Sir Tim Berners-Lee Accuses UK Government of "Draconian Internet Snooping"

An anonymous reader writes "According to British daily The Telegraph, Sir Tim Berners-Lee has warned that plans to monitor individuals' use of the internet would result in Britain losing its reputation as an upholder of web freedom. The plans, by Home Secretary Theresa May, would force British ISPs and other service providers to keep records of every phone call, email and website visit in Britain. Sir Tim has told the Times: 'In Britain, like in the US, there has been a series of Bills that would give government very strong powers to, for example, collect data. I am worried about that.' Sir Tim has also warned that the UK may wind up slipping down the list of countries with the most Internet freedom, if the proposed data-snooping laws pass parliament. The draft bill extends the type of data that internet service providers must store for at least 12 months. Providers would also be required to keep details of a much wider set of data, including use of social network sites, webmail and voice calls over the internet." Jimmy Wales doesn't seem to be a very big fan of the UK snooping either.

Who cares when Google is around?

[For+Freedoms]

Google already collects all this data and much more. They have analytics and various scripts like jquery embedded on around 99.9% sites. Facebook handles the rest. With Google closely working with NSA and other agencies, who cares? They already have the data right there. Google is officially the internets big brother, already!

Re:Who cares when Google is around?

They have analytics and various scripts like jquery embedded on around 99.9% sites.

Not for me they don't son. None of this noscript pussying around either, broken sites are broken -- turn javascript off!

Re:Who cares when Google is around?

Uhm....
First of all - Google collects data about my VOIP calls? I don't think so.
Google is mostly only present on the web, not the rest of the internet.
Even then, you have to be logged into a Google account.
Even then, they don't collect data they don't care about.
Even then, Google is one of the few countries that won't just hand whatever data over to the government that they ask for with no questions.

Even Google wouldn't want to retain every detail of everything a user does - ISPs certainly don't. I can only think of one place that would really love this idea - hard drive makers. Think about it - when everything you do is logged in detail, and that data has to be retained long-term, then the ISPs and government will have to store it somewhere. It's going to be Hard Disk, at least until it gets cut to tape.

Re:Who cares when Google is around?

[Canazza]

hold on, I thought jQuery was run by a not-for-profit foundation, not Google?

Re:Who cares when Google is around?

Google runs a CDN (Content distribution network) that hosts JQuery and it has become one of the main ways to include JQuery in your website. There are many advantages to this (since many websites all load Jquery from the same url, one cached version makes all those sites load quicker, etc), but the disadvantage is that since the file gets pulled directly from Google's webservers, they get to roughly monitor website traffic. The catch-22 is that most JQuery powered sites would be using Google Analytics (or similar software) anyway so it's a non issue.

Re:Who cares when Google is around?

[fa2k]

Uhm....
First of all - Google collects data about my VOIP calls? I don't think so.

on Google Volce (not technically VoIP) and Google chat sure. They also sync your contacts for android, not sure about the call history

Google is mostly only present on the web, not the rest of the internet.

I'll give you that one. They have DNS and email, but it's all optional. For email, they aren't saving anything more than any other webmail provider. For DNS, you have no idea what they save.

Even then, you have to be logged into a Google account.

For them to save data? No. Just no.

Even then, they don't collect data they don't care about.

When they care about *logging wireless packets* from their Streetview cars, we can conclude that they care about almost all data

Even then, Google is one of the few countries that won't just hand whatever data over to the government that they ask for with no questions.

You can have this one too. But we don't know if they have deals with CIA et al.

Even Google wouldn't want to retain every detail of everything a user does - ISPs certainly don't.

ISPs aren't in the advertisement or world domination business. If Google thinks that a piece of data may help them target ads better in 5 years, they store it.. Disk space is chap (they have petabytes of satellite images and streetview images coming in all the time, for example).

I'm surprised that you didn't use the argument that people could just avoid Google, Chrome, etc., but they can't avoid the government. You probably know, then, that between AdSense, Google Analytics, Google plus buttons, Custom search, they know about most sites you visit.

Re:Who cares when Google is around?

[FireFury03]

First of all - Google collects data about my VOIP calls? I don't think so.

on Google Volce (not technically VoIP) and Google chat sure.

Well, duhh, yes - the service provider you're buying a service from knows you're buying that service. If you don't want google to know about it, use a different service provider (but then that service provider knows...). This is no different from how its always been, whether on the internet or not - the telco knows when you made a phone call through their network, the baker knows when you bought a loaf of bread from him.

