Parliament Passes Snooper's Charter, Opens Up Citizens To Whole New Levels Of Domestic Surviellance

from the surfing-the-internet-with-The-Man dept

Despite loudly, and repeatedly, raised concerns from activists and members of Parliament, the UK’s Snooper’s Charter (a.k.a., Investigatory Powers bill [PDF]) has been passed by both parliamentary houses and only needs the formality of the royal signature to make it official.

These are the fantastic new things UK citizens have to look forward to with this expansion of government surveillance power.

The law will force internet providers to record every internet customer’s top-level web history in real-time for up to a year, which can be accessed by numerous government departments; force companies to decrypt data on demand — though the government has never been that clear on exactly how it forces foreign firms to do that that; and even disclose any new security features in products before they launch.

The list of new powers doesn’t end with these. UK intelligence agencies are also given permission to perform “electronic interference” — hack into computers and electronic devices belonging to UK citizens, not just individually, but in bulk. It also codifies secret (and illegal) surveillance of UK citizens that the country’s intelligence agencies have engaged in for years without proper authority or oversight.

The government, of course, is trying to portray this as nothing more than a fine tuning of preexisting laws, specifically the Regulation of Investigatory Powers Act (RIPA). Glossed over in its perfunctory “nothing to see here” explanation is the fact that RIPA was also rushed into existence to codify other secret and illegal surveillance programs.

But it’s no ordinary update of existing investigatory laws. Jim Killock of the Open Rights Group calls the Snooper’s Charter “the most extreme surveillance law ever passed in a democracy.” Thanks to the new powers, UK intelligence agencies should be able to put together very extensive dossiers on pretty much anyone they feel like.

This is the collection of Internet Connection Records (ICRs)—a record of which services every citizen it is connecting to, logged in real-time. This unprecedented level of micro-surveillance is accompanied by a machine to make sense of the mass of data, called a ‘Filter’, but is in essence, a search engine. It can match these ICRs with your mobile phone location data and call histories. It can, we believe, be used to profile the social relationships and the sexual and political activities of every U.K. citizen.

That’s how the UK government wants it, apparently: porn filtered out, but spy agencies let in.

Beyond the expansion of law enforcement and surveillance powers is the precedent set by the government in its continual codification of secret surveillance programs. Like RIPA before it, the new law sends a message to intelligence and law enforcement agencies that all misdeeds will ultimately be legislatively forgiven by their overseers. Agencies are implicitly invited to hide programs from overseers and explore new collection techniques without running it past anyone else in the government first. And years later, it will all be papered over by “updated laws.”

This is also good news for other Five Eyes surveillance partners. The NSA and GCHQ’s information sharing partnership means the US agency now has access to even more data on British citizens. Almost anything GCHQ can acquire, the NSA can access. And now GCHQ can access more than ever.

Filed Under: , , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Parliament Passes Snooper's Charter, Opens Up Citizens To Whole New Levels Of Domestic Surviellance”

Subscribe: RSS Leave a comment
50 Comments
Anonymous Coward says:

Re: VPN

A VPN is no protection from someone able to capture and analyze all the traffic passing through the VPN, when it becomes possible to figure out who is connecting to which web site. It is only a strong protection when it links users to an Internal network, like remote employees to a comp[any network, which is what it was designed for. It is also useful to protect against man in the middle attacks when using public WIFI access points.
Assume if you VPN provider is in a five eyes country, you are not protected from those countries spy agencies, and also note due to gag orders, US providers may be compromised by their own government, and shortly you will also have to assume that UK providers are also compromised, and decryption of the headers eliminates what little protection the VPN offered.
Note that encrypted contents, while hiding exactly what pages you visit, or what your message contents are do not obscure your social networks and interest from the proposed spying.

Anonymous Coward says:

Re: Re: Re: VPN

Depends on where five eyes countries have their backbone cable taps. Using and supporting TOR by becoming a node makes it more difficult for them to carry out a correlation attack. Even so TOR really needs hardening against traffic analysis, and correlation attacks attacks by using dummy packets to keep the data flows between nodes as constant as possible, even the there will be some leakage at the exit nodes, like some site suddenly becoming popular.
The other significant point of the snoopers charter, that renders all use of TOR, VPN’s and strong encryption useless is the permission to hack into machines, and to do so in bulk. Protection against this requires a well protected offline machine, and use of some means of file transfer that is fully controllable, like using SD cards via an Arduino attached to the protected machine.

Violated (profile) says:

Re: Re: Re: VPN

Governments have not taken much action against VPN services yet but I am sure one day they will under the theme that laws are pointless if people can easily circumvent them.

So currently there is only a case by case basis of “we want your logs” followed “we don’t keep logs”.

On the day the UK Government goes after VPN services they will leave the UK and in more difficult times use a warrant canary.

Anonymous Coward says:

ISP size?

Would a local collective of individuals in a large building for example be considered an ISP if they were all just using 1 servers hard drive to store and retrieve files for themselves and others? Movie server, music server, etc…

Do the services provided actually have to hit an upper level ISP before they are required to be recorded or would a large school with thousands of kids have to track all internal only file transfers to and from students also?

art guerrilla (profile) says:

the overarching point...

