Slashdot Mirror
UK To Track All Browsing, Email, and Phone Calls
Sara Chan writes "The UK government plans to introduce legislation that will allow the police to track every phone call, email, text message and website visit made by the public. The information will include who is contacting whom, when and where and which websites are visited, but not the content of the conversations or messages. Every communications provider will be required to store the information for at least a year."
...at every intersection in London. I guess the ACLU was unsuccessful in setting up a branch office.
I hate being bipolar; it's awesome!
How about: *Proposal* in UK To Track All Browsing, Email, and Phone Calls?
SJW: Someone who has run out of real oppression, and has to fake it.
The issue isn't so much whether law enforcement can scrutinize your web access, but rather that the information could leak out. A distressing amount of private information seems to be kept on laptops that keep getting stolen out of cars.
Requiring ISP's to keep this data is also iffy. ISP's don't want to be in the business of spying on their subscribers. There's no profit in it, it only angers the customers, and potentially the ISP could be drawn into a legal tangle if it potentially knows that someone is doing illegal stuff like, say, downloading and emailing nuclear bomb schematics to someone in North Korea or Iran.
Anyway it sounds like the government is leaving enough wiggle room to discard the policy if it generates too much controversy.
it's = "it is"; its = possessive. E.g., it's flapping its wings.
All politicians will have to register all their communication devices, email addresses, phone numbers, and then make the list of all communication (not the content) available to the public.
Who watches the watchers?
We have met the enemy, and it is us.
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
Hey, guys - we voted against the other lot for this reason. Ah well. Hopefully the libs will decide to stick to one of their election promises and vote against this. If they don't then there's quite frankly no point in having the coalition in the first place.
Problem is that the Brits can hold someone they want indefinitely until they cough up an encryption key under the RIPA act. All they have to do is ask the person once a day for 20-30 days, and essentially that would be sentence to life in prison because each refusal is 2-5 years in the slammer.
Encryption of your files is worthless when you can be arrested for failing to give up passwords as per the Regulation of Investigatory Powers Act 2000. (Which would be more accurately named the Irregulation of Investigatory Powers Act, as it pretty much declares open season on those under suspicion.)
Words offer the means to meaning, and for those who will listen, the enunciation of truth. And the truth is, there is something terribly wrong with this country, isn't there? Cruelty and injustice, intolerance and oppression. And where once you had the freedom to object, to think and speak as you saw fit, you now have censors and systems of surveillance coercing your conformity and soliciting your submission. How did this happen? Who's to blame? Well certainly there are those more responsible than others, and they will be held accountable, but again truth be told, if you're looking for the guilty, you need only look into a mirror.
Weaselmancer
rediculous.
This really reads like something out of fiction. I did not think I'd see the day of such a government, but here I am at 22 years old and already, a modern, 1st world country is to the point where it feels the need and justification to monitor every action of it's populace. The precedent here is staggering, terrifying and morally bankrupt. The possibility for abuse here is strong to the point of certainty. I pray this never makes it to a country I call home.
Soon, I shall dawn my cape and mast to fight this tyranny! ... I just have to brush up on my knife throwing skills, police in the UK use guns now right? ...Bummer.
Most mobile phone operators already keep statistics on who you call when (they need it for billing information in case somebody doesn't agree with their bill) and emergency services are capable of pinning down the location of mobile phones in less than a minute. And ISPs are already required to keep quite some information as well by EU regulations. So I'm not really sure this will change anything. Except provide a legal framework to (ab)use this information.
Also I'm not sure of the specifics but if they really wanted to they could probably insist you give them the encryption key for a particular session... one which was generated and discarded by your browser long since.
then throw you in jail when you don't comply.
And we've always been at war with eastasia.
The Government's Strategic Defence and Security Review, which revealed: "We will introduce a programme to preserve the ability of the security, intelligence and law enforcement agencies to obtain communication data and to intercept communications within the appropriate legal framework.
Yes, it is _just_ a proposal, do you want it to come about? So... time to ramp up development of https-everywhere, ensure that you use GNU Privacy guard for all EMail, bit locker on your drives, and dust off your NT box to run https-everywhere!
Well at lest they will be an absolute monarchy now. Citizens do not deserve privacy nor rights for they are the tools of the rich and powerful. No matter who is "elected" the corruption is with the system not who partakes in it. As long as certain groups of people who have a military force ready to open fire upon those they "rule" over this world is just gonna get more cramp, more violent, more unappealing, and if the past 30 years have taught me anything our future if gonna be WAY worse than anyone can possible imagine....remember when water came out of the tap clean pure and free? I do.... a bit apocalyptic maybe but 2 + 2 isn't that hard to figure out....
