Email and web use 'to be monitored' under new laws

Discussion in 'other security issues & news' started by Daveski17, Apr 1, 2012.

Thread Status:
Not open for further replies.
  1. Daveski17

    Daveski17 Registered Member

  2. Cudni

    Cudni Global Moderator

    We can only hope
  3. Daveski17

    Daveski17 Registered Member

    I suppose it depends on which time zone you're in.
  4. Cudni

    Cudni Global Moderator

    The time zone alas proved irrelevant. Indications are that is going through and no joke.
  5. Daveski17

    Daveski17 Registered Member

    I guess that makes the electorate the April Fools then.
  6. dw426

    dw426 Registered Member

    What's sad is that many still don't believe it's even possible, let alone will happen. Both sides of the pond are going to have to come to terms with the ugly facts, if they ever wish to put a halt to maneuvers like this. Unfortunately, it seems people like us who actually care and understand what's going on, are in the minority.

    As long as all of these measures are introduced under the umbrella of "national security", it's going to be very hard to stop. They still can be, but the opportunities to do so come and go very quickly.
  7. Dermot7

    Dermot7 Registered Member

  8. Dermot7

    Dermot7 Registered Member

  9. Dermot7

    Dermot7 Registered Member

    An ICO spokesperson said:
  10. EncryptedBytes

    EncryptedBytes Registered Member

    Here are some play by play of potential outcomes if these laws are indeed pushed. Though to be fair I only have speculation and news reports to base my own assumptions off, until law text or proposed law text is released I cannot verify for sure. I have been monitoring both isles here and am getting an idea of how something like this could be implemented. If a law such as this was pushed and taken seriously the governments implementing it would probably strong arm ISPs to require customers to use ISP signed certs for arbitrary domains or no internet access at all. To expand on this here are four possible scenarios, with me personally under the assumption scenario 4 will be the likely outcome:

    Scenario 0: The government passes the law though does nothing.

    Scenario 1: The governmental law would force all major CAs to issue sub-CAs to ISPs (similar to the Trustwave incident) allowing them to issue valid (in the sense of your browser) server certs for their citizens. (Transparent)

    Scenario 2: The government in question forces all browser vendors to include (in a transparent non-removable way) a country-level CA (which most already do BTW, i.e. most countries have a "privately-owned" CA to authenticate their sites and services). This option is more visible in a sense, and prevents additional MiTM to take place. (Not as transparent, easy to detect, though hard to mitigate around) Here's the EFF's list of countries which control CAs:

    Scenario 3: The China scenario. The government will require all major corporations/ISPs to share their keys in or do to business in said country or transmit over their series of tubes.

    Scenario 4: The most likely outcome. ISPs will simply log conversation endpoint data for web traffic and emails. The other 3 scenarios would radically dismantle the web of trust and cause significant financial resources to be thrown into place to rearrange the infrastructure already present.

    Mitigations to this would be:

    Removing yourself from the WoT completely (Not really practical) and only trusting self-signed certifications from sources you can verify. While at the same time manually removing all root and intermediate CAs you deem compromised.

    If no blocking of VPN providers is apparent I would advise you go through trusted off-shore services and pull all downloaded packages through those tunnels.

    The reality is, the more countries that go down this route the harder it will be for citizens to find a way around to secure their privacy.
    Last edited: Apr 3, 2012
  11. EncryptedBytes

    EncryptedBytes Registered Member

    Additionally the U.S has similar bills moving through proper channels of congress. Keep your eye on HR3523 aka CISPA . You can also read up on the ACLU’s list here -
  12. Keyboard_Commando

    Keyboard_Commando Registered Member

    These clowns got into power saying they would repeal many of the intrusive laws that were brought in by the old government. All they've done is put into place the laws that Labour could never push through.

    Meet the new boss. Same as the old boss
  13. I agree privacy goes down the drain as big brother watches Our every move. Next we will all be issued electronic ankle braclets or have a gps chip injected into us.
  14. Dermot7

    Dermot7 Registered Member

  15. mirimir

    mirimir Registered Member

    Does UK law requiring disclosure of encryption passphrases preclude VPN usage?
  16. chronomatic

    chronomatic Registered Member

    Yes. This has already been a law for a while under RIPA. If you don't supply your password when asked by authorities, you go to jail. Simple as that. IIRC, they don't even need a warrant.
Thread Status:
Not open for further replies.