UK Web Snooping Plan Invades Privacy, Despite Claims To the Contrary 65
sweetpea86 writes with a snippet from this story at TechWorld:"The UK government's proposal to separate communications data from content, as part of new plans to allow intelligence services to monitor all internet activity, is infeasible according to a panel of technology experts. Speaking at the 'Scrambling for Safety' conference in London, Ross Anderson, professor of security engineering at the University of Cambridge Computer Laboratory, said that the distinction between traffic data as being harmless and content as being sensitive is becoming less and less relevant. 'Now that people are living more and more of their lives online, the pattern of who you communicate with and in what order gives away pretty well everything,' he said. 'This means that, in data protection terms, traffic data is now very often going to be specially sensitive data.'"
obviously (Score:1)
It's the tecchies' fault. In the '90s they formed a plethora of ISPs, small and independent. Then they became greedy businessmen, saw the pound/dollar signs in their eyes and allowed themselves to be bought up and consolidated, leaving only a few independent providers (e.g. the strongly anti-censorship AAISP). These corporations, most with government contracts, are happy to kowtow and wouldn't dare raise too much of a fuss.
Had they remained the independent, revolutionary force that initially brought the Int
Re:obviously (Score:5, Insightful)
the problem is that the ISP's aren't powerful ENOUGH imo.
They don't *want* to snoop, it slows their networks down to have to log everything, it involves major monetary investment to do so.
It's the government's who are vulnerable to Lobbying from the powerful rich corporations and groups like the *IAA who lobby for this crap. It's the governments who ignore the cries of the people about it.
Had the ISPs remained independent they'd have even LESS clout than they do now. The UK still has quite a few ISPs and there's less of a monopoly on areas than in the US, but companies aren't officially allowed to Lobby the government. I say officially because, frankly, theres been quite a few Cash for X scandals in the last decade or two. The most recent being Cash for Dinner with the PM scandal. So the UK Government will listen to those with power and money (Look at how they cosied up to Murdoch before the Phone Tapping Scandal, he barely needed to *pay* them anything to get them to do what he wanted)
It's not the ISPs fault that the government looks after itself before it looks after the people. It doesn't represent the people. It doesn't represent the corporations. It just looks to save itself, and at the moment that comes from listening to those with the cash.
Re: (Score:2, Insightful)
the problem is that the ISP's aren't powerful ENOUGH imo.
They don't *want* to snoop
w0w :} ye ye .... let me make some basic math on how much it will cost my ISP to store my traffic , for lets say 6 months ..... ...i'm limited at 100Mbps upload and 100Mbps download ...i'm from Europe, so i'm downloading/uploading ...its more but let's say its 40 ....
So.... i'm having FO to my home
torrents non stop (its legal so why not xD ) so , mu avrg traffic is around 40Mbps (combined up + down)
So how much space will they
Objecting to the right things (Score:3)
it slows their networks down to have to log everything
It would lag everything, gamers should complain LOUDLY
That is highly unlikely. They would probably be taking a copy of the data at some critical part of the network and then everything else would happen on some secondary out-of-band network. The kind of hardware they'd be using to do that is also used by, for example, high frequency traders, who literally win or lose millions by being milliseconds faster than the other guy.
It would, however, almost certainly cost a staggering amount of money to buy the hardware to implement all of this, and the people warning
Re: (Score:2)
once an isp becomes big enough they want to snoop. because they own the cable too. because they own(ed) your landline too and want to bill you for skype. and they want to bill you for your xbox-data separately. why? because they're dicks. they also want to bend over backwards to the government for snooping. again why? well, to please them. that's one thing, so they don't cut your monopolistic areas up, then there's another thing which is essentially billing the government for snooping.
Re:obviously (Score:5, Insightful)
Re:obviously (Score:4, Informative)
It's worth pointing out for the benefit of anyone who doesn't know much about how UK ISPs work:
The incumbent telco, British Telecom, set up their own broadband network and also sold their DSL product at a wholesale rate to ISPs. There was quite a lot of fuss from ISPs about this, as the incumbent effectively had an advantage over them - the incumbent owned the infrastructure so could do what they liked with it, up to and including unceremoniously yanking customers broadband.
