Slashdot Mirror
The UK Is About to Legalize Mass Surveillance [Update] (vice.com)
From a report on Motherboard: On Tuesday, the UK is due to pass its controversial new surveillance law, the Investigatory Powers Act, according to the Home Office. The Act, which has received overwhelming support in both the House of Commons and Lords, formally legalizes a number of mass surveillance programs revealed by Edward Snowden in 2013. It also introduces a new power which will force internet service providers to store browsing data on all customers for 12 months. Civil liberties campaigners have described the Act as one of the most extreme surveillance laws in any democracy, while law enforcement agencies believe that the collection of browsing data is vital in an age of ubiquitous internet communications. "The Investigatory Powers Act 2016 will ensure that law enforcement and the security and intelligence agencies have the powers they need in a digital age to disrupt terrorist attacks, subject to strict safeguards and world-leading oversight," a statement from the Home Office reads. Much of the Act gives stronger legal footing to the UK's various bulk powers, including "bulk interception," which is, in general terms, the collection of internet and phone communications en masse. In June 2013, using documents provided by Edward Snowden, The Guardian revealed that the GCHQ taps fibre-optic undersea cables in order to intercept emails, internet histories, calls, and a wealth of other data. Update: "Snooper's charter" bill has become the law. The home secretary said:"The Investigatory Powers Act is world-leading legislation, that provides unprecedented transparency and substantial privacy protection. "The government is clear that, at a time of heightened security threat, it is essential our law enforcement and security and intelligence services have the power they need to keep people safe. The internet presents new opportunities for terrorists and we must ensure we have the capabilities to confront this challenge. But it is also right that these powers are subject to strict safeguards and rigorous oversight."
It's a beautiful thing, the destruction of civil society :)
... at least until they legalize mass-less surveillance too.
FBI and NSA Poised to Gain New Surveillance Powers Under Trump
All because you sheeple want to feel safe.
"People want to be slaves" - Academy Award nominated director I work out with.
Face it, the people don't want to really be free. They want to feel safe above all else. They are so afraid of terrorism when the fact is they are most likely to die from complications of their obesity or from a car accident because they were distracted while they were updating their facebook page.
Encrypt everything! ... They may be able to crack the encryption in the end but it will make their lives much, much, much more difficult.
...when guns are illegal. They wouldn't dare do mass surveillance in the US because gun owners would overthrow the government. Right? Right?
"Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety."
We'll make great pets
Look, I know my browsing will be in a huge database that nobody will look at it... for now. But if this year has taught all of us anything it is that things change. If you take these powers, whoever is in power in the future can abuse them. Everyone, no matter how good intentioned, should think about how those powers might be abused in the future.
I think this is something that will ultimately hurt a lot of innocent people in the UK over the coming years.
However, it will also help the Internet mature with new encryption and canary protocols, and more ubiquitous deployment of them, to ensure privacy and protection from all threats.
A government is a body of people notably ungoverned - AC
Who cares what you send, they know how you think because an algorithm looks at the web sites you visit and decides which box you belong in. It must be a right pain switching all the Russian site readers out of the terrorist box and moving all the Arab news site readers in to replace them to align with Trump. Expect Tor and VPN to be made illegal shortly.
Facts are history now plebs have politics for religion on social media.
The UK has advertisement free web viewing ?
And their websites don't occasionally have a script that pegs the cpu and makes the browser a sluggish mess ?
Really, 'broadband experience' has little do with connection speed once you pass 5mbit unless the website is horribly bloated.
To keep slightly on topic, if surveillance and logging is noticeable to the common citizen, then they are doing it wrong.
Talking about putting people in boxes. If you use Tor, expect the government to be looking at you a little closer. Surely you must have something to hide if you have Tor.
It's like putting a box in the break room with a note saying "do not peak" written on it. Everyone is going to open the box. Use Tor and the government is going to want to see what you're doing.
"That's the way to do it" - Punch
You and I don't need to invent anything. We can create our own encryption keys, exchange them, and securely communicate.
