Controversial New UK Internet Powers Bill Makes No Mention of VPNs

An anonymous reader writes: The Draft Investigatory Powers Bill presented by the UK Home Secretary Theresa May to Parliament today has caused controversy because it proposes new legislation to force UK ISPs to retain an abbreviated version of a user's internet history for a year, and would also oblige vendors such as Apple not to provide consumer-level encryption that the vendor cannot access itself in accordance with a court order. But perhaps the most surprising aspect of DIPA is that Virtual Private Networks are mentioned nowhere in its 299 pages, even though VPNs are a subject of great interest to Europe, Russia, Iran, China and the United States.

Re:The contriversial parts in brief.

[Xest]

Yes, this has always been my concern with most internet monitoring laws, and Theresa May even said it herself once without quite grasping what she'd actually said, saying one thing and thinking it meant another. She once said "We need to build a bigger haystack". No we don't Theresa, we need to get better at finding the fucking needle, not make it harder to find.

Perhaps the biggest argument I've often made for this is the fact that every single time there is a fucking terrorist attack in the West, it turns out that the perpetrator was known to security services. Lee Rigby's murderers were held by Kenyan security services and MI5 tried to recruit them. The 7/7 and Glasgow airport attackers had all previously been on MI5's radar. The Charlie Hebdo attackers were known to French security services, as was Canada's parliament attacker. The US security services had been alerted to the Boston bombers by the Russian security services. It's the same story time and time again, these attackers don't turn up out of the blue, consistently they're people who have long been on the radar and have reached a point of radicalisation where they decide to cross the line. If we can't even stop people that we know think this sort of terrorist attack is okay, then what the fuck will logging everyone's data achieve? Already security services can't properly vet the risks of people they know about, so even if they get good at pulling additional people out of this data, then what use is that if they still can't properly vet them anyway?

Given that this is something that's being pushed for by the police, my suspicion is that they're basically asking the UK to give up privacy simply so that the police can catch the low hanging fruit - people who visit known paedophile sites without any kind of obscuring of that fact (for example, by using Tor). They want to be able, once a year, to grab the list of data, compare it against a list of known paedophile websites, and then go out and do a massive publicity gandering raid where they bust down the doors of the hundreds of people they find on this list and then claim yeah, we smashed a massive paedophile ring, not giving a toss about the innocents caught in the crossfire because their PC had been hacked and used as a proxy for the actual perpetrator, just like last time they did this sort of thing after the authorities in America sent them a massive list of credit cards used on such a website.

You'll have to excuse me therefore if I'm not convinced that this justifies the death of privacy.

I think you're right to cast aside the slippery slope argument FWIW, I don't put much weight in that view. Frankly if government goes bad, then it'll do that anyway regardless of what the law says - I've not seen the US constitution have any effect on flagrant violations by successive governments in the US since 9/11 for example. I don't think it's worth worrying about slippery slope stuff because if government goes bad you're already fucked regardless of what the law at that point pretends your rights are.

I think it's far better to concentrate on the actual problems here and now, rather than worrying too much speculating or screaming about slides towards police states and so on- that type of argument never gets us anywhere, because most people in the general public scoff at it and see it as nonsense. It's far better to simply focus on making it clear to people that this move wont have any impact in preventing terrorism, and will mean the police will know everything about their lives.

Re:The contriversial parts in brief.

[andrewbaldwin]

"You've completely missed the point of why they want to do this."

EXACTLY

And, being an old cynic, that is probably why this question has never been aired on the news, TV, radio... etc (newspapers are a lost cause in the UK).

Brilliant - This means...

[jaseuk]

That the Gov cannot gain access to modern Apple and Microsoft devices. This legislation wouldn't be necessary otherwise. Microsoft and Apple have genuinely closed the encryption / key loopholes that would allow the authorities to force them to unlock these devices.

This is excellent news, now just to get this bill junked.

Jason.

Re:Brilliant - This means...

[AmiMoJo]

It's been suggested that if manufacturers are forced to remove encryption from their devices they should simply leave the UK market. I'd support that. Voters are pretty apathetic but take away their iPhones and there will be a revolution.

Re:And another thing

[AmiMoJo]

The problem is that such evidence is usually secret, so it is impossible to argue against in court. The security services get to show it to the judge, and it's up to him to question if it would allow evidence to be planted. The defendant and their legal team doesn't even get to see it, or know the nature of it.

There is also parallel construction, which would mean that evidence of hacking could be hidden entirely from the court.