Home Office spawns new unit to expand internet surveillance The Home Office has created a new unit to oversee a massive increase in surveillance of the internet, The Register has learned, quashing suggestions the plans are on hold until after the election. The new Communications Capabilities Directorate (CCD) has been created as a structure to implement the £2bn Interception …
We must keep our nose to the grindstone, an eye on the ball, our shoulder to the wheel, knuckle down, tighten our belts, put our best foot forward and pull our socks up, while keeping a straight face and a stiff upper lip.
<-- And keep badgering away without a pause as well.
Tor could only work like this if it reorganised networking based on enough people having a well connected Tor router and all Tor routing being done based on trusted relationships, as opposed to based on network geography. Realistically this isn't going to happen, as it would slow everything by factors of 10 or 100 even if you could persuade more than half the population to operate in this manner. Those getting into Tor now have to connect to other Tor partners based on limited availability and not trust, so this early prototype network is insecure.
Better for those who care about the issue enough to invest in virtual servers in countries whose laws they trust and to use VPNs to secure their own internet traffic, using offshore virtual servers as apparant traffic origins in respect of all their Net use with everything else tunnelled over the VPN. Then your trust is in the virtual server provider and the integrity of the VPN you select.
...... into degradation of command control and power*
"The Directorate will continue to consider the challenges posed by new technologies, working closely with communications service providers and others to bring forward proposals that command public confidence and demonstrate an appropriate balance between privacy and security."
And that is always a subjective judgment call by some human working for ..........?????? himself/herself? And if employed, then who would be paying them is a good place to start to find out who would be expecting stellar performance in agreement with their own policies and future plans.
* The slippery slope into the pit of Righteous Revolution and Aristocratic Anarchy .... Automatic Anarchy/Autocratic Anarchy ...... a Mad Bad Place anyway, with the System always the Loser.
All this matter is another case of sink billions on taxpayer money on projects that don't finish or would provide near null results.
But hey we are leaded by intelligent people that are always right!
And if you all noticed, Mr BeenLad communications to the media are always via email (oops tape recorder) ... so good luck UK - democracy in ruins of so many excuses of gathering inteligence.
Apart from that... is probably the right time to consider using non-standard encryption on emails... just to keep them happy solving the puzzle and justify the money wasted.
All of my email is done encrypted via a VPS, granted it's in the UK now, so can be intercepted between servers.
Are hosting providers required to monitor connections?
What's to stop me moving my VPS outside of the UK and enabling OpenVPN?
As usual, those that need to will work around the monitoring and Joe Public loses more privacy.
...because like many other MTAs Exim does opportunistic encryption so anything that can be intercepted would require the recovery of the ephemeral session key to decrypt it. IOW, the person who runs the system *cannot* provide the clear text.
What a shame! :)
Even with deep packet inspection, it is impossible to crack most current crypto in real time, or even much delayed time, and the more encryption there is the more likely they will have to focus on those that they know are really doing bad things, instead of passively snooping on everyone.
I use TextMagic.com for sending and receiving texts from my computer. The other day, an error on their site exposed that they were using 'clixby' on their site. This, clixby, records everything you do on their site, something like a superkeylogger.
I wrote to object to this invasion of privacy, and questioned the safety and security. I also asked their reason for doing it. Bear in mind I wouldn't have known about it if it hadn't been accidentally exposed.
Their rather (very) unsatisfactory response was a) I had agreed in the terms and conditions and b) it was to improve their service. How in hell do they need such aggressive and pervasive 'spyware' to improve their service.
If the terms and conditions has included specific reference to clixby and detailed the extent of the information collected (everything), rather than the usual weasel words, I would not have agreed.
Go here to see how 'clixby' works and, perhaps, be surprised. www.clixby.com
Just goes to show what we are signing away when we agree to the weasel words of the terms and conditions.
... is already required from my understanding of their aims.
Accurate IP address allocation records- We already know from attempts to track down P2P file sharers that ISPs have not got the most accurate IP allocation records on the planet. And even if they are accurate, it also assumes that all the associated data is accurate. Otherwise you end up associating the wrong IP to the wrong household, and all your intelligence is garbage.
And this is a specific dirty data issue. Data collected on this scale will be very, very difficult to verify and keep clean. More opportunities for garbage. And don't get me started on the invasion of privacy stuff.
"...to save lives, to counter terrorism, to detect crime and prosecute offenders, and to protect the public."
Of course, of course. I'm genuinely surprised there wasn't a sly mention of the need to 'think of the children' inserted there, but I guess we've had that particular mantra drummed into us so thoroughly (and relentlessly) it's become a bit of redundant gesture these days.
Well, I've said before the UK Government - in fact, every government, everywhere - will never stop trying to gain control of the interweb. The web is the enemy of controlling government: it is a conduit to free speech, individual expression and legitimate dissent and it absolutely must be pinned down and subject to massive surveillance by police and 'security forces' the world over, for all the reasons outlined above. Honest.
You want the paedomonsters and the terrorists to win?
No? Then shut the f*ck up and allow us to monitor your internet activity.