The problem is the HTTPS infrastructure is broken by design, which is what the original poster was talking about.
The absolute irony is that visiting a site with a self-signed certificate shows the user a warning error (I understand why, don't worry) yet the resulting HTTPS exchange is actually immune to any and all eavesdropping. When visiting a site with a cert authority signed certificate, no error is displayed, yet this connection is vulnerable to anyone who has broken/intercepted the chain of trust. This includes state actors, but also businesses, and anyone that can get their certs onto your system, or can influence the signing authorities to give them the keys.
At this point some rabid net admin for a large corporation will chime in with "it's my network" etc... but the point is that we have been training users for years to interpret HTTPS as being "secure" and "safe" when it actually isn't. Just like we have been encouraging users to update Windows, yet now Microsoft have broken that trust with their forced updates and broken/mislabeled updates. The internet is currently broken and indeed has been broken maliciously by state actors. Are we going to just accept that as "good enough" and live with it? What exactly was so terrible about the internet in 1990 or 2000, before the NSA got their hooks in and started fucking everything up?? Can we point to a global reduction in crime, violence, terrorism, or child pornography, due to the valliant efforts of the NSA and similar outfits abroad?
At the **very very least** prior to this bill in the UK passing, anyone with half a mind should take note of the current state of UK society and crime. In ten years time, once the full ramifications of these new laws come to pass, look around again and make a comparison. My prediction, for what it's worth, is everything will be exactly the same (in which case what was the point?) or it will be much much worse.
It starts Thursday in the US: (From Techdirt)
the DOJ wants permission to break into "compromised" computers and poke around inside them without the permission or knowledge of the owners of these computers. It also wants to treat anything that anonymizes internet users or hides their locations to be presumed acts of a guilty mind.
Everyone has something to hide, whether they use Tor or not. Quite literally, everyone. Having something to hide, however, does not mean that one is doing or has done anything wrong, it only means that they want something to be private,
File under 'M' for 'Manic ranting'
The BBC has multiple stories on this. Maybe you should dislodge your head from your ass?
From here:
Blogger Chris Yiu compiled a list of the 48 organisations and departments that will be able to access the browsing records of individuals without a warrant.
They include various police, military, government and NHS departments as well as the Food Standards Agency, the Gambling Commission, the Financial Conduct Authority and the Health and Safety Executive.
I found this article in about 20 seconds.
There are multiple exceptions to attorney-client priviledge in the US as well, but don't let pesky things like "facts" get in your way.
wow, you clearly have never been here. If you have no facts or experience, a blind ignorance helps.
The absolute irony is that visiting a site with a self-signed certificate shows the user a warning error (I understand why, don't worry) yet the resulting HTTPS exchange is actually immune to any and all eavesdropping. When visiting a site with a cert authority signed certificate, no error is displayed, yet this connection is vulnerable to anyone who has broken/intercepted the chain of trust
Not quite. Both connections are entirely safe from passive eavesdropping. Even if I've compromised a root cert that you're using, that doesn't let me decrypt TLS traffic. It does mean that if I am actively performing a man in the middle attack on you, then you won't notice, because during the initial key exchange you'll connect to me and establish a secure connection and I'll connect to the remote server and establish a secure connection. You'll trust me because I'll use a cert signed by one that I trust. The difference between this and a self-signed cert is that when the server uses a self-signed cert, there's no need for me to compromise a root cert that you trust: I can still perform the MITM attack and you won't know the difference.
Certificate pinning protects you from this to a degree: If you connect to a server twice and the certificate changes, then there may be a problem. On the other hand, there might not be, and with a self-signed cert, you can't revoke it if it's compromised and you can't easily advertise the fact that this is a replacement cert from the same person (unless you properly self-sign, rather than simply not signing, and people pin your signing cert).
Certificate transparency protects in both cases, by providing a public log of all of the certificates that have been seen by people connecting to the server. If the server operator sees a cert that they didn't issue, or if you see a cert that's not the same one that other people are seeing, then something is wrong.
