back to article UK's super-cyber-snoop shopping list: Internet data, bulk spying, covert equipment tapping

Britain's Home Secretary Theresa May revealed today that Brit spooks have, for years, been using section 94 of the 1984 Telecommunications Act to intercept bulk communications data of people in the UK. Her comments came as the Secretary of State introduced her 299-page-long draft Investigatory Powers Bill [PDF] to the House of …

  1. king_tut

    Cautiously optimistic

    This is vastly better than previous Bills, and based on May's statement I am cautiously optimistic as a load of my previous concerns (judicial warrants, s94 telecoms act, CNE, oversight, and avowal) seem to have been met. BUT I'm remaining cautious - the devil is in the detail.

    I recommend ignoring anyone who says, right now, that it's good or bad. The Bill is 228 pages long, and bloody complex. I'm slowly working through it, and am certain no-one can properly digest this in even the next 24 hours.

    1. IT Hack

      Re: Cautiously optimistic

      You see the thing is that there is a provision for 'emergency action' where a judge is not required to ok the intercept. Emergency action seems to be defined as "where life is at immediate risk". Well...we all know how these provisions are used...

      1. king_tut

        Re: Cautiously optimistic [Emergency provision]

        @IT Hack: This is exactly the detail that needs thinking about. I absolutely can see there being a need for the provision. I also see how it can be abused. The question is - what is the impact of abuse. For example, if the judge then refuses to sign off, will that immediately be referred to IOCCO? Will it be made public, or will the subject be made aware so that they can sue. Or will it be hushed up?

        If the latter - the provision is bad! If some of the former, the political risk of abuse could be high enough to make sure that abuse doesn't happen.

        1. IT Hack

          Re: Cautiously optimistic [Emergency provision]

          @king_tut - Indeed they do...if the Home Sec is of the mind that these processes should be made public or kept secret 'due to the operational nature of these processes, giving details of operational matters has the capability of compromising our intelligence services'.

          Of course if this was indeed a piece of legislation intended to protect 'us' there would not be a need for any political input. I do not see any circumstance where there is any need of a political decision. Either a request meets the criteria for intercept or it does not.

          The Home Sec handled something like 1400 requests last year. How is that good for democracy when there is no oversight of the politician?

          1. Andy Mc

            Re: Cautiously optimistic [Emergency provision]

            How much consideration of the evidence/justification is the Home Sec putting into deciding each request if he's getting four of these requests with a stack of supporting documentation every day of the year, given that he presumably has an awful lot of other stuff to do with his time...? Seems like a poor idea, even without starting to consider the lack of direct judicial oversight.

          2. James Micallef Silver badge

            Re: Cautiously optimistic [Emergency provision]

            "The Home Sec handled something like 1400 requests last year"

            And if the Home Sec who presumably has a lot of other things on his/her plate needs to OK that volume of requests, what are the odds that each request is being properly reviewed and considered rather than simply rubber-stamped?

      2. seanj

        Re: "where life is at immediate risk"

        ... Yeah, I can see the local council cogs turning there...

        "That wheelie bin is just out there on the pavement waiting for someone to trip over it and die. We need to look at all the comms from that house as a matter of emergency to make sure this isn't a terrorist wheelie-bin threat!"

        1. king_tut

          Re: "where life is at immediate risk"

          Apart from that local councils can't intercept or obtain the data, so that's irrelevant.

        2. John 156
          Big Brother

          Re: "where life is at immediate risk"

          The point here is that when someone puts the wrong material into a recycling bin it could either be because:

          - they are a moron

          - they are a low life

          or

          -they are a terrorist engaged in industrial sabotage

          So only by the council examining all their internet activity would it be able to determine in which category the criminal belonged and whether they needed to alert MI5.

          1. mrjohn

            Re: "where life is at immediate risk"

            Except

            "So, if someone has visited a social media website, an Internet Connection Record will only show that they accessed that site, not the particular pages they looked at, who they communicated with, or what they said."

            Which makes the whole thing seem kind of pointless, unless people are going to post their terrorist intentions on Facebook.

            Blanket surveillance is an excuse to avoid leg work. M15. saving us from terrorism while eating donuts.

      3. Anonymous Coward
        Anonymous Coward

        'emergency action'

        well, they ALWAYS act in emergency, so... that's about it, done.

      4. MrXavia

        Re: 'emergency action

        There is a simple solution to misuse, any 'emergency action' has to be verified by a judge within 48 hours, if it has been misused, the person authorising is prosecuted....

        But there is never going to be anything like that put in place, because its too sensible.

    2. This post has been deleted by its author

    3. AegisPrime
      WTF?

      Re: Cautiously optimistic

      Irrespective of whether I've read the draft bill or not (and I haven't), I have to question in what world legislation that permits warrant-less internet surveillance of an entire population could be considered 'good'? I get that it could always be *worse*, but good?

      1. king_tut

        Re: Cautiously optimistic

        > Irrespective of whether I've read the draft bill or not (and I haven't), I have to question in what world legislation that permits warrant-less internet surveillance of an entire population

        It doesn't, a warrant is needed. And there isn't surveillance of the entire population.

        Note that there are some things very close, and I agree there are dangerous issues here, but are you saying that all the different warranted powers should not be allowed?

        1. nijam Silver badge

          Re: Cautiously optimistic

          > And there isn't surveillance of the entire population.

          1. He said "an entire population", not "the entire population", and clearly meant the population of internet users.

          2. How is tracking internet usage not "surveillance", might I enquire?

    4. smudge

      Re: Cautiously optimistic

      I've always assumed that my ISP has a complete record of every page I visit, and I have no idea how long they keep it for.

      The main thing that worries me - like the posters above - if how easy it will be for Plod and other services to get their hands on that data.

      1. Anonymous Coward
        Anonymous Coward

        Re: Cautiously optimistic

        "The main thing that worries me - like the posters above - if how easy it will be for Plod and other services to get their hands on that data."

        I'd be worried about the big data analytics they could then do on it. Anyone with a passing interest in how explosives work will go on one list, anyone who watches porn on another list, looking up drug paraphernalia would warrant a further look. Next step after all the lists is proper surveillance to strike before these ne'er-do-wells get a chance to commit the crimes they were bound to commit if left to their own devices.

        It is, of course, unthinkable that someone may have seen all the terrorism in the news and then decided to properly research <insert evil religion here> and then look up what an IED is, which later sparked curiosity as to how these devices are created. Nope, anyone with such curiosity is more likely a terrorist than educating themselves and should be shipped to gitmo asap.

        Of course, it might be that <insert government here> don't want you to learn that <insert religion here> isn't evil and that there were other reasons for <insert war here> which led to the people of <country> wanting to get their own back on <insert oppressive western country with penchant for bombing anyone with a bit of a suntan here>. Obviously not that, western countries are always protecting those we bomb really and those we bomb are always grateful.

        1. Anonymous Coward
          Anonymous Coward

          Re: Cautiously optimistic

          "I'd be worried about the big data analytics they could then do on it. Anyone with a passing interest in how explosives work will go on one list, anyone who watches porn on another list, looking up drug paraphernalia would warrant a further look"

          WAYHEY, Hat-trick!!!!

          Fuck the gubbermint. They will never quell my thirst for knowledge, verboten or otherwise...

      2. This post has been deleted by its author

      3. ph0b0s

        Re: Cautiously optimistic

        @ smudge.

        Not to mention hackers. The plan is that ISP store this data. And ISP's are well known for never letting any data get into the hands of hackers.

        So you many not have too much of a problem with the government having access to a database of your browsing habits. How about some hackers who want to share it with your wife, or your boss, etc (sure there are worse scenarios)... If it is stored somewhere, it is going to get hacked.

        1. Skoo
          Linux

          Re: Cautiously optimistic

          my wife knows about my surfing habits, I like karaoke and spend a lot of time singing, if the Home Secretary likes my singing fair enough (I do a lot of love songs). So I don't worry about privacy issues.

          I just wonder what would happen if these issues dropped and we were left to anarchy. Besides the Home Secretary has been stating the obvious, we been spied upon for years one way or another. So if you don't like the heat in the kitchen get out!

          1. SImon Hobson Bronze badge

            Re: Cautiously optimistic

            > my wife knows about my surfing habits

            So your argument seems to be, I don't care so no-one else should ?

            Now, are you sure that you've never, ever, been to a web site that either your wife or the authorities might disapprove of ? Really sure ? Sure that there's never been a link embedded in another page your've been to that's pulled in even so much as a 1 pixel image (favourite trick of the ad slingers and trackers) ?

            As it happens, no I wouldn't be in the least concerned about my wife seeing my emails and web browsing history. But that sure as hell does not mean I'm happy for it to be tracked and stored in some insecure database waiting to be mined by some jobsworth from the council or spread around the world by some hackers. After all, security is so trivially easy - these days we never hear of any leaks and TalkTalk and Addison Madley are just false memories of stuff that didn't happen.

            Of course, just because I'd be happy with that, doesn't mean that every person must be. I can't help thinking that it can't be that great a marriage if such things need to be secret - but that's not my prerogative to dictate.

            > The phone company have always had to keep records of who we called, and when, and for how long - because that's (usually) the basis of how they bill us.

            Actually, no they didn't for many many years. Up until (IIRC) something like the 70s they didn't actually record that information. Tariffs were much simpler and calls were billed in units. Billing was as simple as equipment worked out from the number dialled how often to add another unit to the bill, and at that interval it would do just that. At one time, the exchanges had use arrays of mechanical counters that tallied the units as they were triggered - and at billing time, they took photographs and data entry clerks put all the numbers into a computer so they could multiply number of units by cost to arrive at the bill.

            When itemised billing was being talked about, there was actually quite a lively debate about it - for the simple reason that some people did have reason for other to not know who they were talking to !

          2. Vic

            Re: Cautiously optimistic

            So if you don't like the heat in the kitchen get out!

            First post. Signed up just to post that.

            Does this not smack of vested interests? It would be interesting to see if this poster's IP address maps to Westminster or Cheltenham...

            Vic.

