from the eat-your-heart-out,-china dept
As expected, the UK government has published its Draft Communications Bill (pdf) -- better known as the "snooper's charter," since it requires ISPs to record key information about every email sent and Web site visited by UK citizens, and mobile phone companies to log all their calls (landline information is already recorded).
Since this was only released a few hours ago, people are still trawling through it to find out what delights it holds, but an eagle-eyed David Meyer has already spotted something rather extraordinary: the UK government seems to be proposing to log not just every IP packet, but every physical packet -- and letter, and postcard -- too.
That's thanks to Section 25 of the Draft, which states:
Part 1 [the main requirements to log communications data] applies to public postal operators and public postal services as it applies to telecommunications operators and telecommunications services.
And if you were wondering what "communications data" means when applied to letters and postcards, it includes:
postal data comprised in or attached to a communication (whether by the sender or otherwise) for the purposes of a postal service by means of which it is being or may be transmitted
Letters, telephone calls, email and the Web -- this is a level of total surveillance that countries like China, North Korea or Iran can only dream of. What remains unclear is how the UK government will try to gather this incredible flood of information, and whether it can access it in real time. Here's what the site Privacy International thinks will happen:
The government today published a draft version of a bill that, if signed into law in its current form, would force Internet Service Providers (ISPs) and mobile phone network providers in Britain to install 'black boxes' in order to collect and store information on everyone's internet and phone activity, and give the police the ability to self-authorise access to this information.
That article points out that two important questions on the Internet side of things remain unanswered:
However, the Home Office failed to explain whether or not companies like Facebook, Google and Twitter will be brought under the Regulation of Investigatory Powers Act (RIPA), and how they intend to deal with HTTPS encryption.
When an official was pressed on that last point, he gave a rather disturbing reply:
At this morning's Home Office briefing, Director of the Office for Security and Counter-Terrorism Charles Farr was asked about how the black box technology would handle HTTPS encryption. His only response was: "It will."
This is going to get very interesting.