back to article British politicians sign off on surveillance law, now it's over to the Queen

The UK's Investigatory Powers Bill has completed its passage through parliament and now only awaits Her Majesty's stamp of approval before becoming law. Also known as the Snoopers' Charter, the legislation has been criticised as being among the most onerous in the world upon the civilian population, and will require British …

Re: Sense of proportion

... will be fitted up with something.

2
0

Re: Sense of proportion

Governments love terrorists. As long as they're not actively targeting the government they make the government's job of taking money from the population to give to their prospective employers much easier.

Oh, and I'm sure I'm not the only person who doesn't give a shit what the Chinese government knows about me because they're not in a position to send me off to be tortured in some hellhole.

1
0
Silver badge

Re: Sense of proportion

@ Primus Secundus Tertius

I believe you're wrong there. A Chinese slurp is better for several reasons:

1) If you exercise reasonable precautions (and don't use your Android phone for banking or business secrets) there's not a lot the Chinese can do to you. Unless you give them the means to get at your money or company secrets (and if you're doing that on an operating system written by a marketing company you really have nobody but yourself to blame) you're out of their jurisdiction and they are not interested in you. Plus, for the price of their slurping, they have to pay a translator to be bored shitless; which isn't justice, exactly, but is nonetheless somehow vaguely pleasing.

2) The data bill covers every machine; not just one already shonky OS.

3) It's done by our own side by people who have powers to make your life crap for no reason at all.

4) It *will* be abused

2
0
Childcatcher

As Usual - it's unworkable

As with everything the UK government tries to do with computers, it will be an unmitigated disaster.

They have no idea of the sheer volume of data they'll be trying to harvest. The clueless overpaid software shysters will sell them all sorts of worthless "analysis" software to comb through the vast amounts of data they'll collect, and after they raid a few schools for children connecting to inappropriate websites, they'll quietly drop the nonsense after squandering squillions of quid of our money.....

10
0
Anonymous Coward

Re: As Usual - it's unworkable

An unmitigated disaster most certainly, but one that will probably leave a good deal of collateral damage in its wake before its quietly canned.

9
0

Re: As Usual - it's unworkable

I think you'll find that benefit disasters apart, various government agencies (GCHQ) are really quite good at handling vast amounts of data...and GCHQ USA (NSA) are better...and neither could really give a shit who is in power..

5
0

Re: As Usual - it's unworkable

It will work just fine. Whomever paid the government to put this into law will get to sell more data solutions. That's the point of this law.

1
1
Silver badge
Big Brother

Tuttle. Buttle.

Need I say more?

12
0
Silver badge
Big Brother

Eat the rich

If you want to keep a secret, you must also hide it from yourself.

George Orwell

6
0
Coffee/keyboard

Re: Eat the rich

> If you want to keep a secret, you must also hide it from yourself.

> George Orwell

To die hating them, that was freedom.

3
0
Anonymous Coward

VPN

it's much easier to focus your attention on those on VPN, than on browsing of the whole nation. So why exactly are you so keen on protecting your privacy, Mr Abhani of 32 Terror Close, that makes you so keen to pay for such services each month, eh?! Inquisitive minds want to know, and now they have VARIOUS vectors of approach to find out :/

4
0
Anonymous Coward

Re: VPN

Perhaps you're paying for a VPN service because you don't trust open wifi hotspots?

Or perhaps you're using a free service you get when you pay for Giganews usenet access. But VyprVPN do at least log when you're connected and what IP address you're assigned for time you're connected, mainly so they can pass on the blame to you in the case of DCMA stuff and I wouldn't doubt they log a lot more.

0
0
Anonymous Coward

Re: VPN

I imagine that many people use VPNs to stream media and avoid geolocking. Maybe not strictly legal, but perhaps not worth the hassle of surveillance/prosecution.

0
0

prepared for this..

My wife and I have all our devices running through privateinternetaccess, thanks to some user-created scripts it's working flawlessly on my opensuse boxes too

0
0
MJI
Silver badge

Working from home

My wife does some homeworking, including categorising web pages as safe and so on.

That will really mess up the logging.

