tag:blogger.com,1999:blog-3993498847203183398.post2939965486467312710..comments2024-03-29T11:00:39.953+00:00Comments on RevK<sup>®</sup>'s ramblings: Home Office meeting re IPBillRevKhttp://www.blogger.com/profile/12369263214193333422noreply@blogger.comBlogger23125tag:blogger.com,1999:blog-3993498847203183398.post-70100387715603194112015-11-28T13:17:23.445+00:002015-11-28T13:17:23.445+00:00I wonder if it ever occurred to the policeman that...I wonder if it ever occurred to the policeman that the girl in question may well not even have been in this country, if she even existed in the first place? Did you try explaining that, or just point out he wasn't entitled to the information anyway?<br /><br />About ten years ago now, I was contacted on MSN Messenger by an "eight year old girl", who mysteriously happened to have the same ISP and location as the old school friend who had just found my rather obscure and unshared MSN username. Funny, that.<br /><br />I do remember being impressed when I happened to be flying home from the US arriving the morning of 9/11, and some friends from IRC tracked me down and phoned me at home to make sure I was OK.jas88https://www.blogger.com/profile/05563592458314214904noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-66960312077944379192015-11-26T14:06:09.782+00:002015-11-26T14:06:09.782+00:00So just to confirm my understanding of the meeting...So just to confirm my understanding of the meeting:<br /><br />- As mobile carriers are using CGNAT and proxies/dpi unless you use VPN on your phone non encrypted traffic likely to generate detailed ICR. As facilitating hacking is now part of the law, <br />I wouldn't be surprised if "additional" trusted root certificate could be added to telco firmware. Checking iOS9 trusted root (https://support.apple.com/en-gb/HT205205) you can find a selection of government issued root that I personally wouldn't particularly trust (like Turkish government one, as iOS9 also block *.google.com generated by the same certificate... sounds like a good MITM candidate...)<br /><br />- Large ISPs have more resources and as such will be expected to provide more detailed ICR<br /><br />- Smaller ISPs are less likely to be affected and what will be requested will be negotiated and depends on their resource.<br /><br />So except if you are a Darwin Award nominated wannabe terrorist looking at "http://www.jihad.org/bomb" on your mobile your are unlikely to be detected (except if you accessed http://www.whereistheparty.com unfortunately hosted on the same IP).Brexit factshttps://www.blogger.com/profile/09499046210014193575noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-59200398666607835502015-11-26T05:23:28.561+00:002015-11-26T05:23:28.561+00:00DeletesDeletesRevKhttps://www.blogger.com/profile/12369263214193333422noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-82966233755469472982015-11-26T05:23:01.257+00:002015-11-26T05:23:01.257+00:00Tricky. You have to maintain to same level of inte...Tricky. You have to maintain to same level of integrity as system from which data was derived. So if derived from a switch that only holds data in RAM and detected it after a few nanoseconds? Who knows?RevKhttps://www.blogger.com/profile/12369263214193333422noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-86147375032854056352015-11-26T05:21:04.000+00:002015-11-26T05:21:04.000+00:00That was also raised in the meeting!That was also raised in the meeting!RevKhttps://www.blogger.com/profile/12369263214193333422noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-15524313297501714642015-11-26T05:20:41.123+00:002015-11-26T05:20:41.123+00:00Ah, but now we know they got that clause in to the...Ah, but now we know they got that clause in to the law it is just the same as them choosing to hide the fact.RevKhttps://www.blogger.com/profile/12369263214193333422noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-43053997282023660922015-11-26T05:17:05.551+00:002015-11-26T05:17:05.551+00:00But ISPs are subject to DPABut ISPs are subject to DPARevKhttps://www.blogger.com/profile/12369263214193333422noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-5679135192273149852015-11-26T01:11:34.825+00:002015-11-26T01:11:34.825+00:00Was there any discussion about data backups? It&#...Was there any discussion about data backups? It's one thing to hold data records but another thing entirely if you have, by law, to be able to provide them at any time. That rather suggest you'll need to backup the data up to some DR site. More cost and complexity. Thanks for keeping us informed of what's going on. I'm still not persuaded that the politicians really get the complexities of what they're asking for. <br /><br />Andrew Sinclair (used to work in datacomms and DR design) carrewhttps://www.blogger.com/profile/02068221809652517364noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-68426451962635774852015-11-26T00:51:24.643+00:002015-11-26T00:51:24.643+00:00As the bill requires them to consult with you befo...As the bill requires them to consult with you before making any retention order