back to article Government orders data retention by ISPs

Phone and internet companies will soon be forced to keep logs of internet usage to be made available to the police under a new law announced by Prime Minister Gordon Brown this week. The law, the Communications Data Bill, will implement the remainder of the European Union's Data Retention Directive. Last October the …

COMMENTS

This topic is closed for new posts.

Page:

Anonymous Coward

heh

it's a bit like saying that the post office should scan all your letters and note down who you were sending to/receiving from just so the police can look back over them incase they thought maybe you had commited a crime but were a bit to lazy to investigate you.

But don't worry they wouldn't ever use the information to track down people who have undisirable interests like hardcore pron, people that like to drink or people that disagree with illegal wars...

Funny how the powers of Britiain and the USA were all up for liberating Iraq and not Burma though isn't it...

0
0
IT Angle

wonders will never cease

<wonders>

Is there someone who works in government who is also inextricably linked to phorm?

</wonders> (ah - look - wonders DO cease)

0
0
Pirate

Another crazy law..

Oh great, another reason to be using encrypted tunnels over the internet!

ISP's are going to need some huge Hard disks for this one, oh and how do they plan to implement it anyway?

This is just another close phorm thing.

JUST PHUCK OFF GORDON BROWN TEXTURE LIKE SUN.

0
0
Paris Hilton

ISP's not the bad guys for once

For once (and only once) I actually feel quite sorry for the ISPs in this case. They're being asked to retain data in order to conform to a bullshit law, that will fall on it's at ass at the first hurdle.

There's no way any of the data collected here would be any use what-so-ever in a court of law.

Data Integrity,

Multiple user accounts

Unprotected Networks

Compromised machines/botnets

All very good reasons for data submitted in a case to be nullified. Just because the TCP/IP packets went via a user’s router/phone line, does not mean the user is a dirty terrorist!

Quite frankly some of the recent laws inducted in this country, in the name of terrorisism, are just laughable.

Paris cos she can sniff my packets anyday

0
0

What Phorm are doing is illegal

Let's do the same.

0
0
Anonymous Coward

Burna has oil too.

In case you're implyinf that the only reason it's been preserved from Neo-Con intervention is any *lack* of energy reserves.

It is interesting to note that Burma hasn't, as far as I recall, been implicated in supplying ordnance to terrorist organisations or in wars of aggression against her neighbours. Nor has there been any sign of them seking to procure chemical and biological warfare agents (even a decade ago).

Besides, we beat the Commies in the jungle of Burma in the 50s.

0
0
Thumb Down

Usage?

...But what constitutes usage? Are we talking about a report that looks like this:

10:00: Line up

12:37: Line down: Downstream 74324Kb Upstream 4256Kb

13:00: Line up

etc etc

or this:

10:00: Line up

10:01: GET http://www.swedish-fanny.com/spanking/newlyillegalporn.htm

etc??

I know that my ISP don't even do the latter, let alone keep it

I know the article said usage not content but under which category do URLs fall..? Using an SSL tunnel to do everything is looking more and more appealing. I just switched from a mainstream ISP to a very much forever-phorm-free ISP to avoid exactly this.

0
0
Silver badge

Home Office defence will be...

'We're only doing what Europe told us.'

Which will be lapped up by the likes of the Mail (assuming it can divert itself from the catastrophic effect of falling house prices on Brad and Angelina), ensuring the government takes none of the blame for a massive intrusion on our privacy.

Jacqui Smith won't mention it was her office that instigated of the proposals in the first place.

0
0
Anonymous Coward

BIG BROTHER

I am Fed up with this countries BIG BROTHER games.

0
0
Anonymous Coward

@AC Re: Burma...

<cynic>

...well, you see, it's the same as Zimbabwe. Or Dahfor. No oil.

</cynic>

0
0
Silver badge
Flame

How?

"mandate the keeping of information on a user's activity but not the content of any communications"

I wonder how they'll do that? We are so screwed.

0
0
Anonymous Coward

Oh the irony

The way things are going, soon it'll be time for all our brave lads (and lasses) to come charging home and liberate *us*.

0
1
Anonymous Coward

Another brick in the wall

All in the name of protecting me...gee thanks, dont i get a say.

Of course real criminals will do their dirty work from WiFi hotspots anonymously...

Good job GPS is not widespread, otherwise we would all be tracked, just in case one of us is a terrorist, "for our own good"

I guess with Freedom of Information act we can all make a request to ISP for all such information

0
0

the Home Office would not release details of the bill?

