Slashdot Log In
Berners-Lee Says No To Internet Snooping
Posted by
timothy
on Wed Mar 11, 2009 03:34 PM
from the and-what-does-this-guy-know? dept.
from the and-what-does-this-guy-know? dept.
Jack Spine writes "The inventor of the World Wide Web has pointed out some of the dangers of deep packet inspection. Sir Tim said that ISPs 'snooping' on data was similar to the interception of mail. 'This is very important to me, as what is at stake is the integrity of the internet as a communications medium,' Berners-Lee said on Wednesday. TBL's comments come as the UK government is gearing up to intercept all web communications in the UK through the Intercept Modernisation Programme, and echo comments he made last year about Phorm."
Related Stories
[+]
Berners-Lee Rejects Tracking 155 comments
kernowyon writes "The BBC has an interview with Sir Tim Berners-Lee during his visit to the UK on their website currently.
In it, he voices his concern about the practice of tracking activity on the internet — with particular reference to Phorm.
Quotes Sir Tim with regard to his data — "It's mine — you can't have it. If you want to use it for something, then you have to negotiate with me.""
[+]
UK Gov't Proposes Massive Internet Snooping, Data Storage 342 comments
Barence writes "Big Brother Britain moved a step further today with the news that the Government will store 'a billion incidents of data exchange a day' as details of every text, email and browsing session in the UK are recorded. Under new proposals published yesterday, the information will be made available to police forces in order to crack down on serious crime, but will also be accessible by local councils, health authorities and even Ofsted and the Post Office. The Conservatives have criticised the idea, with the Shadow Home Secretary saying, 'yet again the Government has proved itself unable to resist the temptation to take a power quite properly designed to combat terrorism to snoop on the lives of ordinary people in everyday circumstances.'"
Firehose:Berners-Lee says no to internet 'snooping' by Anonymous Coward
[+]
UK Gov't May Track All Facebook Traffic 204 comments
Jack Spine writes "The UK government, which is becoming increasingly Orwellian, has said that it is considering snooping on all social networking traffic including Facebook, MySpace, and bebo. This supposedly anti-terrorist measure may be proposed as part of the Intercept Modernisation Programme according to minister Vernon Coaker, and is exactly the sort of deep packet inspection web inventor Sir Tim Berners-Lee warned about last week. The measure would get around the inconvenience for the government of not being able to snoop on all UK web traffic."
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Full
Abbreviated
Hidden
Loading... please wait.
Inventor of the world wide (Score:5, Funny)
The inventor of the world wide what?
Re:Inventor of the world wide (Score:5, Funny)
Its a typo. It should read "word wide". TBL invented the word "wide" because prior to then most things were narrow.
Parent
Re: (Score:3, Funny)
The dream of encryption (Score:5, Insightful)
Re:The dream of encryption (Score:4, Interesting)
PGP keys only help with email.
Far better to move the entire web to ONLY ssl based servers, (after fixing ssl of course).
Parent
Re:The dream of encryption (Score:5, Interesting)
Where have YOU been living?
1. I have _multiple_ active GPG keys. All Ubuntu has GPG on them by default.
2. I use TOR regularly, which uses multiple levels of encryption.
3. I use HTTPS sites regularly. Not the old dinky 40bit keys either.
4. My filesystem on my laptops are encrypted via DM_CRYPT and Luks.
5. Every machine I communicate with has SSH. Therefore, I also have encrypted data tunnels for everything.
6. I use W.A.S.T.E.
Yeah. That whole encryption thing died out a while back. Uh huh.
Parent
Re:The dream of encryption (Score:4, Funny)
Parent
Re:The dream of encryption (Score:5, Informative)
What do you mean "Weirdo"?
Anybody that uses a Unix based system (BSD, Linux, Solaris) all use a variant of OpenSSH.
Anybody that buys stuff on the net uses 128bit SSL.
Even that child porn dude that's in the supreme court knew enough to use TrueCrypt.
