21

I'm currently researching a novel that has a crime element that centres around Internet-exclusive relationships and I would appreciate any help you might be able to offer regarding how much access the UK police have to ISP logs (and any other relevant Internet-based information) and what this information might tell them.

A little more info on the basic scenario: computer equipment has been thoroughly destroyed (on a bonfire — the platters melted, etc.) and the owner has been murdered. The criminal investigators have reason to believe that there is an Internet relationship to be investigated but, because of the destroyed equipment, do not have the access to the information that they normally might. So, what could they do about investigating through ISP logs, bearing in mind that the individual concerned is now dead?

Also, am I right in thinking that, under current legislation, police have no access to Facebook accounts/logs and Skype?

Zaffy
  • 185
  • 1
  • 8
Gary William Murning
  • 213
  • 1
  • 2
  • 5
  • I've now marked this question as answered. I may have follow-up questions, if that is okay, over the next few weeks—but understand that this forum is not, strictly speaking, for protracted debate but rather questions and answers, so feel it best if I don't drag this particular thread on too long. I just want to take this opportunity to once again thank all of those who have contributed. It has already helped considerably. – Gary William Murning May 03 '13 at 09:03
  • Please feel welcome to either ask questions, or if you do want to discuss, we have a lively chat room - the DMZ [chat] where debate is not only welcome but encouraged. – Rory Alsop May 03 '13 at 10:11
  • Thanks, Rory—I'll definitely drop by the chat room when time allows! – Gary William Murning May 03 '13 at 10:21

3 Answers3

12

There's a decent article on the BBC on this type of information here: http://www.bbc.co.uk/news/technology-17586605

In terms of what they'd get from an ISP, the likelihood is that it would be what they accessed and when, search results, search terms etc. However, the contents of online conversations wouldn't be available though they might be identified in on-line forums, blog posts, comments etc. Also, all information posted to Facebook would be available - police have to request this access. If it can be identified who the protagonist had Skype conversations with, I'm sure the history could be restored - this would likely require a warrant with Microsoft rather than the ISP. They should also be able to get access to online email accounts such as hotmail/gmail/yahoo by serving warrants to those parties.

Another article : Google report reveals sharp increase in government requests for users' data - http://www.guardian.co.uk/technology/2012/nov/13/google-transparency-report-government-requests-data

The length of time for which the police will be able to retrieve ISP logs is debateable though it's like this won't go back more than a few months so, if your protagonist's relationship isn't recent, the trail could go cold!

AndyMac
  • 3,149
  • 12
  • 21
10

I love to answer these questions, and I feel a bit excited/proud that you'd choose Security.StackExchange to ask this question.

According to The Data Retention (EC Directive) Regulations of 2009, Internet Service Providers (ISP) are required to keep some data for 12 months. This includes which IP address people have been assigned, plus log-in and log-off times; the sender, recipient, date and time of emails; and the caller and recipient of internet telephone calls.

The situation is highly dependent on the plot of your novel. Officially, law enforcement agencies could request access to the previously mentioned data, but ISPs are capable of storing much more information than that. If the user isn't using any safe connection methods (VPN, SSH, Tor, SSL-enabled services, etc...) the ISP can store the much more information like Facebook messages and emails. If the user is using UK-based email service provider, it's even more likely for the law enforcement agencies to have access to his emails.

But if you're looking for the plausibility, then yes. The situation in which law enforcement agencies are capable of retrieving and accessing the Internet usage of a user is very plausible. After all, the official policies aren't really what is being applied most of the time.

