Forgot your password?
typodupeerror
Privacy Government United Kingdom Your Rights Online

UK Web Snooping Plan Invades Privacy, Despite Claims To the Contrary 65

Posted by timothy
from the you're-doing-a-wrong-thing-badly dept.
sweetpea86 writes with a snippet from this story at TechWorld:"The UK government's proposal to separate communications data from content, as part of new plans to allow intelligence services to monitor all internet activity, is infeasible according to a panel of technology experts. Speaking at the 'Scrambling for Safety' conference in London, Ross Anderson, professor of security engineering at the University of Cambridge Computer Laboratory, said that the distinction between traffic data as being harmless and content as being sensitive is becoming less and less relevant. 'Now that people are living more and more of their lives online, the pattern of who you communicate with and in what order gives away pretty well everything,' he said. 'This means that, in data protection terms, traffic data is now very often going to be specially sensitive data.'"
This discussion has been archived. No new comments can be posted.

UK Web Snooping Plan Invades Privacy, Despite Claims To the Contrary

Comments Filter:
  • by Anonymous Coward

    It's the tecchies' fault. In the '90s they formed a plethora of ISPs, small and independent. Then they became greedy businessmen, saw the pound/dollar signs in their eyes and allowed themselves to be bought up and consolidated, leaving only a few independent providers (e.g. the strongly anti-censorship AAISP). These corporations, most with government contracts, are happy to kowtow and wouldn't dare raise too much of a fuss.

    Had they remained the independent, revolutionary force that initially brought the Int

    • Re:obviously (Score:5, Insightful)

      by Canazza (1428553) on Saturday April 21, 2012 @06:01AM (#39754685)

      the problem is that the ISP's aren't powerful ENOUGH imo.
      They don't *want* to snoop, it slows their networks down to have to log everything, it involves major monetary investment to do so.
      It's the government's who are vulnerable to Lobbying from the powerful rich corporations and groups like the *IAA who lobby for this crap. It's the governments who ignore the cries of the people about it.
      Had the ISPs remained independent they'd have even LESS clout than they do now. The UK still has quite a few ISPs and there's less of a monopoly on areas than in the US, but companies aren't officially allowed to Lobby the government. I say officially because, frankly, theres been quite a few Cash for X scandals in the last decade or two. The most recent being Cash for Dinner with the PM scandal. So the UK Government will listen to those with power and money (Look at how they cosied up to Murdoch before the Phone Tapping Scandal, he barely needed to *pay* them anything to get them to do what he wanted)

      It's not the ISPs fault that the government looks after itself before it looks after the people. It doesn't represent the people. It doesn't represent the corporations. It just looks to save itself, and at the moment that comes from listening to those with the cash.

      • Re: (Score:2, Insightful)

        by Anonymous Coward

        the problem is that the ISP's aren't powerful ENOUGH imo.
        They don't *want* to snoop

        w0w :} ye ye .... let me make some basic math on how much it will cost my ISP to store my traffic , for lets say 6 months .....
        So.... i'm having FO to my home ...i'm limited at 100Mbps upload and 100Mbps download ...i'm from Europe, so i'm downloading/uploading
        torrents non stop (its legal so why not xD ) so , mu avrg traffic is around 40Mbps (combined up + down) ...its more but let's say its 40 ....
        So how much space will they

      • by gl4ss (559668)

        once an isp becomes big enough they want to snoop. because they own the cable too. because they own(ed) your landline too and want to bill you for skype. and they want to bill you for your xbox-data separately. why? because they're dicks. they also want to bend over backwards to the government for snooping. again why? well, to please them. that's one thing, so they don't cut your monopolistic areas up, then there's another thing which is essentially billing the government for snooping.

    • Re:obviously (Score:5, Insightful)

      by TheRaven64 (641858) on Saturday April 21, 2012 @06:26AM (#39754757) Journal
      The small ISPs did not become big ISPs, the incumbent telecoms and cable companies became big ISPs. There are still a lot of small ISPs, but they account for under 10% of the market between them. Virgin Media and BT control almost all of the physical infrastructure, and along with a handful of other big companies (e.g. Sky) also control the majority of the customer-facing side. Even if you go with AAISP, they're still using BT's network, so there's little they can do if BT starts snooping on the backbone.
      • Re:obviously (Score:4, Informative)

        by jimicus (737525) on Saturday April 21, 2012 @08:10AM (#39755005)

        It's worth pointing out for the benefit of anyone who doesn't know much about how UK ISPs work:

        The incumbent telco, British Telecom, set up their own broadband network and also sold their DSL product at a wholesale rate to ISPs. There was quite a lot of fuss from ISPs about this, as the incumbent effectively had an advantage over them - the incumbent owned the infrastructure so could do what they liked with it, up to and including unceremoniously yanking customers broadband.

