Gosh! You mean ...
.. to say that the current government are just as much a bunch of liberty eroding, statist, authoritarian super cocks as the last one ?
Well fuck me, who would have thought ?
The coalition government has approved a multibillion-pound plan by the intelligence agencies to store details of every online conversation. The reemerging Interception Modernisation Programme (IMP) means internet providers will be forced to install interception equipment in their networks to capture details of who contacts …
The terrorists have already won so why bother.
It be daft to come here as we're only a week or so behind you.
We don't have original ideas here in Australia! We'd require googolplex years to spawn any original thought whatsoever.
But we're in the Nobel prize class when it comes to copying authoritarian law enforcement shit from others. Even Einstein'd run a poor second.
Frankly, you'll have to find somewhere in the non-English-speaking world, as the whole English-speaking world is similarly infected with this Orwellian totalitarianism. You mob lead the pack, we're next in line.
Futurologists extraordinaire Orwell hit the bulls-eye in 1948. Tragically, we citizens didn't bother listening, now whammo!
…Better prepare yourself now, here's your lines:
"He gazed up at the enormous face. Forty years it had taken him to learn what kind of smile was hidden beneath the dark moustache. O cruel, needless misunderstanding! O stubborn, self-willed exile from the loving breast! Two gin-scented tears trickled down the sides of his nose. But it was all right, everything was all right, the struggle was finished. He had won the victory over himself. He loved Big Brother."
Is that it has out-evolved the lying, money grubbing scum who make the "law"
Good crypto contains one or more layers of additional encrypted content which is concealed in such a way as to make it impossible to prove that it even exists, thus defeating the stazi when they whip out their "passwords or prison" legislation. Methods such as steganographic encryption have been available for some time and are freely available.
More to the point however, if we all use VPNs to states that have privacy laws then they will have to get a warrant and serve it on you to gain access to the list of every website you have ever visited, every person you have ever had an email from etc. In this way at least you will know when Cressida Dickhead and the Met Death Squad are coming to kill you for being a plumber, in the meantime the illegal immigrant working for NCP can't go phishing through your records and target you for identity fraud.
Time we gave the whole lot of lying vermin in parliament concrete boots and threw them in the Thames as an example to future politicians, scum.
That's a nice fantasy, I would argue with it at length, but I think this is succinct enough
And if you truly believe that your "plausibly deniable" truecrypt volume doesn't look like exactly what it is to anyone with a clue, you have been severely mislead.
As Bruce Schneir is won't to say, if you think crypto is the answer to your problem, you probably haven't understood crypto, or your problem.
"Time to start getting serious about encryption then"
Well, that will stop them from reading the content of your communications that they promised they wouldn't, but it won't stop them from being able to see who you are comm'ing with. For that you need some kind of endpoint obfuscation as well.
Course, if every single byte in and out of your domestic DSL is encrypted traffic routed through a VPN or TOR node, it will show up like a sore thumb in the data mining that they promised that they wouldn't do. And then your name will also go on the list that they promised they wouldn't make. Not to mention the five years in chokey they'll threaten you with when they come for your keys.
So unfortunately, in this case, it's much much worse than a glib "we'll get around it with crypto/VPN/TOR" would suggest.
Of course, all of the above assumes that any government agency is capable of running such a large project without fucking it up. Then again, GCHQ already have plenty of experience of using big iron to do SIGINT, so if anyone can, it's probably them.
"Of course, all of the above assumes that any government agency is capable of running such a large project without fucking it up. Then again, GCHQ already have plenty of experience of using big iron to do SIGINT, so if anyone can, it's probably them." ..... The Other Steve Posted Wednesday 20th October 2010 22:12 GMT
I wonder whether GCHQ has a Virtual Terrain Team programming Cyber Certainty into the Cyber Security Office Machine ..... for a Greater Order into Vanquishing Chaos with Virgin Intellectual Projects and dDutch Initiative in a Sublime Joint Turing Adventure?
And if not, why not, whenever it is available? Whose Narrative and Agenda are they Servering with the Cheltenham Machine Node.
Of course, the problem is that even if you encrypt your access to Facebook (for example), whoever you communicate with on Facebook won't necessarily do so, so you don't really gain much from that...
Of course, any serious criminals or terrorists will all just use encryption. So what's the point?
...last one to leave, please turn of the...well you know!
So that's was fun while it lasted, wasn't it? I did enjoy the illusion of privacy we had, we had a few laughs. So now we head to a nasty little spied on despotic state, I realise they probably watch a lot more than we know already, but it's hearing it confirmed that basically the UK Gov consider us ALL to be terrorists and ne'er-do-wells of the highest order.
Oh well, I'll be signing off now, cutting my internet down to minimum and sending my mobile back.
Landlord, same again please!
While hunting down at best incompetent terrorists (the guy that drove the car into the crowd the other night proving that if we were facing competent terrorists we'd be cock deep in corpses by now), more likely none existant terrorists, they will be spying on every single person who is online.
On the other hand imagine the pure comedy of the system "sir to day it seems Mr Fiddlybuck and Mr Tinhammer are planning on building an airship to attack the highlands! We must mobilise!"
"The HACK! guild have declared war on the PIRATES! guild apparently they don't like their hats or prancy songs, this could be bad!"