They also sync your contacts for android

Only if you tell them to... You can happilly use an Android device without asking Google to sync your contacts if you want to.

not sure about the call history

Google only gets your call history if you ask them to back up all your data. Again, you don't have to use this functionality (personally, I back up my phone nightly using rsync over my wifi network, so I don't bother using Google's backup stuff).

I'll give you that one. They have DNS and email, but it's all optional.

So, just like all the stuff you said above - they provide some services, its up to you whether you use those services and if you do they are going to know something about you in the same way as anyone else providing those services would.

For email, they aren't saving anything more than any other webmail provider.

Google _do_ analyse your email content to target advertising at you, which is more than many other webmail providers (although I imagine the likes of yahoo and hotmail do the same these days).

Even then, they don't collect data they don't care about.

When they care about *logging wireless packets* from their Streetview cars, we can conclude that they care about almost all data

I would say that Google's attitude seems to be "lets collect as much data as we can, we might find a neat way of analysing it in the future". There are, of course, good and bad things about that. Afterall, people use Google's services precisely because they work really well, and a lot of that is down to Google figuring out how to analyse your data in new and useful ways (useful to *you* as well as them).

That said, I don't really see the big deal with the whole wireless logging thing. They caught some packets that were broadcast in the clear into a public space for anyone with a receiver to see. If people didn't want their network traffic to be seen by others they had ample opportunity to encrypt it *using the standard functionality of their router*. And even so, the streetview car is moving at speed, it won't capture more than a few packets so they're going to be hard pushed to get anything particularly scary from the data. The whole thing strikes me like someone standing in their front window naked and then complaining that someone who drove past caught a glimpse of them - if you don't like it you should've drawn the curtains.

Re:Who cares when Google is around?

[fa2k]

If you don't want google to know about it, use a different service provider (but then that service provider knows...). This is no different from how its always been, whether on the internet or not - the telco knows when you made a phone call through their network, the baker knows when you bought a loaf of bread from him.

The difference between Google and other companies is that

1. Most companies don't claim to be interested in collecting data. You effectively have to trust them to delete the information when they no longer need it for billing and accounting. Google does save the data, and you have to trust them not to do anything evil with the data. The difference is that you have to trust the telephone company (ugh) for a short time, while you have to trust Google until its demise.

2. Google provides lots of different services, and can combine the data. There can be a "synergy" effect, where small pieces of data are not useful to anyone, but if you have lots of pieces you get a detailed picture, and with good algorithms, a deeper knowledge of the person in question.

As you said below, having lots of detailed information is not necessarily bad. Looking at how law enforcement and the military are grasping for this kind of info, it's tempting to conclude that the info itself grants power, but that's not correct. The government already has the power to use force on people, but only on people who break the law. Having more data just increases the likelihood of them being able to prove that you broke a law. My concern is that there is a similar scenario where Google can use their data in a way that I don't agree with, but I can't think of such a scenario.

I would say that Google's attitude seems to be "lets collect as much data as we can, we might find a neat way of analysing it in the future". There are, of course, good and bad things about that. Afterall, people use Google's services precisely because they work really well, and a lot of that is down to Google figuring out how to analyse your data in new and useful ways (useful to *you* as well as them).

That said, I don't really see the big deal with the whole wireless logging thing.

Absolutely agree that the wireless sniffing thing is overblown. It was just meant as a well known example of systematic collection of data.

Re:Who cares when Google is around?

[History's+Coming+To]

Which is why I host jquery locally (and a trimmed down version at that, I don't use all the features) and use the inbuilt logging that almost every server comes with.

Don't rely on third parties to host code.

Nobody gives a shit about your rights anymore.

Right to privacy? Nope. Freedom of Speech? Nope.

Although I think all the conspiracy theorists are crazy, the new world order is the eventual coalescence of the violation of inalienable rights and it's frequency of occurence across all nations.

Re:Nobody gives a shit about your rights anymore.

[jamstar7]

Right to privacy? Nope. Freedom of Speech? Nope.

Although I think all the conspiracy theorists are crazy, the new world order is the eventual coalescence of the violation of inalienable rights and it's frequency of occurence across all nations.

Anymore the difference between the tinfoil hat brigade and the rest of society is, mainstream society believes that 1984 is coming. The tinfoil hat brigade believes it's already here.

Re:Nobody gives a shit about your rights anymore.

[Chrisq]

Nope. Freedom of Speech? Nope.

This has been noted in your file ...

Re:Nobody gives a shit about your rights anymore.

[Joce640k]

I have to admit I snorked my coke when I saw that the UK government was supposed to be an "upholder of web freedom".

The UK government is one of the most openly snoopy governments in the developed world. If that's what they do in public, what do they do in private?

Re:Nobody gives a shit about your rights anymore.