        The upshot is that British Telecom was split into two companies: Wholesale (BT Openreach) and retail (the company you buy your telephone line and broadband from). Openreach own and run the infrastructure, retail effectively just packages and resells it. You or I cannot approach BT Openreach under any circumstances. They won't investigate issues, they won't talk about new or existing lines, they won't do anything unless you're a company that has a contract with them. They will politely point you in the direction of a retailer.

        Anyone can set up an ISP and contract BT Openreach. Optionally, they can put their own equipment in the telephone exchanges though this is generally limited to the larger of the (still pretty small) alternative ISPs. But even if they put their own equipment in the telephone exchange, actually running the copper between telephone exchange and customer is contracted out to BT Openreach.

        The telephone line rental is totally separate from the broadband, and many of the smaller ISPs won't contract Openreach for the line rental itself or any telephone calls that run over it - they'll only deal with the broadband. Which means it's quite possible to be in a position that your ISP is blaming your telephone provider for your broadband being down; your telephone provider is blaming your ISP. Lots of people I know won't even consider buying broadband unless they can get the phone line from the same company for exactly this reason.

        • Optionally, they can put their own equipment in the telephone exchanges though this is generally limited to the larger of the (still pretty small) alternative ISPs

          This is only true on exchanges with local loop unbundling. I'm not sure what percentage of exchanges now support LLU, but it's based on consumer demand (which is silly, because consumers don't demand it) and my mother's exchange only got it very recently.

          The telephone line rental is totally separate from the broadband

          And, worse, BT does not offer naked DSL, so unless you are on an LLU exchange and using an LLU supplier then you get to pay BT £14.60/month for a phone line that you might not use. If you don't use the landline then it's almost impossible for ADSL I

  • Trade-off (Score:4, Interesting)

    by Anonymous Coward on Saturday April 21, 2012 @06:10AM (#39754709)

    There is always this trade-off: do we want more privacy, accepting increased risks of criminal/terrorist acticity, or are we willing to trade off some privacy to get more security. This choice is political and should be democratically decided. Whether this applies to the internet or in other contexts actually makes little difference, so the trade-off isn't new either. The difference is that just in the present more dangerous climate, more voters are willing to accept some loss of privacy.

    • Re: (Score:3, Informative)

      by Anonymous Coward

      do we want more privacy, accepting increased risks of criminal/terrorist acticity, or are we willing to trade off some privacy to get more security.

      The first one. Whatever the ignorant masses think, the latter two will just make it easier for an oppressive government to abuse its citizens.

    • Re:Trade-off (Score:5, Insightful)

      by TheRaven64 (641858) on Saturday April 21, 2012 @06:31AM (#39754765) Journal

      do we want more privacy, accepting increased risks of criminal/terrorist acticity, or are we willing to trade off some privacy to get more security. This choice is political and should be democratically decided. Whether this applies to the internet or in other contexts actually

      The problem is, we've not seen any real evidence that sacrificing privacy actually does result in increased security. Terrorists can easily use off-the-shelf tools like anonymous remailers, Tor and encryption and so the intelligence services don't get any information about who they're talking to or what they're saying even if they record and analyse 100% of UK Internet traffic. If a terrorist makes an encrypted SMTPS connection to a server in, say, China, that mail server makes (after a random delay) another encrypted connection to a mail server in, for example, Brazil, and then another terrorist collects the mail from the server in Brazil via IMAPS, then what can you learn? Very little unless you can monitor the entire Internet, and the Chinese probably don't want you to monitor their part any more than you want them to monitor yours.

      Most counterterrorism operations get their intelligence from far more traditional sources.

      • by houghi (78078)

        Why all the mailservers? Post an encrypted message on Usenet and you can't even track who they are sending it to.

        Post some nice wallpapers in a wallpaper group. Put your message inside. Best post images each and every day.

        As you made the wallpapers yourself, they have no way of comparing it to what already exists.

