Slashdot Mirror

← Back to Stories (view on slashdot.org)

Tech Firms Seek To Frustrate Internet History Log Law (bbc.com)

Posted by msmash on from the complicated-things dept.

Plans to keep a record of UK citizens' online activities face a challenge from tech firms seeking to offer ways to hide people's browser histories. Internet providers will soon be required to record which services their customers' devices connect to -- including websites and messaging apps. From a report on BBC: The Home Office says it will help combat terrorism, but critics have described it as a "snoopers' charter". Critics of the law have said hackers could get access to the records. "It only takes one bad actor to go in there and get the entire database," said James Blessing, chairman of the Internet Service Providers' Association (Ispa), which represents BT, Sky, Virgin Media, TalkTalk and others. "You can try every conceivable thing in the entire world to [protect it] but somebody will still outsmart you. "Mistakes will happen. It's a question of when. Hopefully it's in tens or maybe a hundred years. But it might be next week."

85 comments

  1. this is a uk goverment plan by Anonymous Coward · · Score: 1

    ...........to increase the general use of VPN's

    1. Re:this is a uk goverment plan by Joce640k · · Score: 3, Interesting

      "The Home Office says it will help combat terrorism"

      So would a video camera in every room of every house, but there's a reason we don't do that.

      --
      No sig today...
    2. Re:this is a uk goverment plan by Anonymous Coward · · Score: 0

      ...........to increase the general use of VPN's

      Great idea to get the BPI/IFPI/RIAA heat off the government

      Government spokesperson: "Our piracy rates are so low, they're not even on the radar now thanks to this new law."

    3. Re:this is a uk goverment plan by Anonymous Coward · · Score: 0

      Yet...

    4. Re:this is a uk goverment plan by Anonymous Coward · · Score: 0

      "The Home Office says it will help combat terrorism"

      So would a video camera in every room of every house, but there's a reason we don't do that.

      Uh, IoT botnets?

    5. Re:this is a uk goverment plan by Pig+Hogger · · Score: 1

      So would a video camera in every room of every house, but there's a reason we don't do that.

      That would be double plus good!

    6. Re:this is a uk goverment plan by Anonymous Coward · · Score: 0

      So would a video camera in every room of every house, but there's a reason we don't do that.

      The appearance of that comment on slashdot makes me worried. I can understand it being made on a on-technical website where tech comprehension is lower. Perhaps the commenter did not understand the portions of the bill that relate to device hacking.

      The bill includes provisions for the police or security services to legally hack devices. In reality this includes the practice of covertly installing software that transmits information from the device's camera and microphone to the police or security services.

      They don't need a video camera in every room. You carry your video and audio transmision device around the house with you.

    7. Re: this is a uk goverment plan by Anonymous Coward · · Score: 0

      Here dies liberty
      Here dies the free Internet

      The Internet was supposed to be a new Library of Alexandria. The sum of human knowledge would be available to all of humanity, rich or poor. But it became corrupted by the lust for power and control. It was nice knowing you.

  2. Go ahead by Anonymous Coward · · Score: 2, Insightful

    Anybody with half a brain is using VPNs anyway. Go right ahead and inspect all my activity, you will only see me connecting to random servers all around the world exchanging what seems to be random noise. The only people who will be hit negatively by this are facebook-using idiots and other related scum, we've never needed them on our internet anyway. Let them suffer, they don't know how to use it anyway.

    1. Re:Go ahead by Anonymous Coward · · Score: 4, Interesting

      What will happen is eventually, the UK will do two things:

      1: Do like Pakistan and make VPNs illegal, with a long sentence for using one. This is already in place. A judge can ask someone repeatedly for a password, even an ephremeral SSL session key, and for every "no" answer, the defendant gets 4 years.

      2: Do like China and block/interfere with VPN traffic. This is more subtle and easily done, with the blame lying with ISPs.

    2. Re:Go ahead by Anonymous Coward · · Score: 0

      1. Is impossible, I can rent a server in any country of the world and route all my traffic through it. It is not possible to prove that I'm using it as a VPN, and even if it is, unless I am targeted specifically by powerful adversaries such as government agencies who can spend lots of resources to spy on me, I can use a wide array of countermeasures to ensure this will never get traced back to me. Giving up encryption keys is not a problem when we have FDE software with deniable encryption schemes, steganography, encryption software that pretends the disk is empty (no boot sector found messages etc) if incorrect key is provided, etc.