"The Home Office would not release details of the Bill and how it would work"

If it's going to be a law, then surely it'll be written down there for anyone to see. Or is it one of those "Unwritten" laws?

0
0

How is this supposed to work?

How is this logging supposed to work?

Even just logging HTTP requests is likely to result in pretty large amounts of data needing to be kept. But surely this is not enough - what about email headers? What about HTTPS headers... Hmm. What about any packet headers that may be part of a P2P transfer... Ouch!

I can see that it would be very interesting to send a Data Protection Act "Subject Access Request" to my ISP.

0
0
Linux

We're all police officers now.

Being as I run my own mailserver and send emails direct with SMTP does that make me my own ISP ?

Penguin ! pah where's OS mascots from the one's I use !

http://en.wikipedia.org/wiki/BSD_Daemon

http://cm.bell-labs.com/plan9/glenda.html

http://en.wikipedia.org/wiki/Puffy_(mascot)

0
0
Linux

Freedom???

People from most walks of life laid down thier lives to help maintain our freedom during the First and Second world War.

Now thanks to the idiots in power those freedoms are slowly being eroded in the idea that they will maintain our current level of freedoms. They keep using the excuse only the guilty will have anything to fear which is trumpeted by all the nutcases walking the street next to you.

If we are to maintain our levels of freedom the restraints do not need to be put on us but put on the politicians and government.

Long Live Guy Fawkes.

0
0

Customer_ID Varchar(20), Online_From datetime, Online_To datetime

"The internet log retention orders will also mandate the keeping of information on a user's activity but not the content of any communications"

...so all they can store is the fact that you were on the internet. Any data about the sites you visited is surely the 'content' of your 'communications' (http request headers etc.)?

0
0

Policy laundering

The EU directive was 'policy laundered' (look it up in Google). After being initially rejected by the UK parliament, the government pushed it through the European Commission.

So this "law" is completely & deliberately anti-democratic. In a just world the politicians and lobbyists responsible for doing this would go to prison.

http://www.privacyinternational.org/article.shtml?cmd%5B347%5D=x-347-496240

0
0
Guy
Black Helicopters

I'm sure Phorm would do this for them

Right up their street, then they can also make it non anonymous and make even more money!

0
0
Anonymous Coward

CCTV for net and phone

It was another Tony Blair idea, log everyones communications then if you need to get a warrant, you can effectively backdate the warrant and go fishing in the logs back in time to before the warrant was issued.

Germany has overturned this EU law as unconstitutional and Gordo does not have a mandate to rule.

0
0
Pirate

Re: We're all Police Officers now

I was wondering the same thing. I don't think that HMG/EU has any real idea of how the internet works. As well as issues regarding home SMTP servers their is the issue of email accounts that a based off-shore. They can lay well beyond the reach of such measures. This is only going to catch the unorganised crims at the inconvienence, and cost, of the ISPs. Though I guess we'll end up paying in the end.

0
0
Alert

Tiscali....

I'd like to see how Tiscali build this cost into their pricing model that struggles with such things as the iPlayer :)

0
0

This post has been deleted by its author

Thumb Down

@Useage?

Alan, that seemed to be a bad URL...

Your requested host "www.swedish-fanny.com" could not be resolved by DNS.

How many others tried it...;-)

0
0

Who is an ISP?

Do they define what an ISP is? I run a mail and webserver which I and several friends and family have accounts on. This is "Internet Service" which I provide. does this law apply to me? do I need to start keeping a lot more mail logs or what?

0
0
Ash

Wrong audience

We're not the ones who need to know why this is bad. We already know why this is bad.

Go tell everyone else.

Either that, or start running Tor exit nodes. I'm pretty sure you could remove all web browsers from your computer but one hard-coded to use Tor, so there is NO way HM Govt, or ISPs can say that YOU were using YOUR connection for THAT illegal activity.

Either that, or familiarise yourself with some Pink Floyd; "Did you exchange a walk on part in the war for a lead roll in a cage?"

0
0

it's the 1984 show!!

Yes the data "could" be used to investigate crime; it "could" be used to detect crime; it "could" be used to prosecute crime; it "could" even be used to protect the public. However, they don't have the resources to investigate, detect & prosecute criminal activity with existing level of information; would adding more data make the job easier or more difficult?

Call me cynical, but I think it more likely that the government will simply trawl through the data and end up with stats that have little to do with the original purpose of the project. But of course, they will have lots of lovely information on who you call and where you surf, so they could sell that information to marketing companies. This could be quite a significant revenue stream in the future.

It would also require the telcos to allocate more resources for storage of the information; and who is going to pay for the additonal resources required? Ulitimately, it will be the customer (i.e. you and I).