I am TheRaven on Soylent News
I'm not disagreeing with your statement. I'm just saying, by going out of your way to hide, "the man" is going to want to snoop all that much more- they're going to jump to assumptions. That's what the man does.
"That's the way to do it" - Punch
"Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety."
Indeed, and you might notice that Franklin was one of the founding fathers of a country specifically established to escape the tyranny of the British ruling class.
The UK has never had an American style democratic system. Despite pretending it does to the outside world, and going around trumpeting its special relationship with the USA like they are brothers in arms, the UK is still well and truly under the control of a pseudo-hereditary ruling class that is closely associated with ancestral land ownership. Until you live here (if you are from another country) it is hard to understand just how insidious it all is. For example, the great leader of the people, Winston Churchill, grew up in the fabulously extravagant Blenheim palace that his ancestors were gifted for their actions at the battle of Waterloo. Was he a great leader? Sure. But don't kid yourself that Britain selected the best man for the job in a sort of American hopes and dreams way. They simple had the ruling elite select the best of their mates at the London smoking club. You only have to look at the last government (the Bullingdon club crew) to see how the Eton system is still alive and well, and remarkably effective at controlling power.
I have lived here for five years now (originally from New Zealand) and it still just amazes me how many British working class people simply do not believe they can do things beyond their 'lot in life'. It is deeply ingrained into them that because, for example, they didn't go to Oxbridge, they are too dumb to understand any of this government stuff, so don't even try and just shrug their shoulders and say there is nothing they can do about it anyway. It is a sort of cultural deference to power that I do not think exists in any other western country.
Because how many murders has the UK had from muslims in the past twenty years? Compare to deaths by the IRA.
It's not a matter of IF but WHEN hackers start leaking embarrassing information on the Royals and members of the government, all collected as part of this program, that their tune may change.
Until then, the "Free world" seems to be engaged in a race to Orwell's vision of Big Brother.
' becomes aware of a crime committed by a client' that was your post, if you become aware of a crime, you have to report it. I am not sure what your point was, it is the same in the USA
You've never watched the BBC, have you?
You are welcome on my lawn.
He has, just from a chair over in the far right of the room.
They'll just raise your taxes and buy more computing power with your money if they need to. But they probably won't need to.
In the contest between armor and weapons, armor always ends up losing. In this case, you have to recognize that at both ends of the communication, the information is unencrypted. Consequently, if they want you, and you have hardened the communication using encryption, they probably won't even try to compromise the communication. They'll compromise one or more of the computers at the endpoints of the communication. Unless your computer is running your own custom operating system, there isn't anything you can do to stop them short of disconnecting from the communications networks, which kind of puts a damper on your communications capabilities and so is actually a rather obvious form of footgun in that regard.
The right answer is to get the opposition to stop shooting at you.
In this case, the right answer is to get the government out of the business of tracking the citizen's locations, finances, business, and communications.
If that can't be accomplished, then the citizens lose. Period.
The situation here in the USA is dire. The politicians have actually convinced people that it's a good thing that they monitor their banking, their business, their communications, their location, etc. The politicians created and used many forms of hugely-blown-out-of-proportion hysterical narratives to get that accomplished. Today, the average citizen is an Orwellian-class dupe. There's no sign at all that this is going to change.
Security today depends on never sharing anything with anyone. Outside of that, you either are already, or can be at any time, compromised by state agents fully empowered to do so. Not authorized, mind you -- this is exercise of arrogated power I'm describing -- but that no longer matters, which is another severe problem we have been presented with.
And on that cheerful note... :)
I've fallen off your lawn, and I can't get up.
I don't think you understand that what Franklin meant one way, we can mean entirely another -- both can be sincere, and both uses are entirely appropriate. Nothing is lost by attributing the quote, either.
The stance that personal liberty and immunity from government oversight of personal and consensual activities is a good thing, and that trading these off for (generally the illusion of, but very occasionally the actuality of) safety is an act so vile that it renders the trader unworthy of those liberties and immunity, is a very well established one. Franklin's words then fit such an outlook today very well, regardless of what he intended them to mean at the time.
