UK Web Snooping Plan Invades Privacy, Despite Claims To the Contrary 65
sweetpea86 writes with a snippet from this story at TechWorld:"The UK government's proposal to separate communications data from content, as part of new plans to allow intelligence services to monitor all internet activity, is infeasible according to a panel of technology experts. Speaking at the 'Scrambling for Safety' conference in London, Ross Anderson, professor of security engineering at the University of Cambridge Computer Laboratory, said that the distinction between traffic data as being harmless and content as being sensitive is becoming less and less relevant. 'Now that people are living more and more of their lives online, the pattern of who you communicate with and in what order gives away pretty well everything,' he said. 'This means that, in data protection terms, traffic data is now very often going to be specially sensitive data.'"
Re:obviously (Score:5, Insightful)
the problem is that the ISP's aren't powerful ENOUGH imo.
They don't *want* to snoop, it slows their networks down to have to log everything, it involves major monetary investment to do so.
It's the government's who are vulnerable to Lobbying from the powerful rich corporations and groups like the *IAA who lobby for this crap. It's the governments who ignore the cries of the people about it.
Had the ISPs remained independent they'd have even LESS clout than they do now. The UK still has quite a few ISPs and there's less of a monopoly on areas than in the US, but companies aren't officially allowed to Lobby the government. I say officially because, frankly, theres been quite a few Cash for X scandals in the last decade or two. The most recent being Cash for Dinner with the PM scandal. So the UK Government will listen to those with power and money (Look at how they cosied up to Murdoch before the Phone Tapping Scandal, he barely needed to *pay* them anything to get them to do what he wanted)
It's not the ISPs fault that the government looks after itself before it looks after the people. It doesn't represent the people. It doesn't represent the corporations. It just looks to save itself, and at the moment that comes from listening to those with the cash.
Re:Missing the point (Score:5, Insightful)
The government seeing the data should not be that big a deal unless you have something to hide
Why not allow the government to install cameras in every room of your house? What are you hiding? You could be committing crimes in your house, after all.
Re:obviously (Score:5, Insightful)
Re:Trade-off (Score:5, Insightful)
do we want more privacy, accepting increased risks of criminal/terrorist acticity, or are we willing to trade off some privacy to get more security. This choice is political and should be democratically decided. Whether this applies to the internet or in other contexts actually
The problem is, we've not seen any real evidence that sacrificing privacy actually does result in increased security. Terrorists can easily use off-the-shelf tools like anonymous remailers, Tor and encryption and so the intelligence services don't get any information about who they're talking to or what they're saying even if they record and analyse 100% of UK Internet traffic. If a terrorist makes an encrypted SMTPS connection to a server in, say, China, that mail server makes (after a random delay) another encrypted connection to a mail server in, for example, Brazil, and then another terrorist collects the mail from the server in Brazil via IMAPS, then what can you learn? Very little unless you can monitor the entire Internet, and the Chinese probably don't want you to monitor their part any more than you want them to monitor yours.
Most counterterrorism operations get their intelligence from far more traditional sources.
technical impractical, implausible in a democracy (Score:4, Insightful)
1. if the UK government legislates the cost will be immense to develop the systems to scrape and deep packet inspect thousands upon thousands of protocols, and web2.0 websites.
2. much of the data is already end to end securely encrypted and can not be decrypted. it will be quite obscured who is talking to who with web2.0 applications just based on the IP address of people using eg slashdot via https.
3. there are lots of p2p protocols that are end to end securely encrypted. For example skype calls commonly go through multiple relays. seeing the IP address and an encrypted skype channel between your computer and a high bandwidth relay wont tell you who is talking to who.
4. there exist many VPN services connecting to many jurisdictions which trivially bypass the proposed intrusions.
5. its following Chinas example, which is a bad precedent, already we see Iran, Syria, pre-revolution Egypt defending their intrusion and interference with the internet drawing parallels with initiatives such as this. US, UK et al had fine words to say against such abuses in undemocratic countries and dictatorships, and yet here we have the UK proposing to do similar things to their own citizens.
