I usually reserve my blog for notes on problems solved so that I have something to refer back to in future when encountering the same technical issues. I try to avoid opinions on here as they are not relevant to the context of the blog, however the recent resurrection of the plans put forward by Labour under the last Government really deserve some commentary.
At present UK-based ISP’s are required by law to keep a record of contact – ie. If I browse to www.slashdot.org then my ISP keeps a record that I have been there. The police can request information on the sites that I have been to if they approach my ISP with a warrant. The extension that is proposed will extend this to social networking sites, and the broadly scoped “new media”, and this is where things start to get a little scary. It is almost functionally impossible to gather any kind of useful data from proxy logs other than the fact that I have visited Facebook and perhaps looked at some friends pages. Beyond that you need to analyse and log the traffic much deeper.
These proposals have either not passed any kind of technical review or the plans involve some VERY deep packet capturing and logging. This would be both expensive (a cost that would be pushed to the ISP and then ultimately the consumer) and hugely impractical (the content would need to be stored by the ISP – and would require a lot of physical storage space).
In addition to this, the proposals suggest that the authorities should be able to have real-time access to data transmitted – WITHOUT A WARRANT. The Government are acknowledging that strict policy and control would be required to make this work – but who would monitor this – who would decide whether the surveillance was lawful without the need for a court to sanction it? With measures in place to permit easy access to this data it could be subject to abuse by staff at the ISP, or worse yet, unauthorised users due to improperly secured systems. I find this all deeply disturbing and prone to abuse on a Orwellian scale.
So what is the motivation for this? Allegedly this is necessary in the fight against terrorism in the UK. Something I find questionable given the number of terror attacks or even attempts in the last 5 years – just ask Wikipedia. Is it worth spending Billions of pounds and infringing the basic right of privacy of millions law-abiding British citizens to prevent a threat that it might be suggested simply does not exist? I personally think not.
And would these measures actively prevent communication between terrorists – would they actually be able to intercept valuable intelligence about these mysterious terror cells based on their Facebook activity? Do Al-Qaeda plan operations by writing on each other’s “Walls”? Are training exercises covertly carried out via Farmville? If a terrorist threat to the British way of life actually exists and terrorists are currently planning operations I would imagine they are well resourced and have taken steps to avoid detection – they are probably encrypting their email using PGP or GPG and anonymizing their web traffic using Tor or i2P. Maybe I’m drawing too much from spy novels but surely laptops and mobile devices are using full disk encryption using CryptFS or Truecrypt . I think it’s deeply naive to assume that terrorists are as incompetent as the UK Government when handling sensitive information.
So – in light of this, what can people do if they do not want every internet conversation and transaction scrutinised, logged and monitored?
1) Look into the Tor project. Onion routing has helped people around the globe living under oppressive governments to get their message out. The beauty of Tor is the more people who use it in their day-to-day activities, the more anonymous it becomes.
2) Encrypt your email – look into GnuPG as a free way of doing this. If you deal with sensitive information you really should be doing this anyway. Encrypt everything you send. The source and destination of mail (headers) will still be visible to prying eyes, but the content will not.
3) Sign a Petition https://secure.38degrees.org.uk/page/s/stop-government-snooping and write to your MP.
4) Find out how they are representing your views by signing up here: http://www.theyworkforyou.com/
5) Support ORG – the Open Rights Group. The work they do is important and there are many ways people can contribute: http://www.openrightsgroup.org/
If anyone asks I’ll happily put together detailed tutorials on how to keep your private information private (see 1 and 2 above) and how these measures work.