UK "Blackbox" internet monitoring

Discussion in 'privacy general' started by EncryptedBytes, Jun 30, 2012.

Thread Status:
Not open for further replies.
  1. EncryptedBytes

    EncryptedBytes Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    449
    Location:
    N/A
    -http://www.channel4.com/news/black-boxes-to-monitor-all-internet-and-phone-data-
     
  2. popcorn

    popcorn Registered Member

    Joined:
    Apr 3, 2012
    Posts:
    239
    How are they going to decrypt SSL ?
     
  3. EncryptedBytes

    EncryptedBytes Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    449
    Location:
    N/A
    I personally feel its all smoke and mirrors, there is no way to handle a state coordinated man-in-the-middle attack on a first world country effectively yet. The amount of bottle neck and slow down, not to mention the data centers needed would go into the billions in terms of cost. The article even states that the UK government themselves are unsure how to pull it off. I posted this here to make folks aware that something like this is being suggested, though implementation I feel even they are clueless.
     
  4. shuverisan

    shuverisan Registered Member

    Joined:
    Dec 23, 2011
    Posts:
    185
    What are the chances that the companies which issue SSL certificates to those websites of interest would be approached to 'help combat piracy and the T word', so that the decryption would take much less resources and at least seem more legitimate?

    I think the article gives a simiplistic and illogical picture of how this would work. Rather than a single box at each isp, I imagine they would use a coordinated network similar to Naurus or Echelon. If certificate issuers were in compliance with this too, that would run so much smoother than forcing a MITM for every email going into and out of the country. Pushed from the perspective of 'SSL cert issuers are assisting the H.O. in extracting mail headers without compromising user privacy', the effort would seem innocent enough to fly well under the radar and make everyone look good in the local press.

    From there, won't the EU's data privacy guys get hot under the collar if citizens of other member states are having their emails decrypted by the UK? Was there also not a thread not too long ago that the UK was reopening a case against Google for the street view cars? The severity of the street view infringement pales in comparison to the black box scenario, IMO.

    Smoke and mirrors indeed, what a scary mess.
     
Loading...
Thread Status:
Not open for further replies.