Obligatory Topical Reference
It's like they watched Spectre and thought "hey that's a pretty good idea!"
Police have demanded to be given access to the whole of the public's web-browsing history as part of the forthcoming Investigatory Powers Bill, due to be published in draft form next week. The government has been lobbied by senior police officers to include in its new surveillance legislation a requirement for service …
Problem is art 8 is badly written almost on the level of the second amendment in the US constitution - it's wildly open to interpretation depending on who you're asking and which way the wind is blowing so we're not likely to get any protection from the ECHR.
My browsing history they can swivel for because it'll all be going via some third party country, thinking the Netherlands; or possibly France. Now we got this all sorted and cleared up so you know I have no personal interest because this won't affect me: it's the rest of the country and the general state of democracy I have concerns for if this goes live.
It is obviously a massive attack on all people everywhere and one of the most egregious attempts at inserting state security into people's lives since the end of the Stasi and people should say so. This stuff is unprecedented (and I'm not using the word lightly, it's never happened through revolution, civil wars, world wars or continual attacks from actual terrorists at any point that the state has been so scared of perfectly ordinary normal law abiding citizens that the state has felt the need to insert itself so directly and comprehensively into the private lives of normal people) in the history of the United Kingdom. In fact it's not really happened anywhere - I'd probably list the Norks on a list of equivalent current power and not really anybody else; even the Chinese don't play this game.
I can't see any of the things being discussed making it through parliament but if they do holy hell we're really screwed.
Problem is art 8 is badly written almost on the level of the second amendment in the US constitution - it's wildly open to interpretation depending on who you're asking
Not true. The 2nd Amendment is very clear and the U.S. Supreme Court has repeatedly upheld it. All U.S. citizens have the right to own firearms and that right cannot be taken away without due process (convicted of a felony, etc). It is based on the basic premise that We The People are more powerful than The Government and if that government becomes oppressive, the people can revolt (see the opening sentences of the Declaration of Independence).
I mean it's probably splices in fibre so all you're really doing is loosing photons - that's why it works so well. If it actually cost performance you think anybody would allow it on their networks without at least making a lot of noise? If this is the biggest of our worries we're good to go (it isn't and we're not).
This post has been deleted by its author
"Richard Berry, spokesperson for the National Police Chiefs' Council on data communications issues, claimed that law enforcement was "not looking for anything beyond what they were traditionally able to access via telephone records.""
Lie. Telephone records showed who called whom and when. Internet records show when I'm at home, what music I listen to, what my hobbies and interests are, the food I eat, the business I shop with, and many other things besides.
Richard Berry is a liar. If I am wrong, he can sue me for libel.
Only the smart criminals though, a lot of people still don't know that if you pull your SIM card from your mobile and put in a new SIM, that they still have your phones IMEI number and can continue to track it.
I bet that a lot of non technical people still believe that it takes one minute to track a telephone number, like shown on TV, just hang up the phone quickly and it can't be traced, yeah right.
For casual hiding of you browsing history, from the government, I can recommend https://www.torproject.org/
"Five years ago, [a suspect] could have physically walked into a bank and carried out a transaction. We could have put a surveillance team on that but now, most of it is done online. We just want to know about the visit."
Turns out the correct analogy for what you are asking for is "we want to put a surveillance team outside everyone's houses, forever..."
But I guess that wouldn't sound as "nice" as pretending it's about somehow stopping "online bank robbers"
Indeed if they're a suspect you can get a judge to give you a warrant and then bug his computer.
And if you're talking about things that happened in the past you face the same issue of having to do actual work to solve the crime.
Take basic details from cctv of people in masks and boiler suits with shot guns
Find car with false plates
Go to scrappy that car was scrapped, run the vin numbers on the car that was actually used.
Etc
In a web attack, investigate the method and software of the attack, collect the ip addresses, trace back to multiple dead ends, check for people who suddenly have money in their bank accounts
check against known actors
Etc...
It's called work.
"Turns out the correct analogy for what you are asking for is "we want to put a surveillance team outside everyone's houses, forever...""
