And the other shoe drops

Aye aye:

Councils, the taxman and dozens of other public bodies will be able to search the internet and social media activity of everyone in Britain, The Telegraph can disclose.
Technology firms will be required to keep records of the websites and apps which people have used and details of when they accessed them for 12 months under new powers unveiled this week.
The new powers, contained in legislation which is published on Wednesday, will primarily be used by police and the security services in pursuit of suspected terrorists and serious criminals.

“Primarily”‘s doing a lot of work there, isn’t it?

And who wants to bet that local councils will be in like Flynn, tracking down the perpetrators of the great let’s not sort our rubbish conspiracy? The wreckers, Prompartists!

I once pointed out, in The Times, that the Home Office has a a sort of “sick ministry” problem. It infects, eventually, everyone who becomes Home Secretary. We are all problems to be managed, managed with that firm fascist hand, not free citizens who create a government to serve our needs.

The correct reaction to any and every policy emanating from said ministry is thus “Fuck off”. Or, to taste, Tor and a VPN.

30 thoughts on “And the other shoe drops”

  1. “And who wants to bet that local councils will be in like Flynn, tracking down the perpetrators of the great let’s not sort our rubbish conspiracy? “

    They’ll find allies in the local rozzers, without a shadow of a doubt…

  2. Another technical option is to flood them with data. Set up a script which randomly browses the Internet for hours at a time, clicking through any random junk. Good luck them finding anything useful in that.

  3. Use a computer in the public library (yes, an internet cafe is anonymous too, but fun to have the council track down all the viewing of the anti-council-bureaucracy sites to their own computers).

  4. So… after 5 years of Mr Cameron being Prime Minister, the council still won’t take my bins away every week, but they will spy on my browsing of pointy-elbowed-french-maids.com…

    Wankers.

  5. I’m curious how much real terrorist activity they’ve ever actually prevented this way. My impression is: not much, which probably explains why the rationale is mainly “the children”, as May dutifully trotted out yesterday, although it’s hard to see how that would justify HMRC having access.

  6. Just over a year ago they were making a big thing about the police needing similar powers to fight web crime, at a time when reported violent physical crime had risen 6% or so. Still, it’s more comfortable to fight crime from a desk, within reach of the Hobnobs.

  7. I pay A$36 pa to access the interweb via a VPN. I can log on via Hong Kong, Iceland, Austria, etc. I get ads in the language of the server I log into. The Aus authorities have no metadata to store.

  8. @john77
    “Use a computer in the public library”
    You don’t need a library card to use the library computers?

    Be one reason I’d be wary of using library machines. They will have content filters & those filters will store data on what they’ve been filtering. Apart from the usual browser history*. (may or may not be deleteable) Card access will connect machine to user.

    *I always use a portable browser running off a key drive for internet cafés but do libraries’ machines let users run external programs?

  9. Blanket Search Warrant

    An unconstitutionally broad authorization from a judge that allows the police to search multiple areas for evidence without specifying exactly what they are looking for.

    “The new powers, contained in legislation which is published on Wednesday”

    I don’t know what it’s called when a judge isn’t even involved. Wait . . . I know . . . it’s call TYRANNY!

  10. CHF

    “I’m curious how much real terrorist activity they’ve ever actually prevented this way. My impression is: not much…”

    Wasn’t there an admission on this a while back in the US – basically nothing. The NSA conceded that of 50 so-called events interrupted due to their data collection programs, it turned out that there was only one event on US soil, and which comprised a San Diego taxi driver legitimately sending $8,500 to a “political” party back home in Somalia (or something)? That was it…

  11. Our security services are clearly preventing some terrorist attacks — the alternative is that the Al Qaeda boys are quite astoundingly useless, to a degree that stretches credulity. I would guess that a bit of data-interception helps. Be odd if it didn’t at all.