[Coisiche]

We will be nice today and only ask the small sum of $1,000,000,000.00, payable within 3 hours..

In Bitcoins, right?

To prevent the "TERRORIST, CHILD ABUSERS and PIRATES" from using them.

Re:Nobody gives a shit about your rights anymore.

[daem0n1x]

I'm happy to see so many politicians being judged by what they do in bed, instead of what they do in the office. It's nice to see the Brits are focused on what really, really matters.

Everyone is doing it

[GeekWithAKnife]

Data collection/mining/snooping/browser profiling is so commonplace that pointing the finger in one direction seems almost wrong.
Your data is already being sold to advertisers by your phone company, by any form you filled in your details, by any "free!" email account etc. So many different companies and bodies are collecting data and personally identifiable information that we're becoming apathetic to it.

We need strong legislation and standards to make sure data collection is kept to a necessary minimum without infringing any further on privacy.

Some think an alternative to missing legislation is obfuscation of data. This requires a bit of an effort to give deliberate misleading details, temporary emails, use proxy IPs. This is not feasible for the vast majority.

We, the people, must strongly voice our discontent about such matters. Let's remind government officials that although the MAFIAA buys them lunch, it has a price.

Re:Everyone is doing it

[rich_hudds]

Actually, as anyone working in IT in the UK can attest, we have very strict rules on what you can do with people's data.

I've spent a whole day at 3 different jobs attending a Data Protection Awareness course.

Companies are also realising that the data they collect isn't quite as valuable as they once thought. That's why the big supermarkets that lead the way on this data mining with their loyalty cards are actually reducing the rewards they offer.

New technology brings new challenges, but to pretend we are slipping towards a 1984 state just betrays your ignorance of history which actually shows that the majority of movement is going towards increased rights.

Magna Carta only applied to the aristocracy at the time remember, and as recently as 1918 women couldn't vote here.

Re:Everyone is doing it

[Dr+Max]

I have only had rights taken off me over the last 10 years. If you can name a new one i've been given them i'm all ears.

Re:Everyone is doing it

to pretend we are slipping towards a 1984 state just betrays your ignorance of literature. We're in Brave New World.

Fix'd.

Re:Everyone is doing it

[rich_hudds]

It's not stupid at all. Would you be happy for insurers to take into account race and sexuality? What if they found that men with big dicks were more dangerous? You want your dick measured so you can get a discount?

It's just the same argument about shops having 'No Blacks' signs in the window, only at a slightly less obviously 'wrong' end of the spectrum.

An insurance company can only go on personal driving history or generalities. This is just a new rule to stop them lumping all members of one group together and discriminating against them.

Re:Everyone is doing it

[FireFury03]

Actually, as anyone working in IT in the UK can attest, we have very strict rules on what you can do with people's data.

There are indeed very strict rules. But what good are rules if they are not enforced?

As an example, an organisation I dealt with illegally sold my personal data to numerous "partners" (they asked me if I agreed to have my data passed to "partner companies", I declined, they did it anyway). A complaint has been filed with the ICO, and the ICO's response has been to write to the company in question telling them they shouldn't do that. That's it - the ICO are not interested in doing anything to enforce the data protection law except write sternly worded letters to people.

Meanwhile, whilst the original company has now stopped selling off my data, the companies they sold it to have sold it. And the ones they sold it to have sold it. There is no way for me to prevent that (now widespread) data being distributed further. Futhermore, these third party companies aren't even guilty of doing anything wrong since as far as they knew, I had agreed to have this data distributed (since thats what the first company told them).

What is needed is 2 things:
1. Rules forbidding the sale of any personal data between companies.
2. Actual enforcement of those rules and punishment for breaking them.

I am much happier with the likes of Google having my data than other companies - although Google may have a lot of my data, they don't sell it, so I pretty much know where it is, and if I don't like it I can cease using Google's services and make a formal request for them to destroy my personal data (which they are required to comply with under EU law). Most other companies that I have to deal with (e.g. my insurance company, etc.) are happy to sell the data on to other people, who will further sell it on and there's no longer any way for me to know who actually has this data any more. I *always* tick the "don't sell my data" box whenever I fill in a form, and yet my personal data is out there being bought and sold because a few companies have broken the law and ignored my preference. There is largely no way to know which companies have done this.

Re:Everyone is doing it

[shiftless]

And you can go to prison if you smoke the wrong plant, or be sent to Gitmo if you say the wrong words loudly and forcefully enough or don't pay enough taxes. Yeah, you're totally free.

Which reputation?

[leromarinvit]

Which "reputation as an upholder of web freedom" would that be? The one based on them censoring Wikipedia for showing an album cover? Or the one where you have to hand over encryption keys or be thrown in jail?