Turns out the correct analogy for what you are asking for is "we want to put a surveillance team inside everyone's houses, forever..."
There you go!
So five years ago, they had a copper in every bank writing down details about everyone who visited and what they did?
No they didn't. First they identified the suspect then they followed him to the bank if necessary. If they wanted their previous transactions, they asked the bank.
They're trying to justify mass surveillance. But don't call it the Snooper's Charter, someone might get offended.
> Turns out the correct analogy for what you are asking for is "we want to put a surveillance team outside everyone's houses, forever..."
Not just outside their house, but to then tail them and record everywhere they go and everyone they communicate with. Not only that but everyone they meet must hold up a sign about what the meeting was for.
The correct analogy is an attack on the snail mail system - what they want is to be able to open every letter, log where it's coming from, where it's going and the key points brought up in the letter if not the full content.
They can't do this, they don't do this and if they tried people would rightly go apeshit. This is why I use the Stasi analogy because it was something they were famous for, albeit they didn't have the capability to do it for every single person in the "republic".
There's no capability gap created by the internet, they're looking for entirely new capability - and this is where it gets silly - it's a capability that's mitigated by crypto. Therefore we're wasting a lot of time (and money) creating access to holes that are doomed to be closed in fairly short order.
Actually the convention on human rights that the human rights act enshrines contains very broadly worded exceptions for this exact eventuality.
Article 8 contains the following:
(2) There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.
These exceptions are later stated to apply to article 7, which covers communications. Under these articles the police and security services simply need to argue that they are acting in the interests of national security or to prevent crime. They're even couching their arguments in terms freidnly to the provisions of the ECHR.
The tories may have their own reasons for repealing the human rights act and I can't speak to them, but regardless of their stance, the act needs to be repealed and re-written to remove these exceptions, as they render the entire thing an exercise in futility.
...not sure I agree. The European Court of Justice was pretty firmly against "mass and indiscriminate" surveillance (Digital Rights Ireland) and the English Courts have followed suit.
You can monitor people for national security purposes so long as it is reasonably and proportionate. However, tracking the whole UK population's porn/medical/political etc. internet viewing habits is so far off the "reasonable and proportionate" scale its not funny.
"You can monitor people for national security purposes so long as it is reasonably and proportionate. However, tracking the whole UK population's porn/medical/political etc. internet viewing habits is so far off the "reasonable and proportionate" scale its not funny."
The "defense" of course, is that the ISPs will hold this data and the Police will still need a warrent to access the records of a specific person or IP address. But now that the ISPs have to collect and store all this data, how long before it gets monetised? And "leaked".
Of course, I'm one of those people bosses label as a "troublemaker" because I like to look at the downsides of plans so potential problems can be mitigated and prepared for. That seems a much more sound principle than "meeting new challenges" when they jump up and bite you.
@JohnBrownsBody
*Bzzzzzt* incorrect assumption.
The legal intercept is done remotely in a box connected by prisms (optical fibre taps) in the main transit links as mentioned above hence I upvoted it for being correct in technical detail, this box is NOT owned by the carrier, its owned by the gov and is entirely outside the knowledge of the people operating the network apart from the "it has to be there and fed power and this special fibre connection" facet.
If you take foriegn networks, they do have systems that backdoor the devices for law enforcement purposes rather than having additional equipment but that's not the way blighty implements big brother.
For the record, I consider the prisms + dedicated box a more secure way to do it. If we absolutely must have big brother monitoring its the way to go. I personally believe we do NOT need this, but its already here and live in the network.
In the US we required these requests to go to a court also. However, what the surveillance service (NSA) did was request a wiretap on "Verizon", and made it essentially open-ended, to which the court agreed, saying that simply named a telecommunications company you want to tap is specific enough. They then automated the process of siphoning off records from the telco, arguing that it wasn't actually "collected" until someone typed something into a search box (meanwhile conducting neighbor analysis on the data in an unattended fashion). So when you say "warrant", and "specific person or IP address", you shouldn't be surprised when the person is "Mr. British Telecom" and the IP address is actually a set of subnet masks that cover the entire country.
