Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
The Internet Privacy IT Technology

Tech Firms Seek To Frustrate Internet History Log Law (bbc.com) 85

Plans to keep a record of UK citizens' online activities face a challenge from tech firms seeking to offer ways to hide people's browser histories. Internet providers will soon be required to record which services their customers' devices connect to -- including websites and messaging apps. From a report on BBC: The Home Office says it will help combat terrorism, but critics have described it as a "snoopers' charter". Critics of the law have said hackers could get access to the records. "It only takes one bad actor to go in there and get the entire database," said James Blessing, chairman of the Internet Service Providers' Association (Ispa), which represents BT, Sky, Virgin Media, TalkTalk and others. "You can try every conceivable thing in the entire world to [protect it] but somebody will still outsmart you. "Mistakes will happen. It's a question of when. Hopefully it's in tens or maybe a hundred years. But it might be next week."
This discussion has been archived. No new comments can be posted.

Tech Firms Seek To Frustrate Internet History Log Law

Comments Filter:
  • by Anonymous Coward

    ...........to increase the general use of VPN's

  • Go ahead (Score:2, Insightful)

    by Anonymous Coward

    Anybody with half a brain is using VPNs anyway. Go right ahead and inspect all my activity, you will only see me connecting to random servers all around the world exchanging what seems to be random noise. The only people who will be hit negatively by this are facebook-using idiots and other related scum, we've never needed them on our internet anyway. Let them suffer, they don't know how to use it anyway.

    • Re:Go ahead (Score:4, Interesting)

      by Anonymous Coward on Wednesday November 23, 2016 @09:26AM (#53345861)

      What will happen is eventually, the UK will do two things:

      1: Do like Pakistan and make VPNs illegal, with a long sentence for using one. This is already in place. A judge can ask someone repeatedly for a password, even an ephremeral SSL session key, and for every "no" answer, the defendant gets 4 years.

      2: Do like China and block/interfere with VPN traffic. This is more subtle and easily done, with the blame lying with ISPs.

      • Re:Go ahead (Score:5, Insightful)

        by AmiMoJo ( 196126 ) on Wednesday November 23, 2016 @09:42AM (#53345991) Homepage Journal

        I expect they will try the rubber hose method first. Not literally of course, they will pick someone who uses a VPN, take their equipment away for forensic investigation and maybe throw in some child porn charges for good measure. Make their lives a misery for a few years, then eventually return their equipment wiped and broken.

        It will have to be someone who is innocent, so that people get the message that innocence is no defence if you use a VPN. You will be investigated and your life wrecked, name and face in the newspapers, unemployable and unable to afford legal council.

        • Re:Go ahead (Score:5, Informative)

          by Jahta ( 1141213 ) on Wednesday November 23, 2016 @11:36AM (#53347167)

          I expect they will try the rubber hose method first. Not literally of course, they will pick someone who uses a VPN, take their equipment away for forensic investigation and maybe throw in some child porn charges for good measure. Make their lives a misery for a few years, then eventually return their equipment wiped and broken.

          It will have to be someone who is innocent, so that people get the message that innocence is no defence if you use a VPN. You will be investigated and your life wrecked, name and face in the newspapers, unemployable and unable to afford legal council.

          Unlike many other countries, the UK has no written constitution (despite periodic hand-waving about "Magna Carta"). The UK parliament can basically enact any laws they want. In the past, UK citizens could take a case to the European Court on the basis that a particular law contravened the European Convention on Human Rights [wikipedia.org]. However leading Brexiteers, and even the current Prime Minister Theresa May (a notional Remainer), have made it clear that they want to plug that "loophole" [theguardian.com].

          Makes you proud.

          • by gweihir ( 88907 )

            Well, establishing full-blown fascism in the west is not easy today. What they have done with the snooper's carter is an important step on that way. So kudos for effort. Of course, I hoper these evil fuckers get reincarnated as cockroaches for the next hundred million times or so.

        • by AHuxley ( 892839 )
          The UK could later go after any UK bank with a CC linked to any VPN as allowing circumvention of ISP policy.
          Any VPN in the EU, NATO member might have to help thanks to national treaty obligations (UK in the EU or not). National telco laws are often secret and have to be followed without much public comment.
          The US, Canada, NZ, Australia would help by default or have laws that make network retention equal to that of the UK.
          A method would be to cut off VPN's from UK banks and then hint that banks that want
      • Re:Go ahead (Score:4, Interesting)

        by fuzzywig ( 208937 ) <default.fuzzNO@SPAMgmail.com> on Wednesday November 23, 2016 @11:18AM (#53346987)
        The government could try banning VPNs, and it would work for about five minutes before practically every company in the UK calls up their MP to point out that VPNs are an essential part of their business. Closely followed by the civil service, the military and the NHS.
    • Re:Go ahead (Score:5, Funny)

      by JustAnotherOldGuy ( 4145623 ) on Wednesday November 23, 2016 @09:34AM (#53345919) Journal

      . . . you will only see me connecting to random servers all around the world exchanging what seems to be random noise.

      Oh yeah, that's not suspicious at all. No sireee, not one bit.

