Sunday, 1 April 2012

April fool 1984?

A number of people thought that the BBC article Email and web use 'to be monitored' under new laws had to be an April fools joke.

After all, even the government are not crazy enough to think they can legitimately spy on everyone's email and text and tweet, speculatively...

But no. Apparently it is real. There was a talk on this at ORGCon2012 but few details had been released by the government of what they planned.

It is still not entirely clear and I am sure that there will be a lot more detail in time. Obviously civil liberties groups are up in arms over this, with good reason.

The main issue here is the issue of "communications data". For a long time the authorities have been able to get details of who called what numbers from telcos. The problem is that this is not so clear now. Are your facebook friends list just communications data? Where is the line drawn exactly.

This also goes way beyond what was done before - which was simply expecting the incumbent telco to search its logs which it had collected for billing purposes. Now we have a situation where there may be no logs (not under UK jurisdiction anyway). People use hotmail and gmail and so on - and not their ISPs mail servers, so there is no record of who emailed who for an ISP to search. Even where a telco is all UK based and their servers are used, they may not actually collect communications data. After all, if they have "unlimited" package they don't need to. Up until now there has been no requirement to collect extra data for law enforcement, and indeed, under Data Protection laws, there is reason not to collect any data you don't need. Collecting extra data, and, importantly, keeping that data safe and secure, is extra cost for ISPs and telcos.

The proposals seem to suggest that they want monitoring at the packet level to track who emails who even if using some gmail web page to do it, or messaging on facebook or twitter.

This is crazy, from a technical point of view. Anyone that has ever tried to screen scrape a popular web site will know it needs constant tweaking. You can't just put a black box in and expect it to work - it has to handle every new application that comes along that allows messaging and every change that is made by the web designers and application designers, none of which have to publish any spec or notify the UK authorities of changes. So to do this you need not only hugely powerful monitoring boxes, but boxes that allow remote administration and update - so could easily start monitoring lots of other "stuff" with no visibility of the ISP or their customers. Thin edge of the wedge?

Of course it is also totally impossible to win this - anyone that has any reason to hide their communications data can do so - it is very simple.

What makes things even worse is that it is not just the "bad people" that can easily hide their data - it is happening as a matter of course. Web mail applications are using https - encrypted from the users device to the server that may not be in the UK. The servers and user computers have more than enough computing power now so that strong encryption is the norm.

Of course, I was struck by how silly this is today when I downloaded wordfeud on my iPad because my son's girlfriend's parents play it (long story). Suddenly that is new communications data - it has in-game chat.

AAISP have no intention of installing any montioring equipment. Sadly, if the government have any sense, they won't expect us to - they will install it in large carriers or at the borders to the country - like China.

As an ISP, we already explain to customers about running your own mail server and using encrypted mail transport and end to end encrypted emails. I can see us explaining things like Tor in more detail soon as well. After all, if criminals can hide who they are communicating with, surely law abiding citizens should have the same right?

Anyway, there will be a lot more on this over the coming months I am sure. Lets hope that groups like ORG can fight this effectively.

P.S. Nice diagram, thanks to Alec from ORG:-

8 comments:

  1. One of the things I like about AAISP is the honest approach to logging and monitoring. If ISPs are forced to monitor communications, at least AAISP will tell me (and probably tell me how I can still protect my privacy), whereas I suspect that some others might prefer to keep quiet about it.

    This sounds like ID Cards all over again, and we all know what a success that turned out to be!

    ReplyDelete
  2. Well.. ID cards were at least technically feasable.

    This isn't, not even remotely. Unless they force RevK to MITM all our SSL sessions, and I wouldn't want to be the civil servant tasked with enforcing *that*.

    ReplyDelete
  3. The only thing we can really hope for is that they demand a copy of every single packet which is sent/received by every single UK ISP to also be sent to them in realtime - if GCHQ really wants to be DDoS'd, so be it.

    ReplyDelete
  4. So this is supposed to help protect us from terrorism, right? I'll take the risk, thanks. The day scores of people are being killed month after month due to terrorism, I might rethink, but for now I think I'll sleep at night without needing GCHQ to "watch my back" for me any more than they already do. I'll happily go on London transport knowing the risks.

    IMHO, this is entirely disproportionate. I appreciate that the police and the intelligence services work very hard to stay one step ahead of terrorism in this country. It's a thankless task, and I'm hugely grateful to them for the work they do, but the fact is there just isn't that much actual terrorism occurring. Until that changes, I'm happy for them to stick at it using the tools they already have.

    We all watched the news and saw 7/7. 50 odd people dead and hundreds injured. Yes, it was truly awful, but still people have more chance of winning the lottery than they do of dying in a terrorist attack. I'm so concerned that people will react far too emotively to the threat of terrorism and not see it in some sort of perspective. More people die every day of preventable disease than died in 7/7. I haven't done the numbers, but I bet there's a fair chance you're still more likely to die in a car crash than you are from a terrorist attack if you get on London transport. You could argue that it's not just a numbers game, but to me, however you slice it, it's hard to justify such extreme reactions to the threat of terrorism, such that it is.

    Afghanistan and Iraq - 9/11 happens and three thousand odd people die. What do we and the Americans do? Send many more thousands of citizens to their deaths fighting in those countries. Would we have lost more citizens than that in further terrorist attacks if those countries weren't invaded? Was the freedom of every citizen at threat as it was in WW1/WW2? I'm yet to be convinced. Just another example of a disproportionate reaction, in my opinion.

    ReplyDelete
  5. The point is to initially study who people are talking to, right? That can be used to determine (un)reasonable suspicion. Random thought:

    What if, say, hundreds of thousands of people were to sign up to a single service. Each day they posted their messages to that service, plus some garbage, to make a nice constant number of daily "posts". Each day everyone downloaded ALL messages posted to that service. The messages are, of course, each encrypted for the intended recipient, and people never download individual public keys - only everyone's or no-one's.

    When a computer has downloaded the message batch, it tries to decrypt all of them, but will only be successful with messages actually intended for the recipient.

    1) Is this already used?

    2) If not, is this technically feasible?

    3) I am assuming that a man in authority would be able to listen to all network communications or retrieve all server content and logs. Will it be possible for them to establish who was communicating to whom?

    I understand that there are other options which rely on obfuscating routing between particular destinations. This method relies on not having any routing at all - more like listening to a daily broadcast in the style of the old "numbers stations". Thoughts?

    ReplyDelete
    Replies
    1. Sounds like twitter to me :-)

      Delete
    2. Indeed, although strongly enforcing a service user's lack of choice on what to download and whether to upload (even if you just upload garbage). Anyone reading IPs in access logs will have a good idea who is receiving what - which I think is what this law is taking advantage of(*) - but what if the service's logs were open for all to see, law enforcement or otherwise, because the logs revealed nothing useful?

      The practical questions would be concerning whether the idea scales, i.e.

      1) how many messages can everyone download at regular intervals (multicast?) before there'd be a need to split the batches?

      2) is it feasible to attempt (part) decryption of all these messages to identify which are for you?

      (*) The proposed law isn't afaict demanding warrantless "wiretapping" (i.e. of content), but denying privacy of association. This seems to be the route the EU has tried to go down, and mirrors recent legislation in Canada.

      Delete
  6. Benjamin Franklin (1775)

    "Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety"

    Besides I think more people are likely to die of bee stings every year than actual terrorism! But I do not see the bee police anywhere!

    Wouldn't it be MORE logical to focus on what actually hurts the most people first and work from there? Hence clearly the real motives are more clandestine and apathetic to the general population!

    ReplyDelete