back to article New gear needed to capture net connection records, say ISPs

Communication providers will need to invest in new equipment if they are to capture people's internet connection records (ICRs) and comply with planned new UK surveillance laws, three major UK internet service providers (ISPs) have said. Under the Investigatory Powers Bill, proposed by the UK government in November, …

  1. Christoph Silver badge

    Plus the technical and administration costs of keeping that information secure but making it available when plod wants to snoop through it.

    It is of course entirely coincidental that the costs will be proportionately far greater for small independent ISPs and far less for the big boys. Our wonderful government surely would not want to do that deliberately.

    1. Paul Crawford Silver badge

      The ISPs should tell the committee that cost recovery is not an issue - they will all simply put all of the hardware, software and administrative costs down on the customer's bill separately itemised as "Conservative Government Snooping Tax".

      1. Anonymous Coward
        Anonymous Coward

        Re: bill separately itemised as "Conservative Government Snooping Tax"

        You mean as opposed to the bill for the law that the last Labour Government tried to foist on us.

        There is no point in trying to play party politics with this one. All parties oppose snooping when they are in opposition and then magically they all think its a good idea when they are the ones doing the snooping. Basically they are all as bad as each other

        1. Naich

          Re: bill separately itemised as "Conservative Government Snooping Tax"

          "All parties oppose snooping when they are in opposition and then magically they all think its a good idea when they are the ones doing the snooping. Basically they are all as bad as each other"

          Except for the LDs, who actually stopped this bill proceeding while they were in coalition.

          1. Anonymous Coward
            Anonymous Coward

            Re: bill separately itemised as "Conservative Government Snooping Tax"

            > Except for the LDs, who actually stopped this bill proceeding while they were in coalition.

            Except they were really in power were they, they were just allowed to sit in the next table so long as they were all quiet and didn't do much. If there was truly an LD government they'd get the same bug as everyone else does.

            Didn't "Yes minister" describe this process?

            1. batfastad

              Re: bill separately itemised as "Conservative Government Snooping Tax"

              > Except they were really in power were they, they were just allowed to sit in the next table so long as they were all quiet and didn't do much. If there was truly an LD government they'd get the same bug as everyone else does.

              I don't know. Being able to veto a proposed piece of legislation is more power than you or I have. Good on 'em.

        2. Paul Crawford Silver badge

          Re: There is no point in trying to play party politics with this one.

          Yes there is - make sure the fsckers know they (whoever is in power currently) will be tarred with introducing it come the next election. It might magically make the grow some ethics, like the LD has in this respect.

      2. davemcwish
        Big Brother

        Alternatively....

        Connection Records Archival Premium

    2. Tim Jenkins

      "...costs of... ...making it available when plod wants to snoop through it...".

      Much cheaper for the girls and boys in blue to wait until the ICR data stores get exfiltrated / torrented, and fish through it then, surely?

      Austerity, we're all in this together, etc, etc...

  2. SMabille

    CSP

    And the ICRs have to be kept by CSP (Communication Service Providers), they are not restricted to ISP only. We can expect the law to apply to all sort of layer 7 providers too (VoIP, messaging, ...).

  3. Peter 26

    Isn't this just duplication of work?

    We know from the Snowden leaks that GCHQ are recording this info and more, so why make the ISPs do it too? Is it simply so it can be legally accessed by the police?

    1. Doctor_Wibble

      Re: Isn't this just duplication of work?

      You make it sound like 'duplication of work' could somehow be used as a reason for a government to not do something... I'm not sure I understand the concept here...

      1. Peter 26
        Thumb Up

        Re: Isn't this just duplication of work?

        Very good point! What I was thinking?

    2. Christoph Silver badge

      Re: Isn't this just duplication of work?

      "Is it simply so it can be legally accessed by the police?"

      Probably. There is no way whatever that the spooks will let mere plod have the slightest hint of what they can do or are doing.

    3. Voland's right hand Silver badge

      Re: Isn't this just duplication of work?

      Because their copy is inadmissible in court.

      Even if it is a UK court with no tainted evidence rules as present in other developed countries, you still cannot use their copy as evidence.

