from the fight-back-on-both-sides-of-the-pond dept.
The head of the UK ISP Andrews & Arnold, Adrian Kennard, has pointed out a number of major technical issues with the proposed Investigatory Powers Bill (aka the Snooper's Charter). Kennard and other representatives of the UK Internet Service Provider's Association (ISPA) met with the Home Office on Tuesday, where they presented a number of ethical, technical, and privacy related issues with the incoming new law. These issues, plus some of the Home Office's responses, can be found in written evidence (PDF) penned by Kennard.
Kennard's key point is that the Internet Connection Records, which lie at the heart of the UK government's proposals, are largely meaningless for most modern online services. He recounts that, in the Home Office briefing this week, the example of a girl going missing was used once more to illustrate why the authorities want to be able to see which services she accessed just before disappearing, in the same way that they can track her phone calls. But Kennard and the other ISPA members pointed out this example betrayed a lack of understanding of how the Internet works today:
"If the mobile provider was even able to tell that she had used twitter at all (which is not as easy as it sounds), it would show that the phone had been connected to twitter 24 hours a day, and probably Facebook as well. This is because the very nature of messaging and social media applications is that they stay connected so that they can quickly alert you to messages, calls, or amusing cat videos, without any delay."
He also pointed out that the main protocol used online, TCP, can maintain a connection for hours or even days at a time, and that others such as SCTP and MOSH are designed to keep a single connection active indefinitely even with changes to IP addresses at each end,
Kennard discusses several other technical problems, for example the widespread use of encrypted connections, concluding with this zinger:
"It seems clear that the retention of any sort of 'Internet connection record' is of very limited use at present. The current proponents of this logging do not understand how the Internet works. Experience of Denmark for 10 years suggests that it is not useful. It is also clear that over time the availability of such logs and usefulness of the logs will diminish."
(Score: 2) by Whoever on Monday November 30 2015, @04:14PM
The UK government has people who understand this. So, the question is "why do they want this data?". Perhaps it is just the camel's nose, with more intrusive monitoring coming later?
(Score: 2, Funny) by Anonymous Coward on Monday November 30 2015, @05:15PM
you mean camel toes? Since it is peek show that they want.
(Score: 2) by NCommander on Monday November 30 2015, @07:17PM
It's more that the US government refuses to admit fault, and an entire culture of refusing to be wrong. It's in human nature; look at the other site, it was clear they fucked up with Beta but refused to change it until after a good part of the community packed up and left.
Still always moving
(Score: 5, Interesting) by Nuke on Monday November 30 2015, @05:45PM
It looks like the smaller ISPs will not be required to retain data, although Kennard wants this made clearer.
I am with a small UK ISP who is already edgy about having personal customers rather than business ones. I am now paying a "business" price, and I'm OK with that for the service, but I'm worried that this might be the last straw for small ISPs and I will be forced to transfer to one of the big crappy shysters like BT Internet, Talk-Talk or Plusnet. The small ISPs have already been spared other UK government restrictions though.
Any criminals will need to use small ISPs in future.
(Score: 3, Funny) by Anonymous Coward on Monday November 30 2015, @05:47PM
They're a decent ISP. I went with them because they're Shiboleet compliant.
http://www.revk.uk/2010/10/xkcd806-compliance.html [www.revk.uk]
(Score: 4, Insightful) by RamiK on Monday November 30 2015, @10:17PM
While meta data is useless for finding terrorists and missing persons, it's quite handy at circumventing the poisonous tree: When you get evidence through hacking, bribing, extorting, torturing and illegal surveillance you normally can't use, all you need to do now is find some random red flag in the meta data and build it all up from there.
Since you're not required to answer how many other people raised that same flag and how their cases were handled (because that's sensitive national security information...), you can use any random site or keyword search claiming it's a known terrorist\felon's hangout\search.
compiling...