back to article Queen unveils draft internet super-snoop bill - with clauses

The Queen has detailed the government's upcoming programme of law-making on a grey day darkened by the gloom of a double-dip recession and plans to massively increase surveillance of the internet in the UK. Opening the new session of Parliament, Her Majesty confirmed on Wednesday that "draft clauses" would be introduced to …

COMMENTS

This topic is closed for new posts.
  1. Glyn 2
    Boffin

    Question

    There's much hoopla over this but is it any different than the police and security forces having access to your telephone conversations and call history (as long as warrants are needed just like for phonecalls)

    1. Arrrggghh-otron

      Re: Question

      That's the problem, we don't really know what it entails yet, and it likely won't contain any technical detail as that will be left to the ISPs to implement (and pass the cost on to us customers).

      The real problem is that it is likely to be blanket monitoring in retrospect (that is your past years worth of internet activity will be available, could be more), whether or not the requirement is a warrant, everyone is being watched and recorded.

      The assurances that it won't contain message data, just comms data, is a lie. At some point in the system everything will be looked at. A packet may contain part of another protocol and the whole thing needs to be read and stored until enough data is available to reconstruct that 'communications data' but that may also include lots more bedsides. The rest may not get stored for long, but it is read at some point...

      1. JDX Gold badge

        Nothing to worry about

        Why would anyone be concerned that the government can access you entire browsing history for X years when it's taking decades for them to be able to track your medical history?

    2. Anonymous Coward
      Anonymous Coward

      Re: Question

      Yes there is a difference.

      You might speak to perhaps a few tens of people by phone, but these days much more communication is done via email so maybe it would be fair enough that email addresses are captured with warrants required for their contents. I could just about live with that, although I'd prefer not to.

      But this bill wants logs of every website address too, the equivalent of following someone about to see where they go. Query strings give away even more information. All without any warrant apparently. I guess website addresses will become more obfuscated.

      What opening post delivered by Royal Mail? Why not if it's all for our own good?

    3. TakeTheSkyRoad

      Re: Question

      Remember that this information will be logged and saved in advance.

      So acess to call records & call content via a court order means that they will gain access to your records for as far back as the phone company have them (5 years ?). Also they could tap your phone to record your phone calls.

      Now under this proposal they will log all the sites you visit, the content of all the emails you send and much more. They then have to get a court order to access that data but it would be already there on their equipment.

      However it's not like there are 3rd parties involved (eg BT) so it would be trivial to lower the requirements. Putting this into the phone context everyone knows it's comparable to them recording all your phone calls (& text msgs) and then promising that they'll ask before listening to them.

    4. Anonymous Coward
      Paris Hilton

      Re: Question

      IS QUEEN EVEN TOGETHER ANY MORE I THOUGHT THERE LEAD SINGER DIED OR SOMETHING

      1. LinkOfHyrule
        Coffee/keyboard

        Re: Question

        yeah thanks, I wasnt expecting to laugh reading this comments! :oD

        Don't stop me now

        I'm having such a good time

        Looking at your interwebz!

        1. Anonymous Coward
          Anonymous Coward

          Re: Question

          I'm the invisible man, it's criminal how I can, see right though you!

      2. John Smith 19 Gold badge
        Trollface

        Re: Question

        Do not feed.

        1. Glyn 2
          Happy

          Re: Question

          Not trolling, I've just seen so many conflicting opinions that collapse into screaming matches that I was looking for the definitive answer ;)

    5. Anonymous Coward
      Anonymous Coward

      Re: Question

      reproducing the answer (to "is it any different") "From Lawful to Massive Interception: Aggregation of Sources" Slide (c) Amesys 2008

      Features: ........Lawful Interception....Massive Interception (CCDP)

      -----------------------------------------------------------------------

      Recording target's communications..OK.................OK

      Social Network for targets...............OK.................OK

      Search in the past for newly identified targets.........OK

      Identification of new potential suspects.................OK

      Discovery of new targets on:

      - Keywords.........................................................OK

      - Key topics........................................................OK

      - Social Network..................................................OK

      Information synthesizer & top-level intelligence......OK

      Creation of intelligence notes for the Authority......OK

      Full Country traffic monitoring..............................OK

      Behavioural analysis of Data Flow........................OK

      (geo)Localisation.............................................OK

      Multi-captor system..........................................OK

    6. Sam Therapy
      Unhappy

      Re: Question

      Privacy should be "on" by default, with an option to snoop only in exceptional circumstances*. The proposal is to set privacy to "off" by default.

      * Granted, every government writes its own terms of meaning for "exceptional circumstances" but the right to privacy should be there first and foremost.

  2. WonkoTheSane
    Big Brother

    Note for GCHQ:-

    Expect large uptick in highly encrypted email.

    1. Steve the Cynic

      Re: Note for GCHQ:-

      And VPNs leading to servers outside the UK...

      1. Dave Robinson
        FAIL

        Re: Note for GCHQ:-

        Or even just using webmail over https on servers located in some country which is less than friendly to the UK (Argentina, France, somewhere like that). And of course persuading all your <insert terrorist organisation of choice here> buddies to do the same.