  4. Anonymous Coward
    Anonymous Coward

    I wonder...

    ISPs will need new equipment and software to manage storage of and access to the accumulated data.

    Might the Gaffer thingy that GCHQ have put on Github (see http://www.theregister.co.uk/2015/12/14/brit_spookhaus_gchq_creates_github_repo_offers_graph_database/) have anything to do with it?

  5. Anonymous Coward
    Anonymous Coward

    What would be required (technically)

    to use a non-UK based ISP ? Is it even possible ?

    Or will we see "virtual" offshore ISPs, who will run end-to-end VPN tunnels for dummies ?

    1. Lee D Silver badge

      Re: What would be required (technically)

      The question is not whether you use a UK-based ISP or not.

      It's do you trust the connection, and to what extent?

      I trust my browser.

      I trust my machine (that may be misguided, but I think I'm generally okay there).

      I trust my local network connections.

      I trust my router.

      All good so far.

      What they are saying is that I can't trust transit between my router and ANYWHERE ELSE ON THE NET. That seems... pretty normal to me. Plain DNS is unencrypted, sniffable, and anyone at my ISP or in the path to the DNS server of choice can sniff, modify and insert traffic.

      As such, the solution is not "move abroad" in terms of your connection, but realise what you are trusting that you shouldn't. DNSSEC is better, you can't "fake" or modify a DNSSEC response.

      But even better is to not give anyone - the ISP or anyone else - the opportunity to monitor your unencrypted traffic. That means end-to-end encryption (HTTPS over DNSSEC loookups, because TLS etc. does in fact TRUST the DNS response to be authoritative and correct!) or VPN to a trusted location.

      If you buy a virtual server, pretty much the web filtering on those isn't present. They aren't classed as ISP's so they don't filter sites, play with DNS responses or limit access. They are much more concerned with billions of spam emails or you trying to spoof an IP. As such, the cheapest virtual servers, at home or abroad, can be hand for a few pounds a months and you can configure your router to VPN to them and route all traffic through them. Voila!

      Or, as you suggest, you can just a VPN host that you trust and do the same.

      But the problem really stems from so much stuff still being plaintext and unencrypted. Email. DNS. HTTP. Even DHCP (how do you know it was your ISP that gave you that IP address and that you weren't shifted to a different IP by some blackbox that your ISP was forced to install?). The solution is to move to DNSSEC, HTTPS - we don't have a solution for email yet because people apparently don't think that billions of unencrypted-by-default emails matter - and encrypted-by-default protocols everywhere. Also, VPN access.

      My phone can do VPN access to my virtual server. I wouldn't join a hotel wireless network without it. And I can provably connect to ONLY my VPN server, with no middle-man, or not connect at all.

      1. Ole Juul Silver badge

        Re: What would be required (technically)

        the cheapest virtual servers, at home or abroad, can be hand for a few pounds a months

        Being into this, I just thought I'd point out that the cost can be much lower if you just buy a small Virtual Private Server. I'm currently using one with overkill specs which costs me $15 per year ( £10). The Low End Box VPS thing has taken off and you can actually get an adequate server for 1/3 that price ... per year. Check out Low End Stock. Get one and install the VPN software of your choice.

        PS: I have no vested interest there, other than to advocate for people setting up their own VPN servers. Most people on this forum probably have the skills.

  6. CAPS LOCK Silver badge

    As I understand it you can drive a coach and horses though this...

    ... simply by installing a browser from our good friends in Norway.

  7. Camilla Smythe Silver badge

    I call Bollocks.

    https://wiki.openrightsgroup.org/wiki/TalkTalk_HomeSafe

    http://www.theregister.co.uk/2010/07/26/talktalk_stalkstalk/

    http://www.huawei.com/ucmf/groups/public/documents/attachments/hw_111690.pdf

    http://data.parliament.uk/writtenevidence/committeeevidence.svc/evidencedocument/science-and-technology-committee/investigatory-powers-bill-technology-issues/oral/25740.pdf

    TalkTalk already does it, installed working and costed, and the rest already have the capability. Unless I misunderstand the requirements of ICRs then StalkStalk already fulfils them and the moaning about storage capacity is exactly that... moaning because Traffic/Routing Data is minimal in comparison to Communications/Content Data.