Or even another encryption used: WEP and WPA. There's 2 very standard, "non-weird" encryptions. They just arent terribly strong.
Parent
Re:The dream of encryption (Score:5, Insightful)
Because most of us came to this realization: http://xkcd.com/538/ [xkcd.com] or the fact that 90% of it doesn't matter.
All of my Tax documents and other financial stuff is on a 256-bit encrypted disk image. But why the hell do I need to encrypt the message to my mom about my Easter plans? Furthermore, how do I explain to someone that just learned to use a computer that Obama wants to know if it's going to be Ham or Turkey.
And the last time I planned something big and illegal we sure as hell didn't EMAIL each other about it, we met in person. (3 friends of mine all worked at Taco Bell through High School. Summer before college we planned a heist of the flags off the top. I still have a flag I fly on Rugby trips with the Taco Bell Dog.)
Parent
Re:The dream of encryption (Score:5, Insightful)
The problem with the xkcd cartoon is that it only applies if whoever wants your information knows that you have it.
The point of general encryption is that fishing expeditions are impossible... so the "juicy" stuff that would warrant attention from the powers that be is hidden in the morass of all the other encrypted data.
Yes, a ten-dollar hammer can be used to get my keys from me... but how do you know I've got the goods if you've never been able to read anyone's data?
Parent
Re:The dream of encryption (Score:5, Insightful)
Because most of us came to this realization: http://xkcd.com/538/ [xkcd.com] or the fact that 90% of it doesn't matter.
All of my Tax documents and other financial stuff is on a 256-bit encrypted disk image. But why the hell do I need to encrypt the message to my mom about my Easter plans?
Because if somebody's watching you send all those messages to your mom about Easter plans and then suddenly see encrypted traffic, they're going to know that the encrypted traffic must have been special and then come after you with the wrench?
Parent
Re:The dream of encryption (Score:5, Insightful)
The world has moved beyond simply sending encrypted e-mails back and forth. Steganography, torrents, tor, etc.
If I REALLY wanted to coordinate killing the president or something big. I'd probably use YouTube or Craigslist where the Signal to Noise is infinitely small. I'd embed an encrypted stegano message inside video of a guy lighting farts on fire or 'casual encounter' ad. Heck, put up some eBay listings with big pictures. How do you know that latest version of Heroes you downloaded from Bit Torrent doesn't have a 5MB image embedded in it with the President's route on some foreign trip?
How about those Spam messages that look like a ton of gibberish, do you know they're not some secret code?
I'm sure if a few Slashdoters put their minds to it, they could come up with a bit more ingenious ways of sending messages than 'plain text' encrypted PGP e-mails.
The next terrorist isn't going to suddenly start sending encrypted messages from a normal account.
Parent
Re:The dream of encryption (Score:5, Insightful)
A lot of very foolish people have overgeneralized the point of that cartoon.
The $5 wrench attack does work to defeat encryption, but it only works when someone is specifically interested in you.
The bad guys cannot put a $5 wrench on the backbone and slurp up everything. The only way they can do that, is if people agree to not encrypt.
If you encrypt, you defeat massive-scale surveillance. And you are not defeating a theoretical attack; you're not even defeating a plausible attack. You defeat an attack that the US government is known to be using.
You don't need to read phrack or 2600 to know about this; read the New York Times or turn on your TV and watch Frontline. Get your head out of the sand.
Parent
Re:The dream of encryption (Score:5, Insightful)
Because I might be looking for houses to burgle on Easter.
Because privacy should be the default. Instead of asking why your plans should be secret, ask why your plans should be public. It's just as legitimate of a question.
Good for you. But there's more to life than planning crimes, and there are other threats than government law enforcement (they just happen to be the most high-profile). I know some people think that the only purpose of the internet is for pedophiles to trade porn, but really, people do have other uses for it. Most of those uses are nobody else's business. If you wanted the world to know your Easter plans, you could have posted them to Usenet. Instead, you chose email.