      2. Not possible and not enforceable. Even in China almost everyone uses a VPN to access uncensored and/or western internet free of government influence. If this kind of censorship becomes more widespread, better networks built on top of existing infrastructure will emerge, sort of like tor, freenet or i2p.

    3. Re:Go ahead by JustAnotherOldGuy · · Score: 4, Funny

      . . . you will only see me connecting to random servers all around the world exchanging what seems to be random noise.

      Oh yeah, that's not suspicious at all. No sireee, not one bit.

      "Sir, he's connecting to random servers all around the world exchanging what seems to be random noise."

      "Well that seems totally innocent to me. Everyone connects to random servers all around the world and exchanges random noise."

      --
      Just cruising through this digital world at 33 1/3 rpm...
    4. Re:Go ahead by Anonymous Coward · · Score: 0

      I am amazed VPN usage isn't more common. Here in the US, ISPs do so much hanky-panky (like adding tags to HTTP traffic), that it is only wise to go with a VPN on your phone and PC. Wi-Fi hotspots are also notorious for this as well, so having the traffic encrypted from the device is only prudent.

      It only will get more important. You have a company that is a root CA and makes an appliance for SSL MITM. A worrisome combo, and having a VPN that is either cert pinned or uses a direct IP will be important for getting around things like that.

    5. Re:Go ahead by Anonymous Coward · · Score: 0

      That's true, since most websites use https now. And even if they didn't we have this "innocent until proven guilty" thing. Being "suspicious" in somebody's eyes is not a crime, it's not even a misdemeanor.

    6. Re:Go ahead by AmiMoJo · · Score: 5, Insightful

      I expect they will try the rubber hose method first. Not literally of course, they will pick someone who uses a VPN, take their equipment away for forensic investigation and maybe throw in some child porn charges for good measure. Make their lives a misery for a few years, then eventually return their equipment wiped and broken.

      It will have to be someone who is innocent, so that people get the message that innocence is no defence if you use a VPN. You will be investigated and your life wrecked, name and face in the newspapers, unemployable and unable to afford legal council.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    7. Re:Go ahead by Anonymous Coward · · Score: 0

      1: As a net admin, it isn't hard to find a machine doing odd traffic out from a port like 80 or 443 and drop it from the network until the owner fesses up.

      2: It is simple to deal with those networks. Whitelist known traffic, force ISPs to drop everything else, like they do with NFS traffic.

      3: The UK can also do something similar to net health checks, forcing endpoints to have AV-like software. No software present, no Net access. Said software would have signatures for copyrighted works, bong making literature, and so on, and would send any positives to LEOs, or just yank the box off the network. The tech is already in place on consoles and Valve. Someone dicks with a game on Steam, they get forever VAC banned.

    8. Re:Go ahead by Anonymous Coward · · Score: 0

      Wi-Fi hotspots are also notorious for this as well, so having the traffic encrypted from the device is only prudent.

      Given the prevalence of https, isn't most traffic encrypted from the device?

    9. Re:Go ahead by Anonymous Coward · · Score: 0

      1. I can use any port and mask the traffic to make it look like anything really, for example like encrypted video stream. "Odd traffic" is not a definition and you'd have to drop almost everyone from the network.

      2. is not simple at all. The court-ordered blacklists of "piracy" (file sharing) websites are laughably slow, taking months to block known piratebay mirrors which pop up under a different domain the next day after the ban goes into effect. If you wanted to do that with whitelists, they would effectively take the entire country off the internet.

      As for 3, nobody, not even China does this, and if they started doing that, more encryption is again the answer. Can't scan for signatures if the traffic is encrypted, can't do deep packet inspection, can't do anything really.

    10. Re:Go ahead by NotAPK · · Score: 4, Insightful

      And if any of these become legislation in the UK then good luck being competitive economically with the rest of the world. If the UK does follow through on Brexit, and pushes ahead with these ridiculous anti-privacy laws, then the economy will definitely suffer for it in the longer term.

      How do these snooping policies apply to businesses?

      If they make no distinction, then businesses will not tolerate it. Those that can will relocate. Those that can't will suffer for it.

      If they do not apply to businesses, then the workaround is for private individuals to route all their traffic through the workplace, if they have access, or VPS's commissioned as "business grade" services.

