back to article British politicians sign off on surveillance law, now it's over to the Queen

The UK's Investigatory Powers Bill has completed its passage through parliament and now only awaits Her Majesty's stamp of approval before becoming law. Also known as the Snoopers' Charter, the legislation has been criticised as being among the most onerous in the world upon the civilian population, and will require British …

Page:

    1. JohnMurray

      Re: Sense of proportion

      Really..the government could not give a shit about terrorists...they have more to fear from losing elections, or the people eventually finding-out that they have been selling them down the road from year one. The scandal of the expensesgate, where people found out that they were paying for floating birdhouses on ponds, lawn drainage installation and flats for mistresses has now faded, and that information is now no longer available. Now it's payback time....peoples memories are short.

      Once upon a time we had care.data.....well, we still have it, it's just gone underground for now. And all your identifiable hospital data has already been sold anyway....

      This is not about protecting people, keeping your children secure (capita has your childrens data....secure? !!) or protecting you from bombs on the underground....

      1. Warm Braw Silver badge

        Re: Sense of proportion

        It's not just the government. Despite being really jolly cross about the IPB, peers just waved it through in the end too. Not because they had to - they could have made all sorts of trouble by using the processes of parliament to obstruct the bill indefinitely - but because it would be bad form.

        After the last few months, you do have to wonder what the point of democracy is.

    2. Anonymous Coward
      Anonymous Coward

      Re: Sense of proportion

      @ Primus Secundus Tertius

      I believe you're wrong there. A Chinese slurp is better for several reasons:

      1) If you exercise reasonable precautions (and don't use your Android phone for banking or business secrets) there's not a lot the Chinese can do to you. Unless you give them the means to get at your money or company secrets (and if you're doing that on an operating system written by a marketing company you really have nobody but yourself to blame) you're out of their jurisdiction and they are not interested in you. Plus, for the price of their slurping, they have to pay a translator to be bored shitless; which isn't justice, exactly, but is nonetheless somehow vaguely pleasing.

      2) The data bill covers every machine; not just one already shonky OS.

      3) It's done by our own side by people who have powers to make your life crap for no reason at all.

      4) It *will* be abused

  1. AlbertH
    Childcatcher

    As Usual - it's unworkable

    As with everything the UK government tries to do with computers, it will be an unmitigated disaster.

    They have no idea of the sheer volume of data they'll be trying to harvest. The clueless overpaid software shysters will sell them all sorts of worthless "analysis" software to comb through the vast amounts of data they'll collect, and after they raid a few schools for children connecting to inappropriate websites, they'll quietly drop the nonsense after squandering squillions of quid of our money.....

    1. Anonymous Coward
      Anonymous Coward

      Re: As Usual - it's unworkable

      An unmitigated disaster most certainly, but one that will probably leave a good deal of collateral damage in its wake before its quietly canned.

    2. JohnMurray

      Re: As Usual - it's unworkable

      I think you'll find that benefit disasters apart, various government agencies (GCHQ) are really quite good at handling vast amounts of data...and GCHQ USA (NSA) are better...and neither could really give a shit who is in power..

      1. Cameron Colley

        Re: As Usual - it's unworkable

        It will work just fine. Whomever paid the government to put this into law will get to sell more data solutions. That's the point of this law.

  2. Haku
    Big Brother

    Tuttle. Buttle.

    Need I say more?

  3. Winkypop Silver badge
    Big Brother

    Eat the rich

    If you want to keep a secret, you must also hide it from yourself.

    George Orwell

    1. Forget It
      Coffee/keyboard

      Re: Eat the rich

      > If you want to keep a secret, you must also hide it from yourself.

      > George Orwell

      To die hating them, that was freedom.

  4. Anonymous Coward
    Anonymous Coward

    VPN

    it's much easier to focus your attention on those on VPN, than on browsing of the whole nation. So why exactly are you so keen on protecting your privacy, Mr Abhani of 32 Terror Close, that makes you so keen to pay for such services each month, eh?! Inquisitive minds want to know, and now they have VARIOUS vectors of approach to find out :/

    1. Anonymous Coward
      Anonymous Coward

      Re: VPN

      Perhaps you're paying for a VPN service because you don't trust open wifi hotspots?