The upshot is that British Telecom was split into two companies: Wholesale (BT Openreach) and retail (the company you buy your telephone line and broadband from). Openreach own and run the infrastructure, retail effectively just packages and resells it. You or I cannot approach BT Openreach under any circumstances. They won't investigate issues, they won't talk about new or existing lines, they won't do anything unless you're a company that has a contract with them. They will politely point you in the direction of a retailer.
Anyone can set up an ISP and contract BT Openreach. Optionally, they can put their own equipment in the telephone exchanges though this is generally limited to the larger of the (still pretty small) alternative ISPs. But even if they put their own equipment in the telephone exchange, actually running the copper between telephone exchange and customer is contracted out to BT Openreach.
The telephone line rental is totally separate from the broadband, and many of the smaller ISPs won't contract Openreach for the line rental itself or any telephone calls that run over it - they'll only deal with the broadband. Which means it's quite possible to be in a position that your ISP is blaming your telephone provider for your broadband being down; your telephone provider is blaming your ISP. Lots of people I know won't even consider buying broadband unless they can get the phone line from the same company for exactly this reason.
Re: (Score:2)
Optionally, they can put their own equipment in the telephone exchanges though this is generally limited to the larger of the (still pretty small) alternative ISPs
This is only true on exchanges with local loop unbundling. I'm not sure what percentage of exchanges now support LLU, but it's based on consumer demand (which is silly, because consumers don't demand it) and my mother's exchange only got it very recently.
The telephone line rental is totally separate from the broadband
And, worse, BT does not offer naked DSL, so unless you are on an LLU exchange and using an LLU supplier then you get to pay BT £14.60/month for a phone line that you might not use. If you don't use the landline then it's almost impossible for ADSL I
Trade-off (Score:4, Interesting)
There is always this trade-off: do we want more privacy, accepting increased risks of criminal/terrorist acticity, or are we willing to trade off some privacy to get more security. This choice is political and should be democratically decided. Whether this applies to the internet or in other contexts actually makes little difference, so the trade-off isn't new either. The difference is that just in the present more dangerous climate, more voters are willing to accept some loss of privacy.
Re: (Score:3, Informative)
do we want more privacy, accepting increased risks of criminal/terrorist acticity, or are we willing to trade off some privacy to get more security.
The first one. Whatever the ignorant masses think, the latter two will just make it easier for an oppressive government to abuse its citizens.
Re:Trade-off (Score:4, Interesting)
Take a look at history and human nature. There have been many corrupt governments. Do you think the UK's is somehow immune? Do you think that a government is made up of perfect individuals who could do no wrong (individually or as a group)? Few people plan for their government to abuse them, my friend. It's a slow process, but it's what happens when you let the government slowly take away the rights of the people.
Humans need as much privacy as possible. It's also very useful to keep the government at bay. You seem to think we should take everyone's privacy away because some people are criminals.
Re: (Score:2)
Re:Trade-off (Score:5, Insightful)
do we want more privacy, accepting increased risks of criminal/terrorist acticity, or are we willing to trade off some privacy to get more security. This choice is political and should be democratically decided. Whether this applies to the internet or in other contexts actually
The problem is, we've not seen any real evidence that sacrificing privacy actually does result in increased security. Terrorists can easily use off-the-shelf tools like anonymous remailers, Tor and encryption and so the intelligence services don't get any information about who they're talking to or what they're saying even if they record and analyse 100% of UK Internet traffic. If a terrorist makes an encrypted SMTPS connection to a server in, say, China, that mail server makes (after a random delay) another encrypted connection to a mail server in, for example, Brazil, and then another terrorist collects the mail from the server in Brazil via IMAPS, then what can you learn? Very little unless you can monitor the entire Internet, and the Chinese probably don't want you to monitor their part any more than you want them to monitor yours.
Most counterterrorism operations get their intelligence from far more traditional sources.
Re: (Score:3)
Re: (Score:3)
Re:Trade-off (Score:4, Interesting)
Privacy and security are almost never a zero sum game. In this case, reducing privacy isn't going to help find more 'criminal/terrorist activity'; It will just cause them to use Freenet, TOR, steganography, for comunication etc. instead and result in making it even harder to track real criminal activity.
