Tech Firms Seek To Frustrate Internet History Log Law

Plans to keep a record of UK citizens' online activities face a challenge from tech firms seeking to offer ways to hide people's browser histories. Internet providers will soon be required to record which services their customers' devices connect to -- including websites and messaging apps. From a report on BBC: The Home Office says it will help combat terrorism, but critics have described it as a "snoopers' charter". Critics of the law have said hackers could get access to the records. "It only takes one bad actor to go in there and get the entire database," said James Blessing, chairman of the Internet Service Providers' Association (Ispa), which represents BT, Sky, Virgin Media, TalkTalk and others. "You can try every conceivable thing in the entire world to [protect it] but somebody will still outsmart you. "Mistakes will happen. It's a question of when. Hopefully it's in tens or maybe a hundred years. But it might be next week."

this is a uk goverment plan

[Anonymous Coward]

...........to increase the general use of VPN's

Re:this is a uk goverment plan

[Joce640k]

"The Home Office says it will help combat terrorism"

So would a video camera in every room of every house, but there's a reason we don't do that.

Re:

[Pig Hogger]

So would a video camera in every room of every house, but there's a reason we don't do that.

That would be double plus good!

Go ahead

[Anonymous Coward]

Anybody with half a brain is using VPNs anyway. Go right ahead and inspect all my activity, you will only see me connecting to random servers all around the world exchanging what seems to be random noise. The only people who will be hit negatively by this are facebook-using idiots and other related scum, we've never needed them on our internet anyway. Let them suffer, they don't know how to use it anyway.

Re:Go ahead

[Anonymous Coward]

What will happen is eventually, the UK will do two things:

1: Do like Pakistan and make VPNs illegal, with a long sentence for using one. This is already in place. A judge can ask someone repeatedly for a password, even an ephremeral SSL session key, and for every "no" answer, the defendant gets 4 years.

2: Do like China and block/interfere with VPN traffic. This is more subtle and easily done, with the blame lying with ISPs.

Re:Go ahead

[NotAPK]

And if any of these become legislation in the UK then good luck being competitive economically with the rest of the world. If the UK does follow through on Brexit, and pushes ahead with these ridiculous anti-privacy laws, then the economy will definitely suffer for it in the longer term.

How do these snooping policies apply to businesses?

If they make no distinction, then businesses will not tolerate it. Those that can will relocate. Those that can't will suffer for it.

If they do not apply to businesses, then the workaround is for private individuals to route all their traffic through the workplace, if they have access, or VPS's commissioned as "business grade" services.

I live in the UK and think this all sucks pretty bad. Time to leave.

Re:

[AmiMoJo]

The worry is that some post-truth arsehole will come along and convince people that they want to act against their own best interests, like Brexit. They will campaign on the grounds of safety, catching terrorists and paedophiles, and after all if you have nothing to hide you have nothing to worry about.

I'm more convinced than ever that we need to use technology to build secure systems, because we can't rely on democracy to protect us from abuse.

You are right, it's time to leave.

Re:Go ahead

[AmiMoJo]

I expect they will try the rubber hose method first. Not literally of course, they will pick someone who uses a VPN, take their equipment away for forensic investigation and maybe throw in some child porn charges for good measure. Make their lives a misery for a few years, then eventually return their equipment wiped and broken.

It will have to be someone who is innocent, so that people get the message that innocence is no defence if you use a VPN. You will be investigated and your life wrecked, name and face in the newspapers, unemployable and unable to afford legal council.

Re:Go ahead

[Jahta]

I expect they will try the rubber hose method first. Not literally of course, they will pick someone who uses a VPN, take their equipment away for forensic investigation and maybe throw in some child porn charges for good measure. Make their lives a misery for a few years, then eventually return their equipment wiped and broken.

It will have to be someone who is innocent, so that people get the message that innocence is no defence if you use a VPN. You will be investigated and your life wrecked, name and face in the newspapers, unemployable and unable to afford legal council.

Unlike many other countries, the UK has no written constitution (despite periodic hand-waving about "Magna Carta"). The UK parliament can basically enact any laws they want. In the past, UK citizens could take a case to the European Court on the basis that a particular law contravened the European Convention on Human Rights [wikipedia.org]. However leading Brexiteers, and even the current Prime Minister Theresa May (a notional Remainer), have made it clear that they want to plug that "loophole" [theguardian.com].

Makes you proud.