Most of this sort of additional law is nothing to do with making life better for the public or easier for the authorities; it's about certain public servants being seen to be "doing something".

0
0
Boffin

data is not information

The police can't check all the CCTV tapes now. When will they be able to grep though terrorbytes[1] of ISP logs?

[1] Not a speling error. That's the satire.

0
0
Anonymous Coward

Re: Wrong audience

Or even go one step further and use an IronKey USB drive with its on-board Firefox and Tor, so you don't even have any suspcious software installed on your PC.

0
0
Silver badge

How much more than minimum?

It would be useful for an investigation of a crime to know who was using which IP address when. Since ISPs do things like setting caps on usage, they'd also have records of data volume.

Anything more than this can shove up the quantity of data to infeasible levels.

I think we're at the "Don't Panic, Yet!" stage. But we need to know just what the law will require (and so do the ISPs).

0
0
Rob
Pirate

terrorists

surely any terrorist using the internet is going to do so utilising encryption in some form, anything i download from usenet is encrypted, im pretty sure someone downloading the idiots guide to nuclear weaponry.pdf or whatever they do is going to do the same,

0
0
Paris Hilton

Time limit

You'd think 42 days would be long enough...

BTW, Tom Welsh, that would be funny if it weren't so tragic.

PH, because Jacqui Smith makes her look so intelligent.

0
0
Unhappy

Zero IQ Wing

Customer : What happen ?

ISP : Somebody set up us.

Customer : We get signal.

ISP : What!

Customer : Main screen turns on.

ISP : It's pron!!

HMGOV : How are you gentlemen !!

HMGOV : All your database are belong to us.

HMGOV : Mwahahaha!

0
0
Thumb Down

Boom time for proxy services

This bill doesn't appear to cover Internet services, only connection providers. So I imagine there will be lots of new encrypted proxy services springing up that run over SSL and let users request web pages where the URLs are encrypted and not kept in the http header making it impossible for ISPs to log where you've been apart from the name of the proxy service.

What's not clear is what details of your emails the ISP will have to retain? Would they log the to, from and subject headers? Even that is way too confidential, especially for businesses who are involved with commercially sensitive projects, or individuals emailing about very personal matters.

0
0
Paris Hilton

The Home Office would not release details of the Bill and how it would work.

It's early in the life of this draft bill, details are @ http://www.commonsleader.gov.uk/output/page2461.asp#make_comment

"

Consultation

The Government plans to publish this Bill in draft for pre-legislative scrutiny later this year. The draft Bill will then be made available on www.homeoffice.gov.uk. In the meantime, any comments or questions about these proposals should be directed to CommsData@homeoffice.gsi.gov.uk.

"

Why Paris, well she is an Internet Superstar after all.

0
0
Paris Hilton

@Anonymous Coward @Alan Parsons

Yeah http://www.swedish-fanny.com doesn't resolve. http://www.swedishfanny.com on the other hand does...... :P

0
0
Paris Hilton

swedish fans

oh, don't get too excited though... :)

"swedishfanny.com for sale

as seen on Ali-G

all offers considered

send an email to - swedishfanny_at_ethicalhack.org"

0
0
Stop

not the content...

"so all they can store is the fact that you were on the internet"

Thats going to be interesting for them - the last time I turned off my router was during a power cut back in 2007.

That said, people are being amusingly hysterical. ISPs already keep this info for their own records, the only difference now is that they can't claim to accidentally 'lose' data when under investigation.

0
0
Thumb Down

retards

Kontiki, used by the BBC for iPlayer, as well as Sky and channel 4 for their on demand TV, is about to create some huge P2P logs.

Perhaps this wasn't the most well thought out plan.......

0
0
Boffin

Re: Usage?

The telephone industry already keeps records of time, duration, location, volume and number called. The telephone firms need this for billing purposes. We can easily understand the usefullness of this usage data when trying to track criminals, identify associates or locate missing people.

How do you map this onto IP communications in a way that is both useful and affordable? An obvious minimum is time line went active, IP address assigned, duration and data volume. The trouble is, ISPs don't need all this for billing purposes. They may aggregate the data volume for capped services. But the IP address isn't needed for billing. So the first challenge was simply to get the ISPs to retain details of DHCP leases and line up/down activity. The aim is to ensure a minimum set of data is retained by all ISPs. And retained for long enough to be useful.

Other types of record will depend on what services the ISP provides. The Home Office know that they will be unsuccessful if they require large amounts of new data to be collected. For example, most mailers automatically keep logs. But these logs are recycled after a few days. The aim is to ensure that any data that is collected is retained for long enough to be useful.