      I live in the UK and think this all sucks pretty bad. Time to leave.

    11. Re:Go ahead by Anonymous Coward · · Score: 0

      Doesn't need to be a crime, they'll just use 'big data' to automatically take away some of your privileges (used to be called rights)..

    12. Re:Go ahead by fuzzywig · · Score: 3, Interesting

      The government could try banning VPNs, and it would work for about five minutes before practically every company in the UK calls up their MP to point out that VPNs are an essential part of their business. Closely followed by the civil service, the military and the NHS.

    13. Re:Go ahead by Anonymous Coward · · Score: 0

      Okay, I'll just use my neighbours wifi then.

    14. Re:Go ahead by Jahta · · Score: 5, Informative

      I expect they will try the rubber hose method first. Not literally of course, they will pick someone who uses a VPN, take their equipment away for forensic investigation and maybe throw in some child porn charges for good measure. Make their lives a misery for a few years, then eventually return their equipment wiped and broken.

      It will have to be someone who is innocent, so that people get the message that innocence is no defence if you use a VPN. You will be investigated and your life wrecked, name and face in the newspapers, unemployable and unable to afford legal council.

      Unlike many other countries, the UK has no written constitution (despite periodic hand-waving about "Magna Carta"). The UK parliament can basically enact any laws they want. In the past, UK citizens could take a case to the European Court on the basis that a particular law contravened the European Convention on Human Rights. However leading Brexiteers, and even the current Prime Minister Theresa May (a notional Remainer), have made it clear that they want to plug that "loophole".

      Makes you proud.

    15. Re:Go ahead by AmiMoJo · · Score: 1

      The worry is that some post-truth arsehole will come along and convince people that they want to act against their own best interests, like Brexit. They will campaign on the grounds of safety, catching terrorists and paedophiles, and after all if you have nothing to hide you have nothing to worry about.

      I'm more convinced than ever that we need to use technology to build secure systems, because we can't rely on democracy to protect us from abuse.

      You are right, it's time to leave.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    16. Re:Go ahead by Anonymous Coward · · Score: 0

      And just how are you going to hack WPA2-PSK [AES] ?

    17. Re: Go ahead by Anonymous Coward · · Score: 0

      "And just how are you going to hack WPA2-PSK [AES] ?"

      Deauth your neighbour, impersonate their hotspot and show them a page asking for their wifi password..?

    18. Re:Go ahead by Anonymous Coward · · Score: 0

      1: Do like Pakistan and make VPNs illegal, with a long sentence for using one.

      That would be good for local job market too.
      No more outsourcing IT jobs to India or Eastern Europe.
      And it would be bad for all telecommuters.
      Socialize in the train or find another job.

      posting this as anonymous coward because ... I am forking for customers in UK from Eastern Europe

    19. Re:Go ahead by gweihir · · Score: 1

      Well, establishing full-blown fascism in the west is not easy today. What they have done with the snooper's carter is an important step on that way. So kudos for effort. Of course, I hoper these evil fuckers get reincarnated as cockroaches for the next hundred million times or so.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    20. Re:Go ahead by Anonymous Coward · · Score: 0

      The UK parliament can basically enact any laws they want.

      The joys of being a republic haven't stopped the USA, Germany and Poland from sending people to prison without trial. The three remaining provisions of the "Magna carta" (signed in 1225; which replaced the "Charter of liberties" signed in 1215) have been cemented into case law and a parliament would have a difficult time demanding judges replace it with an onerous law. The principle of the Charter of Liberties, restricting the power of king, evolved into restricting the power of the law; keeping the people safe as parliament took control of the country. It's because the law can be restricted that British courts contain principles like equality before the law and equity (laws and contracts shouldn't create an excessive burden): Principles that tend to be missing from republics.

      ... take a case to the European Court ...

      The European Convention on Human Rights (1950) contains the 3 universal clauses of the Magna Carta and much more. Court cases are taken to the European Court because the claimant has no standing under British laws such as the Magna Carta.