        Wait... they already do that :-(

      2. Nigel 11

        Re: Note for GCHQ:-

        Looks like a business opportunity to me. Start researching Swiss law now, for a service you can sell to respectable people who worry about journalists, PIs and spouses getting access to logs that are supposed to be for MI5 only.

        Swiss, because they're a country that will cooperate with law enforcement agencies, but where they still believe in privacy. The really bad guys will find other more bribeable jurisdictions ... or possibly, put their servers afloat in the Pacific garbage patch or in orbit!

      3. Alan Firminger

        Re: Note for GCHQ:-

        Is there a market for CDs full of true random numbers ? They could be sold in pairs for convenience. At least when the plod comes round and demands the keys you would know they were watching you.

        1. SYNTAX__ERROR
          Alert

          Re: Problem with that, Alan

          The problem is that at some point they will turn up and demand the keys and of course you will not be able to provide them. A court would choose not to believe your explanation so you would get banged up despite committing no crime.

        2. PyLETS
          Boffin

          @Alan, Re: Note for GCHQ:-

          No market since around 1975.

          Such a one time pad is only useful if you never reuse the pad. You've also got the problems of generating the CD contents, duplicating these and sending these around by trusted courier (That's similar to how the UK diplomatic service did it. I've seen their old paper punched tape OTP machinery in use up to the seventies now on display at Bletchley Park).

          You are now doing much, much better having a new long enough key (128 bits or longer) randomly generated and exchanged using the Diffie Hellman protocol at the start of each session and securely disposed of at the end of a session. Secure disposal of the key after the session means that plod who calls around and obtains all known secrets after the session has ended (e.g. using RIPA or some other kind of rubber-hose cryptanalysis) has no way of decrypting his copy of the encrypted stream; this property is called 'perfect forward secrecy'. Diffie Hellman on its own doesn't protect against a man in the middle attack (e.g Eve pretending to Alice she is Bob while also pretending to Bob that she is Alice), so you need to use DH key exchange in connection with RSA signature or similar to authenticate the other end.

  3. Anonymous Coward
    Anonymous Coward

    I've Already Installed Tor...

    ... I will also investigate investing in a VPN; though I can see a few years down the line that'll be the next area the government targets with legislation. It's an uncomfortable fact but as the internet becomes more imbedded in everyday objects & surveillance technology improves our lives will come under ever more scrutiny. Most people haven't kicked up a fuss so whatever government is in power will implement this.

    1. Anonymous Coward
      Anonymous Coward

      Re: I've Already Installed Tor...

      Obviously you have something to hide..... I'm sure running Tor will get you onto at least one list.

      Slight tangent, I wonder how many Tor nodes are spook run ? Can someone running all the nodes from request to exit node trace source and target IP ? I'm sure I read that was a Tor weakness so if I was wanting to monitor Tor I'd have a server room packed with as many nodes as possible modifed to try and trace requests.

      1. The Original Ash

        Re: I've Already Installed Tor...

        "Obviously you have something to hide..... I'm sure running Tor will get you onto at least one list."

        So what? What will they do, stop my flying to the USA? Fat chance... I'm not flying there anyway. If I want that kind of "intimate attention" from another person, I'll buy the girlfriend flowers and a nice dinner.

        "Slight tangent, I wonder how many Tor nodes are spook run ?"

        Probably a lot, but it doesn't matter. Data inside the network is encrypted, and data leaving the network only has the data you put into it readable by the exit node. Those folk who were caught in the drug sale sting gave out their shipping details. As is typical of data protection, "they" only get as much data as you give them. Encrypt the data before sending it (HTTPS anyone?) and don't go applying for credit or accessing your personal email account, and nobody will know who you are anyway.

        1. Anonymous Coward
          Anonymous Coward

          Re: I've Already Installed Tor...

          Just making the point that running Tor makes you look like a "Bad Person" in some people's eyes.... and running Tor may one day be a amber/red flag in someone's data warehouse report. Just take steps to hide the Tor useage.

          Who said anything about the USA ?

          This is the UK goverment and they'll just knock on your door (possibly heavily) if they want to chat.

          Question answered, cheers

        2. Miek
          Linux

          Re: I've Already Installed Tor...

          I'm not sure why people keep going on about SSL, it is completely readable when you have intercepted the entire communication from it's initiation.

          Get your hands out of my cookie jar.

          1. Vic

            Re: I've Already Installed Tor...

            > it is completely readable when you have intercepted the entire communication

            No it isn't.

            Vic.

          2. Alan Edwards
            Black Helicopters

            Re: I've Already Installed Tor...

            > I'm not sure why people keep going on about SSL, it is completely readable when you

            > have intercepted the entire communication from it's initiation.

            No it isn't, you'd need access to the private certificate on the server to decrypt it. Only the public certificate is sent out, to allow the other end to encrypt stuff.

            You can do a 'man-in-the-middle', where you decrypt SSL on the way then re-encrypt it, but it'll set the alarm bells off in the browser as the server name won't match the destination address.

          3. PyLETS
            Boffin

            @Miek

            "I'm not sure why people keep going on about SSL, it is completely readable when you have intercepted the entire communication from it's initiation."

            If you do know how to break current SSL implementations, then please publish your reproducible attack method in full. Your publications and conference keynotes would then be worth a considerable amount of dosh. I'm also not including manipulating the CA system to get a false signed cert which we all know is doable but expensive to the CA that gets caught doing this, see Diginotar.

