GCHQ and snooping

I need to make this clear to the non-techies, and this needs to be explained.

The Draft Investigatory Powers Bill covers a lot of stuff, but there are two main things...

1. What the hell the spooks do in GCHQ and making that legal now!

2. Snooping on us all for police investigations

A lot of what I have posted is on the second point. The stuff GCHQ do is harder to tackle. There is a shitload that is clearly morally wrong, and way too "big brother", but let's put that to one side for a second.

The bill covers "Data Retention" and "Intercept capabilities" that can impact us all.

Data Retention means your ISP, hopefully only the large ISPs and not A&A, keeping track of your life - everything you do on-line, every web site, the lot, and hence making it available to your local plod if they want. It is a lot of data about you, and simultaneously is both "sensitive personal data" that says a lot about you and also very "not useful to actually investigating crime".

"Intercept capabilities" mean designing systems that are not actually secure so that, just in case, the authorities can snoop on you if they want. It means any attempt for any UK provider to sell "secure communications" becomes a lie as they may have to include a way for them to "remove protection" from communications. Whilst you may not be a suspect, if your provider has that means then what they are selling is not secure, and not only can police access what you are doing, but so can determined criminals.

So the objections I have been raising here are not anything about "protecting us from terrorists" at all, they are about your life on display- for any hacker to extract from your ISP, and for any police officer that does not understand these things to assume you are up to no good.

It is about "big brother" in so many ways. Ultimately you have to accept that if the police had cameras in every room of everyone's house it would help with investigations. This is that sort of thing by the back door. It is not acceptable. It is SNOOPING!

Let's be clear here - it is SNOOPING. One person giving evidence did not recognise "snooping" as a warrant was needed. Well, even if a warrant is needed it is still snooping, but more importantly data retention and maintenance of intercept capability do not need warrant. Data retention is SNOOPING on all that we do on the Internet, simple as that.

So please, tell people to talk to their MP, to read my numerous blog posts, to take a stand.

This is not about headline grabbing and statistically insignificant issues like terrorists or pedophiles, this is about your life on record and held by your ISP for police to look at.

[Quite separately GCHQ need reining in, and even in the US the NSA has had many powers restricted]


  1. I know that, following your previous meeting with the Technical Committee, you got the impression that only the large ISPs would be made subject to retention orders. Are you still as confident after yesterday, when one MP suggested that all the criminals and terrorists would gravitate to A&A unless you were included in Retention Orders? Your response about TOR and VPNs probably went over his head.

    1. Even if they wanted to target smaller ISPs, I still feel that it would no be economical or proportionate to do so - which leaves me reasonably confident that we are too small to be a concern, still.

  2. The danger for smaller operators is giving the future Governments and Home Secretaries (let alone the current one) the powers as they see fit without having to go back to parliament so that it's easy for them to extend the orders to smaller providers.

    It's all good and well the larger CP's accepting this but whatever is provided today will be done with them and their scale in mind and extending that to smaller CP's further down the line, which I have no doubt will happen, is likely to hit them much harder and for some that could simply kill their business.

  3. Once these powers are available, the MP's can then sell them to a commercial company! We can finally have Oversight!

  4. RevK you're mentioned in PcPro magazine this month regarding encryption and the snoopers charter, they also link to your blog

  5. Watched a few of the other parts of the hearing. Ross Anderson is actually quite impressive, he's able to switch at will between speaking about technology and then addressing the legal aspects in native legalese.

    Also, it appears that David Ormand's arguments always rest on only the 'right sorts' of people having access to the information gathered.


Comments are moderated purely to filter out obvious spam, but it means they may not show immediately.


There are lots of ways to debug stuff, but at the end of the day it is all a bit of a detective story. Looking for clues, testing an hypothe...