03/04/2012 21:23
At the moment there is a huge amount of confusion about this proposal. Newspaper reports are neither comprehensive nor consistant. I can't help but think that this confusion extends to politicians.
What we do know.
1. The IT industry is very big and it has just had the NHS IT project pulled. What with restricted spending this translates to less money for the bigger contractors. The momentum behind trying to have government commit to huge (and un-costed) IT spends is huge.
So, in short, appeals to security needs remain particularly unconvincing amidst all this dust.
2. The industry work hand in glove with GCHQ, the Police and so forth. They know very well how to put together a 'good story'. And they will not be able to be very informative about the real issues, even if they wanted to be, because of the Official Secrets Act.
3. It is possible to read up on and deduce certain things, the Offcial Secrets Act not withstanding. I, anyway, happen to know that GCHQ is already interested in precisely the technologies that would be needed to implement this sort of legislation.
4. We are told that new legislation is needed so that intelligence agencies can do X, Y and Z. But we do not know that they do not do X, Y or Z already. In fact we do not know if the Law is ill defined with respect to some activity that already occurs. For instance package sniffing might, under current legislation, be equivalent to wire tapping (I don't know this). But technically it is not the same (I do know this). Until someone really comes forward with full analysis of both the legal and technical aspects we are in the dark, but sticking to the technical, what with the demands of secrecy and the ability of those in the industry to obfusicate we still have a considerable up-hill struggle.
5. We are told something about real time mirrors, about no new data base and about Skype, text and IM. What we are not told about is how encryption will be circumvented (Blackberry, anonymous web sites such as Pider), how IM and internet telephony will be intercepted (e.g. Facebook IM, Skype) and so on. Just considering Facebook, Twitter and other social networking sites, how on earth wold this work? People can have multiple ids and connect one to one over secure connections with others who have (multiple) aliases. How can Intelligence agencies know that alias X is their target and that (assuming they can see this) alias Y is a contact of X?
5.1. In answer to the first part of the question I cannot see how that is possible apart from network sniffing and triangulation, or, possibly, spying on that person to learn their alias in conjunction with the triangulation.
5.2. The answer to the second part of the question would be by having the destination address(es) of the message from the message header made available. What I can't see is how intelligence services would know the value of the message without examining it. Indeed, how could they learn to whom the message is actually sent without further triangulation (network packet sniffing)?
5.3. I find it very difficult to imagine that, having taken the destination address off the queue, the message body would not also be inspected and analysed for key terms etc.
6. I had always assumed that intelligence services did, in fact, use packet sniffing technology. I can't understand what else it is that they want since they could do this silently, without drawing attention to themselves.
The idea that there could be legal safe guards seems farcical to me, given that there is no existing limit placed on the activity of our, or any other country's, intelligence community in this area. All it requires is a few strategically placed routers. Perhaps it is the increased commercialisation of the internet that drives this? Presently, improved infrastructure payed for by users would have traffic that is less available to sniffing?
Home Secretary Theresa May said "ordinary people" would have nothing to fear.

Utter utter crap. What next Ms May? how about you suggest people don't cover up their PIN when at a cash machine? or how about getting rid of HTTPS?

I'm an ordinary person and I know what you lot have done with regards to using CCTV. Supposedly we had nothing to fear too....until every tom, dick and harry council etc... had access whenever they wanted.

If you suspect someone of being a terrorist etc...then you already have existing laws for surveillance etc... Creating a new law to create a fishing net and essentially tar everyone as being a suspect is utterly reprehensible.

Forget the backhanders the PM has been getting from shady donors or the idiot ministers causing the Fuel uproar over the past week, If this 'law' gets through Parliament then your life on the internet will change forever.

Welcome to your life as a suspect...whether you like it or not.
Shared publicly