1
0
Anonymous Coward

Re: Working from home

I still have a few scripts I knocked up ages ago for causing chaff to echelon.

They take a a file with a lost of words / phrases to search for.

Went through file, pinged the searches at a search engine & randomly went to one of the inks.

When end of file hit, start again

It repeated ad infinitum (or until parameter based limit reached)

Similar scripts running on lots of machines generates a lot of haystacks with no genuine needles.

0
0

Re: Working from home

Chaff variation:

Submarine ELF stations are always transmitting random data when not transmitting actual messages, so no assumptions can be made from transmission bursts.

In a similar way, I'll be running 24x7 a random IP address generator that will then, for a random number of minutes, do a random number of GETs to that IP address and any subpages that are returned..... both massively increasing and poisoning the haystack with random data, and obscuring my actual surfing.

When I've previously suggested doing this en-masse, someone suggested that this would only damage the ISPs rather than the government, and prices would then rise due to the need to store that extra data..... the market can only support a max price per subscriber. Once the ISPs' costs/subscriber rise above that max price/subscriber then ISPs are running at a loss; their CEOs will apply so much pressure to the Home Office that they will have to repeal at least the "retention of sites visited" part of this law, if not the whole thing.

Or they'll redefine "hacking" as also "visiting a website with no intention of viewing that website"... that'll be fun watching the CPS try to prove that, or proving that the GET came from Powershell rather than my Browser.

0
0
Silver badge

Re: Working from home

> In a similar way, I'll be running 24x7 a random IP address generator that will then, for a random number of minutes, do a random number of GETs to that IP address and any subpages that are returned..... both massively increasing and poisoning the haystack with random data, and obscuring my actual surfing.

If you do, be very careful.

I did some work a little while back examining the effectiveness of cover traffic on encrypted links.

You'll need to pay attention to the size of the response body and adjust the time between that and the next page accordingly (but not proportionally).

The time a human takes to switch between pages isn't consistent (we might load a huge page, read 1 sentence and click off because it looks crap, or lead a tiny page and take 5 minutes to read because we went and made a cuppa). But that's very different to random intervals as there is some correlation between the amount of text and the amount of time we spend reading.

You also need to make sure that the start and end times of your cover traffic aren't particularly consistent. Having a sleep at the beginning of the script helps a little, but if the traffic always starts within 60 seconds of quarter past the hour, it quickly becomes identifiable

> In a similar way, I'll be running 24x7 a random IP address generat

Don't do that. You don't want it running 24x7, you want it vaguely aligned to your sleep/wake cycle (as well as taking into account things like you going to work all day). Any traffic generated when there's a high probability it wasn't you gives an observer further means to analyse your countermeasures.

If they decide they're going to capture HTTP Host headers (which really, they'll want to), simply connecting to a given IP and requesting pages isn't going to do anything except make the traffic identifiable too.

There's a lot of other things to be considered too.

When observed over time (which is what an ICR will effectively be) the little differences in behaviour between a script and the average human become readily identifiable, and that's when the traffic is using an encrypted link. It's even harder with plaintext (which, to some extent, includes HTTPS because things like SNI are in the clear)

TL:DR running effective cover traffic is fucking hard, assuming your aim is to thwart anyone with any more than a passing interest.

0
0
Anonymous Coward

Re: Working from home

IMO Chrissy advice is good to create haystacks, while yours is good to create fake needles within those haystacks.

AC just to avoid sloppy people. We all know that El Reg will defend our PII with their own lives.

0
0
Stop

Two points

"Additional powers are legislated for, including offensive hacking,"

Is not all hacking offensive, can some types of hacking be in-offensive?

Did not the last Labour Government try to bring similar laws into force? If so, why did they now abstain in the vote for this?

0
0

Re: Two points

Is not all hacking offensive, can some types of hacking be in-offensive?

Penetration testing of systems that you own is pretty inoffensive.

Did not the last Labour Government try to bring similar laws into force? If so, why did they now abstain in the vote for this?

I would guess two reasons.

1) Current Labour hierarchy regards New Labour as the anti-Christ.