    2. Anonymous Coward
      Anonymous Coward

      Re: I've Already Installed Tor...

      "Most people haven't kicked up a fuss.."

      Most people do not understand their computer, let alone the impact of such a bill.

      We all know how to obfuscate information using techniques already mentioned here. But your mum/aunt/grandmother/etc... have no clue. Its 'normal peoples' conversations being impacted. Those 'underhanded' persons will already be implementing counter surveillance techniques.

      It's a waste of time and money really.

    3. Anonymous Coward
      Anonymous Coward

      Re: I've Already Installed Tor...

      And how long will it be before the bill is amended so that you are required to register for a special government license entitling you to deploy any kind of encryption technology?

      Default exemption for corporates and bankers - compulsory for wankers.

  4. Anonymous Coward
    Anonymous Coward

    In the speech? Damn.

    I expect them to do a Digital Economy bill on this one, make no mistake we will get it because its in the speech regardless of how unpopular it is. Even if they have to sneak it through the disgrace that is the Parliamentary "Wash up" to get it on the books we will have it forced on us.

    What's the betting that p0rn filter comes along with this as well.

    1. Anonymous Coward
      Anonymous Coward

      Re: In the speech? Damn.

      Cool. I relay 30Gb/Day for the tor network, I started relaying more after all the recent discussion on the snoop laws.

      You should look into relaying either internally in the network or as an exit relay.

  5. Anonymous Coward 15
    Big Brother

    Whether a warrant is required is largely immaterial

    because the ISP will have to inspect and record the data first, so it still exists should a warrant be issued within 12 months.

  6. Richard Rae
    Black Helicopters

    No communication contents?

    So maybe they can explain this

    To quote:

    "May and her department have tried to bat aside criticism from civil liberties groups by saying that "no emails would be read in real-time"."

    To support

    "The proposed bill described communications data as being "information about a communication, not the communication itself"."

    If there is no communication content held, then how can they say that no email will be read in real-time, implying that they can (or will) be read after 'real-time' ie 1 seconds later by a person or batch job.

    this puts me in mind of the Great Wall of China, unfortunately not the nice stone one......

    Now, where is that tin foil hat of mine....

    1. Andus McCoatover
      Megaphone

      Re: No communication contents?

      "no emails would be read in real-time".

      OK, delay by a second or two. Not 'real-time' then!

    2. paulc
      Black Helicopters

      Re: No communication contents?

      "May and her department have tried to bat aside criticism from civil liberties groups by saying that "no emails would be read in real-time"."

      no, they're not reading them in real time... just delayed by a couple of microseconds...

  7. Aristotles slow and dimwitted horse Silver badge
    Thumb Down

    "Oh... email..."

    "Wouldn't one of those be lovey... and an internet as well... are they types of dog Phillip?"

    ...said a doddery old pensioner with a crown earlier today.

    Hands up if anyone thinks that old Liz actually has a clue about anything she reads in Parley-a-ment...

    1. DJGM
      Thumb Up

      Re: "Oh... email..."

      I'd hazard a guess that Her Maj is a bit more technically clued-up than you'd think.

      Maybe not to the level of most of us reading tech news sites like this, but I'm sure she'll at least know how to switch on a PC and do a bit of casual web browsing in between her royal duties. Probably won't stretch to downloading torrents though!

      1. Mako

        Re: "Oh... email..."

        The Queen sent her first email in 1976.

    2. Vic

      Re: "Oh... email..."

      > anyone thinks that old Liz actually has a clue about anything

      She's far more clued-up than you might imagine.

      She was a driver/mechanic during the war, and she was introduced to email before most of the rest of us.

      That she talks such utter bollocks in the "Queen's Speech" is down to it being written by the government, not by the monarch.

      Vic.

  8. Andus McCoatover
    Windows

    Lord Chancellor handing Her Most Majestic Majesty the speech..

    1) Doubt if She's seen it before..

    2) Doesn't She - as an octogenarian - need glasses to read?*

    *Actually, zooming in a lot, She does seem to have them on.

  9. Anonymous Coward
    Anonymous Coward

    Lie back and think of England

    ya munchers! Or, actually, bend backwards, as a good herbivore would. Even it if hurts a little... ultimately, it's for your own good, even if ya don't getit into ya thick skull!

  10. eJ2095

    Soo..

    This means they can snoop officaly then eh

  11. Ron 6
    Alert

    What difference who announces it?

    What difference does it make who announces this bill? Can the Queen refuse to announce it or will they dock her pay?

  12. Ralph B
    Childcatcher

    Child Labour at the Mother of Parliament?

    So who's that young lad in the picture with Her Maj? Looks to be of school age to me, so why's he not at school?

    1. Anonymous Coward
      Anonymous Coward

      Re: Child Labour at the Mother of Parliament?

      It's not illegal to employ under 16's. See paperboys(persons?) and the early Harry Potter films for reference.

  13. Arctic fox
    Thumb Down

    "CCDP"? My problem is I am not sure, given what one suspects they would like to do, that....