    Of course enquiring minds might want to know why TalkTalk was not present at the committee meeting mentioned in the article to present evidence or whether they presented any in the first place.

    'Ooooo Look. We've already got one of those!'

    'Shut Up! Shut Up! How are we going to get our snouts in a bigger trough?'

    'Oh, cough. Sorry.'

    1. JimmyPage Silver badge
      FAIL

      TalkTalk already does it

      Hardly an advert.

      Of course enquiring minds might want to know why TalkTalk was not present at the committee meeting mentioned in the article to present evidence or whether they presented any in the first place.

      maybe because there's very little Talk Talk can teach anybody ?

    2. JimboSmith Silver badge
      Black Helicopters

      Re: I call Bollocks.

      But are the security minded individuals (try not to laugh) at Talk Talk actually recording/storing the data or just checking it against naughty sites and then discarding it? Because it says in the El-Reg link you provided that:

      In its statement the firm sought to head off the privacy concerns stirred by harvesting of URLs."Our scanning engines receive no knowledge about which users visited what sites (e.g. telephone number, account number, IP address), nor do they store any data for us to cross-reference this back to our customers," it said.

      And also....

      "We are not interested in who has visited which site - we are simply scanning a list of sites which our customers, as a whole internet community, have visited."

      Might bump the costs up bit to start keeping all the data, link it to individual customers, make it searchable, keep it secure (I told you not to laugh) etc. and make a tasty target for some script kiddies when they do.

      1. Camilla Smythe Silver badge

        Re: I call Bollocks.

        As I understand the system they use DPI to extract URLs from their customers Communications and perform follow up 'content' checks on those URLs. This is 'not' based on DNS lists. It is Communications/Content Data that they are working on not Traffic/Routing Data and therefore should be illegal. They have the data, they operate on the data... the possibility that they throw it away after the event is neither here or there.

        The Reg article, and indeed TalkTalk themselves have stated that this process is performed on everyone's Communications. You cannot opt out of it. They mention they do not store IP/Account/Telephone information but they have it... How else do you log in via the Radius in order to get your IP address. As to 'storage'.. ignoring the fact that they already have the 'user' data required and will be storing it anyway. They just need to add a table to the data-base.

        http://www.theguardian.com/technology/2015/nov/11/broadband-bills-increase-snoopers-charter-investigatory-powers-bill-mps-warned

        Hare said: “On a typical 1 gigabit connection we see over 15TB of data per year passing over that connection ... If you say that a proportion of that is going to be the communications data, it’s going to be the most massive amount of data that you’d be expected to keep in the future.

        This is where we get into confusion over Traffic/Routing Data and Communications/Content Data.

        Hare conflates 15TB of 'Data' with what is 'required', assuming anyone has pinned down what an ICR represents, by an ICR. If the ICR just requires 'endpoints' and an extra little bit then. Perhaps someone more knowledgeable can throw in a spanner but if I download a 1.5GB movie then allowing for redundancy I'd 'wet finger' 1K for ICR requirements which makes your 15TB of yearly data about 100MB for yearly storage.

        Oh, and in respect of TalkTalks competence that does not enter the picture. They have a costed system developed, in place and in operation that fulfils the requirements of ICRs. All they have to do is add the, minimal, storage and Claire Perry is Your Uncle. That is unless they sold Claire Perry a lemon.

        It's already in place. This is just the ISPs attempting to line their pockets.

      2. John Brown (no body) Silver badge

        Re: make it searchable,

        There doesn't appear to be anything in the proposed Bill that requires a specific type, level or quality of searchabilty of this data so an ISP might well be OK, when asked for data, to simply dump a weeks or months worth of data to plod and leave them to worry about how to search and/or link the data.

