Obligatory Topical Reference
It's like they watched Spectre and thought "hey that's a pretty good idea!"
Police have demanded to be given access to the whole of the public's web-browsing history as part of the forthcoming Investigatory Powers Bill, due to be published in draft form next week. The government has been lobbied by senior police officers to include in its new surveillance legislation a requirement for service …
Problem is art 8 is badly written almost on the level of the second amendment in the US constitution - it's wildly open to interpretation depending on who you're asking and which way the wind is blowing so we're not likely to get any protection from the ECHR.
My browsing history they can swivel for because it'll all be going via some third party country, thinking the Netherlands; or possibly France. Now we got this all sorted and cleared up so you know I have no personal interest because this won't affect me: it's the rest of the country and the general state of democracy I have concerns for if this goes live.
It is obviously a massive attack on all people everywhere and one of the most egregious attempts at inserting state security into people's lives since the end of the Stasi and people should say so. This stuff is unprecedented (and I'm not using the word lightly, it's never happened through revolution, civil wars, world wars or continual attacks from actual terrorists at any point that the state has been so scared of perfectly ordinary normal law abiding citizens that the state has felt the need to insert itself so directly and comprehensively into the private lives of normal people) in the history of the United Kingdom. In fact it's not really happened anywhere - I'd probably list the Norks on a list of equivalent current power and not really anybody else; even the Chinese don't play this game.
I can't see any of the things being discussed making it through parliament but if they do holy hell we're really screwed.
Problem is art 8 is badly written almost on the level of the second amendment in the US constitution - it's wildly open to interpretation depending on who you're asking
Not true. The 2nd Amendment is very clear and the U.S. Supreme Court has repeatedly upheld it. All U.S. citizens have the right to own firearms and that right cannot be taken away without due process (convicted of a felony, etc). It is based on the basic premise that We The People are more powerful than The Government and if that government becomes oppressive, the people can revolt (see the opening sentences of the Declaration of Independence).
I mean it's probably splices in fibre so all you're really doing is loosing photons - that's why it works so well. If it actually cost performance you think anybody would allow it on their networks without at least making a lot of noise? If this is the biggest of our worries we're good to go (it isn't and we're not).
This post has been deleted by its author
"Richard Berry, spokesperson for the National Police Chiefs' Council on data communications issues, claimed that law enforcement was "not looking for anything beyond what they were traditionally able to access via telephone records.""
Lie. Telephone records showed who called whom and when. Internet records show when I'm at home, what music I listen to, what my hobbies and interests are, the food I eat, the business I shop with, and many other things besides.
Richard Berry is a liar. If I am wrong, he can sue me for libel.
Only the smart criminals though, a lot of people still don't know that if you pull your SIM card from your mobile and put in a new SIM, that they still have your phones IMEI number and can continue to track it.
I bet that a lot of non technical people still believe that it takes one minute to track a telephone number, like shown on TV, just hang up the phone quickly and it can't be traced, yeah right.
For casual hiding of you browsing history, from the government, I can recommend https://www.torproject.org/
"Five years ago, [a suspect] could have physically walked into a bank and carried out a transaction. We could have put a surveillance team on that but now, most of it is done online. We just want to know about the visit."
Turns out the correct analogy for what you are asking for is "we want to put a surveillance team outside everyone's houses, forever..."
But I guess that wouldn't sound as "nice" as pretending it's about somehow stopping "online bank robbers"
Indeed if they're a suspect you can get a judge to give you a warrant and then bug his computer.
And if you're talking about things that happened in the past you face the same issue of having to do actual work to solve the crime.
Take basic details from cctv of people in masks and boiler suits with shot guns
Find car with false plates
Go to scrappy that car was scrapped, run the vin numbers on the car that was actually used.
Etc
In a web attack, investigate the method and software of the attack, collect the ip addresses, trace back to multiple dead ends, check for people who suddenly have money in their bank accounts
check against known actors
Etc...
It's called work.
"Turns out the correct analogy for what you are asking for is "we want to put a surveillance team outside everyone's houses, forever...""
Turns out the correct analogy for what you are asking for is "we want to put a surveillance team inside everyone's houses, forever..."
There you go!
So five years ago, they had a copper in every bank writing down details about everyone who visited and what they did?
No they didn't. First they identified the suspect then they followed him to the bank if necessary. If they wanted their previous transactions, they asked the bank.