6. most web mail and web 2.0 sites and applications and protocols are developed and hosted outside the UK, so the UK lacks the technical authority to capture the traffic - users who care will just VPN or use end to end encryption to freer countries. This legislation if passed will likely see less development and hosting done in the UK harming the UK economic competitiveness in the information economy.
7. what is the end game? If one credibly wants to actual capture data one has to follow China, Iran et al and outlaw encryption, outlaw VPNs, outlaw development of software without government backdoors, license software development, restrict access to compilers without a government license, impose a draconian country level firewall. This is all highly implausible and incompatible with a democracy.
8. I think government has not thought this through at all. Probably they are thinking that they can just record IPs like you can record phone numbers on a voice call. The internet is not like that. It is an open, global platform for applications. The communications traffic is hopelessly co-mingled with data in many applications.
9. Unfortunately the government has limited technical expertise and has blinkered and fooled by the "if we could just save one..." argument.
10. There is no cost benefit analysis. You are more likely to die by crashing your car than due to violent extremists actions. More likely to die by random lightening strike. There is a limit to the costs, erosion of freedom a democracy should be willing to inflict on itself in the name defense. If we take it too far the extremists have won.
11. We would be better off spending the money on human intelligence. One of the defense conclusions was a western intelligence failure in the middle east area
12. there appears to be no planned judicial or credible independent oversight. That is inappropriate in a democracy. In what way would it harm defense to require a court order from a judge to interfere with and deep packet inspect the internet traffic of a target of investigation.
Re:obviously (Score:2, Insightful)
the problem is that the ISP's aren't powerful ENOUGH imo.
They don't *want* to snoop
w0w :} ye ye .... let me make some basic math on how much it will cost my ISP to store my traffic , for lets say 6 months ..... ...i'm limited at 100Mbps upload and 100Mbps download ...i'm from Europe, so i'm downloading/uploading ...its more but let's say its 40 .... .... but I can ...or whatever , just to force them to store all my taffic ...then again , I can connect VPN inside an running VPN runnel... ...soo .....they'll be able to store my encrypted traffic ? why? Total waste of space :] .... ...more switches , so they can connect the servers ....and what to ISPs get ? Nothing ....so they have to double their investment, and I can still ...so what's the point ??? To sniff me ?They'll never be able to do it :) So GL to the governments and the stupid ppl running them ... u can monitor the stupid user ....every1 who wants to hide from u , will do it ..so , what's
So.... i'm having FO to my home
torrents non stop (its legal so why not xD ) so , mu avrg traffic is around 40Mbps (combined up + down)
So how much space will they have to seperate only for my traffic ? THey may only sniff parts of the traffic (for exmaple mail and web)
use VPN , or Proxy
just for the fun
So in the end they'll need to invset huge amounts of money to get HDDs to store the info , huge amounts for new server witch to do the actual work
oh
protect my traffic
witch think that they can control or monitor the internet
the point ? Waste money ?!
Terrorists don't win (Score:2, Insightful)
Terrorists don't win you know, and despite occasionally killing some people they don't pose a long term threat to any free society. Al Qaeda didn't take over Egypt, the Egyptian military did.
On the other hand military and security forces take over their own countries all the time. Right now South Ossetia had an election, it voted for a candidate, the interim government struck down the elections, barred the winner from standing, and now they voted 54% for the Russian backed former KGB chief, the other opponent was also a Russian backed candidate. Nice huh, they wanted freedom and now they have a KGB stooge.
You can say "it could never happen here", but it happens literally EVERYWHERE.
The biggest threat to democratic freedom was, is and always will be, their own internal security forces, not some nutty Pakistanis with a bag of fertilizer. It's always the man with the medals and ego who think he knows best.
Re:Trade-off (Score:4, Insightful)
You do not know what you are talking about. Privacy ___IS___ security. Privacy breaches are security breaches. Giving away your privacy does not make you more secure, and giving away the privacy of others doesn't either. As
Terrorism is not about blowing things up, it's about scaring people.
"Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety."
If Benjamin Franklin got this in 1775 - why don't people today?