Suggested surveillance of Internet users in the UK
 

.
Will the government in the United Kingdom be able to recruit ISPs to participate in surveillance against Internet users?

Stay tuned!


By the way, what is the legislation (and practice) in your country of residence?
.

From what i understand from the news the government are trying to pass a new legislation that is based on a 3 strike system for illegal downloading. If you get court once, the isp will send you an email telling you to stop, a second time, they send you a letter, and i think they suspend you for a few days from internet activity, a third time and your banned from the internet :)

Its a stupid legislation that will never pass, because in each instance the isp will have to proove that we're downloading illegal content, which is hard enough in itself and would require time effort and money. Also the isp's arnt too bothered if we do download illegal stuff because they just want their money at the end of the day,

ISP practice
 

.
Two question I have are these:

• In your country, do the authorities require ISPs to store historical data documenting their customers’ Internet activities for a defined time period?
• And if not explicitly required (but, say, merely “encouraged”), do they do so anyways?

That, of course, has long been the situation for phone companies, both landline and cellular. As far as I know, everywhere in the world.

Norway has had pretty strong privacy laws, but as an EFTA country we’re blindly implementing all European Union Directives (legislation) -- in fact even more faithfully than member nations. And the EU is not exactly renowned for its protection of privacy. Historically the EU is more bureaucratic than democratic, with a natural preference for decisions in closed rooms, rather than a culture of transparency and accountability. This applies to such legislation as well.

The climate is worrisome.

So things are changing fast here. The head of the Norwegian Data Inspectorate has voiced grave reservations about the practices being implemented, and deep regret at the absence of real political or public debates on these issues.

-- ArcticStones

.

TBH i have no idea, photek would probably know, hes more knowledgeable with these sorts of things

lol... not sure about that :)

I dont *think* ISP's are required to store user data, many do... and the amount of time they keep it for varies... I think the only stipulation the government make is that the data is not kept for more than 2 years.... but I could well be wrong.

Apparently the UK ISP's have unanimously said that they have NO desire to police their customers and open this particular can of worms...

Rather than criminalizing tens of million of individuals they should go to the route of the problem... a relatively small amount of sites and file sharing networks. Shut them down... or block UK access to them... problem solved..
And it would take MUCH less resources, MCUH less money and offend far fewer people...

That does it... I am running for PM, Stand back Gordon... Photek and the 'Use Common Sense you Blithering Idiot Party' is coming!

You have my vote, well in 3 years when i can vote :)

Photek for PM!

What's your policy on free Apple hardware for students? :P

lol - I want to start a branch of that party in the US. though honestly, that's a much steeper hill to climb here...

The surveillance of citizens here in the US has been pretty blatant.

As I understand, though, in the UK, you are required to hand over all your cryptographic keys. That's pretty hardcore.

same in the US, under the Patriot act, though I'm not sure about the extent of compliance.

I just hope the isp's say no. It would make everyones lives easier

Would it really make a difference? If things over there are as bad as here in the USA, Parliament will just pass something to compel them.

Now, if Photek's party is victorious in the next round of elections, that would be a hopeful sign.

PHOTEK FOR PM, now all i need is a big banner to put outside my house, and to take you united games :D

hey all.... thanks for the vote of confidence... but the last thing the world needs is me in any sort of role of power..

I would get corrupted to easily and too quickly and then it would be a long spiral into decline... you know... fast cars, faster women.. :D

I don't know what Canada's laws are re user data retention, but of course in the normal order of business, ISPs must retain stuff to some extent. Examples: email, web caches, etc. Normally if ISPs function like the university I retired from, they keep these in push-down caches so the duration of retention depends on the size of the cache. For email at the University some years ago, that was about 30 minutes worth before an email fell off the bottom. For web caches, a bit longer. Name servers retain stuff too.

A different beast...
 

.
NovaScotian, I do believe there is a huge difference in kind between the sort of practical retention that you mention, and the sort of extensive retention we’re talking about here.

We’re not just talking about a digital imprint that quickly gets erased, much like a footprint on the beach being washed away by the surf.

