Friday, 18 November 2016

Snooper's Charter and A&A

First off - I appreciate that my blog is not an official statement for A&A, but I have linked the status page here to give you an idea of my thoughts on the matter and how that may play out for A&A in due course.

Summary: Watch this space - more to come over coming weeks.

I have commented many times on the Investigatory Powers Bill, and submitted written evidence to parliament as well as oral evidence to the committee. I have attended meetings with privacy groups and legislators. I have spent a lot of time on this. I have tried very hard to try and get some degree of sanity in to this legislation, and I am sorry to say that on the whole I have failed to make any real changes, sorry.

Once we see it, I am planning to go through the final wording of the Act, with a lawyer friend of mine, and we are going to try and make sure we understand the nuances that finally made it in to law. Once we have done that I do plan to write up something much more comprehensive.

But how does this impact A&A and the services offered.

As I say, this is not an official statement yet - we'll be posting more details of what we are doing and when as time goes on. At this stage there is nothing that needs doing urgently - it will take time for anything to happen in relation to the new Act and a lot of time (and money) for the monitoring and logging to get in to place.

It is also worth pointing out that I don't really have a real problem helping the police investigate crimes as long as there is a proper oversight and control.

In practice a lot of the Act relates to the intelligence agencies, and whilst there a lot of problems with this, it is unlikely we can do much now, or that we would be impacted by this aspect of the Act. However, some of the steps we can take for privacy thwart those parts of the Act too!

The real issue we see is the huge invasion of privacy in collecting and storing data on innocent people - and the bulk powers for "data retention" do just that. They are designed to allow lots of personal information to be gathered on everyone - so mostly people completely innocent and almost entirely people not even suspected of a crime in any way. This is compounded by systems to search through that data over many ISPs and provide it to a wide range of people including the police, without a warrant of any sort.

We expect that it is very unlikely A&A will be asked to do anything - this is because companies like BT and Talk Talk will be asked (ordered) to and that will allow deep packet inspection in the back-haul networks that are used by A&A (and most ISPs).

So what can we do about that?

One of the biggest things we can do is provide information and advice about exercising your basic human right to a private life. This will take some time to put together in detail once we fully understand the legislation. We will start a specific section of the wiki pages as well to cover ideas people have. We are interested in suggestions people have too.

There is also a good possibility that we can engineer some services that operate in a way that bypasses the logging. A simple example would be an outgoing email server that is esmtp only (encrypted) to a service that is outside the jurisdiction of the UK and new law. This would be servers outside the UK and also set up in a way that A&A, or any people in the UK, technically have no control of them. This means that nobody under UK law could be required to comply with an order to include logging on those servers. As an ISP we, or BT/TT, would only see encrypted esmtp traffic to that server and hardly any useful meta data on the emails and nothing on the addresses involved.

Of course, even something simple like this suffers the big problem that the person at the other end of such communications (e.g. emails) will not have the same degrees of security and hence allow logging of meta data at that end. This is always a problem with any communications.

There is also a lot of advice on the use of tools and apps that help - like signal and tor. Sadly even tor has limitations and performance issues.

One answer is VPN services with endpoints outside UK jurisdiction but still reasonable latency. This is hard to scale up - but we are already talking about this in the FireBrick dev team about this.

In the short term we are seriously considering a trip to Iceland to investigate data centres and transit there - perhaps installing some tin that can run VMs as needed - but we also have to investigate the exact way such servers can be outside our control and hence not subject to orders on us to add data retention or intercepts under UK law.

Irony?

It is, of course, right for everyone to expect to be able to exercise their human rights, including the right to privacy. There are a lot of people, in light of this incredibly intrusive new legislation, that wish to do so, and so there will therefore be a lot of companies working on ways to provide (sell) services to help people do that. These services will have to be designed to be outside UK law, obviously. But this means they are also outside the law where there is a specific suspect of a crime, and a more reasonable justification to provide intercept or collect data to help law enforcement (with suitable warrants). So by encouraging people to need privacy and encouraging companies to offer privacy you actually make fighting crime harder. It is worth bearing in mind that serious criminals have always been able to avoid this type of monitoring, but more and more normal people and, occasionally, those committing minor crimes will find it easier and easier to use services offering privacy now.

36 comments:

  1. What does the final bill say about costs,Adrian? That is to say who pays for any new equipment and systems needed by an ISP that receives a retention order? Is it still ambiguous or does it now guarantee that any additional costs will be fully met by the government?

