back to article Top cops demand access to the UK's entire web browsing history

Police have demanded to be given access to the whole of the public's web-browsing history as part of the forthcoming Investigatory Powers Bill, due to be published in draft form next week. The government has been lobbied by senior police officers to include in its new surveillance legislation a requirement for service …

  1. Graham Dawson

    Obligatory Topical Reference

    It's like they watched Spectre and thought "hey that's a pretty good idea!"

    1. macjules Silver badge
      Thumb Up

      Re: Obligatory Topical Reference

      +1 That's exactly what I thought when I read the article.

      1. BillG Silver badge
        Coat

        An unnamed senior officer told The Times that the capability was "about everyday investigation rather than surveillance",

        If it looks like a duck, walks like a duck...

        1. streaky Silver badge

          Problem is art 8 is badly written almost on the level of the second amendment in the US constitution - it's wildly open to interpretation depending on who you're asking and which way the wind is blowing so we're not likely to get any protection from the ECHR.

          My browsing history they can swivel for because it'll all be going via some third party country, thinking the Netherlands; or possibly France. Now we got this all sorted and cleared up so you know I have no personal interest because this won't affect me: it's the rest of the country and the general state of democracy I have concerns for if this goes live.

          It is obviously a massive attack on all people everywhere and one of the most egregious attempts at inserting state security into people's lives since the end of the Stasi and people should say so. This stuff is unprecedented (and I'm not using the word lightly, it's never happened through revolution, civil wars, world wars or continual attacks from actual terrorists at any point that the state has been so scared of perfectly ordinary normal law abiding citizens that the state has felt the need to insert itself so directly and comprehensively into the private lives of normal people) in the history of the United Kingdom. In fact it's not really happened anywhere - I'd probably list the Norks on a list of equivalent current power and not really anybody else; even the Chinese don't play this game.

          I can't see any of the things being discussed making it through parliament but if they do holy hell we're really screwed.

          1. BillG Silver badge
            Holmes

            2nd Amendment

            Problem is art 8 is badly written almost on the level of the second amendment in the US constitution - it's wildly open to interpretation depending on who you're asking

            Not true. The 2nd Amendment is very clear and the U.S. Supreme Court has repeatedly upheld it. All U.S. citizens have the right to own firearms and that right cannot be taken away without due process (convicted of a felony, etc). It is based on the basic premise that We The People are more powerful than The Government and if that government becomes oppressive, the people can revolt (see the opening sentences of the Declaration of Independence).

  2. Martijn Otto

    They won't share this data with their friends at the NSA of course! We'll behave well on our own, we don't even need oversight!

    Trust the force.

    1. John Smith 19 Gold badge
      Unhappy

      "They won't share this data with their friends at the NSA of course"

      They don't have to.

      GCHQ will copy them in

      Do you ever wonder how much faster all UK internet access would be if most of it was not being copied to a set of "backup" servers in Cheltenham?

      1. streaky Silver badge

        Re: "They won't share this data with their friends at the NSA of course"

        I mean it's probably splices in fibre so all you're really doing is loosing photons - that's why it works so well. If it actually cost performance you think anybody would allow it on their networks without at least making a lot of noise? If this is the biggest of our worries we're good to go (it isn't and we're not).

        1. This post has been deleted by its author

  3. DavCrav Silver badge

    "Richard Berry, spokesperson for the National Police Chiefs' Council on data communications issues, claimed that law enforcement was "not looking for anything beyond what they were traditionally able to access via telephone records.""

    Lie. Telephone records showed who called whom and when. Internet records show when I'm at home, what music I listen to, what my hobbies and interests are, the food I eat, the business I shop with, and many other things besides.

    Richard Berry is a liar. If I am wrong, he can sue me for libel.

    1. linicks

      But of course - in the old days, a criminal would use a pay phone anyway, so tracking phone calls in the name of security was a lie anyway. The same now I expect in the internet age. Apart from the script kiddies, any decent criminal will not be using a computer associated with them.

      1. Sotorro
        Angel

        @ linicks

        Only the smart criminals though, a lot of people still don't know that if you pull your SIM card from your mobile and put in a new SIM, that they still have your phones IMEI number and can continue to track it.

        I bet that a lot of non technical people still believe that it takes one minute to track a telephone number, like shown on TV, just hang up the phone quickly and it can't be traced, yeah right.

        For casual hiding of you browsing history, from the government, I can recommend https://www.torproject.org/

    2. g e

      Benefit of the doubt

      Or an utterly naive, uninformed moron

    3. Anonymous Coward
      Anonymous Coward

      Don't forget that this organisation is a private company not accountable to the government od the people that pay for it.

  4. Justicesays
    Big Brother

    "Five years ago, [a suspect] could have physically walked into a bank and carried out a transaction. We could have put a surveillance team on that but now, most of it is done online. We just want to know about the visit."

    Turns out the correct analogy for what you are asking for is "we want to put a surveillance team outside everyone's houses, forever..."

    But I guess that wouldn't sound as "nice" as pretending it's about somehow stopping "online bank robbers"

    1. Anonymous Coward
      Anonymous Coward

      Indeed if they're a suspect you can get a judge to give you a warrant and then bug his computer.

      And if you're talking about things that happened in the past you face the same issue of having to do actual work to solve the crime.

      Take basic details from cctv of people in masks and boiler suits with shot guns

      Find car with false plates

      Go to scrappy that car was scrapped, run the vin numbers on the car that was actually used.

      Etc

      In a web attack, investigate the method and software of the attack, collect the ip addresses, trace back to multiple dead ends, check for people who suddenly have money in their bank accounts

      check against known actors

      Etc...

      It's called work.

    2. allthecoolshortnamesweretaken Silver badge

      FTFY

      "Turns out the correct analogy for what you are asking for is "we want to put a surveillance team outside everyone's houses, forever...""