      4. nijam Silver badge

        Re: Cautiously optimistic

        > ... how easy it will be for Plod and other services to get their hands on that data?

        Oh, I don't know, let's think it through. Hmmm...TalkTalk is an ISP, isn't it?

        It won't be just "services" who will be able to get hold of it easily. Any half-competent hacker will be able to get hold of it, without even the token oversight that Mad May thinks will be enough.

      5. Chris Hunt

        Re: Cautiously optimistic

        I've always assumed that my ISP has a complete record of every page I visit

        Really? Why would you assume that? Could you be falling for the line that "internet connection records" are just the modern equivalent of phone bills?

        The phone company have always had to keep records of who we called, and when, and for how long - because that's (usually) the basis of how they bill us. Those records have also proved pretty useful to Mr Plod over the years, so there are well established mechanisms of gaining access to them.

        Your ISP has no particular reason to care which pages you visit. They probably keep some record of your bandwidth usage, but browsing history or "connection records" are of no relevance to them - you pay the same whatever sites you visit. Indeed - it seems to me - that creation and retention of such records would be in breach of the Data Protection Act as being excessive.

    5. Anonymous Coward
      Anonymous Coward

      Re: Cautiously optimistic

      This is vastly better than previous Bills, and based on May's statement I am cautiously optimistic

      Speak for yourself, government lickspittle.

      This is the sort of behaviour that for years we've known to be the province of totalitarian regimes like East German and North Korea. I don't need to read 200+ pages of poorly written rubbish to know that this is a mad, bad and stupid idea, from mad, bad, and stupid people.

      If that pasty faced rich boy and his boot faced home secretary thinks they are going to solve anything by spying on the entire population, then it only shows even more what a pair of vacuous twerps they both are. I don't want my government spying on me and everybody else just in case the police, taxman or bunglers of local government think it might be useful. I don't buy all this "terrible, terrible threats" nonsense that the security services peddle.

      I don't believe it to be the case, but if not being able to spy on my computer use hinders the plods, maybe that's the price of freedom.

      1. Dave 126

        Re: Cautiously optimistic

        >Speak for yourself, government lickspittle.

        I think you'll find he was. Be polite now, being rude doesn't advance your valid point - i.e Previous surveilance laws ended being used by local councils for trivial civic offences.

        At the time of the GDR, they didn't try too hard with documents to defend their spying. Whereas at the time in the UK we didn't even admit to the existence of the MI5 (although every taxi driver in London knew the headquarters), which would obey no law but the 11th commandment.

        1. Anonymous Coward
          Anonymous Coward

          Re: Cautiously optimistic

          Be polite now, being rude doesn't advance your valid point

          I didn't think that calling the OP a government lickspittle was being rude, more a matter of record.

          1. king_tut

            Re: Cautiously optimistic

            Re: Ledswinger

            >> Be polite now, being rude doesn't advance your valid point

            > I didn't think that calling the OP a government lickspittle was being rude, more a matter of record.

            Personally I do feel it rude, but that's not relevant. What was relevant is that the poster making that claim made (IMHO) no valid supports. I'm also intrigued where this 'record' is that describes OP as a gov lickspittle as I know for a fact he isn't, and has regularly complained about RIPA, DRIPA, and other laws.

            Source: Am OP :)

      2. Phil W

        Re: Cautiously optimistic

        @Ledswinger

        Like Dave said, don't be rude. When a greater portion of your several paragraph long post is made up of insults it rather undermines your point.

        Also saying "I don't need to read it to know it's rubbish" just make you sound fscking stupid.

        If you know the nature of the content of things without looking at them, perhaps you should take on the task of investigating criminal/terrorist Internet history yourself since you'll clearly be able to identify their contents without looking.

        My opinion, is this new Bill still a worrying and quite possibly too far reaching, with dangerous loopholes? Yes.

        Is this Bill significantly less worrying and far reaching that it's previous incarnation? Also yes.

        Give it another round of two of being knocked back and revised and we might reach something we can all live with.

        One thing I do agree with the Home Secretary on, which is a very rare thing, is that the security services shouldn't be operating based on massively out dated laws and regulations that were written to handle telephone lines and world before the Internet.

        Even if a new Bill doesn't give them new powers there should definitely be one, purely so that it is properly up to date and in line with the modern world.

      3. Anonymous Coward
        Anonymous Coward

        Re: Cautiously optimistic

        @swinger

        Whilst I agree with some of what you say, I disagree with more so here's a down vote.

      4. king_tut

        Re: Cautiously optimistic

        >> This is vastly better than previous Bills, and based on May's statement I am cautiously optimistic

        > Speak for yourself, government lickspittle.

        Hmmm, a good start to your argument.

        > This is the sort of behaviour that for years we've known to be the province of totalitarian regimes like East German and North Korea. I don't need to read 200+ pages of poorly written rubbish to know that this is a mad, bad and stupid idea, from mad, bad, and stupid people.

        Nice to see evidence for your argument - you have an opinion and don't need any facts to support them...

        > If that pasty faced rich boy and his boot faced home secretary thinks they are going to solve anything by spying on the entire population, then it only shows even more what a pair of vacuous twerps they both are. I don't want my government spying on me and everybody else just in case the police, taxman or bunglers of local government think it might be useful. I don't buy all this "terrible, terrible threats" nonsense that the security services peddle.

        You don't like the current government. Okay. Neither do I, but that's not relevant. Interesting that you don't think there are any threats whatsoever, and appear to believe there are never any cases where interception would be needed. I'm a tad astonished, given the many many cases were intercept has proven vital, but ho hum...

        > I don't believe it to be the case, but if not being able to spy on my computer use hinders the plods, maybe that's the price of freedom.

        I agree a balance is needed. But your extreme position is broadly speaking no different to that of someone who believes we should spy on everyone all the time just in case they may commit a crime (note: that _isn't_ what the draft bill is asking for)

    6. Charlie Clark Silver badge
      Stop

      Re: Cautiously optimistic

      I recommend ignoring anyone who says, right now, that it's good or bad.

      Neither, it's simply not required.

      A lot of smoke an mirrors have been used to conjure up new threats (as if the IRA wasn't a real threat back in the day) and miraculous new ways of communicating open to the new threats.

      All the evidence, not that there is much of it because there are vested interests in expansion of surveillance, continues to point toward the fact that properly funded detective work can provide grounds for suspicion necessary to get a warrant to do pretty much what the fuck you want. But ever-expanding surveillance diverts resources away from detective work and also encourages to commodification of anti-surveillance techniques such as encrypted peer-to-peer messaging.

    7. phuzz Silver badge
      Meh

      Re: Cautiously optimistic

      Certainly some bits of this are better than I was expecting (such as the requirement for both the Home sec and a judge to sign off on warrants), but I'm not sure about the need to store a list of every domain I visit, for a year, <u>without</u> a warrant.

      (I'm also worried about how much my ISP will put my bill up by in order to pay for this).

      1. Dan 55 Silver badge

        Re: Cautiously optimistic

        I think the judge part can be skipped if the answer is needed in less than five days. Guess what will happen...

        1. Phil W

          Re: Cautiously optimistic

          Five days? I'm pretty sure that the Home Secretary should be able to get hold of a judge in five days.

          I'd say more like five hours, or 24 at the most. Though don't the courts have judges on call for emergency warrants etc?

      2. Captain DaFt

        Re: Cautiously optimistic

        "(I'm also worried about how much my ISP will put my bill up by in order to pay for this)."

        Well, she said:

        "It is simply the modern equivalent of an itemised phone bill."

        So demand a copy from your ISP, add a charge for each item, and send the bill to GCHQ, and take'em to small claims court if they don't pay.

        Make sure you post every step on your social media of choice, just in case of...

      3. kwhitefoot

        Re: Cautiously optimistic

        Anything that requires the Home Secretary to personally evaluate and decide anything more than a couple of times a year is plainly nonsense because there simply cannot be enough time for him or her to do it. Enshrining such nonsense in the law simply confirms my belief that such laws are not intended to be enforced but are merely intended to give the state the freedom to do as it wishes without any meaningful democratic control. And as for requiring a judge to be involved as well, well that's just another smokescreen as such things will inevitably happen behind closed doors.

    8. Nick Kew
      Big Brother

      Re: Cautiously optimistic

      king_tut: I'm slowly working through it

      You got a lot of downvotes for refusing to pre-judge the bill. Evidently a bunch of commentards would like to insist on a set of prejudices.

      1. king_tut

        Re: Cautiously optimistic

        @Nick Kew: Yeah, I'm rather bemused by the downvotes, especially as I didn't think I'd said anything especially controversial. Ho-hum :)

        As an aside, I'm now on pp63, and have found a few issues I don't like. Have 2 pages of notes already, and haven't gotten to the scary stuff yet (bulk interception).

        1. Anonymous Coward
          Anonymous Coward

          Re: Cautiously optimistic

          You're going to get an equivalent to our FISA court, and just about as accountable. The scary part is how your political-economy works out will most likely become the template here, the U.S., and really the world. I've downloaded it so I have a reference work.

      2. Charlie Clark Silver badge
        Thumb Down

        Re: Cautiously optimistic

        You got a lot of downvotes for refusing to pre-judge the bill. Evidently a bunch of commentards would like to insist on a set of prejudices.

        The biggest question the bill has to answer is why is it needed at all? It's just another expensive and ineffective powergrab that further limits civil liberties. hm, how long do we need to consider that? I suppose we can only hope that it will be as shoddily drafted as DRIPA so that the court can strike it down again or that the House of Lords can sufficiently defang it.

        In times of austerity (and we've already seen the sort of things the government thinks that means) what you don't need are more government while elephants.

        1. king_tut

          Re: Cautiously optimistic

          @Charlie Clark

          > The biggest question the bill has to answer is why is it needed at all? It's just another expensive and ineffective powergrab that further limits civil liberties. hm, how long do we need to consider that?

          They've partially tried to make that point in the intro to the document, but with nowhere near enough detail. The David Anderson QC report was much better IMHO.