"Mandy has unfreinded Jim" I sense a conspiracy.
and how much of it will be
"BuY C0Ck L0ngar Pil1$ half Pric3!!! S4Ve $$$"
On the other hand how many seconds until they use it to find "perverts" and then how many minutes until the record labels and movie companies have access to it?
....VPN then, preferably terminated somewhere that doesn't respond to requests for surveillance.
In any case, who can trust this no warrant/warrant required distinction? We don't know what is being hoovered up and they won't use these intercepts in court so who is ever going to know what has been collected?
The price of freedom is accepting that you might be one of those killed by the lunatics....
Anybody serious about hiding stuff from prying eyes is going to be using encryption anyway, which will most likely take decades to break. Hang on, I have a solution to that problem, let's just log all your traffic then ask you for the encryption key and lock you up if you refuse...
If the data only exists between keyboard of Bob and the screen of Alice and is encrypted in transit using negotiated Diffie Hellman session keys which are disposed of securely after each session, even if Eve Spook can get Bob's or Alice's or both permanent passwords through threat of imprisonment she won't know the content of the session because the session keys are not derivable from what Eve knows (assuming the cryptography is setup with options which ensure perfect forward secrecy). Eve might be able to get the endpoint addresses, but if both Bob and Eve are using their own VPNs to servers in privacy respecting countries then Eve will need cooperation from the countries hosting the VPN servers just to know who was talking to whom and when, and without being able to obtain the content.
So all this monitoring is optional for those who can't be bothered enough to avoid it. Real terrorists, organised criminals and spies and others with strong privacy needs and the knowhow and budgets to secure communications will do so. The government is going after the low hanging fruit. DH key negotiation with PFS properties is embedded in too many widely used libraries (e.g. SSL) and has been used for too long for governments to be able to ban it anytime soon.
It's technically possible for them to grab this information. Therefore suddenly it's necessary - the country is doomed unless they are allowed to grab it.
They have to destroy our freedom in order to defend it against all the threats they loudly claim are trying to destroy it.
Perhaps they would like to publicly state what information about us they would *not* demand to grab if it were technically possible and not legally forbidden? Could there be any such thing? At all?
Or what conditions would have to apply for the country to *not* be threatened by bogey-men, so they wouldn't need all those powers? Again, could there be any such thing?
For a government who is supposed to be saving money, they sure like wasting it. How many schools could be built for this waste of money?
So all my innocent communications will be logged but not those of the terrorist because he uses encryption and goes through an anonymous proxy for all his nefarious doings.
I guess this puts Mr. Orwell in first place as the most prescient science fiction writer, (nay human being) in all of history.
Not that I'm offering advice, but what would happen to their interception program if some enterprising Russian Business Network anarchist was to send tens of thousands of short, encrypted, email messages a second from a "zombie pc network"?
Apparently, not even the CIA/NSA/MI6 can actually stop these things (since the Viagra spam never really stops), the messages don't actually have to be received by anyone, only sent and they don't have to mean anything, just look like they are a 'threat" since they are encrypted. Perhaps a .jpg of an upraised middle digit with one pixels worth of steganographic message saying "Piss Off You Wanker!"
Seems to me that Big Brothers "Eye of Sauron" would run out of storage capacity, processing speed and bandwidth in a very short time, rendering the whole thing impotent.
Let alone the fact that there would not be enough people in the world that could review all of the flagged emails.
Just so there are no misconceptions, the aforementioned statements are the paranoid delusions of an aspiring fiction writer. Any resemblance to actual events is purely coincidental.
. . . there is a subtle difference in the proposal.
The data silo(s) will be held by the comm's companies, not by GCHQ. Which would be identical to the data that the phone companies habitually keep about you.
Don't get me wrong, I dislike this intensely, but it is a different proposal than the GCHQ data hoover that LieBore suggested putting in place.
And for the poster above (and no doubt others not yet on the boards), Guy Fawkes wanted to kill a Protestant king and replace him and the parliament with one dictated to by a Catholic church. Because that wouldn't in any way be worse than what we currently have, having a church based moral crusader running the country, no, not worse at all . . . idiots.
"The data silo(s) will be held by the comm's companies, not by GCHQ. ... it is a different proposal than the GCHQ data hoover that LieBore suggested putting in place."
Before Labour got booted out, the original plans were changed to have ISPs actually hold the data, and even do some preparatory processing (IIRC). So this isn't really a different proposal after all.
"Which would be identical to the data that the phone companies habitually keep about you."
Rubbish. Phone companies don't keep track of who I send and receive mail from. They don't keep track of which magazines and books I read, which radio programmes I listen to and which TV stations I watch and when. They don't keep track of who I meet up with down the pub, which clubs and societies I join and participate in, etc, etc.
The idea that this is nothing more than "maintaining capability" is a massive lie. A change in government hasn't changed that obvious fact.
. . . now shall we ??
I said that the data hoover by ISP's was no different to phone companies - tracking who you contacted, when and for how long is precisely how phone companies bill you (on mobile networks, it will also include where you called from, since the cell tower will be logged).
Retaining the header data for online activities is no different - who did you contact, when and for how long can all be determined from that.