        For a comparison, think about TalkTalks reasons for not encrypting the the stolen data. As per law, they took reasonable steps to secure the data. Nothing in the law about what type of encryption to use, or even that it had to be encrypted in the first place. They *used* that wooly-worded law to their own best cost-saving advantage. There's nothing in the proposed Bill that says ISPs etc have to spend more time and money than they need to make it easy for plod to just log in and click a button or two to get what they want.

        And don't forget. It's not just plod we have to worry about accessing this data. It's supposed to be about terrorism and *serious* crime. But pretty much every Govt. department, inclusding your local council seem to be on the list of "approved parties" to get their mitts on this data. So, just like RIPA being used to catch dog owners letting their dogs foul in the wrong places, or people faking addresses to get kids into the "right" school, or putting the wrong stuff in the bins.

        "What do you mean, you can't afford your poll tax. We know you spend every day browsing Amazon and EBay"

  8. Doctor Syntax Silver badge

    Cheap solution

    3rd hand old tape drive.

    Access? "See that pile of unlabelled QICs there? You're welcome to look through them. No you can't borrow our drive, it's in use."

    1. Roo
      Windows

      Re: Cheap solution

      "No you can't borrow our drive, it's in use."

      - "Fine, we'll ask you for it so we can read your data or you can be imprisoned until you let us have it.. Oh and make sure you replace it with something we can read easily next time."

      The latest legitimising mass surveillance proposals include "non data" as well. :(

  9. Tom Wood

    How exactly does this work

    When I visit www.theregister.co.uk, this isn't one transaction. First there is a DNS lookup, which in my case currently resolves www.theregister.co.uk to 104.20.24.212. Then I open a TCP connection to 104.20.24.212:80 and send a HTTP GET request for /. Then the HTML loads and this may trigger many further DNS lookups and requests for images, style sheets, javascript and so on.

    Exactly what are they logging to determine I am visiting www.theregister.co.uk? The DNS lookups? The TCP connection to 104.20.24.212:80? (But who knows what that IP address really is - actually this particular example has no reverse DNS - but it could well be a shared server, CDN server, etc).

    Or are they inspecting the contents of every HTTP request and logging that? In which case, what happens when the server is using HTTPS?

    1. Anonymous Coward
      Anonymous Coward

      Re: How exactly does this work

      Excellent questions.

      And that's all assuming the Internet accesses are done using The Wibbly Wobbly Web as we have understood it for a couple of decades, right?

      Does it work like that (does it *have* to work like that) with e.g. apps on mobiles, when you're not accessing stuff using a browser, but using a program that doesn't need to know about http: and such like, just needs to know how to talk to a Snapbook/Facechat/(etc) server?

      Or even, for example, something conceptually similar to a swarm of torrent wotsits being accessed by torrent clients? Who needs http? Basically, an app communicating over IP sockets with its peers and/or with a network of servers, using a protocol which isn't http(s): over TCP. Then what?

      Is it really as trivial as it looks for any non-browser-based app (like the stuff being rolled out on mobiles and tablets) to break this whole concept and render it even more useless than it already was? Obviously ISPs could then start blocking any non-approved non-tracked ports and/or protocols...

      We know where this is leading. It's not leading anywhere nice.

      1. Warm Braw Silver badge

        Re: How exactly does this work

        >Excellent questions

        And questions to which there will likely be no answers before the legislation is passed. It will be up to the Home Secretary to determine precisely what information the ISPs are ordered to provide. The propaganda public announcements have suggested that there is an intent to capture information on which "apps" people are using on their mobile devices.

        This suggests that actually it's the TCP connection details that are to be collected (that's technically equivalent to the host part of the URL for web traffic), but there's going to be an awful lot of that (since it's every image and script on every web page and every connection made by Windows updates and telemetry, etc, etc).

        That's perhaps doable since you can spot the connection setup packets. However, it would be defeated simply by switching to using an application-specific protocol over UDP (or directly over IP). The only way to fix that would be to collect every new source+destination address pair and that would require some quite fancy kit to operate at wire speeds. And quite likely only reveal that the suspect was using a VPN.

