Jacqui drops central snooping database Home Secretary Jacqui Smith has confirmed the government is ditching the idea of a central intercept database to log all phone calls and emails sent or received by UK citizens. Instead, internet service providers will be expected to store the data for later government use. The Interception Modernisation Programme (IMP), first …
I'd like to propose an extension to SMTP to allow users to connect to other IP addresses at random (determining the participants still TBD), do a TLS and SMTP handshake and then send a pile of random data to /dev/null at the remote site. That way it's hard to do deep packet inspection of content in transit, seeing as it's encrypted random data, and by sending it all over the place, it's hard for the government to determine which connects are real information and which are random data.
*** The burden of storing communications logs - the time, date and length of calls and emails rather than the content - will now fall on ISPs***
1. There is no way I believe that this decision has anything to do with any concern for citizens privacy. More likely the Government cannot afford their proposed database financially no matter how much they have tried to spin the cost of hardware and software.
2. The idea of communication logs is intruiging: The answer to the question "what is meant with a communication log" is clear as mud. Basically does it mean to log data on what APPEAR to be email on the surface? How is ISP expected to know what the communication exchange is from the outside of a piece of data? What with VPN and use of encrypted mailservices abroad? What is the point with keeping the communicaiton log if the ISP only has a few system servers addresses as all your communication might go through those? Is the ISP supposed to be expected and allowed to use DPI and anti-encryption measures to find out who the real addresses are? etc.
Data is stored for this comedy government to look at whenever they feel like it. Perhaps the ISPs are less likely to leave all this information sitting on a train, but otherwise it amounts to the same thing.
I realise she probably likes to keep an eye on her husband's internet/tv/phone use these days, but leave us out of it!
Does this mean that ISPs now require licensing? Any telco license contains the clause that they must provide legal intercept facilities, and what Jacqui Smith is proposing is simply outsourcing their great dream of access to any communication, any time, to the ISPs.
That will be somewhat of a sod with SSL and encryption..
It's amazing how much time these people spend on declaring people criminals.
Watch V for Victory - shame there isn't an underground tunnel in that direction yet..
It will be quite interesting to see how they will filter this traffic, even funnier they'll get to hear all the bullsh** abuse that players pass to each other on a daily basis, and yet the profanity employed by today's youth from around the globe...
I for one welcome our new Big Brother overlord... just after I've ditched my mobile phone, internet connection and resort to doing things the old fashioned way!
Anyone remember the privacy concerns the UK gov had over Google's Latitude? They were just ticked off that they didn't do it first!
Questions asked were
Q1 On the basis of this evidence and subject to current safeguards and oversight arrangements, do you agree that communications data is vital for law enforcement, security and intelligence agencies and emergency services in tackling serious crime, preventing terrorism and protecting the public?
...To which the required answer is likely to 'yes'.
Q2 Is it right for Government to maintain this capability by responding to the new communications environment?
...To which the required answer is likely to 'yes'.
Q3 Do you support the Government’s approach to maintaining our capabilities? Which of the solutions should it adopt?
...Which depends on your definition of the word 'maintain'. Even the consultation acknowledges that the data to be collected falls outside EU directives, and requires ISPs to process/consolidate and store it (with public funding).
Q4 Do you believe that the safeguards outlined are sufficient for communications data
...The document evisages the ICO being entrusted to protect us. So the answer to that question has to be a resounding NEVER, NO, NEGATORY, NOPE, NON, NOT ON YOUR NELLY. No.
After the Phorm debacle, why would anyone trust the ICO?
Coat, because I'm sick of strangers buying, selling and generally rummaging through my private life.
If they are not deep packet inspecting traffic, then how come they arrested a bunch of Pakistani students for suspected terrorism charges, and 'links to Al Qaeda' as the official on the TV put it, AND RAIDED AN INTERNET CAFE.
It wasn't that they were suspected beforehand, because they were granted visas.
It appeared to me they had done some mass snooping on Internet traffic and decided that these students were terrorists based on something related to mail or messages sent from this Internet cafe the police raided.
In which case there are some bigger questions to be asked, stuff like warrants, process etc. for that deep packet snooping.
So what Stasi Smith says here, doesn't seem in character. I guess what's happened is they're stopping any anti-citizen measures prior to a forthcoming election, but I suspect the snooping is already happening and already authorised by her.