They're trying to justify mass surveillance. But don't call it the Snooper's Charter, someone might get offended.
> Turns out the correct analogy for what you are asking for is "we want to put a surveillance team outside everyone's houses, forever..."
Not just outside their house, but to then tail them and record everywhere they go and everyone they communicate with. Not only that but everyone they meet must hold up a sign about what the meeting was for.
The correct analogy is an attack on the snail mail system - what they want is to be able to open every letter, log where it's coming from, where it's going and the key points brought up in the letter if not the full content.
They can't do this, they don't do this and if they tried people would rightly go apeshit. This is why I use the Stasi analogy because it was something they were famous for, albeit they didn't have the capability to do it for every single person in the "republic".
There's no capability gap created by the internet, they're looking for entirely new capability - and this is where it gets silly - it's a capability that's mitigated by crypto. Therefore we're wasting a lot of time (and money) creating access to holes that are doomed to be closed in fairly short order.
Actually the convention on human rights that the human rights act enshrines contains very broadly worded exceptions for this exact eventuality.
Article 8 contains the following:
(2) There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.
These exceptions are later stated to apply to article 7, which covers communications. Under these articles the police and security services simply need to argue that they are acting in the interests of national security or to prevent crime. They're even couching their arguments in terms freidnly to the provisions of the ECHR.
The tories may have their own reasons for repealing the human rights act and I can't speak to them, but regardless of their stance, the act needs to be repealed and re-written to remove these exceptions, as they render the entire thing an exercise in futility.
...not sure I agree. The European Court of Justice was pretty firmly against "mass and indiscriminate" surveillance (Digital Rights Ireland) and the English Courts have followed suit.
You can monitor people for national security purposes so long as it is reasonably and proportionate. However, tracking the whole UK population's porn/medical/political etc. internet viewing habits is so far off the "reasonable and proportionate" scale its not funny.
"You can monitor people for national security purposes so long as it is reasonably and proportionate. However, tracking the whole UK population's porn/medical/political etc. internet viewing habits is so far off the "reasonable and proportionate" scale its not funny."
The "defense" of course, is that the ISPs will hold this data and the Police will still need a warrent to access the records of a specific person or IP address. But now that the ISPs have to collect and store all this data, how long before it gets monetised? And "leaked".
Of course, I'm one of those people bosses label as a "troublemaker" because I like to look at the downsides of plans so potential problems can be mitigated and prepared for. That seems a much more sound principle than "meeting new challenges" when they jump up and bite you.
@JohnBrownsBody
*Bzzzzzt* incorrect assumption.
The legal intercept is done remotely in a box connected by prisms (optical fibre taps) in the main transit links as mentioned above hence I upvoted it for being correct in technical detail, this box is NOT owned by the carrier, its owned by the gov and is entirely outside the knowledge of the people operating the network apart from the "it has to be there and fed power and this special fibre connection" facet.
If you take foriegn networks, they do have systems that backdoor the devices for law enforcement purposes rather than having additional equipment but that's not the way blighty implements big brother.
For the record, I consider the prisms + dedicated box a more secure way to do it. If we absolutely must have big brother monitoring its the way to go. I personally believe we do NOT need this, but its already here and live in the network.
In the US we required these requests to go to a court also. However, what the surveillance service (NSA) did was request a wiretap on "Verizon", and made it essentially open-ended, to which the court agreed, saying that simply named a telecommunications company you want to tap is specific enough. They then automated the process of siphoning off records from the telco, arguing that it wasn't actually "collected" until someone typed something into a search box (meanwhile conducting neighbor analysis on the data in an unattended fashion). So when you say "warrant", and "specific person or IP address", you shouldn't be surprised when the person is "Mr. British Telecom" and the IP address is actually a set of subnet masks that cover the entire country.
This post has been deleted by its author
"(imagine if TalkTalk also kept and lost its customers' browsing records)."#
They probably have. Although there's always the possibility the system collecting them didn't work.
Talk Talk customer services (paraphrased, from a call earlier this week): This is not something customers need to worry about, the details are nothing more than you would include on a cheque. No, I won't give you my own personal bank account information, that's confidential, you could do anything with it.
The government sees no need for supervision of police access to this data, it will be abused. So it's more than likely we'll see a repeat of the corrupt coppers who were happy to feed celebrity and crime stories to the News of the Screws finding other publications willing to pay for Internet histories of the unfortunate/rich/powerful/stupid.
