UK "Blackbox" internet monitoring

-http://www.channel4.com/news/black-boxes-to-monitor-all-internet-and-phone-data-

 

How are they going to decrypt SSL ?

 

I personally feel its all smoke and mirrors, there is no way to handle a state coordinated man-in-the-middle attack on a first world country effectively yet. The amount of bottle neck and slow down, not to mention the data centers needed would go into the billions in terms of cost. The article even states that the UK government themselves are unsure how to pull it off. I posted this here to make folks aware that something like this is being suggested, though implementation I feel even they are clueless.

 

What are the chances that the companies which issue SSL certificates to those websites of interest would be approached to 'help combat piracy and the T word', so that the decryption would take much less resources and at least seem more legitimate?

I think the article gives a simiplistic and illogical picture of how this would work. Rather than a single box at each isp, I imagine they would use a coordinated network similar to Naurus or Echelon. If certificate issuers were in compliance with this too, that would run so much smoother than forcing a MITM for every email going into and out of the country. Pushed from the perspective of 'SSL cert issuers are assisting the H.O. in extracting mail headers without compromising user privacy', the effort would seem innocent enough to fly well under the radar and make everyone look good in the local press.

From there, won't the EU's data privacy guys get hot under the collar if citizens of other member states are having their emails decrypted by the UK? Was there also not a thread not too long ago that the UK was reopening a case against Google for the street view cars? The severity of the street view infringement pales in comparison to the black box scenario, IMO.

Smoke and mirrors indeed, what a scary mess.