          From what I can see so far though, there are very few new powers (although there are definitely some, which the gov isn't being honest about). A lot of the things being talked about as new, weren't. Instead, they were previously indirectly allowed as a side effect of the Intelligence Services Act, Wireless Telegraphy Act, and a few others, and had no real oversight or protections in place. This Bill is apparently trying to collect and collate all the different related powers in one single place, and put them under a uniform and good (albeit with some big issues) warrant and oversight regime.

          This Bill shouldn't cost much money, and is a _vast_ improvement over RIPA and DRIPA in many areas.

          1. Charlie Clark Silver badge
            Meh

            Re: Cautiously optimistic

            This Bill shouldn't cost much money, and is a _vast_ improvement over RIPA and DRIPA in many areas.

            Wow! Better than a law that the courts have struck down! That is praise indeed!

          2. John Brown (no body) Silver badge

            Re: Cautiously optimistic

            "Instead, they were previously indirectly allowed as a side effect of the Intelligence Services Act, Wireless Telegraphy Act, and a few others, and had no real oversight or protections in place. "

            Yes, that. It seems few of the commentards downvoting you have even the vaguest inkling of what is currently allowed without warrant or oversight under the existing pre-internet legislation. It;s almost as if they stopped reading after the headlines "Edward Snowden leaks info on Govt. spying" and never actually read what it was that was actually leaked.

            As you say, there is some "not good" stuff in this draft bill, but on the whole it appears, so far, to be better than the existing framework in that it codifies what is allowed and puts oversight in place. As others have said, 5 days seems an awfully long time to be classed as an emergency period in which the Home Sec can sign off without Judicial oversight.

    9. Anonymous Coward
      Anonymous Coward

      Re: Cautiously optimistic

      Once your privacy is eroded it is almost impossible to get it back. Little by little, tighter security measures are put in place due to the 'threats to the country'.

      In the name of catching the bad guys, everyone's privacy under the guise of "if you've done nothing wrong you have nothing to fear" but they will only know whether you've done anything wrong by looking at your private data. They may not find a terror activity but what is to say they won't find some 'extreme' porn (definition of extreme to be decided at a later date and depending on the competency of your lawyer) or some searches that make you get added to the book of persons of interest.

      There is a brainwashing that happens and follows a regular pattern. Create the threat and create the fear (it's funny how Al Queada seems like a backyard bully that is rarely mentioned nowadays, now we have ISIL/ISIS/DAESH whatever). Create a massively overburdening bill that creates uproar. Kill that bill and create a watered down version so that people will say "well it's not as bad as it could have been" but creates a precedent and allows you to your civil rights but just not by as much. Every year add a few amendments, get a bit broader, lower the oversight a little. All in the name of "what is god for you".

      This bill does nothing to help with the interception of terrorists that are likely to do real damage, they are already way to careful. It will just have a major impact on the general population.

      Every power that has been given in recent times has been abused - the police have used anti-terror laws to stop protesters, local authorities have used RIPA to carry out covert surveillance on people to check whether they are entitled to a school place and extreme porn laws are used as a way of convicting innocent people when they didn't find what they were looking for on their PC.

      The money spent could save far more lives if invested into healthcare or road safety or anti-obesity measures. But that is not quite as exciting is it?

  2. Fonant
    Big Brother

    Security Theatre and/or Snooping

    I now have a Squid proxy server installed on one of my web servers, accessed via an SSH tunnel from my local machine. This took all of ten minutes to set up. Not for any particular reason other than I don't want the websites I visit to be logged by "the government" - i.e. potentially hundreds of thousands of strangers working in the civil services.

    Of course any "terrorist" with any sense would use a VPN or similar, so logging web host visits is little more than security theatre that might possibly catch one or two low-level "criminals" such as teenagers hacking mobile phone company websites.

    1. king_tut

      Re: Security Theatre and/or Snooping

      While I agree that these can be circumvented, I also think you're over-estimating many criminals. And just because something can be circumvented, doesn't of itself mean that it's not useful. The lock on your door can easily be circumvented - is locking your door security theatre?

      It's a fact that a lot of criminals are stupid. Furthermore, the further prior to committing a crime, the less OpSec they show. Finally, you can get unlucky - your VPN may not spin up properly and your set up may fail open, leading to you accidentally accessing a site not using your protection. Examples abound of this.

      1. Anonymous Coward
        Anonymous Coward

        Re: Security Theatre and/or Snooping

        I didn't think this bill was intended for use against "ordinary criminals". It's meant to be to protect us against terrorists that are so well-organised that they threaten the very fabric of our society, and nothing short of snooping on what we previously thought of as private communication is enough to combat them.

        1. Andy Mc

          Re: Security Theatre and/or Snooping

          Doesn't really matter what was in the mind of the politicos who approve it. What matters is the strict interpretation of the words, and if there's insufficient guards in place in the words then it can (and will) be used to the fullest extent possible.

        2. Anonymous Coward
          Flame

          Re: Security Theatre and/or Snooping

          In other words: everyone (at least according to the insecurity services).

        3. Dr. Mouse

          Re: Security Theatre and/or Snooping

          I didn't think this bill was intended for use against "ordinary criminals". It's meant to be to protect us against terrorists that are so well-organised that they threaten the very fabric of our society, and nothing short of snooping on what we previously thought of as private communication is enough to combat them.

          I agree. However, there we hit a stumbling block.

          With this regulation in place, "terrorists" will move to using channels of communication which the government cannot intercept.

          Let's take, for instance (and I don't know if it's included in this bill), the government's insistence that they should be able to access encrypted communications. The only feasible way of doing this is to make it a legal requirement that all encryption keys are lodged with the government (i.e. escrow).

          Most law abiding citizens will abide by this. Most low-end criminals won't do anything about it either, as major encryption programmes will incorporate this functionality behind the scenes. But terrorists, organised crime, paedophiles etc. will keep their keys hidden.

          In the end, all it will do is weaken the security of the normal person. The real targets will still encrypt in such a way as to deny the police/security services access.

          1. Mike Bell

            Re: Security Theatre and/or Snooping

            There's very little mention of encryption in that draft bill.

            62. b says

            IPA requires [Communication Service Providers] to provide communications data when served with a notice, to assist in giving effect to interception warrants, and to maintain permanent interception capabilities, including maintaining the ability to remove any encryption applied by the [Communication Service Provider] to whom the notice relates.

            This falls short of insisting that CSPs provide backdoors to encryption; only that if they apply the encryption they must have a means of decrypting it. Which is clearly irrelevant in the case of end-to-end encryption, where it is the user who does the encryption, not the CSP.

          2. SolidSquid

            Re: Security Theatre and/or Snooping

            Al Quaeda were already found to be using staganography to hide images in videos/images rather than talking directly, which this would do nothing to combat (hell, I'm sure I remember the FBI publicly stating their existing systems couldn't handle having to scan through every image uploaded to Facebook and then trying to find messages hidden in them)

          3. Graham Cobb Silver badge

            Re: Security Theatre and/or Snooping

            In the end, all it will do is weaken the security of the normal person. The real targets will still encrypt in such a way as to deny the police/security services access.

            And the first sentence will make the second MUCH, MUCH easier!

            Because of the "war on ordinary plebs" nature of this bill, there will be a much larger market for easy-to-use real security. Many ordinary people will be looking for a way to be secure. And those products will then be much more common and much more used by the "real targets".

            If terrorists (etc) are the real targets of this bill, it would be MUCH better to reduce mass surveillance to the extent that ordinary people do not feel any need to protect their day-to-day activities. It would not weaken the surveillance of targets but it would increase their complacency and the likelihood that some of them (particularly the new, inexperienced or those on the fringes of the cell) would not bother with real encryption.

            But, that would only be the cases if they were the real targets. They are obvously not. The real targets are normal people, protesters, campaigners, activists, journalists, whistle-blowers, etc. And providing a way to further cut police numbers and costs by replacing real police work with computerised fishing expeditions.

        4. SteveG

          Re: Security Theatre and/or Snooping

          "It's meant to be to protect us against terrorists that are so well-organised that they threaten the very fabric of our society" - I would not call the UK government well organised...

        5. Graham Marsden
          Thumb Down

          @AC - Re: Security Theatre and/or Snooping

          > I didn't think this bill was intended for use against "ordinary criminals". It's meant to be to protect us against terrorists

          Remember the "Hand over your passwords or we lock you up for two years" law? *THAT* was supposed to be only for anti-terrorism too.

          Unfortunately that stipulation wasn't written into the law, so it's been (ab)used by the Police because "well, nobody said we couldn't".

        6. nijam Silver badge

          Re: Security Theatre and/or Snooping

          > ...terrorists that are so well-organised that they threaten the very fabric of our society...

          ...by manipulating our own government into destroying the very fabric of our society for them.

      2. TheOtherHobbes

        Re: Security Theatre and/or Snooping

        >It's a fact that a lot of criminals are stupid.

        It's also a fact a lot of politicians are stupid.

        That doesn't stop them being a danger to themselves and others.

        (And now I've really confused myself, so I'll just stop there, shall I?)

      3. Doctor Syntax Silver badge

        Re: Security Theatre and/or Snooping

        "It's a fact that a lot of criminals are stupid"

        The sort who advertised on Craigslist for someone to hack his local court house, certainly. And many who the security services should be targeting are also stupid* but the prime targets aren't. Assuming the entire population is suspect, which is the basis for indiscriminate bulk surveillance, simply defies the presumption of innocence and that's the basis of a free society.

        *And it wasn't particularly bright of some US bloke who explained how a drone attack had been made on the basis of some numpty's online activity.

      4. John Brown (no body) Silver badge

        Re: Security Theatre and/or Snooping

        "It's a fact that a lot of criminals are stupid. "

        This isn't supposed to be about your run-of-the-mill burglar and wannbee crime lords though, it's supposed to be about terrorists and *serious* crime. The sort of people who on the whole will plan an operation. The sort of people who in the past would have kept their communications to phone boxes and carefully worded letters for those rare time they couldn't meet face to face.

