UK - Attack on privacy

[Super Nova]

This is the hot topic in the UK. The pollies are going to take a big brother approach to tracking everything that electronically moves and every interation we have between people, sites, messages ...etc.

I am strongly against this. It is the thin edge of the wedge. If the UK go down this path, Australia will not be far behind.

I guess the US would not allow this however the powers that Homeland Security have a far reaching. I wonder if it already is happening.

http://www.bbc.co.uk/news/uk-politics-17580906

Civil liberties groups have criticised plans for the government to be able to monitor the calls, emails, texts and website visits of everyone in the UK.

Internet firms will be required to give intelligence agency GCHQ access to communications in real time under new legislation set to be announced soon.

Tory MP David Davis called it "an unnecessary extension of the ability of the state to snoop on ordinary people".

The Home Office said the move was key to tackling crime and terrorism.

'Civilised society'

Attempts by the last Labour government to take similar steps failed after huge opposition, including from the Conservatives.

A new law - which may be announced in the Queen's Speech in May - would not allow GCHQ to access the content of emails, calls or messages without a warrant.

But it would enable intelligence officers to identify who an individual or group is in contact with, how often and for how long. They would also be able to see which websites someone had visited.

"What this is talking about doing is not focusing on terrorists or criminals, it's absolutely everybody's emails, phone calls, web access”
Conservative MP

Conservative backbencher and former shadow home secretary David Davis said it would make it easier for the government "to eavesdrop on vast numbers of people".

"What this is talking about doing is not focusing on terrorists or criminals, it's absolutely everybody's emails, phone calls, web access," he told the BBC.

"All that's got to be recorded for two years and the government will be able to get at it with no by your leave from anybody."

He said that until now anyone wishing to monitor communications had been required to gain permission from a magistrate.

"You shouldn't go beyond that in a decent civilised society but that's what's being proposed."

'Attack on privacy'

Nick Pickles, director of campaign group Big Brother Watch, called the move "an unprecedented step that will see Britain adopt the same kind of surveillance seen in China and Iran".

"This is an absolute attack on privacy online and it is far from clear this will actually improve public safety, while adding significant costs to internet businesses," he said.

Shami Chakrabarti, director of Liberty, added: "This is more ambitious than anything that has been done before. It is a pretty drastic step in a democracy."

The Internet Service Providers Association said any change in the law must be "proportionate, respect freedom of expression and the privacy of users".

Even if the move is announced in the Queen's Speech, any new law would still have to make it through Parliament potentially in the face of opposition in both the Commons and the Lords.

The previous Labour government attempted to introduce a central, government-run database of everyone's phone calls and emails but eventually dropped the bid after widespread anger.

'Protect public'

The then Home Secretary Jacqui Smith did pursue efforts similar to those being revisited now, but the Conservatives and Liberal Democrats continued to voice their concerns.

"It is vital that police and security services are able to obtain communications data in certain circumstances”

The shadow home secretary at the time, Chris Grayling, said the government had "built a culture of surveillance which goes far beyond counter-terrorism and serious crime".

Chris Huhne, then the Lib Dem home affairs spokesman, said any legislation requiring communications providers to keep records of contact would need "strong safeguards on access".

In a statement, the Home Office said action was needed to "maintain the continued availability of communications data as technology changes".

"It is vital that police and security services are able to obtain communications data in certain circumstances to investigate serious crime and terrorism and to protect the public," a spokesman said.

"As set out in the Strategic Defence and Security Review we will legislate as soon as parliamentary time allows to ensure that the use of communications data is compatible with the government's approach to civil liberties."

[mantra]

We've revelled in this world of technology and now it's come back to bite us. Australia - well the NSW government, is already talking about extracting DNA from babies for a national data bank - so the fact that they may start tracking all our online movements should come as no surprise.

Absolutely nothing is safe on the net. Maybe we need to start writing letters again and actually talking to someone on the phone or in person rather than texting or emailing. I wonder how it could be monitored - it wouldn't be an easy feat.