A better comparison for this latter, and suggested, usage would be phone records. While the former would be security video footage, which is usually stored on some sort of media that is kept on a rotating schedule; unless there occurs, say, shoplifting or armed robbery, it is soon deleted.

I take it for granted, however, that all my digital activity passes through NSA filters, and possibly that of other intelligence gathering services as well. If I call or receive a call from a certain number marked as being of interest, it gets tagged and/or stored. Likewise if I use certain words or combination of key words, be they "package" and "make a drop" and "agreed place", the "Lion Sheikh" or "Al-Amir" or "Imam Mehdi" and "device". Or perhaps snippets of my conversation is passed through voice recognition software.

Likewise, I suspect that the identity of computers/IPs that visit certain sites that are under surveillance, is stored, and perhaps even their approximate physical location traced.

That goes on all the time, and I take it for granted. This is the Age of Transparency. And those are some real-time ways of gathering intelligence. I suspect our leaders would deem the intelligence community negligent of its duty if it didn’t make use of them!

However, long-term retention of comprehensive user data by ISPs, as suggested in the UK (and elsewhere), is a very different -- and IMHO far more worrisome -- beast.


Respectfully,
ArcticStones

.

Impractical, too. The size of the disk drive farm required to keep more than a few minutes of traffic boggles the mind given that write speeds for most HDs are not up to real-time recording of traffic. The problem, as always, is that the legislators haven't a clue what's involved in their notions.

30 years ago, I did a consulting job to improve the speed control servo on a 32-channel, 240 inch/sec tape drive for a company who had two principal classes of customers for these very expensive units -- security agencies recording radio/satellite traffic, and gas/oil field service providers who had to record data from large numbers of distributed instruments collecting seismic echoes from a point surface impulse. Modern internet traffic is a flood compared to those activities and data recording hasn't advanced anywhere close to Moore's law rates.

Like you, I anticipate that my email communications into the US (principally to two kids and a few relatives who live there) are monitored, but then they're also quite innocuous. So is my internet activity -- much of it like this post -- hardly suspicious or seditious.

But then, this is the age in which Canadians flying to the US have their baggage inspected by US Customs before they leave (at most major airports), and then have it offloaded and re-inspected at their port of entry, even if it's only a connection to elsewhere; a major cause of pilferage and lost luggage which doesn't make it onto a connection. One of my kids, who travels a lot, has lost cameras, inexpensive jewelry, a pda -- all kinds of stuff -- inevitable when a crowd of underpaid workers are pawing through your unlocked bags.

Retaining user data on the internet (or even filtering it, for that matter) is just another invasion into our lives by security zealots who are never required to substantiate the efficacy of these measures.

Does this not violate your civil rights over in the UK? Also, it will not stop piracy, and lets say if you were smart about your torrents and encrypting your network traffic how would they know? Would they break your encryption to see what you are doing, or require all network traffic to be transparent?

Also, what happens in the case of a hijacked computer? Someone else is using your bandwidth, or they are on your network locally and it gets traced back to you?

I just don't see how there could be a system that could be reliable and not violate any of your civil rights.

A woolly animal
 

“Civil rights” is a woolly animal. Try writing a Features List!? If you are so inspired and succeed, please post it here. :cool:

Surveillance need not be fool-proof. After all, how many deviates ;) are there that encrypt their network traffic? If someone does consistently use heavy encryption, I think we can take it for granted that their communications receive some extra attention. Besides, there are reasons why there are severe limits to the standard encryptions out there.

Can you imagine the howls of protest from the authorities if Apple suddenly decided to integrate a PGP option or 2024-bit encryption into Mail? Ha!

And one more thing: There can be a huge difference between stated motive and actual motive.

Have you for instance noticed that there are rings of electronic toll booths around most major cities? A completely uninteresting coincidence. And merely to collect tolls, of course... :rolleyes:

-- ArcticStones

.