The payload data is the scarey bit, though it's been claimed that that wont be collected without a wiretap court order (as per a phone line).
Worth noting that for a service such as Facebook, communications data (eg. who your friends are) is contained *in* the payload. There's much debate about whether that actually makes it communications content in law - the gov says no.
Also interception of content in the UK does not require court order, only a signature from the Secretary of State.
Yes, I know what you said, but you're still wrong.
Look at my examples again:-
"Phone companies don't keep track of who I send and receive mail from." I didn't say anything about the contents, just who the senders and recipients are. When I send a letter through the post, the phone company knows nothing about it. With email, they do. So it's not the same as it used to be.
"They don't keep track of which magazines and books I read, which radio programmes I listen to and which TV stations I watch and when." When I go into the newsagents and buy some magazines to read, the phone company knows nothing about it. Same with buying books in bookshops, visiting the local library (as long as I don't borrow any books, in which case the library knows), listening to the radio and watching TV.
Online, if I visit websites with magazine-like content, my ISP will know which websites they are. And they often don't have to look at the IP packet payloads to see the contents, since they can often just visit the same websites and see for themselves. And when buying books from Amazon, my ISP can watch me browse and note that I'm making purchases, which are recorded by my credit/debit card providers. Where and when I'm streaming radio and TV from can also be tracked when it's over the internet. This is obviously a lot more than what telephone companies are recording for traditional telephony.
"They don't keep track of who I meet up with down the pub, which clubs and societies I join and participate in, etc, etc." Again, I didn't say they'll be recording the contents of pub conversations or watching what goes on in private club meetings and the like, just keeping track of who, when and where. Facebook is perhaps one of the most obvious examples for this. It's still clearly way beyond the call logging done for traditional telephony.
This is so obviously such a massive expansion of existing logging that when you claim it's "no different to phone companies", I've got to wonder: are you trolling?
I meant snail mail. Not email.
But even with email, I was responding to the comparison with phone companies and traditional telephony, which would still leave email being an example of something not tracked by such phone companies (as just traditional phone companies, not when they're acting as ISPs). Tracking senders and recipients of email is an example of a relatively new capability, rather than maintaining an existing capability from the age of traditional telephony.
Now we see why they didn't outlaw Deep Packet Inspection, to protect everyone's privacy, because these two faced fuckers wanted to use it as well!
We are moving towards a jaw dropping level of Orwellian spying on everyone, faster that just about anyone could have imagined possible even just ten years ago! … and to think of all the infuriating lies and manipulation they have used to take us to this point is sickening!. They are very evidently showing they are really working against us, not for us. We are to them, being treated like the enemy to be spy on and they are utterly betraying the principles of this country to create their police state. That literally makes it an act of outright criminal treason against our country and all of us, as in “a violation of allegiance to one's sovereign or to one's state.”. They act like they consider us the enemy! … yet they work for us!!!
The question now is what to do about it. Discussing and negotiating with them has failed. They show they don't listen to anyone. Nothing we say will stop them and any attempt to speak of fairness and privacy leads them to believe we are trying to hide something, so they try to spy even more, so no way of stopping them pushing toward as they continue to add ever more spying on all of us.
So I have to ask, WTF kind of totalitarian police state regime do they really expect and want us to live under! What will finally make them happy! How much more spying do we have to suffer! When is enough really enough!
<silliness on>This is not just "moving towards a jaw dropping level of Orwellian spying on everyone"... THIS is like two politicians doing an uppercut to the jaw while tickling the publics nads while yet a third is doing unorthodox proctologie deep pack-it end-spec-shun. (What? You felt something? That is not us, umm, not me. It's THEM, those who will destroy you...)
Too bad Earth is not as big as Jupiter or Uranus -- there might have been unoccupied lands to colonize after fleeying tyranny at home. Wait -- check that... all unoccupied continents would be taken by wealthy or by government to keep the masses in check, contained, agitated, and easier to tax (economically and mentally).
Seriously, though. There's nowhere to go. Can't you vote them out? Raise voter hell, or something? Or, will you all end up like an Episode of MI-5 i watched on DVD, where a combination of wealthy and Home Security types manipulated police, military, and public to create riots to inflate the need for absolute power....
The same is happening here, or will be... Hold on... someone's knocking at my 232r)*&)*4$#@#$#$ (lost carrier)
OK, so if the ISP is recording all communication over the Internet, how prey-tell, do they expect to tell who was sending any given communication? They planning on banning NAT or sommat? Mandatory webcams so they can see who was sat at the keyboard?
Same problem faced by them dubious copyright lawyers; no evidence as to who.
Perhaps they need to introduce something akin to S172 RTA... Can just see it now...
"On 1at April 2011, at 12:34:35.6789, a IP packet from 192.168.1.1 to 666.666.666.666 was sent over an Internet connection, of which you appear to be the registered keeper...Please identify the individual who caused this packet to be sent else we'll prosecute and you'll get a huge fine..."...
And the technology that implements VPNs is universally available. It doesn't take much to make a webserver use HTTPS instead of HTTP. The world's datacentres are full of physical and virtual machines which are administrated remotely using SSH, which uses the same SSL library used by HTTPS. OpenVPN uses the same crypto library again. Many companies require employee remote logins to operate over a VPN, and have the IT support staff to configure laptops etc. accordingly. So the use of strong crypto is so widespread it isn't notable in and of itself.
