Slashdot Mirror
UK Web Snooping Plan Invades Privacy, Despite Claims To the Contrary
sweetpea86 writes with a snippet from this story at TechWorld:"The UK government's proposal to separate communications data from content, as part of new plans to allow intelligence services to monitor all internet activity, is infeasible according to a panel of technology experts. Speaking at the 'Scrambling for Safety' conference in London, Ross Anderson, professor of security engineering at the University of Cambridge Computer Laboratory, said that the distinction between traffic data as being harmless and content as being sensitive is becoming less and less relevant. 'Now that people are living more and more of their lives online, the pattern of who you communicate with and in what order gives away pretty well everything,' he said. 'This means that, in data protection terms, traffic data is now very often going to be specially sensitive data.'"
the problem is that the ISP's aren't powerful ENOUGH imo.
They don't *want* to snoop, it slows their networks down to have to log everything, it involves major monetary investment to do so.
It's the government's who are vulnerable to Lobbying from the powerful rich corporations and groups like the *IAA who lobby for this crap. It's the governments who ignore the cries of the people about it.
Had the ISPs remained independent they'd have even LESS clout than they do now. The UK still has quite a few ISPs and there's less of a monopoly on areas than in the US, but companies aren't officially allowed to Lobby the government. I say officially because, frankly, theres been quite a few Cash for X scandals in the last decade or two. The most recent being Cash for Dinner with the PM scandal. So the UK Government will listen to those with power and money (Look at how they cosied up to Murdoch before the Phone Tapping Scandal, he barely needed to *pay* them anything to get them to do what he wanted)
It's not the ISPs fault that the government looks after itself before it looks after the people. It doesn't represent the people. It doesn't represent the corporations. It just looks to save itself, and at the moment that comes from listening to those with the cash.
It pays to be obvious, especially if you have a reputation for being subtle.
There is always this trade-off: do we want more privacy, accepting increased risks of criminal/terrorist acticity, or are we willing to trade off some privacy to get more security. This choice is political and should be democratically decided. Whether this applies to the internet or in other contexts actually makes little difference, so the trade-off isn't new either. The difference is that just in the present more dangerous climate, more voters are willing to accept some loss of privacy.
Can anyone think of anything equivalent to this in history? Where people were under extensive surveillance? What happened?
There has to be a crunching point for things like this, society is meant to limp forward gradually. Hopefully it will get better after it gets worse...
Slashdot needs Geekcode | Can anyone recommend any good SCIFI? My tastes: Foundation, Startide Rising, CITY, Ringworld,
The government seeing the data should not be that big a deal unless you have something to hide
Why not allow the government to install cameras in every room of your house? What are you hiding? You could be committing crimes in your house, after all.
The small ISPs did not become big ISPs, the incumbent telecoms and cable companies became big ISPs. There are still a lot of small ISPs, but they account for under 10% of the market between them. Virgin Media and BT control almost all of the physical infrastructure, and along with a handful of other big companies (e.g. Sky) also control the majority of the customer-facing side. Even if you go with AAISP, they're still using BT's network, so there's little they can do if BT starts snooping on the backbone.
I am TheRaven on Soylent News
It's not whether the government will protect the data from 'leakage' as you put it, letting the government have it IS THE LEAKAGE. And yes I have something to hide: my opposition to the security forces intrusive snooping for one thing.
I'm also critical of the security forces ignoring Rendition and Torture laws, and suspicious of the recent MET inquiry into same. See the Parliament begins an inquiry into what is a criminal act, illegal complicity in torture and rendition. Then the MET police unit starts a criminal inquiry, thus shutting down the parliamentary one. As long as the MET says its inquiry is open then the parliamentary one cannot proceed, and can be blocked for years.
Now when you realize that the MET was given the anti-terror powers and forms the police branch of the security forces, you realize how bogus that inquiry really is. The police arm of the spooks will inquire into whether the spooks broke the law. Whitewash anyone?
I am writing from a country, I won't name it, but it has a military/civil government, and the civil elected government fears the military and won't bring them to account for past deeds. And I am so afraid of said military that I won't even name the country.
UK is not that far from the same, you'd have to be complacent not to see how powerful the police and security forces have become vs the civilian elected government.