Parent
Privacy for the rest of us (Score:5, Insightful)
Encryption gives a sometimes false sense of security, and the technology is a hassle. It's better to reinforce societal expectations for privacy where it is due, and let social mechanisms (like laws and market reputation) do the job.
Consider e.g. that if you use https from your workplace and see the happy little lock icon in FF or IE, you probably feel safe.
But some workplaces insert a proxy in between you and gmail (or what have you), having stuffed the proxy's certificate on your (their) work machine through local policy. Unbeknownst to you, your employer then sees the communication which you thought was totally private. Now imagine if an ISP could do that and get away with it.
The point is that even if you do *care*, the technology is hard to keep track of, and there is an arms-race ladder of one-upmanship that makes this a never-ending game, which some nerds can win, and most of us will lose.
What will really keep you safe is to stand up for a reasonable expectation of privacy where it should exist, and create norms and laws that protect this. Saying "NO" to Phorm or other invasions by ISPs is part of that approach, and creates legal and commercial consequences that are more effective than asking every grandma to mess with PGP.
Parent
Re: (Score:3, Insightful)
Key exchange is hard.
If we had signed DNS, and DNS started distributing X.509 certificates ("type CERT queries"), then secure email really would hit the mainstream.
Re:The dream of encryption (Score:4, Insightful)
Then they're not hard-core geeks.
Geez, they're not even soft-core geeks. In December 2005, paranoid what-if rants about theoretical risks, became mainstream knowledge. If you're awake (geek or not), you know we have to start encrypting.
Parent
Re:The dream of encryption (Score:5, Interesting)
the promise of the internet is free and open communications.
What we do with our data is entirely up to us, and nobody else. Not "the government", not ISPs. This includes encrypting whatever is being transmitted.
You may share any paper, report, program, comment that is yours to publish. Some communications using the Internet should be more like a phone conversation (before USAPATRIOT stupidity), in which a modicum of privacy is a reasonable presumption.
Parent
Re:The dream of encryption (Score:4, Insightful)
"The promise of the internet is free and open data."
I thought the promise of the internet was free porn.
Seriously, it started as a government program and open and free communications was not the goal.
Parent
Freedom to Conspire (Score:5, Funny)
Which side are you on: CONTROL or KAOS? That is the question. The Government can only answer that question if it can intercept your communications. Are you going to let them? Can you stop them? Do you care?
All I can say is that you should Get Smart!
This is good (Score:5, Insightful)
People like Sir Tim need to speak out on such issues, because their contributions to science and technology are touted by our leaders as 'proof' of Britain being a modern, forward thinking society - rather than the withered, reactionary, largely technophobic old empire we in fact are.
bad long-term solution (Score:5, Interesting)
When governments start snooping on everything they make it harder to snoop on criminals in the future. This makes lots more people want secure networks, which makes more people create tools to make it easy to send/receive encrypted data, which makes even the people who don't know about the issues aware of the issues and tools. Once the tools/protocols become normal, police won't be able to snoop on suspected criminals even with a court order because everything is encrypted.
That'll just make them pass more laws and restrict ISPs so that unsnoopable content isn't allowed. Which will make people start creating stenogrphy tools so things look snoopable, which will make other people aware of the issues and wonder why the gov't is so concerned and start using them.
Then people start using those tools and snooping becomes more expensive (trying to detect stenogaphy) and still useless. But it will get lots of otherwise innocent people in trouble for using encryption or stenography to do something unimportant like send email to their mother.
If police stick to treating everyone as innocent until they had a valid reason to think otherwise and then got a court order they will have a lot more ability to snoop in the future.
Re:At this point does it need to be said? (Score:4, Insightful)
Parent
Re:At this point does it need to be said? (Score:5, Funny)
Just mail a copy of each one to yourself at another account and someone will decrypt them for you. I can't tell you who, I've already told you too much and I'm afraid awi3qu91 108OI)
[NO CARRIER]
Parent
Re:What a fucking fantasy land Sir Timmy lives in. (Score:5, Insightful)
Parent