      Turns out the correct analogy for what you are asking for is "we want to put a surveillance team inside everyone's houses, forever..."

      There you go!

    3. Dan 55 Silver badge
      Flame

      So five years ago, they had a copper in every bank writing down details about everyone who visited and what they did?

      No they didn't. First they identified the suspect then they followed him to the bank if necessary. If they wanted their previous transactions, they asked the bank.

      They're trying to justify mass surveillance. But don't call it the Snooper's Charter, someone might get offended.

    4. Dazed and Confused Silver badge

      > Turns out the correct analogy for what you are asking for is "we want to put a surveillance team outside everyone's houses, forever..."

      Not just outside their house, but to then tail them and record everywhere they go and everyone they communicate with. Not only that but everyone they meet must hold up a sign about what the meeting was for.

    5. streaky Silver badge

      The correct analogy is an attack on the snail mail system - what they want is to be able to open every letter, log where it's coming from, where it's going and the key points brought up in the letter if not the full content.

      They can't do this, they don't do this and if they tried people would rightly go apeshit. This is why I use the Stasi analogy because it was something they were famous for, albeit they didn't have the capability to do it for every single person in the "republic".

      There's no capability gap created by the internet, they're looking for entirely new capability - and this is where it gets silly - it's a capability that's mitigated by crypto. Therefore we're wasting a lot of time (and money) creating access to holes that are doomed to be closed in fairly short order.

  5. The JP

    Will be struck down ....

    ...zero chance of this surviving a human rights challenge in the Courts.

    And a good thing to.

    Grossly intrusive and a huge security risk (imagine if TalkTalk also kept and lost its customers' browsing records).

    1. Anonymous Coward
      Unhappy

      Re: Will be struck down ....

      ...zero chance of this surviving a human rights challenge in the Courts.

      And that's why the Conservatives want to scrap it.

      1. Anonymous Coward
        Anonymous Coward

        Re: Will be struck down ....

        Actually the convention on human rights that the human rights act enshrines contains very broadly worded exceptions for this exact eventuality.

        Article 8 contains the following:

        (2) There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.

        These exceptions are later stated to apply to article 7, which covers communications. Under these articles the police and security services simply need to argue that they are acting in the interests of national security or to prevent crime. They're even couching their arguments in terms freidnly to the provisions of the ECHR.

        The tories may have their own reasons for repealing the human rights act and I can't speak to them, but regardless of their stance, the act needs to be repealed and re-written to remove these exceptions, as they render the entire thing an exercise in futility.

        1. The JP

          Re: Will be struck down ....

          ...not sure I agree. The European Court of Justice was pretty firmly against "mass and indiscriminate" surveillance (Digital Rights Ireland) and the English Courts have followed suit.

          You can monitor people for national security purposes so long as it is reasonably and proportionate. However, tracking the whole UK population's porn/medical/political etc. internet viewing habits is so far off the "reasonable and proportionate" scale its not funny.

          1. The JP

            Re: Will be struck down ....

            ...frankly in Tropic Thunder terms this is the Conservatives going full Stasi.

          2. John Brown (no body) Silver badge

            Re: Will be struck down ....

            "You can monitor people for national security purposes so long as it is reasonably and proportionate. However, tracking the whole UK population's porn/medical/political etc. internet viewing habits is so far off the "reasonable and proportionate" scale its not funny."

            The "defense" of course, is that the ISPs will hold this data and the Police will still need a warrent to access the records of a specific person or IP address. But now that the ISPs have to collect and store all this data, how long before it gets monetised? And "leaked".

            Of course, I'm one of those people bosses label as a "troublemaker" because I like to look at the downsides of plans so potential problems can be mitigated and prepared for. That seems a much more sound principle than "meeting new challenges" when they jump up and bite you.

            1. Anonymous Coward
              Anonymous Coward

              Re: Will be struck down ....

              @JohnBrownsBody

              *Bzzzzzt* incorrect assumption.

              The legal intercept is done remotely in a box connected by prisms (optical fibre taps) in the main transit links as mentioned above hence I upvoted it for being correct in technical detail, this box is NOT owned by the carrier, its owned by the gov and is entirely outside the knowledge of the people operating the network apart from the "it has to be there and fed power and this special fibre connection" facet.

              If you take foriegn networks, they do have systems that backdoor the devices for law enforcement purposes rather than having additional equipment but that's not the way blighty implements big brother.

              For the record, I consider the prisms + dedicated box a more secure way to do it. If we absolutely must have big brother monitoring its the way to go. I personally believe we do NOT need this, but its already here and live in the network.

            2. zerowaitstate

              Re: Will be struck down ....

              In the US we required these requests to go to a court also. However, what the surveillance service (NSA) did was request a wiretap on "Verizon", and made it essentially open-ended, to which the court agreed, saying that simply named a telecommunications company you want to tap is specific enough. They then automated the process of siphoning off records from the telco, arguing that it wasn't actually "collected" until someone typed something into a search box (meanwhile conducting neighbor analysis on the data in an unattended fashion). So when you say "warrant", and "specific person or IP address", you shouldn't be surprised when the person is "Mr. British Telecom" and the IP address is actually a set of subnet masks that cover the entire country.

      2. This post has been deleted by its author

    2. SMabille

      Re: Will be struck down ....

      Why do you think the government is in such an hurry to revoke human rights?

      1. Will Godfrey Silver badge

        Re: Will be struck down ....

        Exactly. This can't be shouted loud enough.

        However people just don't want to hear.

    3. Anonymous Coward
      Anonymous Coward

      Re: Will be struck down ....

      "(imagine if TalkTalk also kept and lost its customers' browsing records)."#

      They probably have. Although there's always the possibility the system collecting them didn't work.

