Slashdot Mirror

← Back to Stories (view on slashdot.org)

Irish GSM Providers Asked to Track Users' Web Use

Posted by timothy on from the jes-keepin'-an-eye-an-ye-boy-oh dept.

With the disclaimer "I'm both Irish and work for the EU Commission," reader VShael writes "The head of the Irish police force has requested that Irish cell phone providers (Vodafone, 02, Meteor, 3) retain detailed information on the web pages that people view over their handheld devices. This information would be held over for 'possible future criminal investigations', but would be gathered without a warrant, probable cause, or without the citizen being suspected of a crime. This request goes way beyond the European Union's data retention directive, which never included retention of web-based email. Representatives of Vodafone, O2 and 3 discussed the letter at a meeting with Mr Davis (6th November 2008) and questioned the legal basis under which they could retain this data. It is their understanding that the content of calls or e-mails, or details on webpages browsed, are excluded from the EU directive. As such, any retention or disclosure of that information would be a violation of existing EU data protection legislation."

9 of 102 comments (clear)

  1. Encryption by Richard+W.M.+Jones · · Score: 3, Interesting

    Yet another reason why Firefox's stupid warnings on self-signed certificates are wrong.

    Another reason why HTTPS is a stupid standard.

    We need viable encryption of all traffic, now.

    Rich.

    --
    libguestfs - tools for accessing and modifying virtual machine disk images
    1. Re:Encryption by Ed+Avis · · Score: 2, Interesting

      It would be very easy for an ISP to perform man-in-the-middle attacks on supposedly secure sites which use self-signed certificates.

      'Very easy' if you are a cryptographer, but very difficult in practice. The computer hardware costs would be high and ISPs do not have the technical expertise required. Furthermore, while snooping on plaintext connections just requires listening to the traffic as it passes, a MITM attack requires actively meddling with the data and pretending to be somebody else. This is far too much of a legal risk for any legitimate business like an ISP.

      That's why it is wrong to say that unauthenticated but encrypted connections provide no more security than plaintext ones. Against a determined criminal who can break the law, this is largely true. But to keep honest people honest and stop ISPs and others routinely eavesdropping on conversations, it works very well.

      It is certainly wrong to assert, as Firefox's current policy does, that an encrypted connection with a self-signed key is *less* secure than one in which all the data is sent in plaintext.

      --
      -- Ed Avis ed@membled.com
    2. Re:Encryption by Ed+Avis · · Score: 2, Interesting

      The kind of 'almighty terrorist government' that decides to monitor your web browsing is far more likely to be the government of the USA or allied countries. And they can quite easily MITM your traffic if they want (do you really think that the NSA doesn't have copies of Verisign's root keypair?). If you are really concerned about that you need to exchange PGP keys in person and certainly not rely on a flimsy chain of trust running from Verisign through other crappy signing authorities to your browser.

      On the other hand, what this article discusses is _routine_ surveillance of _everybody_. This would certainly become impossible with routine encryption of all traffic. MITM'ing all traffic (or even 1% of it) is infeasible for an ISP, exposes them to huge legal risks (no ISP wants to be listening in on banking transactions, especially as their own network is probably not that secure), and would quickly be noticed. That is not perfect but it is a hell of a lot better than having everything in plaintext.

      I will not expend my energy telling them not only to check for the padlock-icon and HTTPS but also the fingerprint.

      Obviously, routine encryption of traffic where you do not have a signed certificate from the other side should not display the padlock icon, the glowing green address bar, or other indicators of security.

      --
      -- Ed Avis ed@membled.com
    3. Re:Encryption by jamei · · Score: 3, Interesting

      'Very easy' if you are a cryptographer, but very difficult in practice. The computer hardware costs would be high and ISPs do not have the technical expertise required. Furthermore, while snooping on plaintext connections just requires listening to the traffic as it passes, a MITM attack requires actively meddling with the data and pretending to be somebody else. This is far too much of a legal risk for any legitimate business like an ISP.

      In the Australian trials for Internet censorship software, 5 of the 6 filters had the ability to filter HTTPS traffic by performing a MITM attack.

      This forgery would be evident, unless the filter had access to a trusted signing key.

      Mozilla's decision to show strong warnings for self-signed certificates is justified, because if the certificates were accepted blindly, governments/attackers would easily be able to hijack HTTPS by forging "self-signed" certificates.

