SoylentNews

Arthur T. Knackerbracket writes:

Story automatically generated by StoryBot Version 0.0.1f (Development).

Note: This is the complete story and will need further editing. It may also be covered
by Copyright and thus should be acknowledged and quoted rather than printed in its entirety.

FeedSource: [HackerNews] collected from rss-bot logs

Time: 2015-11-29 04:33:02 UTC

Original URL: http://arstechnica.com/tech-policy/2015/11/uk-isp-boss-points-out-massive-technical-flaws-in-investigatory-powers-bill/ [arstechnica.com]

Title: UK ISP boss points out technical flaws in Investigatory Powers Bill

Suggested Topics by Probability (Experimental) : 38.5 digiliberty 23.1 OS 15.4 science 7.7 mobile 7.7 hardware 7.7 careers

--- --- --- --- --- --- --- Entire Story Below --- --- --- --- --- --- ---
 
 

UK ISP boss points out technical flaws in Investigatory Powers Bill

The head of the UK ISP Andrews & Arnold, Adrian Kennard, has pointed out a number of major technical issues with the proposed Investigatory Powers Bill (aka the Snooper's Charter). Kennard and other representatives of the UK Internet Service Provider’s Association (ISPA) met with the Home Office on Tuesday, where they presented a number of ethical, technical, and privacy related issues with the incoming new law. These issues, plus some of the Home Office's responses, can be found in written evidence [www.me.uk] (PDF) penned by Kennard.

Kennard's key point is that the Internet Connection Records, which lie at the heart of the UK government's proposals [arstechnica.co.uk], are largely meaningless for most modern online services. He recounts that, in the Home Office briefing this week, the example of a girl going missing was used once more to illustrate why the authorities want to be able to see which services she accessed just before disappearing, in the same way that they can track her phone calls. But Kennard and the other ISPA members pointed out this example betrayed a lack of understanding of how the Internet works today:

"If the mobile provider was even able to tell that she had used twitter at all (which is not as easy as it sounds), it would show that the phone had been connected to twitter 24 hours a day, and probably Facebook as well. This is because the very nature of messaging and social media applications is that they stay connected so that they can quickly alert you to messages, calls, or amusing cat videos, without any delay."

He also pointed out that the main protocol used online, TCP, can maintain a connection for hours or even days at a time, and that others such as SCTP [wikipedia.org] and MOSH [mit.edu] are designed to keep a single connection active indefinitely even with changes to IP addresses at each end,

Kennard discusses several other technical problems, for example the widespread use of encrypted connections, concluding with this zinger:

"It seems clear that the retention of any sort of 'Internet connection record' is of very limited use at present. The current proponents of this logging do not understand how the Internet works. Experience of Denmark for 10 years suggests that it is not useful. It is also clear that over time the availability of such logs and usefulness of the logs will diminish."

Kennard's notes on the Home Office meeting provide some important new details about how the UK government is planning to implement the Investigatory Powers Bill. For example, "[the Home Office] have indicated that they are not intending to target smaller ISPs, and even if they did, that ISPs would not be expected to log and retain data for which they simply do not have such a capability." That's obviously sensible—smaller ISPs don't have the resources [arstechnica.co.uk] to track and store all this information. But it does suggest that criminals could minimise surveillance by moving to smaller ISPs, which rather undermines the point of the whole Bill.

Op-ed: Time to stop blaming encryption and Snowden, and to address the real problem.

Another surprise revealed by Kennard concerns the proposed gag orders, which forbid ISPs from revealing what snooping is being carried out on their systems. As he says, that's reasonable for targeted surveillance, but not for a general data retention order that does not relate to a specific person or case. The Home Office revealed that it was the larger telecom companies that asked for gag orders to be imposed. Kennard points out: "This makes no sense. If an operator wants to keep a notice secret they can simply do so. If an operator wants to discuss the notice with equipment vendors, technical working groups and forums with other ISPs or even their customers they are prohibited from doing so."

Finally, as part of his discussion of the Investigatory Powers Bill's disproportionate impact on privacy, and the vulnerability of databases holding complete records of all websites visited, Kennard makes an important observation. Such data is valuable not just for blackmail or identity theft, but also for common thieves, since Web access records would reveal when people routinely leave their houses, making the risk of being caught during a burglary much lower.

Kennard's written evidence is extremely valuable for providing detailed, expert commentary on the Investigatory Powers Bill's measures. It confirms that the UK government literally does not understand how the Internet works, and that its latest attempt to bring in a Snooper's Charter is not just dangerous and misguided but fundamentally unworkable.

Original Submission