      Talk Talk customer services (paraphrased, from a call earlier this week): This is not something customers need to worry about, the details are nothing more than you would include on a cheque. No, I won't give you my own personal bank account information, that's confidential, you could do anything with it.

    4. Wensleydale Cheese Silver badge

      Re: Will be struck down ....

      "Grossly intrusive and a huge security risk (imagine if TalkTalk also kept and lost its customers' browsing records)."

      It becomes a similar problem to the one of having back doors in encryption - the bad guys will find their way in.

      1. Mike Richards Silver badge

        Re: Will be struck down ....

        The government sees no need for supervision of police access to this data, it will be abused. So it's more than likely we'll see a repeat of the corrupt coppers who were happy to feed celebrity and crime stories to the News of the Screws finding other publications willing to pay for Internet histories of the unfortunate/rich/powerful/stupid.

  6. Tachikoma
    FAIL

    This will include websites visited up to the first ‘/’ of its url

    So they can see someone went onto:

    randomsearchengine.com

    But won't be able to see:

    randomsearchengine.com/images/search=child_porn

    Well that's useful for them...

    1. Hans Neeson-Bumpsadese Silver badge

      URL

      ...and then go to randomsearchengine.com/cache/dodgy_site.com/child_porn

    2. SMabille

      GET

      That is is your are https://randomsearchengine.com/images/search=child_porn.

      If you are nominated for Darwin award and use http:// the GET /images/search=child_porn will be logged

    3. Wardy01

      But they would see that the user then clicked on and subsequently issued a GET request for ...

      somechildpornsite.com ...

      So that's still useful without being overly intrusive (I guess).

      I'm not trying to defend this but it feels fairer than asking for the full details of the request IMO.

      1. Yet Another Anonymous coward Silver badge

        They would also see if somebody went to "random warez site" and it had a 1x1 pixel link to a tracker on dodgy_porn site. Except they only see a request to "dodgy_porn_site/"

        1. Wensleydale Cheese Silver badge

          Let's not forget that ad servers get compromised every now and again, and those pixel links could be sitting on your favourite news site.

  7. Anonymous Coward
    Anonymous Coward

    If you log browsing history...

    ...then please log it properly *including* the exact bits I've visited (not just the site) and the referrers too

    .

    Why? Because if I click on some link somewhere, which goes via say bit.ly or other obfuscators (sorry, shorteners), I cannot possibly know in advance where I'll end up. I might end up on ISIS's website, but all the snoopers (selectively want to) see is... twitter -> ISIS. If there are complete logs, there's at least a remote chance that accused people might be able to explain how they got there.

    The best solution is of course to not log anything. But this seems unlikely to happen with our governing elite. In the meantime I'll continue mitigating the issue via VPN/proxy for everything that goes out.

    Yes, that double-layered fashionable tinfoil hat over there is mine. You'll soon want one of those too!

    Anonymous, because why not. Not that it matters on a http-only site.

    1. dogged

      Re: If you log browsing history...

      > Anonymous, because why not. Not that it matters on a http-only site.

      Yeah. Seriously, el Reg, I'll pay up to a fiver a month for SSL and no ads. I bet I'm not alone, either.

    2. Wardy01

      Re: If you log browsing history...

      lol ...

      nor would it matter on a SSL site these days

      and that vpn / proxy won't help either

      If the request for this information is issued to your ISP your vpn / proxied / ssl connection still has to go point to point across the ISP's network at any which point they could easily log, decrypt, manipulate, or whatever they want that request.

      Unfortunately there pretty much isn't a way to be anon online any more ... there's always a trail somewhere that will lead back to you.

      1. Anonymous Coward
        Anonymous Coward

        Re: If you log browsing history...

        "nor would it matter on a SSL site these days

        and that vpn / proxy won't help either"

        True, but it makes it much harder to get to the content. Plus it bypasses BT's (or any other ISP's) nanny filters entirely (if DNS goes through that tunnel too).

        All they see is SSL encrypted traffic.

        Of course we can't stay anonymous, if "they" are out to get us. Whatever we do is a work-around at best, not a solution. A solution would be to beat some sense into May, Call me Dave and all those zombies who have no clue about IT or the internet and therefore bend over when the agencies and police ask for greater snooping powers.

        1. g e

          FTFY

          A solution would be to beat some sense into May

      2. Jack of Shadows Silver badge

        Re: If you log browsing history...

        It really depends on how far you go with the layers of deception. I've been doing it so long that I get nervous not using it all which does happen from time to time. The last time a site denied me access, it was cia.gov. I just checked, again, and all my ISP sees is the numerical internet address for the proxy, not even DNS. Oh, and the connect and drop time. Everything else is a fabrication.

        Really, aside from a bit of nose tweaking, I do all this to segment my traffic from those around me. They certainly know who I am, where I live, and most definitely what I'm capable of accomplishing. Definitely that last and all my medical/psychiatric records. Everyone, I kid you not, has access to those. It is a bit of fun doing my best to crack my own streams even with perfect knowledge of means and methods. You should always assume that when looking at systems security.

    3. Steve Davies 3 Silver badge

      Re: If you log browsing history...

      The use of bt.ly etc and the fact that you have no idea where the link is going to take you is one reason why I never click on them.

      Who knows, it might be a sting operation and those fine upstanding people at GCHQ might have tricked you into accessing some [redacted] porn site. The boys in blue standing outside your front door will make a quick entry and that's the last we'll see of you for a long-long time.

    4. Justicesays

      Re: If you log browsing history...

      Going to be worse than that I'm afraid.

      Heard of virtual hosting?

      It's that thing where 100's of websites share the same IP address, and you get redirected to the correct one based on the hostname you provided to get there (independently of the DNS lookup involved).

      This system is the reason for the problems with indiscriminate take downs orders for things like "illegal world cup streams" also affecting 100's of other sites when implemented via IP filtering based on court orders.