The implicit assumption here is that, as long as Big Brother doesn't see the content of the messages, there's nothing to worry about. Of course that's total bullocks. The AOL search data scandal of 2006 shows that one's search history alone can reveal far, far more about a person than an unwarranted government search should be able to see. Amp that up to a list of every site visit, plus everyone I email, call, or text, and this represents the government demanding the right to dig very deep into Brits' communication.
I hope Britons go ballistic in opposition to this proposal.
The UK government plans to introduce legislation that will allow the police to track every phone call, email, text message and website visit made by the public.
How quaint -- they use laws to grant government authority for such things. Over on this side of the pond the President just declares it to be so and tells the judicial they're not allowed to hear any petitions for redress of grievances. Much simpler that way.
Stop-Prism.org: Opt Out of Surveillance
what he was trying to get at is that the ACLU are completely totally irrelevant in the UK, and that the ACLU hasn't got a monopoly on trying to improve peoples' liberty
Been hearing about ideas for complete internet data retention for a good few years now. Here's how it usually goes:
1) An idiot cabinet politician comes up with a "simple good idea"
2) Lots of people speculate about how good an idea it is and how useful it's results would be
3) The media cotton on to the idea resulting in larges amounts of WTF??!!!111!!!1/?1
4) Someone finally tells the cabinet politician how expensive and dangerous the idea is
5) Cabinet politician blusters about how it's still a good idea for years without making any progress towards implementation
6) Cabinet gets reorg'd and the idea is quietly shelved as a higher priority "simple good idea" comes along
Yup, this kind of thing comes along fairly regularly and this old chestnut always gets shot down fairly quickly. Move along folks, this isn't just old news, it's not even news-worthy.
For Christ's sake, nobody tell them about IRC.
how right you are. in spite of the troll mod i'm going to get and the karma hit... the more they do stuff like this, the more guns and ammo i buy. bottom line, eventually it comes down to boots on the ground and who's willing to kill or more importantly die for what they believe in. a lot of people will kill for this kind of totalitarian crap. however, most won't want to die for it. i have faith that eventually America will see the light and embrace individual liberty and personal responsibility again and limit this 1984 nonsense to the europeans where it belongs.
This is actually an EU directive, to be implemented by every member state. Governments need to store at least 6 months of logs. Costs to be borne by individual ISP:s. So if any brits were looking to the mainland for escape from this idiocy, think again. By the way, the man responsible for the creation of this law is one Thomas Bodström, former Swedish Minister for Justice. He's moving to the USA. Please make sure he doesn't get to hold any public office...
Wouldn't stick. They can't reasonably claim that you might have known that key.
I don't understand the fuss about this, because it simply means that they are going to implement the laws that the European Union already has made. This same kind of law already has been implemented or is in the process of being implemented in many European countries, including my own, The Netherlands. If I remember correctly, the European Union laws are in the process of being extended to include all URL's (including search terms) as well.Telephone companies are already performing a lot of tracking for many years. Many ISP's are complaining that this will be very expensive to implement and that it will raise costs for the end-users, while the effectiviness of these laws are probably going to be very small.
Sorry, I change keys every two weeks and don't record the expired ones, and since it's 256 bit encryption, there's no bloody way I'm going to remember that sucker a year later.
If your in the UK, have fun in the slammer, Part III of the Act, which requires persons to supply decrypted information
Deni ability, and lack of intent may get you off in other countries, but not likely in this case. You had best start encrypting files with something like truecrypt where you can have 2 passwords on the same file giving up different data. Perhaps if you give them some unencrypted data they won't know to expect another password.
Encryption is worthless when the government twists the arms of encryption providers to cough up a master encryption key.
The FBI now wants to require all encrypted communications systems to have back doors for surveillance, according to a New York Times report, and to the nation’s top crypto experts it sounds like a battle they’ve fought before.
FBI Drive for Encryption Backdoors Is Déjà Vu for Security Experts
Power does not corrupt - power attracts the corrupt.
Would not help. VOIP usually uses SIP to establish a call (source and destination), and then RTP to stream the media for the voice (content). Encryption is not going to conceal the source and destination in a SIP call and will only protect the content. Even if you were to wrap the whole thing in IPSec, you would still not be concealing the source and destination since either SIP or IPSec would largely be irrelevant since the IP packets themselves contain the source and destination.
What the government wants is the source and destination according to the article. The ISPs are responsible for this so it would not be terribly difficult, although expensive, to monitor all traffic for those SIP handshakes and then create a database. Even VPN tunnels would be recorded as well and probably stand out because that traffic is inherently encrypted.
Unless you have a direct point-to-point SIP call, encryption is useless. You need to wait for ZRTP encryption which is endpoint-to-endpoint. Devices and software that support that will still use SIP to establish the call, but regardless of how many different media servers are involved (Asterisk as an example), the call would be encrypted and recordings would be useless. This is also why it is not that attractive to most people setting up private VOIP networks for business since call recordings would be more difficult with ZRTP and are usually required in a call center.