Secondly, common people are really really bad at making these risk-reward trade-offs (for instance, many people have a fear of flying, but a more rational reaction would be to have a fear of travelling to get a flight as you're more likely to get killed in a car/bus on the way to your flight, than actually flying; you may tell your children to 'never talk to strangers', but in fact that would put them in a far worse position if they ever got lost -- the huge majority of people are not evil! etc.) - we'd be better off delegating to a panel of economists and statisticians to determine the outcome.
Re: (Score:2)
Privacy and security are almost never a zero sum game. In this case, reducing privacy isn't going to help find more 'criminal/terrorist activity'; It will just cause them to use Freenet, TOR, steganography, for comunication etc. instead and result in making it even harder to track real criminal activity.
The trouble with this argument -- and I write this as someone who is a strong believer in privacy -- is that it assumes all bad guys are smart. Many bad guys don't come from the genius pool, as we can tell from the ways they eventually get caught and the number of times someone has slipped through all this security theatre but then failed to cause any real damage anyway. If anything, the fact that so many bad guys don't seem to be that smart has been doing more to protect us than anything else lately.
I don'
Terrorists don't win (Score:2, Insightful)
Terrorists don't win you know, and despite occasionally killing some people they don't pose a long term threat to any free society. Al Qaeda didn't take over Egypt, the Egyptian military did.
On the other hand military and security forces take over their own countries all the time. Right now South Ossetia had an election, it voted for a candidate, the interim government struck down the elections, barred the winner from standing, and now they voted 54% for the Russian backed former KGB chief, the other oppon
Re:Trade-off (Score:4, Insightful)
You do not know what you are talking about. Privacy ___IS___ security. Privacy breaches are security breaches. Giving away your privacy does not make you more secure, and giving away the privacy of others doesn't either. As
Terrorism is not about blowing things up, it's about scaring people.
"Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety."
If Benjamin Franklin got this in 1775 - why don't people today?
Re: (Score:3)
If Benjamin Franklin got this in 1775 - why don't people today?
Because most people in the West remember 9/11 and similar events in other countries close to home, but don't remember McCarthyism and the Holocaust.
Because we prefer to dwell on the successes of the Arab Spring and the liberation of Libya where our armed forces helped, rather than considering the brutal suppression of popular opposition to the state in places like Iran and Syria.
It's a case of "It would never happen to me!" when it comes to privacy, but "Fear the bogeyman!" when it comes to security. Unfort
Re: (Score:2)
"Any society that would give up a little liberty to gain a little security will deserve neither and lose both." - Benjamin Franklin
Equivalent in History? (Score:3)
Can anyone think of anything equivalent to this in history? Where people were under extensive surveillance? What happened?
There has to be a crunching point for things like this, society is meant to limp forward gradually. Hopefully it will get better after it gets worse...
Re: (Score:1)
Can anyone think of anything equivalent to this in history? Where people were under extensive surveillance? What happened?
There has to be a crunching point for things like this, society is meant to limp forward gradually. Hopefully it will get better after it gets worse...
East Germany's GRU comes to mind. The dossiers on every private citizen made this intolerable and invasive tyranny rather resilient to civil protest.
Re:Missing the point (Score:5, Insightful)
The government seeing the data should not be that big a deal unless you have something to hide
Why not allow the government to install cameras in every room of your house? What are you hiding? You could be committing crimes in your house, after all.
Re: (Score:1)
AC probably lives in North Korea. He finds this privacy thing a little odd.
Re: (Score:2)
It needs not to be someting criminal
Yet. Until the government makes it criminal.
Leakage = Traffic (Score:4, Interesting)
It's not whether the government will protect the data from 'leakage' as you put it, letting the government have it IS THE LEAKAGE. And yes I have something to hide: my opposition to the security forces intrusive snooping for one thing.
I'm also critical of the security forces ignoring Rendition and Torture laws, and suspicious of the recent MET inquiry into same. See the Parliament begins an inquiry into what is a criminal act, illegal complicity in torture and rendition. Then the MET police unit starts a criminal inquiry, thus shutting down the parliamentary one. As long as the MET says its inquiry is open then the parliamentary one cannot proceed, and can be blocked for years.
