to plug this huge threat to our "national security". I also voice record them in case they take violent exception to logic.. The inevitable conclusion is that the results-based law enforcement bunnies will be able to claim that they're doing a great job preventing bad things, while still being useless gumflappers who haven't got a clue.

  18. Anonymous Coward
    Anonymous Coward

    Proportionality

    A major issue with the various Communications Data proposals is the use of examples such as "serious crime", "child pornography", "terrorism", "mug a granny", etc. to justify use of the proposed powers for purposes including "the prevention and detection of crime" - NOT _serious_ crime, just crime, which could include almost anything.

    The regular conflation by ministers of national security and serious crime with minor law'n'order matters - surely someone in the Home Office understands that there is a vast difference - is a major factor in creating public mistrust in these proposals.

    The safeguards proposed for ensuring that use of any such powers is proportionate to the stated purpose have, to date, been seriously inadequate.

  19. DF118
    Unhappy

    Snoopers' charter rests in shallow grave - likely to rise again

    And in other news, bears stubbornly persist in woodland defecation.

    Of course it's coming back. For one thing its resurrection has bugger all to do with the person sitting in the Home Office hotseat and everything to do with the droids operating the levers.

  20. John Smith 19 Gold badge
    Coat

    I'm not vindictive by nature..

    But if I were I'd say the only way this thing will rest in a permanent grave will be when the bunch of assorted PPE spookocrats and data fetishists rest in theirs.

    In fact (if I were vindictive) I'd be thinking about razor wire, chain saws and napalm. With plenty of heavy plastic tarpaulin. That seems to the only language these people understand.

    Fortunately I'm not.

    This? It's my disposable shower proof mac. You never when it's going to start spattering down.

    Ta Ta.

  21. Corinne

    So, are the Home Office going to ban the use of internet cafes and public access wifi? I know people who don't have the internet at home & just use the local library or internet café, and pick up their email at other times on a mobile phone.

This topic is closed for new posts.

Other stories you might like