Has now been published in draft:<p><a href="https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/473770/Draft_Investigatory_Powers_Bill.pdf" rel="nofollow">https://www.gov.uk/government/uploads/system/uploads/attachm...</a><p>No explicit ban on encryption, but the existing RIPA obligation to decrypt when you have the capability and are made to. Potential madness in the "Equipment interference" section, although the bill claims this is already authorised under different legislation.<p>The Bill uses "communications data" to mean what we would call "metadata", ie everything except the contents.<p>"Equipment interference allows the security and intelligence agencies, law
enforcement and the armed forces to interfere with electronic equipment such as computers
and smartphones in order to obtain data, such as communications from a device.
Equipment interference encompasses a wide range of activity from remote access to
computers to downloading covertly the contents of a mobile phone during a search."
Check the live page - <a href="http://www.bbc.co.uk/news/live/uk-politics-34719194" rel="nofollow">http://www.bbc.co.uk/news/live/uk-politics-34719194</a><p>8:40 'Security risk' of storing communications data
"A new law to govern how police and intelligence agencies and the state can access communications and data will be published today.<p>Preston Byrne from Eris Industries, a cryptographic communications company which is withdrawing from the UK because of the proposed law, says the government is going to be tracking metadata which is essentially "a map of what you're thinking".<p>He warns the data could be compromised - citing the recent TalkTalk hack - and says this could lead to blackmail. And he argues that <i></i><i></i><i></i>
criminals and terrorists" don't use normal communication channels" so only the law-abiding people will be affected by the bill.<i></i><i></i><i></i>"<p>Preston Byrne has a point.. even common people are using VPNs and TORs. How come the terrorists bare their communications for surveillance?
The current UK government has committed to:<p><pre><code> 1. ban encryption (any encryption worth its salt)
2. ban anything psychoactive
3. detach us from the European Convention of Human Rights.
</code></pre>
Not one of these things is achievable in practice. This posturing and will amount to nothing but farce in the face of the details.
The BBC is being a good state mouthpiece today - the fact that they're quoting May as saying it doesn't hold previously contentious matters (I.e. Breaking encryption) is disingenuous to say the least. The bill will say that "unbreakable" encryption is illegal - which means all encryption, as if it's breakable, well, it's not really encrypted, is it.<p>Never mind that this is totally unenforceable. I could write up a one time pad with pen and paper. Most won't. Crooked cops will sell data. They'll blame "hackers".<p>You only need look at the talktalk debacle to see how incredibly warped this govt's views are - they haven't arrested anyone at talktalk, who are tge ones who had such poor infosec that script kiddies could blow them wide open. Instead they're arresting children.<p>Oh, and I'm seriouslt considering redomiciling my company - we only contribute a few hundred million quid to the UK economy.
To me (a UK citizen) this is like the government tracking the title and author of every book I read, "but don't worry, not the contents or page numbers you looked at". The idea this is any meaningful barrier to finding out what you're really up to is ridiculous. Phone metadata is one thing - and still highly revealing - but much of the web is public! It's enough to make me think twice about where I browse, wondering "if I ever got challenged over it, how will it look that I browsed to this site?". That seems pretty harmful to the web - possibly even in an economically measurable way?
There is a lot of Tory bashing going on here but this policy runs deeper, Labour tried to put through similar legislation. The coalition dropped it but is back. Each Home Secretary seems to become more hard line and blinkered, like they are being poisoned by the fear emanating from the security services.
<a href="http://www.bbc.co.uk/news/uk-politics-34715872" rel="nofollow">http://www.bbc.co.uk/news/uk-politics-34715872</a><p>^ fixed link
My first reaction to this was that VPN usage will explode, but I'm not sure how a VPN server hosted in another country would work with their desire to effectively ban encryption.<p>I feel like the UK is slowly goose stepping its way to a Chinese style firewall.<p>Given the right's obsession with what I'm ordering on Amazon, and the left being essentially unelectable right now, I'm not really sure where to put my vote at the next election.
What practical steps can we take if this becomes law? If police and local councils are given access to browsing records, abuse is inevitable.<p>There are already well-documented examples of councils using terrorism legislation to spy on people 1)suspected of using the wrong type of rubbish bin [1] 2)sending their children to school outside of their catchment area. [2]<p>This type of abuse and overreach will happen frequently. Not to mention crooked police/council officials selling data, and others pursuing personal vendettas & checking up on current and former romantic partners.<p>The UK will become a horrible, paranoid place.<p>What can I do to protect myself? Use a VPN for all internet access? Use Tor (which seems too slow for most practical purposes)? What else can we do?<p>[1] <a href="http://www.telegraph.co.uk/news/uknews/3333366/Half-of-councils-use-anti-terror-laws-to-spy-on-bin-crimes.html" rel="nofollow">http://www.telegraph.co.uk/news/uknews/3333366/Half-of-counc...</a><p>[2] <a href="http://www.telegraph.co.uk/news/uknews/law-and-order/7922427/Councils-warned-over-unlawful-spying-using-anti-terror-legislation.html" rel="nofollow">http://www.telegraph.co.uk/news/uknews/law-and-order/7922427...</a><p>EDIT: added links to sources
Flagged because 404. Correct link:<p>Surveillance bill to include internet records storage
<a href="http://www.bbc.co.uk/news/uk-politics-34715872" rel="nofollow">http://www.bbc.co.uk/news/uk-politics-34715872</a>
"For more intrusive surveillance - involving the detailed content of the communications - security services need to obtain a warrant."<p>The way this is worded makes me wonder if the 'detailed content' will be harvested with everything else and then retroactively looked at with a warrant.
