UK ISP Snoopers Bill and DNS

Question

The United kingdom now has one of Europe's if not the world's worst overt personal privacy laws. All Internet service providers must now as standard log every website visited with a rolling time frame of one year. This is not a system that targets a specific person of interest but the whole UK population.

Summary of new regulations: http://www.bbc.co.uk/news/technology-38150530

Snoopers Charter: http://www.bbc.co.uk/news/technology-38130344

Petition: https://petition.parliament.uk/petitions/173199

The usual anti privacy arguments are out and about: "If you've got nothing to hide, you've got nothing to fear"

Response:

• https://en.wikipedia.org/wiki/Nothing_to_hide_argument
• List item

https://www.openrightsgroup.org/blog/2015/responding-to-nothing-to-hide-nothing-to-fear

Why "If you've got nothing to hide, you've got nothing to fear" is not a valid argument as shown by Openrightsgroup:

It encourages a complete trust in state powers - that you will never face wrongful suspicion or misuse of powers, for only the guilty are affected by mass surveillance.It encourages people to embrace their own innocence, to look inwards, and not to look at how other people have been treated or targeted. And after all, this is a climate of fear. Being told that nothing to hide means you have nothing to fear is reassuring. We all want nothing to fear.It also introduces the vague threat that just maybe, if you haven’t behaved, you do have something to fear. Not something to challenge, or criticise, but to fear. And so it keeps us in our place....

Examples where it has gone wrong:

Victims of police misconduct. For example, Doreen Lawrence and her family were surveilled in attempts to smear them and undermine their fight for justice.

• MPs need privacy in particular for their constituency work, which involves meeting with people who share very personal stories and situations, and challenging the actions of the government. For example, recently MPs confidential calls with prison staff were recorded and monitored.
• Disabled people are often scared of speaking out about mistreatment because they are can be put under direct surveillance by both government bodies, and neighbours, to try and 'catch them out' as 'not really disabled'. Environmental campaigners have for many years been under direct surveillance, particularly women who were deceived into having relationships with police officers.
• Journalists are frequently at risk of big business and government surveillance tracking their leaks, their stories, their whistleblowers, and their criticism of the government and the police.
• Whistle-blowers cannot expose wrong-doing, whether by the state or powerful businesses, in a world that always watches, but are meant to have special protections.
• Lawyers rely on client confidentiality, a principle which is key for a fair trial, and for a working justice system. People of minority sexualities and identities can lose their families or jobs or security when robbed of the control over who they share their identity with.
• Doctors, hospital workers and their patients expect to have confidentiality when discussing personal health. Encryption advocates and researchers are monitored for what they know in case they discover existing secrets, or new knowledge of security and software, which the government can use.
• Muslim community face racial profiling and Islamophobia.
• Women being harassed need the safety of anonymity and privacy, to defend against abuse in their online spaces and aggression like swatting in their homes.Women stalked or tracked by abusive partners, which has become a problem so common that Women's Aid has a clear and prominent guide to hiding your tracks online on its website.

These are all people for whom surveillance turns into real, felt harms. The vulnerability created by an all-watching surveillance state affects everyone who needs their privacy. When they are listed out like this, you can see how so many people fall into one of these categories.

Side Note: A nice link to opt out of mobile and public WiFi location tracking: https://optmeoutoflocation.com/

WHO CAN VIEW YOUR INTERNET HISTORY (No Warrant/Court Order)?

1. Metropolitan police force
2. City of London police force
3. Police forces maintained under section 2 of the Police Act 1996
4. Police Service of Scotland
5. Police Service of Northern Ireland
6. British Transport Police
7. Ministry of Defence Police
8. Royal Navy Police
9. Royal Military Police
   10. Royal Air Force Police
   11. Security Service
   12. Secret Intelligence Service
   13. GCHQ
   14. Ministry of Defence
   15. Department of Health
   16. Home Office
   17. Ministry of Justice
   18. National Crime Agency
   19. HM Revenue & Customs
   20. Department for Transport
   21. Department for Work and Pensions
   22. NHS trusts and foundation trusts in England that provide ambulance services
   23. Common Services Agency for the Scottish Health Service
   24. Competition and Markets Authority
   25. Criminal Cases Review Commission
   26. Department for Communities in Northern Ireland
   27. Department for the Economy in Northern Ireland
   28. Department of Justice in Northern Ireland
   29. Financial Conduct Authority
   30. Fire and rescue authorities under the Fire and Rescue Services Act 2004
   31. Food Standards Agency
   32. Food Standards Scotland
   33. Gambling Commission
   34. Gangmasters and Labour Abuse Authority
   35. Health and Safety Executive
   36. Independent Police Complaints Commissioner
   37. Information Commissioner
   38. NHS Business Services Authority
   39. Northern Ireland Ambulance Service Health and Social Care Trust
   40. Northern Ireland Fire and Rescue Service Board
   41. Northern Ireland Health and Social Care Regional Business Services Organisation
   42. Office of Communications
   43. Office of the Police Ombudsman for Northern Ireland
   44. Police Investigations and Review Commissioner
   45. Scottish Ambulance Service Board
   46. Scottish Criminal Cases Review Commission
   47. Serious Fraud Office
   48. Welsh Ambulance Services National Health Service Trust

There are many technologies out there that you can use to circumvent such logging from VPN, Tor. Each has its own drawback from speed to location issues depending on exit nodes.

VPN: https://www.perfect-privacy.com TOR: https://www.torproject.org/

Questions:

What data are they actually saving just the URL and TimeStamp or IP plus etc.. ? Is this information acquired from DNS requests?

What access does UK Police currently have to ISP logs, and what information can said logs provide?: According to The Data Retention (EC Directive) Regulations of 2009, Internet Service Providers (ISP) are required to keep some data for 12 months. This includes which IP address people have been assigned, plus log-in and log-off times; the sender, recipient, date and time of emails; and the caller and recipient of Internet telephone calls.

Out of interest why is DNS not fully encrypted ? I know there is DNSCrypt (https://dnscrypt.org) but seems to be already out of date in that it does not seem to do a good job for privacy. I guess this is due to the needing to keep with the DNS standard.

When a browser requests a website to which it does not know the IP it will query a DNS server for it. At what level is this query made ? For example when I create a Socket in Java using the domain name is it the library that does the DNS request in the background or something that happens at the OS level/lower down ?

The reason I ask is because it seems to me at a high level at least a combination of Block Chain with a layer on top that will allow DNS queries using TLS might offer some degree of privacy and DNS integrity. I guess it may have too large an overhead with the current structure however if distributed with each computer even with the increased overhead would the increase in DNS servers (distributed nodes) not counter the limits ?

In any case would like to hear the overflows opinions ?