there seems nothing to legally prevent you from alerting your customers of this fact, before the order is served. Hopefully you would mention it here as soon as you were aware of their intention to "consult".Anonymoushttps://www.blogger.com/profile/10823387395371201608noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-64370667320065664522015-11-25T21:55:14.735+00:002015-11-25T21:55:14.735+00:00The intelligence services aren't subject to SD...The intelligence services aren't subject to SDA requests. If they were they'd just lie anyway, because they're protected by the government. The reason we don't issue licenses to kill isn't just because this isn't Hollywood, it's also because the government isn't obliged to prosecute murderers. It can choose to simply not prosecute an intelligence agent who kills somebody in the line of duty. In very rare cases the Crown Powers are even used to officially pardon people we know committed grave crimes for the state.<br /><br />This might seem outrageous until you remember that US Presidents routinely, and with almost no grumbling, use their power of pardon to free people they owe personal favours to.tialaramexhttps://www.blogger.com/profile/04245919932453170519noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-79105162917084577432015-11-25T17:45:33.477+00:002015-11-25T17:45:33.477+00:00Well, that would be nice, but the processing to do...Well, that would be nice, but the processing to do that on bulk is a problem. We do however already offer obfuscated PPP (disguised IP as LCP) if you have a FireBrick. That may break any such logging, if they do it. It would be great if DPA subject access requests can get the data as that would allow us to find if that worked.RevKhttps://www.blogger.com/profile/12369263214193333422noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-67006917352803554002015-11-25T17:42:50.909+00:002015-11-25T17:42:50.909+00:00I wonder whether it would be possible for AAISP to...I wonder whether it would be possible for AAISP to offer encrypted ppp connections to overcome the potential for deep packet inspection in the l2 reachback?Chrishttps://www.blogger.com/profile/11182959617649002778noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-29967322498540616992015-11-25T16:54:44.883+00:002015-11-25T16:54:44.883+00:00The Twitter example is a bit odd. Knowing that he...The Twitter example is a bit odd. Knowing that her phone accessed twitter is useless, as you point out, but they can easily see if she has *posted* something by just looking at her twitter account, since twitter posts are usually public. The exception to this is if she had set her account to be private, in which case a court order to Twitter would do the job. Posts to twitter will be over HTTPS so the ISP probably can't tell the difference between her phone polling for updates or her posting a message anyway (ok, you may be able to draw weak conclusions on this from the size of the packets, but still).<br /><br />I think what they are meaning to say is that it would be useful to go on a fishing expedition through her internet traffic to see what she was doing, rather than specifically looking at whether she's used Twitter. This is obviously a completely different thing.<br /><br />What you *can* tell from traffic monitoring is that there has been some traffic to certain services (e.g. twitter, facebook, instagram, whatever) which then lets the police have some idea about which services they should be sending court orders to to find out what that traffic actually was.<br /><br />As for ISPs asking for there to be a gagging clause, this makes some sense: an ISP telling their customers that they are helping to spy on them would be bad for business, so the ISP may want to keep this confidential. But if someone leaked to the press that an ISP was spying on their customers and had voluntarily kept quiet about it, that would also be pretty bad for business. the solution: make sure the law says they aren't allowed to tell anyone. If the press found out about them spying, their excuse now appears perfectly reasonable: "we're legally not allowed to tell anyone".<br /><br />There may be operational reasons for the security services keeping targeted monitoring secret (don't want to tip off the person you're monitoring), but in that case it should be ok to disclose that the monitoring took place some time after the event. I don't see any motivation for the security services keeping this stuff secret forever, other than to avoid public oversight.<br /><br />And as you've pointed out, the line between "content" and "metadata" is pretty murky! Also worth considering that telco call records are routinely kept by the telco for billing purposes *anyway*, whereas web addresses aren't - the difference being that for the former they mostly just expect the telco to hand over what they were already collecting, whereas for the latter they are requiring the ISP to collect something extra.