    .......they did not mean "CCCP". *

    *Younger members may need to google that. -:P

  14. Anonymous Coward
    Anonymous Coward

    Pff - not an issue.

    We already provide secure email, comms and IT services to UK companies, the more the merrier. :).

    The problem of an evident lack of control, transparency and trustworthy oversight is not new, just that the process to legalise the abuse has now started. Any UK company that outsources IT to a UK based or controlled organisation already has the risk of backdoor intercept - compel the IT provider and the company in question may never find out (the magic word remains "terrorist").

    Not a good position to be in if discretion is part of your business. Banks, lawyers, medical practises..

  15. flearider
    FAIL

    person of intrest ...

    just like the tv program there working towards a computer that can see and hear everything .. but don't be afraid till they knock on your door ..

    just how many mp's will be watched and the queen herself .. nope just the baaa baa's then off to slaughter

  16. Seanmon
    Big Brother

    Alternative approach.

    How about a little background process that , every 30 minutes or so, would google "ANARCHY BOMB TERRORIST BESTIALITY AL-QUEDA SEXTRAFFIC" and bounce off a random half-dozen of the websites produced?

    A million or two PCs doing that 24/7 ought to fuck up the statistics a bit.

    1. Seanmon
      Boffin

      Re: Alternative approach.

      I'm actually semi-serious about this. Of course it would need to be more sophisticated than I'm making it, but is there any reason why this shouldn't happen? Going by my experience, there are enough people (even non techies) objecting to the bill to suggest there would be enough of a user base to make a difference.

      My coding skillz are rusty as fuck these days, but I reckon even I could put together something like this.

      1. Dan 10

        Re: Alternative approach.

        @Seamon - I see that as not much more than a modification to SETI - and I agree that it's not only feasible, but becoming rather a good idea. The master node would be populated with new search terms as and when they become relevant, to be spat out to all the client devices. The fact that the other post above points out the anti-google effect merely gives it a legitimate purpose.

        1. Seanmon
          Terminator

          Re: Alternative approach.

          Yep, that's pretty much exactly what I was thinking. A botnet, more or less, but consensual

    2. Anonymous Coward
      Anonymous Coward

      Re: Alternative approach.

      Yes, seriously this would work. I even mentioned this approach to a "home office" official and they were kind enough to reward my query with a wince.

      Random traffic dilution is part of the legal, honest, truthful defence - not just against gchq/nsa total information grab but will also counteract the google bubble effect (where everything offered to you is pre-screened and biased on who they percieve you to be and what your internet social class and disposable income is)

      We just need LOTS of random tools to mitigate workfactor reduction...

  17. Circadian
    Stop

    Who has access to this?

    From the article "...obtaining of communications data by authorised public authorities including law enforcement and intelligence agencies". Note the ""including* law enforcement and intelligence agencies" part. Who else are they giving access to on top of these? Local council? Government quangos? Anyone with an open purse?

    Wonder how long until son-of-News-Of-The-World gets access to the complete list as and when they want? About the only thing we could hope for is that a bunch of the power-mad MPs end up being burned by what will end up being held under this proposed law.

    1. Anonymous Coward
      Anonymous Coward

      Re: Who has access to this?

      Terrorists and terrorist supporters of course - aka Saudi and Pakistan. You see, Its all about marketing: there would be no justification for all of this "security" if we don't get more effective terrorists than the underpants bomber!

      ... just like they happen to catch a terr'ist just about at the same time people are beginning to doubt the effectiveness of the TSA-grope-down!

  18. SJRulez
    Facepalm

    Lets pick over all the faults here...

    Some of this from BBC and some from the REG

    "no emails would be read in real-time" (REG) - well most people use webmail over https which wont tell you anything about where its destined, where its from or its contents and the rest use SMTP which if they use packet capture and its not encrypted can be read plain text.

    Not to mention that "in real time" doesn't mean they wont do as media does with TV and delay it by 5 minutes which would get round it.

    "laws date back to 2000 and they are not equipped to cover social media, Skype and other methods of communication." (BBC) - yes and these changes wont help that since yet again we're using encrypted connections to a website.

    "However, the police would be able to see which websites someone had visited." (BBC) - not if they just simply use a proxy, VPN or even Google translate!!!

    "information about a communication, not the communication itself". (REG) - in most cases they are the same thing.. eg Email, you've got to inspect the actual packets being sent to extract the address details other wise all you can see is he\she sent an email to MX server blah and that's the end of the trail.

    The safe guards are a joke as well

    "Measures to prevent unauthorised access" (BBC\Draft Bill) - This has got be the funniest bit of all, they can secure their own websites, NHS data, and regularly lose information including plans for terrorists raids..... are you really going to trust them with your data.

    These measure\bill will do nothing to help combat terrorism, they will just snoop on the regular people. Terrorists arent exactly stupid and we are all well aware they use encryption, sat phones, voip.... the list goes on.

    1. Alan Edwards
      Black Helicopters

      Re: Lets pick over all the faults here...

      > well most people use webmail over https which wont tell you anything about where its

      > destined etc...

      If you're using webmail, all the information will be on the webmail provider's server for ever, and will be handed over to Government types with very few questions asked. Webmail is probably the *least* secure way of doing email unless it's your server.

