Brilliant first recommanded comment by "stpman" in the article to answer all those saying "I don't have anything to hide":
"Why should people care about surveillance? Because even if you're not doing anything wrong, you're being recorded. You don't have to do anything wrong. You simply have to eventually fall under suspicion, even by a wrong call. They can use this system to go back in time and scrutinise everything, and derive suspicion from an innocent life and paint anyone in the context of a wrongdoer."
-Edward Snowden
"If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him."
-Cardinal Richelieu
You may not have anything to hide, but you should hide as much as you can anyway, because anything you say or write may be one day used against you in a court of law.
Most cops in the US are fighting against the use of body cams. Why? They don't want to be recorded.
Most courts don't allow recording equipment in them. Why? They don't want to be recorded.
Most government workings are hidden behind bureaucrat walls. It requires other laws such as the FOIA to force government to be open. And FOIA requests are widely ignored, delayed, redacted, etc.
If the people enforcing the law refuse to be recorded, why in living hell should you let them record you?
You should have as many rights as they do. Including the right to privacy.
yes, the response to "if you have nothing to hide" should be "you first then".
Imagine if the question was:
"can I watch you through your window ?"
- "no."
"why, what have you got to hide ?"
- "nothing, I just value my privacy like any normal human. It's my house, so mind your own business"
Now you could counter "yes but the web is a public space". But it's not entirely. Some of it is public, some of it is private. Our email conversations with our friends and family, our video chats etc should be private. (They're not of course, they're all intercepted and stored forever, but they should be private).
Why do you want to watch me through the window. You can come and look if you want as long as you're not doing it to perv over me I couldn't really care less.
To keep the analogy don't we need to add two provisos though: you can't tell anyone about it or you lose your job and face prosecution (unless you can convince the CPS that there's a case against me, then you have your say in court); and you'll need to convince a judge that you have a legal need, that also serves the public interest, to observe me.
>Our email conversations with our friends and family, our video chats etc should be private. (They're not of course, they're all intercepted and stored forever, but they should be private). //
AIUI the UK Investigatory Powers Act is storing domains visited for a limited time and requires a warrant to enable access, access then only being granted to officers of a particular standing (so they can't pass the details around and the named officer is responsible if the info is leaked). Am I getting the wrong message? I've not had time to read the Act yet.
Security services are almost certainly able to access that data, but then that's been true for a long time and is covered by far more generic laws, the IPA isn't addressing that (is it?).
tl;dr - if I don't care if you sit and watch me watching Masterchef, or playing on Steam, or if you read my emails to customers, or see what I buy (just like you can if I go to a shop), then ... is there anything left that you can say to convince me I should be hiding what I do online. "I don't hide what I do IRL, why hide online"?
So you change your clothes, bathe, go to the toilet and have sex in full view of others? Or, more pertinently, would be happy to be legally required to do so?
I'm searching for a convincing argument. This isn't it. Are you saying that the UK IPA is going to let computers magically see me on the toilet and pass those images on to the police, or that the government somehow needs to see me on the toilet and so will get a court order for it? This hyperbole obscures any point you're trying to make IMO.
The closest analogy I think that's reasonable on say your "have sex in full view of others" that's pertinent is that the government could overhear me talking to someone about sex and would record that I had talked to someone about sex. Now for an abuser that might be an issue, but for me it's not.
Take a step back. What's your best argument to convince me gov access [by warrant] to a list of domains I've visited - where I haven't used a VPN, or other obscuring method - means I'm giving up my civil liberties in a way that will have a damaging impact on me?
I can see it can for a small portion of society, a lot of [non-petty] criminals. I can see it might for political dissidents in a country lacking rule of law; UK isn't perfect in that regard but it's close to having a fully independent judiciary and a fully working rule of law.
[FWIW I wouldn't vote for such a law, but I'm yet to be convinced by the arguments I've seen, primarily because they are so outlandishly hyperbolic.]
In the death of Gareth Williams (he was the ex GCHQ spy who was found dead, enclosed in a locked bag in his bath) the authorities brought up the fact that he'd visited BDSM porn sites as a way of explaining the unusual circumstances of his death.
This proves that the government is willing to selectively present out of context information from someone's browsing history in court in order to further their agenda. If you believe every employee at all 49 agencies who have access to this data will never misuse it, well, you're more trusting than me.
And I haven't even touched on any of those agencies being the conduit of leaked information, and the ramifications of that. If the NSA can't even keep a lid on confidential information when it's staffed with some of the most experienced and intelligent techs in the world, what hope does the Department for Work and Pensions have?
