Wraps come off UK super-snooper draft plans Legislation relating to communications data will be yanked out of the existing Regulation of Investigatory Powers Act (RIPA) and brought under a new regulatory framework if the Home Office's plans to step up the monitoring of internet traffic passes through Parliament. Home Secretary Theresa May unveiled her proposals for the …
So after saying they were against this kind of thing when in opposition, there is no surprise that the current set of elected officials are all for it now they're the ones in power, even though a number of people will have voted for them simply because of their previous stance...
Ah well. Was to be expected...
How long before someone points out that this will be totally ineffective against the kind of things they're trying to legislate for, as all those naughty chaps already use secure VPNs and TOR?
Guessing the ISPs are rubbing their hands in glee at the thought of all this money coming their way. But if those naughty chaps only ever connect to vpnprovider.com or tor.org there'll be claims that this law has worked as no-one connects to dodgywebsite.ru anymore...
To come up with "Aaarrgh, terrorists" and "Will nobody think of the children". Disgusting!!
The police are NOT fighting crime with a hand tied behind their backs. They are free to get all the information they want IF THEY HAVE A WARRANT FOR IT. No reasonable suspicion = no warrant. I don't believe a word of 'limited access'. Once plod and gov agencies have full access to the raw data, how long is it before checking on a single suspects communications evolves into data-mining software constantly trawling through the whole data warehouse?
"So after saying they were against this kind of thing when in opposition, there is no surprise that the current set of elected officials are all for it now they're the ones in power"
Never seen and episode of Yes, Primeminister? The civil service and the security agencies are the ones pushing for this shite, the MPs are usually on the boards of security, hardware and ISP firms so they go along with it so they can cream off the profit from screwing over the common Joe in the street!
"This just turned up: http://www.opendns.com/technology/dnscrypt/"
Since the IP address is enough and all the DNS lookup does is turn a string into an IP address and going from IP address to web site is easy. I'd be surprised if the information recorded didn't contain the IP address since that's all the information that's sent when accessing a web-site (you don't send the web-sites name to the web-site you're accessing, you send it a DNS server). So, web-sites with constantly changing IP addresses would defeat this as it would be really hard to go back in time to see what was at a given IP address.
>£1.8bn over the course of 10 years.
My head hurts trying to think of how to calculate this but I would guess the cost of the disks for storing all the information required for 12 months, indexed and searchable would eat that figure up easily. Got to be disk as the information has to be available immedaitely so no waiting for a restore from tape allowed. Then there are the cabinets, power supplies, space all to be paid for by you and me. And that space that BT pays x pounds per square metre for will cost UK Gov PLC (aka you and me) 5x pounds psqm.
I don't have time to read the doct in full, but what counts as an ISP in this regard?
For instance would a company, running it's own email services, be required to keep these records and/or pass the info to the govt? What about someone running their own mail server as an individual?
Although there are obviously privacy concerns in this, I am personally worried that it will end up forcing people, like me, who run their own internet services to keep such records, which would obviously be quite a large task to such individuals.
just a guess, but I suspect they will deliberately leave the definition of ISP as vague as possible. But you raise a very valid point. How about people (like me) who have been known to run their own email servers ? I had cause to do this for a few months to help out an old employer.
I would imagine that anyone with anything to hide is already running their own servers anyway. Of course *where* those servers are could be problem. Because if I had anything to hide, I wouldn't be stupid enough to keep my server in the UK. That said, I might keep *a* server in the UK. As part of my project on looking for ET, I regularly fill up 1TB drives with recordings of the background noise of the universe. It looks suspiciously like it's encrypted too. ...
Last time I managed to get anything like an answer from the government, my micro-company, which handles email for a few dozen individuals and businesses, would not be classed as an ISP.
I don't know what proportion of internet email goes via small businesses like mine, versus the large ISPs.
Another pointless, unenforceable attempt to control the internet (along with that wonderful cookie law that most sites are ignoring, and the sites who've done something are just annoying their visitors!). Logic is proven, again, to be the polar opposite of politics.
Sorry standard VPN=FAIL.
when you start up your encrypted VPN tunnel the start-up credentials can be very carefully analysed and your session MITM DPI'ed.
