I expect to be arrested imminently for running an open home wifi router
Snoopers' charter rests in shallow grave - likely to rise again
The coalition government may need to bring in legislation in the final year of Parliament before a General Election is called that would allow spooks and police to see - at a "given point in time" - if a suspect could be linked to a certain IP address. In Wednesday's Queen's Speech, her Majesty made no mention of the Tory-led …
-
-
-
Thursday 9th May 2013 10:37 GMT Anonymous Coward
Re: Not "imminently"
''clearly intended to frustrate the need of law enforcement''
Or to allow my elderly low usage neighbours to email their kids in Australia
either I'm a hardened criminal organising terror vie the internet, or I'm helping out some old folk skyping their loved ones on a borrowed laptop
could go either way
-
Thursday 9th May 2013 18:09 GMT John Smith 19
Re: Not "imminently"
"either I'm a hardened criminal organising terror vie the internet, or I'm helping out some old folk skyping their loved ones on a borrowed laptop"
No.
When in doubt the civil servants behind this always come down on the "He's a wron'un" view.
Like Stalin, better a 100 innocents go down than 1 guilty man escapes.
-
-
Thursday 9th May 2013 14:03 GMT phuzz
Tor
Running a Tor exit node is pretty easy to set up, however, you'll probably find yourself getting cut off by your ISP in short order. For some reason they frown on (and often explicitly ban in their ToS) running an anonymiser on a home connection.
You'll also get nasty letters from basically everyone and their lawyer, especially if you don't configure your node to block bit-torrent traffic.
-
-
Thursday 9th May 2013 08:53 GMT Mad Mike
Stupidity
I'm not sure who is advising (if anyone) the government and more specifically the Home Office in this. They don't seem to realise that an IP can never be linked to a single human being, no matter what they do. At best, they'll be able to track it to an endpoint. However, who's using that endpoint? Unless they mandate userid/password logon (with logs retained) for every endpoint, unless they actively see the person using it, it could be anyone.
This also misses the fact that once the connection ends up in someones house or business, all bets are off. The best anyone (other than the owner) can say, is that it's somewhere within that house or business. No more. With NATing etc., routers, firewalls etc. in common use, anything more is practically impossible. At that point, you either make the owner of the internet connection liable for everything done over it, which is stupid, or you have no real proof of anything.
And what of hacking and viruses etc. If your computer is taken over by someone else as part of a botnet, are you still liable for what it does? Clearly, the government and their advisers need to speak to people with some reason and understanding of how the internet works, because they're not showing any. It may be a pain for the police and intelligence communities to actually have to do some real work, rather than just looking the answer up in some log somewhere, but that's the reality. I'm not sure what GCHQ are doing, but you would have thought a person or two from there could advise the government in some sense.
-
Thursday 9th May 2013 10:10 GMT Anonymous Coward
Re: Stupidity
What is the difference here between 'tracking' an IP, and using telephone data? From what you are saying above the same considerations would apply to, using the endpoint of an IP address, as would also apply to telephone data as circumstantial evidence.
I.e. just like inferring conclusions from IP information, using telephone calls as evidence, unless either seen or caught on CCTV, you still don't know who actually made the call.
Since you aren't sure what GCHQ are doing I would suggest they are advising the government along these lines?
-
Thursday 9th May 2013 15:08 GMT Mad Mike
Re: Stupidity
A telephone call is slightly different if you deal in content as well. As you might be able to voice match the participants, you might be able to prove individuals. Using the content of an email, you might possible as well. However, telephone interception does allow for the contents to be used. They're explicitly stating that content cannot be used for internet intercepts.
-
-
Sunday 12th May 2013 17:10 GMT Tom 35
Re: Stupidity
This is about retaining data. They can't make them keep a copy of the whole internet, but they want every connection made. They just had to figure out how to solve the problem of knowing who made the connection... or just pretend it's not a problem.
We have this guy, we don't like the look of him, must be up to something... tell us what he has been connecting to.
He was taking pictures with his iPad, then went into a coffee shop with free wifi. Must be a terrorist!
-
-
-
Thursday 9th May 2013 16:25 GMT Anonymous Coward
Re: Stupidity
Except that (fixed) telephones typically do not:
Change their physical location, address or owner on a frequent basis. And even mobile phones can be physically tracked by their association with transmitting equipment.
Change or renew their phone numbers on a regular basis
Have expiring phone numbers which can be re-used by other phones later.
etc.