Why is clandestine surveillance of everyone bad? Because anyone with more power than you and the will to abuse it can simply label you as an 'undesirable'. If I'm a local police officer with access to surveillance data, and I see something about you that I don't like, I am much likelier to act against you or your family or friends. And since I spied on you invisibly, you'll never know what list of 'undesirables' your name may be on, or why, nor can you ever get off the list.
As an undesirable, I (as a bureaucrat hungry for power) might uninvite you and yours from my college, business, bank loan, job offer, or I might simply charge you more for goods or services. Given the power, I can make your life hell for reasons you'll never know and have no redress to challenge.
In 1870s to 1960s America these kinds of off-the-book practices were called 'Jim Crow', intended to repress minorities and especially blacks from the civil rights and protections that were theirs by law. If our 21st century government regresses to the same state the FBI did under Hoover -- not inconceivable under Trump, since it already has occurred under Obama as he allowed CIA and NSA to escape oversight from congress or the press and hide from their abuses of constitutional law -- the likelihood of history repeating itself using domestic espionage has become almost a certainty.
If you still have doubts about the threat to everyone from unlimited domestic surveillance to big and small, innocent and guilty, then reread Orwell's 1984. And never forget that EVERYONE is part of some minority that will become unpopular eventually.
As a postulation, that's fine enough, but is there any human being on Earth who could honestly claim they wouldn't mind some stranger or group of strangers standing at their window, watching them live?
Yes,my initial unconscious reaction is I don't like the idea to be watched but then again if I really think about it, actually I don't have real reason to be against it. Having to keep secret, maintain privacy to me its a burden, significant amount of work, inconvenience. So yes, as long as you are not distrurbing or trying to harm me, I would not mind if you are watching me, If possible I prefer to not have secret.
The point of privacy is for the times when you need it. You should defend that right even in the times you don't feel you need it.
For example, in the US, most people are not afraid to share their political beliefs. This is because, in the US, it isn't common to be harmed or even killed for your beliefs. This is not true in every country or even for every part of the US. So being able to keep your political views a secret is important. In a world where this is not possible it can quickly become dangerous to hold the "wrong beliefs" publicly.
Do you believe you only uphold the "right beliefs"? And if so - are you 100% certain those beliefs will never turn into the "wrong beliefs" to have? If you answer "no" to either question then privacy should be important to you.
Yes but its already is illegal to harm or kill someone regardless what their believe. If there no such law then they should make it.
If I uphold "wrong belief", last thing I want to is to make it secret. The more people know about it, the more popular it is, the more people understand it, more chance for it to be not 'wrong' anymore.
Murder is illegal but that doesn't prevent it from happening. Because the law isn't a prevention method - some people choose to keep their personal views private rather than risk their lives, livelihood, or even just scrutiny within their social circles. (Not all punishments have to be as extreme as death for privacy to be important. I want to make that clear since I started with a rather extreme punishment for having the wrong beliefs.)
>If I uphold "wrong belief", last thing I want to is to make it secret. The more people know about it, the more popular it is, the more people understand it, more chance for it to be not 'wrong' anymore.
Oh, I agree with this! But I also think it is a personal choice if someone wishes to strongly advocate for their beliefs - with all the repercussions that may follow - or if they would rather privately hold their beliefs without fear of repercussion. Not everyone wishes to be made a martyr.
>For me keeping a secret is not without cost, its a burden, significant amount of work and inconvenience.
I'm personally fine with you not bothering with your own privacy if you feel it isn't worth the burden.
Privacy advocates see that sort of thinking as harmful though. If it becomes the 'standard' way of thinking it easier to pass laws that violate privacy. So "our" first step is trying to convince people that the right to privacy is important, even if they don't personally care about their own privacy.
It's a bit nonsensical to ask someone to fight for privacy rights when they don't care about their own privacy. It's easier to fight for something if they actually care about it, which is why you see so many privacy advocates (like myself) trying to convince you your privacy is important. I'm fine with you not caring about your own privacy due to the burden of keeping it, but I beg, not ask, that you care enough to defend the rights of people who find the burden worth carrying.
>So "our" first step is trying to convince people that the right to privacy is important, even if they don't personally care about their own privacy. //
What do you think is the most convincing argument to this end that I can read in a tea break?