...then please log it properly *including* the exact bits I've visited (not just the site) and the referrers too
.
Why? Because if I click on some link somewhere, which goes via say bit.ly or other obfuscators (sorry, shorteners), I cannot possibly know in advance where I'll end up. I might end up on ISIS's website, but all the snoopers (selectively want to) see is... twitter -> ISIS. If there are complete logs, there's at least a remote chance that accused people might be able to explain how they got there.
The best solution is of course to not log anything. But this seems unlikely to happen with our governing elite. In the meantime I'll continue mitigating the issue via VPN/proxy for everything that goes out.
Yes, that double-layered fashionable tinfoil hat over there is mine. You'll soon want one of those too!
Anonymous, because why not. Not that it matters on a http-only site.
lol ...
nor would it matter on a SSL site these days
and that vpn / proxy won't help either
If the request for this information is issued to your ISP your vpn / proxied / ssl connection still has to go point to point across the ISP's network at any which point they could easily log, decrypt, manipulate, or whatever they want that request.
Unfortunately there pretty much isn't a way to be anon online any more ... there's always a trail somewhere that will lead back to you.
"nor would it matter on a SSL site these days
and that vpn / proxy won't help either"
True, but it makes it much harder to get to the content. Plus it bypasses BT's (or any other ISP's) nanny filters entirely (if DNS goes through that tunnel too).
All they see is SSL encrypted traffic.
Of course we can't stay anonymous, if "they" are out to get us. Whatever we do is a work-around at best, not a solution. A solution would be to beat some sense into May, Call me Dave and all those zombies who have no clue about IT or the internet and therefore bend over when the agencies and police ask for greater snooping powers.
It really depends on how far you go with the layers of deception. I've been doing it so long that I get nervous not using it all which does happen from time to time. The last time a site denied me access, it was cia.gov. I just checked, again, and all my ISP sees is the numerical internet address for the proxy, not even DNS. Oh, and the connect and drop time. Everything else is a fabrication.
Really, aside from a bit of nose tweaking, I do all this to segment my traffic from those around me. They certainly know who I am, where I live, and most definitely what I'm capable of accomplishing. Definitely that last and all my medical/psychiatric records. Everyone, I kid you not, has access to those. It is a bit of fun doing my best to crack my own streams even with perfect knowledge of means and methods. You should always assume that when looking at systems security.
The use of bt.ly etc and the fact that you have no idea where the link is going to take you is one reason why I never click on them.
Who knows, it might be a sting operation and those fine upstanding people at GCHQ might have tricked you into accessing some [redacted] porn site. The boys in blue standing outside your front door will make a quick entry and that's the last we'll see of you for a long-long time.
Going to be worse than that I'm afraid.
Heard of virtual hosting?
It's that thing where 100's of websites share the same IP address, and you get redirected to the correct one based on the hostname you provided to get there (independently of the DNS lookup involved).
This system is the reason for the problems with indiscriminate take downs orders for things like "illegal world cup streams" also affecting 100's of other sites when implemented via IP filtering based on court orders.
So when you visit your knitting hobby site , you are using the same IP used by the "Jihadi terrorist deathsquad" site hosted on the same webhost.
And plod will just get the IP (especially if you use a third party DNS server independent of your ISP).
Welcome to the overly large dragnet!
The slight problem here is that the customers of a major ISP look at a LOT of web pages. Recording the URL of everything that goes through their systems will need a very great deal of storage, and therein lies a problem: storage costs money, and fast storage costs a lot of money.
On the other hand, the Government is asking for a load of web log data that they do not know the content of ahead of time. An Evil ISP might well therefore automagically generate some plausible-looking and entirely legal logs on the fly and give that to the spooks in lieu of actual data, on the premise that if the aforesaid spooks don't find anything illegal, they're not going to pry further.
Alternatively, if the fines for non-compliance are low, simply not bothering at all and swallowing low fines as a price of doing business, instead of the high costs of doing the government's dirty work for them might be an alternative route.
If I was in the ISP business and were forced to hand over customer data I'd whinge a but for form before eventually complying. The data they would get would be slightly modified -- errors do creep in when you're working with very large data sets -- but they'd probably never know. The resulting data would, with any luck, be not just useless but would completely screw up their search algorithms.
"Poisoning the well"
It's just a way of creating an ocean of non-suspects' data to go fishing in. Actual criminals (apart from the terminally stupid, who ought to be pretty easy to catch anyway) will, of course, take suitable anonymising measures.