0
0

Data retention

Assuming that all details are to be retained, how much data will each botnet-owned pc generate? Does a call to sync with a time server need to be logged and retained? Ping? traceroute? nimda worms?

For a decent sized ISP, this is going to generate terrabytes of completely useless garbage.

0
0
Anonymous Coward

Hide in the background

Assuming you would like some privacy and the government is going to ask the ISP to retain every HTTP get or post (among other data), I would imagine the way to hide your activity is to flood your link with lots of automated requests (at random times), a bit like a small web spider. You don't even have to receive all the data, just get a page and traverse all the links, not necessarily getting all the data, apart from a new destination page. If enough people do it I would imagine the data collected would soon be far far to much to process.

0
0
Anonymous Coward

@Zero IQ Wing

All your database all your database all your database are belong to us!

heh heh hehhhh

I'm off to start scanning all your letters - enjoy. HMGOV

0
0

no isp

The solution to this and the problems with iplayer is to do away with ISPs.

We're all sitting out as nodes connected to the net with 1 crappy link - that goes against the design of the internet. We should be part of it and that means being able to take any route to the destination, be that down the adsl line or over wireless to other local routers.. and then either down their connection or hop to another wireless... like explained in this spoof http://www.londonlx.com/thechip.html

Apart from that it's just another law they're putting in without looking into the ramifications of the implementation.... need to get this government out before they scorch the earth!

0
0
Paris Hilton

Oh great!

"keeping of information on a user's activity but not the content of any communications".

DNS requests? Are they logged? What if I use another DNS server?

POP3 requests - that would possibly reveal my name and definitely my password at logon. I know it says no data but, how useful is the knowledge that I connected to a pop3 server without knowing who I was receiving from? I think it will follow that to,from,subject will be kept

SMTP - same problem.

HTTP requests - that would reveal possibly DOB and other stuff from facebook like sites (in the data if it was also captured, or just the fact that I visited there points to the fact I have a facebook account and gives the username so that can be looked at) In any case, if the ISP does not use a proxy and I use an external DNS, they will have to be sniffing everything that comes and goes.

HTTPS requests? That would reveal who I bank with

And all in one place, tied up neatly with a big pink bow and my name on it. Oh how happy that makes me. Thanks again GB and his dangerously IT illiterate cronies.

Even Paris wouldn't sniff *everything* that comes and goes...

0
0

Don't they already do this?

Several commentators seem to be still sleepwalking. See, e.g., Bill Thomson http://news.bbc.co.uk/2/low/technology/7226016.stm

"According to the Interception of Communications Commissioner, Sir Paul Kennedy, over 250,000 requests for access to this [communications traffic] data were made in the first nine months of 2007, an appalling extension of the state's powers of surveillance, and one that few of us are aware of.

And nearly 800 separate bodies can ask to see some or all of it. "

0
0
Pirate

weird

"The laws order the retention of who called whom, when and for how long but not the content of phone calls. The internet log retention orders will also mandate the keeping of information on a user's activity but not the content of any communications."

I do a lot of my work through a server abroad the client software I use applies encryption on the traffic. So my ISP would be able to tell that I am logging in to that server on a regular basis. So what? unless they start to analyse the content of the traffic or use spyware on my computer how are they suppose to have any information about my activity unless they analyse the content of the communication? My online activities and work are perfectly legal - but I see no reason for why criminals and especially terrorists would not use VPN and foreign servers for their online activities. This government order seems to be another one which is meaningful and will only annoy ordinary users - It appears to me that none but the most ignorant criminal and terrorist would be succesfully traced by this governmental order.

But then maybe this is only the first step towards an organised universal "phorming" of all UK netusers?

0
0
Silver badge

Freedom of Information?

Would it now be possible to get a FOI request to see all the websites MPs have visited?

By the way, it will include URLs. They will say it's not keeping the content of your communications but that will just be to stop people from reading the text of the bill where it does do really.

0
0
Paris Hilton

Tried and Failed

I'd welcome any tried and tested options for securely going about my business on the internet. I've tried anonymous proxy lists ( all down ), Tor ( too fiddly ) TorPark ( now Xerobank and chargable ) and none of them are reliable or fast enough to be practicle. I don't see how using an encrypted VPN will work as it has to have an endpoint, and that endpoint will be tracked.

I don't necessarily want it to be easy, but easier would be nice.

PH because she's easy.

0
0

Page:

This topic is closed for new posts.

Forums

Biting the hand that feeds IT © 1998–2018