    21. Re:Go ahead by AHuxley · · Score: 1

      The UK could later go after any UK bank with a CC linked to any VPN as allowing circumvention of ISP policy.
      Any VPN in the EU, NATO member might have to help thanks to national treaty obligations (UK in the EU or not). National telco laws are often secret and have to be followed without much public comment.
      The US, Canada, NZ, Australia would help by default or have laws that make network retention equal to that of the UK.
      A method would be to cut off VPN's from UK banks and then hint that banks that want access to the UK not work with VPN's and VPN host nations that still help hide UK users.
      The final offer would be a deal with a trusted VPN to work with the UK gov on all UK ip's. A bit like a US NSL but much more direct and with onsite UK hardware globally.
      Work with the UK gov as a VPN and enjoy promotion, full banking services and be allowed to attract UK accounts.
      By allowing a few international VPN's to work well in the UK, word would soon be spread about a quality of service and no payment issues. Tracking would then be very easy thanks to a few deals with say 10 or 20 trusted global VPN brands. All other real VPN's would have issues and endure constant negative reviews, tech issues, comments to herd UK users to VPN's that are UK gov friendly.

      --
      Domestic spying is now "Benign Information Gathering"
    22. Re:Go ahead by JustAnotherOldGuy · · Score: 1

      Being "suspicious" in somebody's eyes is not a crime, it's not even a misdemeanor.

      It may not be a crime, but it's often treated like it's a crime.

      Go look at some of the First Amendment audits* on Youtube and let me know if being "suspicious" is treated like it's a crime or not. (SPOILER: It often is.)

      * Some channels to try: "News Now Houston", PINAC, "The Battousai", or HONORYOUROATH

      --
      Just cruising through this digital world at 33 1/3 rpm...
    23. Re:Go ahead by Anonymous Coward · · Score: 0

      You don't have to break WPA2-PSK.....

      1. Start with trying to bruteforce the password... At least one AP around you will most likely have a simple one.
      - People use single words as passwords.
      - People use their phone numbers as passwords

      2. Check out if any of the routers around you have known exploits, like tp-link with the admin password set to a part of the MAC address.
      3. Try one of the WPS attacks (pin-based) to get the router to send you the password.
      4. Monitor what networks people around you try to connect to. Fake one open wifi-network and deauth from the network they have at home. Have a web-page asking for a password for the wifi they where at.. If you want to have it advanced enough you could try to connect and route the traffic out via the network they specify.

      Repeat until you find someone around you that can be abused....

      Combined with a directional antenna you could be far away from the actual AP you are using... You could probably find one unsecured network from some local store/cafe/restaurant with that removing the need for any of the more 'advanced' things from above.

    24. Re:Go ahead by Anonymous Coward · · Score: 0

      It's enough that the web-page you are visiting loads some javascript from a 3'rd party site while being able to spoof that 3'rd party site...
      Imagine how many sites could be abused by doing a MIM on jQuery and injecting some custom code there..

      Wonder how much jQuery spends on securing their servers making sure nobody will get access to their private/public keypair.

  3. Hackers by Anonymous Coward · · Score: 2, Insightful

    > Critics of the law have said hackers could get access to the records.

    While well-intentioned, this is the totally wrong way to go about it. It's a technical argument to a problem which is political.

    The point is, that in a modern state of Law, law enforcement has *no fucking business* in mass-surveilling people without a probable cause. And just because technology makes that possible these days, still: *no fucking business*

    (And if you are really to discuss technical dangers, the real elephant in the room is: what happens if your state slides into some totalitarian mess? Unrealistic, you say? Watch closely what's happening in Turkey. Watch how easily "state of exception" is implemented in e.g. France because of "terrorists". The "hacker" scenario is really lame).

    1. Re:Hackers by Anonymous Coward · · Score: 1

      The hacker scenario doesn't need to be invoked, because this kind of mass scale invasion of privacy should be unacceptable in the first place. If you don't collect huge amounts of digital records for God only knows what reason, you don't have to worry about hackers getting their hands on them. We don't need arguments about how this can and will be misused though, because it is fundamentally unacceptable, on a principle.

      It's like trying to argue that ethnic cleansings should not happen because they lead to a large reduction in workforce and hits to economy. While technically true, that is evading the core of the issue, and the fact that this situation should not be even considered in any circumstances, no matter what its outcome is. If mass snooping was able to prevent, say 5 terrorist attacks per year (it isn't, but let's say for the sake of argument), it still wouldn't be acceptable.