This post has been deleted by its author
"(imagine if TalkTalk also kept and lost its customers' browsing records)."#
They probably have. Although there's always the possibility the system collecting them didn't work.
Talk Talk customer services (paraphrased, from a call earlier this week): This is not something customers need to worry about, the details are nothing more than you would include on a cheque. No, I won't give you my own personal bank account information, that's confidential, you could do anything with it.
The government sees no need for supervision of police access to this data, it will be abused. So it's more than likely we'll see a repeat of the corrupt coppers who were happy to feed celebrity and crime stories to the News of the Screws finding other publications willing to pay for Internet histories of the unfortunate/rich/powerful/stupid.
...then please log it properly *including* the exact bits I've visited (not just the site) and the referrers too
.
Why? Because if I click on some link somewhere, which goes via say bit.ly or other obfuscators (sorry, shorteners), I cannot possibly know in advance where I'll end up. I might end up on ISIS's website, but all the snoopers (selectively want to) see is... twitter -> ISIS. If there are complete logs, there's at least a remote chance that accused people might be able to explain how they got there.
The best solution is of course to not log anything. But this seems unlikely to happen with our governing elite. In the meantime I'll continue mitigating the issue via VPN/proxy for everything that goes out.
Yes, that double-layered fashionable tinfoil hat over there is mine. You'll soon want one of those too!
Anonymous, because why not. Not that it matters on a http-only site.
lol ...
nor would it matter on a SSL site these days
and that vpn / proxy won't help either
If the request for this information is issued to your ISP your vpn / proxied / ssl connection still has to go point to point across the ISP's network at any which point they could easily log, decrypt, manipulate, or whatever they want that request.
Unfortunately there pretty much isn't a way to be anon online any more ... there's always a trail somewhere that will lead back to you.
"nor would it matter on a SSL site these days
and that vpn / proxy won't help either"
True, but it makes it much harder to get to the content. Plus it bypasses BT's (or any other ISP's) nanny filters entirely (if DNS goes through that tunnel too).
All they see is SSL encrypted traffic.
Of course we can't stay anonymous, if "they" are out to get us. Whatever we do is a work-around at best, not a solution. A solution would be to beat some sense into May, Call me Dave and all those zombies who have no clue about IT or the internet and therefore bend over when the agencies and police ask for greater snooping powers.
It really depends on how far you go with the layers of deception. I've been doing it so long that I get nervous not using it all which does happen from time to time. The last time a site denied me access, it was cia.gov. I just checked, again, and all my ISP sees is the numerical internet address for the proxy, not even DNS. Oh, and the connect and drop time. Everything else is a fabrication.
Really, aside from a bit of nose tweaking, I do all this to segment my traffic from those around me. They certainly know who I am, where I live, and most definitely what I'm capable of accomplishing. Definitely that last and all my medical/psychiatric records. Everyone, I kid you not, has access to those. It is a bit of fun doing my best to crack my own streams even with perfect knowledge of means and methods. You should always assume that when looking at systems security.
The use of bt.ly etc and the fact that you have no idea where the link is going to take you is one reason why I never click on them.
Who knows, it might be a sting operation and those fine upstanding people at GCHQ might have tricked you into accessing some [redacted] porn site. The boys in blue standing outside your front door will make a quick entry and that's the last we'll see of you for a long-long time.
Going to be worse than that I'm afraid.
Heard of virtual hosting?
It's that thing where 100's of websites share the same IP address, and you get redirected to the correct one based on the hostname you provided to get there (independently of the DNS lookup involved).
This system is the reason for the problems with indiscriminate take downs orders for things like "illegal world cup streams" also affecting 100's of other sites when implemented via IP filtering based on court orders.
So when you visit your knitting hobby site , you are using the same IP used by the "Jihadi terrorist deathsquad" site hosted on the same webhost.
And plod will just get the IP (especially if you use a third party DNS server independent of your ISP).
Welcome to the overly large dragnet!