        And it's unlikely the Home Office is going to instruct small ISPs to do this anyway - it would put most of them out of business. They certainly didn't on the last attempt, so there's a get-out-of-jail-free card right there.

        tldr:

        Q: How exactly does this work?

        A: It doesn't

        1. Anonymous Coward
          Anonymous Coward

          Re: How exactly does this work @Warm Braw

          "Q: How exactly does this work?

          A: It doesn't"

          That's what I was thinking, and what others seemingly better informed than me have concluded too. So basically like security theatre at airports, something must be done, this is something, therefore it must be done.

          "it's unlikely the Home Office is going to instruct small ISPs to do this anyway - it would put most of them out of business. They certainly didn't on the last attempt, so there's a get-out-of-jail-free card right there."

          That's certainly the picture the aforementioned Adrian Kennard of AAISP has been hoping for/relying on. I admire his confidence in the political/regulatory process.

          "[technical geekery] perhaps doable since you can spot the connection setup packets. However, it would be defeated simply by switching to using an application-specific protocol over UDP (or directly over IP)."

          Much as I thought then. Not rocket science to bypass this ICR stuff, is it, technically speaking.

          "The only way to fix that would be to collect every new source+destination address pair and that would require some quite fancy kit to operate at wire speeds."

          Isn't that basically just what user-specific DPI does, and thus pretty much what BT, Phorm, and friends were proposing several years ago? I'm sure some outfit somewhere with good contacts in Cheltenham would be delighted to sell such kit in volume if they're not already doing so. A decade or more ago I used to know somebody who sold niche kit into that market, except it wasn't so much selling, as waiting for the orders to come in, knowing that there was no chance of any dialogue about what they wanted and what they were doing with it, or even why is it so expensive. In recent years I've seen it turning up on eBay so I guess it's no longer fast enough.

          "the suspect was using a VPN."

          So VPNs will be banned and blocking will be mandatory then, except those products and endpoints approved for corporate use. (Yes I know that makes little sense technically either. So what.)

          Come back Echelon, all is forgiven.

    2. Dazed and Confused Silver badge

      Re: How exactly does this work

      When I visit www.theregister.co.uk, this isn't one transaction.

      Of course most of the websites you actually visit you have no knowledge of.

      So if you wanted to stitch someone up you could easily set up a page such than when they visited your legit page you sent them off to all sorts of dodgy sites just for fun.

      So the powers that be at El'Reg could decide to detect any connections from IP addresses associated with the Houses of Parliament and then send them "doctored" pages which resulted in the visitor also visiting www.howtomakeanuke.isis.com and www.kiddy****.pron

      If the tracking system isn't saving the whole page downloaded from El'Reg then the poor visitor wouldn't have any defence when the BiB come knocking on their door for visiting illegal sites. All that would show up in their logs is that you're a pedo nuclear terrorist with non Christian leanings. So you're well and truly F*&^ed.

      1. Anonymous Coward
        Anonymous Coward

        Re: How exactly does this work

        You wrote: "So if you wanted to stitch someone up you could easily set up a page such than when they visited your legit page you sent them off to all sorts of dodgy sites just for fun."

        Already been done, and it can easily be done in a way that the punter doesn't even see it happening, but the Internet Connection Records tell a different story.

        A few days ago, Adrian Kennard, boss at ISP Andrews+Arnold aka AAISP wrote in his blog: "The proposed "Internet Connection Records" in the Draft Investigatory Powers Bill will potentially log every web site you have visited and retain that for a year.

        If you are reading this blog post, you would now have an "Internet Connection Record" showing that you visited pornhub.com, or more specifically pornhub's content delivery network cdn1b.static.pornhub.phncdn.com, because there is a 1 pixel image included in this blog post which your browser will have fetched automatically.

        Now, that is not illegal, thankfully, but it is probably in the filtering for many large ISPs, so even before this bill comes in it is probably logged. [continues]"

        at

        http://www.revk.uk/2015/12/can-you-justify-your-internet.html

        Just sayin'.