      > Skype and other methods of communication." (BBC) - yes and these changes wont help

      > that since yet again we're using encrypted connections to a website.

      And again, details will be handed over by Skype etc. on request, assuming there isn't a direct tap into them already.

      They were caiught with their pants down by the use of BlackBerry Messenger to organise the riots a while back, they are determined that it won't happen again. They people they *say* it's targetted at already know how avoid getting caught

  19. N000dles
    Black Helicopters

    Nothing to worry about here!!!

    We have been told that this is only to catch terrorists, child molesters and serious criminals. I don't see what it is you are all moaning about. After all, this is the same reason we all agreed to the extradition law to send these same heinous people to the US. It isn't like you are going to ever have the plod bash your door down for helping your mates share a few TV programs.

    1. SJRulez

      Re: Nothing to worry about here!!!

      We have been told that this is only to catch terrorists, child molesters and serious criminals.

      How do you know someone is a terrorist, is a molester or is a serious criminal without reading the contents?

      "plod bash your door down for helping your mates share a few TV programs." all of SOCA's latest success stories have been raids for hacking and file sharing

      1. Anonymous Coward
        Anonymous Coward

        @SJRulez

        Did you not notice that WHOOSHING sound over your head just then?

    2. SYNTAX__ERROR
      Thumb Up

      Re: Nothing to worry about here!!!

      You owe me a new sarcasm detector as this one has overloaded and the needle on the meter flew right off.

  20. 8Ace
    Big Brother

    strict safeguards to protect the public...

    "It added that safeguards such as imposing a 12-month limit on the length of time such private data could be retained by communication service providers would be proposed"

    Of course that would never be extended would it.... !

    1. SJRulez

      Re: strict safeguards to protect the public...

      Another curious thing is who's going to store the data? the ISP's - price increase for consumers or the Gov tax increase for people that pay it (you can guarantee the people its meant to catch wont be paying just job public)

    2. Vic

      Re: strict safeguards to protect the public...

      > that would never be extended would it....

      Doesn't that depend on the seriousness of the crime of which you are found innocent[1] ?

      Vic.

      [1] (c) 2000something WacquiJacqui...

  21. Anonymous Coward
    Anonymous Coward

    Altogether now, "And so the end if near and now I face the final curtain!"

    It's perfectly simple, they only want the email subjects, senders and recipients. They also only want the destination websites and the query strings. No use whatsoever, where's the harm?!

    When the fuss dies down, that's when they'll sneak some really nasty shit through! Oh sorry, we just need the content of those emails now too and oh, the content of the pages you pulled through as well. Tell you what, make it an offence to use a PC/tablet/mobile without a UK Gov registered ID! Finally no PC use without a webcam switched on and any attempt to turn it off will be met with the stiffest penalties. Don't even think about TOR or HTTPS, we need the unencrypted data from those too please as you have nothing to hide right?

    This is the thin edge people and the beginning of the end my dear friends.

    1. Anonymous Coward
      Anonymous Coward

      Re: Altogether now, "And so the end if near and now I face the final curtain!"

      a (previous) Home Secretary is on-record as saying that they don't just want to read e-mail - but they'd also like to access all the unsent e-mails that people are composing in their clients, the Drafts folder - the things that people start writing but then think, Naah, won't bother with that. I suppose the Trash/Wastebin contents are also needed for verification.

      I conjecture that Total Information Awareness is the name of the CCDP game, remember the "Do you have your TIA badge displayed citizen? - or do we have to shoot you?"

      A family member grew up in a repressive regime, that mass murdered; at school the teachers would ask leading questions about family life at home - to see if a 3am rendition visit was necessary. The family DID listen to external shortwave radio - but due to diligence, internal briefings and sticking to stories, they were never discovered or I wouldn't have my children!

      I trust the UK government with my data, most of it, most of the time. BUT in a decade I might not - .

  22. SJRulez

    HTTPS

    The only reason I can see them wanting real time access is so they can intercept the Key Exchange or so they can pull a man in the middle attack otherwise the information is completely meaningless.

  23. Anonymous Coward
    Anonymous Coward

    Vpns at the ready.

  24. gskr
    FAIL

    There seems to be some misunderstanding:

    E-mail contents are not going to be logged.

    However a record of each e-mail sent/received will be logged.

    If we only consider e-mail comms for a moment...

    I'm guessing they want to be able to go to an ISP and say give me all the records sent to/from an IP address (that represents an ISP subscriber) (or a physical installation address)

    Presumably they are expecting said ISPs to install DPI hardware to do this given that e-mail could be sent or received through any server - often not the ISP's e-mail server.

    How then does this cope with SSL encrypted comms - which are widespread even for home users using POP3 / SMTP, not to mention HTTPS webmail portals (eg g-mail)!

    All they would be able to log in these cases is user X communicated with an e-mail server at IP address Y at time Z. (not the actual sender or recipient) That's only any use if the owner of the e-mail server also falls under the jurisdiction of this law. Presumably you'd only be guessing that its e-mail comms based upon the port used. If it used a non-standard port you wouldn't know that, and hence wouldn't log the communication as it would fall outside the scope of the law.

    Anyway this is all speculation until details emerge, but it seems very difficult to achieve what they want - even ignoring the use of VPNs (which are widely used for legitimate purposes!)