…that is most telling, is the retroactive approval/legalization of the previously illegal/unthinkable…
as the author rightly points out, what else does this tell the spooks, other than they can do whatever the fuck they want, and the legislators will protect THEM, not US, their real (not) constituency…
upshot is, NO constitutional protection (on this side of the pond), and spooks run amuck with no effective oversight…
if that ain’t the very definition of a police state, i dont know what is…

Violated (profile) says:

Concern

I can now be extra thankful that not long ago I purchased TechDirt’s own VPN Unlimited lifetime Infinity VPN bundle which I can now put 24/7 on my ISP link so… The UK Government aka “peeping toms” can go and fuck off and die.

I would be happy the day that they pull up my log to see zero connections beyond VPN servers. I am already sure this is about “metadata” but even that is a telling story. And for added measure I will also add a second encryption level should my VPN ever be compromised.

I have always liked the phrase “People should not be afraid of their governments when governments should be afraid of the people” but here now are afraid citizens as the UK Government exceeds “1984” and “A brave new world”.

Even worse the Government under “terrorism” reasons make themselves more like an anti-social monster which even more people will grow to hate.

To end on a positive note at least this forms one more sound reason for the Internet as a whole to encrypt.

Anonymous Coward says:

Re: Concern

You seemed to have overlooked a major power granted to the spy agencies, they can hack your machines, at which point all protections against them tracking what you are up to become moot. What is more this power is granted in a way that enables bulk hacking attempts, such as against all VPN users.

Violated (profile) says:

Re: Re: Concern

Yes well this user could also hack then back but I thought I had given up that hobby years ago. At minimum I tend to notice unauthorised tasks.

You are right though that Governments are the best at hacking, viruses, root kits and more. It would still not be easy for them with a good firewall and a strict security policy.

I just wonder on days like this why the public don’t find out where all this snooping hardware is and to give it a couple of sticks of dynamite. I am not sure how ISPs would feel about that one though.

Anonymous Coward says:

Re: Re: Re: Concern

It would still not be easy for them with a good firewall and a strict security policy.

Which means that small closed groups of extremists, those most likely to use violence, can protect themselves, while ordinary citizens trying to organize a peaceful protest against some proposed government action are easily targeted. Often a protest can be headed off by targeting one or two leaders.
Doesn’t that tell you which the government fears the most?

Violated (profile) says:

Re: Re: Re:2 Concern

I have two views on this when first a well trained terrorist cell would use encryption and the deep web. I am sure though that face to face chat is always best.

My other view is from my early hacking days when I compromised over one thousand computers simply due to bad security. I would not go as far to say the average user is a complete moron but they are very inexperienced.

Even at times I would myself strip out viruses and root kits on their computer and to patch the security holes even if that was to secure my own use of it.

My point here is that terrorists are no more computer savvy than the general population is. All evidence points to this fact meaning outside the core they use technology like everyone else. So their key plan is to not leak stuff on the Internet and to switch phones and SIMs as needed.

Anonymous Coward says:

Re: Re: Re:3 Concern

As the Paris attacks showed, probably the best plan for a small group is to avoid encryption and VPN’s, as the security services have become fixated on secure communication channels to find the terrorists. Large groups on the other hand will show up on their social networking analysis tools, especially if it covers a large geographic area and is expanding, which is an indicator of a building political movement.

Violated (profile) says:

One other aspect I should point out is that once ISPs have this year worth of data on everyone then “since it exists” it then becomes possible for Judges to subpoena (NPO) this data in unrelated cases like copyright infringement.

We also know the Copyright Cartels have strongly supported such snooping just to get their foot in that door.

If we run that theme along further then now the Government has to power to quickly punish any online crime.

Violated (profile) says:

Re: Re: Re:

You overlook that while ISPs in most cases know you were using your Internet at stated date and time this new metadata would prove you were using BitTorrent also. It can also say what BT site you visited shortly before, maybe including your user details, or to spew out other browser related facts.

As said once ISPs log this data then so can a Judge order them to hand it over. Suspension then becomes an open and shut case with the only doubt over who was using that computer.

Whoever says:

https?

This doesn’t appear to include https interception, so the amount of top-level URLs that they ISPs is going to be limited and decline over time.

Yes, they could look at packet destinations, but with much of the destinations being CDNs, there is going to be limited value in that information.

Only if they look for connections to one or more unusual destinations are they going to get any shred of information.

Seegras (profile) says:

The Queen could stop this

But she won’t, because she’s the playing ball of lobbyists.

It became very apparent in the debate about copyright a few years back, where the Queen was parroting the copyright maximalists, and you could see that she did not have any grasp on what was really going on.

The same will happen here; because the Queen lives in a very bad filter bubble.

Yes, I know I'm commenting anonymously says:

Wait no longer!

Now it is time to kick england out of the EU.
Let’s not wait until they start article 50 procedures but pre-empt them.

Yes, it will be bad for the EU economy in the short term.
We will no longer have to carve out special advantages for them.
In the long run it will be better for the rest of the EU as a (much more unified) whole.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...