Slashdot Mirror
The UK Is About to Legalize Mass Surveillance [Update] (vice.com)
From a report on Motherboard: On Tuesday, the UK is due to pass its controversial new surveillance law, the Investigatory Powers Act, according to the Home Office. The Act, which has received overwhelming support in both the House of Commons and Lords, formally legalizes a number of mass surveillance programs revealed by Edward Snowden in 2013. It also introduces a new power which will force internet service providers to store browsing data on all customers for 12 months. Civil liberties campaigners have described the Act as one of the most extreme surveillance laws in any democracy, while law enforcement agencies believe that the collection of browsing data is vital in an age of ubiquitous internet communications. "The Investigatory Powers Act 2016 will ensure that law enforcement and the security and intelligence agencies have the powers they need in a digital age to disrupt terrorist attacks, subject to strict safeguards and world-leading oversight," a statement from the Home Office reads. Much of the Act gives stronger legal footing to the UK's various bulk powers, including "bulk interception," which is, in general terms, the collection of internet and phone communications en masse. In June 2013, using documents provided by Edward Snowden, The Guardian revealed that the GCHQ taps fibre-optic undersea cables in order to intercept emails, internet histories, calls, and a wealth of other data. Update: "Snooper's charter" bill has become the law. The home secretary said:"The Investigatory Powers Act is world-leading legislation, that provides unprecedented transparency and substantial privacy protection. "The government is clear that, at a time of heightened security threat, it is essential our law enforcement and security and intelligence services have the power they need to keep people safe. The internet presents new opportunities for terrorists and we must ensure we have the capabilities to confront this challenge. But it is also right that these powers are subject to strict safeguards and rigorous oversight."
It's a beautiful thing, the destruction of civil society :)
... at least until they legalize mass-less surveillance too.
FBI and NSA Poised to Gain New Surveillance Powers Under Trump
All because you sheeple want to feel safe.
"People want to be slaves" - Academy Award nominated director I work out with.
Face it, the people don't want to really be free. They want to feel safe above all else. They are so afraid of terrorism when the fact is they are most likely to die from complications of their obesity or from a car accident because they were distracted while they were updating their facebook page.
Encrypt everything! ... They may be able to crack the encryption in the end but it will make their lives much, much, much more difficult.
...when guns are illegal. They wouldn't dare do mass surveillance in the US because gun owners would overthrow the government. Right? Right?
"Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety."
We'll make great pets
Look, I know my browsing will be in a huge database that nobody will look at it... for now. But if this year has taught all of us anything it is that things change. If you take these powers, whoever is in power in the future can abuse them. Everyone, no matter how good intentioned, should think about how those powers might be abused in the future.
I think this is something that will ultimately hurt a lot of innocent people in the UK over the coming years.
However, it will also help the Internet mature with new encryption and canary protocols, and more ubiquitous deployment of them, to ensure privacy and protection from all threats.
A government is a body of people notably ungoverned - AC
Talking about putting people in boxes. If you use Tor, expect the government to be looking at you a little closer. Surely you must have something to hide if you have Tor.
It's like putting a box in the break room with a note saying "do not peak" written on it. Everyone is going to open the box. Use Tor and the government is going to want to see what you're doing.
"That's the way to do it" - Punch
You and I don't need to invent anything. We can create our own encryption keys, exchange them, and securely communicate.
The problem is the HTTPS infrastructure is broken by design, which is what the original poster was talking about.
The absolute irony is that visiting a site with a self-signed certificate shows the user a warning error (I understand why, don't worry) yet the resulting HTTPS exchange is actually immune to any and all eavesdropping. When visiting a site with a cert authority signed certificate, no error is displayed, yet this connection is vulnerable to anyone who has broken/intercepted the chain of trust. This includes state actors, but also businesses, and anyone that can get their certs onto your system, or can influence the signing authorities to give them the keys.
At this point some rabid net admin for a large corporation will chime in with "it's my network" etc... but the point is that we have been training users for years to interpret HTTPS as being "secure" and "safe" when it actually isn't. Just like we have been encouraging users to update Windows, yet now Microsoft have broken that trust with their forced updates and broken/mislabeled updates. The internet is currently broken and indeed has been broken maliciously by state actors. Are we going to just accept that as "good enough" and live with it? What exactly was so terrible about the internet in 1990 or 2000, before the NSA got their hooks in and started fucking everything up?? Can we point to a global reduction in crime, violence, terrorism, or child pornography, due to the valliant efforts of the NSA and similar outfits abroad?
At the **very very least** prior to this bill in the UK passing, anyone with half a mind should take note of the current state of UK society and crime. In ten years time, once the full ramifications of these new laws come to pass, look around again and make a comparison. My prediction, for what it's worth, is everything will be exactly the same (in which case what was the point?) or it will be much much worse.
The BBC has multiple stories on this. Maybe you should dislodge your head from your ass?
From here:
Blogger Chris Yiu compiled a list of the 48 organisations and departments that will be able to access the browsing records of individuals without a warrant.
They include various police, military, government and NHS departments as well as the Food Standards Agency, the Gambling Commission, the Financial Conduct Authority and the Health and Safety Executive.
I found this article in about 20 seconds.
wow, you clearly have never been here. If you have no facts or experience, a blind ignorance helps.
