Berners-Lee: Net snoop law tosses human rights into the shredder Sir Tim Berners-Lee has warned the Tory-led Coalition not to push through a bill to legislate plans to massively increase surveillance of the internet. In an interview with the Guardian, the world wide web inventor and "open data" advisor to the government urged the Home Office to drop the proposed law, which Theresa May …
all it will do is spur 256 bit encryption and beyond, by default, everywhere, regardless of the content.
so ultimately, they are catalysing the one thing that threatens their ability to catch the criminals in the first place as righteous privacy loving people find, develop and switch to encrypted methods by default for everything, including browsing websites.
then what are you going to do? decrypt everything???? I think it might have been better the way it was before....then at least you have a hope of catching the criminals...
> then what are you going to do?
You pass vague laws which criminalise everyone and promise that they will only be enforced against people who are really, really naughty.
The government is a bit too obsessed with pedophiles and terrorists. It doth protest too much.
My vote goes to the party which says that the terrorist threat is real but so small it isn't worth spending much money on it.
Completely agree, the point of terrorism is to terrorise your victims into modifying their behaviour either to their discomfort or to satisfy your terrorist goals. If you ignore the terrorists, in terms of everyday life by not modifying your behaviour then they cannot achieve their goals. The whole war on terror is a wet dream of the corporations.
Quote: "Unfortunately my MP is the Home Secretary :-("
Then WTF are you waiting for and why are you ranting on the reg instead of sitting down, composing a nastygram on "Write To Them" and explaining him exactly:
1. How stupid the idea is
2. How little it takes to circumvent
3. The likelihood of her ever getting your vote ever again unless he stops being such a muppet.
Just to articulate my point - I already have an answer from my MP to a similar letter (he is from the ruling coalition, but not in government) where he quite clearly states that in the current form he will vote NO for this regardless of what the party whips say.
In any case, you already missed the golden opportunity to ask the question humorously and as insulting as you can - the announcement was done on the 1st of April so it is a bit too late for you to ask "is this true? something that stupid can only be an April Fool's gag"
You probably missed the opportunity to refer Ms May to the brilliant analysis on The Daily Mash:
http://www.thedailymash.co.uk/index.php?option=com_content&task=view&id=5088&Itemid=81 I suspect at least some of her constituents have referred her to this already.
So do not just sit and twiddle your thumbs, write something for $DEITY sake.
most MPs just exist to perpetuate the party line, if they don't how would they ever get promoted in the party?
Our democracy is a farse, the only place you ever have a chance of intelligent responsible independent action against government proposals is in the lords, but now that's stuffed with ex-MPs aswell who tow the line, not worrying about the public vote and media is a wonderful thing at times, it allows you to not worry about the average tabloid reader. Though they do often lower themselves to the average shareholder...
This Side Up: "Unfortunately my MP is the Home Secretary :-("
A perfect opportunity to campaign in your local neighbourhood to highlight the dangers of this highly technical environment to the voting lay persons around you, giving them the benefit of your technical insights in such a manner as to not alienate them by being too geeky or scare-mongery.
If she gets enough letters from her local voters - that will get her notice, because without a seat, she can't be a minister of anything.
I have too, and I got a canned response from her secretary basically saying "so what?".
In actuality it said "xxxxx is very busy and recieves thousands of queries per day. Your query is not considered to be urgent or important and will be passed to her for addressing, when she has the time to look into it."
In other words, never.
Guess who won't be getting my vote at the next election.
"all it will do is spur 256 bit encryption and beyond, by default, everywhere, regardless of the content.
then what are you going to do?"
Already, thanks to the previous government's RIPA, all they need to do is demand you hand over all of your encryption keys then they can decrypt everything you send.
What's that? You have lost your keys or don't have them? Sorry, not good enough, off to jail with you.
Oh, and do not, under any circumstances, tell ANYONE that you have had to hand over your keys, or you will be off to jail - guess what the implication is if you issue new keys? Yup, hand them over then go off to jail for letting people know you'd handed over your previous keys which is obviously why you changed them.
They have had this power for 12 years now, you seriously think they will not continue to abuse it?!
"all it will do is spur 256 bit encryption and beyond, by default, everywhere, regardless of the content.
then what are you going to do?"
Already, thanks to the previous government's RIPA, all they need to do is demand you hand over all of your encryption keys then they can decrypt everything you send.
There's a difference, the grubberment have to approach you for the keys, the other way they can just eavesdrop on your private conversations.
You also have to understand the nature of encrypting data, all encryption methods are crackable, the only question is how long it takes the spies to crack the code and what are you trying to hide, so if you don't want anybody to read your data, don’t ever send it electronically... ever. Stick to physical media.
