Email and web use 'to be monitored' under new laws

Discussion in 'other security issues & news' started by Daveski17, Apr 1, 2012.

Thread Status:
Not open for further replies.
  1. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    10,239
    Location:
    Lloegyr
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,963
    Location:
    Somethingshire
    We can only hope
     
  3. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    10,239
    Location:
    Lloegyr
    I suppose it depends on which time zone you're in.
     
  4. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,963
    Location:
    Somethingshire
    The time zone alas proved irrelevant. Indications are that is going through and no joke.
     
  5. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    10,239
    Location:
    Lloegyr
    I guess that makes the electorate the April Fools then.
     
  6. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    What's sad is that many still don't believe it's even possible, let alone will happen. Both sides of the pond are going to have to come to terms with the ugly facts, if they ever wish to put a halt to maneuvers like this. Unfortunately, it seems people like us who actually care and understand what's going on, are in the minority.

    As long as all of these measures are introduced under the umbrella of "national security", it's going to be very hard to stop. They still can be, but the opportunities to do so come and go very quickly.
     
  7. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,430
    Location:
    Surrey, England.
  8. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,430
    Location:
    Surrey, England.
    https://www.privacyinternational.or...h-governments-new-plans-for-mass-surveillance
    http://www.bigbrotherwatch.org.uk/home/2012/04/big-brother-watching.html
     
  9. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,430
    Location:
    Surrey, England.
    An ICO spokesperson said:
    http://www.ico.gov.uk/news/latest_n...t-monitor-online-communications-02042012.aspx
     
  10. EncryptedBytes

    EncryptedBytes Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    449
    Location:
    N/A
    Here are some play by play of potential outcomes if these laws are indeed pushed. Though to be fair I only have speculation and news reports to base my own assumptions off, until law text or proposed law text is released I cannot verify for sure. I have been monitoring both isles here and am getting an idea of how something like this could be implemented. If a law such as this was pushed and taken seriously the governments implementing it would probably strong arm ISPs to require customers to use ISP signed certs for arbitrary domains or no internet access at all. To expand on this here are four possible scenarios, with me personally under the assumption scenario 4 will be the likely outcome:

    Scenario 0: The government passes the law though does nothing.

    Scenario 1: The governmental law would force all major CAs to issue sub-CAs to ISPs (similar to the Trustwave incident) allowing them to issue valid (in the sense of your browser) server certs for their citizens. (Transparent)

    Scenario 2: The government in question forces all browser vendors to include (in a transparent non-removable way) a country-level CA (which most already do BTW, i.e. most countries have a "privately-owned" CA to authenticate their sites and services). This option is more visible in a sense, and prevents additional MiTM to take place. (Not as transparent, easy to detect, though hard to mitigate around) Here's the EFF's list of countries which control CAs:

    https://www.eff.org/files/countries-with-CAs.txt



    Scenario 3: The China scenario. The government will require all major corporations/ISPs to share their keys in or do to business in said country or transmit over their series of tubes.

    Scenario 4: The most likely outcome. ISPs will simply log conversation endpoint data for web traffic and emails. The other 3 scenarios would radically dismantle the web of trust and cause significant financial resources to be thrown into place to rearrange the infrastructure already present.

    Mitigations to this would be:

    Removing yourself from the WoT completely (Not really practical) and only trusting self-signed certifications from sources you can verify. While at the same time manually removing all root and intermediate CAs you deem compromised.

    If no blocking of VPN providers is apparent I would advise you go through trusted off-shore services and pull all downloaded packages through those tunnels.

    The reality is, the more countries that go down this route the harder it will be for citizens to find a way around to secure their privacy.
     
    Last edited: Apr 3, 2012
  11. EncryptedBytes

    EncryptedBytes Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    449
    Location:
    N/A
    Additionally the U.S has similar bills moving through proper channels of congress. Keep your eye on HR3523 aka CISPA . You can also read up on the ACLU’s list here -http://www.aclu.org/files/assets/aclu_cs_info_sharing_leg_chart_march_2012__final.pdf-
     
  12. Keyboard_Commando

    Keyboard_Commando Registered Member

    Joined:
    Mar 6, 2009
    Posts:
    690
    These clowns got into power saying they would repeal many of the intrusive laws that were brought in by the old government. All they've done is put into place the laws that Labour could never push through.

    Meet the new boss. Same as the old boss
     
  13. I agree privacy goes down the drain as big brother watches Our every move. Next we will all be issued electronic ankle braclets or have a gps chip injected into us.
     
  14. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,430
    Location:
    Surrey, England.
  15. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Does UK law requiring disclosure of encryption passphrases preclude VPN usage?
     
  16. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    Yes. This has already been a law for a while under RIPA. If you don't supply your password when asked by authorities, you go to jail. Simple as that. IIRC, they don't even need a warrant.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.