Words are like that. When we aren't talking about law, words are tools to be used as we see fit. As they should be.
I've fallen off your lawn, and I can't get up.
Those are native issues inherent to any society and need to be addressed.
Yes, it should. It should be addressed before the boogeyman of the "mooslem terrists".
Mass murder by foreign agents is not something we have to accept.
Only 175 people were killed in 2015 by terrorists in Western Europe. That's less than a day's worth of murder in the same region.
The whole idea that this has anything to do with combating terrorism is just the Big Lie. It is about power. Terrorism and children are just the justification for the feeble minded and ignorant.
I do not want your cheap brainburning drugs. They are useless for work. And I am a working man today.
I don't believe for a second that an individual would deliberately "oppress themselves". Common sense tells me that oppression, in any form, must come from the top down, not the bottom up. Oppression, like any relationship based on coercion, involves an aggressor and a victim, and obviously, they can't possibly be the same person.
The trick is to make the oppressed actually want the oppression. Do this, and you can very easily have the people oppress themselves, and cheer as it happens.
The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
Apologies, but that was the point I was making. 'In the US, the constitution explicitly forbids -- both to the federal government and that of the states -- going back in time and making crimes out of actions that were not crimes at the time, or increasing punishment along the same lines' How progressive, 500 years later than Europe, but good to know you have simple logic. But any future government can change that. As for 'you've forfeited that option. Sorry.' Really? Who did and when? And how? I have no idea who you are talking about and why the FU attitude
While they may be womanizers, they do so with consenting adults (alt-right lies about Clinton notwithstanding)
So the idea that Bill Clinton lost his license to practice law for obstructing justice and perjuring himself during a sexual harassment lawsuit is just a lie?
Not that I think that gives Trump a pass, FWIW. "Everybody is doing it" isn't a valid excuse for wrongdoing.
What part of "shall not be infringed" is so hard to understand?
Look, it is not good but: it only collects TLDN. Any closer inspection requires two levels of legal agreement. Do not think the judiciary here is passive, it is not. I have heard everything here from the UK is a dictatorship to somehow we are fascists. It is a proposal/law by people that do not understand technology. All they have done is make the haystack bigger and forced people to hide the needle better. It will not do what it claims to: hey, we have all promised that tech will solve all your problems. It does not, and cannot.
If you're sending anything important in plain text over the Internet these days, you're as good as asking the government to read it.
What a completely ------ thing to say to someone like -------! I can't figure out why people like you always ---- and ----- when you could be ---ing. Seriously, do you even ---- it? I for one trust out ----- over----s completely. Rule Brit------!!!
(and now I have to write a bunch of other useless prose to get by Slashdot's junk filters. Which is a really useless filter. I mean just because goatse ASCII is a thing doesn't mean no one ever had any legitimate uses for copious punctuation. My word, are we really reduced to such silliness? How much more of this do you think will be required before the filter finally lets this past? Probably a little more still. Hang on, let me preview.... Nope. still not enough. If this doesn't improve soon, I'm just going to load up a Tolstoy eBook and start pasting in sections of Anna Karenina, but then again that would probably just set off the plagiarism filter. Heathens have no appreciation for satire, I tell you.)
Crumb's Corollary: Never bring a knife to a bun fight.
Ivana gave a sworn deposition in which she stated that he ripped out her hair and violently raped her after a botched hair job by a doctor she recommended.
Post divorce settlement, and just prior to the publication of an unauthorized Trump biography, she suddenly explained that "rape" meant a lack of emotional closeness and shouldn't be taken literally.
Googleis plainly your enemy.
The Investigatory Powers Act is world-leading legislation, that provides unprecedented transparency and substantial privacy protection.
WAR IS PEACE
FREEDOM IS SLAVERY
IGNORANCE IS STRENGTH
"From the depths of my skeptical and rationalist soul, I ask the Lord to protect me from California touchie-feeliedom."