back to article Snoopers' charter rests in shallow grave - likely to rise again

The coalition government may need to bring in legislation in the final year of Parliament before a General Election is called that would allow spooks and police to see - at a "given point in time" - if a suspect could be linked to a certain IP address. In Wednesday's Queen's Speech, her Majesty made no mention of the Tory-led …

COMMENTS

This topic is closed for new posts.

Page:

  1. Anonymous Coward
    Anonymous Coward

    I expect to be arrested imminently for running an open home wifi router

    1. Anonymous Coward
      Stop

      Why?

      I think you might be paranoid.

    2. Anonymous Coward
      Anonymous Coward

      Not "imminently"

      But eventually, since your behaviour is clearly intended to frustrate the need of law enforcement to identify who is using an IP address at a given point in time.

      Naughty, naughty.

      1. Anonymous Coward
        Anonymous Coward

        Re: Not "imminently"

        ''clearly intended to frustrate the need of law enforcement''

        Or to allow my elderly low usage neighbours to email their kids in Australia

        either I'm a hardened criminal organising terror vie the internet, or I'm helping out some old folk skyping their loved ones on a borrowed laptop

        could go either way

        1. teebie

          Re: Not "imminently"

          "either I'm a hardened criminal organising terror vie the internet, or I'm helping out some old folk skyping their loved ones on a borrowed laptop"

          Same thing, apparently.

        2. John Smith 19 Gold badge
          Unhappy

          Re: Not "imminently"

          "either I'm a hardened criminal organising terror vie the internet, or I'm helping out some old folk skyping their loved ones on a borrowed laptop"

          No.

          When in doubt the civil servants behind this always come down on the "He's a wron'un" view.

          Like Stalin, better a 100 innocents go down than 1 guilty man escapes.

    3. Anonymous Coward
      Anonymous Coward

      Re: running an open home wifi router

      Run a Tor exit node. Then you can plausibly deny everything.

    4. phuzz Silver badge
      Stop

      Tor

      Running a Tor exit node is pretty easy to set up, however, you'll probably find yourself getting cut off by your ISP in short order. For some reason they frown on (and often explicitly ban in their ToS) running an anonymiser on a home connection.

      You'll also get nasty letters from basically everyone and their lawyer, especially if you don't configure your node to block bit-torrent traffic.

      1. Anonymous Coward
        Anonymous Coward

        Re: Tor

        It wouldn't surprise me to read that some ISPs already carry clauses in their ToS that prohibit open Wi-Fi as well as said anonymizers.

  2. DrStrangeLug
    Childcatcher

    Please won't somebody think of the children?

    Because over 99% children will spend the majority of their lives as adults.

    Think about whether you want them to spend their adult lives with the government watching everything they do online.

    1. Crisp

      Re: Please won't somebody think of the children?

      But pedoterrorists are coming to copy our music!

  3. Mad Mike

    Stupidity

    I'm not sure who is advising (if anyone) the government and more specifically the Home Office in this. They don't seem to realise that an IP can never be linked to a single human being, no matter what they do. At best, they'll be able to track it to an endpoint. However, who's using that endpoint? Unless they mandate userid/password logon (with logs retained) for every endpoint, unless they actively see the person using it, it could be anyone.

    This also misses the fact that once the connection ends up in someones house or business, all bets are off. The best anyone (other than the owner) can say, is that it's somewhere within that house or business. No more. With NATing etc., routers, firewalls etc. in common use, anything more is practically impossible. At that point, you either make the owner of the internet connection liable for everything done over it, which is stupid, or you have no real proof of anything.

    And what of hacking and viruses etc. If your computer is taken over by someone else as part of a botnet, are you still liable for what it does? Clearly, the government and their advisers need to speak to people with some reason and understanding of how the internet works, because they're not showing any. It may be a pain for the police and intelligence communities to actually have to do some real work, rather than just looking the answer up in some log somewhere, but that's the reality. I'm not sure what GCHQ are doing, but you would have thought a person or two from there could advise the government in some sense.

    1. Anonymous Coward
      Stop

      Re: Stupidity

      What is the difference here between 'tracking' an IP, and using telephone data? From what you are saying above the same considerations would apply to, using the endpoint of an IP address, as would also apply to telephone data as circumstantial evidence.

      I.e. just like inferring conclusions from IP information, using telephone calls as evidence, unless either seen or caught on CCTV, you still don't know who actually made the call.

