Up until now the main focus on security has been on the content of communications, and we now have very powerful processors (even in our phones) and we are able to ensure that the content of our communications is secure, end to end, encrypted.
But there is a new threat, the collection of meta data. By collecting ICRs from everyone, and creating a national database that can be searched and collated we create the very definition of a nanny state or big
The problem is that (a) meta data is actually very revealing of our lives, what we do, and who we associated with, and (b) the law sees it as less significant. This second point is important as it means that new laws can collect data from everyone, not just suspects in a crime, and can allow use of that data by a lot of people without a warrant. It is only seen as serious and needing of a warrant when you want to look in detail at the communications via some sort of "intercept", the very things that will not work with the modern "encrypt everything" culture. Of course that won't work with criminals.
The UK government want to make a national system of searchable ICRs, and that means getting data from every ISP. But that is hard. There are literally thousands of ISPs, small and large, and they each would need notices to retain data. But it is worse - each ISP needs to consider the collection, storage, and access to this data, and how that will comply with the Investigatory Powers law and Data Protection law. The ISP may have to have positively vetted staff, and secure data storage systems, and all sorts. This is far from cheap or proportionate for a small ISP with only a few hundred or even a few thousand customer lines. Current policy is government pays for this too, so even harder.
Even with this security, the data is vast and the risk for it being compromised is very real. It is a far greater threat than the terrorists we try to thwart by such measures (but then so are paper cuts, well, nearly).
The only sane approach the UK government can take, if they really are hell bent on this new police state, is to engage with the back-haul carriers, like BT Wholesale, Talk Talk Business, Virgin, and maybe a couple of others. By doing this they can get almost everyone covered, even A&A customers! And all done in secret.
So what can be done?
Well, for a start, it is important to make it clear that we are not talking about helping "terrorists", "pedophiles", or "criminals" here. They can all take measures themselves, using Tor, and so on, to protect their data very easily. Also, they are often already known and already under more detailed surveillance. What we are talking about here is the police state surveillance on every single innocent person in the country for no legitimate reason. A true police state.
An important step is for everyone to ensure they use encryption as much as possible, to protect that content, but using encryption to protect meta data is harder. Tor is a start, but that is a complicated network that really should be used for those that really need it. So how can end users feel any safer over meta data collection?
One obvious answer is use of standards based encrypted PPP links. They exist, they work, and some small ISPs do this. Well done to them. The challenge is scaling up to larger ISPs. Running proper crypto for thousands of lines and gigabits of data is quite simply not easy, yet.
This is a short term issue in a way - I am sure in a few years the hardware will be up to the job, but not quite yet, in our experience.
So what can we do - well we can obfuscate the meta data!
Basically, the PPP traffic may look like normal IP data, but actually the IP addresses, maybe the TCP and UDP ports, and perhaps a bit in DNS queries, will be "scrambled" a bit. It does not have to be processor intensive or too complex. Just something that cannot easily be automated on a large scale.
Scrambling the data is not hard, the trick is to make some sort of initial negotiation to make it hard to descramble without some work. We are thinking some Diffie Hellman exchange at the LCP level maybe, and simple XOR of meta data. Maybe change occasionally during the connection. Ideally some properly negotiated obfuscation and publishing an RFC, or specification of this, so linux pppd can do it as well.
The result is that L2TP DPI based PPP capture will not easily collect meta data. Indeed, it will actually capture screwed up meta data and create bogus ICRs.
So what would happen - well, the government will have to consider talking to each and every one of those small ISPs, and pay the price for doing it - not financially viable, surely. If nothing else, the ICRs they collect to start with will be less than useless.
So we want to make an RFC - how can we get some help?
Please comment on here, let me know if you can help, DM me on twitter. Let's make a standard, or at least a specification, and I will code it in the FireBricks at the LNS end to work with A&A customers as well as a few other ISPs using the same kit.
We do not need a police state in the UK, or any country that follows, and we can help stop it, or at least thwart it.