The justification of "making the job easier for the Police" doesn't stand up. If you make it easy for Plod to investigate everyone, then they will investigate everyone. The concept of reasonable suspicion gets fenestrally ejected, and everyone becomes an unreasoned suspect.
Is that what you want?
-A.
If you make it easy for Plod to investigate everyone, then they will investigate everyone. The concept of reasonable suspicion gets fenestrally ejected, and everyone becomes an unreasoned suspect.Is that what you want?
No, of course not. The Police are clearly above suspicion, so their communications must be exempted from this law.
Also MPs, because reasons.
Except for those MPs who vote against introducing these measures - doing so is surely clear grounds for suspicion that they're up to something. Remember: nothing to hide, nothing to fear.
Part of this problem is that they spend much time on collecting and little on processing until after the fact. How many times have we heard..."oh yes, we have some data on them" after the "them" commited a crime. I'd rather hear from a TLA/FLA that they need more to process what they have and what they are getting than they need to collect more.
I suspect the police have been saying to the Home Office that they need all these powers if they're going to lose tens of thousands of policefolk due to the government's "austerity" measures. I don't know if there was an element of bluffing on their part, but if so it looks like the other May has called them on it.
If it wasn't for the hassle of dealing with malware-pushing sites it would be interesting to set up a website that opens random pages at random intervals; people could then open a browser session when they login and leave it running but ignored all day. One or two new pages an hour would do the trick.
Well why do they want it then?
In the hope that it will provide circumstantial evidence that the Clown Prosecution Service can then misrepresent in court against targeted individuals, whether they are guilty of something or not. Worked during Operation Ore, didn't it?
You can screw things up by installing some software that randomly visits websites ("I'm developing my own search engine to compete with Google"), and then your defence is that it wasn't you, it was the software.
And then have a list of sites you visit regularly:
www.gay-freemasons.co.uk
www.kinky-tory-mps.co.uk
www.police-friends-and-families.com
With that list they should keep well away from you
I'm sure I read somewhere that London is arguably the worst place in the world to commit a crime as virtually every street corner has a cctv camera on it that the police can access at will for the purposes of investigating crime.
This, while possibly intrusive is sort of acceptable as when I am in public my actions may concern others.
However sat in my own home on my computer I am no risk to anyone so the argument is more about specifically what the question is that the police really need to answer ...
Is this person likely to be involved in a crime in the near future, or have they been in the past?
....
Unless the crime is a cyber crime / hack then the police are arguably have no reason to want this data from me and they better dam well justify that need!
In the event the crime in question is a cyber attack their efforts should be looking at my target to tie a data trail back to me first.
In the event that a persons online activity supports / in some way aids in a crime the focus should be on the crime not some random large pool of personal information.
In other words, given that the police already have enough to charge me for a crime then I would consider it acceptable for them to supplement their case with my digital activity but their right to dig through that activity should not just be freely available because they suspect me of something.
My reasoning being:
In the eyes of the law everyone in the UK at least is considered innocent until proven guilty, if there isn't sufficient proof for them to charge me then what right do they have to breach my privacy?
DO YOUR BLOODY JOB INSTEAD RELYING ON TECHNOLOGY TO BREACH EVERYONE'S HUMAN RIGHTS!
However, should it be possible to create a system that can automatically find proof that a crime has been or may be in the future committed and put fact with it by using such data and no actual human being can mess with, access, or even interact with this system then yeh in theory I could be ok with that.
I should note however:
Such a system would need to be able to think like a human eg (AI) be able to determine for example the contents of my pockets before I walk in to the bank, and should only send out focused snippets of actionable evidence not raw queryable data.
I would be cool with that.
But could our government / any government for that matter be trusted to build such a system?
No bloody chance!
I was reminded of Cumberbatch in The Last Enemy, someone who returned to the UK just as a Total Information Awareness program was about to be rolled out.
The city of London is the best place in the world to commit a crime - that's why so many institutions have their HQ there.
Compared to the finacial regulators in New York, Frankfurt or Singapore you can be pretty sure that the City of London police will take very little interest in your activities
I'm sure I read somewhere that London is arguably the worst place in the world to commit a crime as virtually every street corner has a cctv camera on it that the police can access at will for the purposes of investigating crime.