    1. Yet Another Anonymous coward Silver badge

      SSL/https mail is the reason for the bill - they can simply order Goolge or whoever to hand over the details from their end. Otherwise they could just tap the cables as they do now and not require any public legislation.

      Of course if you used encrypted mail to some server in Iran or Pakistan or Columbia then they wouldn't have any power to compel those organisations to hand over the data, But what kind of UK user would bother having an account on a server like that?

      1. Anonymous Coward
        Anonymous Coward

        I don't understand what you mean. For an email to be private, both clients, both servers and every routing server in between needs to be using encrypted comms. The only place this happens is if all of the above falls inside one company. In which case, there is already sufficient law in place to request details.

        The bill is aimed at ISPs to monitor comms on the fly. Not at service providers like Google mail. We can already order Google to hand over details.

        Note I say "we" as in our government. Not "they" as in "I disclaim all responsibility because I'd rather sit on my arse bitching on a website than actually protesting, educating or otherwise resolving this issue".

        1. DaddyHoggy

          We (the UK Government) can't ORDER Google to hand-over emails - especially if the mail servers are not based in the UK.

          We can request that information and Google may or may not comply depending on the case presented and the legal jurisdiction the information is stored under.

          1. MrZoolook
            Megaphone

            More to the point, laws intended to allow US/UK justice are apparently a one way street in their favour!

    2. Anonymous Coward
      Anonymous Coward

      MAN IN THE MIDDLE attacks are trivial when you as a state have persuaded your local Root certificate authority to issue you a whole bunch of 'fake' but functioning certificates so that the state can impersonate any server that you wish to HTTPS to.

      I'm already running certificate patrol on FF but need an additional out-of-band certificate hash comparison service with distant users of the same VPN, HTTPS.

    3. Vic

      > SSL encrypted comms - which are widespread even for home users using POP3 / SMTP

      Encrypted SMTP is currently quite weak - although a key exchange does occur, it is rarely verified against a root certificate. Thus a MITM attack could supply its own key to the sender, and the data is effectively in the clear for that attacker.

      I expect to see much more TLS verification in the coming years.

      Vic.

  25. Snowy

    and how much storage is all this going to take?

    1. Anonymous Coward
      Anonymous Coward

      storage costs are always going down

      even 64GB USB flash is now down to $40 - but when the citizens are paying for the many CCDP boxes anyway it's irrelevant how much they cost or how many yottabytes are needed

      The internet is a toy/Minecraft/angrybirds/smartphones - but it is trending inevitably to be the backdrop to everything hard & infrastructural in our lives. With the planned future amounts of data there is a risk of even subtle state discrimination, clever algorithms to effect social genocide, politicide: like Lady Porter's housing/voting 'experiments' on steroids {see Porter v Magill [2001] UKHL 67, [2002] 2 AC 357}. (she eventually lost)

      WHAT social control circuit-breakers and enforced measurable lifetime neutrality are being designed into CCDP by renowned philosophers, musicians, artists and lateral-thinkers to counterbalance all the clever packet-engineering?

      You mean GCHQ and the home office haven't made a best social practise privacy impact assessment on the total information awareness projects? FAIL or at least DISCUSS!

  26. MrXavia
    Devil

    1984?

    1984 is arriving a bit later than expected...

  27. Emperor Zarg
    Headmaster

    Yes, but...

    Did Her Majesty pronounce data as "day-ta", or "dah-ta"?

    I think we should be told.

  28. Magnus_Pym
    Thumb Down

    No worries

    It's a government IT project. It'll be years before anything turns up and even then it won't work.

    1. Tim #3

      Re: No worries

      Fair point. And of course it will be provided at quite remarkable expense via consultancies which are run by old school chums of our dear PM.

      What's the betting that ISPs will have to pay for the equipment but will only be allowed to use certain "secure" providers...

      1. John Smith 19 Gold badge
        Unhappy

        Re: No worries

        The front runner for this would be Dettica, now a wholly owned subsidiary of BAe systems.

        BAe walked away from the ID cards situation because of the competition

        Why compete when you have the field to yourself?.

    2. Vic

      Re: No worries

      > It'll be years before anything turns up and even then it won't work.

      I'm still rather uneasy that our future liberty relies on the fact that all our governments are completely fucking useless...

      Vic.

      1. Magnus_Pym

        Re: No worries

        "I'm still rather uneasy that our future liberty relies on the fact that all our governments are completely fucking useless..."

        Unsettling yes but true. It is similar to the one man, one dog space ship crew only you don't need the dog.

  29. Anonymous Coward
    Anonymous Coward

    Not much to argue about

    Apart from the principle of the thing, which is fucking awful, the draft bill says very little to pick over - the definition of communications data seems to only consider e-mail and telephone communications. No mention of web-sites visited.

    It's a very poor starting point for any form of technical discussion. I look forward to the proper draft bill.

  30. Fibbles

    Fuck this...

    All I want is to live in a country with a government that doesn't work against my interests at every turn. We can send machines outside of our solar system using 40 year old technology but we can't codify a simple set of immutable rights and stick to them?

    1. Vic

      Re: Fuck this...

      > we can't codify a simple set of immutable rights and stick to them?