        1. king_tut

          Re: Security Theatre and/or Snooping

          > This isn't supposed to be about your run-of-the-mill burglar and wannbee crime lords though, it's supposed to be about terrorists and *serious* crime.

          Very true. However if you only put in laws etc to help detect the very best, then you miss out on opportunities to catch the low hanging fruit. There is of course the question of proportionality - are the measures in this bill necessary and proportionate, and sufficient for as much as is possible while remaining proportionate. There are many issues in the bill which I'm not happy about though - e.g. there's no excuse for a 5-day urgent exception for judicial review of a warrant.

          As for stupid serious and organised criminals, I suggest reading the operational case for ICRs [1] as well as the case studies at the start of the green paper itself.

          [1] https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/473769/Internet_Connection_Records_Evidence_Base.pdf

          1. Vic

            Re: Security Theatre and/or Snooping

            However if you only put in laws etc to help detect the very best, then you miss out on opportunities to catch the low hanging fruit

            It's very easy to catsh the low-hanging fruit: just lock up everyone. That has the additional benefit of catching clever and hard-to-find criminals too.

            There's a little collateral damage to the idea, but what does that matter in the War On Terror?

            Vic.

            [Yes, of course I'm being sarcastic]

      5. Vic

        Re: Security Theatre and/or Snooping

        It's a fact that a lot of criminals are stupid.

        It fucking isn't.

        I've met quite a few people over the years who you would probably classify as "criminal". Sure, there are a few dimwits - they get taken out of circulation quite quickly. But the majority - by some margin - are intelligent people who have taken against Authority because they have been ill-treated. Heavy-handedness by TPTB turns innocent people into criminals.

        But the important bit is this: those that take umbrage and do something about it are invariably the bright ones. The stupid ones do something stupid and get arrested.

        So to claim that "a lot of criminals are stupid" is beyond ignorant. A lot of people that get caught are stupid - that's true. But the ones you need to worry about are the ones that don't get caught. And if they're stupid - why can't we catch them?

        TL;DR: underestimating your enemy is a sure-fire way of getting beaten.

        Vic.

    2. Anonymous Coward
      Anonymous Coward

      Re: Security Theatre and/or Snooping

      VPN providers will almost certainly be included under section 193 (8) of the new bill and so will be legally compelled to provide encryption keys on demand. Unless of course they are using "perfect forward secrecy" schemes such as ECDHE. Oh, except we heard a few weeks back that this had been broken anyway.

      1. Fonant

        Re: Security Theatre and/or Snooping

        Except for the VPN providers that are not located in the UK. Especially those set up specifically to avoid this new logging, as they would not log web requests passed through them. So getting the keys would be useless: there's no historical browsing data to access.

        Or the potentially hundreds of thousands of VPNs set up by individuals like me: would I become a VPN provider in the eyes of the law? If so, how would they police this? All my ISP knows is that I connected using encryption to a server at a given IP address at a given time. The rest is hidden from any logging.

      2. Doctor Syntax Silver badge

        Re: Security Theatre and/or Snooping

        'Unless of course they are using "perfect forward secrecy" schemes such as ECDHE. Oh, except we heard a few weeks back that this had been broken anyway.'

        IIRC it was the original DH that had been broken for some values of primes & elliptic curve was the way forward - providing you don't use the NSA's preferred EC, of course.

      3. quattroprorocked

        Re: Security Theatre and/or Snooping

        VPN providers in the UK, maybe. But why would you use a Uk provider :-)

    3. Old Handle

      Re: Security Theatre and/or Snooping

      Unless you've leased your web server in a way that can't be traced back to you or picked one a non-5eyes country I'm not sure that really helps.

    4. arniesaccnuson

      Re: Security Theatre and/or Snooping

      yes very good but you dns tells your isp/government exactly what you are up too, windows Mac Ios android are back-doors into your world, your are deluding yourself if you think squid presumably hosted on a server registered to you is going to give you any kind of anonymity,

  3. chris 17 Silver badge

    All your data are belong to us

    So expect a massive uptick in the use of TOR web browsers and proxies as this legislation comes in. Loads of non techies I know already have some of proxy on their android handsets.

    @Fonant ssh to your personal proxy all you want it's the connections from your proxy they will match up to your ssh session to your proxy and sue whet your up to. I'm not sure if ssh pads it's traffic but if it doesn't it won't be too difficult to assume that 89kb out to web site x is the same as 89kb out to ip xxxx over ssh.

    1. Ben Tasker

      > I'm not sure if ssh pads it's traffic but if it doesn't it won't be too difficult to assume that 89kb out to web site x is the same as 89kb out to ip xxxx over ssh.

      AFAIK, by default, SSH doesn't pad.

      His approach is fine to avoid casual surveillance such as this though, they're highly unlikely to be bothering with the cost of traffic correlation on a wide scale.

      If he became a person of interest for some reason, it wouldn't stand up to scrutiny, but depending which agency you've caught the attention of, there isn't much the average person could reasonably do

      1. Fonant

        If GCHQ want to track my internet activity, they almost certainly can do so with relative ease. But that is not the point.

        What my simple configuration does is keep the list of websites I've visited out of Ms May's massive national database. Should my ISP's logs, or Ms May's database (held by Crapita, perhaps?), be compromised, there will be no browsing history for me in there. So no opportunity to carry out social engineering attacks on me, nor opportunities to target advertising or nuisance cold calls based on my browsing history.

        1. Ben Tasker

          It sounds like, unlike many, you've got your threat model properly laid out and constrained.

          It's also largely the model I'm working with - keep my family out of the mass grab, without putting any real energy into worrying about a targetted investigation

  4. Queeg

    I haven't heared so much bull$h1t since the last time she stood up...

    "Internet Connection Record will only show that they accessed that site, not the particular pages they looked at, who they communicated with, or what they said.

    It is simply the modern equivalent of an itemised phone bill".

    So if my Internet Connection Record shows I visited Tiemeupandwhipme.com, Tranniesrus.com, DoIhaveanSDI.com and Divorceforbeginers.com it tells them sod all about me only the web sites I visited.

    I suspect end to end encrypted e-mail and Tor browser use to skyrocket in the near future.

    1. IT Hack

      Re: I haven't heared so much bull$h1t since the last time she stood up...

      Better not try to access those dodgy pr0n sites either...

    2. clanger9

      Re: I haven't heared so much bull$h1t since the last time she stood up...

      Worse than that, I don't see how this "itemised phone bill" could possibly be used to work out who is talking to whom (if it's just a "list of websites"). Who the hell communicates via a "website"??

      If they really want to know who is talking to whom, they are going to need to go MUCH deeper. This really suggests logging at the service/protocol level.

      It'd be helpful if someone could explain what the Bill actually says as it appears to be in foreign. If it requires communication providers to provide such a log, then it would effectively outlaw any end-to-end encrypted service (as well as P2P).

      I suspect this is not the "watered down" Bill you are looking for...

      1. Queeg

        Re: I haven't heared so much bull$h1t since the last time she stood up...

        You ask, you get...

        https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/473770/Draft_Investigatory_Powers_Bill.pdf

    3. Dan 55 Silver badge

      Re: I haven't heared so much bull$h1t since the last time she stood up...

      No worse than an itemised phone and the domain list from your web browser's history, signed, sealed, and delivered to HM Govt every month.

  5. Anonymous Coward
    Anonymous Coward

    No worse than an itemised phone bill?

    There have been a few times in my life when an itemised phone bill falling into the wrong hands could have landed me in a serious spot of bother, and one of the lessons that people repeatedly fail to take account of is that information will inevitably fall into the wrong hands.

    The other point is that whereas a phone number refers only to one phone, many websites can share the same IP address. So you could quite innocently be visiting cuddlycatcartoons.com, but get caught in a police dragnet if something rather more unsavoury had the same IP address.

    1. Anonymous Coward
      Anonymous Coward

      itemised phone bill

      The other difference between this an an itemised phone bill is that you can read your own itemised phone bill, and if there's something on there that you don't recognise you can call up your provider and query it.

      1. Anonymous Coward
        Anonymous Coward

        Re: itemised phone bill

        "...if there's something on there that you don't recognise you can call up your provider and query it."

        Well, the state is so keen to help it's taken this burden off your hands, they'll call up your provider for you. And then, they'll even pay you a visit, completely FOC, to tell you whether you've been naughty or nice.

      2. SMabille

        Re: itemised phone bill

        Nothing prevent you (and thousands of Register's readers and friends) to send a SAR (Subject Access Request) to your ISP every month to get a copy of all data they have on you and be sure to ask them to rectify any mistake that might be present.....

      3. Anonymous Coward
        Anonymous Coward

        Re: itemised phone bill

        Publish Theresa May's web history and see how she feels - oh sorry you can't because she want to have the Wilson doctrine - preventing surveillance of Parliamentarians' communications - to be written into law.

    2. chris 17 Silver badge

      Re: No worse than an itemised phone bill?

      TheY will be capturing the headers, that way'll know what apps your using too.

  6. Andy The Hat Silver badge

    The devil is in the detail ...

    "An Internet Connection Record is a record of the communications service that a person has used, ..."

    What is 'person' in this context? An IP address, a physical device, a log-in name perhaps? Obviously none of those examples may be linked a physical 'person' without further information so are they trawling more data than a simple router-to-host connection IP header (ie her 'itemised phone bill' example)?

    1. clanger9

      Re: The devil is in the detail ...

      ...aaaand there you have it:

      "...a record of the communications service that a person has used"

      "a record" - could contain anything, as a minimum likely to be who it's from, who it's to, a timestamp and probably a geographic location. "See, it's just metadata. No content data at all, m'lud!"

      "the communications service" - Email, Whatsapp, Skype, Facebook, Instagram, Snapchat, dating sites, your online banking service, the works basically.

      "a person" - no fuzzy IP addresses here, mate, none of that rubbish. We're talking RealID (TM), backed up by biometrics and the FORCE OF LAW. Ha ha!!

      Sheesh. It would be helpful if someone (anyone?) in the mainstream media could get out there and explain this stuff properly.