1. if the UK government legislates the cost will be immense to develop the systems to scrape and deep packet inspect thousands upon thousands of protocols, and web2.0 websites.
2. much of the data is already end to end securely encrypted and can not be decrypted. it will be quite obscured who is talking to who with web2.0 applications just based on the IP address of people using eg slashdot via https.
3. there are lots of p2p protocols that are end to end securely encrypted. For example skype calls commonly go through multiple relays. seeing the IP address and an encrypted skype channel between your computer and a high bandwidth relay wont tell you who is talking to who.
4. there exist many VPN services connecting to many jurisdictions which trivially bypass the proposed intrusions.
5. its following Chinas example, which is a bad precedent, already we see Iran, Syria, pre-revolution Egypt defending their intrusion and interference with the internet drawing parallels with initiatives such as this. US, UK et al had fine words to say against such abuses in undemocratic countries and dictatorships, and yet here we have the UK proposing to do similar things to their own citizens.
6. most web mail and web 2.0 sites and applications and protocols are developed and hosted outside the UK, so the UK lacks the technical authority to capture the traffic - users who care will just VPN or use end to end encryption to freer countries. This legislation if passed will likely see less development and hosting done in the UK harming the UK economic competitiveness in the information economy.
7. what is the end game? If one credibly wants to actual capture data one has to follow China, Iran et al and outlaw encryption, outlaw VPNs, outlaw development of software without government backdoors, license software development, restrict access to compilers without a government license, impose a draconian country level firewall. This is all highly implausible and incompatible with a democracy.
8. I think government has not thought this through at all. Probably they are thinking that they can just record IPs like you can record phone numbers on a voice call. The internet is not like that. It is an open, global platform for applications. The communications traffic is hopelessly co-mingled with data in many applications.
9. Unfortunately the government has limited technical expertise and has blinkered and fooled by the "if we could just save one..." argument.
10. There is no cost benefit analysis. You are more likely to die by crashing your car than due to violent extremists actions. More likely to die by random lightening strike. There is a limit to the costs, erosion of freedom a democracy should be willing to inflict on itself in the name defense. If we take it too far the extremists have won.
11. We would be better off spending the money on human intelligence. One of the defense conclusions was a western intelligence failure in the middle east area
12. there appears to be no planned judicial or credible independent oversight. That is inappropriate in a democracy. In what way would it harm defense to require a court order from a judge to interfere with and deep packet inspect the internet traffic of a target of investigation.
"The government seeing the data should not be that big a deal unless you have something to hide"
How about 'it's none of your fscking business, nor anyone else's, who I talk to' ?
How about that?
Government should exist as a way for society to collectively enforce a code of law, and to provide common services we all need. As far as I'm concerned this is way, way, way beyond its remit.
the problem is that the ISP's aren't powerful ENOUGH imo.
They don't *want* to snoop
w0w :} ye ye .... let me make some basic math on how much it will cost my ISP to store my traffic , for lets say 6 months ..... ...i'm limited at 100Mbps upload and 100Mbps download ...i'm from Europe, so i'm downloading/uploading ...its more but let's say its 40 .... .... but I can ...or whatever , just to force them to store all my taffic ...then again , I can connect VPN inside an running VPN runnel... ...soo .....they'll be able to store my encrypted traffic ? why? Total waste of space :] .... ...more switches , so they can connect the servers ....and what to ISPs get ? Nothing ....so they have to double their investment, and I can still ...so what's the point ??? To sniff me ?They'll never be able to do it :) So GL to the governments and the stupid ppl running them ... u can monitor the stupid user ....every1 who wants to hide from u , will do it ..so , what's
So.... i'm having FO to my home
torrents non stop (its legal so why not xD ) so , mu avrg traffic is around 40Mbps (combined up + down)
So how much space will they have to seperate only for my traffic ? THey may only sniff parts of the traffic (for exmaple mail and web)
use VPN , or Proxy
just for the fun
So in the end they'll need to invset huge amounts of money to get HDDs to store the info , huge amounts for new server witch to do the actual work
oh
protect my traffic
witch think that they can control or monitor the internet
the point ? Waste money ?!