    But I remember some of the immediate post-9/11 analysis from credible intel experts, saying that one of the big problems with the CIA was that they had so wholeheartedly embraced the data-interception model that almost all their agents were now sitting in front of screens, whilst the British and French and Chinese and so on still believed in deep-cover infiltration and boots on the ground. (Apparently, we still have agents in the IRA, just in case. Those guys’ dedication is incredible.) Bush certainly didn’t place much faith in the CIA after 9/11 — all that “BUSH LIED!!!!!” stuff was about the CIA disagreeing with MI6’s intel and Bush choosing to believe MI6.

    So there’s a balance.

    Whatever, there’s no fucking need to give these powers to HMRC or local councils. We all know this is going to be used to prove kids are in the wrong catchment areas for their schools.

    And I’ve said the same thing about Home Secretaries myself. What the fuck is their problem? I wasn’t a big fan of Theresa May, but she wasn’t a Nazi. And now she is. And I bet she goes back to being a non-Nazi after she leaves the job.

    I mean, Jack Straw, for fuck’s sake. A genuinely nice and reasonable man, whose excellent legacy is to remove the appalling anonymity of the Children’s Courts. And even he was a fucking fascist cunt when he was Home Secretary.

  12. “I would guess that a bit of data-interception helps. Be odd if it didn’t at all.”

    The bit above (the one event in 50 that in fact wasn’t) was specifically about “mass” collection (and managing to extract stuff that was useful) versus “targeted” data collection (if I understood it correctly) and which of course we would expect to be very successful.

    Home secretaries – useful intel held on the incumbent? 🙂

  13. I’d consider thinking about the possibility of maybe letting HMRC, councils, etc have access to this info, with a warrant rather than self-authorised of course, once we’ve had at least a few years of those bodies publishing their internet browsing habits in a readily accessible form.(The inequality of approach being due to the inequality of authority)

  14. I wonder if being Home Secretary is like being hypnotized. They step down from the job, and shudder, and think, “OK, where was I?” Then: “Wait, what year is this?” And then the memories start trickling back, quickly followed by self-loathing. “What happened to me? I WANTED TO HELP PEOPLE!”

  15. I once pointed out, in The Times, that the Home Office has a a sort of “sick ministry” problem. It infects, eventually, everyone who becomes Home Secretary. We are all problems to be managed, managed with that firm fascist hand, not free citizens who create a government to serve our needs.

    I can understand the psychology of it; their primary duty is to protect the UK’s citizens, economy and infrastructure from threats. Given the furore that will erupt if they fail to do something that might have prevented some incident or atrocity, who wouldn’t want to a) make the job as easy as possible and b) give themselves a ready-made defence (“but I did XXX! Unfortunately, it can’t help with every case…”) in the event something happens that the security service and/or Police couldn’t prevent.

    Ultimately, it’s for the rest of government (and us, as their nominal bosses) to push back on the Home Office’s demands and say “no, that’s too high a (societal) price for the stated threat you’re trying to prevent”

  16. ‘So there’s a balance.’ – S2

    No. The government has no right to people’s communications. People’s rights are not erased by terrorism. It matters not whether the invasion of privacy has prevented an attack or not.

  17. its not just our browsing they will be monitoring, but our blogging as well. So be careful what you say, because an intemperate rant on a blog might already land you in trouble with the law, but ‘might’ is becoming ‘will’.

    And they might prosecute for accessory to sexual assault for watching porn etc etc etc .. oooh, the possibilities are endless, and no one’s in charge and no one’s in control and the data gathering technology just gets better and better.

    And the fellows that are using vpn are advertising that they’ve got something to hide, they’ll be some of the first to get extra scrutiny.

    So, be good, be careful, behave!

  18. The latest instalment adds this: http://www.telegraph.co.uk/news/uknews/terrorism-in-the-uk/11970391/Internet-firms-to-be-banned-from-offering-out-of-reach-communications-under-new-laws.html

    “The move follows concerns that a growing number of encryption services are now completely inaccessible apart from to the users themselves. Companies such as Apple, Google and others will no longer be able to offer encryption so advanced that even they cannot decipher it when asked to, the Daily Telegraph can disclose.”

    The money they blew on Kids Company could usefully have been spent on a little training course on the meaning of “end” in “endpoint” and “end-to-end” encryption, and how this stuff actually works.