    ReplyDelete
    Replies
    1. There is no guarantee of full costs in the bill (nor in the legislation in force today).

      For more on the costs position, see p102 of the (draft) code of practice on communications data: https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/557862/IP_Bill_-_Draft_CD_code_of_practice.pdf

      Delete
  2. I am furious (but not surprised) that this bill was passed, and that my evidence on the matter -- namely how easy it is to evade -- seems to have been largely brushed off. I wrote to my MP who forwarded my email on to the Home Office, and the Minister of State for Security did acknowledge it is possible to evade through mechanisms such as TOR and VPNs. A state actor may be able to break the VPN encryption for a particular individual, but it's not especially feasible en masse unless a big breakthrough happens (we've seen D-H key exchange attacked for instance).

    I do hope that their own personal secrets are shared for all to see when these databases are inevitably hacked. Perhaps once we know what sex toy websites they've purchased from, and what obscure porn fetishes they are into, they may decide to repeal the bill before they resign in embarrassment. Those who voted for it are traitors to the ideals of a modern liberal Western democracy, and in my opinion unfit for office. A disgrace.

    ReplyDelete
    Replies
    1. "what obscure porn fetishes they are into"
      Afraid we wont find that anymore as videos all non-conventional sex act are being banned too under another crazy law

      Delete
  3. I will be routing all my traffic over a VPN via another country once I've figured out which country is the friendliest in terms of human rights and data protection.

    But stopping short of that, just ensuring that the data on the backhauls is encrypted would go a long way since they then have to intercept at the individual ISPs. Time to start using encrypted PPPoE as standard?

    ReplyDelete
    Replies
    1. In terms of routing traffic to outside the U.K., it will be interesting to see how this interplays with geoblocking on services like iPlayer and Netflix. Perhaps some will give them up (or acquire the content in a different way), or perhaps selective routing?

      Delete
    2. I think that you would pretty much need to use selective routing or anything sensitive to lag (games, video) is going to be unusable.

      Delete
  4. What happens when the location where all this data is collected, is hacked and released to the general public?

    ReplyDelete
  5. Adrian,

    If a coffee house runs a "free" WiFi service, does this mean they will have to keep data records as well?

    ReplyDelete
    Replies
    1. It is in scope of the Act for an order to be placed on them - but unlikely at that level.

      Delete
    2. In addition, a coffee shop could be subjected to an McFadden injunction, compelling them to implement user registration. But no sign of one in the U.K. yet.

      Delete
    3. So this could have an effect of 'killing off' free WiFi spots.

      Delete
    4. It is possible, but I really hope it does not have that effect!

      Delete
  6. Here's one bit of good news: http://arstechnica.com/information-technology/2016/11/spacex-plans-worldwide-satellite-internet-with-low-latency-gigabit-speed/

    Eavesdrop that you bastards.

    ReplyDelete
    Replies
    1. I suppose I'm a little more sceptical that a commercial communications service which relies on the approval of probably multiple US regulators would not end up with intercept etc requirements baked in.

      Delete
    2. or that it would ever in fact exist.

      Delete
  7. I would recommend reading this book by a professor in Canada http://members.shaw.ca/jeanaltemeyer/drbob/TheAuthoritarians.pdf

    It is a proper book that has been released as a PDF by the author. The clinical data on authoritarianism and the mental deficits surrounding it which are exemplified by the Snoopers' Charter deserve much wider dissemination. The sample below comes from chapter 3 page 75 onwards.

    research reveals that authoritarian followers drive through life under the influence of impaired thinking a lot more than most people do, exhibiting sloppy reasoning,
    highly compartmentalized beliefs, double
    standards, hypocrisy, self-blindness, a
    profound ethnocentrism, and--to top it all off--a ferocious dogmatism that makes it
    unlikely anyone could ever change their mi
    nds with evidence or logic. These seven
    deadly shortfalls of authoritarian thinki
    ng eminently qualify them to follow a would-
    be dictator. As Hitler is re
    ported to have said,“What
    good fortune for those in power
    that people do not think.”
    1. Illogical Thinking
    Sitting in the jury room of the Port
    Angeles, Washington court house in 1989,
    Mary Wegmann might have felt she had suddenly been transferred to a parallel
    universe in some Twilight Zone story. For .......