Here's what the Conservative/LibDem Coalition apparently promised before they were elected: (copy-pasted from http://webarchive.nationalarchives.gov.uk/20100919110641/http://programmeforgovernment.hmg.gov.uk/civil-liberties/index.html) We will implement a full programme of measures to reverse the substantial erosion of civil liberties and roll back state intrusion. We will introduce a Freedom Bill. We will scrap the ID card scheme, the National Identity register and the ContactPoint database, and halt the next generation of biometric passports. We will outlaw the finger-printing of children at school without parental permission. We will extend the scope of the Freedom of Information Act to provide greater transparency. We will adopt the protections of the Scottish model for the DNA database. We will protect historic freedoms through the defence of trial by jury. We will restore rights to non-violent protest. We will review libel laws to protect freedom of speech. We will introduce safeguards against the misuse of anti-terrorism legislation. We will further regulate CCTV. We will end the storage of internet and email records without good reason. We will introduce a new mechanism to prevent the proliferation of unnecessary new criminal offences. We will establish a Commission to investigate the creation of a British Bill of Rights that incorporates and builds on all our obligations under the European Convention on Human Rights, ensures that these rights continue to be enshrined in British law, and protects and extends British liberties. We will seek to promote a better understanding of the true scope of these obligations and liberties.
Why did the chicken cross the road? Because Elon Musk put an AI chip in its head.
Terrorists don't win you know, and despite occasionally killing some people they don't pose a long term threat to any free society. Al Qaeda didn't take over Egypt, the Egyptian military did.
On the other hand military and security forces take over their own countries all the time. Right now South Ossetia had an election, it voted for a candidate, the interim government struck down the elections, barred the winner from standing, and now they voted 54% for the Russian backed former KGB chief, the other opponent was also a Russian backed candidate. Nice huh, they wanted freedom and now they have a KGB stooge.
You can say "it could never happen here", but it happens literally EVERYWHERE.
The biggest threat to democratic freedom was, is and always will be, their own internal security forces, not some nutty Pakistanis with a bag of fertilizer. It's always the man with the medals and ego who think he knows best.
it slows their networks down to have to log everything
It would lag everything, gamers should complain LOUDLY
That is highly unlikely. They would probably be taking a copy of the data at some critical part of the network and then everything else would happen on some secondary out-of-band network. The kind of hardware they'd be using to do that is also used by, for example, high frequency traders, who literally win or lose millions by being milliseconds faster than the other guy.
It would, however, almost certainly cost a staggering amount of money to buy the hardware to implement all of this, and the people warning about inability to fully separate content technically even if the politicians/lawyers say that will happen do have a valid point.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
It's worth pointing out for the benefit of anyone who doesn't know much about how UK ISPs work:
The incumbent telco, British Telecom, set up their own broadband network and also sold their DSL product at a wholesale rate to ISPs. There was quite a lot of fuss from ISPs about this, as the incumbent effectively had an advantage over them - the incumbent owned the infrastructure so could do what they liked with it, up to and including unceremoniously yanking customers broadband.
The upshot is that British Telecom was split into two companies: Wholesale (BT Openreach) and retail (the company you buy your telephone line and broadband from). Openreach own and run the infrastructure, retail effectively just packages and resells it. You or I cannot approach BT Openreach under any circumstances. They won't investigate issues, they won't talk about new or existing lines, they won't do anything unless you're a company that has a contract with them. They will politely point you in the direction of a retailer.
Anyone can set up an ISP and contract BT Openreach. Optionally, they can put their own equipment in the telephone exchanges though this is generally limited to the larger of the (still pretty small) alternative ISPs. But even if they put their own equipment in the telephone exchange, actually running the copper between telephone exchange and customer is contracted out to BT Openreach.
The telephone line rental is totally separate from the broadband, and many of the smaller ISPs won't contract Openreach for the line rental itself or any telephone calls that run over it - they'll only deal with the broadband. Which means it's quite possible to be in a position that your ISP is blaming your telephone provider for your broadband being down; your telephone provider is blaming your ISP. Lots of people I know won't even consider buying broadband unless they can get the phone line from the same company for exactly this reason.