Varies from person to person. The three I've personally had the best success with are as follows:
An appeal to historical abuses works for some - but others see that sort of abuse "not being possible in the modern day". In my opinion, that is naive since many countries are still actively oppressing minority views... it's literally happening in the modern day. Just perhaps not in their country yet. =\
As Adam D. Moore said: "Consider someone’s sexual or medical history. Imagine someone visiting a library to learn about alternative lifestyles not accepted by the majority." I use examples such as: Have you ever seen a therapist? Taken an anger management class? Have had an STD? Are you LGBT or supportive of LGBT rights?
Depending what country someone lives in - inquiring about their beliefs on "touchy subjects" can be a good one. If they refuse to tell, then they have something they wish to keep private. If they do tell - is there someone they wouldn't tell? If so, why not? (eg: Would they tell talk to their boss about politics?)
Those are the most TL;DR versions I could make for each of them. The goal is to get them to see privacy from the viewpoint of a minority - and especially from a minority group who are persecuted, ostracized, harmed, or killed for having their beliefs. Privacy is literally the difference between life and death for people across the globe and people who have no felt their life has ever been in danger due to the lack of privacy should be thankful.
In a world where people truly have "nothing to hide" then there would be no reason to look.
Sometimes your initial unconscious reaction is the right one to pay attention to. Being watched, in our distant evolutionary past, would often have been a prelude to being hunted - and it still is in this case. The sabre-toothed tiger might decide not to attack you - but you won't know that until it has attacked you.
And besides, though you might very well prefer not to have secrets, you should extend that to those watching you.
Because those people you mentioned are being paid to do their jobs - they are and they should be recorded while doing it, so we, taxpayers, can verify it they are doing their job properly. No one is proposing recording policemen or judges in their private time, just like us, citizens, should not be recorded in our private time.
At the end of the day, your employer probably already records your activity at work, and that's perfectly fine because they want to verify you are doing what you are being paid for.
In 1984 , everything was recorded but some of the high members were able to stop it for sometime, looks like capitalist oligarchy has many things in common with the Party.They don't want for them what they ask for others and they think they deserve it
I think you're spot on. A classic example of this:
The Jews didn't have anything to hide and lived in the open for many years prior to Hitler's rise to power... and then suddenly their innocent life was exactly what condemned them to their deaths...
So yeah, everyone has a responsibility to ensure their privacy. 99.9% of people aren't terrorists. Terrorists cause less death every year than heart disease. Why should the 99.9% of people give up privacy to fight a war caused only because of the "West"'s inability to negotiate fairly for access to foreign resources? Instead of raping and plundering other countries, installing puppet Governments and causing people to act with "an eye for an eye" or "I will rain what you rain down on us a thousandfold over."
It's a band-aid solution to a symptom of the underlying cancer that needs to be cured. They're using the war on terror as a land grab for more power and control. Realistically there should be no war on terror, for terrorism is only "an eye for an eye." If you want to stop it, someone has to be the bigger man and say "You know what, we're not doing this any more. This behaviour is bullshit and it ends now."
If you want peace, you've gotta live peacefully. You don't spread peace with bombs, guns, violence and invading everyone's privacy to maintain control. You spread peace and trust with acts of love and kindness.
There's a more specific example of this - in the Netherlands for years before 1939 they had a wide ranging census and an excellent civil service. On that census was an option for religion.
The Nazi's took the census records and then used the excellent civil service to deport the overwhelming majority of Jews to the camps. The Netherlands had some of the lowest rates of survival of Jews amongst occupied territories. The Nazi's knew who they were, and where to find them.
Who knows what piece of information could be used to hound you to your death, years after you divulge it?
And now we track almost everything about everyone, .. except for religion. It's almost funny how we managed to learn the absolute minimum of that lesson :-/
What is a census if it's not a form of mass surveillance?
It's mandatory, you get in trouble for not doing it and it's a legal document, thus you can get in trouble for not filling it out properly.
How is that redefining anything? That is in itself mass surveillance... albeit manual and participatory mass surveillance, but still mass surveillance nevertheless.
I fully agree with the quote above, but I don't find this as clear a cut issue as perhaps many on HN do. It's undoubtable that surveillance is becoming harder now and that groups who would bring great harm to innocent people are using the internet for research and communication. I don't know what the answer is, but encrypting everyone's communications end-to-end with no-one able to ever intercept does sound like it will make protecting us very hard indeed. And yes, I know these tools for strong encryption are out there and they can't be un-invented - but I can see why Governments want to do "something". I am just saying what that "something" is becomes difficult to define.
The problem is that domestic mass surveillance is not that effective at stopping these people. Everytime there is a terrorist attack or mass shooting it seems that we get the same story of "they were known to the local police/FBI" or that their family had concerns. Spying on everyone is just increasing the size of the haystack and making it harder for someone to follow up on actual hard intelligence.