<br /><br />Also, isn't this bill being fast tracked? Something so controversial shouldn't be allowed to bypass scrutiny by going through a fast track process.Steve Hillhttps://www.blogger.com/profile/09798286430189689578noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-66786947259834978692015-11-25T15:23:10.586+00:002015-11-25T15:23:10.586+00:00Was not just me - but the problem is that doing so...Was not just me - but the problem is that doing so would put the cost estimates back through the roof, and then we'd say "but it is encrypted, so inspecting the data won't help either".RevKhttps://www.blogger.com/profile/12369263214193333422noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-30728539882671529592015-11-25T15:21:20.262+00:002015-11-25T15:21:20.262+00:00Indeed (I meant GCNAT, but same thing). They are n...Indeed (I meant GCNAT, but same thing). They are not things that will be phased out as soon as ISPs can.RevKhttps://www.blogger.com/profile/12369263214193333422noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-40463083627912668622015-11-25T14:23:27.272+00:002015-11-25T14:23:27.272+00:00"In discussions with ISPs, Adrian Kennard inf..."In discussions with ISPs, Adrian Kennard informed us that what we proposed would not be helpful in finding the girl, so on his advice, we are implementing a system to inspect the data."Alan Cliffordhttps://www.blogger.com/profile/07203284236816302240noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-62455289724709546862015-11-25T14:20:09.775+00:002015-11-25T14:20:09.775+00:00Web proxies and NAT - two things I attempt to elim...Web proxies and NAT - two things I attempt to eliminate from my life as much as possible.Owen Smithhttps://www.blogger.com/profile/00890951742186614705noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-56995536200330556112015-11-25T13:14:33.060+00:002015-11-25T13:14:33.060+00:00Yes, but they cannot easily produce the "Inte...Yes, but they cannot easily produce the "Internet Connection Records" from that - it would be a very expensive project for say Bt Wholesale to DPI the UDP/L2TP/PPP/IP/TCP passing through the wholesale network. My understanding is logs will be coming from retail sides using web proxies and NAT!RevKhttps://www.blogger.com/profile/12369263214193333422noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-12807714877627706192015-11-25T13:12:24.315+00:002015-11-25T13:12:24.315+00:00You make lots of good points in your letter to the...You make lots of good points in your letter to the government. <br /><br />Nevertheless, if I was them and given your opposition and small size as an ISP, I would be much more attracted to targeting the wholesale communications providers with the actual networks in the ground - Openreach, TalkTalk and Virgin Media, together with the mobile network providers. Presumably at a wholesale level, they can fairly easily identify which phone line the Internet traffic relates to? This would be much more practical than making requests to every small ISP.Ruperthttps://www.blogger.com/profile/04685206007070599216noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-3262824637896753442015-11-25T12:08:36.344+00:002015-11-25T12:08:36.344+00:00In the case of a teenage girl going missing, I'...In the case of a teenage girl going missing, I'm puzzled how knowing she /accessed/ Twitter would help in any way whatsoever.<br />She's a teenage girl, *of course* she accessed Twitter - can that not be taken as read?<br />Having access to her feed and being able to read her DMs, yes, I can see that may be helpful, but that's not what the bill is proposing.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-23668432794622672772015-11-25T11:43:02.558+00:002015-11-25T11:43:02.558+00:00It sounds like one knowledge gap in drafting the l...It sounds like one knowledge gap in drafting the law is the lack of awareness of just how much Internet activity connected devices generate when not being used by a person.<br /><br />There seems to have been an implicit assumption that Internet use only happens when a human triggers it. This is only true for voice telephony (and even then, becoming less true with robocallers, IVRs and the like), and not true for any data service.Simon Farnsworthhttps://www.blogger.com/profile/15190608047563530091noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-29104872169887586122015-11-25T09:49:27.999+00:002015-11-25T09:49:27.999+00:00When I was working on the night shift for an ISP i...When I was working on the night shift for an ISP in 1998, we got a policeman at the front door claiming that some teenage girl had threatened suicide in a chat-room, and obviously we would be prepared to give him her account name and address. He was utterly stunned that we wouldn't do this on his say-so. (Fortunately we had a director on call who could say the same thing.)<br /><br />So much doesn't change.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-41482269413618559052015-11-25T09:21:32.249+00:002015-11-25T09:21:32.249+00:00I'd have left my phone in my car if they wante...I'd have left my phone in my car if they wanted to take it off me. Just sayin'Alexis Threlfallhttps://www.blogger.com/profile/11792447399167532389noreply@blogger.com