The United kingdom now has one of Europe's if not the world's worst overt personal privacy laws. All Internet service providers must now as standard log every website visited with a rolling time frame of one year. This is not a system that targets a specific person of interest but the whole UK population.
Summary of new regulations: http://www.bbc.co.uk/news/technology-38150530
Snoopers Charter: http://www.bbc.co.uk/news/technology-38130344
Petition: https://petition.parliament.uk/petitions/173199
The usual anti privacy arguments are out and about: "If you've got nothing to hide, you've got nothing to fear"
Response:
https://www.openrightsgroup.org/blog/2015/responding-to-nothing-to-hide-nothing-to-fear
Why "If you've got nothing to hide, you've got nothing to fear" is not a valid argument as shown by Openrightsgroup:
It encourages a complete trust in state powers - that you will never face wrongful suspicion or misuse of powers, for only the guilty are affected by mass surveillance.It encourages people to embrace their own innocence, to look inwards, and not to look at how other people have been treated or targeted. And after all, this is a climate of fear. Being told that nothing to hide means you have nothing to fear is reassuring. We all want nothing to fear.It also introduces the vague threat that just maybe, if you haven’t behaved, you do have something to fear. Not something to challenge, or criticise, but to fear. And so it keeps us in our place....
Examples where it has gone wrong:
Victims of police misconduct. For example, Doreen Lawrence and her family were surveilled in attempts to smear them and undermine their fight for justice.
- MPs need privacy in particular for their constituency work, which involves meeting with people who share very personal stories and situations, and challenging the actions of the government. For example, recently MPs confidential calls with prison staff were recorded and monitored.
- Disabled people are often scared of speaking out about mistreatment because they are can be put under direct surveillance by both government bodies, and neighbours, to try and 'catch them out' as 'not really disabled'. Environmental campaigners have for many years been under direct surveillance, particularly women who were deceived into having relationships with police officers.
- Journalists are frequently at risk of big business and government surveillance tracking their leaks, their stories, their whistleblowers, and their criticism of the government and the police.
- Whistle-blowers cannot expose wrong-doing, whether by the state or powerful businesses, in a world that always watches, but are meant to have special protections.
- Lawyers rely on client confidentiality, a principle which is key for a fair trial, and for a working justice system. People of minority sexualities and identities can lose their families or jobs or security when robbed of the control over who they share their identity with.
- Doctors, hospital workers and their patients expect to have confidentiality when discussing personal health. Encryption advocates and researchers are monitored for what they know in case they discover existing secrets, or new knowledge of security and software, which the government can use.
- Muslim community face racial profiling and Islamophobia.
- Women being harassed need the safety of anonymity and privacy, to defend against abuse in their online spaces and aggression like swatting in their homes.Women stalked or tracked by abusive partners, which has become a problem so common that Women's Aid has a clear and prominent guide to hiding your tracks online on its website.
These are all people for whom surveillance turns into real, felt harms. The vulnerability created by an all-watching surveillance state affects everyone who needs their privacy. When they are listed out like this, you can see how so many people fall into one of these categories.
Side Note: A nice link to opt out of mobile and public WiFi location tracking: https://optmeoutoflocation.com/
WHO CAN VIEW YOUR INTERNET HISTORY (No Warrant/Court Order)?
- Metropolitan police force
- City of London police force
- Police forces maintained under section 2 of the Police Act 1996
- Police Service of Scotland
- Police Service of Northern Ireland
- British Transport Police
- Ministry of Defence Police
- Royal Navy Police
- Royal Military Police
- Royal Air Force Police
- Security Service
- Secret Intelligence Service
- GCHQ
- Ministry of Defence
- Department of Health
- Home Office
- Ministry of Justice
- National Crime Agency
- HM Revenue & Customs
- Department for Transport
- Department for Work and Pensions
- NHS trusts and foundation trusts in England that provide ambulance services
- Common Services Agency for the Scottish Health Service
- Competition and Markets Authority
- Criminal Cases Review Commission
- Department for Communities in Northern Ireland
- Department for the Economy in Northern Ireland
- Department of Justice in Northern Ireland
- Financial Conduct Authority
- Fire and rescue authorities under the Fire and Rescue Services Act 2004
- Food Standards Agency
- Food Standards Scotland
- Gambling Commission
- Gangmasters and Labour Abuse Authority
- Health and Safety Executive
- Independent Police Complaints Commissioner
- Information Commissioner
- NHS Business Services Authority
- Northern Ireland Ambulance Service Health and Social Care Trust
- Northern Ireland Fire and Rescue Service Board
- Northern Ireland Health and Social Care Regional Business Services Organisation
- Office of Communications
- Office of the Police Ombudsman for Northern Ireland
- Police Investigations and Review Commissioner
- Scottish Ambulance Service Board
- Scottish Criminal Cases Review Commission
- Serious Fraud Office
- Welsh Ambulance Services National Health Service Trust
There are many technologies out there that you can use to circumvent such logging from VPN, Tor. Each has its own drawback from speed to location issues depending on exit nodes.
VPN: https://www.perfect-privacy.com TOR: https://www.torproject.org/
Questions:
What data are they actually saving just the URL and TimeStamp or IP plus etc.. ? Is this information acquired from DNS requests?
What access does UK Police currently have to ISP logs, and what information can said logs provide?: According to The Data Retention (EC Directive) Regulations of 2009, Internet Service Providers (ISP) are required to keep some data for 12 months. This includes which IP address people have been assigned, plus log-in and log-off times; the sender, recipient, date and time of emails; and the caller and recipient of Internet telephone calls.
Out of interest why is DNS not fully encrypted ? I know there is DNSCrypt (https://dnscrypt.org) but seems to be already out of date in that it does not seem to do a good job for privacy. I guess this is due to the needing to keep with the DNS standard.
When a browser requests a website to which it does not know the IP it will query a DNS server for it. At what level is this query made ? For example when I create a Socket in Java using the domain name is it the library that does the DNS request in the background or something that happens at the OS level/lower down ?
The reason I ask is because it seems to me at a high level at least a combination of Block Chain with a layer on top that will allow DNS queries using TLS might offer some degree of privacy and DNS integrity. I guess it may have too large an overhead with the current structure however if distributed with each computer even with the increased overhead would the increase in DNS servers (distributed nodes) not counter the limits ?
In any case would like to hear the overflows opinions ?