It might have already started and we don't know about it. Look at Facebook for example. They have to track your email address to find so many 'friends'.

[Mattus]

I think most would be okay with law enforcement having access to this data when investigating a specific crime ( e.g. The collar bomb hoax). However this reads as stockpiling information for the purpose of profiling, which is a different matter altogether and really rather alarming.

I always assume that anyone who is performing seriously criminal activities through the Internet, such as a terrorist organization, is taking the appropriate precautions, such as anonymous proxy service, to prevent identification. However the collar bomber guy didn't seem to. He used an unproxied library computer with a library fitted with a security camera?

Should this attack on privacy come into practice I suspect the use of anonymizing services will become standard for all recreational Internet users, having the opposite of the desired effect.

[Super Nova]

Should this attack on privacy come into practice I suspect the use of anonymizing services will become standard for all recreational Internet users, having the opposite of the desired effect.

I have given this some thought. I do not think Anonymising services will be a good enough defence unless you really know what you are doing. So I put myself in the position of these techs designing this and what would I do to address this. Note they are smarter so they have thought this through.
1. IP communication occurs via IP packets. They have Headers for directing the traffic like (source IP address, the type os packet SMTP-Mail, HTTP-Browser, HTTPS-Secure …etc, Destination address)
2. In each of these headers contain specific information that is used by the proxy servers. This information is just played back to the source proxy or source host when the reply packet comes back.
3. Everything beyond the header used to transport it could be encrypted to make it harder.
4. Now this is what I would do:
a. Capture each packet, I know the structure of the packet so I create a quick hash number that represents the key areas… assuming it is encrypted.
b. You send to an Anonymising proxy a packet. (Quick hash of content)
c. Anonymising proxy passes packet onto destination
d. The only differences in the pack is the IP address of the sender and destination address but the content of the packet remains.
e. If they are monitoring the proxy server they will pick up the packets. They could build a hash key.
f. Stort all this into the same database and they can match the flow of a packet through the network by looking at the things that do not change as it traverses the network and they will be able to follow it around.
5. Piss easy to do, just needs grunt, a lot of it.
6. That way they can just count the number of times a contact is made which is the scope of the brief.
7. They could flag certain people or transactions or events to keep the source packet for more detailed analysis.
8. They should be able to monitor the packets coming back in the same way.
9. You would need to go to a proxy server outside their influence and come pack via a different path. At the moment the anonymous proxy receives our packets and sends from their back to us. So we would have to get more clever.
10. The timing of message flow would give them a window to match as well since most responses are within a second.

I am sure those that really don’t want to be tracked will not, however most people will not have the smarts, knowledge or experience to do this.
So I fear, a reliance on Anonymous proxies just will not cut it. You will need advice from the internet mafia to elude them and probably need to keep changing your strategy staying one step ahead.
I guess the only thing to do is never use electronic methods to do you dirty business. We need to go back to the old ways of sleazy bars late at night. You know, when it was fun.

[Super Nova]

This is creating a big storm here. The minister responsible is trying to justify it and no-one understands why everyone has to be treated as if they are a terrorist suspect.

[Mattus]

Should this attack on privacy come into practice I suspect the use of anonymizing services will become standard for all recreational Internet users, having the opposite of the desired effect.