Out of the ordinary encryption is likely to be more easily broken than ordinary crypto, because the popular stuff has been more thoroughly peer reviewed and tested. GCHQ/NSA are more likely to break the ordinary stuff through poor passwords, lack of endpoint security and side channel attacks than through weaknesses in the algorithms themselves, but this is expensive enough that they will confine themselves to the few surveillance targets that justify the cost.
Normally I post everything I say online under my own name, I'm not ashamed of my opinions. On this occasion, given the subject matter, I'm taking the very rare step of posting anonymously...
I can't express how angry I am.
If you photograph something in the street you're at risk of being arrested, searched and harassed despite having broken no laws. Nobody will be punished for doing this to you.
You've done nothing wrong, but the government lets the police follow your car with ANPR cameras, keeping the data for 2 years.
If you exercise your rights to lawful protest, the police will identify and track you. Later they will use those selfsame ANPR cameras to dispatch chase vehicles to stop and search you, with no lawful basis. Nobody will be punished for doing this to you.
You've done nothing wrong, but the government wants to know who you email.
You've done nothing wrong, but the government wants to know what you read online.
You've done nothing wrong, but the government want to know what you buy online.
You've done nothing wrong, but the government want to know who you telephone.
All of the above are clearly against the law of this country; there is no reasonable basis for claiming that they meet the necessity or proportionality tests of our human rights laws. Human rights laws that were specifically created as a response to what we saw happen in the second world war.
I recall Tony Blair, speaking about the BAE bribery case, saying that we needed to "Balance the rule of law against National Security". I cannot imagine how you can "balance the rule of law" against anything.
My father was wounded, risked this life and watched his mates die in the second world war so that I could live in a free society. Were he still alive I'm sure that what this bunch of utter crooks and scoundrels are doing to British society would look to him a lot like what he was fighting against.
If one 'enjoys' the kind of attention that goes with being a criminal, if one is harassed and punished like a criminal what incentive does one have to behave? If one is a permanent suspect what is the impetus to behave innocently? If the state treats your rights with contempt what message does it send about how you should treat other's rights?
Government after government has chipped away at the rights of individuals and we've reached the point where this has to stop and the tide must be turned. Make no mistake, I think this is the issue for our age. Forget deficits, forget global warming (for a while, it's not like they'll make any actual progress on fixing it soon), If we permit this utter contempt for the rights of individuals to continue we'll be living in a fully fledged police state within five years.
The year before last I was discussing this with David Carnigie, a member of the House of Lords, now sadly deceased. He feared that if good people don't find a lawful, peaceful way to stem the tide, and do so soon, there was a genuine risk that we'd see the issue resolved violently. I fact, his answer when I asked him what would happen if we couldn't reverse the trend was two words "Civil war". I thought then he was overstating the case, now I fear he might be right.
Meantime what few real terrorists and serious crooks there are will just send each other letter and postcards.
This is an entirely disproportionate response to whatever threat is perceived by those that (presumably) know about these things. There cannot possibly be sufficient people committing the sort of crime in the sort of amount that warrants putting an entire population under surveillance. Unless, just maybe, they know that there are going to be events that will make enough people angry enough to threaten the country from within. In no particular order:
1. lack of electricity after they start switching off the power stations not long from now.
2. Insufficient food supplies - I've seen forecasts that many people in big cities are only 36 hours away from serious food shortages if the supply chain is broken.
3. Lack of water due to drought conditions and wastage.
4. Disruption of gas supplies.
No doubt there are others. None of these need terrorist action, and all would tend towards a population with trouble on its mind.
@"I'm taking the very rare step of posting anonymously"
Sadly posting anonymously won't make any difference. Deep Packet Inspection technology will allow them to know who posts what, when and where and who reads web pages with your comments on them. On top of this, automated data mining will be able to scan every post you make and read every page you read. (Plus look how much Google can scan, the government only needs to do same kind of scanning or even easier, be sold subversive web site lists from Google).
Its actually even easier than this most of the time because all they need to do is just have to list web sites they consider subversive, e.g. wikileaks and they will be able to see who looks at these web sites to then label you on their computers as higher probability of being more politically active against the state.
In fact even theregister.co.uk could be giving a lesser politically active label status simply as we discuss political moves they make on this site.
The Reg really needs to dig more into this to then tell us all what is going on. This story needs to be spread far and wide so everyone can see how bad state spying is becoming.
Not only that, the web bots, flash cookies, ISP packets/payload/headers, and the balance or weight of traffic originating from a given point and being remotely manipulated from another cannot be too terribly difficult to correlated in many cases.
Even the way we write psychologically can identify us. We tend to say things a certain way, use punctuation a certain way (watch out all you who prattle on in run-ons with non-conventional or non-proper punctuation -- writing the way you speak), and drone on or harp on on certain themes. I, too, can easily be indentified, but 99.99999% of the time, i say what i say with my name attached, or almost never anonymously, and never behind VPNs or anonymizing sites. But, very few people can afford the gadgetry to be TRULY invisible.
@ Anonymous Coward.