      Since you aren't sure what GCHQ are doing I would suggest they are advising the government along these lines?

      1. Mad Mike

        Re: Stupidity

        A telephone call is slightly different if you deal in content as well. As you might be able to voice match the participants, you might be able to prove individuals. Using the content of an email, you might possible as well. However, telephone interception does allow for the contents to be used. They're explicitly stating that content cannot be used for internet intercepts.

        1. John Smith 19 Gold badge
          Unhappy

          Re: Stupidity

          "They're explicitly stating that content cannot be used for internet intercepts."

          Yes that concession was grudgingly inserted in the text.

          I'm quite sure most of the people really behind this are mentally adding the word "yet" to the relevant sentences.

          1. Tom 35

            Re: Stupidity

            This is about retaining data. They can't make them keep a copy of the whole internet, but they want every connection made. They just had to figure out how to solve the problem of knowing who made the connection... or just pretend it's not a problem.

            We have this guy, we don't like the look of him, must be up to something... tell us what he has been connecting to.

            He was taking pictures with his iPad, then went into a coffee shop with free wifi. Must be a terrorist!

      2. Anonymous Coward
        Anonymous Coward

        Re: Stupidity

        Except that (fixed) telephones typically do not:

        Change their physical location, address or owner on a frequent basis. And even mobile phones can be physically tracked by their association with transmitting equipment.

        Change or renew their phone numbers on a regular basis

        Have expiring phone numbers which can be re-used by other phones later.

        etc.

        Cyberspace is hard to police by design. Passing sweeping, ill-informed legislation helps no one, including the plods. Until her majesty and others realize that the Internet is not analogous to a hardwired telephone / telegraph network this sort of nonsense will continue.

    2. Anonymous Coward
      Big Brother

      Re: Stupidity

      You are making the assumption that the government's aim is to draw up legislation that is sensible, balanced and uses best practices to identify suspects to a high degree of accuracy.

      What they usually do is to make a believable mechanism that looks just careful enough to identify people they are interested in due to other information that has been gathered already.

      As an example, do some Googling on the subject of Elms House, Anthony Blunt's pardon etc. and see why the establishment is going out of its way not to look too closely at evidence of deep depravity among the ruling classes. It doesn't matter who has been abused and the aim is not to find and prosecute the guilty nor to belatedly give justice to those that deserve it. It's to ensure that the guilt of the great and the good (cough splutter!) doesn't make it into the public consciousness.

      The people that want to be in charge are interested in having power over others, it's hardly surprising that many of them also have interests in using that power on the weak and the vulnerable.

    3. Anonymous Coward
      Anonymous Coward

      Re: Stupidity

      But they can link an ip address at a certain time to a phone number, hence a person who pays the bill, even if the person is acting for a corporation, this is sufficient to apply pressure to investigate the usage of the connection.

      See http://en.wikipedia.org/wiki/Hadopi

      The bill payer is apparently responsible for the internet activity and the securing of the wifi router and connections.

  4. CAPS LOCK
    Unhappy

    This will come sooner or later.

    Together with outlawing of technologies like TOR and so on. As usual only the dimest of terrorist and perverts will be caught, along with a significant number of the innocent and naive.

    1. Anonymous Coward
      Anonymous Coward

      Re: This will come sooner or later.

      The Chinese already outlaw and block TOR yet they fail to stop people from using 'bridges' to connect to the network.

      If the UK follows suit, expect the UK to be listed on the "countries that restrict net access" lists and people will be nagged to help them as we do the Chinese currently.

  5. LinkOfHyrule
    WTF?

    Bunch of knobs

    Just tattoo an IP address to my face and be done it!

    1. LinkOfHyrule
      Paris Hilton

      Re: Bunch of knobs

      ...and while you're at it, tattoo a MAC address to my bum cheeks! Along with my default admin password!

      Insert finger to restore to factory settings!

      1. Brewster's Angle Grinder Silver badge
        Coat

        Re: Bunch of knobs

        "...and while you're at it, tattoo a MAC address to my bum cheeks! Along with my default admin password!"

        Would that be a dirty-MAC address?

        Can you hand me my—

        Oh, you appear to be wearing it already yourself.

        1. LinkOfHyrule
          Joke

          Re: Dirty macs

          I'm not a member of the mucky mac brigade! I use Windows and Android!

      2. Anonymous Coward
        Anonymous Coward

        Re: Bunch of knobs

        Insert finger to restore to factory settings!