  2. Re:Garda Commissioner by kaos07 · · Score: 2, Interesting

    Obviously, but the fact that he requested such a stupid thing which is bound to get rejected is now a matter of public knowledge. So he looks like an idiot.

  3. Re:Garda Commissioner by Anonymous Coward · · Score: 4, Interesting

    "The Guards in my experience are a highly professional group of men and women who make a habit of nipping trouble in the bud. Yes, I'm sure lots of people will come in with horror stories now, but you'll have that."
    That probably depends on what part of the country you come from. The same families have been dealing drugs in the same place openly for at least fifteen years in my area. The guards are sitting in their station located two minutes walk away, and have never arrested anyone despite the complaints. They might stop some 15 year old with a bit of hash but wont touch the scumbags they saw sell it to them. That is not nipping trouble in the bud.

    This whole thing is ridiculous, and stinks of some senior guard reading the UK headlines and thinking he should be proposing similar for his own sense of importance. It will be useless even if implemented.

  4. Re:Garda Commissioner by ionix5891 · · Score: 3, Interesting

    ok ill byte

    as naturalized citizen emigrating from former soviet union many many years ago (cue soviet russia jokes) ill have to disagree on few points

    firstly I have great respect for the Garda as most people here do, and yes Ireland is a small country where everyone knows everyone else, and yes i considered joining and they are looking for people who have can speak in several languages

    i will also agree that most of the recent eastern europeans are hard working people and have helped this economy along by doing the jobs the irish were "above" doing in recent "boom" times, these are also the people who got the stick fastest in the current downturn

    now i will disagree about the language barrier, english is very easy to pick up

    also will disagree about the russian mafia. they are not here in ireland, and you have to realise that most people came here from russia to escape that sort of thing and have a family in peace

    and to be honest the wouldnt be able to gain any turf as we have our own gangs in dublin who dont hesitate to kill each other, theres a gangland murder on the news practialy every day

    also a point about immigrants to ireland that people might find interesting, they have to carry biometric green cards at all times and has to be produced when a Garda says "papers please!", no thats not a joke

  5. Re:Unfortunately, Just the tip of the Iceberg... by Anonymous Coward · · Score: 1, Interesting

    There is NO legitimate need for any ISP to record anything you do over their network since you, as a subscriber, are paying for the use of said network. I am tempted to unplug from the Internet and go back to life before all this intrusion. Oh that's right... the library has to keep lists of the books you read in case the police might need to know what you read. Orwell would be terrified his fictional predictions have become everyday reality.

  6. Re:Garda Commissioner by fuzzix · · Score: 5, Interesting

    And you hear the same complaint from people around the world, oddly enough usually with little to no evidence. You can always contact the Garda Ombudsman if you have a complaint.

    No you can't. If you're trying to reduce the level of harassment you're suffering then best keep quiet and get on with your life.

    How do you gather evidence of the Gardai knocking to your house every day and demand you drop your complaint? Or spending the night getting kicked up and down a police station? When the only witnesses are other Gardai it's literally your word against theirs and that never works out in your favour. If they weren't careful and left a mark sure, he fell down the stairs, your honour. Got his hand caught in a door. Tripped over his shoelaces.

    You hear the same complaint from people around the world because ALL police forces are heavy handed and act with impunity. I'm not lying - I have no reason to. I've been beaten. My friends have been beaten. Other friends have had their houses raided with unsigned warrants. Someone I know had a large amount of cannabis planted on him (or rather thrown near him - this is a matter of public record - the case was dismissed as laughable).

    This shite goes on every single day.

    At least the Mayday Bank Holiday protesters a few years ago had video evidence of disgraceful Garda behaviour but I don't carry recording equipment with me at all times so when one of them calls me a fucker because he doesn't like long haired guys in T shirts there's not a fucking thing I can do but walk away and pound impotent rage out of a wall or into a bottle.

    It doesn't happen any more - I'm older now (old, fat and affluent looking, if still long haired and T shirt clad) and could be earning any sort of money to fight them in court but young men are still being beaten and harrassed for no better reason than they're young men - sure, youngfellas are always up to no good, especially around here.

    I'm sure I'll hear about bad apples now but fucked if I've ever met a good one.