    2. AmenFromMars

      Re: The devil is in the detail ...

      I wonder if the home secretary has even heard of NAT.

    3. phuzz Silver badge

      Re: The devil is in the detail ...

      Short answer, it starts on page 81.

      Long answer, you'll have to wait until I've finished reading it.

  7. Anonymous Coward
    Megaphone

    FUCK OFF !

    Apologies for the strong language fellow commentards, however this Stasi Bill instils strong feelings.

  8. Anonymous Coward
    Anonymous Coward

    Internet data, bulk spying, covert equipment tapping

    and they got it. Isn't it wonderful when you propose new laws and authorise them...

  9. TimR

    A Request

    As King_Tut says "The Bill is 228 pages long, and bloody complex". Would it be possible for someone at El Reg to summarise it's provisions? In particular, with respect to Internet browsing, I would like to know:

    1. exactly what data will be kept and for how long

    2. exactly who will be able to access the data

    3. what authorisation will be required for them to access the data

    4. what safeguards are stipulated to prevent unauthorised access to, or misuse of, the data

    1. Grikath

      Re: A Request

      Now why should Vulture Central, or anyone for that matter, do your legwork?

      Mind, the fact that the proposal is that massive makes it suspect to begin with. Plenty of pages to hide stuff in Lawyerese there.

      1. TimR

        Re: A Request

        "Now why should Vulture Central, or anyone for that matter, do your legwork?"

        1. it might save a lot of duplicated effort - not just mine

        2. I'm assuming (naively?) VC wish to provide a valuable service

        "Mind, the fact that the proposal is that massive makes it suspect to begin with"

        I wouldn't disagree with that

        "Plenty of pages to hide stuff in Lawyerese there"

        I'm not proficient in Lawyerese...

        It's a genuine request which I think might improve the debate

        1. Grikath
          Facepalm

          Re: A Request

          ummm since when is many eyeballs critically reading proposed legislation "duplicated effort" ?

          1. Doctor Syntax Silver badge

            Re: A Request

            'since when is many eyeballs critically reading proposed legislation "duplicated effort" ?'

            It depends on your skill at reading lawerese. A single pair with good skills is probably worth a good deal more than a few thousand average pairs.

          2. Anonymous Coward
            Anonymous Coward

            Re: A Request

            My talents and experiences make for one kind of eyeball often, good or ill, quite different from another's.

    2. king_tut

      Re: A Request

      @TimR: I don't work for El Reg, but that is precisely the sort of thing I'm working on at the moment. I expect that within a week or two you'll find my, and many other people's, analysis on line. Which a Reg writer will then skim through and write an article :)

      I'm not up to the ICRs yet in my read through. God it's a long document...

  10. Big_Ted
    Black Helicopters

    I personally have no problem with this at all

    IF. . . . . . .

    She and all the other MP's who vote in favour of it and anyone who can access it have all their data recorded and posted openly on the internet for us all to see.

    After all, they must all be law abiding honest people who would never abuse the system. As has been said before if you have nothing to hide . . . . .

    1. IT Hack

      Re: I personally have no problem with this at all

      Wilson Doctrine lol

      1. Anonymous Coward
        Anonymous Coward

        Re: I personally have no problem with this at all

        Wilson Doctrine lol

        Not if someone hacks the ISPs and then posts the MPs info.

        1. Charlie Clark Silver badge

          Re: I personally have no problem with this at all

          Not if someone hacks the ISPs and then posts the MPs info.

          Surely that could never happen?

          Actually, might be the best way to kill it but you'll need to have your exit strategy and chosen place of exile better worked out than Snowden did. The powerful really don't appreciate being snooped upon.

          OTOH the system is likely to be so open to abuse that any and every foreign intelligence service is able to access it and traffic sniffing is usually a model of net neutrality!

        2. IT Hack

          Re: I personally have no problem with this at all

          @Ivan 4

          Irrelevant to my post which was in reply to a scenario stating that MP's would need to post all their emails etc. A massive and damaging intrusion on what is left of the democratic process. Whether or not an ISP is hacked is really not something covered by the Wilson Doctrine.

          Not that this doctrine has prevented the security services from getting their hands dirty.

    2. Doctor Syntax Silver badge

      Re: I personally have no problem with this at all

      "She and all the other MP's who vote in favour of it and anyone who can access it have all their data recorded and posted openly on the internet for us all to see."

      That would, of course, include any communication you might have with your MP about this or any other topic.

  11. smudge
    FAIL

    It's personal data

    It's unfortunate for her that May has compared the "Internet Connection Record" to an "itemised telephone bill".

    The ICO's own quick reference guide about what is "personal data" says "Data such as personal bank statements or itemised telephone bills will be personal data about the individual operating the account or contracting for telephone services. ".

    So our internet connection records are personal data under the Data Protection Act. The ISPs will have to treat the data as such.

    They must respond to subject access requests.

    They must also ensure that appropriate protection is applied to this personal data.

    They must delete it when no longer required.

    More interestingly, the ISP must declare to the customer the reason for storing this data, and obtain the customer's consent.

    Have they thought this through?

    1. Warm Braw

      Re: It's personal data

      It's not just ISPs - it applies to providers of telcommunication services (which would include anyone with a private payphone, coffee shops, etc) and it doesn't simply require the retention of records that are collected in the course of normal business, it can require such providers to collect information that they don't currently log. Exactly who and what will be up to the Home Secretary - but there's certainly the potential to get whole swathes of businesses that don't consider themeleves ISPs caught up in this along with their customers.

    2. NinjasFTW

      Re: It's personal data

      and how many of the above points would Talk Talk have addressed?

      I'm so glad that companies with massive proven records of not being able to keep data secure is going to be handling so much more of it!

  12. NullUserName

    They always want more

    They claim loss of power. Lies, as no Government in history has had power to spy on entire population.

    Irony is technical people can bypass this via point to point encryption to an out of the country proxy.

    So this won't help police against criminals, it'll help politicans against entire non-technical population.

    (Don't forget many hackers are very technical, so they will have ways to bypass this and will willingly sell it for a price. How about point to point encryption to a virus infected out of country home computer/proxy etc..). We can discuss the many ways in detail over hours, but bottom line is, this government plan won't stop criminals. But it will be spying (and data mining) on the entire population and they will add ever more powerful data mining over time.

    News from 2006, "Britain is 'surveillance society'" ... yet this news is proof its far worse now.

    http://news.bbc.co.uk/1/hi/uk/6108496.stm

    1. SolidSquid

      Re: They always want more

      Actually, with DRIPA ruled illegal (after being pushed through at the end of parliament to prevent any debate on it), they are looking at a loss of powers by March or so. Powers they shouldn't *have* and which were part of an illegal bill, but loss of powers all the same

  13. andy 103

    Logging all requests or just some?

    This part just doesn't ring true:

    "if someone has visited a social media website, an Internet Connection Record will only show that they accessed that site, not the particular pages they looked at, who they communicated with, or what they said."

    So what exactly are they logging? The primary domain (e.g. facebook.com) or specific HTTP requests for pages that follow it? Let's say someone looked up 10 articles on wikipedia - would they log wikipedia.org 10 times, or would they log the specific addresses, e.g. wikipedia.org/controversial-subject, wikipedia.org/nice-topic

    If it's the top domain it would provide almost no meaningful information - in which case there would be no use logging it - which is why I suspect that's not what it is at all.

    1. Charlie Clark Silver badge

      Re: Logging all requests or just some?

      So what exactly are they logging? The primary domain (e.g. facebook.com) or specific HTTP requests for pages that follow it?

      They will log all outgoing requests on all ports. They won't be logging domains because resolution to ip addresses happens on the user's computer (and quite possibly soon in the browser to secure DNS). Plus, more and more traffic is going https anyway which will happen almost automatically with http/2 over the next couple of years.

      It's great way to bury a needle in an ever-growing haystack!

      1. king_tut

        Re: Logging all requests or just some?

        > They won't be logging domains because resolution to ip addresses happens on the user's computer (and quite possibly soon in the browser to secure DNS).

        Note that for HTTPS connections, the ISP can know the hostname of the service you're accessing, due to SNI: https://en.wikipedia.org/wiki/Server_Name_Indication

  14. Brent Longborough
    IT Angle

    Who pays for all this?

    Leaving aside the merits (or, yes, otherwise, indeed) of Tragic Tess wanting to hoover up lots of IP addresses and other material to build her haystacks, who is going to pay for all the extra bits to collect and store it?

    Three guesses.

    1. Anonymous Coward
      Anonymous Coward

      Re: Who pays for all this?

      well,it's government idea, so the members of the government should pay for it.

      Or, given how often this sh** - stuff - has come up under the last four governments, the senior civil "servants" who are obviously pushing it.

      Ha ha

  15. AdamT

    reasonable explanation?

    She has to try and get all these huge sweeping powers to hide her true purpose - getting the names, addresses and real-time locations of all the members of the Dalmation Owners Club ...

  16. herman

    Publish the browsing lists of May?

    Maybe someone should publish the list of sites that dear Aunt Theresa visits regularly?

    In fact, it doesn't even even matter if the list is true or not. That is the issue with this kind of data. It is so easy to spoof and frame someone with all kinds of unsavory shite.

    1. chris 17 Silver badge
      Big Brother

      Re: Publish the browsing lists of May?

      @herman

      Yep,

      How long would it take for security service to crack my wifi or break in to my home, connect via Ethernet to my router and surf dodgy sites so my connection is red flagged and I get a free trip to Cuba?

      Suddenly someone breaking in and taking nothing is something to be very afraid off, they may well be taking your Liberty instead.

      How about your machine being taken over remotely and used as a tor exit or part of a botnet without your knowledge, the traffic originated from your connection after all!!

      1. Anonymous Coward
        Anonymous Coward

        Re: Publish the browsing lists of May?

        Wouldn't even take a day and I'm very much of a slouch on the Dark Side.

      2. Vic

        Re: Publish the browsing lists of May?

        Suddenly someone breaking in and taking nothing is something to be very afraid of

        Some years ago, my mate bought some land close to Boscombe Down. There's a barn on it.