You've written an excellent summary, and I believe it's how many think.
I presume your comment:
"On this occasion, given the subject matter, I'm taking the very rare step of posting anonymously."
is for the point of emphasis, for it's only we readers who don't know who you really are. To The State the obfuscation system will be transparent to your identity and it's probably flagged it because of your deliberate anonymity.
I don't know where it will end but I find the re-emergence and uncritical commonplace acceptance of 1930s totalitarian thinking amongst many elites, bureaucrats and government members within the English-speaking democracies as truly frightening. What's even more frightening is that few public commentators are cutting to the core of the issue. In the absence of strong public debate, democracy is eroding before our eyes.
I have previously spoken strongly about these issues in response to El Reg's articles on ID cards, ACTA, secrecy, State power and so on, so I'll spare you the repetition (but to those who've fortitude I've linked to them).
I'm at a loss about how we get a wider debate.
…But I reckon we've little time.
ID cards, State power and totalitarianism: http://forums.theregister.co.uk/post/785817
National ID register etc.: http://forums.theregister.co.uk/post/685355
MPs demand UK Govt. end secrecy over ACTA: http://forums.theregister.co.uk/post/679417
Prosecutor warns against growing state power: http://forums.theregister.co.uk/post/351891
Wonderful response, and all too plausible. I have a pal involved in the security industry, and he just walks around nervously nowadays, shaking his head and muttering about zombie apocalypses -- and about taking to the canals to get out of London when the balloon goes up.
My impression from drunken nuggets he's let slip, is that in instances of severe civil unrest -- death by flumageddon*, economic collapse, &c -- the plan is to just ring-fence the big cities and let them eat Doom. They're too big to control. The best place to be, assuming that staying close to the shards of law and order is desirable -- is a town big enough to have a hospital or two, that has a reasonable amount of agriculture in the district. Ideally, one near an army base. Oxford has always seemed a particularly ideal choice.
* I seem to recall him suggesting that if just 5% of the working adult population is incapacitated, we lose power, food delivery, and so on.
I would hope somewhere similar to where this started because there are things we could all do about it. But knowing what we can do requires we understand the problem, and our paths of least resistance are our own worst enemies. My own view is that to achieve anything we need to change our own attitudes towards privacy starting with the semantics of 'us' and 'them' because the enemy is staring at us whenever we look in a mirror.
Every move someone could have made in 1948 when Orwell's 1984 was written was covertly observable. Your letters could be steamed open and your telephone could be monitored 24x7. Everywhere you went, who you met and everything you purchased could have been known in detail. But this level of surveillance against a single individual was expensive, requiring round the clock teams involving 3-4 agents active on all shifts, perhaps a team of 12 to carry out full surveillance of one individual. So the state surveills few to this degree. Tyrannies with larger secret police forces do it more, and extend cheaper surviellance to everyone, by making it impossible to live without committing minor crimes with major penalties. Those caught are coerced into spying on their neighbours, relatives and friends through the threat of prosecution. But informant networks based on coercion and fear tend to report what the hearer wants to hear.
The problem concerns how many people state surveillance can affect in practice, and how much it costs the state to do it. It also concerns the centralisation of access to data which many of us collect on each other.
E.G I keep logs of email transactions on my server for myself and 4 other people. Theoretically I could be asked to hand these over, and if I neglected to keep data for the required period I could be in breach of current law. But it is implausible that the state will go after records on tiny systems like mine unless I have very good reason to want to cooperate, because someone looking after the email logs of millions of users is less likely to squeak or obstruct. Also if it costs much securely to tap directly into a single email server for the purpose of automated and remote data collection without needing prior warrant, the state will pay to do this at the largest ISPs only. If they want data from the smaller ISPs they will have to ask which takes time and costs more.
The same applies to videocameras. Someone around the corner (let's call him Joe) may have installed a webcam looking at his own front path after he got burgled. While Joe keeps most of the data on his own disk, perhaps he uploads a still to his public facing website every minute or so. Chances are the local police might google his public facing website if something happens in his street. If they can do it is because Joe has deliberately put the stills where everyone and anyone can see. That's Joe's choice, but it arose from the behaviour of 'us' and not 'them'. The police are still unlikely to go after what Joe keeps on hard disk unless there is a serious local crime, in which event Joe will probably want to assist anyway. (A privately installed camera just round the corner from where I live caught someone recently putting a live cat into a wheelie bin and closing the lid on it).
So how do 'we' ensure that 'they' have the information we really want them to have at a cost sufficiently high so it is available for purposes we think are appropriate (our definition) and not for purposes we think inappropriate (e.g. use of RIPA to catch dog foulers) ? The Data Protection Act was one such attempt. Data collected for one purpose should not be used for another (with certain exceptions). As far as ANPR cameras are concerned, these systems have such great potential for abuse that limiting this needs politics as usual: campaigning, vigilance, letter writing etc. But the effects of ANPR could be mitigated if we preferred neighbourhood car pools instead of private cars most of the time, as knowing who was driving a particular car at a particular time and place would then also require a visit to the car pool record keeper. But it's very unlikely we'd choose to use car pooling mainly for this as opposed to for other reasons.
