Email and web use 'to be monitored' under new laws

[Daveski17]

The government will be able to monitor the calls, emails, texts and website visits of everyone in the UK under new legislation set to be announced soon.

It's April Fool's day right?

[Cudni]

We can only hope

[Daveski17]

I suppose it depends on which time zone you're in.

[Cudni]

The time zone alas proved irrelevant. Indications are that is going through and no joke.

[Daveski17]

I guess that makes the electorate the April Fools then.

[dw426]

What's sad is that many still don't believe it's even possible, let alone will happen. Both sides of the pond are going to have to come to terms with the ugly facts, if they ever wish to put a halt to maneuvers like this. Unfortunately, it seems people like us who actually care and understand what's going on, are in the minority.

As long as all of these measures are introduced under the umbrella of "national security", it's going to be very hard to stop. They still can be, but the opportunities to do so come and go very quickly.

[Dermot7]

Quote:

Civil liberties groups have criticised plans for the government to be able to monitor the calls, emails, texts and website visits of everyone in the UK.

http://www.bbc.co.uk/news/uk-politics-17580906

[Dermot7]

Quote:

For the past 18 months, I’ve been investigating the export of surveillance technologies from Western countries to despotic regimes, but I never thought I’d see a democratic government proposing to install the kind of mass surveillance system favoured by Al-Assad, Mubarak and Gaddafi.

Yet proposals reported this weekend would allow the authorities unprecedented levels of access to the entire population’s phone records, emails, browsing history and activity on social networking sites, entirely unfettered by the courts. This is a system that has no place in a country that would call itself free and democratic.

https://www.privacyinternational.org...s-surveillance

Quote:

In an unprecedented step that will see Britain adopt the same kind of surveillance as China and Iran, police and intelligence officers are to be handed powers to monitor people’s messages online. The plans have been described as an “attack on the privacy” of a vast number of Britons by the Independent and have attracted little support from backbench MP’s.

http://www.bigbrotherwatch.org.uk/ho...-watching.html

[Dermot7]

An ICO spokesperson said:

Quote:

“The Information Commissioner's role in this Home Office project, both under this government and the last, has been to press for the necessary limitations and safeguards to mitigate the impact on citizens' privacy. We will continue to seek assurances, including the implementation of the results of a thorough Privacy Impact Assessment (PIA). Ultimately, the decision as to whether to proceed with the project is one which has to be taken by Parliament.”

http://www.ico.gov.uk/news/latest_ne...-02042012.aspx

[EncryptedBytes]

Here are some play by play of potential outcomes if these laws are indeed pushed. Though to be fair I only have speculation and news reports to base my own assumptions off, until law text or proposed law text is released I cannot verify for sure. I have been monitoring both isles here and am getting an idea of how something like this could be implemented. If a law such as this was pushed and taken seriously the governments implementing it would probably strong arm ISPs to require customers to use ISP signed certs for arbitrary domains or no internet access at all. To expand on this here are four possible scenarios, with me personally under the assumption scenario 4 will be the likely outcome:

Scenario 0: The government passes the law though does nothing.

Scenario 1: The governmental law would force all major CAs to issue sub-CAs to ISPs (similar to the Trustwave incident) allowing them to issue valid (in the sense of your browser) server certs for their citizens. (Transparent)

Scenario 2: The government in question forces all browser vendors to include (in a transparent non-removable way) a country-level CA (which most already do BTW, i.e. most countries have a "privately-owned" CA to authenticate their sites and services). This option is more visible in a sense, and prevents additional MiTM to take place. (Not as transparent, easy to detect, though hard to mitigate around) Here's the EFF's list of countries which control CAs:

https://www.eff.org/files/countries-with-CAs.txt



Scenario 3: The China scenario. The government will require all major corporations/ISPs to share their keys in or do to business in said country or transmit over their series of tubes.

Scenario 4: The most likely outcome. ISPs will simply log conversation endpoint data for web traffic and emails. The other 3 scenarios would radically dismantle the web of trust and cause significant financial resources to be thrown into place to rearrange the infrastructure already present.

Mitigations to this would be:

Removing yourself from the WoT completely (Not really practical) and only trusting self-signed certifications from sources you can verify. While at the same time manually removing all root and intermediate CAs you deem compromised.

If no blocking of VPN providers is apparent I would advise you go through trusted off-shore services and pull all downloaded packages through those tunnels.

The reality is, the more countries that go down this route the harder it will be for citizens to find a way around to secure their privacy.

[EncryptedBytes]

Additionally the U.S has similar bills moving through proper channels of congress. Keep your eye on HR3523 aka CISPA . You can also read up on the ACLU’s list here -http://www.aclu.org/files/assets/aclu_cs_info_sharing_leg_chart_march_2012__final.pdf-

[Keyboard_Commando]

These clowns got into power saying they would repeal many of the intrusive laws that were brought in by the old government. All they've done is put into place the laws that Labour could never push through.

Meet the new boss. Same as the old boss

I agree privacy goes down the drain as big brother watches Our every move. Next we will all be issued electronic ankle braclets or have a gps chip injected into us.

[Dermot7]

Quote:

The government's controversial plans to allow intelligence agencies to monitor the internet use and digital communications of every person in the UK suffered a fresh blow on Tuesday when the inventor of the world wide web warned that the measures were dangerous and should be dropped.

http://www.guardian.co.uk/technology...oring-internet

[mirimir]

Does UK law requiring disclosure of encryption passphrases preclude VPN usage?

[chronomatic]

Quote:

Originally Posted by mirimir

Does UK law requiring disclosure of encryption passphrases preclude VPN usage?

Yes. This has already been a law for a while under RIPA. If you don't supply your password when asked by authorities, you go to jail. Simple as that. IIRC, they don't even need a warrant.