        In the first week he owned it, someone broke in - not an insignificant undertaking. Nothing of value went missing...

        Vic.

  17. Crisp

    I'm sure that this will be just like RIPA

    And it will only be used against pedoterrorists.

    And we all know how well that turned out don't we....

    1. Anonymous Coward
      Anonymous Coward

      Re: I'm sure that this will be just like RIPA

      One estimate is that the police are already making one metadata request every two minutes. Under Darth May's proposals that can only increase. How many jihadi kiddie fiddlers does the Home Office think there are?

      1. Boris the Cockroach Silver badge
        Big Brother

        Re: I'm sure that this will be just like RIPA

        Does'nt matter

        Just like the last one it will be used on people sending their kids to the wrong school ,people who use the wrong recycling bins and people who let their dogs shit on the grass.

        The peadoterrorists know exactly howto avoid such things.

      2. Adam 52 Silver badge

        Re: I'm sure that this will be just like RIPA

        Not this again. RIPA covers a lot of scenarios. Just one 999 operator can make a handful of RIPA requests in a single shift, none of them kiddie-fiddler related, just "what's the address for this silent call from a withheld number". You can't tell anything from the volume.

        Btw, if you read the briefing notes for the bill you'll find the Home office's guess/propaganda answer to your question.

  18. Stephen Newman

    So we have this Risk..

    .. and push through laughably ineffective legislation in an attempt at mitigation.

    It's not Preventative. It (might) Detect some precursors to terrorist activity.It certainly isn't any form of Deterrent. On a cost/benefit basis I'd say they are looking at 98% or greater Ineffectiveness. Might catch some doofus on FaceBook, but that's about it.

    In other news, the Health and Safety Exec pushes through a Bill that mandates chocolate fireguards, and ashtrays on motorbikes.

    Steve

    1. Charlie Clark Silver badge

      Re: So we have this Risk..

      I reckon your guess at how effective it might be is way off the mark. 2 % of the population would be close to a million people.

      I suspect that there are probably less than 1000 organised terrorists and criminals (sometimes it's hard to tell the difference). Any more than that and you're in real trouble as the IRA, ETA, RAF, etc, have illustrated. Probably ditto that for hardcore sex offenders and their ilk. 5000 at the most. That is about 0.1 % of the population. And a lot of the dangerous people will already be going dark with reliable end-to-end encryption that is padded to maker it harder to detect: you can probably do the audio equivalent of stenography by embedding a telephone call in some streaming audio.

  19. Anonymous Coward
    Anonymous Coward

    I AM NOT A NUMBER

    But apparently I am an IP address.

    Example 1: Entity Data:

    Phone numbers or other identifiers linked to communications devices;

    address provided to a communications service provider; IP address

    allocated to an individual by an internet access provider.

    Example 2: Events Data:

    The fact that someone has sent or received an email, phone call, text or

    social media message; the location of a person when they made a mobile

    phone call or the Wi-Fi hotspot that their phone connected to; the

    destination IP address that an individual has connected to online.

  20. Anonymous Coward
    Anonymous Coward

    Where can I buy shares in VPN providers? They look a good buy at the moment.

    1. SolidSquid

      Hell, for the price of those shares you could set yourself up as one, it's not exactly expensive to set up a VPN with free software and there's plenty of documentation out there on how to do it. Costs are basically the hardware and marketing

  21. SMabille

    CSP?

    I quickly looked through the bill but can't find a definition of what is a "Communication Service Provider" (CSP).

    Is it companies providing physical infrastructure (Openreach copper pair), the ISP providing end-user IP connectivity (clearly regarded as CSP by the bill), any transit IP provider, companies providing any OTT "communication" service (SIP broker),...

    What about "service provider" less communication?

    While Theresa May insist that only metadata are recorded "https://muslim.org" or "https://gaysex.xxx" would allow to profile you far more than receiving Al-Queada latest orders on your gmail account (which will only generate https://mail.google.com ICRs).

    1. tiggity Silver badge

      Re: CSP?

      Whole bill is full of woolly examples but not precise definitions, the much mentioned ICR does not get a proper definition. nor even does "Web browsing" reference to "in the context of web browsing" which means what exactly? Just GET requests, what about POST, PUT, DELETE?

      You win a prize if you find anything in there decently defined instead of with enough wiggle room for a legal bod to drive a coach & horses throiugh

      BTW Hate to imagine ISP retained data log size with the quadrillion junk urls the adservers fling into each page these days, Tb just from ads on EL Reg pages

      1. SMabille

        Re: CSP?

        And imagine the pain of (hopefully) at least few hundreds people requesting a copy regularly under a SAR....

  22. Pierson
    Pirate

    This will become a game of whack-a-mole..

    I wonder what they'll log when J Bloggs accesses a site via SSL/TLS, because if it's a server hosting multiple sites, then all they'll get is the IP address - they won't even know if the underlying session was HTTP, or something more esoteric, aside from the port used.

    Also, will running a webserver on a non-standard port be logged, or will they miss it?

    1. Sir Runcible Spoon

      Re: This will become a game of whack-a-mole..

      The site identifier is in the header, otherwise how could the receiving server know which web service to connect you to (and which certificate to use).

  23. Anonymous Coward
    Anonymous Coward

    How is the data stored?

    Is there anything in the legislation that says how ISPs have to store the data?

    Does it have to be a live database that Plod/News International can access at the click of a mouse, or could they store everything about their customers on a pile of C90s in a damp cellar behind a locked door whose key hasn't been seen since Darren in IT left to become a Shoreditch barista?

    1. Queeg

      Re: How is the data stored?

      No need for that.

      It's all arranged,they're giving it all to Dido Harding to look after.

      After all what could go wrong?

      I considered adding a "Joke Alert" icon but we're talking Governmint here.

      I may be right. meep

    2. DaveB

      Re: How is the data stored?

      Always knew that old line printer would come in handy. Print it to paper.

  24. Haku
    Facepalm

    "It is simply the modern equivalent of an itemised phone bill."

    Now there's someone who knows approximately fuck all about how the internet works.

    1. Eponymous Cowherd

      Re: "It is simply the modern equivalent of an itemised phone bill."

      No.

      There is someone who expects that 99% of the population know fuck all about how the Internet works.

      Time to start educating them, methinks.

  25. HighHo

    Poison results.

    If they are just logging which sites been visited and not the pages, instead of trying to directly hide activity, couldn't you just have something in the background opening up random sites making the data mostly pointless?

    1. Sir Runcible Spoon

      Re: Poison results.

      I foresee a lot of proxies starting up along the lines of

      iamnotanumber.org

  26. Anonymous Coward
    Anonymous Coward

    Ah, the mechanism is in place

    Now turn it up to 11

  27. Anonymous Coward
    Anonymous Coward

    Aaaand Google translate english->english becomes even more useful

  28. Anonymous Coward
    Anonymous Coward

    Arrests

    > Britain's Home Secretary Theresa May revealed today that Brit spooks have, for years, been using section 94 of the 1984 Telecommunications Act to intercept bulk communications data of people in the UK

    So where are the major arrests for criminals with all this data already being sucked up?

    They claim this is just for finding criminals (terrorists, etc.)

    What's that smell?

  29. Anonymous Coward
    Big Brother

    Statement from GCHQ/NSA

    After examination of the Windows 10 source code, we find almost all back-doors and covert telemetry we want is already in-place and MSFT execs have quickly agreed to insert the additional code we've supplied. Understandably, as they don't want to share a cell with 'Bubba'.

    If you've done nothing wrong you've nothing to worry about.

    This message will self-destruct in 5 seconds.

    1. ph0b0s

      Re: Statement from GCHQ/NSA

      That those same backdoors will be used by hackers to access your system or get your data, is not their problem of course.

      Not to mention foreign government who have the same legal requirements of Microsoft. You don't expect Microsoft would make specific back doors for individual to governments access just their citizens computers / data but not citizens of other countries do you?

  30. Dan 55 Silver badge
    Flame

    And you won't even know you're visiting half the sites they record...

    ... what with advertising networks and apps connecting everywhere.

    http://arstechnica.co.uk/security/2015/11/user-data-plundering-by-android-and-ios-apps-is-as-rampant-as-you-suspected/

  31. Anonymous Coward
    Anonymous Coward

    Threat to life

    Just have a look at any health and safety assessment to see how easy it would be to use that excuse.

  32. Anonymous Coward
    Anonymous Coward

    Government asks us to trust them when they admit today, they were untrustworthy in the past...

    "Britain's Home Secretary Theresa May revealed today that Brit spooks have, for years, been using section 94 of the 1984 Telecommunications Act to intercept bulk communications data of people in the UK."

    So Government confirms that it has been doing this in secret for a while now and say they want to bring doing this out into the light of day.

    The question then comes, if allowed to do what was being done secretly in the past, what will they be doing in secretly in the future?

    'Hey we got this stuff before secretly, but we are telling you about it now, so you can trust us not to do worse in the future, honest...' The gall of it.

    It has been proven again and again that any surveillance powers given will be abused, even to the extent of the invention of powers not given.

    No matter how reasonable this bill looks to be, I don't support it. It has been admitted they had the capability to do this up to now. So they loose nothing by not being able to do this with the cover of this bill. This also draws a line in the sand about the next invasion of privacy that will enviably happen secretly, once this previously secret program is legitimized.

    --------------------------------------------------

    On the subject, I will never support mass data collection. Mass collection always struck me as something that would seem to people from East Germany as a step back in time, no matter how benevolent the instituting government may seem. I bet the same arguments of public safe were used in East Germany as well, to excuse their mass surveillance.

    You have someone suspicious enough to get a judge authorized warrant, fine you can tap their individual phone, internet connection, mobile phone, etc. And not just the 'itemized bill', but all their communication details.

    There's a time sensitive threat and the data is encrypted, fine use the Quantum Computers they now have in the intelligence services, to break the encryption very quickly. I know this resource is very rare, but that is the point. The security services would have to work to get at the data, which means what they are working on is going to be worth the effort. There is less likelihood of the abuse of looking at data they should not be looking at. It really will be for the worst of the worst, rather than the likely fishing expedition it will turn out to be.