      Or perhaps you're using a free service you get when you pay for Giganews usenet access. But VyprVPN do at least log when you're connected and what IP address you're assigned for time you're connected, mainly so they can pass on the blame to you in the case of DCMA stuff and I wouldn't doubt they log a lot more.

    2. Anonymous Coward
      Anonymous Coward

      Re: VPN

      I imagine that many people use VPNs to stream media and avoid geolocking. Maybe not strictly legal, but perhaps not worth the hassle of surveillance/prosecution.

  5. Valeyard

    prepared for this..

    My wife and I have all our devices running through privateinternetaccess, thanks to some user-created scripts it's working flawlessly on my opensuse boxes too

  6. MJI Silver badge

    Working from home

    My wife does some homeworking, including categorising web pages as safe and so on.

    That will really mess up the logging.

    1. Anonymous Coward
      Anonymous Coward

      Re: Working from home

      I still have a few scripts I knocked up ages ago for causing chaff to echelon.

      They take a a file with a lost of words / phrases to search for.

      Went through file, pinged the searches at a search engine & randomly went to one of the inks.

      When end of file hit, start again

      It repeated ad infinitum (or until parameter based limit reached)

      Similar scripts running on lots of machines generates a lot of haystacks with no genuine needles.

      1. Chrissy

        Re: Working from home

        Chaff variation:

        Submarine ELF stations are always transmitting random data when not transmitting actual messages, so no assumptions can be made from transmission bursts.

        In a similar way, I'll be running 24x7 a random IP address generator that will then, for a random number of minutes, do a random number of GETs to that IP address and any subpages that are returned..... both massively increasing and poisoning the haystack with random data, and obscuring my actual surfing.

        When I've previously suggested doing this en-masse, someone suggested that this would only damage the ISPs rather than the government, and prices would then rise due to the need to store that extra data..... the market can only support a max price per subscriber. Once the ISPs' costs/subscriber rise above that max price/subscriber then ISPs are running at a loss; their CEOs will apply so much pressure to the Home Office that they will have to repeal at least the "retention of sites visited" part of this law, if not the whole thing.

        Or they'll redefine "hacking" as also "visiting a website with no intention of viewing that website"... that'll be fun watching the CPS try to prove that, or proving that the GET came from Powershell rather than my Browser.

        1. Ben Tasker Silver badge

          Re: Working from home

          > In a similar way, I'll be running 24x7 a random IP address generator that will then, for a random number of minutes, do a random number of GETs to that IP address and any subpages that are returned..... both massively increasing and poisoning the haystack with random data, and obscuring my actual surfing.

          If you do, be very careful.

          I did some work a little while back examining the effectiveness of cover traffic on encrypted links.

          You'll need to pay attention to the size of the response body and adjust the time between that and the next page accordingly (but not proportionally).

          The time a human takes to switch between pages isn't consistent (we might load a huge page, read 1 sentence and click off because it looks crap, or lead a tiny page and take 5 minutes to read because we went and made a cuppa). But that's very different to random intervals as there is some correlation between the amount of text and the amount of time we spend reading.

          You also need to make sure that the start and end times of your cover traffic aren't particularly consistent. Having a sleep at the beginning of the script helps a little, but if the traffic always starts within 60 seconds of quarter past the hour, it quickly becomes identifiable

          > In a similar way, I'll be running 24x7 a random IP address generat

          Don't do that. You don't want it running 24x7, you want it vaguely aligned to your sleep/wake cycle (as well as taking into account things like you going to work all day). Any traffic generated when there's a high probability it wasn't you gives an observer further means to analyse your countermeasures.

          If they decide they're going to capture HTTP Host headers (which really, they'll want to), simply connecting to a given IP and requesting pages isn't going to do anything except make the traffic identifiable too.

          There's a lot of other things to be considered too.