      So when you visit your knitting hobby site , you are using the same IP used by the "Jihadi terrorist deathsquad" site hosted on the same webhost.

      And plod will just get the IP (especially if you use a third party DNS server independent of your ISP).

      Welcome to the overly large dragnet!

  8. Mark McNeill
    Black Helicopters

    Script needed...

    ...to make everyone visit every site on the internet. They want data, give them data.

    (Yes, I know, it's not difficult to think of practical objections to this, including but not limited to physical impossibility.)

    1. Rich 11 Silver badge

      Re: Script needed...

      There are a number of web browsing obfuscation tools available.

      I'll leave it to you to search for them, obviously.

    2. g e

      Re: Script needed...

      Actually you could spider a background wget off a Google search page and leave it running forever at one page (no images or scripts necessary) every 2 secs or so in order to not back up your pipe (ooerrr missus)

    3. Dr Dan Holdsworth Silver badge
      Black Helicopters

      Re: Script needed...

      The slight problem here is that the customers of a major ISP look at a LOT of web pages. Recording the URL of everything that goes through their systems will need a very great deal of storage, and therein lies a problem: storage costs money, and fast storage costs a lot of money.

      On the other hand, the Government is asking for a load of web log data that they do not know the content of ahead of time. An Evil ISP might well therefore automagically generate some plausible-looking and entirely legal logs on the fly and give that to the spooks in lieu of actual data, on the premise that if the aforesaid spooks don't find anything illegal, they're not going to pry further.

      Alternatively, if the fines for non-compliance are low, simply not bothering at all and swallowing low fines as a price of doing business, instead of the high costs of doing the government's dirty work for them might be an alternative route.

      1. martinusher Silver badge

        Re: Script needed...

        If I was in the ISP business and were forced to hand over customer data I'd whinge a but for form before eventually complying. The data they would get would be slightly modified -- errors do creep in when you're working with very large data sets -- but they'd probably never know. The resulting data would, with any luck, be not just useless but would completely screw up their search algorithms.

        "Poisoning the well"

  9. Captain Hogwash Silver badge
    Facepalm

    Knights in rusty armour

    "...It is highly intrusive for this data to be retained just in case we commit a crime in the future..."

    Just in case we are suspected of committing a crime surely?

    1. Anonymous Coward
      Anonymous Coward

      Re: Knights in rusty armour

      "Just in case we are suspected of committing a crime surely?"

      Just in case someone wants to cause you grief for their own satisfaction, purpose, or career advancement.

      FTFY

    2. Jack of Shadows Silver badge

      Re: Knights in rusty armour

      It's practically impossible to not commit at least one felony a day.

      1. xybyrgy

        Re: Knights in rusty armour

        You betcha: http://www.threefeloniesaday.com/Youtoo/tabid/86/Default.aspx

      2. <shakes head>

        Re: Knights in rusty armour

        just by pointing out that these tools are available you have contravened the by "providing information the may be used by terrorist", by pointing this out I have fallen into the same gotya.

  10. captain veg

    Once again

    It's just a way of creating an ocean of non-suspects' data to go fishing in. Actual criminals (apart from the terminally stupid, who ought to be pretty easy to catch anyway) will, of course, take suitable anonymising measures.

    The justification of "making the job easier for the Police" doesn't stand up. If you make it easy for Plod to investigate everyone, then they will investigate everyone. The concept of reasonable suspicion gets fenestrally ejected, and everyone becomes an unreasoned suspect.

    Is that what you want?

    -A.

    1. Anonymous Coward
      Anonymous Coward

      Re: Once again

      If you make it easy for Plod to investigate everyone, then they will investigate everyone. The concept of reasonable suspicion gets fenestrally ejected, and everyone becomes an unreasoned suspect.

      Is that what you want?

      No, of course not. The Police are clearly above suspicion, so their communications must be exempted from this law.

      Also MPs, because reasons.

      Except for those MPs who vote against introducing these measures - doing so is surely clear grounds for suspicion that they're up to something. Remember: nothing to hide, nothing to fear.

      1. Anonymous Coward
        Anonymous Coward

        Re: Once again

        "Remember: nothing to hide, nothing to fear."

        I must confess it wouldn't sit well having a PM I didn't vote for hiding his penis in pigs because he was frightened.

    2. Mark 85 Silver badge

      @Captain Veg -- Re: Once again

      Part of this problem is that they spend much time on collecting and little on processing until after the fact. How many times have we heard..."oh yes, we have some data on them" after the "them" commited a crime. I'd rather hear from a TLA/FLA that they need more to process what they have and what they are getting than they need to collect more.

  11. Anonymous Coward
    Anonymous Coward

    I suspect the police have been saying to the Home Office that they need all these powers if they're going to lose tens of thousands of policefolk due to the government's "austerity" measures. I don't know if there was an element of bluffing on their part, but if so it looks like the other May has called them on it.

    1. Anonymous Coward
      Anonymous Coward

      Well nothing to worry then, they might have tracked you to dodgy.as.a.dody.fox.com, but they won't be able to arrest you as they won't have the resources to call up an uber cab and magnet a blue light on the roof.

  12. Anonymous Coward
    Anonymous Coward

    If it wasn't for the hassle of dealing with malware-pushing sites it would be interesting to set up a website that opens random pages at random intervals; people could then open a browser session when they login and leave it running but ignored all day. One or two new pages an hour would do the trick.

    1. Number6

      That's not too hard, you don't even need a browser - on Linux you use wget and a script. Malware doesn't work if it's never executed and is instead just piped to /dev/null.

  13. Chris G Silver badge
    Trollface

    Why not give the police full access to all our online records, they are the guardians of society. I am sure they will use the information ethically and wisely.

    Of course I live in another country where most of the cops have trouble logging in to farcebook.

  14. frank ly Silver badge

    What about ....