I have given this some thought. I do not think Anonymising services will be a good enough defence unless you really know what you are doing. So I put myself in the position of these techs designing this and what would I do to address this. Note they are smarter so they have thought this through.
1. IP communication occurs via IP packets. They have Headers for directing the traffic like (source IP address, the type os packet SMTP-Mail, HTTP-Browser, HTTPS-Secure …etc, Destination address)
2. In each of these headers contain specific information that is used by the proxy servers. This information is just played back to the source proxy or source host when the reply packet comes back.
3. Everything beyond the header used to transport it could be encrypted to make it harder.
4. Now this is what I would do:
a. Capture each packet, I know the structure of the packet so I create a quick hash number that represents the key areas… assuming it is encrypted.
b. You send to an Anonymising proxy a packet. (Quick hash of content)
c. Anonymising proxy passes packet onto destination
d. The only differences in the pack is the IP address of the sender and destination address but the content of the packet remains.
e. If they are monitoring the proxy server they will pick up the packets. They could build a hash key.
f. Stort all this into the same database and they can match the flow of a packet through the network by looking at the things that do not change as it traverses the network and they will be able to follow it around.
5. Piss easy to do, just needs grunt, a lot of it.
6. That way they can just count the number of times a contact is made which is the scope of the brief.
7. They could flag certain people or transactions or events to keep the source packet for more detailed analysis.
8. They should be able to monitor the packets coming back in the same way.
9. You would need to go to a proxy server outside their influence and come pack via a different path. At the moment the anonymous proxy receives our packets and sends from their back to us. So we would have to get more clever.
10. The timing of message flow would give them a window to match as well since most responses are within a second.

Right, but all you need to get around that is for the non-UK anonymous encrypted proxy to send its packets via a second non-UK anonymous encrypted proxy (where no UK packet sniffers could inspect the packets). They could be in the same room, it doesn't matter. In fact I think all current encrypted anonymous proxy services (yes even the free ones) use this approach.

I am sure those that really don’t want to be tracked will not, however most people will not have the smarts, knowledge or experience to do this.

People don't have the smarts, and have absolutely no need to buy a service from those with the smarts. However, with the introduction of this profiling policy, it suddenly creates a market for even you average garden variety porn-hound to pony up big dollars to those with the smarts. It creates a mainstream market for a service which was generally only used by people up to no good in the past.

So I fear, a reliance on Anonymous proxies just will not cut it. You will need advice from the internet mafia to elude them and probably need to keep changing your strategy staying one step ahead.

No doubt the internet mafia will create a 50c app for that.

[Super Nova]

So even using "advanced anonymising online technology," you can be found. There is no place to hide on the net if someone with ther resouces wants to find you.

You would have to work very hard and stay one step ahead. This means you could not have a real precence on the web, particularly for selling stuff. Then again they probably just found them through paypall. Follow the money.

US busts online drugs ring Farmer's Market The secret ring supplied drugs to clients in 35 countries around the world, the US said Continue reading the main story
Related Stories
US targets 70 'drug traffickers'

The US authorities say they have busted a secret internet drugs market, where people around the world could buy LSD, ecstasy and other illegal substances.

The ring - The Farmer's Market - is said to have operated through a computer network which allows users to communicate anonymously.

At least eight people have been held in the US, the Netherlands and Colombia.

They have been charged with drug trafficking and money laundering and will face trial in the US.

'Clear message'

The arrests were the culmination of the two-year Operation Adam Bomb, officials from the US Drug Enforcement Administration (DEA) announced late on Monday.

The sophisticated ring had tried to hide its activities "through the use of advanced anonymising online technology," said Briane Grey, the DEA's acting special agent in charge.

He added that the arrests "should send a clear message to organisations that are using technology to conduct criminal activity that the DEA and our law enforcement partners will track them down and bring them to justice".

The US authorities have identified Marc Willems, 42, as the "lead defendant", who is believed to have created and run the network. He has been arrested at his home in the Netherlands.

It is alleged that more than $1m (£630,000) worth of drugs sales were processed through the sophisticated ring which used the TOR computer network between 2007-09.

The Farmer's Market reportedly provided order forms, customer service and accepted payments through PayPal, Western Union and other means.

It had customers in every US state as well as in 34 countries around the world.

http://www.bbc.co.uk/news/world-us-canada-17738207

[Mattus]

Lets wait and see if they actually cracked the TOR network, or whether they just ordered some drugs and tracked it through the postal service.


Edit: They got nabbed through a Western Union transfer of money, and there is no indication that law enforcement were ever able to trace the anonymous online proxy. Once again the brick and mortar world is LESS secure than online!

[Mattus]

Think Ben Goldacre has been reading this thread?

http://bengoldacre.posterous.com/pirate ... monitoring" onclick="window.open(this.href);return false;