But a significant proprtion of them are at such a low resolution that there is no way they could ever help even in detecting crime, let alone identifying the perpetrators.
CCTV is, by and large, security theatre.
Vic.
Instead of fighting them to stop, why don't we bury them in data?
Something that visits random random websites or follows links on pages randomly. Make it not worth the governments while, like putting telemarketers on hold instead of hanging up on them.
This ties in nicely with the proposed cuts to the Police Force - soon all they'll need is one person to spend all day looking at our browsing habits and a few jackbooted rent-a-thugs to come round and kick in your door when they spot something "suspicious".
"This ties in nicely with the proposed cuts to the Police Force - soon all they'll need is one person to spend all day looking at our browsing habits [...]"
Experienced specialist police officers are apparently being retired early - then re-employed as civilian support workers doing the same backroom job. As they have spent pretty much all their working life accumulating the requisite experience - then it's really the only job they want to do - even if it means lower wages or through an agency.
We have records that you visited mobile.chat.yahoo.co.uk
ISIS uses mobile.chat.yahoo.co.uk to communicate. You go straight to jail, we don't need a trial, we have the records.
And Vhosting. holy shit.
Downward spiral accelerates.
<yes, I know the url is crap, but the concept is covered>
Five years ago, [a suspect] could have physically walked into a bank and carried out a transaction. We could have put a surveillance team on that but now, most of it is done online. We just want to know about the visit.
So, 5 years ago you could have tailed 1 or 2 people per county at once. It cost you a lot of money and resources, required approval from a very senior level, and was reserved for major criminals.
You now want to use advanced technology to be able to automatically tail everyone (including children, and investigative journalists) in the whole country all the time? Without any suspicion they are doing anything wrong?
A police tail on everyone, 24 hours a day. I can't think of a better definition of a police state.
They can already get what they are asking for, and more, by obtaining a warrant from a magistrate. The requirement exists in order to prevent the police from abusing their power.
For reasons which they have not adequately explained, they want to remove the requirement for judicial oversight and approval in order to have untrammelled access to very personal information on each of us whenever they feel like it.
The lack of a requirement for a search warrant, especially when combined with such unreasonable search powers is surely the hallmark of an authoritarian regime.
I guess I'v found a new use for my Raspi - when you go to bed get it search and load random . gov.uk sites thru the night (working shifts means most of this traffic will be daytime for me) DDoS anyone mwahaha. For all real traffic use a VPN terminating in a less draconian country, or public WiFi.
of those bloody websites that popup links to everywhere when you try and browse them , a favorite of the ad sites on facebork.
Only take 1 of them to be slightly dodgey and blammo.. the cops have you and the interview will end up going like this
<Police> we know you surfed an illegal site, we have the records, what did ISIS tell you to do?
<you> What site?
<police> you know very well which site
<you> I dont know what you are talking about
<police> right seems he denies surfing that site, lets 'encourage' him to co-operate
<you> ow ow ow ow ow ow
-----
Much later
<Judge> you are found guilty of surfing an illegal site
<you> I dont know what site you are on about
<Judge> sentenced to 25 yrs in prison
<you> what site?
-----
Much much later
--
<Lawyer> I've finally been granted access to the list of webistes you surfed that day
<You> and what site was it?
<Lawyer> www.human_rights.com
<you> who?
Diet meal plans often offer a week of food free as a trial offer. I purpose giving the government 1 microsecond of data as a trial offer to see if they like it.
Have the biggest ISP's in the land record 1 second of said data. Aggregate the data from all the ISP's and hash the IP addresses. Then slice it up into 1 microsecond shares and send one slice to each member of Parliament and each elected police official in the land.
Compose emails with names from the least decayed phone-book you can find as source addresses (don't make it trivial to filter). Put the URL in the subject line and the requesting IP address (probably should hash it first followed by enough evasion text to make filtering hard) and send it to their official email address. If such an email address can not be found or is not working (none of them will be working at the end), fax what you can until that fails, then print the remaining data, one line per connection, 66 lines per page and have a volunteer deliver it in person (with TV crew in tow). Ask for a receipt too.
I am sure that servers will crash, printers will wear out, trucks will break down, and loading docks, driveways hallways and offices will fill up with boxes. Mountains of boxes of paper will be on TV and in the news, and all those mountains of boxes will still represent less that one one-thousandth of one second's worth of data they think they want. This should drive the scope of this stupidity through even the thickest heads.