Another alternative is to have limited surveillance that requires a judge to sign off on it after seeing a good reason to suspect someone. Personally I have no issue with that - it's a model that has worked for decades and strikes a balance between public safety and personal liberty.
Terrorism and mass shootings are going to continue until we address the root causes and even then we will still have occasional incidents. The public need to have realistic expectations and stop with knee jerk reactions that result in security theatre like the TSA.
> Spying on everyone is just increasing the size of the
> haystack and making it harder for someone to follow up
> on actual hard intelligence.
No no, you see, because big data. Probably also clouds. /s
Seriously, I think this ship has sailed; we can only find new ways to operate under our new circumstances, rather than preventing them from coming about as we could have done up until maybe 15 years ago.
The most charitable interpretation I can find for the nascent global surveillance state is that world governments are (quite reasonably, in my view) collectively anticipating great upheaval in the near to mid-term future, and recognise that they must do something to keep a hand on the rudder.
I do not believe that a unilateral panopticon (i.e. "we are watching you, but you may not watch us") is the right response, and I dislike that it is being presented as an anti-terror/anti-piracy/anti-{localized-name($bad-people)} measure, rather than described honestly. What worries me enormously is that the nationalist right is also on the rise at the same time.
If we are lucky, it may all lead to greater worldwide unity in the long term, but I am not hopeful that this will transpire within my lifetime.
> If we are lucky, it may all lead to greater worldwide unity
In order to reach that point, we need to protect diversity in the middle of all this integration that is happening with the internet. "Integration in differentiation", and "differentiation in integration", are necessary principles for a healthy society.
Practically protecting diversity would mean protecting privacy, the right to express political views the right to be different. If we can't protect diversity we get to the regime of 1984.
There is a profound biological reason for this concept - neurons in the brain are differentiated by being differently connected, and are integrated by virtue of said connections. So they are both diverse and integrated, and the result is conscious mind - a system that can handle both highly complex dynamism and balance. The theory of integrated information is one of the most respected theories about consciousness. We should strive to be more like the brain.
Another practical point is that concentration of power is detrimental. It leads to a decrease of diversity.
If we want to become a happier society we need to protect both integration and diversity. These two principles have many other social and technological applications.
>" we can only find new ways to operate under our new circumstances, rather than preventing them from coming about as we could have done up until maybe 15 years ago."
Succinctly, I mean that the only route forward now is VPNs, crypto, and educating the gen-pop properly. We are too far down this road to stop it without breaking society wholesale.
>> Everytime there is a terrorist attack or mass shooting it seems that we get the same story of "they were known to the local police/FBI" or that their family had concerns
This isn't enough to judge the effectiveness of mass surveillance, because of course there would be misses - the question is how many - and of course we don't know.
But there's a natural "experiment" recently happening: lone wolf terrorism , which unlike terrorism before it , don't require communicating and planning together with others , all activities that can be detected by surveillance(see john rob's blog for more details), and even it's marketing is imprevious to surveillance.
And i get the general impression that this has led to a marked increase in terrorism , noticed strongly in Israel's latest lone wolf wave, for example[1] , and probably in france/Germany/US too.
[1]Israel lone wolf terrorism has mostly been done using cold weapons, so it's harm has been greatly decreased, but without mass surveillance, it's pretty reasonable guess that a lot of it would have been much more deadly.
I don't know what the answer is either, but I would like governments to invest more time, money and effort into researching ways of achieving peace, rather than fighting to suppress war.
It may, indeed, be more difficult than tracking what everybody does and incarcerating those that are suspected of plotting acts of violence. I think the payoffs may be significantly better, though.
I hate to compare these kinds of cultural issues on the internet, but I have lived in many places in the world. Culturally they are very different. How we act in our countries, states, cities and even houses is governed by our culture. Some cultures value peace greatly. Some prefer justice to peace.
When you look at the people around you, you may think, "There is nothing I can do. There are evil people and I can't change that. I can only fight them so that good will win." In my experience, this is not true. Many people have problems and it is only society and culture that can save them from those problems.
How do we extend a culture of peace and create a global society where we help people in need? That's what I would rather spend my money on. I'm willing to suffer from the attacks of those that need help in the mean time.
"Fighting to suppress war" has got to be one of the best examples of false consciousness (wrong term? I mean a kind of self-fulfilling prophecy based on internal contradiction) ever...
During all history of mankind, wrongdoers were using "words spoken by the mouth" to do all kind of bad things. Yet I miss total surveillance of privately spoken words.