    .... people who use ZenMate browser plugins (and similar arrangements) to enable them to sidestep their ISP's blockers so that they can download the latest Linux ISO from popular torrent sites?

  15. Joe 35

    "though the Home Office tell me ...

    ".... that it is in practice very difficult to piece together a browsing history"

    Well why do they want it then?

    1. Anonymous Coward
      Anonymous Coward

      Re: "though the Home Office tell me ...

      Well why do they want it then?

      In the hope that it will provide circumstantial evidence that the Clown Prosecution Service can then misrepresent in court against targeted individuals, whether they are guilty of something or not. Worked during Operation Ore, didn't it?

  16. Hans Neeson-Bumpsadese Silver badge

    Storage

    Am I alone in thinking that a lot of this sort of stuff gets dreamed up by someone who has a brother who flogs storage?

    1. Rich 11 Silver badge

      Re: Storage

      Or shares in Amazon.

    2. ecofeco Silver badge

      Re: Storage

      You've just describe the daily operations of almost all governments.

      So, yes. Been there, seen it personally.

  17. Pen-y-gors Silver badge

    Obfuscation

    You can screw things up by installing some software that randomly visits websites ("I'm developing my own search engine to compete with Google"), and then your defence is that it wasn't you, it was the software.

    And then have a list of sites you visit regularly:

    www.gay-freemasons.co.uk

    www.kinky-tory-mps.co.uk

    www.police-friends-and-families.com

    With that list they should keep well away from you

  18. Wardy01

    I'm sure I read somewhere that London is arguably the worst place in the world to commit a crime as virtually every street corner has a cctv camera on it that the police can access at will for the purposes of investigating crime.

    This, while possibly intrusive is sort of acceptable as when I am in public my actions may concern others.

    However sat in my own home on my computer I am no risk to anyone so the argument is more about specifically what the question is that the police really need to answer ...

    Is this person likely to be involved in a crime in the near future, or have they been in the past?

    ....

    Unless the crime is a cyber crime / hack then the police are arguably have no reason to want this data from me and they better dam well justify that need!

    In the event the crime in question is a cyber attack their efforts should be looking at my target to tie a data trail back to me first.

    In the event that a persons online activity supports / in some way aids in a crime the focus should be on the crime not some random large pool of personal information.

    In other words, given that the police already have enough to charge me for a crime then I would consider it acceptable for them to supplement their case with my digital activity but their right to dig through that activity should not just be freely available because they suspect me of something.

    My reasoning being:

    In the eyes of the law everyone in the UK at least is considered innocent until proven guilty, if there isn't sufficient proof for them to charge me then what right do they have to breach my privacy?

    DO YOUR BLOODY JOB INSTEAD RELYING ON TECHNOLOGY TO BREACH EVERYONE'S HUMAN RIGHTS!

    However, should it be possible to create a system that can automatically find proof that a crime has been or may be in the future committed and put fact with it by using such data and no actual human being can mess with, access, or even interact with this system then yeh in theory I could be ok with that.

    I should note however:

    Such a system would need to be able to think like a human eg (AI) be able to determine for example the contents of my pockets before I walk in to the bank, and should only send out focused snippets of actionable evidence not raw queryable data.

    I would be cool with that.

    But could our government / any government for that matter be trusted to build such a system?

    No bloody chance!

    1. Bob Wheeler

      @Wardy01

      I concure wholehartedly.

      When I got to the end of your post, I was reminded of a TV show "Persons of Interest".....

      1. Dan 55 Silver badge

        Re: @Wardy01

        I was reminded of Cumberbatch in The Last Enemy, someone who returned to the UK just as a Total Information Awareness program was about to be rolled out.

    2. Yet Another Anonymous coward Silver badge

      The city of London is the best place in the world to commit a crime - that's why so many institutions have their HQ there.

      Compared to the finacial regulators in New York, Frankfurt or Singapore you can be pretty sure that the City of London police will take very little interest in your activities

    3. sysconfig

      Re Wardy01

      "I'm sure I read somewhere that London is arguably the worst place in the world to commit a crime"

      Only if you commit it in the bus lane.

      (Borrowed from Paul Chowdhry, Live at the Apollo: https://www.youtube.com/watch?v=fEQoquOvMho)

    4. Vic

      I'm sure I read somewhere that London is arguably the worst place in the world to commit a crime as virtually every street corner has a cctv camera on it that the police can access at will for the purposes of investigating crime.

      But a significant proprtion of them are at such a low resolution that there is no way they could ever help even in detecting crime, let alone identifying the perpetrators.

      CCTV is, by and large, security theatre.

      Vic.

  19. No such thing as an Anonymous Coward
    Thumb Up

    "up to the first ‘/’ of its [url]"

    Does that mean they can only record you making a http:/ or https:/ request.

    1. Dan 55 Silver badge

      Re: "up to the first ‘/’ of its [url]"

      https? He's up to no good, bring 'im in.

    2. Stevie Silver badge

      Re: "up to the first ‘/’ of its [url]"

      And what about redirects? And those advert sidebars that the website provides but your browser actually fetches?

  20. Stu Mac

    See, this is 180deg out of sync.

    The citizens should be watching their public servants very closely, particularly the Police, NOT the other way around.

    1. g e

      The problem there

      Is you confuse who pays them with who their line managers are

  21. Lyndon Hills 1

    Libraries, Internet cafes, Open wi-fi

    All excellent places to carry out your criminal deeds. Any time you want to do something dodgy, hop on the neighbour's connection.

    1. billse10

      Re: Libraries, Internet cafes, Open wi-fi

      Phase Two of this operation will be to say that open WiFi will be an offence ...

  22. tiggity Silver badge

    plausible deniability

    Run a TOR exit relay

    1. dogged

      Re: plausible deniability

      Encryption will be banned.