      2. Steve Davies 3 Silver badge

        Re: How exactly does this work

        You mean all those tracking, advertising and other ****** sites that even the most basic Website seems to link to these days. So the ratio of actual dodgy sites to ads,tracking etc are probably 1:20 (if not higher)

        How is anyone going to sort the wood from the trees then?

        It will be only too easy for aomeon to setup a nice cuddly and innocent web page that only loads the links to terrorists if a certain browser connect string (or something similar) is used. As sort of carefully crafted HTTP request.

        Are they really trying to push water up a hill here?

        Pass the popcorn please.

      3. Captain TickTock
        Childcatcher

        Re: How exactly does this work

        So if you wanted to stitch someone up you could easily set up a page such than when they visited your legit page you sent them off to all sorts of dodgy sites just for fun.

        Of course this is simply defeated by opting into the family friendly web filter kindly set up for you under the direction of our esteemed government. You see, they've thought of everything!

      4. Pen-y-gors Silver badge

        Re: How exactly does this work

        So the powers that be at El'Reg could decide to detect any connections from IP addresses associated with the Houses of Parliament and then send them "doctored" pages which resulted in the visitor also visiting www.howtomakeanuke.isis.com and www.kiddy****.pron

        Worthy of Baldrick in its cunningness...I think I might start coding now. Anyone got Theresa May's IP address?

        1. Robert Grant

          Re: How exactly does this work

          Only do this if the requester is inside Number 10 or GCHQ, though.

    3. Missing Semicolon Silver badge
      Boffin

      Re: How exactly does this work

      That's not quite how HTTP works.

      You're correct in that the browser does a DNS lookup to find the hosting box, but it then sends the whole URL to the web server. This is used by virtual-hosting setups to pick the right site, and by HTTP proxies to connect to the right server. Even if you think you are not using a proxy, most ISPs have "transparent proxies" that intercept your request, and try to satisfy it with content cached inside the network.

      However, I believe that for HTTPS connections, the HTTP request is sent over the secured link. the URL is thus hidden from snoopers.

      1. Tom Wood

        Re: How exactly does this work

        @Missing semicolon:

        You are correct. But the URL is inside the HTTP request itself - not in the packet headers - and is encrypted for HTTPS. That's what I meant by "Or are they inspecting the contents of every HTTP request and logging that? In which case, what happens when the server is using HTTPS?"

        1. NullReference Exception

          Re: How exactly does this work

          The full URL is encrypted, but the hostname part is sent in the clear as part of the connection setup process (it's in the certificate the server sends to the client, and it's also sent to the server by recent browsers to allow the server to select the correct certificate when multiple sites are on the same IP.) So hostnames for HTTPS can be easily monitored and logged without having to defeat the encryption or otherwise "break" the protocol.

          Also, recording the TCP details doesn't help when multiple sites are hosted on the same IP address...

    4. Anonymous Coward
      Anonymous Coward

      Re: How exactly does this work

      Surely they're not just going to restrict themselves to HTTP connections? It's hard to work out when almost every government or parliamentary outpouring still suggests they still believe the web is the Internet, and that webmail is email.

  10. RogerT

    Make the data collection a cost centre

    Presumably the cost of data collection and provision of the information to whoever demands it can be placed on a single cost centre which can include capital costs. Surely the charges for provision of data can reflect the total costs including collection? Hopefully this would make local authorities think numerous times before making their trivial requests.

  11. John Smith 19 Gold badge
    Gimp

    Only the clique of senior spookocrats wants this

    They should be the ones paying for this.

  12. Tromos

    "Up to the first slash"

    That'd be 'http:' then.

  13. Naich
    Facepalm

    Money well spent

    So the ISPs will be spending 100s of millions of pounds on a system that doesn't work if someone uses a free VPN which takes seconds to set up.

  14. kryptonaut

    Ask the people

    It seems to me that a scheme like this which affects virtually everyone in the country and was not overtly on the table when the current government was elected, should be put to a public referendum. Give everyone the facts - how they might benefit from the scheme, what will happen without the scheme, what the privacy implications are, and how much it will cost them. Have a public debate, ask the people to decide whether that's how they want to spend their money. That should be how things work in a democracy, and if the government are so confident that it's a sensible use of funds then naturally everyone will be on their side. Won't they?