Cyberspace is hard to police by design. Passing sweeping, ill-informed legislation helps no one, including the plods. Until her majesty and others realize that the Internet is not analogous to a hardwired telephone / telegraph network this sort of nonsense will continue.
-
-
Thursday 9th May 2013 10:48 GMT Anonymous Coward
Re: Stupidity
You are making the assumption that the government's aim is to draw up legislation that is sensible, balanced and uses best practices to identify suspects to a high degree of accuracy.
What they usually do is to make a believable mechanism that looks just careful enough to identify people they are interested in due to other information that has been gathered already.
As an example, do some Googling on the subject of Elms House, Anthony Blunt's pardon etc. and see why the establishment is going out of its way not to look too closely at evidence of deep depravity among the ruling classes. It doesn't matter who has been abused and the aim is not to find and prosecute the guilty nor to belatedly give justice to those that deserve it. It's to ensure that the guilt of the great and the good (cough splutter!) doesn't make it into the public consciousness.
The people that want to be in charge are interested in having power over others, it's hardly surprising that many of them also have interests in using that power on the weak and the vulnerable.
-
Thursday 9th May 2013 16:11 GMT Anonymous Coward
Re: Stupidity
But they can link an ip address at a certain time to a phone number, hence a person who pays the bill, even if the person is acting for a corporation, this is sufficient to apply pressure to investigate the usage of the connection.
See http://en.wikipedia.org/wiki/Hadopi
The bill payer is apparently responsible for the internet activity and the securing of the wifi router and connections.
-
-
-
Monday 13th May 2013 00:11 GMT Anonymous Coward
Re: This will come sooner or later.
The Chinese already outlaw and block TOR yet they fail to stop people from using 'bridges' to connect to the network.
If the UK follows suit, expect the UK to be listed on the "countries that restrict net access" lists and people will be nagged to help them as we do the Chinese currently.
-
-
-
Thursday 9th May 2013 09:27 GMT Mad Mike
I'm not so sure.
I have a strong suspicion this actually is politicians. With many high profile cases around the internet and criminals using it, they see it as an opportunity to show themselves as 'tough on crime' to the masses. Unfortunately, in this case, the masses probably know more about the technology than the politicians and therefore see right through the scam. Unfortunately, politicians aren't reknowned for having the intellect to know this.
-
Thursday 9th May 2013 14:51 GMT Primus Secundus Tertius
Re: I'm not so sure.
In our Great British democracy, politicians are much more representative of ordinary people than are civil servants. And half the population have below average intellect.
It would be rather more worrying if all politicians were above average. But we have, for example, an anti-scientific idiot representing somewhere in Leicestershire.
-
-
Thursday 9th May 2013 09:39 GMT taxman
Wrong Office
Your assumption is likely off target in that it would be from the 'ringleaders/advisors' in the Cabinet Office rather than civil service proper and the guys in the 'Doughnut' (yes we Brits spell words correctly).
Just linking a single bit of information to an IP address wouldn't be of any use. But monitoring one or several over a period would allow a half decent analyst to build up a profile of the users and pinpoint who they are with a great degree of accuracy. Without the need for the Home Secretary to allow the 'line' to be tapped.
-
-
Thursday 9th May 2013 09:13 GMT Anonymous Coward
Worse Than Jason Voorhees
This bill will keep coming back until it passes because the security services want it. Both the Tories & Labour seem hellbent on introducing it (it's probably only the Lib Dems who've prevent it's introduction), so we'll get it at some point in the future. Why is it terrible for places like China to have mass surveillance but for democracies like the UK it's reasonable? When we criticise China all they will do is point to us & say we have the same thing they do.
-
Thursday 9th May 2013 09:24 GMT Mad Mike
Re: Worse Than Jason Voorhees
Do the security services really want it though? Surely, any tech savvy person in the security services knows the information is of very limited use as it would rarely identify an individual 'beyond reasonable doubt' and therefore would add little to any trial. So, what's the point? Either, they're not really asking for it, or they intend to target people (and maybe prosecute them) using information that does not meet the required court standards. Maybe that's why they're very keen on secret courts and trials?
Why not cut out the middle man and simply charge anyone they fancy whenever they like on the basis there's something we don't like about them. Would make about as much sense.
-
Thursday 9th May 2013 12:04 GMT Amorous Cowherder
Re: Worse Than Jason Voorhees
"Do the security services really want it though?"
Not really, they have enough to do but the management in said services need to have some sort of justification for all the money they siphon from our taxes. Junkets to far flung places and new Bond style gadgets need to be paid for somehow!