        • Sure, and there are lots of even more clever ways of doing it. My point is that even without really trying - just with having two mail accounts, in a fairly generic configuration, in different countries you get a chain that gives the intelligence services nothing. The terrorists don't even need to be vaguely clever to do that, they just have to not use hotmail (actually, depending on intelligence sharing, using hotmail might also work - all that the UK side would know was that they both connected to the s
    • Re:Trade-off (Score:4, Interesting)

      by MoogMan (442253) on Saturday April 21, 2012 @07:17AM (#39754875)

      Privacy and security are almost never a zero sum game. In this case, reducing privacy isn't going to help find more 'criminal/terrorist activity'; It will just cause them to use Freenet, TOR, steganography, for comunication etc. instead and result in making it even harder to track real criminal activity.

      Secondly, common people are really really bad at making these risk-reward trade-offs (for instance, many people have a fear of flying, but a more rational reaction would be to have a fear of travelling to get a flight as you're more likely to get killed in a car/bus on the way to your flight, than actually flying; you may tell your children to 'never talk to strangers', but in fact that would put them in a far worse position if they ever got lost -- the huge majority of people are not evil! etc.) - we'd be better off delegating to a panel of economists and statisticians to determine the outcome.

      • Privacy and security are almost never a zero sum game. In this case, reducing privacy isn't going to help find more 'criminal/terrorist activity'; It will just cause them to use Freenet, TOR, steganography, for comunication etc. instead and result in making it even harder to track real criminal activity.

        The trouble with this argument -- and I write this as someone who is a strong believer in privacy -- is that it assumes all bad guys are smart. Many bad guys don't come from the genius pool, as we can tell from the ways they eventually get caught and the number of times someone has slipped through all this security theatre but then failed to cause any real damage anyway. If anything, the fact that so many bad guys don't seem to be that smart has been doing more to protect us than anything else lately.

        I don'

    • by Anonymous Coward

      Terrorists don't win you know, and despite occasionally killing some people they don't pose a long term threat to any free society. Al Qaeda didn't take over Egypt, the Egyptian military did.

      On the other hand military and security forces take over their own countries all the time. Right now South Ossetia had an election, it voted for a candidate, the interim government struck down the elections, barred the winner from standing, and now they voted 54% for the Russian backed former KGB chief, the other oppon

    • Re:Trade-off (Score:4, Insightful)

      by devitto (230479) on Saturday April 21, 2012 @07:38AM (#39754923) Homepage Journal

      You do not know what you are talking about. Privacy ___IS___ security. Privacy breaches are security breaches. Giving away your privacy does not make you more secure, and giving away the privacy of others doesn't either. As
      Terrorism is not about blowing things up, it's about scaring people.

      "Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety."

      If Benjamin Franklin got this in 1775 - why don't people today?

      • If Benjamin Franklin got this in 1775 - why don't people today?

        Because most people in the West remember 9/11 and similar events in other countries close to home, but don't remember McCarthyism and the Holocaust.

        Because we prefer to dwell on the successes of the Arab Spring and the liberation of Libya where our armed forces helped, rather than considering the brutal suppression of popular opposition to the state in places like Iran and Syria.

        It's a case of "It would never happen to me!" when it comes to privacy, but "Fear the bogeyman!" when it comes to security. Unfort

    • by Hentes (2461350)

      "Any society that would give up a little liberty to gain a little security will deserve neither and lose both." - Benjamin Franklin

  • by improfane (855034) * on Saturday April 21, 2012 @06:13AM (#39754717) Journal

    Can anyone think of anything equivalent to this in history? Where people were under extensive surveillance? What happened?

    There has to be a crunching point for things like this, society is meant to limp forward gradually. Hopefully it will get better after it gets worse...

    • Can anyone think of anything equivalent to this in history? Where people were under extensive surveillance? What happened?

      There has to be a crunching point for things like this, society is meant to limp forward gradually. Hopefully it will get better after it gets worse...

      East Germany's GRU comes to mind. The dossiers on every private citizen made this intolerable and invasive tyranny rather resilient to civil protest.

  • by Anonymous Coward on Saturday April 21, 2012 @07:01AM (#39754845)

    1. if the UK government legislates the cost will be immense to develop the systems to scrape and deep packet inspect thousands upon thousands of protocols, and web2.0 websites.

    2. much of the data is already end to end securely encrypted and can not be decrypted. it will be quite obscured who is talking to who with web2.0 applications just based on the IP address of people using eg slashdot via https.

    3. there are lots of p2p protocols that are end to end securely encrypted. For example skype calls commonly go through multiple relays. seeing the IP address and an encrypted skype channel between your computer and a high bandwidth relay wont tell you who is talking to who.

