cancel
Showing results for 
Search instead for 
Did you mean: 

Surveillance bill to include internet records storage

Community Veteran
Posts: 38,246
Thanks: 934
Fixes: 56
Registered: 15-06-2007

Surveillance bill to include internet records storage

http://www.bbc.co.uk/news/uk-politics-34715872
I am sure we will get a large number of heated posts but the bit I am interested is this http://www.revk.uk/2015/10/no-we-will-not-be-logging-your-search.html
Quote
Apparently they want ISPs to log web site visits and even search history.

Sorry, but Google almost force you to use https these days. We (A&A) as an ISP,  cannot log search history using https Google even if we wanted to, and no amount of money (and yes, the government will have to pay ISPs for this) will change that fact.

We also have no intention of logging web access either. It will be interesting to see what law you bring in. It will be interesting to see how much you think it will cost to pay every small ISP to install expensive kit to log this all (and retain it securely in accordance with DPA) and what happens when that ISP decides to sell its customer base to another new ISP over night, and eBay all that nice snooping kit you just paid for and delete all that data that was retained as old ISP no longer exists. Rinse repeat. "Andrews & Arnold Nov 2015 Ltd", "Andrews & Arnold Dec 2015 Ltd", anyone?
So if you use Google and then go to a linked site does the ISP know that. Similarly if you go to a Google cache can they see that
25 REPLIES
Community Veteran
Posts: 5,321
Thanks: 466
Fixes: 1
Registered: 21-03-2011

Re: Surveillance bill to include internet records storage

I've just been tinkering with our internet connection and the firewall settings to load balance between Zen and PlusNet connections. As part of the process I've monitored which applications on the PC send and receive internet traffic in the background. The objective is to make sure only authorised traffic gets through the firewall.
One scary application is Skype. It sets up/receives links to computers all over the world on a continual basis. From Dubai to Russia to Zimbabwe the list is endless. This traffic is not connected to our own usage. I know why Skype does this, but it leaves a trail at your ISP of multiple connections to many places. Some of these interactions are encrypted messages. The IP ports used for the connection vary from machine to machine randomly, so identifying the traffic as Skype is difficult.
Meanwhile back in the world of UK politics the Police and security services are pushing through legislation, via Theresa May, which will allow the Administration to monitor without warrant the destination and origin of Internet traffic to/from your Internet Link/PC.
Now Zen, but a +Net residue.
nanotm
Pro
Posts: 5,671
Thanks: 108
Fixes: 1
Registered: 11-02-2013

Re: Surveillance bill to include internet records storage

an interesting question, the theory is every bit of data that transitions through your isp can be duplicated into a storage device and then checked into at any point up to 12 months later, in practice that could require hundreds of peta bytes of storage per customer, and that's just the average family not even the ones that do 100's of gigabytes a day file transfers, being able to implement that without slowing down the customer experience will be more difficult, and implementing it would likely require an isp to have a connection server per customer, its not as if a gateway server can be used in this fashion.
the problem comes because there not just talking about header details stored about who visited your website (which is already done by the majority of websites) but the content of that traffic, I watched 20 YouTube clips this morning which apparently made up 2 gb of streaming data, I watched a few movies last week that amounts to another 20gb of streaming data, unless they implement a connection mirror that doubles the packet data directly into a storage device without interrupting the data flow to/from me there going to be sending me back 5 years to the good old days of "buffering" every few minutes, similarly I play online games (with text and voice chat support) whilst such things can and indeed have been actively used to perpetuate criminal enterprises in the past that data stream is only useful to me as a gamer if its fast any slowdown will negatively impact my enjoyment (which everyone that plays games will know)  so there not talking about my pc storing all my data (I couldn't afford a storage device large enough to store half my household internet storage in a month never mind a year) but the isp storing raw data.
sure the isp can compress that stream and could have the system set to auto create a new file and compress the old one every hour or two but that means a dedicated storage controller per customer, that's one hell of a lot of storage processing for even a small company never mind a larger one.
when you add in dynamic ip addresses it becomes even more problematic, the only practical way this could be done is if every connection had a dedicated static ip address (which the advent of ipv6 will implement) but that's all going to cost a lot of money and probably new buildings and new techs and all sorts of other implications not to mention force the larger isp's to build a power station to run all of it from.
it sounds like  good idea in principle but in practice its ridiculous, certainly they could log the destination info of everywhere you visit (most did this in the past even if they stopped at some point) but the whole idea is a complicated mess, the raw data is useless without the ability to read it if I send a voice message to another player you would need  the exact same software to decode it, the software also has per party per session encryption (so we don't need to worry about cross talk with other parties which apparently minimises sever load) and those keys arnt recorded anywhere they get generated on the fly by the party leader and diched at the end of the session so there not recorded anywhere (if I understood it correctly the key generating algorithm is based on a combination of wan ip address + time &date so no duplicates can be created by other users), the content of those messages isn't tracked or recorded either, text chat is recorded as its sent via a different system and offline players get them at a later date/
the idea of tracking everyone doing everything was one the labour party announced and then abandoned after wasting 10's of billions finding out it wasn't possible because they would need a server farm the size of Wales to perform the tasks in real time and store all of it along with a couple of nuclear power plants to run it ......
by all means implement a law that permits that data mirroring and storage for those under surveillance warrants signed by a judge (even if its a secret J.I.S. court) and track & store the same data that gets generated when you access a dns server for everyone but drop the infantile notion everything can be stored for 12months would be my advice to T.M. clearly the people giving her advice about what is possible don't actually understand the magnitude of what there suggesting
just because your paranoid doesn't mean they aren't out to get you
Community Veteran
Posts: 5,321
Thanks: 466
Fixes: 1
Registered: 21-03-2011