    2. Re:Hackers by AmiMoJo · · Score: 2

      It's not just law enforcement that will have access to this data. Trading Standards and various other organizations will too. Snooping through someone's emails is a great way to see if they were selling dodgy microwave ovens, much easier than having to actually physically examine one.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    3. Re:Hackers by Anonymous Coward · · Score: 0

      > this kind of mass scale invasion of privacy should be unacceptable in the first place

      That's exactly the point I was trying to make.

      > ethnic cleansings should not happen because they lead to a large reduction in workforce [...]

      Thank you for putting it in much more eloquent words!

    4. Re: Hackers by Anonymous Coward · · Score: 0

      The problem is shortsighted rulings like, in the US, that you have no right to privacy in a public place. That's too broad.

      I can't be invisible in a public place. I can't stop people from noticing me or recognizing me. That's how humans work. I have every right not to have someone follow me around with a camera recording my movements all the time. That the camera in question is actually a series of them on poles is irrelevant. That may not be a recognized right legally, but screw that--right is right, wrong is wrong, and the law neeeds to change.

    5. Re:Hackers by Anonymous Coward · · Score: 0

      Well trading standards can be totally trusted. It's not like they would spy on emails for a foreign power to win an election.

      No, they'd access that data for 10 quid from a newspaper man they met in a pub! Just think of every Brits private secrets, available to any malicious agent around the world for a tenner. Because that's what this is.

      What could possibly go wrong? Oh right, a Putin puppet wins an UK election despite losing the popular vote, and a bunch of districts showing a 7% difference between machines with verifiable paper records and electronic only machines without paper records.... Newspapers during election time trying to influence the election with a selection of real and fake surveillance records. Almost as if some country had spend millions putting in a puppet.

      Yeh, what could possibly go wrong there Theresa?

    6. Re: Hackers by Anonymous Coward · · Score: 0

      If you have a right to privacy, doesn't that ruling imply, everyone has a right to a private place?

    7. Re: Hackers by pakar · · Score: 1

      Having someone following you around, doing recording with you as the main subject, can be classified as harassment.

      What i would expect is some type of privacy if being on public land out in the middle of nowhere, but expecting privacy when on a public street in the center of a city is quite absurd..

      Ie, if i see other people around me i do not expect privacy.. If i don't see any people or cameras (or signs about cameras) around me i do expect some type of privacy.

  4. Tell us how great Europe is, please! by Anonymous Coward · · Score: 0, Funny

    I want to hear more about how great those European governments are!

    They do such a good job taking care of their citizens!

    1. Re:Tell us how great Europe is, please! by Anonymous Coward · · Score: 1

      The European Parliament is the only government-like structure in the world that actively and consistently stays on the side of consumers in all its proceedings. This is why UK wanted out of EU, they weren't progressing towards nightmarish totalitarian dystopia nearly fast enough for their liking.

    2. Re:Tell us how great Europe is, please! by Anonymous Coward · · Score: 0

      The European Parliament is the only government-like structure in the world that actively and consistently stays on the side of consumers in all its proceedings. This is why UK wanted out of EU, they weren't progressing towards nightmarish totalitarian dystopia nearly fast enough for their liking.

      Yeah, right.

      If Sweden were a US state, it'd be like the 35th wealthiest by purchasing power.

      But you go ahead, keep telling yourself European-style socialism is wonderful.

    3. Re:Tell us how great Europe is, please! by Anonymous Coward · · Score: 0

      But luckily Sweden isn't a US state (who the hell knows how that's connected to the rest of the discussion though, but maybe that's just your prozac talking). Seriously though, you'd have to be crazy to want to live in the USA as it is now. It's a third world, third rate country. Someone needs to make it great again but it will take a couple of decades.

    4. Re:Tell us how great Europe is, please! by Anonymous Coward · · Score: 0

      But you go ahead, keep telling yourself European-style socialism is wonderful.

      Lots of Europeans don't think it's so bad. Neither do plenty of Americans living in Europe (there are quite a few of us over here, you know).

      Maybe they know something you don't.

    5. Re:Tell us how great Europe is, please! by cshark · · Score: 1

      Yeah, right.

      If Sweden were a US state, it'd be like the 35th wealthiest by purchasing power.

      But you go ahead, keep telling yourself European-style socialism is wonderful.

      It's interesting you mention that. We don't really think of Sweden the way we think about Kansas and Nebraska. Maybe we should. Puts the whole thing in perspective.