Think of it this way, if you know it takes 5 days for the spies to crack your code and the message you want to send is "plant the bomb in 4 days time and return to dakka-dakka land", well then for all intents and purposes your code is secure.
But then if you are a real terrorist you’re not going to send plain text messages like this anyway, your going to send something like "don't forget to send the flowers to your grandmother for her birthday in 4 days time".
I don't really believe all this snooping to catch terrorists and kiddie-fiddlers, the grubberment is more interested in finding out who is going to reveal their latest expenses scam to stopping the latest "we are the 99%" protest.
They can only demand keys from people in the UK. If enough governments start eaves-dropping I can foresee a time in the near future when most internet services are offered through SSL. It's already fairly common for FOSS websites.
That would leave most governments in the sorry position of either blocking international internet traffic (not a smart move economically, even to the limited extent that it is feasible) or having to grovel to foreign intelligence agencies for information about their own population that was largely available unencrypted before they got too greedy and pissed off the silent majority.
What I really can't square is that they are trying to bring this in AT THE SAME TIME as they are FORCING website developers to ask permission to track how their own users navigate and interact with THEIR OWN systems!
So, it's "do as we say and not as we do" is it?
Bunch of f**k**g hypocrites.
Oh and before anyone starts on about ad networks and the like, most site developers don't use them, but practically every site uses analytics of some form or another. Its no worse than supermarkets adjusting their floor plans because they watch how customers navigate the store.
It is an EU ruling yes, but it is not compulsorary for member states to make it law, and only two other countries other than us have chosen to do so (and even then they at least did a proper job of implementing it, instead of the half arsed, confusing and open to interpretation job done over here)
Because the outlaws in this case are smarter: like modern insurgents, they're concealed WITHIN the population rather than hiding out in the middle of nowhere. Who knows? The bandit may even disguised as one of the marshals. The marshals can't chase the criminals because there's no one to chase; they strike and then just vanish. How do you deal with a mole in your midst?
That is an interesting point. It certainly seems that the government believes that to be the case, but with what evidence I don't know.
The more stuff government comes up with along these lines, the more it seems to me that they genuinely think that there is going to come a time in the near future when the British populace decide that enough is enough, and start some serious direct action of some description. Who knows, they might be right - public spending cuts yet to bite, continuing crappy economy, and (the real kicker), a potential for power cuts due to inadequate spending on the electricity supply. Demonstrations (which will always be characterised as near-riots) may become a lot more common in the next ten years, and HMG will want to make sure that they can terrify people into accepting their lot by ensuring that there are lots of arrests. Monitoring everyone's comms is, therefore, a logical step from their point of view.
Note: I'm just putting the other side of the argument - I really don't agree with it.
...according to a Wired article, certain US black projects are supposedly actually anticipating such a trend and are working feverishly on exascale computing beyond as well as ridiculous amounts of data retention, for the purpose of decrypting communications that could be a threat to national security.
But more to the point, the big problem with personal privacy and criminal concealment is that they overlap significantly: they generally use the same technologies, so the only way to uncover the criminals is pretty much to kill privacy (the ol' "Nothing to fear, nothing to hide" argument). So it's a dilemma: you either allow unspeakable crimes to be committed or you live in a world where nothing can be hidden. Your choice.
true, but I doubt it could decrypt everything on the net in real time and therefore all you'd have to do is build a herd mentality, temporary encryption keys, etc, etc and the game would be back on again...
you have a good point though, I just doubt they could decrypt enough to know how to filter before all the keys might change and then you're back to square one.
I mean, if you're serious about creating an encryption arms race between privacy lovers and intrusive governments, I'm more than happy to sit back and watch that one...sounds interesting...
You allow the crimes.
Just as we don't track everyone's movements in case they steal things or murder people in the real-world, so we don't need to on the internet.
The crimes may be horrific, but the actual damage is relatively small. Compare 9/11 to car accident deaths, "normal" gun crime or the number of abortions (some people still think abortions are wrong).
Permanent surveillance alters the relationship between citizen and state. The state becomes overbearing and tries to own the citizen while the citizen becomes sneaky and devious. It's ugly.
An Austrian police person who was commenting on the recent passing of the Retained Data Directive this month in the happy mountain land said effectively (seriously - i can get the quote if you need it) "yes we said we were going to use it for terrorism, but now we will probably also use it for things like settling online forum arguments"
Encryption isn't the only fruit, in support of Sir Tim I'm sure he'd like:
★ looking into the use of obfuscated SSH (such that the handshaking signature of the start of a VPN isn't able to be easily DeePeeEyed )
★ Ad-hoc spread spectrum cognitive dark-networks, based on the six dollar software defined radio MC13260 chipset with integrated 32-bit ARM-9 (more fun than the Raspberry Pie) and
★ not-forgetting Random Web Traffic dilution generators - (surely anyone can write a Applescript/Wintel/*nix headline scraper and sandboxed URI random traffic generator)
"CCDP has been described by the Home Office as an essential way of tackling perceived threats from rapidly evolving encryption and other technologies which have increasingly made it difficult even for government agencies to intercept voice and text mobile communications."