    1. Dr. Mouse Silver badge

      Re: Ask the people

      should be put to a public referendum. Give everyone the facts

      Haven't you realised that's not how referendums work in this country? See the AV referendum... FUD and mudslinging outweighed any facts by at least an order of magnitude!

      1. batfastad

        Re: Ask the people

        Ask the people? Are you mad?

        That's not how democracy works dear boy. See you later at the golf/private supper club what!

        I would like to see a legislative cycle where changes to legislation can only be introduced every X years. Parties would have to present the exact diffs of their proposed changes. The people who are governed by those laws then vote whether to commit them to UK law. At the moment the same old Oxbridge blues/reds have a big party and do whatever they want for 5 years. Not good enough.

    2. Anonymous Coward
      Anonymous Coward

      Re: Ask the people

      Try it. Ask several non-IT type people what they think. Try and and explain it in layman's terms, most people aren't bothered. They think that a) the government is already doing this b) there is nothing they can do about it and c) they have nothing to hide so the government is free to read there emails and record what websites they visit.

      People just don't care nowadays, especially the younger generation, they have already sold their privacy for free glittery baubles from facebook and twitter; what does it matter if the government has access to their private lives as well?

      This law is pretty much passed; both houses are behind it and a bulk of the population is for it, after all, it will keep them safe from all those nasty people out there.

      Won't it?

  15. Anonymous Coward
    Anonymous Coward

    A couple of points

    1. How much more expensive would a traffic management system that records the data be, than a system that simply records it? If, as I suspect, it wouldn't be that much, then this could have serious implications.

    2. Have they thought of the obvious counter measure? An app that accesses thousands of websites to overload the system. Which of course will then appear as a virus either spamming the records or deliberately going to dodgy websites without the user knowing.

    1. Kevin Fairhurst

      Re: A couple of points

      I actually had the idea of developing a browser plugin... while you were happily surfing, it would run a google search against a random word from the OED, and load up a random result (i.e. not just the first entry on the first page). And it would keep doing this on a regular basis, as long as your browser window was open.

      Not only would this overload the monitoring systems with plenty more crap data to store, it would also ensure that you had plausible deniability in the event of something untoward appearing in your ICR history...

      1. Anonymous Coward
        Anonymous Coward

        Re: trackmenot?

        "while you were happily surfing, it would run a google search against a random word from the OED"

        Trackmenot for Firefox (and more recently for Chrome) has been doing this kind of thing for years, surely?

        https://cs.nyu.edu/trackmenot/

        1. Kevin Fairhurst

          Re: trackmenot?

          Did not know about that, thank you! Will be downloading & installing that on all my home devices!

          1. Anonymous Coward
            Anonymous Coward

            Re: trackmenot?

            "Did not know about [trackmenot], thank you! Will be downloading & installing that on all my home devices"

            Thank you. And, if you approve, spread the word further - it seems to be a well kept secret.

            My work here is done :)

  16. Grahame 2
    FAIL

    Privacy nightmare in the Internet slow lane

    Most ISPs look at statistical flow data, which is based on a sample of traffic, maybe 1 in every 10,000 packets or maybe less on high speed links (10/40/100Gbps).

    They do not see every packet and therefore can't track individual connections, what seems to be required by the proposed legislation is deep-packet inspection (as they want seem to want to examine the protocol and payload for URI logging) on every packet. I suspect politicians have seen some graphs of traffic classified by type, put 2 and 2 together and made 5.

    The problem with DPI is that it will add a significant cost to the connection, a cost that is related to the speed of the connection.

    Apart from the privacy nightmare this entails, it will result in the UK being stuck in the Internet slow lane, as your ISP now has to cover the costs DPI (which scale with throughput) they have to spend money on snooping instead of shipping traffic.

    It will however push adoption of the likes of HTTPS and DNSCrypt (you still have an issue with which CAs to trust)

    In short it will end up as an white elephant.