Re:

[gweihir]

Well, establishing full-blown fascism in the west is not easy today. What they have done with the snooper's carter is an important step on that way. So kudos for effort. Of course, I hoper these evil fuckers get reincarnated as cockroaches for the next hundred million times or so.

Re:

[AHuxley]

The UK could later go after any UK bank with a CC linked to any VPN as allowing circumvention of ISP policy.
Any VPN in the EU, NATO member might have to help thanks to national treaty obligations (UK in the EU or not). National telco laws are often secret and have to be followed without much public comment.
The US, Canada, NZ, Australia would help by default or have laws that make network retention equal to that of the UK.
A method would be to cut off VPN's from UK banks and then hint that banks that want

Re:Go ahead

[fuzzywig]

The government could try banning VPNs, and it would work for about five minutes before practically every company in the UK calls up their MP to point out that VPNs are an essential part of their business. Closely followed by the civil service, the military and the NHS.

Re:Go ahead

[JustAnotherOldGuy]

. . . you will only see me connecting to random servers all around the world exchanging what seems to be random noise.

Oh yeah, that's not suspicious at all. No sireee, not one bit.

"Sir, he's connecting to random servers all around the world exchanging what seems to be random noise."

"Well that seems totally innocent to me. Everyone connects to random servers all around the world and exchanges random noise."

Re:

[JustAnotherOldGuy]

Being "suspicious" in somebody's eyes is not a crime, it's not even a misdemeanor.

It may not be a crime, but it's often treated like it's a crime.

Go look at some of the First Amendment audits* on Youtube and let me know if being "suspicious" is treated like it's a crime or not. (SPOILER: It often is.)

* Some channels to try: "News Now Houston", PINAC, "The Battousai", or HONORYOUROATH

Hackers

[Anonymous Coward]

> Critics of the law have said hackers could get access to the records.

While well-intentioned, this is the totally wrong way to go about it. It's a technical argument to a problem which is political.

The point is, that in a modern state of Law, law enforcement has *no fucking business* in mass-surveilling people without a probable cause. And just because technology makes that possible these days, still: *no fucking business*

(And if you are really to discuss technical dangers, the real elephant in the room

Re:

[Anonymous Coward]

The hacker scenario doesn't need to be invoked, because this kind of mass scale invasion of privacy should be unacceptable in the first place. If you don't collect huge amounts of digital records for God only knows what reason, you don't have to worry about hackers getting their hands on them. We don't need arguments about how this can and will be misused though, because it is fundamentally unacceptable, on a principle.

It's like trying to argue that ethnic cleansings should not happen because they lead to a

Re:

[AmiMoJo]

It's not just law enforcement that will have access to this data. Trading Standards and various other organizations will too. Snooping through someone's emails is a great way to see if they were selling dodgy microwave ovens, much easier than having to actually physically examine one.

Re:

[pakar]

Having someone following you around, doing recording with you as the main subject, can be classified as harassment.

What i would expect is some type of privacy if being on public land out in the middle of nowhere, but expecting privacy when on a public street in the center of a city is quite absurd..

Ie, if i see other people around me i do not expect privacy.. If i don't see any people or cameras (or signs about cameras) around me i do expect some type of privacy.

Re:

[Anonymous Coward]

The European Parliament is the only government-like structure in the world that actively and consistently stays on the side of consumers in all its proceedings. This is why UK wanted out of EU, they weren't progressing towards nightmarish totalitarian dystopia nearly fast enough for their liking.

Re:

[cshark]

Yeah, right.

If Sweden were a US state, it'd be like the 35th wealthiest by purchasing power.

But you go ahead, keep telling yourself European-style socialism is wonderful.

It's interesting you mention that. We don't really think of Sweden the way we think about Kansas and Nebraska. Maybe we should. Puts the whole thing in perspective.

Think about the children

[LordWabbit2]

Think about the children seems to be getting swapped for "Think about the terrorists!"
This is such a bad idea, but hey, when it's up and running I wouldn't mind a look in that database, I'm sure just 30 minutes with it and I would have enough blackmail material to retire.

Re:

[K. S. Kyosuke]

Why not both? [conservativepapers.com]

Re:

[Anonymous Coward]

UK user here.

I've been doing this for months. Nearly 400,000 visits logged. Hoping to hit 500,000 by new year.

That aside, I'm interested in the UKs new insane plan to have the BBFC rating websites and blocking those which fail. (And yes, they do plan to go through with this...)