Even without total online surveillance, by the nature of computers you are leaving so many traces that full surveillance is not necessary to at least find something. And in countries without Big-Brother like surveillance, police often got good hints by searching the equipment of a real criminal. It is just not needed to include everyone. And even with encryption, you can often see who talked to who.
The "something" you are talking about is the following: good old police work. You have a reason to be suspicious? Search the guy. Just as police did the last hundred years. Just do not search everyone. Police work should be hard if we still care about citizen rights.
It's undoubtable that surveillance is becoming harder now
I disagree, that's very doubtable. Modern law enforcement has access to an amount of information that exceeds that available in any other era in human history, by an order of magnitude, both in breadth and in depth. The surveillance programs revealed by Snowden and the remote sabotage of Iranian nuclear faclities are but two examples. Surveillance in the developed democratic countries we both (I assume) live in is broader and is done with less oversight than at any point in the 20th century, and not just on the Internet, either. In addition, while I don't want to go quite as far as to state that the trend is clearly upward, I'm also not convinced it's clearly downward; the recent law passed in the UK is evidence enough to discard that notion.
Even if we encrypted all our communication today, there are still weak points in our system that governments can and do exploit when a clear need arises. On the technical side, 0-day exploits are not cheap, but well within the budgets of the law enforcement agencies we depend on to protect us from real threats. And on the legal (and not so legal) side, Certificate authoritities can be compelled to hand over the keys required to compromise secure communications.
Finally, even if we're indeed "Going Dark", as the spokespeople of law enforcement agencies would have us believe, then that can only be true relative to the last decade. As far as I'm concerned, that's a return to the right balance, not a decline into an age of death and despair, where evildoers can commit crime at will, without fear of repercussion.
Collecting all that data is harmful simply because it can be assumed to be hacked at one point or another. Massive potential for misuse by criminals or authoritarian governments.
Meh, I'm still waiting for an argument that is capable of convincing a larger audience. The problem with the threat imposed by privacy invasion is that it is just too hypothetical. It is near the bottom of people's problem lists, even below their "first world" problems.
What about the argument of quoting? Say I record everything you say, for the next month. Every joke, every statement, every sarcastic jab.
Couldn't I now do a 60 minutes expose making people believe all sorts of things about you? That you're a closet <whatever people don't like>? Paint you as committing some crime that you had nothing to do with? It doesn't have to be very believable, just believable enough that people will always wonder. Humans are pattern matchers, surely if I give you pieces, you'll fill in the blanks yourself?
I mean you're basically going on the record, with the world all the time.
> Humans are pattern matchers, surely if I give you pieces, you'll fill in the blanks yourself?
Yep.
Also: if you don't talk about something that can be veeeery suspicious too.
See recent discussion about forbidden spheres[0].
Full disclosure: I mostly (>90%) trust police where I live. I mostly trust government officials. I still don't want this data in the hands of anyone because 1.) than a year ago everybody knew Turkey was a stable democracy and until the night of the invasion my country were sure Germany wouldn't invade. 2.) everybody get hacked. These databases will be stolen.
I could, but that's like you saying the concept of off the record isn't valuable, as everything you say in public is a complete representation of your beliefs, the fact that a concept as off the record exists I think implies otherwise.
People vent, people say things that are poorly thought out in frustration and other circumstances.
In the current climate of vilification, I'm not sure it's a good idea to take the worst that someone may say in a thoughtless moment and use that to label them.
And how large is the probability of this happening to random people?
Perhaps we can compare it with crime. Research has shown that crime rates are reduced not when punishment increases, but when the probability of getting caught increases.
This means (translated to our case) that you can scare people all you want with doom-scenarios, but if people perceive the probability of becoming the victim of privacy invasion is low (i.e., they see it as hypothetical), then they don't care about the issue.
What's the chance of this happening to a random person? I don't know, it depends of if someone has an axe to grind I guess.
In that sense you might be right, in terms of picking a concrete thing that has happened to a person, or someone they know to make this less abstract, this might not be the best approach.
Ask them to show you their full internet history. Ask them to give you a copy of their family's internet history, including parents, siblings and children. They aren't allowed to ask for permission.
No, those are not comparable. Next time someone says they have nothing to hide, ask them to send their bank account details and PIN, or naked photographs of themselves, to their countries law enforcement or intelligent services. The question is not do i have anything to hide from some random stranger or the general public, the question is should law enforcement and intelligence services have these rights.