    1. Alister Silver badge
      Thumb Up

      Re: Privacy nightmare in the Internet slow lane

      They do not see every packet and therefore can't track individual connections, what seems to be required by the proposed legislation is deep-packet inspection (as they want seem to want to examine the protocol and payload for URI logging) on every packet. I suspect politicians have seen some graphs of traffic classified by type, put 2 and 2 together and made 5.

      Exactly this!

      The politicians have been trying to sell this on the basis that "well the ISPs already collect this traffic, we just want to legislate the retention of the data", but in fact NO ISP does routine DPI on every single connection, currently.

      This will require a load of infrastructure changes and a massive amount of new equipment to implement, and if they really want to extend this to any company which provides connectivity then a lot of the small ISPs will be out of business.

  17. Graham Marsden
    Meh

    "Who's paying for this? Take a guess. Hint: Probably not UK.gov or MI5"

    Who we pay for *anyway*.

    All this means is that we'll be paying ISPs etc to do it through our bills, rather than Gideon having to raise taxes which gives him (sort of) plausible deniability.

    1. phuzz Silver badge

      Re: "Who's paying for this?"

      Who's paying for this? Wait, I know this one, it's us isn't it?

      We'll either be paying for it out of our taxes, or we'll be paying more for bandwidth.

      Oh, and we'll be no safer or better off.

  18. jake Silver badge

    Horse shit.

    I've been capturing "ICRs", better known as system logs, for about 40 years.

    The politicians need to get out of the way of the technical staff.

    See: radar & decryption, back in the day ;-)

  19. Pen-y-gors Silver badge

    Data users?

    "make that data available to the police, intelligence and security services in certain circumstances, including to help with investigations into acts of terrorism or serious crime."

    ...or by coppers whose ex-wife you're seeing, or by councils checking on people putting out bins on the wrong day or littering or...

  20. Chewi

    See for yourself

    You can watch these discussions online. I watched the evidence given by Adrian Kennard (A&A) and James Blessing, who are probably more clued up than anyone else this committee will speak to. It was quite interesting, if a tad one-sided, as the committee were simply exploring their concerns rather than seeking to address them. Addressing them will be down to someone else, who will most likely ignore them instead.

  21. batfastad

    Drown them...

    There's only one thing to do... drown them.

    A bit of JS hosted on a CDN that willing website operators can embed into their sites. The JS then makes random(ish) background requests to all those lovely dodgy Islamo-Paedo-Money-Laundering-Terrierist-Torrent websites. Stick that up your ICRs GCHQ!

    1. Roo
      Windows

      Re: Drown them...

      "There's only one thing to do... drown them."

      If flooding is deemed to be an effective way to thwart their surveillance the politicians will simply pass a law to make it a criminal offence (this is probably already covered by existing law as a form of DoS). The handy thing about such an offence is that pretty much any extraneous traffic could qualify, effectively criminalizing everyone.

      Eton & PPE doesn't seem to have clued these folks up on the concept that they could end up on the receiving end of badly written law, but that may be because they fully expect to be above the law indefinitely.

  22. phil dude
    Coat

    the purpose of government...

    is to create more government.

    P.

  23. Anonymous Coward
    Anonymous Coward

    UK.gov and MI5????

    They have no money of their own anyway, every single penny that they spend comes from taxation, that's mugs like you and me folks.....

    1. Cynic_999 Silver badge

      Re: UK.gov and MI5????

      "

      They have no money of their own anyway, every single penny that they spend comes from taxation, that's mugs like you and me folks.....

      "

      Not quite true. Quite a bit comes from (effectively) printing currency that has no backing, which results in all currency being worth less per unit. This is shrugged off as being caused by "inflation" as if that is the only explanation needed. In fact the government is effectively stealing straight from our wallets, pay-packets and savings accounts without the majority of the population being any the wiser. Due to the fact that all national governments do this to a greater or lesser extent, "inflation" has become accepted as being some sort of universal natural law rather than a very deliberate act by people who know exactly the consequences of their actions.

  24. Mike Bell

    Aren't they going to have fun?

    Logging all those requests made to foreign-based virtual private networks.

    What a glorious waste of money.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019