Most VOIP calls are not point-to-point SIP, but SIP being ultimately routed to PSTN. In the US at least that would make it nearly impossible to hide the source and destination since they would be using ANI and not Caller ID for billing. I am not sure what the analog in the UK is for ANI. Even if you encrypt the SIP portion of the traffic the other end on a regular telephone number is not, so once again largely useless.
Making a truly secure phone call is pretty difficult already, and making it anonymous is next to impossible with 3rd parties involved, or without compromising someone else's networks to hide your traffic inside them.
Freenet, TOR, and other forms of darknets are not well suited to VOIP traffic which requires low latencies to operate. So anonymity, provided through reasonable doubt, will not work unless these networks become far more prolific and a little more advanced. Imagine some guys laptop running a TOR node while he is on wireless Internet. Might as well route your VOIP traffic around the Moon and back. If Darknets are going to support low latency traffic then they have to develop a QoS model that nodes could process and eliminate high-latency nodes from being considered when choosing a route.
The UK is fucked period. I would imagine even if you guys had 100% residential participation in a darknet that the UK government would throw you in jail if you did not hand over the encryption keys to traffic they acknowledge you are not even responsible for creating, but are providing for as an ersatz ISP. One way or the other, the UK will make darknets illegal too, and then you guys have nothing.
My best suggestion for people in the UK is to get out now before they erect the wall to keep you in.
The Act itself actually has a number of defenses, which aren't really discussed in the Wikipedia article.
IANAL, but if you could provide evidence to demonstrate that you genuinely did change your keys that frequently, you'd probably be OK.
Of course, I'd ask why you're keeping email encrypted that you can no longer decrypt - and if I'd ask it you can be more-or-less guaranteed that the prosecution would make a huge deal out of that.
No they can't.
As I pointed out last time RIPA came up, it's much more like a search warrant.
See my post here explaining it in more detail and my followup responses which explains, and provides links to the relevant legislation straight from the horses mouth:
http://slashdot.org/comments.pl?sid=1809504&cid=33806568
RIPA is an awful piece of legislation and has no place in a modern democracy, however there are many myths about it like that which you have stated which are simply just fantasy. RIPA is bad, but it's not quite that bad. It needs to be withdrawn from the books either way, but let's not over-dramatise the issue, else legitimate calls for it's removal based on legitimate concerns will just get lost amongst the madness.
WTF are you talking about? Let's say you've got naughty pictures of your wife, a few commercial trade secrets, a spell for summoning Yog-Sothoth, and your bank account passphrases all stored on your laptop, encrypted. One day, the drive electronics (but not the platters) fails and you RMA it to Western Digital, install the replacement, and restore your backup. A few weeks later, someone steals your laptop. You're saying it's worthless to prevent both Western Digital and the laptop thief from having your information, because the government has the power to arrest you? You do realize, don't you, that RIPA actually only gives powers to the government (not everyone), right? RIPA doesn't say you have to give keys to just anyone who demands them or else face arrest.
And as meerling points out, encryption also gives you a lot of protection from the government too. Let's say it was the government who took your laptop. Maybe they even imaged the disk and then returned it to your house without you ever knowing. Without encryption, your privacy has been violated and since you don't know it happened, you have NO recourse. With encryption, even with RIPA (!), they forcefully coerce the key from you. Now you know you're under attack, you probably give them the key, then you call your solicitor (or do whatever it is that UK people do when they have conflict with their government).
RIPA or not, you've gotta be just plain negligent, to not encrypt. Use 5% of one of your 6 cores for something, geeze.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Socially liberal, very strong on individual rights, very strong on limited government.
Some embrace anarchy.
'Lunatics' we are not : this was the position of people like Jefferson, for the most part.
"The Constitution, the WHOLE Constitution, and nothing but the CONSTITUTION."
Both countries elected new leaders (Obama in the US, Clegg in the UK).
Both leaders (and their parties) promised real change. Less aggressionist foriegn policy. Less violations of civil liberties. Winding back the crap done by the previous government. Less acting on behalf of vested interests and more acting on behalf of the people who elected them.
Yet, both governments and their parties have delivered essentailly NONE of the things they promised and seem to be going the other way.
The UK seems to think 1984 is an instruction manual for how to run a government. And the US isnt that much better.
Is there a SANE country out there?
One that has:
A government that doesn't violate its citizens civil liberties
No censorship
Decent Internet links
Good jobs in software development
Good standard of living
Everyone speaks English
Oh and dont suggest India, there is no way I could live in a country where eating a nice jucy steak is against the national religion.
I just wonder, is this that big of a problem? Connection anonymity, I mean? I don't think it was in the Internet's design, but I could easily be wrong. IMHO, being able to use free hardware/software to encrypt our calls point-to-point is way more important, as that would make the audio tap very expensive, just as it should be. They would literally have to outlaw connecting to the Internet with a free device, or go back to the good old ways.