Re:Which reputation?

[azalin]

I think they refer to their defense of privacy by having the highest number of surveillance cameras per citizen of any western nation.

Re:Which reputation?

[Gordonjcp]

Oh, that old chestnut. I think you'll find that US cities have just as many CCTV cameras - possibly more - as UK cities.

The number that's often trotted out only works if there's a CCTV camera for every 50m (yes, fifty metres, about ten car lengths) of road right down to dirt farm tracks - which is clearly not the case.

Re:Which reputation?

Interesting. How do I encrypt a visit to the pharmacist, grocery store, or any other shop for that matter? Should I start wearing a balaclava? I believe that would cause more problems than it solves. How do I purchase stuff without being profiled? Maybe I should scratch all the markings of my currency bills to make sure they can't be tracked, and avoid using bank cards altogether, while stuffing said bills under my mattress? How do I encrypt my phone signal and how do I then make or receive calls from other people when the network does not support it?

While these examples are quite extreme and borderline paranoid... do you see my point? As an individual, there is absolutely nothing you are able to do to really isolate yourself from the surveillance, monitoring and profiling madness while still functioning normally in society. This bothers people.

Run a Tor relay.

[L4t3r4lu5]

Even if you're not happy running an exit node, you can help speed up the Tor network by running a relay. All traffic through a relay is encrypted and kept within the Tor network, so you remain unidentifiable. It also helps obscure when you yourself are using Tor.

Re:Run a Tor relay.

[coofercat]

So here's a serious question...

Assuming this tracking law gets in (which it seems it will eventually, as this isn't the first try for such a thing), then would it actually be a good time for everyone (inside the UK and International) to rent a virtual server some place (in the UK) and run an honest-to-goodness Tor exit node?

For us Brits, there's a risk of prosecution (although it's unclear to what extent). I'm sure "it's a Tor node, it's entirely public, and I personally didn't actually download all that stuff" might be enough defence to avoid life-changing legal action. IANAL, and I really have no clue what I'm talking about here.

However, for International folks, the worst than can really happen is that they shut down your VPS. You can then just go rent another one and be up and running in minutes.

Assuming this vaguely makes sense (particularly for non-UK residents), then we could conceivably have a "flood" of Tor-originated traffic to all manner of questionable web content flowing through our Royal pipework and into the ISP data logs, and into the Great Decentralised Central Government Database of Everything. I'm probably barking up the wrong dog here, but it seems interesting none the less.

Re:What some people don't realise

[kraut]

There are also a large number of Irish people, a significant fraction of which used to sympathise with the the IRA..... .and we managed to resolve that issue without panopticon surveillance and giving up our human rights.

Social networks

[Alioth]

Good luck with logging social network use. Facebook and Twitter at least seem to use https by default for me. Unless ISPs can force people to download trusted certificates for a proxy that decrypts, logs, then re-encrypts their facebook usage, they won't be seeing much.

Incidentally, I run my own mail server. I relay my mail through it using TLS, and it too uses opportunistic encryption when contacting other SMTP servers. My ISP sees nothing but encrypted data going past. Many public SMTP servers now are supporting opportunistic encryption and supports 256 bit encryption (in fact, if you want to pass a PCI-DSS ASV scan, then if your mail server supports encryption it must disable all weak ciphers).

(Disclaimer: I don't live in the UK, but I do live in a British crown territory - whether a similar law is passed here is not guaranteed, for example we don't have anything like the RIP Act)

Plans to monitor individuals' use of the internet?

[dgharmon]

"According to British daily The Telegraph, Sir Tim Berners-Lee has warned that plans to monitor individuals' use of the internet would result in Britain losing its reputation as an upholder of web freedom."

I assumed there was someone monitoring my use of the Internet, which is why I've always been cautious, at least with my home usage ...

Re:What some people don't realise

[Chrisq]

We've never had any bother from the Muslims here, at all.

Apart from the 77 bombings, the Glasgow Airport attack, the Exetrer bomb attack, shoe bomber and dozens of failed attempts and arrests.

Big Brother

[CuteSteveJobs]

The Australian Government is doing the same thing:

http://yro.slashdot.org/story/12/09/04/1825205/australian-attorney-general-pushes-ahead-with-govt-web-snooping

For the first time in history people can communicate freely en masse and it scares them.

Hello? This is the EU, not the UK

[Onymous+Hero]

The source of this junk law is the European Union. It just so happens that the UK has implemented this directive. Others will follow suit if they haven't already!