The apparatus of surveillance feeds corruption, it's not hypothetical that is what actually happens. Journalist trying to find sources on corrupt politicians, judges, police officers, businessmen etc would never find them because potential whistle-blowers stay mute.
Back in the early 1980s my household was one of the few on the estate to have a telephone. You knew by the lack of overhead cables. This was in Northern Ireland during the Troubles.
One day a distraught woman came to the door and asked to make a call to her husband. My mother consented, the woman made a very odd short call and left.
For months afterwards we had strange noises on our line, clicks and echoes. I suspect our line was monitored after that call had been traced back to us. I don't know who she called but it always stuck in mind that one mistake was enough to emd up on a list.
We begin therefore where they are determined not to end, with the question whether any form of democratic self-government, anywhere, is consistent with the kind of massive, pervasive, surveillance into which the Unites States government has led not only us but the world.
This should not actually be a complicated inquiry.
But I can imagine some scenario where I am in a court and the opposing side have had access to my internet history. It wouldn't be very hard to paint me in a pretty bad light if you were very selective - much like the quote above.
Eg. "The defendant has previously looked at gun videos on the internet, reads hacker message boards, and once even read how to make TNT."
What truly terrifies me about this is how little control most users have over the websites they "visit". This law requires ISPs to log the domain name of websites users connect to. All it takes is one dodgy advert on an otherwise ordinary website to incriminate you. Worse, you might not even know this has happened, as the ad itself might be completely innocuous. But by virtue of being hosted on a website the government considers suspect, you find yourself on a list.
I don't know if this actually happens in practice, but I have heard stories of bad actors using adverts to distribute malware - it doesn't take a stretch of the imagination to see the same bad actors using adverts to generate false positives to the authorities.
Ad blockers are going to become more important than ever.
Wow that's a good point: in the era of false news, getting someone to visit a site that covertly logs them as having visited suspicious domains would be pretty trivial.
Just publish some really divisive fake news about Brexit and that'll rack up the UK hits on Facebook.
It's so disgustingly trivially easy, I don't feel comfortable making even basic comments about how Id do that.
But I am going to try a few PoC ones later today. (On a private network, using all domains and computers I control.)
I... View a lot of use of digital records as the witchtrials of the modern era (eg, cases where people got charged for child porn because a coworker used their machine, but the logs say it was them!). The conclusions don't logically hold up, but reveal something about our reverance for technology (and assuming it worked right).
How did we get here? Many folks have surfed the web for 20 years, even more for 15, most for 10 --- now in 2016, surprise surprise, fake news abound! /s Almost as if coinciding with the calls for (or introductions of) related legislation..
Just a narrative being peddled [0]. The mainstream media lost their grip on "the people" so now need to brand anything that isn't themselves as "fake news". Google Trends shows how blatantly obvious the narrative crafting is. It's only suddenly an issue because the MSM needs it to be. So within a very short amount of time you see MSM like the NYT or WaPo posting articles about 'Fake News' and getting everyone to start talking about it.
The number of people online, the level of engagement, and the money being made in online advertising, is unprecedented. I don't know what impact it had on the election, but it was definitely something that has attracted more attention due to the campaigns. It's not unusual for a problem that has existed for a relatively long-time to suddenly come to the attention of the legislature when it rises in prominence.
Fakenews/webspam has been profitable for years. I've seen articles with titles like "Martin Sheen dead!" for a lot longer than the 2016 US Presidential campaign (which, granted, seemed like it lasted forever)
Lets face it: in the end, mass surveillance like this is a tool of terror, not of gaining knowledge. It's about injecting fear into society. And it already starts to work, obviously.
Yeah I was curious about what level of detail will be recorded. According to the article: "The law forces internet service providers to keep a record of all the websites – not the actual pages – you visit for up to a year."
If they aren't recording the pages, I'd doubt they've be recording the ads embedded on the page.
But who knows, I imagine it's down to how the ISPs implement the legislation.
They're logging the hostname of every "site visited". However, an ISP won't be able to distinguish between a URL you entered in the address bar, and a URL requested by an iframe, img or script tag embedded on a page.
They can't record the pages if the request is over https, as per most web sites these days. The IP address is known because it's necessary for routing traffic, but the content of each HTTP request and response is encrypted, and that's where the rest of the URL lives.
True. Anyone know if this new IP law allows the gov to do this? I.e. if they tried to prosecute and it came to light that the logs were obtained using a MITM attack, would the evidence be nullified?
That's pretty clear. It does depend of what level/technology is used in the Encryption, but broadly, against nation state actors with full virtual and physical hardware access, you are to put it bluntly, stuffed.