So use and setup smaller ISPs, use community currencies, run your own mailservers and VPNs etc, pool your cars and encrypt opportunistically whenever and wherever you can. But it's unlikely we will without other incentives because privacy tends always to be a secondary consideration and our willingness to have personal data collected about us is our own enemy here.
Class, please reconcile these two statements:
"Privacy is a fundamental requirement of a democratic state, in order to assure that citizens are able to vote in a free and fair environment, so that the best government is elected, and thus ensure the perpetuity of the state."
"It is essential that security services are able to access every unencrypted byte of information, anywhere, anytime, so as to prevent terrorism, organised crime, fraud etc, and thus ensure the perpetuity of the state."
Only two months ago I said:
Year 2000 - It wasn't perfect land of hope and glory and all that, but we had some freedom, privacy & liberty.
Year 2010 - Police State, they try to spy on us at every move, even being stripped naked by scanners is ok for them!
The terrorists don't need to destroy our way of life, our own government is doing that for them!
Yet just two months later here we are again with another huge example of the never ending march towards the end of our freedom. I'm getting increasingly angry at what these people are doing to our country. They are not doing this to save lives. More people die each year on the roads and in NHS fuckups than die from terrorists yet they spend billions (of our money!) trying to clamp down and wipe out our liberty, privacy and freedom in the name of the terrorists. Why? because of terrorists? No, because these power hungry bastards in power want more power and power is the power to dictate to us how we must all live. Adding increasingly more automated spying on all of us, gives them the power to build profiles over time on all of us whilst they seek ever more ways to add fines to modify our behaviour according to their never ending wishes.
p.s. Also its very interesting how they are doing this move on the day of the cuts. That is a typical political cover move designed to distract most people from even seeing this news, whilst they are more busy talking about all the cuts. They know if this was the only news, more people would be more angry, so they waited until now to tell us. (Its like how one of the spin doctors said on the day Diana died, that it was a good day to release bad news stories!, as people would be more distracted by that story, so they would react less to other bad news stories. Its exactly that same political manipulation trick). Shows exactly what they are like :(
Orwell was absolutely right about the power hungry people in power. :(
Much better said than my similar post.
It is interesting, but nearly all these posts oppose the concept. Most people across the country would probably think the same too.
One has to ask why then isn't this 'common thought' reflected in our governance.
By definition, totalitarianism is when governance isn't by the will of the majority of people. We pretend we live in democracies but they're essentially a totalitarian in nature, albeit soft-power versions. Democracy then is little more than a PR notion.
It's a moot point why so many passively accept the situation these days. As with the coliseums the Roman had, there's too many distractions around today and it's all too much effort to complain in any serious way.
We'll eventually learn that 'freedom is eternal vigilance' when it's too late.
Its all very well saying that the traffic has to be stored, but it needs to be searchable which means its going to need to be in a database of some description.
Given the cost of data centres and the number that are going to be required how much money are they planning to throw at this? I dont think 2bn over 10 years is going to do the job.
Her indoors is of the data centre persuasion, she just laughed when she read this.
As for capturing all traffic does this mean they will need to be PCI compliant for all the online shopping taking place as they will be capturing payment details? Given the goveernments track record on data protection its going to be an interesting time for the fraudsters.
Bottom line is that warrants will become a non issue and this will become a tool to monitor society in a live manner.
Black helicopters, with an uplink to condem net
"Given the cost of data centres and the number that are going to be required how much money are they planning to throw at this? I dont think 2bn over 10 years is going to do the job.
Her indoors is of the data centre persuasion, she just laughed when she read this."
2Bn is only the part of the budget you can see, and don't forget, GCHQ already have the supercomputing SIGINT back end running. This is really just a case of making it's integration into domestic networks more official.
"I dont think 2bn over 10 years is going to do the job."
Perhaps most of the infrastructure is in place already. After all, England's been at this spying game for an awful long while.
For example, it's now 424 years or so since Sir Francis Walsingham and cronies broke Mary Queen of Scots secret code then condemned her to death. In 400+ years a Govt. can build up huge infrastructure, especially if secret (there's stuff-all critics if no one knows about it).
UK citizens let those morons get in power and then complain about completely absurd laws and regulations lilke this one. You are paying the price for being so passive. I don't like the French, but man, you have to admit they know how to protest.
The past few years have not been nice to the free thinkers of UK. I predict even worse times fro personal liberties in the next decade for you guys.
And I was upset with the crazy stupid Canadian government .....I am so lucky to be here.
Anyone who is doing something slightly nefarious and has more than half the brain will never, ever be caught by any net. If they just do something simple, like using live distros for browsing so it'd be harder to bug their computers, and send PGP encrypted mail over TOR? Or use something like OTR messaging.
So this plan's not likely to catch anyone dangerous.
Possibly the kind of idiots whose idea of a terror attack is to set their own car on fire and crash into an airport building will get caught, but they're sort of harmless.
Who are they going to snoop on, and for what purpose? It can't be just pork barrel spending?
Hmm. I've a VPS, costs about £8 a month. How hard can it be to install the openVPN modded version of Tomato on my home router, and openVPN as a server on the VPS. Route all internet traffic via a tunnel to the VPS.
Sounds like an interesting little project.