  23. Rick Giles
    Pirate

    I think that we are doing this wrong

    Instead of fighting them to stop, why don't we bury them in data?

    Something that visits random random websites or follows links on pages randomly. Make it not worth the governments while, like putting telemarketers on hold instead of hanging up on them.

    1. Anonymous Coward
      Anonymous Coward

      Re: I think that we are doing this wrong

      browser extension that inserts a visit to a PPI caller on the way to the URL you actually wanted? Or just to (random).gov.uk?

      by the way, is this a URL tracker, or a page address tracker?

  24. Anonymous Coward
    Anonymous Coward

    Suddenly it all becomes clear...

    This ties in nicely with the proposed cuts to the Police Force - soon all they'll need is one person to spend all day looking at our browsing habits and a few jackbooted rent-a-thugs to come round and kick in your door when they spot something "suspicious".

    1. Anonymous Coward
      Anonymous Coward

      Re: Suddenly it all becomes clear...

      "This ties in nicely with the proposed cuts to the Police Force - soon all they'll need is one person to spend all day looking at our browsing habits [...]"

      Experienced specialist police officers are apparently being retired early - then re-employed as civilian support workers doing the same backroom job. As they have spent pretty much all their working life accumulating the requisite experience - then it's really the only job they want to do - even if it means lower wages or through an agency.

  25. Alistair Silver badge
    Windows

    You are convicted

    We have records that you visited mobile.chat.yahoo.co.uk

    ISIS uses mobile.chat.yahoo.co.uk to communicate. You go straight to jail, we don't need a trial, we have the records.

    And Vhosting. holy shit.

    Downward spiral accelerates.

    <yes, I know the url is crap, but the concept is covered>

  26. Warm Braw Silver badge

    'nuff said

    "We want to police by consent ... But,"

  27. Graham Marsden
    Big Brother

    "Everyday investigation..."

    "Every day we're investigating your activities, just in case you might have done something we don't like..."

    FTFY

  28. allthecoolshortnamesweretaken Silver badge

    Can't the plod even

    browse for porn by themselves? Or are they really lazy?

  29. Graham Cobb

    A tail on everyone, all the time

    Five years ago, [a suspect] could have physically walked into a bank and carried out a transaction. We could have put a surveillance team on that but now, most of it is done online. We just want to know about the visit.

    So, 5 years ago you could have tailed 1 or 2 people per county at once. It cost you a lot of money and resources, required approval from a very senior level, and was reserved for major criminals.

    You now want to use advanced technology to be able to automatically tail everyone (including children, and investigative journalists) in the whole country all the time? Without any suspicion they are doing anything wrong?

    A police tail on everyone, 24 hours a day. I can't think of a better definition of a police state.

    1. ecofeco Silver badge

      Re: A tail on everyone, all the time

      Welcome to PAX USA!

  30. Brian Allan 1

    Sounds like Eastern Europe during the communist era! The UK is becoming more and more a police state with every passing year!

  31. Emperor Zarg

    Anyone may be a suspect, but everybody is not a suspect.

    They can already get what they are asking for, and more, by obtaining a warrant from a magistrate. The requirement exists in order to prevent the police from abusing their power.

    For reasons which they have not adequately explained, they want to remove the requirement for judicial oversight and approval in order to have untrammelled access to very personal information on each of us whenever they feel like it.

    The lack of a requirement for a search warrant, especially when combined with such unreasonable search powers is surely the hallmark of an authoritarian regime.

  32. Anonymous Coward
    Anonymous Coward

    Bit of Python on the Raspberry

    I guess I'v found a new use for my Raspi - when you go to bed get it search and load random . gov.uk sites thru the night (working shifts means most of this traffic will be daytime for me) DDoS anyone mwahaha. For all real traffic use a VPN terminating in a less draconian country, or public WiFi.

  33. Boris the Cockroach Silver badge
    Big Brother

    Can you imagine the fun

    of those bloody websites that popup links to everywhere when you try and browse them , a favorite of the ad sites on facebork.

    Only take 1 of them to be slightly dodgey and blammo.. the cops have you and the interview will end up going like this

    <Police> we know you surfed an illegal site, we have the records, what did ISIS tell you to do?

    <you> What site?

    <police> you know very well which site

    <you> I dont know what you are talking about

    <police> right seems he denies surfing that site, lets 'encourage' him to co-operate

    <you> ow ow ow ow ow ow

    -----

    Much later

    <Judge> you are found guilty of surfing an illegal site

    <you> I dont know what site you are on about

    <Judge> sentenced to 25 yrs in prison

    <you> what site?

    -----

    Much much later

    --

    <Lawyer> I've finally been granted access to the list of webistes you surfed that day

    <You> and what site was it?

    <Lawyer> www.human_rights.com

    <you> who?

  34. Mike Richards Silver badge

    Berry explained the police's desire to The Times by saying "We want to police by consent..."

    "...but then we thought - fuck it, let's just force them to hand over the data."

  35. ScottME
    WTF?

    Weak analogy

    Finding terrorists on the Internet is like trying to find a needle in a haystack. These proposals will certainly give the spooks a much bigger haystack to search through, but I'm not entirely clear as to how that will help them find the needle.

  36. Stevie Silver badge

    Bah!

    Smith told The Register that the powers the police have been reported to be seeking are equivalent to recording "every magazine you've read, but not which articles on which pages"

    What about the card inserts, free gifts and fragrance samples? Who gets those?

  37. Anonymous Coward
    Anonymous Coward

    One microsecond free trial

    Diet meal plans often offer a week of food free as a trial offer. I purpose giving the government 1 microsecond of data as a trial offer to see if they like it.

    Have the biggest ISP's in the land record 1 second of said data. Aggregate the data from all the ISP's and hash the IP addresses. Then slice it up into 1 microsecond shares and send one slice to each member of Parliament and each elected police official in the land.