      --

      This signature has Super Cow Powers

  5. Think about the children by LordWabbit2 · · Score: 1

    Think about the children seems to be getting swapped for "Think about the terrorists!"
    This is such a bad idea, but hey, when it's up and running I wouldn't mind a look in that database, I'm sure just 30 minutes with it and I would have enough blackmail material to retire.

    --
    There are three kinds of falsehood: the first is a 'fib,' the second is a downright lie, and the third is statistics.
    1. Re:Think about the children by K.+S.+Kyosuke · · Score: 1

      Why not both?

      --
      Ezekiel 23:20
  6. Noise Generator Needed by Anonymous Coward · · Score: 0

    Someone should create a noise program that runs in the background "visiting" thousands of sites with a mix of good and suspect URLs. The database would be so overloaded it would be hard to find any useful info.

    1. Re:Noise Generator Needed by Anonymous Coward · · Score: 1

      UK user here.

      I've been doing this for months. Nearly 400,000 visits logged. Hoping to hit 500,000 by new year.

      That aside, I'm interested in the UKs new insane plan to have the BBFC rating websites and blocking those which fail. (And yes, they do plan to go through with this...)

      They're also going to be blocking non-conventional porn sites too. (E.g. spanking, female ejaculation, etc.)

    2. Re:Noise Generator Needed by Anonymous Coward · · Score: 0

      Hi, I'm from the UK too. How do you do this noise generator thing?

  7. A better way to tackle terrorism by DrXym · · Score: 3, Insightful
    Hack the sites these jihadi fuckwits gather on or set up lots of honeypot sites for that purpose. Stir liberally with agent provocateurs. Then use the ip addresses, user ids and text gathered to profile what hours they're active, who they interact with, what they're up to, what their interests are, where they most likely live and ultimately who they are. Then serve the ISP with a court order and conduct more conventional surveillance.

    Or gather all the ip interactions for the 99.99999% of non terrorist related activity and get swamped with noise.

    1. Re:A better way to tackle terrorism by Anonymous Coward · · Score: 0

      Hack the sites these jihadi fuckwits gather on or set up lots of honeypot sites for that purpose.

      I'm not saying that I necessarily disagree with you, but isn't that the exact same thing the US did with child porn sites to much ciritcism? If they're doing it with that it wouldn't surprise if they were doing it with terrorism but keeping it much lower profile.

    2. Re:A better way to tackle terrorism by Anonymous Coward · · Score: 0

      you're assuming that something like this is not already happening? That you're the only one that thought of that?

    3. Re:A better way to tackle terrorism by jimbolauski · · Score: 1

      Your pretty optimistic if you think any of the data is going to be analyzed in real time. The data will be manually scanned after an attack to try to find accomplices. The throughput and/or competency to be able to analyze that much data is not something I'd expect from bureaucracy laden entities. For example all retirement paperwork for the federal employees in the US is managed by 1000's of people in a giant cave where the data is stored in filing cabinets. 3 or four attempts to digitize records and automate the process have been unmitigated disasters.

      --
      Knowledge = Power
      P= W/t
      t=Money
      Money = Work/Knowledge so the less you know the more you make
    4. Re:A better way to tackle terrorism by Anonymous Coward · · Score: 0

      This argument will always be disappointing when it comes to the government and "cyber".
      I remember talking to top hackers back when the government had almost no hacking capability. We assumed they had insane capabilities and there was a shadow crew of pro-hackers out there that we never saw.

      Years later it seems those were the best hackers in the world and they didn't even know it.

    5. Re:A better way to tackle terrorism by AHuxley · · Score: 1

      The profit is in all the help needed with the "related activity and ... noise.". Any gov has a few mil teams that can track the interesting people.
      Why have a few elite gov staff get overtime tracking sites, languages and nations?
      That secret gov funding is closed, secret and locked up for generations.
      Think of the domestic overtime, funding, legal teams and contractors needed to watch an entire nation every year, 24/7.
      The new optical taps, the hardware, software, logs, 24/7 on call, support, keyword searches and political gratitude after reporting local protesters.
      To build and look after a vast new domestic spy system that is open court ready is great private sector growth.
      Staff ready to present logs to open court everyday. Entire new sectors of profit to be funded by gov and ISP users.