    Sometimes they make the EU look sane, I tell you.

  19. “And the fellows that are using vpn are advertising that they’ve got something to hide, they’ll be some of the first to get extra scrutiny.”

    You’re not wrong there; even more so with Tor. VPNs have a little protection because it’s quite common to use them commercially. Tor, not so much. Tor also relies on exit nodes that often are requested to fetch the target data in the clear, and people who run them have indeed been arrested.

  20. @Squander Two

    My “prevented this way” referred to mass data collection. If you’ve got other reasons (beyond just using VPNs or Tor) for suspecting that someone *in particular* is planning something nasty, then intercepting communications might help.

    Even so, the whole point about encryption is that it’s data neutral: we make it strong to protect communications generally. The maths behind it isn’t conditional on the naughtiness of the data (“this looks bad, I’ll encrypt it badly”). It follows that, sadly, the ability to tap into a communications network now is less useful than being able to intercept someone’s post, and even back then it was tricky to contend with coded communications (“Auntie says a big hello to the elephant in the room”), let alone a modern book code (“WTF Guy! Which Kindle edition were you using!?”).

  21. it will eventually come to something like the passing of laws to license companies offering isp services, such that they may only handle ‘registered’ encrypted traffic – govt will issue the keys for ‘registered’ encryption.

    Something like that, perhaps not that exactly.

  22. @ bis
    It’s a few years since I needed to use the library computer, and I had to ask permission in case someone else had booked it but there were two computers and, as far as I can recall, no-one kept a record of when I started and finished.

  23. But that’s hopeless: the breaches of NHS data security were bad enough, but which government minister will want to be the one responsible for all UK bank accounts being compromised because the “registered” keys leaked. (It also draws them into the firing line for court cases involving phantom withdrawals.)

    That’s all beside the point: the proposal ignores a basic misunderstanding about what ISPs do: they don’t provide the banking and commerce web sites, they simply carry IP packets from my device to the bank and back.
    Those packets are encrypted. The ISP has absolutely nothing to do with it. The ISP is told a little bit about where they are going (but that might be misleading, when VPNs and gateways are involved). Nor (as it happens) does Google, Apple, or any of the others get involved with the encryption, unless they are running the application the user is talking to (eg, Gmail).

    It’s obvious that Cameron himself doesn’t really understand that, when he talks about Google (say) “removing” undesirable content from the web, but of course Google search just provides an index to content stored elsewhere.
    You can remove a signpost, but the building remains.

  24. “no-one kept a record of when I started and finished.”

    If you had to log in to the library computers — our local library requires your library card ID and a PIN — the computers themselves will have ample opportunity, and more spare time, to log lots of data.

  25. “The money they blew … could usefully have been spent on a little training course on the meaning of “end” in “endpoint” and “end-to-end” encryption, and how this stuff actually works.”

    It’s as if Dave & Tess don’t understand “geography”, at all? And hence, I’m not genuinely convinced that this is anything more than “politics for the masses”, “for show”, or for the Daily Mail readers. From what we continue to see of the Snowden disclosures, GCHQ has to be way ahead of the nonsense we are reading here (with the real focus elsewhere, eg targeted).

    “registered encryption” – surely not without a Chinese style “national” firewall, and even theirs is easily circumvented?

    My ISP has already talked about (some time back, and this was just one of lots of different ideas) about a totally separate Company offering an overseas VPN exit node, as a service for “any and all” of their customers / traffic, so that the “formal” ISP (in the UK) is incapable of seeing anything at all. Notwithstanding that there are any number of commercial outfits already offering that.

    Interesting times. Julia will be busy..:)

  26. Bloke in Costa Rica

    What if Apple and Google tell the UK government to get stuffed? Is Theresa May going to ban mobile phones? The OS they run, and the hardware, is the same everywhere. Apple have designed it so that they can’t access the encrypted area in an iPhone without the user’s passcode, even if they have the thing on a bench in a clean room. Are they going to backtrack on that for the whole planet just because the UK says they must?

Leave a Reply

Your email address will not be published. Required fields are marked *