This plan of Wacqui's has more holes than a colander.
Obviously, any crooks or "terrorists" with a smidgen of intelligence will take the simple, obvious and straightforward steps required to hide their online activity from Wacqui and her jackboot brigade.
Then there are the many people who, while doing nothing illegal, dislike the idea of being spied on by Wacqui / Phorm, who will also take steps to hide their online activity.
So Wacqui will be left with a lot of logs of innocuous, open, comms that are of no security related interest at all, and a bunch of encrypted / obfuscated traffic only a small portion of which will be of a nefarious nature.
Why the feck this bunch of cretins are pushing ahead with these expensive Orwellian white elephants while the country is nigh-on bankrupt is incomprehensible. It can only be to avoid the loss of face a 'U' turn would cause, and that is reprehensible.
This may be a naive question, I (Small UK company) host multiple domains for UK clients on my servers based in the US (cheaper bandwidth etc)
Do I have any legal obligation to keep a copy of all these emails (I do not at the moment and have no plans to do so in the fuure) in case Mr Plod knock on my door and ask for copies of email sent / received through my servers?? & what will they do when I say "Sorry I forgot to set this up"
A fair few of my clients quite like the idea of only having local copies under their control and not accessible by Jacquie's mob at the drop of a hat.
Again probably a dumb question - but as all email traffic is sent /received via my server & not magacorp ISP crappy mailserver then the ISP shouldn't be copying/sniffing everything/anything running over port 25/110 should they ? or am I being incredibly naive here ?
This has been bugging me for a while
Anon 'cos you never know who's watching
it suddenly becomes impossible to be a small ISP owing to the massive processing and storage burden about to be stuck on them.
So the smaller ISPs that don't subscribe to the IWF watchlist are more likely to go under.
So the Government manages to- essentially- make the whole censorship thing universal rather than "well, you can opt out if you want by going to another ISP".
Also, this wouldn't work with a BBS style point-to-point dial-up system (giving a weakspot straight away), with encrypted traffic, they'd find it difficult with Torrents or other P2P systems and so on. You could beat it simply by using https:\\www.gmail.com or hushmail (if it still exists) etc.
I can foresee the decentralisation of the Internet in the next few years. Or rather another layer of it will start to develop that's far to unstructured for datamining to be easy.
Its all very well talking about "modern communications" etc: but lets remember - facebook etc have not supplanted the telephone, they've supplanted the garden fence, the pub and the coffee machine chat.
The police don't routinely track who you meet while walking the dog or clubbing on a friday night, so why should they have the right to track social sites?
Sure, its inconvenient for the rozzers if people use these places to plan crimes - but presumably the same argument goes for the pub, park etc. Or the privacy of your own home. The police have historically not been permitted to routinely record these places (cctv footage notwithstanding, few systems maintain more than a few days data at best).
And the big question is - will court orders be required? This surely has to be mandatory. Otherwise we'll have J Random Plod conducting fishing trips to find "suspicious activity" in a bored moment, to bid for promotion or catch his partner at it. Or just for fun.
And next we'll have automatic trackers set up on everyone with a "funny name" and Room 101 will be waiting.
While ISP's may be less likely to leave the logs on the train, I wonder when the first cases appear of corrupt ISP employees attempting to blackmail customers.
But look on the bright side -- we may all get to find out what Jacqui's other half has been beating off to, now that pay-per-view's off limits.
This is simply unbelievable. If it happened in a film I would say "that will never happen in real life" and yet here we are. Well I think it was Labour who said they would "think the unthinkable" and they clearly are.
The argument for doing this seems to be "terrorists use it so we must monitor it for everyone's safety". What they don't understand is that the clever ones will simply find ways to make themselves invisible to this kind of monitoring, and that just leaves the rest of us - the innocent ones - being monitored and constantly under suspicion.
Let's just remember for a moment that the last bunch of "terrorist suspects", arrested in a high-profile series of raids just before Easter, were released without charge the other day.
What with this and the problems innocent photographers have experienced recently maybe it's time to leave the Country.... legally that is, having registered my intention to travel with the appropriate authorities beforehand.
Has someone finally pointed out to the Government that this would cover their emails and telephone calls, and that there would be even more evidence of their wrongdoing and even more scandal when the email hits the fan.
Or is there (another) special exemption giving them immunity to send those dodgy movies by email.