    4. there exist many VPN services connecting to many jurisdictions which trivially bypass the proposed intrusions.

    5. its following Chinas example, which is a bad precedent, already we see Iran, Syria, pre-revolution Egypt defending their intrusion and interference with the internet drawing parallels with initiatives such as this. US, UK et al had fine words to say against such abuses in undemocratic countries and dictatorships, and yet here we have the UK proposing to do similar things to their own citizens.

    6. most web mail and web 2.0 sites and applications and protocols are developed and hosted outside the UK, so the UK lacks the technical authority to capture the traffic - users who care will just VPN or use end to end encryption to freer countries. This legislation if passed will likely see less development and hosting done in the UK harming the UK economic competitiveness in the information economy.

    7. what is the end game? If one credibly wants to actual capture data one has to follow China, Iran et al and outlaw encryption, outlaw VPNs, outlaw development of software without government backdoors, license software development, restrict access to compilers without a government license, impose a draconian country level firewall. This is all highly implausible and incompatible with a democracy.

    8. I think government has not thought this through at all. Probably they are thinking that they can just record IPs like you can record phone numbers on a voice call. The internet is not like that. It is an open, global platform for applications. The communications traffic is hopelessly co-mingled with data in many applications.

    9. Unfortunately the government has limited technical expertise and has blinkered and fooled by the "if we could just save one..." argument.

    10. There is no cost benefit analysis. You are more likely to die by crashing your car than due to violent extremists actions. More likely to die by random lightening strike. There is a limit to the costs, erosion of freedom a democracy should be willing to inflict on itself in the name defense. If we take it too far the extremists have won.

    11. We would be better off spending the money on human intelligence. One of the defense conclusions was a western intelligence failure in the middle east area

    12. there appears to be no planned judicial or credible independent oversight. That is inappropriate in a democracy. In what way would it harm defense to require a court order from a judge to interfere with and deep packet inspect the internet traffic of a target of investigation.

  • by dryriver (1010635) on Saturday April 21, 2012 @07:15AM (#39754869)
    Here's what the Conservative/LibDem Coalition apparently promised before they were elected: (copy-pasted from http://webarchive.nationalarchives.gov.uk/20100919110641/http://programmeforgovernment.hmg.gov.uk/civil-liberties/index.html [nationalarchives.gov.uk]) We will implement a full programme of measures to reverse the substantial erosion of civil liberties and roll back state intrusion. We will introduce a Freedom Bill. We will scrap the ID card scheme, the National Identity register and the ContactPoint database, and halt the next generation of biometric passports. We will outlaw the finger-printing of children at school without parental permission. We will extend the scope of the Freedom of Information Act to provide greater transparency. We will adopt the protections of the Scottish model for the DNA database. We will protect historic freedoms through the defence of trial by jury. We will restore rights to non-violent protest. We will review libel laws to protect freedom of speech. We will introduce safeguards against the misuse of anti-terrorism legislation. We will further regulate CCTV. We will end the storage of internet and email records without good reason. We will introduce a new mechanism to prevent the proliferation of unnecessary new criminal offences. We will establish a Commission to investigate the creation of a British Bill of Rights that incorporates and builds on all our obligations under the European Convention on Human Rights, ensures that these rights continue to be enshrined in British law, and protects and extends British liberties. We will seek to promote a better understanding of the true scope of these obligations and liberties.
    • by sa1lnr (669048)

      Rule number One:

      Never believe anything a politician/political party says when they are trying to get elected.

    • Yet, pilot schemes running in Nottingham schools (primary and secondary) mandate the fingerprinting of children as young as 5 not only for access to class but to eat lunch! No parental permission required... hell, you don't get to find out unless your kids tell you, because the LEA isn't volunteering the information. This is all being done under the radar.

      As for a Bill of Rights, we already have one of those. It was signed by William of Orange in 1688 and passed into Law in 1689. Too bad it's ignored by tho

  • by Anonymous Coward

    There's an e-petition in opposition here: http://epetitions.direct.gov.uk/petitions/32400

  • Protest like they did in Canada. Send the Ministers and your government representatives including the PM everything. For days they CCed them on every email, posted what they are doing to their members twitter accounts. After several days of having the Parliamentary mail and web servers taken to their knees the bill they were trying to introduce was 'sent to committee' (killed). People can make a difference
  • "UK Web Snooping Plan Invades Privacy" No shit, sherlock.

Any sufficiently advanced technology is indistinguishable from a rigged demo. - Andy Finkel, computer guy

Working...