    I also think the Government have brought the requirement for these now powers on themselves. The police and security services are shouting to have these powers in order to off set the lack of manpower and resources they now have after government cuts.If they had enough people to throw at the investigations, they could get the same evidence via non bulk collection means.

    But I am probably wasting my breath as all our MP's seem to like this new proposal. And there won't be much opposition, as Labor also tried to bring in measures like these. All because they are scared of being the ones who did not give the security services the thing they needed to stop an attack.

    We may as well go to the option of maximum safety, where we live in secure facilities. Facilities where everything is monitored 24/7, and your movements are limited to keep you safe from attack or doing harm to yourselves. Safe rooms or houses if you like. But you can't leave them in case you get hurt outside. That these facilities may resemble a prison in a lot of ways is neither here not there. They would guarantee safety.

    At some point though we will have to say no to something that would keep us safe on the understanding that we may be vulnerable in some way. That to me is freedom. Otherwise there are those safe rooms I mentioned above.

    Yeah, sorry for the wall of text and it being a bit rambling. It's a subject that gets under my skin a lot.

    Anonymous while I still can.

  33. Bob Dole (tm)
    Holmes

    Putting things into perspective

    Let's put this, and a number of other similar initiatives, into perspective.

    Let's say you are having a conversation with a friend. Do you believe that the fact you are having that conversation, the name of the person you are talking to and the content of that conversation should be handed to a government official on the off chance that you might be saying something they are interested in?

    Further, let's say you are in your own home reading a book. Do you think the name of the book, the time you spent reading it and even details such as what you were wearing at the time should be held within a government database for whatever purpose they deem necessary?

    If you answer No to either of those questions then you should be contacting your representatives and telling them to cut this crap out. If you answer yes to either of them, please see your local constabulary for your sheep mask.

    It doesn't matter if the communication is electronic or face to face. The same principles should apply. Who I speak to and what I say to them is not the governments business. What I choose to read or even comment on is not their business.

    A major step in the ability to have complete control over someone is to know everything about them. Bear that in mind the next time you hear them claim this is about protecting you - it's not.

    1. ph0b0s

      Re: Putting things into perspective

      Up voted as I like the idea, but this has always been a tricky one.

      Is the internet a private or public space?

      Your book reading example. Is reading a web page and analog to reading a booking in the privacy of your own home or the virtual equivalent of reading a book at a public library.

      If you are going to a pr0n website to look at some videos, is that analogous to opening a porn mag in the privacy of your own home or the virtual equivalent of walking to a strip club, where you would be monitored by CCTV along the way.

      I know the way I believe it should be treated, but I don't have any great arguments what are the correct analogs above.

      Maybe that is the problem. Maybe the internet is not analogous to anything, either being in your home or in the street, or to being itemized like a phone bill. It is it's own thing and there is no analog to how it should be treated... Just my two cents.

  34. A Ghost
    Joke

    Time to teach the children some fact of life

    Look kids, that time has come, when we need to have a little chat. You're growing up now and old enough to understand. What I'm about to tell you might shock you - it goes against everything you are taught by your teachers, by the politicians, moral philosophers. What we are going to talk about here is 'Transgression of the moral Law'.

    You've been lied to all your little lives so far, and you will continue to be lied to until you die, but what I am about to tell you is the ugly unbelievable truth.

    Let me start off on a few points to hit home what I am talking about. For example, I have been reading your diaries ever since you started writing them. I know all about your secret desires and fears, daughter, I know that when you were 13 you lost your virginity, and that it wasn't a nice experience for you. Son, I know that the bullys at school have humiliated you so much that you feel that ending your life may be the only solution. I know every single thing you have ever written down in private.

    Yes, I lied at the beginning and said such things as diaries were sacred and personal. But if I had told you the truth, you would not have been so open. You see, I transgressed the moral law, because I am morally superior to you. You are not yet equipped enough to make those decisions. Nor will you ever be in the mind of the 'state'. You will forever be a naive child. Because what I did was 'right', I can sleep at night, I will suffer no consequences, and I will carry on doing it until someone physically stops me.

    But that's not all. I have also listened in to all of your phone calls. In fact, I record them and listen to them later. I know that you have both lied to me, repeatedly on several matters. I also know the other children you speak to routinely lie to their parents. In fact, we share information about you and cross-reference it, just in case we need to take some kind of 'drastic' measure. I inform on the other children if I think this is going to cause a problem, and your friend's parents inform on you when they think I should take note.

    Seeing as we are telling the 'truth' here, I might as well point out that all your internet activity is logged. Little Louise, I know that you were very worried that you might have developed an STI after your first encounter, but could not tell anyone about it for fear of embarrassment. I know the words you used to communicate your fear to others, I know that you were not able to approach me about this. I understand. Little Billy, I know what porn you like to watch, and all I will say is, real sex isn't really like that. Most people don't chain each other up in leather and drive metal bits through body parts, to achieve orgasm. Then again, it's true, some of us do.

    Years ago, a parent would have had to steam open a letter, or sit down and have a real talk, or pay sufficient attention to your wellbeing, but these days, it's just so easy to be lazy when you have it all at your fingertips at the flick of a switch. I suppose by now you realise that I have been tracking your whereabouts as well. Usually via your phone, but I have put a bug in your clothes and school bags. Remember, the end justifies the means.

    The world you are about to enter only has lies, you will find no truth. It certainly does not pay to be honest. Cheat, lie and scheme as much as you can get away with. Especially your closest friends and allies. Remember what Bob Dylan said: "If you want to live outside the law, you must be honest". This is exactly what our politicians do, also our police department, your teachers, all people employed by councils in non-jobs (which is 99 percent of them).

    You may not understand how the world works yet, or how unbelievably nasty and malicious it is, but let me just say, people have faults and foibles, and they can be used to control people, whether via blackmail, or just leading someone down a dark corner to disappear them. Adults in this world that have it all - the money the power the glory - are sometimes very sick individuals. They like to torture young children and kittens, but even this is allowed, because the potential for control is so great. The authorities know who the child molesters are, in fact, they make up a large proportion of them, but they won't stop it, because it is their friends doing it, and they make money out of young children being abused whose photos are sold on the net.

    In short, this is an evil nasty world children. War is peace, peace is slavery, lies are truth, and the truth will not only not set you free, it will probably get you arrested and tortured after being put on some kind of list.

    If you want to get ahead in this life, by all means try to fill the David Beckham spot, or be one of the new Spice Girls, but a far easier method would be to become some kind of traitorous jumped person in a position of power, in those non-jobs I was telling you about earlier. Don't become a cleaner or a bricklayer, those jobs have no respect, you will just be a slave the rest of your lives, plus you have to work. Try to get a job on the local council where you can meet with other low moral individuals who just keep perpetrating the lies, raking in cash for doing nothing at all, but more than that, you will have power, true power. Imagine being a no mark nobody, and somebody wins an argument against you, or even worse, asks you to do your job that you are paid for. No problem. You can look up the dirt on them. There will be no repercussions. Just send them a little note letting them know that you know that they cheat on their wife, or perhaps have a funny sexual perversion (most people do). Job jobbed.

    You won't need to be an alpha male/female. You won't have to face real conflict, you will be able to get your way by stabbing people in the back. This is what the clever people do these days, and they get paid handsomely for it, not like those silly jobs where you actually have to do something like clearing someone's rubbish.

    So I want you start adopting this persona now. Childhood innocence ended last century. You're nothing more than consumer fodder anyway. Get used to that. Spy on your friends, make notes, set one faction against another, control the narrative as they say. Remember, this is ok, because you will have the moral high ground to transgress the moral law, because *you* say so. That is all that is needed. There are no checks for this. True, it is total insanity, but that is the world your mother and I brought you into. We didn't realise it at the time, we thought humanity had a chance, but those days have long gone.

    And whatever you do, never love, never trust, always assume that everyone is out to get you, because they are. And if you feel as if life isn't worth living, you may be right. Children, if you decide to take your own lives, I can not stop you, as no parent ever could if you are serious about it. Youth might be wasted on the young, but humanity is certainly wasted on human beings.

    As long as you take this distrustful approach to life (and who can blame you as this is all you are taught now from an early age), you will find that you can get away with things that other so called 'right' thinking people can not. Most of them aren't bad, just easily led and distracted. Never forget they are the enemy as well, and crush them every opportunity you get.

    Now, for tomorrow, I want you to make a list of your ten best friends, and we shall sit down tomorrow night and work out which are the biggest threat to you, and how we may find things out about them to use against them, to ultimately destroy them, before they destroy you. You will lose a few friends, yes, but the peace of mind you will gain will be exhilarating Once you cross that threshold into Galactic Overlord Moral Arbiter, it is exhilarating and there can be no turning back. The sense of power over others you get will go to your head, make you giddy with abandon - in short you will feel invincible. And for a while you will be, until someone else comes along by lulling you into a false sense of security - appealing to your humanity and 'good' side - but they will just be lying to you as well.

    Only ever have contempt for people. Make no exceptions. Hate, envy, malice and deception will get you far further than love, justice, altruism and open heartedness ever will.

    Now go make sure you have finished your homework and that you are ready for school tomorrow. You've got a big day ahead of you.

    1. Sir Runcible Spoon
      Thumb Up

      Re: Time to teach the children some fact of life

      I only wish I could upvote you 100 times for this - brilliantly done.

    2. Vic

      Re: Time to teach the children some fact of life

      Don't become a cleaner or a bricklayer, those jobs have no respect, you will just be a slave the rest of your lives

      Metropolis was on TV last night[1]. For a film initially described as "naive", it is really rather prescient...

      Vic.

      [1] OK, this morning...

  35. Mark 85

    I find this discussion fascinating in that here in the States, we have similar issues. I note, however, that while gathering and storing the info is relatively cheap, what about sifting and making some judgment on the data? Where is that cost factored in? There's so much flying through the intertubes these days that how can one organization (or multiple orgs) check it all? If they can't check it, why bother?