      --
      Domestic spying is now "Benign Information Gathering"
    6. Re:A better way to tackle terrorism by strikethree · · Score: 1

      Or gather all the ip interactions for the 99.99999% of non terrorist related activity and get swamped with noise.

      I get your point; however, this is not about finding terrorists. It is about being able to know about YOU as much as possible when, not if, you end up on THEIR radar. I suppose it is possible that the politicians were sold this package in the way you describe, but is is clear that whomever designed this legislation did not do it for catching terrorists. It would be like shooting at a fly with a shotgun. It could work, but really, there are much more effective ways of killing flies.

      --
      "Someone needs to talk to the tree of liberty about its ghoulish drinking problem." by ohnocitizen
  8. Mod the problem away by Anonymous Coward · · Score: 0

    UK does spy on its own people and share that with NSA. That does include MPs data (there is simply no way to separate such data without specifically tracking MPs and their families). It does include political groups, campaign groups, judges, juries, it includes everyone.

    And you may not want to face it, but when Lt. Gen. Michael Flynn *is* the National Security advisor Trump appointed, and he was the same man who suggested sharing 5 eyes data with Putin to quell his perceived rise in Islamic extremism. And all this 5 eyes data? All this surveillance of the UK? It will all be available to a Putin's FSB.

    Do you think you can mod the problem away? GCHQ staff happily spied on EU and UK knowing it was sharing with NSA staff, helping them spy on treaties that applied to the UK! They continued to do that, even after the 'no-spy' agreement was revealed to be bogus. This is how it works, they tell themselves whatever is needed to make it OK in their head.

    All this data being collected, will be available by hack and by political agreement to enemies of the UK. NSA couldn't stop Russia hacking Florida election website, or any of the other election hacks, and now Russia has a toe in the door with Trump, 5 eyes is compromised.

    All those 0 day exploits the NSA is sitting on, they will be available to Trump and to his friends soon.

  9. Yup because nobody every figured out this problem by silas_moeckel · · Score: 1

    Ya know back in the 80's one way fiber a static mac and arp entry with UDP. That is about as one way as things get. Not impossible to hark just rather hard. It works great for syslog actualy.

    No it does not insure that the data is received or that it was not tampered with, but the treasure trove is the long term storage not what people are doing right then.

    Mind you the whole things is a bit moot less and less traffic is not encrypted.

    --
    No sir I dont like it.
  10. Well... by Anonymous Coward · · Score: 0

    Whilst there's nothing that can be done about this - please don't kid yourselves that petitions and protests will actually change something - the rest of the world could help do the next best thing.

    Completely destroy the UKs tourism industry.

    Who wants to visit a country where porn has been blocked and you get monitored 24/7 under the clichéd retorts of child abuse and terrorism?

    1. Re:Well... by Anonymous Coward · · Score: 0

      If people raise enough shit, anything is possible. Brits just need to be a bit less polite. Also, they need to remember WHY they voted for Brexit ... because people are so done with the fucking status quo and those currently holding the reins of power.

      Interesting to note that blocking access to porn is a really good way to make a lot of people extremely angry. For an example of what not watching enough porn can do to a person's disposition, just look at Muslims.

    2. Re:Well... by AHuxley · · Score: 1

      Re 'Who wants to visit a country where ... you get monitored 24/7"
      Select a VPN and hope the GCHQ does not find you interesting....
      Any consumer VPN will not hold up to the CGQH.
      Hope the UK gov does not do a secret deal with the very distant and safe VPN that had the best reviews for use in the UK.
      Do not enter or exit the UK with any computer like device due to the risk of a "random" inspection and gov OS upgrades during a search.
      Buy local hardware after arrival, get your own networking, install a new OS, VPN using secure and trusted international methods.
      Send and get any data via the VPN, but no local storage at all. The laptop gets booted into a safe OS but keeps no local data.
      Avoid any offers of free wifi or network deals. Buy your own networking and only use your VPN and safe OS.
      Exit the UK with a few books (paper) and clothing. Get a phone for a game or photos on the last day just to fit in with everyone else waiting to exit.

      --
      Domestic spying is now "Benign Information Gathering"
  11. Bad? by Anonymous Coward · · Score: 0

    It only takes one bad actor to go in there and get the entire database,

    Let's hope someone does, and makes public all politicians' activities.....