          When observed over time (which is what an ICR will effectively be) the little differences in behaviour between a script and the average human become readily identifiable, and that's when the traffic is using an encrypted link. It's even harder with plaintext (which, to some extent, includes HTTPS because things like SNI are in the clear)

          TL:DR running effective cover traffic is fucking hard, assuming your aim is to thwart anyone with any more than a passing interest.

          1. Anonymous Coward
            Anonymous Coward

            Re: Working from home

            IMO Chrissy advice is good to create haystacks, while yours is good to create fake needles within those haystacks.

            AC just to avoid sloppy people. We all know that El Reg will defend our PII with their own lives.

  7. Bob Wheeler
    Stop

    Two points

    "Additional powers are legislated for, including offensive hacking,"

    Is not all hacking offensive, can some types of hacking be in-offensive?

    Did not the last Labour Government try to bring similar laws into force? If so, why did they now abstain in the vote for this?

    1. Seajay#

      Re: Two points

      Is not all hacking offensive, can some types of hacking be in-offensive?

      Penetration testing of systems that you own is pretty inoffensive.

      Did not the last Labour Government try to bring similar laws into force? If so, why did they now abstain in the vote for this?

      I would guess two reasons.

      1) Current Labour hierarchy regards New Labour as the anti-Christ.

      2) A bill which says "The government should have access to everyone's records, but should promise not to abuse it" doesn't sound at all scary when you are the government, but very scary when you're the opposition.

  8. FuzzyWuzzys
    Meh

    Can we see it?

    Is this like the Data Protection Act or when the Police film a protest? That is, if I fill in a form and send in a tenner, do they have to tell me exactly what info they're keeping about me?

  9. amanfromMars 1 Silver badge

    Chocolate Teapots 'r' Us

    I only have one question …… Is anyone/anything exempted from surveillance ….. for such a facility will always be abused and taken advantage of for private and personal enrichment at the expense of others?

    And/But surely there is nothing to be really worried about, for bad laws are never followed/obeyed and are always ignored by the smarter being and/or more enlightened citizen. The madness that abounds would be in the thinking that any such laws would make a great deal of difference.

    The current elitist establishment systems of administration have much more of a burgeoning problem with sensitive secrets being openly shared randomly and spontaneously with everyone and their dogs, rather than with secrets and dirty deeds done dirt cheap being squirrelled away out of sight and sound on servers.

  10. Velv
    Big Brother

    I am no security expert. What we need from one of you frighteningly clever chaps is an idiots guide to setting up this vpn

    There's some really good security guides on the NSA and GCHQs websites. They even have some recommendations on good providers.

    1. Anonymous Coward
      Anonymous Coward

      If NSA and GCHQ are recommending them, the natural assumption would be that they are compromised.

  11. Dave 15 Silver badge

    Two issues

    First of course is the fact that if you believe the bull about elections the two parties involved .. .Labour and Conservative ... have been chosen by the majority of the idiots of this country to decide such matters for them. These people make choices based on interesting factors (he has a nice smile, his suit doesnt fit properly) and deliberate lies (we have lower taxes than they do...). Personally I think restricting the voting to people with an iq greater than 1 and enough interest to see what their 'representatives' actually do would create a far smaller number of votes and a better caliber of ruler.

    Second given the mealy mouthed way our politicians and civil servants act and the downright dishonesty of the police (we didnt beat the newspaper sales man to death, we dont jump and down on peoples cars when we stop them and we certainly dont cause mass deaths in football stadiums...) I wonder at the idea that the isp keeps it for 12 months in case it is wanted for investigation. Does that mean that everyone is placed under investigation every 11 months and all data requested from the isps and then stored by gchq or the police national computer service for ever and ever (like dna samples).

  12. Dave 15 Silver badge

    anyone else having trouble

    Running on chrome. when I go to post the page keeps jumping down as different adverts keep changing. Cant edit at all well

  13. This post has been deleted by its author

  14. John H Woods Silver badge

    List

    "Not sure where the list came from - could not find it." --- Shadmeister.

    I don't think it is changed from the original draft bill (pdf) it's Schedule 4, page 168 or thereabouts.

    1. This post has been deleted by its author

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020