If we fail to get the point across, invest in storage manufactures, cloud storage providers, electricity generation, data center construction...
And begin determining the environmental, economic and social impact of covering the entire island to an average depth of 10 feet with running hard drives.
so I connect to my Corporate VPN and do stuff.
My Internet Point of presence is around 4000 miles away.
Ok GCHQ/NSA how do you get my browsing history?
Unless you have cracked every VPN encryption you can't.
So being realistic their aim of getting our entire browsing history is impossible.
Perhaps someone should tell HMG and more importantly The spooks in Cheltenham the reality.
Now I'm just going to connect to my other VPN in Mexico.....
Then there are others in other parts of the world.
I don't have anything to hide but all I'm saying is that it is only too easy for those who have somethnig to hide to do just that.
"so I connect to my Corporate VPN and do stuff.
My Internet Point of presence is around 4000 miles away.
Ok GCHQ/NSA how do you get my browsing history?"
Unless you are connecting to your corporate VPN through your very own bit of copper/fibre and exchanging keys via another completely different channel they can't tap they could probably find somewhere along the trail of nodes to launch a man in the middle attack. If that's too hard/awkward they can lean on your corporation until they hand over the records (which will they be required to keep if they work in certain areas/jurisdictions - eg: finance).
So which logs are they after? Those collected by a website or are they expecting ISPs to log all of this? It's going to de damned difficult to track an individual by asking loads of websites if they've seen the IP address, especially if it's a dynamic one.
One way to screw the proposal would be if lots of websites had one-pixel GIF images and they all referenced all the others by suitable means on web pages. Ideally this would be done with a blank referer field, but imagine if you could click on an Amazon or Microsoft page (or even one from El Reg) and simply by doing so, you'd be logged as accessing a hundred other sites. It would make any sort of correlation useless by poisoning the logs. Obviously there are a few performance issues, but we should be looking at ways of making the collected data useless.
If they want something to do then we should all add the word dirty, bomb and nuclear. Dont get me wrong, I do not want nor sanction terrorism, however, the quid quo pro needs leaving as is, why? well the undercover authorities have enough strength now. Let me tell you a little story, 40 years ago a lad applied to be an apprentice, the company concerned did security stuff. Now the boys father was known to be Chinese, and wanted for petty crime. Yet within less than a week they had found the man in China working as a fisherman! There was therefore no security problem, however the lad was found to be colour blind so in the end it did not matter as he could not be employed.
They have sufficient powers and methods, giving these to the police opens up the probability of severe misuse.
Anonymous Coward wrote: ...40 years ago a lad applied to be an apprentice, the company concerned did security stuff. Now the boys father was known to be Chinese, and wanted for petty crime. Yet within less than a week they had found the man in China working as a fisherman! There was therefore no security problem...
Not a particularly good example, IMHO. The person concerned was "known" and there was a clear starting point for the enquiry, and one thing to enquire about. In preventing terrorism (hopefully) the police may have a very unclear picture of who they are trying to monitor because the person (or persons) concerned will be taking some trouble to conceal who they are and what they are doing; hardly the same as the lad in the story.
I suspect (but do not know) that it will be very rare for a full intelligence picture to either fall into the collective police "lap" or be revealed in a complete form during an enquiry; the intelligence jigsaw is just that - a jugsaw - and it has to be constructed piece by piece while not revealing that you are putting a jigsaw together in the first place.
Having said that I have a lot of sympathy for your ...giving these to the police opens up the probability of severe misuse; we are after all talking about an organisation that wants to do Skype interviews of victims of crime and only investigate burglaries at odd - numbered premises.
To be fair (oops; I made this mistake once before) the police have a near - impossible task in preventing terrorism; I doubt if anyone expects them to prevent burglaries in the same way as we want terrorist activity preventing. While I do understand people getting hot under the collar about creeping powers for the police (coupled with ever reducing accountability) what is the bien pensants reaction going to be if there is another 7/7 or Lee Rigby? I think I can hear it now: "Why didn't the police do something to stop it?" The answer may be "we didn't have the necessary powers" and it will be very hard to argue against that.
I really worry about this contradiction - balancing the strong desire for a free society that is not under the threat of near constant surveillance with making sure that the poice and security service can carry out their jobs effectively.
I don't pretend to know the answer.