        Shouldn't that be

        Insert finger to reset / reboot

        Insert dick to restore to factory settings!

        ?

    2. hplasm
      Happy

      Re:Just tattoo an IP address to my face

      I agree- but not mine...

  6. Anonymous Coward
    Anonymous Coward

    The Price of Freedom

    is eternally telling the Home Office to get a grip.

    Apparently, a Home Office spokesman recently said: "Crime continues to fall – recorded crime is down by more than 10% under this government. England and Wales are safer than they have been for decades."

  7. IDoNotThinkSo

    It clearly isn't the politicians that come up with these ideas. Someone 'persuades' them by telling all sorts of horror stories.

    Who is the ringleader in the civil "service" at the Home Office? That's where the problem lies.

    1. Mad Mike

      I'm not so sure.

      I have a strong suspicion this actually is politicians. With many high profile cases around the internet and criminals using it, they see it as an opportunity to show themselves as 'tough on crime' to the masses. Unfortunately, in this case, the masses probably know more about the technology than the politicians and therefore see right through the scam. Unfortunately, politicians aren't reknowned for having the intellect to know this.

      1. Primus Secundus Tertius

        Re: I'm not so sure.

        In our Great British democracy, politicians are much more representative of ordinary people than are civil servants. And half the population have below average intellect.

        It would be rather more worrying if all politicians were above average. But we have, for example, an anti-scientific idiot representing somewhere in Leicestershire.

      2. Anonymous Coward
        Anonymous Coward

        Re: I'm not so sure.

        Don't forget the criminally stupid masses that think that the dailymail is the gospel truth!

    2. taxman
      Big Brother

      Wrong Office

      Your assumption is likely off target in that it would be from the 'ringleaders/advisors' in the Cabinet Office rather than civil service proper and the guys in the 'Doughnut' (yes we Brits spell words correctly).

      Just linking a single bit of information to an IP address wouldn't be of any use. But monitoring one or several over a period would allow a half decent analyst to build up a profile of the users and pinpoint who they are with a great degree of accuracy. Without the need for the Home Secretary to allow the 'line' to be tapped.

    3. Anonymous Coward
      Anonymous Coward

      the ringleader in the civil "service" at the Home Office?

      Charles Farr. HTH.

      https://en.wikipedia.org/wiki/Charles_Farr

    4. John Smith 19 Gold badge
      Unhappy

      "Who is the ringleader in the civil "service" at the Home Office? That's where the problem lies."

      There is a "Communications Capabilities Modernisation unit" within the Home Office.

      You might like to start putting them under surveillance.

  8. Anonymous Coward
    Anonymous Coward

    Worse Than Jason Voorhees

    This bill will keep coming back until it passes because the security services want it. Both the Tories & Labour seem hellbent on introducing it (it's probably only the Lib Dems who've prevent it's introduction), so we'll get it at some point in the future. Why is it terrible for places like China to have mass surveillance but for democracies like the UK it's reasonable? When we criticise China all they will do is point to us & say we have the same thing they do.

    1. Mad Mike

      Re: Worse Than Jason Voorhees

      Do the security services really want it though? Surely, any tech savvy person in the security services knows the information is of very limited use as it would rarely identify an individual 'beyond reasonable doubt' and therefore would add little to any trial. So, what's the point? Either, they're not really asking for it, or they intend to target people (and maybe prosecute them) using information that does not meet the required court standards. Maybe that's why they're very keen on secret courts and trials?

      Why not cut out the middle man and simply charge anyone they fancy whenever they like on the basis there's something we don't like about them. Would make about as much sense.

      1. Amorous Cowherder
        Happy

        Re: Worse Than Jason Voorhees

        "Do the security services really want it though?"

        Not really, they have enough to do but the management in said services need to have some sort of justification for all the money they siphon from our taxes. Junkets to far flung places and new Bond style gadgets need to be paid for somehow!

      2. Anonymous Coward
        Anonymous Coward

        Re: Worse Than Jason Voorhees

        "Why not cut out the middle man and simply charge anyone they fancy whenever they like on the basis there's something we don't like about them.

        What a retired policeman once said was the policeman's favourite - a "Martini Law" - "anyone, any time, any place"

  9. Miek
    Childcatcher

    "In order to know who has actually sent an email or made a Skype call, the police need to know who used a certain IP address at a given point in time. Without this, if a suspect used the internet to communicate instead of making a phone call, it may not be possible for the police to identify them." -- This information is already stored by the ISPs in the form of DHCP/ARP logs and can be accessed by Police already. What's the problem, why is more legislation needed if they already have what they need?