By their (lack of) logic, they should also have an officer following every citizen and logging where people go, so that they can know John left his house at 9:17 and checked in at local grocery shop at 9:28. With a warrant they could then obtain information that he has bought a large cucumber - let's arrest him, because he is probably cheating on the government with cucumber. He told the grocer, that how government fucks him is not making him satisfied, so he has to finish the job with a cucumber.
I read the article, but I'm no clearer on what the criteria for issuing a warrant is.<p>A few years ago it seemed like the answer was "because TERRORISTS", now they're also talking about organised crime and child abusers.<p>This government have already branded the leader of the opposition a 'treat to national security'. Which leads me to concluded that they are either lying, incompetent, or reading all his internet history too.<p>Furthermore, I've heard no compelling arguments as to why the idea of an independent judiciary (who should be the only people who can issue these warrants) is broken, or how it should not apply when it comes to the online world.<p>But the drip drip drip of obfuscated and fear motivated erosions to the balance of powers continues, and it's making me deeply worried about what kind of country my grandchildren will live in.
If we can't get privacy using crypto, we could always use chaffing to make their database useless. We just need a list of sensitive websites that want to hide their true users, and an ad-serving network that randomly serves up links to those sensitive websites on other web pages (but doesn't display them). In this way, everyone's browsing history will look suspicious, so the data won't be of any use.
><i>"Such data would consist of a basic domain address, and not a full browsing history of pages within that site or search terms entered."</i><p>Am I right in understanding they will have access to this data without a warrant? And then any 'further' data would then need a warrant.<p>><i>"For more intrusive surveillance - involving the detailed content of the communications - security services need to obtain a warrant."</i><p>So with more and more websites using https, where does this 'detailed content' come from? Is the Government expecting ISPs to collect data that doesn't exist? As far as I was aware, as long as you view a website in HTTPS, there was no way your ISP knew what individual pages you are visiting.
It's much worse than that. They want to ban companies from offering encryption that they can't also decrypt.<p><a href="http://www.telegraph.co.uk/news/uknews/terrorism-in-the-uk/11970391/Internet-firms-to-be-banned-from-offering-out-of-reach-communications-under-new-laws.html" rel="nofollow">http://www.telegraph.co.uk/news/uknews/terrorism-in-the-uk/1...</a><p>Also, in regards to data retention - I thought the CJEU made it clear that it's against the EU Charter of Fundamental Rights. Is UK seriously pretending that never happened? It seems their strategy is "we'll just use this new law for 2 years until it gets invalidated, and then we pass a new one that we can use for another 2 years". And so on and so forth.<p>U.S. companies, please stop establishing headquarters in the U.K. It's on an authoritarian path as much as Russia and Turkey is (certainly under David Cameron/Conservatives, at least).
Wild conspiracy theory - London is becoming the playground of world elites. So security is paramount. These bills are not to keep pedophiles at bay but to prevent some forms of "London spring" of the underclasses or other forms of physical harm towards your friendly neighborhood billionaire that could damage real estate prices. The conservatives goal is to make elites know they are safe here so they could switch to lower profile security details.<p>I have no better explanation why UK is pushing so hard on its own populace.
I don't see anywhere in the bill what EXACTLY an Internet Connection Record is, and since there is no such thing as a standard Internet Connection Record in any of our existing network infrastructure, I assume this has been left vague so that it can be extended to whatever they want.<p>Nor does it define the exact kind of Internet Service Provider that the law is suppose to be enforced against. (Is this only suppose to apply to those supplying bandwidth or do all websites/services count?).<p>> Law enforcement agencies would not be able to make a request for the purpose of determining – for example – whether someone had visited a mental health website, a medical website or even a news website.<p>This seems to imply that there must be a whitelist of domains for which ICR collection is required. But there is no mention of such a list nor how it would be curated.
Having the govt require ISPs to collect this data about us will result in ISPs "aggregating" the data and selling it to advertising / marketing firms, insurers or anyone willing to cough up a few £ for your private data.
>The draft bill also places a legal duty on British companies to help law enforcement agencies hack devices to acquire information if it is reasonably practical to do so.<p>WTF!
To guard against terror. Terror coming from a certain group of people, we are pushed to choose between living without potential terrorists, and without the stasi, or with the potential terrorists, and with the stasi. Stasi and multiculturalism - both or neither.
The way it is reported it makes it almost sound like this is the current state of affairs. Thus a feeling of "no need to fight it, its already implemented".<p>Am I right in thinking this is a proposal that is yet to be passed into law?
So basically the UK wants to become Google but instead of tracking users to improve products, they will be tracking everyone to catch criminals.<p>Imagine a full list of sites you visit being stored by your ISP and now available to your government when necessary. Wow.<p>Does this mean users will be flagged automatically if they visit sites that offer pirated software/movies and the like?