So terrorists and pedos will just use encryption then won't they? Don't they realise when they make these statements that it makes the justification for the data retention even more redundant.
This post has been deleted by its author
It is desired for Everything.
This fap:
"such an interwebs snoop law would snare paedophiles and terrorists."
being fed to the Sun (of all news soiurces) isn't aimed at bright sparks is it?
We are not going to do this and rid the world of child molesters, then switch it off.
And it was never intended to catch "terrorists" with such tools to keep the world safe for democracy.
What politician ever gave a stuff for democracy?
It is designed to remove large numbers of thoughtless people from the claws of anything that might open their eyes to the way the world works.
To the way the world treats its passengers.
To the ineptitudes of our masters and their real natures.
And to be able to blackmail the rest of humanity that isn't already part of the machine in power.
It is about control of the masses. Nothing more.
It is no different to the politics of state any of the Good King Henrys would have been proud of. Complete with dungeons and torture chambers (off-shore -of course.)
If you need to snoop on phone calls you currently ask a Judge for a legal warrant to tap the calls of xyz because we think he's very naughty. Why can it not be the same with internet traffic - if you want to snoop on xyz's traffic ask a judge. Otherwise all we are doing is snooping on everyone until something goes wrong months or years down the line at which time we check the records to see what xyz was doing ... and in the thumb twiddling period we might as well scan the records records of xxx or yyy or whoever we want to 'just in case' they were sleeping with ppp which would make an excellent news story and be worth a few quid ...
How long will it be before we all have implants to record our gps coordinates and conversations 'just in case we interractted with xyz in an dodgy way'? "Oh, hello Mr xyz posing as a newspaper seller. Can you keep me a *wink* super hot, soaraway Sun tomorrow?"
I think Large Sibling is close ...
You can. All Broadband systems worldwide have one or another form of legal intercept. Most systems also allow intercept of all traffic going to/from specific external address "of interest" which is external to the ISP AS. Most systems allow detailed analysis of data from a specific user, picking up specific IP flows, recording them, etc. For full details - just get the datasheets of Arbor and Sandvine and read them.
The requirements for giving police access to that data are the same as for phone intercept - a court warrant.
One of the key questions Ms May is failing to address in her argument is:
1. How many times has the existing facility has been used.
2. How many such cases have lead to successful prosecution.
If the staff in charge of this activity is incapable of working with FULL data of a KNOWN suspect it is more likely that hell will freeze first before they get adequate results from a statistical analysis of HEADERS-ONLY data (not just work with the data, but apply math and data-mining to it).
In fact, this may be a good question to ask her in the house of commons when this will be debated.
2. How many such cases have lead to successful prosecution
Thats hard in England because intercepted data is not allowed to be *mentioned* in court
(old Thatcher-era 'euro court of human rights' criticism of uk which ended up with a uk gov bill taking everything covert and not mentioning it, ever, la. la. la, it doesn't happen!)
If interception was mentioned in court then the defence would ask for access to the actual BILLIONS of recordings and possibly find a random loophole for exoneration...
Rumour has it, OK, it was the Daily Mail that printed it - that a recent riot trigger incident was directly related to intercept data being used...
The Security Services probably are doing a lot of this, and I'm not that concerned about it. Without 'legitimising' the methods they are inevitably constrained to focusing their efforts on real threats, leaving the rest of us unmonitored.
Legitimise it and we're all monitored, and not just by the Security Services.
Quote: "Legitimise it and we're all monitored, and not just by the Security Services."
That is SO true, anyone remember the RIPA act that allows your local council to have powers to investigate local based terrorism? and how it's caught being used for minor endeavors like dog fouling? function creep at it's worst.
Anonymous Coward for obvious reasons :P
This government wet dream is driven by the NSA's datacenter being completed in Utah (I believe). However it is just another step in the evolution of government 'observation' of the masses.
We are already the most video surveilled nation in Europe (perhaps the world). If the government were able to tie two pieces of string together it could already aggregate enough online data about us to make even Stalin shiver. The logical next step is to attempt to intercept data in real-time - presumably so that we can move to legislation allowing more conviction for 'intent'.
Get comfortable with it because there's no-one in the country willing to do enough to stop it.
I agree with most of the arguments made here, and probably wouldn't like to see this Bill in law as it is now.
However. However…
We as a society seem to have spent billions on ad tracking technology, consumer tracking technology etc. Ads are so precisely targeted, they know where you are, where you've been, and what you bought last week.