2) A bill which says "The government should have access to everyone's records, but should promise not to abuse it" doesn't sound at all scary when you are the government, but very scary when you're the opposition.

1
0
Silver badge
Meh

Can we see it?

Is this like the Data Protection Act or when the Police film a protest? That is, if I fill in a form and send in a tenner, do they have to tell me exactly what info they're keeping about me?

2
0
Silver badge

Chocolate Teapots 'r' Us

I only have one question …… Is anyone/anything exempted from surveillance ….. for such a facility will always be abused and taken advantage of for private and personal enrichment at the expense of others?

And/But surely there is nothing to be really worried about, for bad laws are never followed/obeyed and are always ignored by the smarter being and/or more enlightened citizen. The madness that abounds would be in the thinking that any such laws would make a great deal of difference.

The current elitist establishment systems of administration have much more of a burgeoning problem with sensitive secrets being openly shared randomly and spontaneously with everyone and their dogs, rather than with secrets and dirty deeds done dirt cheap being squirrelled away out of sight and sound on servers.

0
0
Silver badge
Big Brother

I am no security expert. What we need from one of you frighteningly clever chaps is an idiots guide to setting up this vpn

There's some really good security guides on the NSA and GCHQs websites. They even have some recommendations on good providers.

0
0
Silver badge

If NSA and GCHQ are recommending them, the natural assumption would be that they are compromised.

3
0
Silver badge

Two issues

First of course is the fact that if you believe the bull about elections the two parties involved .. .Labour and Conservative ... have been chosen by the majority of the idiots of this country to decide such matters for them. These people make choices based on interesting factors (he has a nice smile, his suit doesnt fit properly) and deliberate lies (we have lower taxes than they do...). Personally I think restricting the voting to people with an iq greater than 1 and enough interest to see what their 'representatives' actually do would create a far smaller number of votes and a better caliber of ruler.

Second given the mealy mouthed way our politicians and civil servants act and the downright dishonesty of the police (we didnt beat the newspaper sales man to death, we dont jump and down on peoples cars when we stop them and we certainly dont cause mass deaths in football stadiums...) I wonder at the idea that the isp keeps it for 12 months in case it is wanted for investigation. Does that mean that everyone is placed under investigation every 11 months and all data requested from the isps and then stored by gchq or the police national computer service for ever and ever (like dna samples).

1
0
Silver badge

anyone else having trouble

Running on chrome. when I go to post the page keeps jumping down as different adverts keep changing. Cant edit at all well

0
0
Bronze badge

Sign Off Required for Access to Records

Hi,

Not sure if this has been covered in the comments here - but on Ars Technica, someone has provided a list of authorities where only a sign off is required to access your records. The list is VERY long. See comment 12.

http://arstechnica.co.uk/tech-policy/2016/11/investigatory-powers-act-privacy-disaster-waiting-to-happen/?comments=1

It is stated in the comment as "the designated senior person" - so who it will be is unknown - but will each ISP know who they are and only accept requests officially - how is this controlled or vetted ?

Of note, some of the authorities that can access your details :

NHS ambulance service Trust

Food Standards Agency

Gambling Commission

Gangmasters Licensing Authority

General Pharmaceutical Council

Why on earth these organisations need access to your web history is unknown - but i don't think it is needed. There are more - just a sample given above.

Not sure where the list came from - could not find it.

Regards,

Shadmeister.

2
0
Silver badge

List

"Not sure where the list came from - could not find it." --- Shadmeister.

I don't think it is changed from the original draft bill (pdf) it's Schedule 4, page 168 or thereabouts.

0
0
Bronze badge

Re: List

Hi,

Thanks - the document i downloaded did not have that list - mine was the explanatory note - hence the reason it had the EN tagged in the filename - thought it meant English.

The most laughable or noteworthy person who can obtain ALL your records :

Duty Manager of Ambulance Trust Control Rooms

Why would a duty manager of a control room need your web history ?? - reasons are stated in the text elsewhere - but what checks are there that it was a bona fide requirement - it states to prevent death and injury etc., yet - how long before you get the records - will take weeks - and yet it is listed as an emergency.

Regards,

Shadmeister.

0
0

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2017