"More recently, we have been considering how, in a changing communications environment, lawful acquisition of communications data and interception of communications can continue to save lives, to counter terrorism, to detect crime and prosecute offenders, and to protect the public."
I like the last three purposes of the ubiquitous snooping. It has always been just the terrorists that should be worried. Now this has broadened to just crime in general. I wonder when it will be used to enforce traffic violations and spitting your gum out onto the pavement.
We need a new system of governance, this one is broken.
Here's Bruce Almighty's take on the surveillance scene ..... http://www.cnn.com/2010/OPINION/01/23/schneier.google.hacking/index.html
And are the spooks bright enough to know that they can be easily groomed and baited to perform in a predictable way, with juicy dodgy information being fed to them virtually to whet their salacious appetites, whilst they in their turn may be trying to wait long enough to spring another trumped up charge, without it being obviously quickly revealed and thrown out of court as an entrapment.
Some folk would even be making it very easy for spooky hunter gatherers to recruit prime leading experts in the Fields of Concern and Unusual Interest , very quietly, and pay them obscene wads of dosh for what they are capable of doing for them, if they are of the sexually liberated hedonistic party mindset, or to them, if they are of the closet manic depressive, masochistic flagellant disposition. The trip chosen is only the clients and not the experts, for they are happy to provide whatever is required.
To counter the email surveillance, send hand-written letters in envelopes, sealed with first-class stamps on so they get there in a week or so.
Oh, I see the flaw: GCHQ will get us to register all letters sent with an address from and an address to, and transcribe the contents in a standard way with a non-smiling photograph, and pass the letters through Your Local Police Station where they may be checked for special keywords and stamped with an official stamp.
But I'm doing nothing wrong so I have nothing to fear...
Oh yeah, snail mail is a massive analogue hole.
It's worth asking the government about how they're going to deal with that massive hole:-
1. Write a letter. On paper. With a pen.
2. Fold it up, and stick it into a folded piece of card.
3. Put the letter, inside the card, into an envelope.
4. Seal the envelope.
5. Write the destination address on the front, and affix a stamp.
6. Post it.
(The card is to block light, so that attempts to read the contents by shining a light through it won't work.)
How will the government answer? How could they possibly answer?
If they're going to introduce changes to postal requirements, then that itself proves they're not simply maintaining capability (which is an oft repeated lie of theirs).
If they're not going to introduce changes to postal requirements, then obviously it's a massive, exploitable hole. But if, with the internet, they're only maintaining capability, how could old snail mail be a massive analogue hole in comparison? Again, it demonstrates that they're not maintaining capability.
And if they are intending to change the rules about snail mail, there's the question: why didn't they need to have such rules back in the Cold War, when we faced the far bigger threat of nuclear annihilation?
Nothing stopping you mail USB sticks either.
You could send tens of GB worth of encrypted data, possibly in a hidden encrypted volume, with some innocuous holiday snaps in the outer volume.
You wouldn't even need to encrypt the data if you put it on a microSD card and hid it inside the case of a larger device, such as an alarm clock. Why would anyone bother looking inside that, except the person receiving the alarm clock with the message "welcome back from your time on the inside" or something like that.
The problem with TOR is that it's inherently insecure. By design. You do not know who is relaying your traffic, and the exit node might or might not be run by baddies (or spooks), who would therefore have access to your unencrypted data. That's OK as long as they do not know where the traffic originated. Which rules out any traffic requiring identification without end-to-end encryption (i.e. they can spy on your FaceBook habits).
On the other hand, real terr'rist wanting to share nefarious plots can post encrypted messages on Usenet so they won't be bothered. The whole system's aim is to fabricate "guilty by association" evidence, not to catch the real bad guys. This is dangerous, as we can _ALL_ be linked to terrorists _and_ paedo circles by association, with a much lower number of associations than most of the people would think (I would guess 3 to 4 degrees max for the most e-recluse, probably first degree for the most avid bloggers; but it just came out of my headwear).
Facepalm games are great for expanding social circles. Especially those that encourage you to have 501 'friends' and have add-me lists to make it easier to fill your news feeds with crap. Can't wait for a phone call asking for me to explain my relationship with fluffybunnywabbitt423 and what pixel crack is. It is not an illegal substance but perhaps should be.
Last time anyone died from terror on the UK mainland was back in 2005, the London Tube attack. Even then, only 56 people died (tragically).
In the following five years around 500,000 have died from smoking related causes. Half a million people.
Around 17,500 have died on the roads.
Perhaps 20,000 have died in domestic accidents.
So here, take my cheque for £100. What are you going to spend it on if you want to save life?
What are you going to do with a cheque for £2bn if you want to ensure people don't die unnecessarily?
This plan is naked fascism. It has got nothing to do with preserving life.
What if your using a SSL web based email service. I must admit i don't know a great deal about DPI can it pull email addresses etc from a SSL session? Im guessing not or surely this would make SSL mute as hackers would just buy DPI equipment to sniff for credit card data etc
Sounds like its a good time to invest in some off shore VPN companies as im sure their profits are going to start shooting up soon.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