    Compose emails with names from the least decayed phone-book you can find as source addresses (don't make it trivial to filter). Put the URL in the subject line and the requesting IP address (probably should hash it first followed by enough evasion text to make filtering hard) and send it to their official email address. If such an email address can not be found or is not working (none of them will be working at the end), fax what you can until that fails, then print the remaining data, one line per connection, 66 lines per page and have a volunteer deliver it in person (with TV crew in tow). Ask for a receipt too.

    I am sure that servers will crash, printers will wear out, trucks will break down, and loading docks, driveways hallways and offices will fill up with boxes. Mountains of boxes of paper will be on TV and in the news, and all those mountains of boxes will still represent less that one one-thousandth of one second's worth of data they think they want. This should drive the scope of this stupidity through even the thickest heads.

    If we fail to get the point across, invest in storage manufactures, cloud storage providers, electricity generation, data center construction...

    And begin determining the environmental, economic and social impact of covering the entire island to an average depth of 10 feet with running hard drives.

  38. Anonymous Coward
    Anonymous Coward

    The VPN condrum

    so I connect to my Corporate VPN and do stuff.

    My Internet Point of presence is around 4000 miles away.

    Ok GCHQ/NSA how do you get my browsing history?

    Unless you have cracked every VPN encryption you can't.

    So being realistic their aim of getting our entire browsing history is impossible.

    Perhaps someone should tell HMG and more importantly The spooks in Cheltenham the reality.

    Now I'm just going to connect to my other VPN in Mexico.....

    Then there are others in other parts of the world.

    I don't have anything to hide but all I'm saying is that it is only too easy for those who have somethnig to hide to do just that.

    1. Roo
      Windows

      Re: The VPN condrum

      "so I connect to my Corporate VPN and do stuff.

      My Internet Point of presence is around 4000 miles away.

      Ok GCHQ/NSA how do you get my browsing history?"

      Unless you are connecting to your corporate VPN through your very own bit of copper/fibre and exchanging keys via another completely different channel they can't tap they could probably find somewhere along the trail of nodes to launch a man in the middle attack. If that's too hard/awkward they can lean on your corporation until they hand over the records (which will they be required to keep if they work in certain areas/jurisdictions - eg: finance).

  39. Brock Knudsen

    "oh-oh sounds like some opposition, better get my next line ready."

    "ahem, If you aren't guilty then you have nothing to worry about."

    There now to sit back and enjoy the Police state I have initiated.

  40. Number6

    So which logs are they after? Those collected by a website or are they expecting ISPs to log all of this? It's going to de damned difficult to track an individual by asking loads of websites if they've seen the IP address, especially if it's a dynamic one.

    One way to screw the proposal would be if lots of websites had one-pixel GIF images and they all referenced all the others by suitable means on web pages. Ideally this would be done with a blank referer field, but imagine if you could click on an Amazon or Microsoft page (or even one from El Reg) and simply by doing so, you'd be logged as accessing a hundred other sites. It would make any sort of correlation useless by poisoning the logs. Obviously there are a few performance issues, but we should be looking at ways of making the collected data useless.

  41. Anonymous Coward
    Anonymous Coward

    If they want something to do then we should all add the word dirty, bomb and nuclear. Dont get me wrong, I do not want nor sanction terrorism, however, the quid quo pro needs leaving as is, why? well the undercover authorities have enough strength now. Let me tell you a little story, 40 years ago a lad applied to be an apprentice, the company concerned did security stuff. Now the boys father was known to be Chinese, and wanted for petty crime. Yet within less than a week they had found the man in China working as a fisherman! There was therefore no security problem, however the lad was found to be colour blind so in the end it did not matter as he could not be employed.

    They have sufficient powers and methods, giving these to the police opens up the probability of severe misuse.

    1. Commswonk Silver badge

      Ah but...

      Anonymous Coward wrote: ...40 years ago a lad applied to be an apprentice, the company concerned did security stuff. Now the boys father was known to be Chinese, and wanted for petty crime. Yet within less than a week they had found the man in China working as a fisherman! There was therefore no security problem...

      Not a particularly good example, IMHO. The person concerned was "known" and there was a clear starting point for the enquiry, and one thing to enquire about. In preventing terrorism (hopefully) the police may have a very unclear picture of who they are trying to monitor because the person (or persons) concerned will be taking some trouble to conceal who they are and what they are doing; hardly the same as the lad in the story.

      I suspect (but do not know) that it will be very rare for a full intelligence picture to either fall into the collective police "lap" or be revealed in a complete form during an enquiry; the intelligence jigsaw is just that - a jugsaw - and it has to be constructed piece by piece while not revealing that you are putting a jigsaw together in the first place.

      Having said that I have a lot of sympathy for your ...giving these to the police opens up the probability of severe misuse; we are after all talking about an organisation that wants to do Skype interviews of victims of crime and only investigate burglaries at odd - numbered premises.

      To be fair (oops; I made this mistake once before) the police have a near - impossible task in preventing terrorism; I doubt if anyone expects them to prevent burglaries in the same way as we want terrorist activity preventing. While I do understand people getting hot under the collar about creeping powers for the police (coupled with ever reducing accountability) what is the bien pensants reaction going to be if there is another 7/7 or Lee Rigby? I think I can hear it now: "Why didn't the police do something to stop it?" The answer may be "we didn't have the necessary powers" and it will be very hard to argue against that.

      I really worry about this contradiction - balancing the strong desire for a free society that is not under the threat of near constant surveillance with making sure that the poice and security service can carry out their jobs effectively.

      I don't pretend to know the answer.

      1. Emperor Zarg

        Re: Ah but...

        Commswonk wrote: [...] what is the bien pensants reaction going to be if there is another 7/7 or Lee Rigby? I think I can hear it now: "Why didn't the police do something to stop it?" The answer may be "we didn't have the necessary powers" and it will be very hard to argue against that.