The absolute irony is that visiting a site with a self-signed certificate shows the user a warning error (I understand why, don't worry) yet the resulting HTTPS exchange is actually immune to any and all eavesdropping. When visiting a site with a cert authority signed certificate, no error is displayed, yet this connection is vulnerable to anyone who has broken/intercepted the chain of trust
Not quite. Both connections are entirely safe from passive eavesdropping. Even if I've compromised a root cert that you're using, that doesn't let me decrypt TLS traffic. It does mean that if I am actively performing a man in the middle attack on you, then you won't notice, because during the initial key exchange you'll connect to me and establish a secure connection and I'll connect to the remote server and establish a secure connection. You'll trust me because I'll use a cert signed by one that I trust. The difference between this and a self-signed cert is that when the server uses a self-signed cert, there's no need for me to compromise a root cert that you trust: I can still perform the MITM attack and you won't know the difference.
Certificate pinning protects you from this to a degree: If you connect to a server twice and the certificate changes, then there may be a problem. On the other hand, there might not be, and with a self-signed cert, you can't revoke it if it's compromised and you can't easily advertise the fact that this is a replacement cert from the same person (unless you properly self-sign, rather than simply not signing, and people pin your signing cert).
Certificate transparency protects in both cases, by providing a public log of all of the certificates that have been seen by people connecting to the server. If the server operator sees a cert that they didn't issue, or if you see a cert that's not the same one that other people are seeing, then something is wrong.
I am TheRaven on Soylent News
I'm not disagreeing with your statement. I'm just saying, by going out of your way to hide, "the man" is going to want to snoop all that much more- they're going to jump to assumptions. That's what the man does.
"That's the way to do it" - Punch
"Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety."
Indeed, and you might notice that Franklin was one of the founding fathers of a country specifically established to escape the tyranny of the British ruling class.
The UK has never had an American style democratic system. Despite pretending it does to the outside world, and going around trumpeting its special relationship with the USA like they are brothers in arms, the UK is still well and truly under the control of a pseudo-hereditary ruling class that is closely associated with ancestral land ownership. Until you live here (if you are from another country) it is hard to understand just how insidious it all is. For example, the great leader of the people, Winston Churchill, grew up in the fabulously extravagant Blenheim palace that his ancestors were gifted for their actions at the battle of Waterloo. Was he a great leader? Sure. But don't kid yourself that Britain selected the best man for the job in a sort of American hopes and dreams way. They simple had the ruling elite select the best of their mates at the London smoking club. You only have to look at the last government (the Bullingdon club crew) to see how the Eton system is still alive and well, and remarkably effective at controlling power.
I have lived here for five years now (originally from New Zealand) and it still just amazes me how many British working class people simply do not believe they can do things beyond their 'lot in life'. It is deeply ingrained into them that because, for example, they didn't go to Oxbridge, they are too dumb to understand any of this government stuff, so don't even try and just shrug their shoulders and say there is nothing they can do about it anyway. It is a sort of cultural deference to power that I do not think exists in any other western country.
' becomes aware of a crime committed by a client' that was your post, if you become aware of a crime, you have to report it. I am not sure what your point was, it is the same in the USA
You've never watched the BBC, have you?
You are welcome on my lawn.
He has, just from a chair over in the far right of the room.
They'll just raise your taxes and buy more computing power with your money if they need to. But they probably won't need to.
In the contest between armor and weapons, armor always ends up losing. In this case, you have to recognize that at both ends of the communication, the information is unencrypted. Consequently, if they want you, and you have hardened the communication using encryption, they probably won't even try to compromise the communication. They'll compromise one or more of the computers at the endpoints of the communication. Unless your computer is running your own custom operating system, there isn't anything you can do to stop them short of disconnecting from the communications networks, which kind of puts a damper on your communications capabilities and so is actually a rather obvious form of footgun in that regard.
The right answer is to get the opposition to stop shooting at you.
In this case, the right answer is to get the government out of the business of tracking the citizen's locations, finances, business, and communications.
If that can't be accomplished, then the citizens lose. Period.
The situation here in the USA is dire. The politicians have actually convinced people that it's a good thing that they monitor their banking, their business, their communications, their location, etc. The politicians created and used many forms of hugely-blown-out-of-proportion hysterical narratives to get that accomplished. Today, the average citizen is an Orwellian-class dupe. There's no sign at all that this is going to change.
Security today depends on never sharing anything with anyone. Outside of that, you either are already, or can be at any time, compromised by state agents fully empowered to do so. Not authorized, mind you -- this is exercise of arrogated power I'm describing -- but that no longer matters, which is another severe problem we have been presented with.
And on that cheerful note... :)
I've fallen off your lawn, and I can't get up.
Of course they will. This way the people in charge of the information gathering can ensure that the elites keep in line and keep approving more snooping powers or else all that embarrassing information might "accidentally" be revealed to the world.
My sci-fi novel, Ghost Thief, is now available from Amazon.com.
The whole idea that this has anything to do with combating terrorism is just the Big Lie. It is about power. Terrorism and children are just the justification for the feeble minded and ignorant.
I do not want your cheap brainburning drugs. They are useless for work. And I am a working man today.