      "Sir, he's connecting to random servers all around the world exchanging what seems to be random noise."

      "Well that seems totally innocent to me. Everyone connects to random servers all around the world and exchanges random noise."

  • Hackers (Score:2, Insightful)

    by Anonymous Coward

    > Critics of the law have said hackers could get access to the records.

    While well-intentioned, this is the totally wrong way to go about it. It's a technical argument to a problem which is political.

    The point is, that in a modern state of Law, law enforcement has *no fucking business* in mass-surveilling people without a probable cause. And just because technology makes that possible these days, still: *no fucking business*

    (And if you are really to discuss technical dangers, the real elephant in the room

    • by Anonymous Coward

      The hacker scenario doesn't need to be invoked, because this kind of mass scale invasion of privacy should be unacceptable in the first place. If you don't collect huge amounts of digital records for God only knows what reason, you don't have to worry about hackers getting their hands on them. We don't need arguments about how this can and will be misused though, because it is fundamentally unacceptable, on a principle.

      It's like trying to argue that ethnic cleansings should not happen because they lead to a

    • by AmiMoJo ( 196126 )

      It's not just law enforcement that will have access to this data. Trading Standards and various other organizations will too. Snooping through someone's emails is a great way to see if they were selling dodgy microwave ovens, much easier than having to actually physically examine one.

  • Think about the children seems to be getting swapped for "Think about the terrorists!"
    This is such a bad idea, but hey, when it's up and running I wouldn't mind a look in that database, I'm sure just 30 minutes with it and I would have enough blackmail material to retire.
  • by DrXym ( 126579 ) on Wednesday November 23, 2016 @09:52AM (#53346051)
    Hack the sites these jihadi fuckwits gather on or set up lots of honeypot sites for that purpose. Stir liberally with agent provocateurs. Then use the ip addresses, user ids and text gathered to profile what hours they're active, who they interact with, what they're up to, what their interests are, where they most likely live and ultimately who they are. Then serve the ISP with a court order and conduct more conventional surveillance.

    Or gather all the ip interactions for the 99.99999% of non terrorist related activity and get swamped with noise.

    • Your pretty optimistic if you think any of the data is going to be analyzed in real time. The data will be manually scanned after an attack to try to find accomplices. The throughput and/or competency to be able to analyze that much data is not something I'd expect from bureaucracy laden entities. For example all retirement paperwork for the federal employees in the US is managed by 1000's of people in a giant cave where the data is stored in filing cabinets. 3 or four attempts to digitize records and autom
    • by AHuxley ( 892839 )
      The profit is in all the help needed with the "related activity and ... noise.". Any gov has a few mil teams that can track the interesting people.
      Why have a few elite gov staff get overtime tracking sites, languages and nations?
      That secret gov funding is closed, secret and locked up for generations.
      Think of the domestic overtime, funding, legal teams and contractors needed to watch an entire nation every year, 24/7.
      The new optical taps, the hardware, software, logs, 24/7 on call, support, keyword s
    • Or gather all the ip interactions for the 99.99999% of non terrorist related activity and get swamped with noise.

      I get your point; however, this is not about finding terrorists. It is about being able to know about YOU as much as possible when, not if, you end up on THEIR radar. I suppose it is possible that the politicians were sold this package in the way you describe, but is is clear that whomever designed this legislation did not do it for catching terrorists. It would be like shooting at a fly with a shotgun. It could work, but really, there are much more effective ways of killing flies.

  • Ya know back in the 80's one way fiber a static mac and arp entry with UDP. That is about as one way as things get. Not impossible to hark just rather hard. It works great for syslog actualy.

    No it does not insure that the data is received or that it was not tampered with, but the treasure trove is the long term storage not what people are doing right then.

    Mind you the whole things is a bit moot less and less traffic is not encrypted.

    • by gweihir ( 88907 )

      Slight other problem: You cannot request specific data, i.e. no web, email or really anything else. Are you drunk?

      • No you walk into the room with the data and query it. Not sure on the UK but in the US you get to charge outrageous prices to handle subpoena's so not like the manpower is an issue. Is it realy that hard to go access a locked room?

  • >The Home Office says Because Terrorism
    Stopped reading there. Partly because my bullshit meter overflowed and needs to reboot.

    Okay it's online again. It should be fine until someone pretends the golden DB will be safe from hackers. The previous exposure should insulate it when the next member of the Ministry of Truth says Because Thinkofthechildren or Because Illegaldrugs.
  • Let’s just overload the system. Let’s have an application that requests 10 random websites every minute (but cut the connection as soon as 10 bytes come in, so to save bandwidth), 24/7. With 14,400 websites per day per user, the logs will quickly overflow, and it will become more arduous to snoop on people. Better yet, le 10% of those websites be questionable websites; when everyone is guilty of browsing questionable websites, no one is guilty of it.
  • I believe we need to disseminate the information necessary to make this unworkable https://www.change.org/p/reque... [change.org]
  • This petition is currently getting a signature a second by my reckoning. https://petition.parliament.uk... [parliament.uk]

Life is a whim of several billion cells to be you for a while.

Working...