And when his design report is complete it will be *careful* filed for another day.
The civil servants behind this will keep it this *good* idea on file.
Only a bullet in his head and a large incendiary device is likely to stop this work.*
It was was a stupid idea which has taken a *long* time to recognised as stupid. But you can bet the backers of this nonsense will be around to propose it to her replacement.
*Note that this is merely a figure of speech regarding the necessary measures to curtain such evil. I do not advocate terrorism on the UK mainland.
This is just as bad. It doesn't matter whether it's one, central database, or a distributed collection of databases. It doesn't matter whether it's the State doing it directly, or getting ISPs to do it on the State's behalf. It's still the same thing. It's still just as unacceptable.
It also speaks volumes about this government that they treat private-sector businesses as extensions of the State.
then I'd make it law that before any new measure is announced, there should be a "consultation" period. In this "consultation" period, the citizens of the UK have the right to demand that the MP trying to push the measure through be subjected to a "egg throwing session". In this session, each member of the public be given between 0-9 eggs to throw at the MP. naturally the more rediculous the subject, the more egs thrown at the MP. That'll make them answerable to US the people.
Hmm...they aren't going to specify exactly what they want or how it is to be stored/retrieved, just that the ISP's must provide plod with easy access to the information they require. Well if it's 'THAT' easy why aren't all system specified this way? All that time wasted frigging around normalising the data and ascertaining the access requirements for datawarehouses was completley unnecessary, we can just dump all the data in a big pile and design the database whenever the users come up with a query. Think of the savings when you have accumulated millions of terabytes of data.
Cluessless f*cking tw@ts.
Will the people who want to access this data be required to request a proper warrant, be required to present compelling reasons for the need, face the risk of being turned down and be limited to the scope of the warrant?
As I understand it, they currently do need to present at least something official to the ISPs to get access to the stuff they currently hold. If the newly proposed system no longer requires this protection, then it is a major step backwards and opens the way for a system indistinguishable from the original "Mega database of everything" proposal. The difference between a live connection to the ISPs, open to return search requests on tap and storing the same info in a single mega-database is nothing more than semantics. In fact the former would probably lead to a quicker response times.
This is the same semantic nonsense that leads the Waquis of this world to claim with hand on heart that to say the National Identity Register will contain health, vehicular or financial information is dangerous rubbish. On the surface they are correct and that's all that matters of course. However, the actual, practical spin-off of having a single index number for everyone, is that they can then reliably fire off a query to the (now information shared) NHS, DVLA, HMRC (et al) databases and get the stuff that they're not storing locally, just as if they did.
They've wanted to arm twist the ISPs into snooping on their own customers for years. So they propose something utterly preposterous (mega-database) and allow the usual suspects (hi there ;) to whip up public concern about it. Then they take a half step back and expect everyone to breath a sigh of relief that they have only taken half a step forward this time, rather than gone the whole way in one step.
Is it just me getting cynical, or are they getting way too predictable these days?
The database has not been dropped because of privacy concerns, that's just an attempt to make the government look like (a) it cares and (b) it has a clue. The real reason is one of cost. Look at the current governments history of bringing in major IT projects on budget and on time. OK they don't actually have a history of doing that at all. Not once.
The spend on this database would probably end up being way over what she intends to give to the ISPs, so the real reason for this U-turn is probably that Darling has told her that there simply isn't the cash to fund her grandiose plans for world dom... Sorry to fund her communications database.
Furthermore she's probably realised that a number of small projects are more likely to come in on time than one big one.
However you are fools if you believe the idea of the database has gone from her head. Or perhaps more imporatantly the heads of civil servants. Once she's got all ISPs collecting and storing this data in her preferred format how hard would it be to upload all that data into one big database?
AC@13:54
Wouldn't the confidentiality of an email between myself and my MP be protected by law? How are the going to implement that?
Well since its the email header, who from and to that will be archived it probably will. However the fact you are communicating will be available. Its supposed to need a warrant to actually read the text.
AC@14:02
"they aren't going to specify exactly what they want or how it is to be stored/retrieved, just that the ISP's must provide plod with easy access to the information they require. "
Err. They did. As reported by ElReg itself with a nice link to all the stuff they want in it. It was either stuffed away in an Annex to one of these Bills or issed as a Statutory Instrument by the dept of Wackiness.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
