Tuesday, 23 April 2013

Snooper's Charter

Horrid title, but what we are talking about is the latest in a long line of attempts by the Home Office to have a means to track what people do and where in terms of communications. The Communications Data Bill.

Open Rights Group have more on this.

You can see why they would want it, and the usual example is, of course, a terrorist incident. It would allow them to track who was talking to who, and where they were. Not quite as far as "what they were saying", but quick and easy means to search lots of operators for calls, emails, chats, tweets, and so on.

Of course, fewer people are killed by terrorists than speeding police cars (made up statistic, but I bet it is true, can anyone find stats on this for UK?). It is a scare tactic if anyone talks about terrorist - the clue is in the word (terror). The fact is that terrorists are just like any other criminals, only they are less of a threat that car drivers by several orders of magnitude.

Putting that to one side - what is bad about the Bill itself. It is the latest in a long series of attempts to get this stuff in place. Essentially they used to be able to get phone records, which was fine when all calls went via BT and phone calls were the only real way to communicate in real time at a distance.

The environment has changed - phone calls are on the demise, and handled by many operators and use lots of protocols and equipment. I make phone calls rarely myself, and when I do it is rare for the call to leave a network I or the recipient control, so no logs, even with this new Bill. But I have conversations with friends that involve, in the same conversation, a mix of in-game (WoW) chat where one is playing and one is using iPhone chat app, iMessage, irc, Facebook, phone call, and face to face.

So the idea, from a technical view point, of tracking what people are doing is a nightmare. This is made even more complex with overseas providers like twitter and Facebook.

Of course, collecting data can create a web of connections between people - apparently the president of Nigeria and I are frequently communicating, so that makes perfect sense! Yes, junk mail, will be in their data. Of course it won't (can't) be illegal to deliberately poison their data by creating emails between people, and the Bill is so controversial this could happen using a deliberate virus. Not seeing the content of emails, only the "Communications Data" makes it impossible to tell fake from real communications.

They have suggested that ISPs can intercept the communications to record some of the data. This is not easy, and goes against some basic principles of mere conduit. It is also impossible when there is encryption, which, since this whole idea kicked off has moved from rare to standard to mandatory for many applications and web sites.

This will be the first time the government is forcing private companies to snoop on citizens who are not even suspected of a crime, store that data, and allow the government to search it at will. It is a proper "police state". I was never too hot on history at school, but even I know where this ends up.

Lets not forget that all this snooping invades privacy of innocent people whilst doing nothing to catch "bad guys" who have the slightest clue. My understanding of things around 11/9 are that terrorists knew tricks then, like making draft emails and not sending them but logging in to read the draft and deleting it. I am sure that these days they will easily be able to use a range of encrypted communications means that will be off the radar. It is so much easier now.

They need to understand that they have lots to technology - Yes, they want to be able to snoop, but they can't. It won't work. This is not just something like the German's using Enigma in the war - the basic technology for powerful encryption is in every phone in everyone's hand right now. Make the citizens the enemy here and they have the means to fight back. Make something illegal and it goes underground (the US learned that with prohibition). They have to accept that people can, and will, communicate.

What is slightly ironic is that people also state so much publicly these days that the stupid criminals (the only ones they have a hope of catching with this Bill) will probably boast of their crime on twitter of Facebook for all to see.

  • This Bill is pointless as it cannot actually stop people avoiding it if they want
  • This Bill is costly for the tax payer and the estimates seem way off already
  • This Bill is morally wrong as it is routinely snooping on non criminals
  • This Bill is a huge invasion of privacy that will be misused in the future
We need to make the politicians realise they are wrong. They work for us, not against us. We are not criminals or suspects and have a right to privacy.

If this goes ahead we'll have to get a lawyer on staff to help us structure new services that bypass these new laws. We are putting encryption in our FireBricks. We can set up off shore Internet access endpoints via arms length companies. It can be done. We can make a way to provide proper Internet access that is snooper free. Commercially we should welcome this Bill as it allows us to sell such services, but we would rather not have to.

5 comments:

  1. It's interesting to note that the argument "it's all fine because the data will not be stored by the government" is the same one that drug dealers use. A drug dealer, wishing to avoid the liability of possessing an illegal substance, coerces some hapless addict to hold it instead. The courts see right through this; their term for it is "constructive possession". I'm sure the home office is familiar with the concept.

    ReplyDelete
  2. Can't find any national statistics but the Met have had quite a few fatalities. See http://road.cc/content/news/28837-number-accidents-met-police-vehicles-involved-declines-fatalaties-are

    ReplyDelete
  3. As you say the proposed law WILL be abused; just look at how the RIPA law is abused daily. In what society do we need to track the communications and movements of all our citizens in a regular non-judicial way! Just what society are we building? Are we ALL really terrified that our society will further crumble just because some sh*thead terrorist blows up something. I'm not, and no-one I know is cowering in their cellar.

    I hope that A&A use their considerable technical prowess to bypass The Communications Data Bill so that I can provide my customers with snoop free internet connections.

    ReplyDelete
  4. The obvious thing they forget is the existence of commercial VPN services; originally founded to permit copyright infringers to hide their identity from the companies whose rights they are infringing, they would also work to set things up so that all you can record is that they're communicating with the VPN provider.

    A quick Google suggests that a crook would need to spend around £5/month to get a VPN good enough for most purposes, and would be connecting to a VPN provider outside the UK. The charter would thus not apply to the provider (as they're foreign), and non-UK websites would see a non-UK visitor, and therefore wouldn't apply their "special data collection for the UK only" rules.

    So, the only people who'd get caught up in this are the few crooks who are stupid enough to not spend the money to avoid it (and who are probably making a whole load of other stupid mistakes, so this won't help catch them), and law abiding citizens. Crooks with a modicum of intelligence (enough to remember to put the balaclava on *before* robbing the bank) are likely to use a VPN service instead and avoid the data collection entirely.

    ReplyDelete
  5. This might cheer you up:
    http://www.bloomberg.com/news/2013-04-25/clegg-kills-u-k-data-monitoring-bill-on-liberty-concerns.html

    ReplyDelete