    1. A Ghost
      Mushroom

      It's not practical at all. But it is possible, at great expense, with the need for much enhanced infrastructure.

      The point of this is not to catch criminals or terrorists or paedophiles. No, they need those people to exist. The government and the security services could stamp out a large amount of child abuse stuff, but they perpetrate it - they want it to exist. They don't care about the children. Half of them are buggering them anyway.

      The point of this is to scare the population. It is called Psy Ops (Psychological Operations). The more astute and agile minded among you may have thought 'there's a coincidence isn't there, all this talk talk stuff now this again'?

      It is about showing who is in control. It breaks people's spirits, makes them feel powerless. It sets those that once shared a common bond apart by divide and rule. We will argue amongst ourselves more than we will take the fight to them.

      It is about showing who the boss is, and with sheer bravado coming right up to your nose and saying 'what the fuck you gonna do about it then?'

      It helps program the masses for more learned helplessness. Yes it would make a difference if you protested. Yes it would make a difference to write a letter to your MP (funny how that is getting trawled in with all of this). But not enough people will do that so ironically and paradoxically it is actually useless apart from taking up your valuable time and putting you on a list.

      This is about power and control. It is data rape. The people pushing this through are rapists (of data, personal privacy, our inner emotions). How would you feel if you made a complaint against someone in the council and they looked up your history to find you are severely emotionally damaged after being homosexually gang-raped by 10 African men? And them to use that against you with impunity. And please, don't correct me on the finer points on this, it will happen. You know it's coming. It's already here, and no one gives a fuck.

      There is no way in hell this can possibly work in practice. As has been noted, we and other techies will just adopt the methods used by the true criminals and paedophiles (which they can already crack) and make that net just a bit bigger and wider and with more holes in it. In short, it is totally counter productive in any way quantifiable if you really believed people were doing bad things on the net and this was how you went about catching them. They already have the laws and ability to catch these people, but they don't. Why is that? They just made life 10 times more difficult for themselves if they were being pragmatic about this methodology.

      They are putting the frighteners on that is all. They now have a nice big theoretical database with every one on it, and at the press of a button, they can find out something, anything to use against you. It is against all moral laws what they are doing. These people are terrorists and they need to be stopped. They are criminally insane. This whole methodology has but one practical use - the targeting of individuals who will not consent to being data raped, the silencing of those that object to having their inner life exposed to people of weak moral character. They are making work for themselves. But that is what this whole jobs for the boys scam is.

      We will find in 10 years time when the next big push comes (we've lost this one now) and they want to put cameras in your home, that the reason for this is because of terrorists and paedos. Funnily enough, dataraping everyone in the country won't have made any difference. We will still have children being abused. People will still (shock horror) be buying and smoking dope. Terrorists will still be planting bombs. But just as with now, you won't have a say in it, you will just have to eat it. Your fellow man will excuse it and rationalise it due to cognitive dissonance (like many on here are doing at el reg), and this will spread the cancer further.

      There is no way out or hope now. Only closing down your internet, throwing away your mobey, etc. will make a difference. Sure the die hard techies will put themselves on the radar with proxies and vpns. But those will be illegal soon too. I know about these things. I am a psychic (not really) and a visionary (that I am). Everything I have said that would come to pass has. Even how they would do it.

      By the time the next post millenial generation rears its head, they won't just accept the chip under their skin, they will demand it and wear it as a point of pride.

      From that point on, the jackboot of fascism will be stamping on everybody's head. Forever.

      1. Anonymous Coward
        Anonymous Coward

        @A Ghost: I nearly skipped your last two posts due to the length, but am glad I didn't. Good points well stated.

      2. Vic

        It helps program the masses for more learned helplessness

        I am buying you beer...

        Vic.

  36. Alex 72

    No encryption that works

    WTF so TDM and VOIP providers can't provide encryption strong enough they can't decrypt. "RIPA requires CSPs to provide communications data when served with a notice, to assist in giving effect to interception warrants, and to maintain permanent interception capabilities, including maintaining the ability to remove any encryption applied by the CSP to whom the notice relates."

  37. Alex 72

    Bye bye encryption

    WTF no encryption you can't break so no encryption: "RIPA requires CSPs to provide communications data when served with a notice, to assist in giving effect to interception warrants, and to maintain permanent interception capabilities, including maintaining the ability to remove any encryption applied by the CSP to whom the notice relates."

  38. Tony S

    Please explain this.

    She claimed that it was wrong for such actions to be "characterised" as "having access to people’s full web browsing histories. Let me be clear – this is simply wrong."

    May added:

    An Internet Connection Record is a record of the communications service that a person has used, not a record of every web page they have accessed.

    So, if someone has visited a social media website, an Internet Connection Record will only show that they accessed that site, not the particular pages they looked at, who they communicated with, or what they said.

    It is simply the modern equivalent of an itemised phone bill.

    That's fine. However, paragraph 13 & 14 of the draft bill makes the following statement

    13. Interception is the making available of the content of a communication – such as a telephone call, email or social media message – in the course of its transmission or while stored on a telecommunications system. Interception is used to collect valuable intelligence against terrorists and serious criminals, which can inform law enforcement and national security investigations as well as support military operations.

    Why do we need it?

    14. Warranted interception is used only for intelligence purposes. It is a vital tool which helps the law enforcement and security and intelligence agencies to prevent and detect serious or organised crime, and to protect national security.

    (Please note: I've added my own emphasis to the relevant parts to make them clearer.)

    So on the one hand, she is saying that they only intend to store the "history" of the messages, not the "content"; but the draft bill clearly shows that they are trying to get the whole thing.

    Or has she not actually read the draft bill?

    1. clanger9

      Re: Please explain this.

      I think it's trying to say:

      "We will keep a history of all connections by default. We will trawl this history whenever we feel like without a warrant and if we find anything interesting, we'll get a warrant to look at any new content"

      So, it's storage of connection records and access (on demand) to new content. Historic content is not stored by default, but you can put a warrant in place and then just hit "Save".

      As someone said above, goodbye end-to-end encryption...

    2. Vic

      Re: Please explain this.

      Or has she not actually read the draft bill?

      Or is she lying through her teeth?

      I just can't decide...

      Vic.

  39. Firvulag
    WTF?

    Film plot

    And I thought the Spectre film was all made up with baddy being a power crazed madman wanting to implement mass surveillance at any cost

    1. Eponymous Cowherd

      Re: Film plot

      Are you saying that Ms May is an enormous "C"?

      1. Vic

        Re: Film plot

        Are you saying that Ms May is an enormous "C"?

        I am. But I'm struggling to work out what the TLA named "UNT" is actually for...

        Vic.

  40. outnumbered

    How about this from P.55 of the draft bill. It looks like in principle they are allowing themselves to collect pretty much anything. I assume that in practice they will just record all the standard Netflow 5-tuples, but the way I read this, they can ask for any data they think will help to identify something.

    (9) In this Part “relevant communications data” means communications data

    which may be used to identify, or assist in identifying, any of the following—

    (a) the sender or recipient of a communication (whether or not a person),

    (b) the time or duration of a communication,

    (c) the type, method or pattern, or fact, of communication,

    (d) the telecommunication system (or any part of it) from, to or through

    which, or by means of which, a communication is or may be

    transmitted,

    (e) the location of any such system, or

    (f) the internet protocol address, or other identifier, of any apparatus to

    which a communication is transmitted for the purpose of obtaining

    access to, or running, a computer file or computer program.

    In this subsection “identifier” means an identifier used to facilitate the

    transmission of a communication

  41. xj650t

    On the back of a fag packet

    7.4 connected devices per household

    26.5M households in UK

    100 url requests per device per day

    19,610,000,000 requests/day

    1024 bytes storage per request

    Say 18TiB per day or 6.5PiB per year.

    Number of extra criminals/terrorists caught 0

    1. king_tut

      Re: On the back of a fag packet

      @xj650t: I think you're under-estimating the number of URL requests - don't forget advertising etc.

      However, let's look at the numbers a different way: 10000 requests/user/day, 200 bytes average per request, = 2MB/user/day. = 730MB/user/year, £50/2TB hard drive, = 1.8p/user/year (plus SAN costs etc)

      And if you look at https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/473769/Internet_Connection_Records_Evidence_Base.pdf it's entirely likely that # of criminals caught would be >0.

      1. Vic

        Re: On the back of a fag packet

        it's entirely likely that # of criminals caught would be >0.

        But probably <2...

        Vic.

    2. John G Imrie

      Re: On the back of a fag packet

      That's only 18 disks / day across the whole of the country

  42. Nifty Silver badge

    TOR Lite for the masses?

    Up to now TOR has been a minority specialist resource with dubious performance.

    What will happen when this bill is passed, and the first mistakes by powers-that-be start to happen as a result of it, is a very large quantity of consumer level UK Internet users will start using something like TOR. Router firmware will also start appearing, perhaps even manufacturer supported. We can all be each others' random exit points.

    With a rushed out bill like this, a privacy arms race will start.

    I've a feeling I know who will win. Clue: Not the govt or GCHQ.

    1. king_tut

      Re: TOR Lite for the masses?

      @Nifty

      > With a rushed out bill like this, a privacy arms race will start.

      It's not especially rushed out. This is a draft, which will then go through two different committees*, will then be introduced as a normal bill in parliament, will go through the commons (1st, 2nd reading*, committee*, 3rd reading*) then lords (1st, 2nd reading*, committee*, 3rd reading*). Each * marks a debate. They're looking for this to go through late in 2016. That's really not rushed.

      I also think you're vastly overestimating how much the average person cares about privacy. And I think it's unfortunate that so few people do care.

    2. Eponymous Cowherd

      Re: TOR Lite for the masses?

      TOR functionality is already built into Gargoyle, which runs on most TP-Link routers. I imagine it won't be long before off-the-shelf devices with similar functionality start appearing.

      I can imagine anyone who attempted to bring such a thing to market "Doing a Kelly", but that would just be me being paranoid.

      Or would it?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon