Every Email In UK To Be Monitored 785
ericcantona writes "The Communications Data Bill (2008) will lead to the creation of a single, centralized database containing records of all e-mails sent, websites visited and mobile phones used by UK citizens. In a carnivore-on-steroids programme, as all vestiges of communication privacy are stripped away, The BBC reports that Home Secretary Jacqui Smith says this is a 'necessity.'"
Time for a new protocol (Score:4, Interesting)
Police state bullshit. (Score:3, Interesting)
Re:This article is misleading (Score:2, Interesting)
Re:PGP... (Score:5, Interesting)
GPG plugins for Mail.app and Thunderbird are at the point now that it's basically set it and forget it, come on folks. (I don't so much like the GPG Outlook plugins, but maybe I haven't messed with it enough)
Re:In other news (Score:3, Interesting)
Snail mail no longer the subject of jokes.
Does the UK have laws preventing the government from opening your snail mail?
And don't forget that all incoming and outgoing international mail is fair game, in any country.
Re:In other news (Score:5, Interesting)
It really disturbs me that the plots in various movies, video games, and books that would have been considered "out there" or "couldn't happen" are gradually becoming true.
Obvious ones (which I've mentioned in a related post a few weeks ago): V for Vendetta and 1984.
Disturbingly accurate: Mirror's Edge. From the Mirror's Edge Wikipedia Article: [wikipedia.org]
The game's name derives from the mirror-like aesthetic of the city of tall, gleaming skyscrapers and Faith's existence on the fringes of that city along with other dissidents, who have been pushed to the edge.
Though set in a seemingly utopian city environment with low crime, clean streets, and sterile architecture, it is ruled by a totalitarian government regime that conducts unbridled levels of surveillance on citizens. [emphasis added.] In this world of communications monitoring, the only way to deliver confidential information between parties is to employ couriers (called runners) to physically deliver the information.
Granted, it's more likely that drivers, bicycle messengers, etc. would be used in our current era, but I imagine even vehicles will eventually be surveilled and controlled. "We need to be able to watch people in their cars so we know they're driving safely." "We need to be able to remotely shut off cars in case it is stolen or if someone is driving drunk." etc.
I wonder how they'd handle couriers delivering information to circumvent this system.
tl;dr: cute Asian mailwomen will backflip off of walls to get your letter to grandma.
Re:I'd like to know, too. (Score:1, Interesting)
Not so much now that the IRA is gone.
The terrorism card has replaced "think of the children" as the preferred method of forcing through whatever legislation the government wishes (though "think of the children" is still used too).
Re:Unbelievable (Score:2, Interesting)
Welcome to the new China.
Either that, or we have gone back to 1984. I didn't know Orwell wrote non-fiction!
So what does this mean for email clients like Gmail that use SSL encryption? Are we going to be required by law to give the government all our passwords?
Actually: *more* fucked up & don't seem to kno (Score:5, Interesting)
Miss the memo? [eff.org]
Warrantless surveillance of American domestic communications has been going on for years.
Not only has it been comprehensively abused [salon.com] (to exactly nobody's surprise), the spying infrastructure has no legal reason to exist. [salon.com]
That sinister sound you hear is Nixon laughing at you, wearing a Dick Cheney mask.
Re:This article is misleading (Score:3, Interesting)
Maybe I'm just an ignorant American, but you got elected officials, chosen by the working classes, against the population in general, and the House of Lords, who are 'appointed' working for the general population? How does this work? :D
I think it's a rather ominous demonstration of how beholden our political systems (on both sides of the pond) have become to media manipulation.
We all know how much media loves the internet.
The rest of it, for all the conspiracy theories, probably goes back to ratings.
The more apprehension you create, the more likely they are to turn to your channel the next day, and the next, and the next.
They get their ratings through BOTH edges of the sword too.
They get the statists who think mama government will save them from the big bad terrorists.
They get the sane people who feel compelled to at least know what is going on, and turn on the news out of dread of what their own government will do next.
Welcome to "wag the dog"
Re:That's it (Score:3, Interesting)
the colonies had representation... they were considered "corporate" employees of the lords that held title to the land and ran the trading companies. When they joined the colonies they promised to follow the "company rules"... sound familiar?
Re:Movie quote. (Score:2, Interesting)
Too bad that in the UK, the authorities and the criminals (but I repeat myself) are the only ones with guns.
Not much to be afraid of when you can just shoot the dissenters.
And that is why any politician who wants to take away my 2nd Amendment rights will never get my vote, or, in the event that they do win, my guns. Better a criminal than a subject.
Hot Button Checklist (Score:5, Interesting)
Terrorism? Check.
Protecting Children/Child Pornography? Check.
Looks like it's got everything that would be needed to pass it were it introduced here in the US. Plus, it has Murder and Drugs as bonuses. (And before someone misreads my post, yes I know this is happening in the UK.)
Of course not. You can trust the highly trustworthy, never corrupt Federal government to keep the corrupt local government's fingers out of that database and to never misuse that database itself. Suuuuure.
Re:Revolution? (Score:2, Interesting)
I hope you're not thinking of the French Revolution [wikipedia.org] which began in 1789. It all started with the storming of the Bastille, and featured the arrests of both King Louis XVI and Queen Marie Antoinette. They were subsequently beheaded in 1793 and the Revolution ended with Napoleon Bonaparte seizing power and calling himself Emperor. And we all know how that turned out...
What I think you meant to get at was Charles I of England [wikipedia.org] who was executed a little earlier in 1649. He got to that point by sufficiently pissing off Parliament by imposing taxes without their consent, among other things, such as being at war against them (Royalists vs New Model Army [wikipedia.org]. This of course led to the Interregnum [wikipedia.org] period (aka the republican experiment) under Oliver Cromwell. In the end, Charles' exiled son, Charles II, came back from exile and resumed the throne.
Thus concludes my brief and not so detailed lesson on 17th century British & 18th century French history.
ParanoidLinux (Score:3, Interesting)
Geez, this makes me wonder how well that ParanoidLinux [paranoidlinux.org] project is coming along. This sort of story really shows why it's such a good idea—having anonymity and encryption is good, but having them auto-configured and applied seamlessly to your online presence is better, especially since privacy is everyone's right, not just techno-geeks'. With undirected, warrantless government monitoring going on, even non-technical users should start asking for good privacy tech. (Disclaimer: Auto-configuration and seamlessness are not necessarily goals of the ParanoidLinux project, but I anticipate that it could be done if enough developers get involved. I am not involved in the project.)
Hmm, turns out they made their first alpha build earlier this week. That's good news; I've been worried that it would turn into vaporware. (Although in the spirit of the article I suppose I should spell that "vapourware".)
Annoyed (Score:5, Interesting)
There are many people to whom the UK's system is perfectly reasonable.
Earlier tonight, I had an argument tonight with this woman who favors censoring YouTube. It went like this:
Her: I can't believe people put videos of woman being raped up on YouTube. They should stop that.
Me: Well, they'll take them down, and they're usually taken down pretty damn fast.
Her: Thousands of people can see the videos on the meantime. YouTube should screen all videos before putting them up. If they won't do it, they should be forced.
Me: Ugh. That would break YouTube. The expense would be huge. It'd drive YouTube out of business. Would you really rather have no YouTube at all?
Her: Then we'll have the government pay for it, or even set up an agency to review the videos.
Me: The cost to society would still be astronomical. And doing that would provide a very easy avenue for the government to censor anything anyone finds offensive. It's dangerous. If you want to go down that route, why not pass a law stipulating some huge fine for posting videos of rape? Then YouTube will at least be forced to comply on its own.
Her, crying by this point: I don't care. Fines aren't good enough. People might still see the videos. We have to filter them all.
[cut argument about my supposedly not knowing when to stop debating]
Her: It's not about 'cost to society', it's about protecting women. I'm appalled that you would put not being censored ahead of that. I don't know if I can care about someone who doesn't want to protect women. You should go.
Keep in mind this woman will have a doctorate in less than a year. *sigh*
Re:That's it (Score:5, Interesting)
One good campaign to try and fix some of that is http://thirty-thousand.org/ [thirty-thousand.org] , where they want to have 1 member of the house for at most every 30,000 people. Considering the House hasn't been expanded since 1910 aside from Hawaii and Alaska, it has been very distorted from what it should be.
Re:In other news (Score:2, Interesting)
There are already plans for an extensive license plate monitoring system in the UK. Any car on any reasonably significant road will be tracked.
Re:I'd like to know, too. (Score:2, Interesting)
Power grab. However given their track record with IT projects I have a feeling some one is going to be making a fortune off this too.
Never mind the fact that that much data is going to be an interesting storage problem, never mind search problem. Even if its just email from this person to this person, it was this big and sent at this time. That's going to be an amazing amount of raw data never mind all the indexes and meta data that's going to be needed to make it searchable.
Never mind the fact that any one with an gram of computer knowledge will just forge the headers to make it look like the email game from Fred on the other side of the country.
https://yro:slashdot.org (Score:5, Interesting)
Re:Time for a new protocol (Score:4, Interesting)
Re:PGP... (Score:3, Interesting)
I really do hope this drives people to make encryption ubiquitous. All of the egregious US programs have failed to make the public use crypto, but this seems to be well publicized enough that it might make a large chunk of people install and use good crypto.
The problem is that we fucked this up in the early 90s. HTTPS is a non-starter -- it's far too hard to set up, requires that you pay for each encrypted site, needs a separate IP for each site (so doesn't work with shared hosting), and requires the user to do something special and non-intuitive to visit the encrypted site. Moreover it's not the default for web servers, even though most web servers nowadays are free software written by and for the technocratic elite.
I won't even start on the problem of email - it took me (a serious techie) half a day to set up encryption for my email, and after one year was up I let it lapse because I don't think I'd sent a single encrypted email in that time, and it was going to take another hour or two to renew the certificate.
We screwed this one up I'm afraid.
Rich.
Fight back using their own legislation against thm (Score:2, Interesting)
Now, in itself one request wouldn't really make them reconsider - but if a few tens of thousand or more people started making these demands - which the government has to comply to - then they might get so swamped with requests, that it becomes too costly to maintain the system.
Re:Time for a new protocol (Score:2, Interesting)
Re:PGP... (Score:2, Interesting)
PGP doesn't help - this is a traffic-analysis database - only(!) collecting address (and possibly size) data not content (even for SMSs).
As it is it will be too big to try speculative "fishing trips" and probably too big for any searches to be affordable for any but the most serious cases (like putting the wrong items in a recycling bin - wish I WAS joking).
It will also be too big to backup.
For a while when I was employed by the IT department of a relatively small University I had to spend some time analysing the logs we took of all web accesses (who fetched which web page) to discover who was accessing pron or other items in contravention of our conditions of usage. It was not a job I enjoyed or thought necessary*, but even for less than 4000 users it needed near-supercomputer processing power to handle one days traffic in reasonable time. To search all the corresponding data for (say) 20 million users of landline, mobile, and VOIP phones plus email plus SMS plus web access plus IM (bet they've forgotten that) is going to need ridiculous amounts of power - even by GCHQ standards.
* we did catch two nursing students accessing child-porn (but not via this method), and about two students a week going beyond reasonable limits in accessing "forbidden" material and it did have a useful side-effect of pointing me at anything that was new and interesting (because lots of people suddenly started accessing it). But it really was a waste of time and resources.
This looks like it is going to be exactly the same for the UK Security Services.
Andy
Re:PGP... (Score:4, Interesting)
Unfortunately, in the UK they already have the power to demand that you hand over your encryption keys. The solution is not just encryption, but genuine random data sent between your encrypted emails. When they demand your keys simply, and legally, show them that it is random data. The system will not be able to cope with masses of data that _they_ will still believe is encrypted but for which no keys can be produced. Perhaps they will make an example of a few by taking them to court. Well, let's see what happens when it gets bounced to the European Court of Human Rights. The crime has not been committed unless it can be _proven_ to be committed.
When they (eventually) find some way of closing this loophole, then you start sending binary dumps of data. It is not encrypted but, to all intents and purposes, it is meaningless to anyone looking at it in transit. Will they then make sending binary data illegal? Can you imagine the economic and industrial fallout of such a law?
To those that think that this is pointless, I disagree. The first thing that will be apparent is the degree to which this monitoring is actually being conducted. No, not the hype that every email will be kept and read, but what can they _actually_ do with that much data? How many people will actually get a visit from the police? (My guess is none.) What I think will be apparent is that they will have a database that, once a suspect is identified, can be examined to find possible additional evidence. But they are not going to be reading everyone's emails everyday. That doesn't make the system any more acceptable but it will show that they are not going anywhere near the 'microphone in very home, restaurant etc' claim that someone posted earlier.
Then one has to think of all the data that they don't want. Spam, technical updates, forum summaries, OS binaries etc. Perhaps they will discover the ultimate filter for spam or, gasp, get tough on those that generate it - Heaven forbid that something useful might come from this ridiculous law. But, until that time, I sure there is someone bright enough on this forum to devise a piece of software that can hide a message inside something that appears to be spam, a technical update, or a forum summary. Flood the system so that the demands of storing and analysing this entirely innocent and legal data simply make the whole thing unworkable.