They're also going to be blocking non-conventional porn sites too. (E.g. spanking, female ejaculation, etc.)

A better way to tackle terrorism

[DrXym]

Hack the sites these jihadi fuckwits gather on or set up lots of honeypot sites for that purpose. Stir liberally with agent provocateurs. Then use the ip addresses, user ids and text gathered to profile what hours they're active, who they interact with, what they're up to, what their interests are, where they most likely live and ultimately who they are. Then serve the ISP with a court order and conduct more conventional surveillance.

Or gather all the ip interactions for the 99.99999% of non terrorist related activity and get swamped with noise.

Re:

[jimbolauski]

Your pretty optimistic if you think any of the data is going to be analyzed in real time. The data will be manually scanned after an attack to try to find accomplices. The throughput and/or competency to be able to analyze that much data is not something I'd expect from bureaucracy laden entities. For example all retirement paperwork for the federal employees in the US is managed by 1000's of people in a giant cave where the data is stored in filing cabinets. 3 or four attempts to digitize records and autom

Re:

[AHuxley]

The profit is in all the help needed with the "related activity and ... noise.". Any gov has a few mil teams that can track the interesting people.
Why have a few elite gov staff get overtime tracking sites, languages and nations?
That secret gov funding is closed, secret and locked up for generations.
Think of the domestic overtime, funding, legal teams and contractors needed to watch an entire nation every year, 24/7.
The new optical taps, the hardware, software, logs, 24/7 on call, support, keyword s

Re:

[strikethree]

Or gather all the ip interactions for the 99.99999% of non terrorist related activity and get swamped with noise.

I get your point; however, this is not about finding terrorists. It is about being able to know about YOU as much as possible when, not if, you end up on THEIR radar. I suppose it is possible that the politicians were sold this package in the way you describe, but is is clear that whomever designed this legislation did not do it for catching terrorists. It would be like shooting at a fly with a shotgun. It could work, but really, there are much more effective ways of killing flies.

Yup because nobody every figured out this problem

[silas_moeckel]

Ya know back in the 80's one way fiber a static mac and arp entry with UDP. That is about as one way as things get. Not impossible to hark just rather hard. It works great for syslog actualy.

No it does not insure that the data is received or that it was not tampered with, but the treasure trove is the long term storage not what people are doing right then.

Mind you the whole things is a bit moot less and less traffic is not encrypted.

Re:

[gweihir]

Slight other problem: You cannot request specific data, i.e. no web, email or really anything else. Are you drunk?

Re:

[silas_moeckel]

No you walk into the room with the data and query it. Not sure on the UK but in the US you get to charge outrageous prices to handle subpoena's so not like the manpower is an issue. Is it realy that hard to go access a locked room?

Re:

[AHuxley]

Re 'Who wants to visit a country where ... you get monitored 24/7"
Select a VPN and hope the GCHQ does not find you interesting....
Any consumer VPN will not hold up to the CGQH.
Hope the UK gov does not do a secret deal with the very distant and safe VPN that had the best reviews for use in the UK.
Do not enter or exit the UK with any computer like device due to the risk of a "random" inspection and gov OS upgrades during a search.
Buy local hardware after arrival, get your own networking, install a new OS

commentsubject

[Falos]

>The Home Office says Because Terrorism
Stopped reading there. Partly because my bullshit meter overflowed and needs to reboot.

Okay it's online again. It should be fine until someone pretends the golden DB will be safe from hackers. The previous exposure should insulate it when the next member of the Ministry of Truth says Because Thinkofthechildren or Because Illegaldrugs.

Overload it.

[Pig Hogger]

Let’s just overload the system. Let’s have an application that requests 10 random websites every minute (but cut the connection as soon as 10 bytes come in, so to save bandwidth), 24/7. With 14,400 websites per day per user, the logs will quickly overflow, and it will become more arduous to snoop on people. Better yet, le 10% of those websites be questionable websites; when everyone is guilty of browsing questionable websites, no one is guilty of it.

Re:

[Agripa]

Leave a web crawler running.

A petition to oppose, educate and inform

[flashquartermaster]

I believe we need to disseminate the information necessary to make this unworkable https://www.change.org/p/reque... [change.org]

Official Parliamentary Petition

[flashquartermaster]

This petition is currently getting a signature a second by my reckoning. https://petition.parliament.uk... [parliament.uk]