To anyone reading this, the link says: "It is unclear whether such rules would apply to companies which don't operate directly in the UK", so it is literally not pretty clear.
There is no technical solution to such a problem. There is only a political solution. Either force government to change politics, or change government.
Some background of why I believe this. I grew up in communist East Germany (GDR) and lived there for 27 years, until - yes - we changed the government. Trying to change politics beforehand was not so successful after all. As you may know or may not know, that state was based to a good extent on the soft terror of broad surveillance. In the 70s and 80s of the last century, to achieve this a lot of human power was needed. Nowadays, surveillance can mostly be based on technology. I'm much concerned - given my life experience - about the trend over the last years to undermine democracy in the name of saving it - all over the (yet) free world. At least I know how a society looks like, that is no longer democratic.
The technical solutions like VPN or whatever are similiar to what we called "inner emigration" back in the past. It was a widespread phenomenon in that society. But only once many people have stopped this kind of hiding, and have publicly stripped off their fear, the system began to tumble. In the end, all the surveillance could not save it. They did know what happened and they could not stop it, simply because the people did not play their game anymore.
That petition mentioned here elsewhere is the right way. Sign it if you are a UK citizen. I'm unfortunately not, but I would do it now.
> yes - we changed the government. Trying to change politics beforehand was not so successful after all
East-German too, younger though. Yeah it's funny, all the time it seems impossible for "da people" to engender substantial change in governance. Then woopdidoo, some Gorbachev comes along, holds some talks with the Reagans of this world, eastern client states slowly learn they now can and should hold off a bit from total autocracy, and "the folk" get to exercise some agency for a brief time.
Beautiful. Where was this agency after Snowden, after other introductions or revelations of police/surveillance state measures? Looks like it wasn't quite as expedient to today's Reagans/Gorbachevs/etc of today. Sorry people, no illusion-of-agency for you when alignment with officious objectives is absent.
I am not from UK, but listen to me if any folks from UK are reading this.
This is one of the things that is harmful to your privacy. Should the list of websites that you visit be available for government unless you are under active investigation? Its not just the list of websites but every packet data that your devices send out, which means government could see your messages, data sent to dropbox, online spreadsheet like google docs etc. This is mass surveillance. You should be proud that your government have a website were you can start petitions. Now please use this feature and sign the petition so that this surveillance law can be repealed.
You sign the petition and ask your close friends and family to do the same. What you do not need is an intrusive government. I am voicing this because even though I am not a UK citizen, I do not want law makers in my country thinking "Oh those chaps has a fine surveillance law and their citizens are okay with it. Lets adopt that law".
Honestly not sure how well those really work either. As long as a majority (or lets face it, significant minority, see US election) can be manipulated into voting against their interests the only thing politicians need to fear are actual threats to their power.
Governments are nothing without people on their side. If enough people demands to repeal a bad law, they have no choice but to repeal it. If they don't people will know its not their government anymore. At least that is one good thing about democracy or any form of government that will listen to their people.
Totally agree. Political action is the only thing that helps here. To all the people in the UK who not agree with that new law: there are many people all over Europe on your side. And if it comes to the need of action in our own countries, we will not hesitate.
I have taken to sending all traffic through my own IKEv2 VPN hosted in Germany.
I have a script to automate setup [1], which I will be updating shortly to use Let's Encrypt and to generate an on-demand Mac/iOS configuration profile that keeps one constantly connected.
I have half a mind to set up some semi-commercial service on the basis of complete transparency and the motivation to avoid the Investigatory Powers Act (most existing VPN services seem to come across as very shady).
It defines the IP range of the devices on the VPN to be a subset of the special/reserved "private network" range [0].
More specifically it says that the VPN IP's are over the range of 10.10.10.0 to 10.10.10.255. This can be calculated from taking the binary representation of the specified IP and 'fixing' the first 24 (in this case) bits, the range of possible addresses is the range over which the last 8 (in this case) bits can vary.
It is common to also see a broadcast address, gateway, and network mask specified.
Done. And it's not so much that I care about how much they snoop on me, but more that I know how absolutely useless they are at storing all this data so it can't be abused by malicious parties.
Does anyone happen to know if any of these petitions have actually stopped a bill or caused it to be amended? Would be disappointed to think it's just a placebo.
>But if they are not out to get you, why act as though they should be? It’s probably better to be as inconspicuous as possible, while limiting the amount of data that might turn up in some bored agency’s random fishing expeditions.