I've nothing much to hide, but I don't see why anyone should have access to my phone/email/browsing/radio listening history.
You forget, I have access to ALL traffic data, so I can see your connection to the VPN and I can see the traffic coming out of the VPN. How long do you think it will take my supercomputer to join the dots ?
You're still pwned. You'll need to obfuscate your endpoints better than that.
The ISP’s will claim they need government money to pay for this invasion.
“No! - just raise your rates to users” the government will say
“That’s not fair we will become uncompetitive”
“Tough – we want the data”
“What if we offset costs selling advertising based on the content of the data?”
“Go for it – that’s why we have never pursed BT and their Phorm initiative – we knew DPI was good for you”
Standby for ISP sanctioned SPAM by the bucket load
I think a few people have possibly mis-understood what the government are trying to do here. What they're interested in is the endpoints of the communication, not the contents of that message, be it encrypted or not.
Just the endpoints of the communication are an incredibly valuable source of data. It also appears that, as the data are held by the ISPs, it would require a warrant to obtain it.
Even establishing a VPN would show the endpoints, sure they wouldn't know what you're sending down the VPN, but they'd know it was there and that in itself can be useful data (assuming they're looking at you!)
So, for example, if there is an IP address for a known terrorist, even if that's used by other legitimate users, the intelligence services can ask for a list of everything that has connected to that address. This can then be cross referenced with other known addresses (and telephone numbers/email addresses) used by bad guys and reveal other addresses (or phone numbers/email addresses) of other bad guys.
Even in its simplest form all they need to do is monitor a known bad guy's address for an increase in chatter. This alone can indicate something is up.
NB: I make no judgment about civil liberties here, I'm just saying how it works.
Nasty Person is on ip address A, logged in the database, he then logs off and address A is then released back to the dchp pool.
Address A is then picked up by Miss nice, is she associated with NP?
NP then goes elsewhere, to an unsuspecting and innocent friend and uses his system , ip address B, this is detected , now address B, and the innocent owner are suspects?
Also Miss Nice's wireless is hacked and used by NP, is she associated with NP?
See the parallels with a news story about a law firm a few weeks back?
There is an incredible opportunity for error here.
Address information is useless if it isn't attached to it's owner so: I think you'll find they've probably thought of that.
That is, of course, unless GCHQ just employ anyone off the street who "knows about computers." (They don't.)
Even in the case of a hacked WiFi connection, you're still tieing someone down to a geographical area, fairly trivial data mining would show that Miss Nice's next door neighbour/local Cell has interesting endpoints associated with it and she doesn't.
They're not necessarily after evidence, just intelligence. It's also worth noting that most, if not all intercepted communications aren't used in court anyway.
Networks and encrypted volumes are like knives. One for them to find, one for you to keep. Hidden volumes are good, but hidden volumes on MicroSD cards that are physically damned near impossible to find are better. Networks? The internet connection is there for them to find (and monitor.) The darknets you belong to are there for you to keep.
Just remember: they can trace radio transmissions, so “wifi mesh” darknets are stupid. If you must use wireless, try to use frequency-shifting gear that operates in bursts. You local radio weenie can help you with that. (You could even use the power grid as a lovely antenna for such gear, but eventually your local HAMs will track you down and put a stake through your heart.) Alternately, do a laser shot. Low throughput, but hardish to detect and worthless in the rain. Still, very few people look for them. (These are great for internet access if you can establish an offsite location where you can pay for a connection to the net in cash - or better yet using a pre-paid credit card. Alternately, abandonable gear that hijacks an open wifi point could be used.)
At the end of the day, never forget that the greatest available throughput is a lorry full of drives. Even a small snail-mail envelope can contain several SD cards worth of information and by using the post to transfer information it is protected by law.
It’s much harder for someone with malicious intent to plan evidence on your systems if all they can find is your burner. (Especially if you can prove to a court that said system is your burner!) “Innocent unless proven guilty” means nothing in the online world. Unless you can prove that you /didn’t/ do something, (essentially the impossible task of proving a negative,) then you will likely get locked up if anyone even makes a sideways accusation with no real proof.
Keep any systems you actually use completely separate from the systems on display. Encrypt everything you can on systems you actually use. Get an offshore server and do all internet browsing via an encrypted tunnel to that system. Use multiple systems at random intervals if you are really paranoid. Ensure that the remote system keeps no logs and is capable of self-destructing unless regularly given explicit instructions not to.
As always remember that in today’s increasingly fascist states:
If you have nothing to hide you still have /everything/ to fear.
If I start sending out millions of rubbish messages, will they be able to pick out my true correspondence (just a few dozen emails per day) under the sea of rubbish ?
Maybe spammers are cleverer than we thought they were: all that they have ever wanted is private communications.
While I have nothing to hide (besides a selection of really naff low-budget J-horror, but that's something I bet my mother would have more opinions on than some spook), this mass collection of data takes the piss. Surely the very act of doing this means we can throw away all the balls about catching terrorists and paedophiles and just see it for what it really is - the police state blatantly spying on its citizens.
If so, gloves off. Time for those of us with the know-how to start actively poking government systems, monitoring government people of all salaries above doorman using whatever technology is applicable, and if anything the slightest bit juicy turns up, dump it into the public domain on an overseas server WITHOUT redaction. Let the chips fall where they may.
