Police to have warrantless access to web logs
OK here's a good reason why these powers are too broad especially as the police will have unwarranted access to every bodies browsers history for the previous year.
We're all tech people so we know how web pages work, but the guy in the street & most MP's don't.
They all think that their web history is what pops up in their browser when they click on a button, it's a list of every site they clicked on a link for or typed an address for, Theresa Mays' "itemised phone list" only for web pages.
But we all know that if the ISP records a web history it will not only list all those sites, but it will also list every site the loaded page pulls in content from and if they are loading scripts or active content then any site they access and so on.
For example I went to forums.theregister.co.uk to see this page & for the guy in the street that's all that appears in the history but looking at the media loaded for the page I've actually visited www.technojobs.co.uk, regmedia.co.uk, www.theregister.co.uk & go.theregister.com, looking at the page source I've also visited www.googletagservices.com & pubads.g.doubleclick.net & that's just from a quick skim there are probably more.
So the average person coming here thinks they've visited a single page, when in fact they've visited at least seven and this is one of the better sites. Some sites pull in contributions from dozens of other sites some even load scripts from other sites and those can load yet more from yet more sites.
It's a very rare site that when you visit it that's the only site you access.
All these other sites, that most people are blissfully unaware of, will end up in in the web log collected by the ISP and be available to the authorities without a warrant.
So what, these are perfectly legitimate sites and won't arouse any interest, there will be no 4 o'clock knock rousing you from your slumber to explain why you accessed one of them will there ?
Well while the major sites may have good security and can keep the bad guys out most of the time, can you guarantee all of the other sites that get accessed can keep the bad guys out ? What about the slightly seedier websites that some people access like the p*rn sites, can we guarantee their security is up to snuff & they haven't cut the odd corner to save a few quid ?
How about this scenario.
A bunch of black hats hack into one of the sites supplying scripts, and modify a commonly used script so that it downloads a bunch of stuff from some terrorist site & dumps it into some hidden div on the page say with a "display:none;" style, they leave it for a week and then remove the modification. Most people wouldn't even notice this has happened, the data isn't displayed or saved on the PC & the load time would be increased fractionally is all. But the web log that the ISP gathers and that the authorities can access without a warrant will now have a ton of references to terrorist sites.
So you could get a 4 o'clock knock & be dragged from your bed to blearily answer questions about your terrorist affiliations because of all these websites you visited, and when you deny any knowledge they can show you the logs of the access which will be all the proof that's needed, your life will effectively end at that point as the authorities tear it apart looking for more evidence.
Scared yet ?
If anyone would care to prove that this can't happen then I might sleep again.
I think people in the street need to be educated about what will actually be in the web log, I guarantee it will contain a damn sight more than most people think it does.