-
-
-
Thursday 9th May 2013 09:14 GMT Miek
"In order to know who has actually sent an email or made a Skype call, the police need to know who used a certain IP address at a given point in time. Without this, if a suspect used the internet to communicate instead of making a phone call, it may not be possible for the police to identify them." -- This information is already stored by the ISPs in the form of DHCP/ARP logs and can be accessed by Police already. What's the problem, why is more legislation needed if they already have what they need?
-
Thursday 9th May 2013 09:21 GMT Mad Mike
Nope
But, that's the whole point. The information is not stored by the ISP. They can identify which endpoint (from their perspective) was associated with that IP at that time. However, that doesn't give a person. At best it identifies a house or business etc. Many people could have been using the internet service from within those addresses. So, what are they going to do? Make the owner of the line responsible for everything done by everybody on the line? That would be madness. The truth is that attribution can only be achieved through credentials and not any physical entity, whether ISP connection or whatever.
On the one hand, politicians always go on about getting everyone connected and the great business benefits and opportunities the internet brings. On the other hand, they're constantly trying to bring in stupid legislation like this, which will simply impinge on it.
-
Thursday 9th May 2013 09:48 GMT Richard 12
Re: Nope
This can't even identify a business or household either.
All it takes is for a connection to 'bounce' into and back out of one of them for the existing DHCP/ARP log and the purported IP connections logs to be completely and utterly useless.
How could that happen? Botnet, internal corporate network, distributed VOIP (torrents, Skype!)... All of which already exist and are in common usage, and except for the botnets for perfectly law-abiding reasons as well as the presumed 'black hats'.
There is no possible way to know if a given connection 'in/out' is in any way related to another 'in/out' connection from the logs - short of DPI with man-in-the-middle attacks and logging all the transmitted data. (How many petabytes per day?) Even that would only require encryption done 'mid-bounce' to make it utterly useless.
So truly, this is worse than useless in every possible way - not only does it require a loss of privacy on the part of every UK resident, even if it worked (which it can't), it could only serve to make the haystack several orders of magnitude bigger for the security services.
-
Thursday 9th May 2013 18:10 GMT preppy
Re: Nope
Agree completely. Scenario: I war-drive and find someone's open wi-fi, and use it to set up half a dozen one-time use free email addresses. Then I go down to Starbucks for a couple of hours, and use their "free wi-fi" signed on with some of these one-time email addresses. Of course, I'm spoofing my MAC address, and I pay with cash! How in the world will "the authorities" link my transactions at Starbucks back to me, unless the content I transmit or consume identifies me directly?
-
-
-
Friday 10th May 2013 08:17 GMT Mad Mike
Re: Nope
"That's how it works as I understand it."
To my knowledge, there has never been a case upheld in court (UK), where the owner of the connection has been held liable for what's been done over the line, unless it can be proven it was them. This is why they raid the house and seize computers etc. for analysis. If it was as simple as you suggest, once the connection is identified, you simply need to charge and it's job done. This isn't the case or what happens.
-
Friday 10th May 2013 16:27 GMT Miek
Re: Nope
"3.4. In addition to and without prejudice to your obligations pursuant to our Terms and Conditions, you agree to comply with (and ensure that others using the Services comply with) all applicable laws, statutes and regulations in connection with the Services. As the User of record, you are responsible for all use of your account, irrespective of use without your knowledge and/or consent. " -- Bam! Suck on that you ignorami
Excerpt taken from the following page: Virgin Media, Cable customer's Acceptable use policy
-
-
-
-
Thursday 9th May 2013 13:59 GMT MrXavia
I can't see how any of what they want to do is even possible....
I really would like to see them offer a scenario where they actually need to identify someone via the IP address...
So you know a skype call was made between two people... how?
track who sent an email, again how do you have the IP?
This is a serious fail by the governments advisors...
-
Thursday 9th May 2013 18:22 GMT John Smith 19
" What's the problem, why is more legislation needed if they already have what they need?"
They have to ask about someone specifically which needs things like evidence and "probable cause," what this gives them ( supposedly only "The Security Service," but RIPA demonstrated where those can be delegated down to) everyones without having to ask anyone for it.
-
Sunday 12th May 2013 17:41 GMT Tom 35
Don't forget cell phones
I go to one of the "what is my IP" sites and I see a public IP address. I look at the status on my phone and I see 10.200.x.x The cell phone network is using NAT.
Police need to know who used a certain IP address? Don't know could be hundreds of people using that address.
-