Seriously, since when has that stopped any government from doing what it wants to do? Even in the US, the principle that the "security of the state" trumps the Bill of Rights has been consistently upheld by courts at all levels. Sure, there's been some pushback against that around the edges, but the basic principle has been established.

If I'm not mistaken, one of the things under consideration (by France or by EU parliament or some EU committee or such?) is that volume only is the determining factor. If one exceeds some TBD volume, it is presumptive evidence of illegal activity, and the burden of proving that it wasn't is up to the person whose internet access has been taken away. I don't know if that will fly when all is said and done, but it is entirely consistent with the principles of Napoleonic law.

If you think that's totally ridiculous, the same principle applies (and has been consistently upheld by all levels of US courts) when it comes to asset forfeiture cases. The government can take your assets with a simple declaratory statement that an asset (cash, your house, a car, etc.) may have been aqcuired in connection with illegal activity, or that it may have been or that it may be in the future, used in connection with an illegal activity. The burden of proof is then on you to prove in a court of law that none of those assumptions are true.

Folding @ home and SETI are two things that send and receive encrypted packets over the interwebs and are heavily used through out the world. Also, what if your network has been jacked, and your neighbor is stealing your wireless and using your public IP to do bad things.

This doesn't include encrypted traffic from home to office for whatever work reasons you might need. I am sure it can all add up. Plus you can throttle bandwidth via P2P preference anyway, so you can lower it to that of one of those clients. Then how will they justify coming to take a peek at your hard drive?

File sharing is not a national or international threat. Its just piracy, and I don't see how they can link it to the whole national security thing. However, I do agree that once a government wants to do something they often do it, regardless of your rights.

Might I mention that this line of thinking dovetails very nicely, indeed, with the telecom companies’ attempts to torpedo Internet neutrality.

If they had their way, you would be getting one invoice for access from your ISP, and a second one from them where the bottom line is contingent on your traffic! And voluminous traffic from non-commercial sites might well nevertheless flow like syrup.

Ah, the blessings of a virtually tiered Internet! ;)


And Tom, I’m not an expert, but I would suspect there are markers (or at least Sender and Recipient) that effectively identify SETI and Folding@home traffic. Same thing goes for home<-->office, which would largely be considered uninteresting.

.

Obviously, you are much more reasonable and rational in your thought processes than government often seems to be.

When one considers how the interstate commerce clause of the Constitution has been stretched to allow all sorts of federal activity that, to me, at least, seems patently unconstitutional, linking piracy to national security is just a matter of a few simple steps.

For example: piracy violates federal law; unless federal law is enforced, the authority of the government is subverted; if the authority of the government is subverted, it is unable to perform necessary functions; if it can't perform necessary functions, national security is at risk; ergo, it must have the means to ensure that piracy does not occur. These are exactly the type of "logical:rolleyes:" linkages that have been made to authorize lots of things under the "interstate commerce" umbrella.

Arctic, you are correct there are ways to track traffic even encrypted to see where it is going. Obviously something as simple as a reverse DNS look up could tell you if the IP were a folding @ home server or a SETI server.

However, all other traffic that can not be traced to a valid source is deemed as piracy? I mean there are tons of legal things you can download via P2P which I am always sharing. I have an 8 gig ISO file of a collection Linux live ISOs, that is like a sampler platter so to speak of open source operating systems. I have been sharing it in my bittorrent client for over a year now and have probably uploaded 100s of gigs of information just to that particular ISO file.

This is totally legal, generates lots of traffic (and yes I encrypt all out going torrent traffic), and I feel that I am doing my part supporting the open source community. After all I don't pay to use fedora, debian, ubuntu or open suse, so I figure why not share my bandwidth?

How is someone going to prove otherwise in court with out cracking my encryption? Unless I am going to obvious public torrent trackers that have my IP registered. Even then they would need to subpoena my ISP and the torrent tracker server owner to legally get that information.

I am aware that they can use fear and scare tactics to accomplish what they want, and its not right.

Is there a petition? Where do I sign, where do i protest? Where do I voice my opinion about this matter?

.
In a new article the BBC offers an interesting pan-European look at surveillance.