    1. Mad Mike

      Nope

      But, that's the whole point. The information is not stored by the ISP. They can identify which endpoint (from their perspective) was associated with that IP at that time. However, that doesn't give a person. At best it identifies a house or business etc. Many people could have been using the internet service from within those addresses. So, what are they going to do? Make the owner of the line responsible for everything done by everybody on the line? That would be madness. The truth is that attribution can only be achieved through credentials and not any physical entity, whether ISP connection or whatever.

      On the one hand, politicians always go on about getting everyone connected and the great business benefits and opportunities the internet brings. On the other hand, they're constantly trying to bring in stupid legislation like this, which will simply impinge on it.

      1. Richard 12 Silver badge
        FAIL

        Re: Nope

        This can't even identify a business or household either.

        All it takes is for a connection to 'bounce' into and back out of one of them for the existing DHCP/ARP log and the purported IP connections logs to be completely and utterly useless.

        How could that happen? Botnet, internal corporate network, distributed VOIP (torrents, Skype!)... All of which already exist and are in common usage, and except for the botnets for perfectly law-abiding reasons as well as the presumed 'black hats'.

        There is no possible way to know if a given connection 'in/out' is in any way related to another 'in/out' connection from the logs - short of DPI with man-in-the-middle attacks and logging all the transmitted data. (How many petabytes per day?) Even that would only require encryption done 'mid-bounce' to make it utterly useless.

        So truly, this is worse than useless in every possible way - not only does it require a loss of privacy on the part of every UK resident, even if it worked (which it can't), it could only serve to make the haystack several orders of magnitude bigger for the security services.

        1. preppy

          Re: Nope

          Agree completely. Scenario: I war-drive and find someone's open wi-fi, and use it to set up half a dozen one-time use free email addresses. Then I go down to Starbucks for a couple of hours, and use their "free wi-fi" signed on with some of these one-time email addresses. Of course, I'm spoofing my MAC address, and I pay with cash! How in the world will "the authorities" link my transactions at Starbucks back to me, unless the content I transmit or consume identifies me directly?

      2. Miek
        Linux

        Re: Nope

        "So, what are they going to do? Make the owner of the line responsible for everything done by everybody on the line" -- That's how it works as I understand it.

        1. Mad Mike

          Re: Nope

          "That's how it works as I understand it."

          To my knowledge, there has never been a case upheld in court (UK), where the owner of the connection has been held liable for what's been done over the line, unless it can be proven it was them. This is why they raid the house and seize computers etc. for analysis. If it was as simple as you suggest, once the connection is identified, you simply need to charge and it's job done. This isn't the case or what happens.

          1. Miek
            Linux

            Re: Nope

            "3.4. In addition to and without prejudice to your obligations pursuant to our Terms and Conditions, you agree to comply with (and ensure that others using the Services comply with) all applicable laws, statutes and regulations in connection with the Services. As the User of record, you are responsible for all use of your account, irrespective of use without your knowledge and/or consent. " -- Bam! Suck on that you ignorami

            Excerpt taken from the following page: Virgin Media, Cable customer's Acceptable use policy

            1. Anonymous Coward
              FAIL

              Re: Nope

              > Bam! Suck on that you ignorami

              Fortunately Virgin's T&Cs do not constitute statute law, at least that's how it was the last time I looked.

              You never know, though. Richard is pretty influential these days....

    2. MrXavia
      FAIL

      I can't see how any of what they want to do is even possible....

      I really would like to see them offer a scenario where they actually need to identify someone via the IP address...

      So you know a skype call was made between two people... how?

      track who sent an email, again how do you have the IP?

      This is a serious fail by the governments advisors...

    3. John Smith 19 Gold badge
      Unhappy

      " What's the problem, why is more legislation needed if they already have what they need?"

      They have to ask about someone specifically which needs things like evidence and "probable cause," what this gives them ( supposedly only "The Security Service," but RIPA demonstrated where those can be delegated down to) everyones without having to ask anyone for it.

    4. Tom 35

      Don't forget cell phones

      I go to one of the "what is my IP" sites and I see a public IP address. I look at the status on my phone and I see 10.200.x.x The cell phone network is using NAT.

      Police need to know who used a certain IP address? Don't know could be hundreds of people using that address.

Page:

This topic is closed for new posts.

Other stories you might like