Will this spying be only for communications internal to the UK? I live and work in France, I am writing this in France sending my data to a French telco who pushes it to Paris and then slings it through the opentransit network to London, then into above.net and finally a bunch of machines at rackspace.net, one of which serves El Reg.
Well, what if France (French law? EU dirs? ECHR?) does not think kindly of such an action?
You could easily say that "just don't communicate with UK-based servers", but this isn't necessarily as easy as that.
Here's the (partial) results of a tracert from me, in France, to French Amazon hosted in Ireland:
See the entry in the middle? Bam! France->Ireland by way of the UK. How would this situation be handled? And if it is going to be data-snooped regardless, do they have any idea of the scale of harddisc farm they're going to need to store all this junk? It is espionage for dummies to snarf everything and then think they'll be able to make sense of it...
This post has been deleted by its author
Dont think encryption will keep your stuff safe from prying eyes with you knowing about it. There was a project a decade ago called Escrow that prevents the sale of any encryption tech that doesnt give the state(s)(well NATO ones atleast) the master decrypt key first.
Yep they've been planning this shit for decades, softly softly slowly slowly catchie monkey.
The only thing (the political masters) havent allowed for is the shear volume of dross that makes up twiter, emails, blackbery converstions by teenagers. and of course porn that traverses the globe. a million monkeys typing rubbish a minute = infomation overload.
But someones CV will look good - "I implemented the worlds most powerfull computer system"
So just yet more waste of tax payers money. and besides they got to find something for the 490000 they plan to cut from existing jobrolls, to do -(got to be cheaper than paying them benefits)
New goverment just like the old gov...
- becuase those behind the govenment never change (Owell was one)
So... As I understand it the idea is to get the ISP to hold all the data going through for a specified period so (theoretically) a court order can be generated later to "disclose" a specific chunk of it for "security purposes".
Leaving aside the wholly valid arguments about how ludicrously invasive and draconian that is without any legitimate purpose or gain and how massively open and ripe for abuse it is, my question is this:
Just how the hell do you store that much data?
The amount of transient data sent through the average ISP would, as I understand it, strain the output capacity of a major disk manufacturer to provide the storage neccessary. Multiply that by number of ISPs (bear in mind the amount of data that will be duplicated across ISPs - 2 at least per 'conversation') and the numbers are astronomical.
Even if you *could* generate enough disk capacity to cope, who pays? How many ISPs would fold under the strain of the capital outlay for massive storage? Can you see the government stumping up for the compliance costs?
Hmmm and they are going to be *so* cheap as and when they get released for commercial sale. Of course I'm sure the government will cover the costs the ISP's incur in this line.... Oh, no, wait a minute..... they're cost cutting aren't they? That's OK though the ISP have LOADS of money, they can afford to buy tons and tons of cutting edge storage for the government can't they?
When people were crowing about Labour's defeat I mentioned this new lot would be just as bad - if not worse - than Brown's Buffoons.
I don't feel smug about being right, btw. There's no joy in knowing something as inevitable as our politicians being a bunch of sleazy, lying, devious, freedom eroding, self serving twats.
Democracy is a fucking sham. It's based on the pretense that you actually get to say how the country is run but really, you get to vote for the same suits full of fuck all. The only thing that happens is you exchange one set of bastards for another.
<<As I understand it the idea is to get the ISP to hold all the data going through for a specified period so (theoretically) a court order can be generated later to "disclose" a specific chunk of it for "security purposes" >>
Er, no. No court order required. RIPA requests for comms data are self-authorised by the agency concerned - even a single police officer claiming 'emergency' and no designated authorising superior available.
Interception of communications content comes under Part 1 of RIPA and is a matter for the Home Secretary's warrant. Home Secretaries spend a lot of time - several hours a week - just signing authorisations for a variety of things, and anyone who thinks this amounts to a safeguard is deluded.
However, as some people have noted above, the difference between comms content and comms data is not something you would necesarily agree with govt about. And comms data without content is a pretty dangerous thing for a suspect anyway, since it is hard to rebut conclusions drawn from it. One interesting question is, does DPI equipment count as interception at all until a person reads the mail? Compare the use of sniffer dogs and knife arches - where the police can force people to undergo remote sensing to decide whether or not to search them. The remote sensing does not count as a search.
"Er, no. No court order required. RIPA requests for comms data are self-authorised by the agency concerned - even a single police officer claiming 'emergency' and no designated authorising superior available"
Excellent! So it's even more ludicriously draconian than I thought, but that still doesn't answer if it's even possible to acheive. It's one thing to monitor data as it passes and trap and store anything that looks interesting, but quite another to keep for the madated time *everything* in the off chance it may be needed.
Maybe I've missed something in the wording, but that's how I'd understood it would work - the ISP's being required to *store* the data for later retrieval?
Consider this in context with Lewis Page's commentary on the Navy's desire for large numbers of escorts. GCHQ is just another service. It needs departments like Naval officers need ships, and for exactly the same reason - jobs and promotions. It's just unfortunate that GCHQ's job creation program costs the UK population twice - once to pay for it and again when it's used against them.
Biting the hand that feeds IT © 1998–2020