      We can.

      But those currently holding the reins of power rely on us not having such rights codified in order to keep that power...

      Vic.

  31. Nigel 11
    Alert

    http://www.random.org?junk=a-long-string-of-random-garbage

    I wonder how long this new surveillance regime will survive if some malware gets distributed which (invisibly) does the equivalent of browsing something much like the above every couple of seconds (or milliseconds), and ignores the error responses. Their logs will fill up with the random hexadecimal strings.

    Some infinitessimal part of which might be steganographically concealed messaging?

    1. John Smith 19 Gold badge
      Unhappy

      Re: http://www.random.org?junk=a-long-string-of-random-garbage

      "I wonder how long this new surveillance regime will survive if some malware gets "

      Simple.

      Forever. The people who *want* it are basically *senior* current or former civil servants in the Intelligence and security services.

      IE Oxford PPE graduates, not Cambridge CS grads.

      They'd view it as the price of protecting the British people from *themselves*.

  32. Drefsab
    Thumb Down

    hmm

    I love how they say they want to record the details of the communications ok so person a emails mail box b that sits outside of the UK where the spooks cant touch it. No big deal its a single email.

    But what's not seen is the mail box B has forwarders onto mailbox C in another safe haven which in turn has forwarders onto all the undesirables that GCHQ want to know if people are contacting.

    So from their point of view person A is doing nothing suspect at all but all the stuff they want to capture is beyond their reach.

    I don't see this bill helping law enforcement agencies half as much as some people would have you believe, maybe a few stupid petty crooks may fall foul of it, same way they would with phone tapping etc. But in the mean time is a major cost and expense to the ISP industry and treads all over our civil liberties.

    Time to send lots of random lol cat pictures with encrypted stenography messages in saying F U GCHQ.

  33. Qdos
    Pint

    Cuban VPN here I come...

    Whoops, did I just say that in the clear... buggritt, I'd better delay that decision for 366 days now...

  34. Anonymous Coward
    Devil

    Lazarus bill

    I had been in touch with my MP, a Lib Dem, about this. He stayed in contact with me until a couple of weeks ago when he suggested that the idea was simply going to be buried. I have no reason to think that he was being disingenuous; tories weren't happy with this let alone Lib Dems, who should be allergic to this type of idea.. Yet now the thing rises again, same as it did under Labour etc. It makes you wonder who is calling these shots, and the degree to which the "security forces" are under parliamentary control.

    I have written to my MP again pointing out among other things that treating all people as suspects in this way will be interpreted as additionally holding them in contempt. One would have thought that the lesson from the council elections, with the electorate clearly telling the Condems that they had better take a different route, would have been learnt.

    1. nichomach
      Big Brother

      Re: Lazarus bill

      You might find the odd Tory like David Davies who has a clue , but bluntly for all their neo-liberal anti-"big government"/"nanny state" rhetoric, the Tories have NEVER been opposed to extending state *control* of the populace when they've been in power. The Lib Dems aren't any better; their "allergies" have turned out to be largely posture without substance.

  35. Alan Firminger

    The internet is not all good

    On past form the spooks already do this, And the search engines record all our curiosities, more about that later.

    But this is a grotesque intervention in the world of ideas. The British Library keep no record of your requests.

    Journalists and politicians will have reason to fear that wherever their minds take them online someone else sympathetic to the government will publish first.

    And search engines, I do not investigate potential inventions because to do so would give it away. A search query could be held as prior publication, so nullifying a patent, or worse, the invention could easily be recognized from the search terms so stolen and patented first. This is inhibiting, and not very nice.

    1. Alan Firminger

      I am grateful for approvals, but I expected someone to accuse me of paranoia. Of course it is, and it is horrible when a government smashes that onto you. I will keep my secrets.

  36. David 45

    Wedges, anybody?

    Thick and thin available (for a price!).

    1. Gavin King

      Re: Wedges, anybody?

      I thought you were talking about the foodstuff, and now I'm hungry for some crispy deep-fried goodness.

      Now, where's the nearest fish'n'chip shop that's open first thing in the morning?

      1. MrZoolook
        Trollface

        Re: Wedges, anybody?

        You could check on the internet, but the gov might decide to increase your national insurance contributions because your more of a burden on the NHS.

        I'm shopping online for lettuce and cucumber wholemeal sandwiches right now... Just in case!

  37. Anonymous Coward
    Anonymous Coward

    Re. CDs full of random numbers

    Pretty sure that if you get caught sending these it would be classed as "conspiracy to whatever" or something.

    Memo to self, test this theory by sending said random number disks to some journalist or other, putting return address of some unoccupied address or other and see if Feds turn up.

    AC/DC

  38. LaeMing
    Meh

    I spent half a day reading that as:

    Queen unveils DAFT internet super-snoop bill - with clauses

  39. TheLioness
    Big Brother

    Hypocrisy Reigns Supreme

    Note this is from the same government that is currently bemoaning the Freedom of Information Act. They can know every little personal detail about us, but we are not to know what they are up to with their special advisors, 'best men,' old school chums, and corporate donors.

    1. MrZoolook

      Re: Hypocrisy Reigns Supreme

      Or how they finance their duck-ponds!