"On 15 March 2006 the European Union adopted the Data Retention Directive, on "the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC".[1][2] The Directive requires Member States to ensure that communications providers retain, for a period of between 6 months and 2 years, necessary data as specified in the Directive"

https://en.wikipedia.org/wiki/Telecommunications_data_retention#European_Union

Re:Hello? This is the EU, not the UK

It couldn't be that national governments get their European counterparts to push through unpopular directives?
Or that Britain doesn't have a Veto.

You know you would think people would remember voting in Conservative MEP's and they are not aliens but members of the same political party that also has members in the national government.
  It wasn't Microsoft attacking Linux it was SCO much easier to attack the sock puppet.
It's not the record labels making disproportionate attacks it's the RIAA.

It's not so surprising that this legislation is getting pushed through, with the current measures this government are pushing through who is to say a terminal cancer patient won't decide to take out David Cameron for the good of the country. And wouldn't I be in trouble for saying this if I still lived in the UK. There are still patriots around who believe in British fair play, that believe it is Right to protect the weak and defenceless and who will sacrifice their lives in defence of their country and it's values. These are not the kind of people who stand and gawk when action needs to be taken. At some point someone is going to say it's time to fight back.

People are angry and disappointed, disappointed that the LibDems seem to have failed to moderate the worst excesses of Tory Policy.

Social media is a big thing now, even thou most of it is trite, it is possible for ordinary people to band together and speak with one voice. There are other voices to be heard other than the likes of Rupert Murdoch. It won't be the Sun that won it at the next general election.

Re:What some people don't realise

[Gordonjcp]

The Glasgow airport "attack" wasn't terrorism, it was two drunk Asian kids crashing a car. It happens all the time in Renfrew, it's a rough area.

Re:What some people don't realise

[Chrisq]

The Glasgow airport "attack" wasn't terrorism, it was two drunk Asian kids crashing a car. It happens all the time in Renfrew, it's a rough area.

I suppose they all plant car bombs in London before-hand, fill their cars with petrol and propane tanks, and that if they survive are Jailed for life for planned mass murder?

Re:What some people don't realise

[slashmojo]

The only significant terrorist attacks in the UK have been carried out by white Christians .. We've never had any bother from the Muslims here, at all.

Talk about selective memory.. have you missed the last 10 years or so?

Does this not count as significant in your books?!
"The 7 July 2005 London bombings conducted by four separate Islamist extremist suicide bombers, killing 56 people and injuring 700."

Re:What some people don't realise

[Gordonjcp]

Oh that? Hardly significant. Give me a shout when they get to multiple thousands, like the American-funded Irish terrorists.

Re:What some people don't realise

[Goth+Biker+Babe]

What *you* have to realise that apart from the 77 bombings which were reasonably effective they were all pretty pitiful. The IRA terrorists really knew how to do terrorism.

http://en.wikipedia.org/wiki/1996_Manchester_bombing
http://en.wikipedia.org/wiki/Hyde_Park_and_Regent's_Park_bombings
http://en.wikipedia.org/wiki/1996_Docklands_bombing

But even those were nothing. You have to remember that our grandparents and parents lived through this. Nothing since has been comparable in anyway.

http://en.wikipedia.org/wiki/The_Blitz

The whole point of terrorism is to instil terror. *NOT* to kill people. That's a side effect. While you react to them they're winning. So don't react. As Ben Franklin said, "Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety"

Re:What some people don't realise

[serviscope_minor]

The 77 bomings were marginally effective. They killed people, but not very many (sucks for those people and their relatives, bit it's small compared to almost anything else) and certainly less than the IRA could muster. It also killed off the few compentent ones.

The other attacks proved utterly worthless. At best, the terrorists managed to hurt themselves, or get beaten up by passengers (with some considerable relish, I might add).

Otherwise, they served to demonstrate that London has truly effective traffic wardens: you put as car bomb in a no parking zone, then it will get towed waway ASAP.

Oh yeah and they managed to kill a man by the name of Jean Charles De Menizes.

Oh no wait, that was the police. Then they lied about it.

Underpaid and unloved

[Kupfernigk]

It's hardly worth being a technical specialist in the British secret world. The real reason that Thatcher wanted Spycatcher banned was because it revealed just how badly technical experts were treated in comparison with the Old Etonians, and might have dampened recruitment. Here's a hint: If you are any good, you can easily earn more teaching maths in a UK secondary school than you can being a codebreaker for the Secret Services. No, I can't prove it, but I have good reason to believe it.

Re:What some people don't realise

[cheekyjohnson]

What does this have to do with anything? Because you believe there are terrorists that means we should spy on everyone?

Same justification for the TSA. I'd say freedom is far more important than safety, and anyone who would give it up is extraordinarily credulous.