The police and intelligence services don't have that information or tools, and probably should, in certain scenarios.
I don't want the police to be able to monitor cell phone locations, but if there is a murder, they should be able to get a list of all phones within 200 metres of the incident at the time of the incident. It shouldn't require court orders, it should be available quickly, the police should use it to aid their inquiries and dump it afterwards.
Similarly, if the SIS are monitoring a potential terrorist, an action that requires many court orders already, they should be able to see who they are communicating with. Are they opening a VPN to Karachi and shovelling all their traffic through that? Again, they should be able to see it. Who else is talking to that IP range in Karachi? Bosh, terror cell identified.
What should not happen is PC RacistTwat looking up what web sites I look at for a laugh.
I suggest that if this information is collected, it is only queried by one independent agency. All queries go through them, and must have valid reasons. If a user's details are examined, they must be informed, unless it is a case of national security. People working for the agency would have criminal liability for leaks; the privacy of the data should be sacrosanct, you should be doing bird if you betray the public trust.
It is our data, we are merely allowing the government to use it for the purpose of crime prevention or detection.
Totally agree. My former career was intel & spying on people, totally happy with GCHQ, MI5/6 having access to anything they want... but not the police, government or anyone else.
I trust their controls (await flames) and how strict they are with the data access being highly compartmentalised, but absolutely no trust in police intel or government/agencies.
I think your analysis is correct that ad-targetting agencies have the info that security services would like - however I would level the field the other way, by taking this information AWAY from advertisers - not giving it to security services.
If the SS need it, or need to monitor, then they should get a warrant/court order.
In those certain scenarios, appropriate officials already can and do ask and get permission to monitor certain people. This doesn't require a change in the law. It is already legal and it is already happening.
The proposed change is that monitoring should not be restricted to "certain scenarios" but should allow monitoring even without the slightest suspicion that a person has or even might have committed an offence.
No change in the law is needed, except possibly to tighten up the rules and ensure that permission to monitor is only granted when a judge has examined the evidence for suspicion and agreed that there is a strong probability of guilt.
The problem is that it is very hard to ask an ISP for a list of the IPs that a user has connected to over the past month if the ISP is not already collecting that data. Hence the bill.
You can do it currently only going forward, eg once you've identified a terror suspect, you only know who he has been communicating with after the fact.
If, after an explosion, you are trying to work out who was in contact with whom before the explosion, and you only have details from after the explosion, then you can see it's a bit tricky.
While that might well be true, in the past the reason that retrospective comms data was available was because the CSP stored it for billing purposes.
Storing your URI clickstream and other information, where it is clearly not required for billing purposes, is a major change in the status quo. While LEAs would like to have this information, it is so invasive that I don't believe they should be allowed to require its retention. With it you can find out the minutiae of a person's life, interests, movements and discussions in a way that could never have been done before. If that is what you want, then you should have a judge authorise it on every occasion it is required and explain why.
Once this information is available, it will leak, and we'll find all kinds of official noses poking into our personal business where there is no justification other than prurience and the desire to wield power.
Quote: "The problem is that it is very hard to ask an ISP for a list of the IPs that a user has connected to over the past month if the ISP is not already collecting that data. Hence the bill."
There is a dubious EU directive which already requires that. No matter how dubious it is, it still does _NOT_ include realtime access and does _NOT_ include any allowances for fishing expeditions and data mining without a cause.
The proposals go way further and way beyond the directive requirements.
"to blackmail people in the government or people in the military"
Now rewrite the proposal so that that is impossible.
As far as I know the "party" in the USSR used to have some exclusive lanes on the roads in the "good old days".
Perhaps the government thinks It has something similar on the internet, to day.
I'm shore glad we don't have no such thang here in the good ol' YOO-WESS of AYYE. Why, I 'member my dear ol' pal Bennie Franklin sayin somethin bout "liberty and sukerrity and deservin nuther". Why, we'd have our govmint all shot up and replaced fore dinnertime if they were tuh try to pull somethin lak thayat over us! Gosh, ain't the intunet good!
Who cares it it is 128, 256, or more encryption the fact it that the KGB/NKVD/Gestapo would have wreaked even more havoc and atrocities had they had this level of information into people's lives.
Plus, as has been seen with RIPA etc, any new powers WILL WITHOUT DOUBT, be abused by the authorities despite what central goverment says ( and they are probobaly the biggest culprits). I would rather put up with the terrorist threat than give the so called "civil servants" the power to monitor me in such detail.
Most of the Gestapo were not torturers, but bureaucrats. So it is not a specific agency, historical or otherwise, that would have cried more havoc. Any bureaucratic organisation that has lax accountability provisions is ripe for this type of behaviour. Town councils, we are looking at you.
That this foul deed shall smell above the earth
With carrion men, groaning for burial.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