Re: Surveillance bill to include internet records storage

The Administration are not pursuing content of the Internet access but merely the origination/destination and timing of access. For example who accesses which websites at a particular time.
If you want some background reading : http://www.parliament.uk/business/publications/written-questions-answers-statements/written-statemen...
edit: and here: https://www.gov.uk/government/collections/draft-investigatory-powers-bill
Now Zen, but a +Net residue.
nanotm
Pro
Posts: 5,671
Thanks: 108
Fixes: 1
Registered: 11-02-2013

Re: Surveillance bill to include internet records storage

if that's true then whats all the noise about ?
until recently isp's retained the dns records per customer for up to 2 years for their own purposes and those of the recorded music /tv industry legal shills ....
shortening the time frame to 12 months and requiring that companies comply with law enforcement warrants rather than being allowed to seek injunctions that impede the timely pursuit of criminals cant be a bad thing.
wanting the ability to query the info if a website gets maliciously crashed to try and see who took part in that endeavour isn't necessarily a bad thing either, although it would likely require a whole new method of storage and retrieval
the major grounds for complaint would likely be from smaller isp firms with fewer customers who didn't take part in activities like personalising ads based on your browsing history to increase their market revenue stream but them not monetizing their consumers to their fullest extent like competitors isn't necessarily a good reason for kicking up a fuss
just because your paranoid doesn't mean they aren't out to get you
Community Veteran
Posts: 18,545
Thanks: 191
Registered: 12-08-2007

Re: Surveillance bill to include internet records storage

Quote from: AlaricAdair
The Administration are not pursuing content of the Internet access but merely the origination/destination and timing of access. For example who accesses which websites at a particular time.
If you want some background reading : http://www.parliament.uk/business/publications/written-questions-answers-statements/written-statemen...

You are right. Teresa May has just said this in Parliament. She used a good analogy, the details are comparable to looking at an itemised phone bill where destination only is given without any content.
Moderator
Moderator
Posts: 17,249
Thanks: 904
Fixes: 104
Registered: 11-01-2008

Re: Surveillance bill to include internet records storage

oh and that makes it all ok? err no.
Will Moderate For Thanks
Community Veteran
Posts: 18,545
Thanks: 191
Registered: 12-08-2007

Re: Surveillance bill to include internet records storage

Yes it makes it OK IMO.
SpendLessTime
Aspiring Hero
Posts: 2,375
Thanks: 585
Fixes: 53
Registered: 21-09-2009

Re: Surveillance bill to include internet records storage

Try is for size to see if tracking EVERY website visit is a good idea.
Get in your car, phone the police and tell them that you are leaving your house and driving to the local shops. Drive to shops. Phone police again and check in.
That is what T May is putting into law but for websites.
Is that really okay?
We are walking into a police state here, this stuff is the wet dreams of the 1940's East Germans.
nanotm
Pro
Posts: 5,671
Thanks: 108
Fixes: 1
Registered: 11-02-2013

Re: Surveillance bill to include internet records storage

The internet companies already do it for advertising purposes, the only change will be them forced to provide it to the security services on production of a warrent
just because your paranoid doesn't mean they aren't out to get you
Community Veteran
Posts: 5,321
Thanks: 466
Fixes: 1
Registered: 21-03-2011

Re: Surveillance bill to include internet records storage

Quote from: georgelnx

Get in your car, phone the police and tell them that you are leaving your house and driving to the local shops. Drive to shops. Phone police again and check in.
....