    ReplyDelete
  8. All internet backbones are now routed through GCHQ in Cheltenham anyway now. You remember that LINX routing problem a few months back affecting all ISPs etc? That was down to the new routing paths going in to effect. True privacy is an illusion now!

    ReplyDelete
    Replies
    1. "That was down to the new routing paths going in to effect." Source for that specific claim please?

      Delete
  9. *If* I understand these planned regulations correctly, does this mean that the manufacturers of Session Border Controllers (used for SIP NAT rewrite, SDP etc) would be obliged to provide or build 'backdoors' if required, for government agencies?

    ReplyDelete
    Replies
    1. As we understand it - yes - unless they are not under UK jurisdiction of course and then they can say "stuff you HMG".

      Delete
    2. I suppose if they had a UK presence, such as UK office or UK Ltd co, then this could be difference?

      If so, I can see this act damaging the technology sector in the UK.

      Delete
    3. Obviously. Even if not actually under an order, as the orders are secret you cannot trust any UK equipment manufacturer not to have HMG/UK snooping capability built in. Well, you can trust FireBrick because we have said we would dissolve the company first, but in general you can't...

      Delete
    4. ...Unless you used an offshore company as the holder of the IP/code and manufacturer of FireBrick and AA was simply a reseller and installer...?

      Delete
    5. Expect A&A could even be subcontracted to write the code, as now, providing we don't have the authority to add snooping to it, and the releases are signed by someone that can see the code and we don't control (e.g. someone outside UK).

      Delete
    6. And so things end up like a layer-cake, as in additional offshore companies (legally) setup with additional (legal) agreements to legally get around this act.

      This act will only cause additional confusion and make it doubly difficult for HMG to pinpoint where blame lies.

      Delete
  10. The biggest barrier I've hit when setting up "UK exit" VPNs is video steaming services & national lottery. Might be a market for appliances that can route normal traffic somewhere more sensible while sky anytime, amazon video etc still goes over UK IPs.

    ReplyDelete
    Replies
    1. Well, if a VPN was to set up specifically for UK access, and have blocks of IP for that - and somehow (?) educate the goetracking companies that those IPs are "UK", maybe it can work.

      Delete
  11. Just wanted to highlight the barriers I'd hit while routing traffic outside the UK to avoid Snooping. If AAISP were to transit traffic outside the UK to avoid snooping laws I'd be happy as a customer. I wouldn't want higher latency or total blocks to certain sites based on location services though. My thinking was a firebrick etc. that could intelligently route certain traffic to the public network while email etc went via a secure tunnel.

    ReplyDelete
    Replies
    1. With an entreprise class UTM firewall you could do some policy based routing, if you want to use web "categories" instead of manually maintening URLs you will have to pay some subscription fees.

      I'm sure some non-UK based company will design VPN service targeted to solve this. The only difficulty is to keep reasonable performance latency.
      Depending on exact wording might be possible to VPN+Proxy to UK datacenter (which is not an ISP), splitting local traffic for geoblocked site or forwarding to Iceland or EU for the rest of traffic. Package it with an easy to implement software for Joe Lambda.
      Happy to discuss business opportunity :-)

      Delete
    2. Bear in mind that the term "ISP" is not relevant here. A retention obligation can be imposed on a "telecommunication operator". This includes someone who controls or provides a "telecommunication service".

      A "telecommunication service" is "means any service that consists in the provisionof access to, and of facilities for making use of, any telecommunication system."

      I suspect the Home Office would have a reasonable argument that running a VPN server, and probably even just running a data centre, entails providing a telecommunication service, given the (intentionally broad) definition.

      Delete
    3. Quite, you have to have a VPN outside UK and outside of control of anyone in the UK on which such an order could be placed with any effect. Setting up the legal arrangement for such things if actually set up by a UK ISP is a factor in making such things work, but I am sure not impossible.

      Delete
    4. @RevK Do you mean Privacy sarl Luxemburg anonymously held by Privacy trust Panama?

      Delete
  12. So the main termination in a data center on the continent (or Iceland), logic to route geolocked service back to UK for transit from there and the rest transit out from EU data center. There is some room for optimisation by moving some logic on the client to reduce latency (similar to a PAC file for most used geolocked site routing directly to UK web or just outside the VPN)

    ReplyDelete
  13. [Off topic, apol:] AA users, ever noticed how stupid geolocation keeps placing your own DSL line at “Arnold”, Nottinghamshire ? (Or sometimes Southend, for some reason.)

    ReplyDelete