So what this person is saying is that under something like the Nazis or Stalin, they would have cruised right along. That is what they are actually saying, and that's all they're saying. Saying "I don't have anything to hide" really translates to "I am so far away from any adult responsibility and intelligence that I don't even realize I should be hiding that.", and anyone over 20 still saying shit like that you can write clean off, as far as I'm concerned.
"Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say."
--Edward Snowden, my favorite thing he's ever said.
Some questions for anyone who happens to have been following this closely:
1. What exactly is being stored? I have seen stories/comments saying it is domain names visited from web browsing but does it also cover other internet activity? Or is it being left vague?
2. Does the requirement to keep data for one year come with a corresponding obligation to delete it after that? Are they allowed to keep it longer (perhaps summary/derived data for cost reduction) ?
3. Can the organisations with access make bulk requests for all the data or do they have to request records one ip addr/person at a time? (yes, I know an IP is not a person etc).
4. If the data does have to be destroyed at some point does that only include data collected by the isp or also include copies made by those with access?
5. Are there any published numbers on roughly how many people will have access to collected data?
This is about protecting yourself from ISP logging now required by government. Using a VPN and to tunnel your connection via [another country] may not be sufficient to avoid the government snooping Snowden talked about, as referred to in the article.
You're quite right. It's more akin to drawing your curtains and locking your front door. Anyone with enough motivation can break in but at least it's not all out on display.
There is a secondary risk, and that is that ISPs (who IME often don't have skills or decent budgets for this sort of thing) are storing your data. At some point an ISP is going to get hacked for this data. At least re-routing to a server somewhere bypasses that storage, even if it doesn't protect against overarching state snooping.
In spite of the virulent dislike for the Daily Mail usually expressed in these pages, I'll stick my head out and offer a link to a list of the folk who'll be snooping on your browsing if you live in the UK.
Metropolitan police force, City of London police force,
Police forces maintained under section 2 of the Police Act 1996, Police Service of Scotland, Police Service of Northern Ireland,British Transport Police,
Ministry of Defence Police,Royal Navy Police,
Royal Military Police,Royal Air Force Police,
Security Service,Secret Intelligence Service,
GCHQ,Ministry of Defence,Department of Health,
Home Office,Ministry of Justice,
National Crime Agency,HM Revenue & Customs,
Department for Transport,Department for Work and Pensions,
NHS trusts and foundation trusts in England that provide ambulance services,Common Services Agency for the Scottish Health Service,Competition and Markets Authority,
Criminal Cases Review Commission,Department for Communities in Northern Ireland,Department for the Economy in Northern Ireland,Department of Justice in Northern Ireland,
Financial Conduct Authority,Fire and rescue authorities under the Fire and Rescue Services Act 2004,
Food Standards Agency,Food Standards Scotland,
Gambling Commission,Gangmasters and Labour Abuse Authority,
Health and Safety Executive,Independent Police Complaints Commissioner,Information Commissioner,
NHS Business Services Authority,Northern Ireland Ambulance Service Health and Social Care Trust,
Northern Ireland Fire and Rescue Service Board,
Northern Ireland Health and Social Care Regional Business Services Organisation,Office of Communications,
Office of the Police Ombudsman for Northern Ireland,
Police Investigations and Review Commissioner,
Scottish Ambulance Service Board,
Scottish Criminal Cases Review Commission,
Serious Fraud Office,Welsh Ambulance Services National Health Service Trust.
One way to protect youself is by writing a program that sends random requests every few seconds to an URL of a database of millions of URLs. Then they will have to find out which your actual visits were and which not.
I suspect on site level there won't be too much to allow effective identification of threats without a lot of false positives. This may be intention as with a "reasonable" suspicion more invasive procedures can be justified.
The biggest practical near term threat could well be to the spouses of all the parties that can request the data. Other likely threats are employers, particularly public ones.
If you need minimal no-fuss, pay for what you use type of setup, you can use Amazon Lambda to proxy for you. Hook this up to FoxyProxy or something like this with some good rules and you will be on a good track in terms of your default browser.
That being said, VPN will be always better and it doesn't cost very much to set one up on DO.
"Why should people care about surveillance? Because even if you're not doing anything wrong, you're being recorded. You don't have to do anything wrong. You simply have to eventually fall under suspicion, even by a wrong call. They can use this system to go back in time and scrutinise everything, and derive suspicion from an innocent life and paint anyone in the context of a wrongdoer." -Edward Snowden
"If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him." -Cardinal Richelieu
You may not have anything to hide, but you should hide as much as you can anyway, because anything you say or write may be one day used against you in a court of law.