You need an obfuscated VPN client such as the CIA's NetEraser/netCloaker/Gabriel family of communications Apps. NetEraser is a specialized program developed for In-Q-Tel/VirnetX (Central Intelligence Agency) by SAIC around the turn of the millenium.
there is hope to build a real working obfuscated VPN system like the pro's use, the NetEraser system is based on work by Professor Henning Schulzrinne of Columbia University in the 90's. He studied the SIP and RtTP protocols.
nearly all the other available internet censorship bypass tools are subverted by weaknesses, backdoors, bugdoors and simple bifurcation of cloned traffic. When the NSA does a job, they do a *great* job! Did I mention that NSA whistleblowers alleged that they just 'bought' telecom engineers in order to facilitate worldwide total information access....
There are more than one type of VPN, and I suspect your talking about PPTP (which is pretty crap in terms of real privacy) instead of OpenSSH to a site with a (double checked) certificate that you get warned if it magically changes (and where your DNS queries also go via the VPN...).
But really, they are not that interested in *you* to make the effort in most case to DPI it and break weak encryption. To bugger this up and waste the £1.8b they plan on pissing away you just need a lot of VPN users and 'trackmetnot' obscuring of the data to make the job of trawling impractically expensive.
And while most VPN providers will respond to a competent law request in their own country, again that is enough to restore sense by making the gov actually go through proper legal channels to spy on you, a process that is time & cost wasting unless they have very good reason to do so.
Which is the bit this whole thing lacks.
No it's not a fail.
We are talking about routine storage of communications data by ISPs here not what the security services can do if they really care. I am a Virgin customer. Virgin is not about to start doing man in the middle attacks on my VPN connection and if this stupid law is enacted, I shall indeed be passing all my traffic through a VPN and I shall be safe from snoopers as a result.
If MI6 decides that it's interested in me, they will break into my house and put a key logger/screen logger on my computer or network. There is nothing I can realistically do about that but I don't think MI6 cares about me.
I also think that the idiots in power (the polyshitions and the uncivil servants controlled by the lobbyist making money) are in for a big surprise in the amount of VPN traffic that will be transmitted over the coming years.
Not those who just want their personal privacy, but the vast number of average workers who will more and more be "working from home" and telecommuting. As with all these things the noise will totally smother any useful data, and the avoidance is simple for the real criminals.
Just about anywhere in the world you can buy pre-paid phones, no Id needed. They are cheap disposable and effectively untraceable and just about every villain will have easy access to these.
The fact that HMG cannot even stop these people getting phones, drugs and prostitutes while they are IN PRISON, proves just how incompetent the security forces truly are.
AC: Don't make it too easy for them :^)
"It is a vital tool for the police to catch criminals and to protect children."
...the children would come into it. Would love to see the stats of how many children were unprotected before the legislation and how many extra are protected when it comes into force. Probably many are unprotected and then most will be protected, which will prove the legislation's effectiveness in the face of the ever increasing paedophile onslaught.
Considering the expected increase in data requests, the ISPs would be better off creating a standard API and publishing this, available on request if you can prove that you are a 'public authorities' sort of person. Would save all the hassle of having to hack in and post the data.
I see in that one reason for accessing the collected data is :
"for the purpose of assessing or collecting any tax, duty, levy or other imposition, contribution or charge payable to a government department,"
This is in a long list after terrorism, detecting crime and in the interests of public safety.
Really? You can check my last year of web access because I haven't paid my council tax?
This post has been deleted by its author
This post has been deleted by its author
Unfortunately, if you read it you'll find that the arstechnica article you link states that the Tor Project are more than happy to help unmask people at the behest of "law enforcement agencies", so you best hope you have a better fallback than Tor when your dissent gets labelled "terrorism".
This post has been deleted by its author
This post has been deleted by its author
ToR is nice, just sometimes, the ToR network will - surprise - share all your data with the bad guys (insert your own definition of bad guy here)
ToR has a history of 'bugdoors' unique identifying features like a header that says I"M USING TOR - LOOK AT ME
check the ToR bug list discussion forums and see how successful the repressive nation of IRAN has been at finding ToR using activists, hidden amongst their internet gaming population.
if you use ToR nested inside some custom obfuscated RtTP steganographic tunnel, as I'm sure the *other bad boys do* then you might have freedom of censorship. until then, you will self censor, under fear of implied threat, whilst society will spiral down to the depths of Hogarth's Gin Lane.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2023