Now when you realize that the MET was given the anti-terror powers and forms the police branch of the security forces, you realize how bogus that inquiry really is. The police arm of the spooks will inquire into whether the spooks broke the law. Whitewash anyone?
I am writing from a country, I won't name it, but it has a military/civil government, and the civil elected government fears the military and won't bring them to account for past deeds. And I am so afraid of said military that I won't even name the country.
UK is not that far from the same, you'd have to be complacent not to see how powerful the police and security forces have become vs the civilian elected government.
Re: (Score:1)
Re:Missing the point (Score:5, Interesting)
"The government seeing the data should not be that big a deal unless you have something to hide"
How about 'it's none of your fscking business, nor anyone else's, who I talk to' ?
How about that?
Government should exist as a way for society to collectively enforce a code of law, and to provide common services we all need. As far as I'm concerned this is way, way, way beyond its remit.
Re: (Score:2)
technical impractical, implausible in a democracy (Score:4, Insightful)
1. if the UK government legislates the cost will be immense to develop the systems to scrape and deep packet inspect thousands upon thousands of protocols, and web2.0 websites.
2. much of the data is already end to end securely encrypted and can not be decrypted. it will be quite obscured who is talking to who with web2.0 applications just based on the IP address of people using eg slashdot via https.
3. there are lots of p2p protocols that are end to end securely encrypted. For example skype calls commonly go through multiple relays. seeing the IP address and an encrypted skype channel between your computer and a high bandwidth relay wont tell you who is talking to who.
4. there exist many VPN services connecting to many jurisdictions which trivially bypass the proposed intrusions.
5. its following Chinas example, which is a bad precedent, already we see Iran, Syria, pre-revolution Egypt defending their intrusion and interference with the internet drawing parallels with initiatives such as this. US, UK et al had fine words to say against such abuses in undemocratic countries and dictatorships, and yet here we have the UK proposing to do similar things to their own citizens.
6. most web mail and web 2.0 sites and applications and protocols are developed and hosted outside the UK, so the UK lacks the technical authority to capture the traffic - users who care will just VPN or use end to end encryption to freer countries. This legislation if passed will likely see less development and hosting done in the UK harming the UK economic competitiveness in the information economy.
7. what is the end game? If one credibly wants to actual capture data one has to follow China, Iran et al and outlaw encryption, outlaw VPNs, outlaw development of software without government backdoors, license software development, restrict access to compilers without a government license, impose a draconian country level firewall. This is all highly implausible and incompatible with a democracy.
8. I think government has not thought this through at all. Probably they are thinking that they can just record IPs like you can record phone numbers on a voice call. The internet is not like that. It is an open, global platform for applications. The communications traffic is hopelessly co-mingled with data in many applications.
9. Unfortunately the government has limited technical expertise and has blinkered and fooled by the "if we could just save one..." argument.
10. There is no cost benefit analysis. You are more likely to die by crashing your car than due to violent extremists actions. More likely to die by random lightening strike. There is a limit to the costs, erosion of freedom a democracy should be willing to inflict on itself in the name defense. If we take it too far the extremists have won.
11. We would be better off spending the money on human intelligence. One of the defense conclusions was a western intelligence failure in the middle east area
12. there appears to be no planned judicial or credible independent oversight. That is inappropriate in a democracy. In what way would it harm defense to require a court order from a judge to interfere with and deep packet inspect the internet traffic of a target of investigation.
Re: (Score:1)
What the "Coalition" promised before elections... (Score:5, Informative)
Re: (Score:2)
Rule number One:
Never believe anything a politician/political party says when they are trying to get elected.
Re: (Score:2)
Yet, pilot schemes running in Nottingham schools (primary and secondary) mandate the fingerprinting of children as young as 5 not only for access to class but to eat lunch! No parental permission required... hell, you don't get to find out unless your kids tell you, because the LEA isn't volunteering the information. This is all being done under the radar.
As for a Bill of Rights, we already have one of those. It was signed by William of Orange in 1688 and passed into Law in 1689. Too bad it's ignored by tho
Sign it (Score:1)
There's an e-petition in opposition here: http://epetitions.direct.gov.uk/petitions/32400
Protest the bill like they did in Canada (Score:2)
You don't say... (Score:1)
Not too late to sign... (Score:2)