Commswonk wrote: [...] what is the bien pensants reaction going to be if there is another 7/7 or Lee Rigby? I think I can hear it now: "Why didn't the police do something to stop it?" The answer may be "we didn't have the necessary powers" and it will be very hard to argue against that.
That answer would be a lie. They already have the necessary powers. They just want more - they will never say they need fewer powers - and they are willing to use any emotive situation to manipulate public opinion.
The perpetrators of the 7/7 atrocity were either already known to, or could and should have been linked to persons already known to the security services. In the case of Lee Rigby's murder, both were known to the security services. In neither case they did adequately act upon intelligence already in their possession.
One could postulate that the security services already had too much information with which to work, and that finding useful intelligence in a morass of information is almost impossible. Providing them with even more information would clearly be the wrong thing to do.
On the one hand, no one here has the balls to advocate for this level of access to the browsing history of every single American citizen. On the other hand, the NSA did their best to get this level of access behind our backs, and even try to sniff the content where possible.
Is it better to be screwed from behind and not see your assailant like in the US, or have them look you dead in the eye while they're screwing you like in the UK? I'm not really sure, can I elect a third option where I don't get screwed?
Berry explained the police's desire to The Times by saying "We want to police by consent, and we want to ensure that privacy safeguards are in place.
OK, so where is he going to display the checkbox saying "I consent to a total invasion of privacy"? And will he ensure you are not defaulted to giving consent unless you take a positive action?
"Oh, a cute kitten. I'll click on that."
click
"OMFG what am I looking at? Is that a pigs head and oh no, no. he's sticking his..."
click
Meanwhile back at Scotland Yard...
"Hey, sarge. We got one of those beasty pervs again....No it's a civvy this time. Yeah easy meat, I'll send the lads round sharpish"
Later that day....
"We got you, you piece of filth"
"Whaaat?!"
"We're arresting you for visiting bestiality sites while not in possession of either a constituency, knighthood or white curly wig. Anything you say will be reinterpreted for maximum effect at trial."
"But, it was a cute kitten"
"Under age as well, you dirty bastard, you'll rot in jail forever"
"No it was a cross site script that took me there"
"Cross-eyed git? What's his name then?"
"Eh?"
"Note that down constable Savage, when challenged about his alibi, he refused to cooperate"
Later that year...
"So what are you in for?"
"Would you believe, the total incompetence of a system that cannot distinguish between intentional and unintentional acts?"
"Yeah, I can relate to that, I never meant to use the axe, it was just for show"
"Would you believe, the total incompetence of a system that cannot distinguish between intentional and unintentional acts?"
The future Sexual Offences Act 2003 was supposed to be a tidying aggregation of many previous laws. When it was put out for public consultation it was obvious that the word "intent" had been dropped from some of those previous laws' wording. The reason given was that the police and some single-issue lobbies felt that having to prove intent made it "too difficult" to secure convictions of enough accused people.
Now would be good time to mention MAC spoofing methinks. Then there are the WPA cracking services, granted many newer UK routers are tough nuts to crack but there's plenty of older ones out there. My personal favourite though has to be leaving an Auto-Pwning USB stick in the local coffee shop, way cheaper than paying for a premium proxy.
I suspect that even with all the computing power tucked away at GCHQ; if they really had access to all the browsing data (assuming they aren't tapping it already) then they'll be sitting on a growing backlog from day zero.
Not taking into account of course that anyone with any sense will be running their searches through various obfuscation services and using "burn" devices.
We are sleepwalking into a Police State.
The Police feel that apart from a few "bad apples" then the force is keen on justice and liberty. Particularly bringing to justice those who appear to be clever enough to have no evidence against them. Such is the hubris that an inward-looking institution will produce in its members.
Politicians will also recoil from the idea that one of their group would misuse the powers they have. Wider interpretation of a law for the "good" of the people is however considered commendable - and necessary if the creation of many new laws is not to be bogged down in poring over detailed draft bills.
All power tends to corrupt; and absolute power corrupts absolutely. Lord Acton 1834-1902
This blog article seems to cover that human failing very nicely:
http://www.acton.org/pub/religion-liberty/volume-2-number-6/power-corrupts
To put historic risk of terrorism in perspective, I had to point the following out to a senior police officer:
In 1972 the UK saw 10,631 terrorist shootings and 1,853 bombings; 470 people were killed by terrorism.
In 2007, there were 47 shootings and 20 bombings - all in Northern Ireland and three people were killed by paramilitaries.
This was from a BBC article a few years ago.