    1. Re:Bad? by Anonymous Coward · · Score: 0

      I'm personally hoping some ISP employee slips some URLs into their lists.

  12. Services I connect to by Anonymous Coward · · Score: 0

    Well, there's this VPS in California, aaaand that's about it. Lots of stuff going to this one server on port 1194.

    How long until they start hunting OpenVPN traffic, I wonder?

  13. Not safe for anyone by Anonymous Coward · · Score: 0

    Are these logs kept and protected from tampering?
    If not, then they are useless as evidence.
    How do we know that someone didn't change the log to show that someone accessed terrorist sites and kiddie porn?
    Reaping what you sow if it happened to be the folks responsible for this law.

    1. Re:Not safe for anyone by Anonymous Coward · · Score: 0

      Here they successfully used screenshots with IP addresses to charge people downloading movies... screenshots provided by the accuser.

  14. commentsubject by Falos · · Score: 1

    >The Home Office says Because Terrorism
    Stopped reading there. Partly because my bullshit meter overflowed and needs to reboot.

    Okay it's online again. It should be fine until someone pretends the golden DB will be safe from hackers. The previous exposure should insulate it when the next member of the Ministry of Truth says Because Thinkofthechildren or Because Illegaldrugs.

  15. Overload it. by Pig+Hogger · · Score: 1

    Let’s just overload the system. Let’s have an application that requests 10 random websites every minute (but cut the connection as soon as 10 bytes come in, so to save bandwidth), 24/7. With 14,400 websites per day per user, the logs will quickly overflow, and it will become more arduous to snoop on people. Better yet, le 10% of those websites be questionable websites; when everyone is guilty of browsing questionable websites, no one is guilty of it.

    1. Re:Overload it. by Anonymous Coward · · Score: 0

      Sounds like an actual good use for IoT malware.

    2. Re:Overload it. by Anonymous Coward · · Score: 0

      www.iamsparticus.com

    3. Re:Overload it. by Anonymous Coward · · Score: 0

      Even more than just random existing sites. The host name sent to the server doesn't even need to exist - that is, its possible to query a basically limitless number of webservers from the same IP, even without going through DNS lookup first. Of course, no meaningful data will be returned by the server, but logging should still happen.

    4. Re:Overload it. by Agripa · · Score: 1

      Leave a web crawler running.

  16. Fine... In return... by Anonymous Coward · · Score: 0

    ...set the statute of limitations for ALL crimes to 30 days.

  17. Hopefully it's in 4 weeks by Anonymous Coward · · Score: 0

    Full leak of all data.
    4 weeks should provide enough to be wake up a decent number of people.

  18. Re:Yup because nobody every figured out this probl by gweihir · · Score: 1

    Slight other problem: You cannot request specific data, i.e. no web, email or really anything else. Are you drunk?

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  19. Try an experiment first by Anonymous Coward · · Score: 0

    Try an experiment first before implementing this law.

    Require ALL corporate, political, TLA and law enforcement officials, as well as ALL other leaders, royals, celebrities, investors, lawyers, lobbyists, charity operators, employees, contractors, and volunteers, TLA employees, contractors and volunteers, and all donors to any of the above, AND NO ONE ELSE, to conduct ALL of their business and personal activities online and have their entire online history, as well as all calls, tracked and publicly and easily accessible to everyone for 10 full years on a block chain.

    When they have all agreed to this, and have demonstrated for 10 years that they are all good people who can maintain a good example to live by, THEN they may track the public and weed out the criminals. And of course, continue tracking all the kinds of people mentioned in the previous paragraph, and hold them to the standards set in those first 10 good years.

    Fill in the rest of the necessary legal mumbo-jumbo to make this stick as is colloquially intended.

    captcha: angelic

  20. Re:Yup because nobody every figured out this probl by silas_moeckel · · Score: 1

    No you walk into the room with the data and query it. Not sure on the UK but in the US you get to charge outrageous prices to handle subpoena's so not like the manpower is an issue. Is it realy that hard to go access a locked room?

    --
    No sir I dont like it.
  21. A petition to oppose, educate and inform by flashquartermaster · · Score: 1

    I believe we need to disseminate the information necessary to make this unworkable https://www.change.org/p/reque...

  22. Official Parliamentary Petition by flashquartermaster · · Score: 1

    This petition is currently getting a signature a second by my reckoning. https://petition.parliament.uk...