        That answer would be a lie. They already have the necessary powers. They just want more - they will never say they need fewer powers - and they are willing to use any emotive situation to manipulate public opinion.

        The perpetrators of the 7/7 atrocity were either already known to, or could and should have been linked to persons already known to the security services. In the case of Lee Rigby's murder, both were known to the security services. In neither case they did adequately act upon intelligence already in their possession.

        One could postulate that the security services already had too much information with which to work, and that finding useful intelligence in a morass of information is almost impossible. Providing them with even more information would clearly be the wrong thing to do.

  42. DougS Silver badge

    Not sure if I'm happy I live in the US or not

    On the one hand, no one here has the balls to advocate for this level of access to the browsing history of every single American citizen. On the other hand, the NSA did their best to get this level of access behind our backs, and even try to sniff the content where possible.

    Is it better to be screwed from behind and not see your assailant like in the US, or have them look you dead in the eye while they're screwing you like in the UK? I'm not really sure, can I elect a third option where I don't get screwed?

  43. JassMan Silver badge
    Trollface

    We want to police by consent

    Berry explained the police's desire to The Times by saying "We want to police by consent, and we want to ensure that privacy safeguards are in place.

    OK, so where is he going to display the checkbox saying "I consent to a total invasion of privacy"? And will he ensure you are not defaulted to giving consent unless you take a positive action?

  44. Rol Silver badge

    Badly Profiled Boy

    "Oh, a cute kitten. I'll click on that."

    click

    "OMFG what am I looking at? Is that a pigs head and oh no, no. he's sticking his..."

    click

    Meanwhile back at Scotland Yard...

    "Hey, sarge. We got one of those beasty pervs again....No it's a civvy this time. Yeah easy meat, I'll send the lads round sharpish"

    Later that day....

    "We got you, you piece of filth"

    "Whaaat?!"

    "We're arresting you for visiting bestiality sites while not in possession of either a constituency, knighthood or white curly wig. Anything you say will be reinterpreted for maximum effect at trial."

    "But, it was a cute kitten"

    "Under age as well, you dirty bastard, you'll rot in jail forever"

    "No it was a cross site script that took me there"

    "Cross-eyed git? What's his name then?"

    "Eh?"

    "Note that down constable Savage, when challenged about his alibi, he refused to cooperate"

    Later that year...

    "So what are you in for?"

    "Would you believe, the total incompetence of a system that cannot distinguish between intentional and unintentional acts?"

    "Yeah, I can relate to that, I never meant to use the axe, it was just for show"

    1. Anonymous Coward
      Anonymous Coward

      Re: Badly Profiled Boy

      "Would you believe, the total incompetence of a system that cannot distinguish between intentional and unintentional acts?"

      The future Sexual Offences Act 2003 was supposed to be a tidying aggregation of many previous laws. When it was put out for public consultation it was obvious that the word "intent" had been dropped from some of those previous laws' wording. The reason given was that the police and some single-issue lobbies felt that having to prove intent made it "too difficult" to secure convictions of enough accused people.

  45. John B Stone

    ISPs with secure systems and irrefutable logs?

    Surely for the logs to be useful (and to stand up in court) the ISPs have to have solid security and rigorous testing of their systems. Logs of ISPs who for example had been subject to any hack would have to be automatically ruled out...

  46. Chozo

    Whose Web Browsing History?

    Now would be good time to mention MAC spoofing methinks. Then there are the WPA cracking services, granted many newer UK routers are tough nuts to crack but there's plenty of older ones out there. My personal favourite though has to be leaving an Auto-Pwning USB stick in the local coffee shop, way cheaper than paying for a premium proxy.

  47. The Nameless Mist
    FAIL

    They want it ... let them have ALL of it

    I suspect that even with all the computing power tucked away at GCHQ; if they really had access to all the browsing data (assuming they aren't tapping it already) then they'll be sitting on a growing backlog from day zero.

    Not taking into account of course that anyone with any sense will be running their searches through various obfuscation services and using "burn" devices.

  48. Anonymous Coward
    Anonymous Coward

    We are sleepwalking into a Police State.

    The Police feel that apart from a few "bad apples" then the force is keen on justice and liberty. Particularly bringing to justice those who appear to be clever enough to have no evidence against them. Such is the hubris that an inward-looking institution will produce in its members.

    Politicians will also recoil from the idea that one of their group would misuse the powers they have. Wider interpretation of a law for the "good" of the people is however considered commendable - and necessary if the creation of many new laws is not to be bogged down in poring over detailed draft bills.

    All power tends to corrupt; and absolute power corrupts absolutely. Lord Acton 1834-1902

    This blog article seems to cover that human failing very nicely:

    http://www.acton.org/pub/religion-liberty/volume-2-number-6/power-corrupts

  49. Anonymous Coward
    Anonymous Coward

    HMRC and councils to have access too

    According to a DT article the web history will also be made available to HMRC and local councils.

    http://www.telegraph.co.uk/news/uknews/terrorism-in-the-uk/11968999/Councils-and-taxman-to-be-given-power-to-view-your-internet-history.html

    1. Mike Richards Silver badge

      Re: HMRC and councils to have access too

      After that, how long before everyone's browsing history is also shared with Feargul Sharkey and the creeps at the BPI?

  50. Anonymous Coward
    Anonymous Coward

    Terrorism Risk

    To put historic risk of terrorism in perspective, I had to point the following out to a senior police officer:

    In 1972 the UK saw 10,631 terrorist shootings and 1,853 bombings; 470 people were killed by terrorism.

    In 2007, there were 47 shootings and 20 bombings - all in Northern Ireland and three people were killed by paramilitaries.

    This was from a BBC article a few years ago.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019