If you have a smart phone, there's no need to call the police. The in-built GPS of the smart phone and cell station data already provides the tracking capability.
Now Zen, but a +Net residue.
Community Veteran
Posts: 26,374
Thanks: 630
Fixes: 8
Registered: 10-04-2007

Re: Surveillance bill to include internet records storage

Quote from: nanotm
until recently isp's retained the dns records per customer for up to 2 years for their own purposes and those of the recorded music /tv industry legal shills ....

What is being proposed is totally different to this.
The previous requirement was for the ISP to keep a record of the ISP you are using at any time, i.e each time you connect to the internet which will for most users will once in days, weeks or longer. The shills, having found that a particular IP address was sharing music etc. could ask for the user details associated with an IP at a particular time. The storage requirements to hold this were minimal.
My hope is that given the massive investment that ISPs will have to make to confirm with this requirement, they will as a body announce that across the board all putting up their monthly charges by £1. That should kill it dead!
jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£13/month)
Mobile: iD mobile (£4/month)
nanotm
Pro
Posts: 5,671
Thanks: 108
Fixes: 1
Registered: 11-02-2013

Re: Surveillance bill to include internet records storage

Quote from: georgelnx
Try is for size to see if tracking EVERY website visit is a good idea.
Get in your car, phone the police and tell them that you are leaving your house and driving to the local shops. Drive to shops. Phone police again and check in.
That is what T May is putting into law but for websites.
Is that really okay?
We are walking into a police state here, this stuff is the wet dreams of the 1940's East Germans.


to be honest I'd be far more bothered about the big corporations who I don't give permission to to have that data and what they are doing with it than I am about the security services, as a prime example it has so far taken 18 months for of legal loopholes and arguments in courts for the security services to try and gain access to the emails of a single criminal so they can identify who he was communicating with whilst arranging to purchase ship store  and sell on assault weapons some of which were used in gun crimes in the UK before he was caught, the security services want to find out who his co-conspirator's were /are and alert sister organisation in other nations or indeed scoop them up here in the UK, conversely I looked up a series of health conditions 3 months before my life insurance renewal was due because I wanted to understand the nature of complaint affecting someone I knew, my insurance company already knew about that research and required me to undergo a medical at a hospital of their choosing to ensure I wasn't carrying an as yet officially undiagnosed condition before they would permit the annual renewal, companies already share this sort of data without your knowledge, if you use a browser and visit Ebuyer and look at a particular hard drive then close your browser and open it again and look at a different website (like a newspaper) you will see a persistent advert for that same item in the side of screen from that same supplier.
if you trawl through your pc you will find there are a plethora of internet usage tracking files there that contain all sorts of information and have data sharing links to companies you possibly never heard of, and if you don't change the default cookie handling settings instead of hundreds you will likely find thousands especially from big data companies like admt & ad-click they store all that info on their own analytics systems and get round the privacy and snooping laws that would otherwise prevent them from using storing or selling that info by giving you a free copy, of course changing your pc's settings doesn't prevent them from doing this just from giving you the free copy and its all perfectly legal, so long as its not used for law enforcement or national security purposes .....
just because your paranoid doesn't mean they aren't out to get you
nanotm
Pro
Posts: 5,671
Thanks: 108
Fixes: 1
Registered: 11-02-2013

Re: Surveillance bill to include internet records storage

Quote from: spoon
Quote from: nanotm
until recently isp's retained the dns records per customer for up to 2 years for their own purposes and those of the recorded music /tv industry legal shills ....

What is being proposed is totally different to this.
The previous requirement was for the ISP to keep a record of the ISP you are using at any time, i.e each time you connect to the internet which will for most users will once in days, weeks or longer. The shills, having found that a particular IP address was sharing music etc. could ask for the user details associated with an IP at a particular time. The storage requirements to hold this were minimal.
My hope is that given the massive investment that ISPs will have to make to confirm with this requirement, they will as a body announce that across the board all putting up their monthly charges by £1. That should kill it dead!

heard of personalalised advertising ? its big money for the isp's to track your web usage via the dns records and deliver direct to your browser adverts that match your normal web history
if they announce they were putting up the prices by £10 a month the government wouldn't blink, its all extra tax revenue and there all for that /
just because your paranoid doesn't mean they aren't out to get you
Community Veteran
Posts: 5,321
Thanks: 466
Fixes: 1
Registered: 21-03-2011

Re: Surveillance bill to include internet records storage

Here's an interesting bit of the draft bill:
A person commits an offence if—
(a) the person intentionally intercepts any communication in the course of
its transmission by means of—
(i) a public telecommunication system,
(ii) a private telecommunication system, or
(iii) a public postal service,
(b) the interception is carried out in the United Kingdom, and
(c) the person does not have lawful authority to carry out the interception.

If you open a letter addressed to someone else or listen in on a phone conversation.... or listen to aircraft radio traffic on a scanner
Now Zen, but a +Net residue.