For the 'websites visited' database, that is even easier to flood. Google for a random word, and then have software visit every alternate link on that page, one every second, and simply discard the data. Hey, my broadband is already paid for, it will not affect my data downloading in the slightest. But the database that they have to hold is getting much bigger than they might first have imagined that it would. Out of all the sites that I might visit in 24hours (86400) they have to discover if one of them is actually a front for something more sinister. Before you howl about how one might download something that you wouldn't want to see anyway (pornography, terrorist website or whatever) my answer is that you might already stumble upon such a site anyway. The fact that you did no more that go to a Google link is not yet a criminal offence, and if they want to make it one then much of the internet advertising model is well and truly stuffed the minute they do so.
All of this is entirely legal but will get the public point of view across very quickly. And if the public don't want to do this sort of thing they perhaps they deserve the sort of Government that they seem to have. Yes, I'm a Brit but, no, I no longer live in the UK, by choice. Just my thoughts....
Re:This article is misleading (Score:3, Interesting)
The lower chamber (House of Commons) has MPs (members of Parliament) each directly elected by about 70000 people. There are 650-ish MPs in total.
Many MPs are members of the Labour party (they have the majority in the House of Commens, 349) or the Conservative party (next biggest, 193), but there are also Liberal Democrats (63) and others (~40). They can propose new laws. If they vote to pass a law, it goes to the House of Lords.
The House of Lords is about 750 people. 26 of them are Bishops of the Church of England -- because officially we're still religous here. They speak, but they don't vote -- personally, I'd like to see them removed, but as long as they don't vote no one seems to care enough to do anything about it.
There are then some Law Lords, but they're being removed because of a reform next year (they are the judges of the highest court in the UK).
The other lords are nominated/suggested and serve a life term. Generally, they're people with "a record of significant achievement within their chosen way of life". In theory, because they don't need to worry about being elected they can act as a check on the House of Commons -- and they generally do. Most of the stories on Slashdot -- this one included -- seem to pass the House of Commons but the House of Lords tell them to fuck off. The 42-day detention thing was rejected by the Lords earlier this week.
http://en.wikipedia.org/wiki/Reform_of_the_House_of_Lords#Appointment [wikipedia.org]
Re:I'd like to know, too. (Score:3, Interesting)
How does this change the current situation? (Score:2, Interesting)
UK:
Does the proposal apply only to emails send from eu/uk based ((web)email)providers? Or any emails travelling through their networks?
Re:Actually: *more* fucked up & don't seem to (Score:1, Interesting)
This stuff was in place under Clinton. I know an Ameritech switch tech that set up OC-192s from every tandem switching office in Michigan to North Carolina, the OC-192s carry mirrored traffic off the tandem switch. The processing requirements to mirror traffic so screwed up the tandem switches that they split the four tandem offices covering Metro Detroit into seven tandem offices. In the case of the Pontiac tandem it handed over up to 60,000 calls at any time, now every tandem handles about 25,000 calls peak. So if you make a call outside your central office and it doesn't go over a DIOT (Direct Inter Office Trunk) you're call is being recorded.
So this predates the Bush Administration. It is so mind boggling that something this huge has been set up and it has taken over 12 years to be exposed. But hey, one single switch tech did this to every tandem office in one state, that means that as many as 50 people knew about this, plus the software guys at Nortel and Lucent.
Re:I'd like to know, too. (Score:3, Interesting)
Re:PGP... (Score:3, Interesting)
Actually, I have read quite a bit about cryptanalysis. David Kahn's "The Code Breakers", Yardley's "American Black Chamber", "The Puzzle Palace", "The Ultra Americans", etc. Breaking into an unknown cipher is non-trivial. All the correspondents need to do is agree on the cipher *outside of their e-mail correspondence* (e.g., if this is Thursday then its ROT13 day). The analysis software has to first attempt to identify the cipher being used and then attempt to recover the key. The idea is that even ROT13 means the analysis software has to do some fairly hefty computing until the cipher is identified.
Having seen what kind of computing resources it takes to just analyze and classify all plain text network traffic at a moderate sized business (10,000 to 20,000 employees), I can tell you that just monitoring millions of people will take a huge amount of computing power. If the watchers are interested in only specific traffic, the task becomes feasible. If their goal is to monitor all traffic, the cost of computation means they'll need a huge amount of computing power. Throw in a little obfuscation and the task becomes incredibly difficult. Effectively, the sea of data collected puts the watchers back precisely where they are now: they can focus on just a small subset of the traffic.
Cheers,
Dave