  40. TheLioness
    Alert

    Sign the E-Petition to Stop This Madness!

    If you oppose this, please sign the official e-petition at: http://epetitions.direct.gov.uk/petitions/32400

    There are at least two key parts to this 'draft' bill, both heinous IMHO:

    (1) The surveillance/snooping/spying by the government listeners and the requirement for (UK) ISPs and mobile phone companies to make their log databases available for real-time snooping, supposedly with the caveat that Home Secretary Theresa May or a judge can sign a warrant to do so (certainly not comfortable with any Home Secretary being able to do this without having to pass a legal test). Note, only the body/content of the e-mail/call would not be real-time (if you believe government assurances).

    (2) The entry and hearing of communications data evidence in secret closed courts (hence Justice Minister Ken Clarke's argument that the US is more likely to be willing to share secretly collected [via waterboarding at Guantanamo or rendition exercises?] evidence with the UK if it will not end up in open court.)

    Also, they talk about "collection" and "retention" of these communications data details (header metadata if you will). What is the likelihood of the return of the giant central GCHQ database that the previous Labour government, and which, the Cameron-led Tories and Clegg-led Liberal Democrats opposed? How else would they be able to feasibly data mine through the massive volumes of data scattered across a rather diverse set of ISP logs and mobile phone company call details?

    And how are they going to impose this on suppliers who store such data outside the UK, in countries where such rights to privacy are enshrined in their constitutions, e.g. Scandinavian countries? And what is the point of getting header data, unless you wish to

    Lastly, if anyone has actually watched some of the MPs questioning IT industry executives in the Select Committees, you would realise what an abysmal lack of technical understanding these folks have. And we are to trust them to review any proposals?

    The "terrorists" and "paedophiles" scare tactic is just that. Do not fall for it. Please sign the petition and let your voice be heard, before we allow then to take away our last remnants of privacy!

    1. JP19
      FAIL

      Re: Sign the E-Petition to Stop This Madness!

      Well I would but it gives them a direct association between my email address and disapproval of government policy for their database.

      Signing it would be rather an own goal I think.

    2. Wayland Sothcott 1 Bronze badge
      Thumb Down

      Re: Sign the E-Petition to Stop This Madness!

      I note how signing a petition is an effective way of people letting off steam over an issue.

      An effective way of dealing with the issue would be illegal.

  41. DaddyHoggy
    Unhappy

    This is how it starts...

    Remember when the Anti-Terrorism laws were only for catching Terrorists and serious criminals? Now Councils use it to check if people are overloading their garbage or a case last year where a family was spied on for six months because the council suspected (incorrectly) that the family had placed a child in a school out of catchment area and had lied about their address.

    Oh yes, lots of use to catch terrorists...

    And so it will be with this.

    Shame nobody mentioned the "CC your email to Theresa May" Facebook page campaign that ran on May 1st. That did amuse me somewhat and seems to have been moderately successful in swamping the Home Office's email system.

  42. spiny norman
    Facepalm

    Not for the first time I read "draft .... bill" as "DAFT .... bill". I guess my brain's now hardwired to expect anything the government does to be barmy.

  43. Brezhnev's Shadow
    Pint

    mad pkt sniffrz respec'

    She tooled up'n'all got alll dat gear innit. But dey barks un bites yr azz 2. Postman hates dem says Corby f*cks yr trousrs.

  44. John Smith 19 Gold badge
    Unhappy

    Some useful numbers and links on CCDP and its predecessor Govt IMP

    £12Bn

    Only listed number for price of the IMP, which was for a centralised DB.

    I think merging the outputs from the various ISP hosted systems will bump that up a bit. But that part is secret, not the £2bn the govt say they will give ISPs to do their work.

    http://www.theregister.co.uk/2008/10/07/detica_interception_modernisation/

    Number of terror suspects former head of MI5 said they had listed 4400.

    Number of UK terror suspects watched by MI5 in 2007 2000 (likely to have grown a bit by now).

    http://news.bbc.co.uk/1/hi/uk/6613963.stm

    Number of UK terrorist deaths 2000-2012

    52 victims of 7/7/5 bombings. 4 bombers

    http://www.theinsider.org/news/article.asp?id=0472 only lists the victims.

    Jean Charles de Menezes 22/7/5 Intelligence FUBAR.

    Northern Ireland 2 8/3/9

    http://www.guardian.co.uk/uk/2009/mar/08/northern-ireland-soldiers-killed-antrim

    Total 59 in 12 years..

    Estimated value of a human life

    http://en.wikipedia.org/wiki/Value_of_life

    $6m (US DoT)

    $7.9 (US FDA)

    UK average lifetime earnings at average UK salary 18-70 @ £26,244 £1364688

    UK population 2010 62.3million

    http://www.ons.gov.uk/ons/rel/npp/national-population-projections/2010-based-projections/sum-2010-based-national-population-projections.html

    So the UK govt plans to spend £1m *each* to watch these suspects (Note that's just the stuff for the ISP'. There is *no* stated figure for the GCHQ end of the bill). or they will spend £33.8m each to save 1 life.

    Or it plans to watch *every* person in the UK because 0.0032% *may* actually do something that will endanger other peoples lives, possibly. It will spend at *least* £2Bn to do so.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2020