Adi
  • 43,808
  • 16
  • 135
  • 167
  • Sorry, I seem to be having problems getting my replies where and how I want them! This is intended as a general reply to both of the answers—from AndyMac and Adnan … I'm going to reply in detail once I have digested this fully, but it is already truly helpful. Thank you. … A further question that has spun off from this is: if you wanted to have a secure conversation online as possible, which would be your preferred method? – Gary William Murning May 02 '13 at 09:51
  • @GaryWilliamMurning I can see this that this will be an extended conversation. You're welcome to join us in [The DMZ](http://chat.stackexchange.com/rooms/151/the-dmz) (the Security.StackExchange chat room). It'd be much easier to discuss this further. Plus, you'd have the luxury of listening to much more diverse opinions from our UK-based members. – Adi May 02 '13 at 09:55
  • I'm a little short on time today—but I'll definitely drop by ASAP :-) Thanks for bringing it to my attention. (I think you probably already qualified for a mention in the book acknowledgements ;-) ) – Gary William Murning May 02 '13 at 10:00
  • 4
    Security nerds! Now helping write the next best-seller crime novel! :D – NULLZ May 02 '13 at 12:25
  • D3C4FF: You ain't kidding! I tell you, forums such as this and the generous people involved make my life so much easier. Reading about stuff is all well and good, but being able to discuss it makes it a hell of a lot easier. So, once again, thank you, one and all! – Gary William Murning May 02 '13 at 16:56
8

Additionally to Adnan and AndyMac's answers, which focus mostly on access to logs, if the police decide to monitor an individual that has a high enough profile (think terrorists etc) then they can explicitly request a wiretap - which in this day and age is a little more advanced than the old line tap.

The wiretap can be set up to pass every piece of traffic to and from the target individual to the police. It could also be configured as a man in the middle attack, if law enforcement think the target is not likely to spot the changed certificate warnings.

Additionally, automated alerts on particular words, URLs, connections etc can be configured.

As regards your follow up on securing comms, there are two aspects to this:

  • anonymisation, which can be handled in part by TOR, although it is possible to identify TOR exit nodes if necessary (see other questions here on TOR and anonymity)- but more generally, connections from mobile devices that are then thrown away, using temporary email addresses or secure voice apps, paid for using stolen credit card numbers.

  • privacy - strong encryption rules here. Assuming the participants have securely shared the encryption keys and the application performs encryption securely, this should be considered secure(see the famous xkcd cartoon - pipe wrench crypto at http://xkcd.com/538)

Rory Alsop
  • 61,367
  • 12
  • 115
  • 320
  • 1
    +1! Pipe-wrench/[Rubber-hose cryptanalysis](https://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis) is always on the spot. – Adi May 02 '13 at 11:01
  • I agree with you there. I was looking as if the character wasn't previously of interest to the police. Using foreign TOR nodes without agreements with UK authorities is a good point and the public key infrastructure for security with a third party would definitely complicate matters. I guess a lot of it depends on how technical the book needs to be! – AndyMac May 02 '13 at 11:02
  • You will have to forgive me if time a little foggy—have been drinking with my uncle this afternoon and I'm a little worse for wear!—but, in a nutshell, I want to avoid too much technical detail. Essentially, I have an extremely manipulative individual who communicates with his "victims" predominantly through the Internet. For most of the novel, the criminal investigators have no obvious suspect. (I don't really want to give too much away plot wise in a public forum, but, as mentioned, all the victims have had their computer equipment thoroughly destroyed.) [continued] – Gary William Murning May 02 '13 at 16:47
  • [continued from above] … Basically, I want to make it as difficult for the criminal investigators—fairly basic North of England CID—to get a handle on the individual perpetrating these "crimes". I need him to talk extensively with his "victims" online, but in such a way that makes him is difficult as possible to trace. – Gary William Murning May 02 '13 at 16:49
  • 1
    @Gary - in which case TOR might be overkill (it is essentially a way of hiding where you are and what computer you are using, on a global level) but it does work and is used by many people - is relatively simple these days. You may also look at Internet cafes and public computers in different locations, or mobile devices, or even piggybacking off innocent wireless networks (homes, shops, airports etc). – Rory Alsop May 02 '13 at 17:07
  • @Rory – I think, the central problem is that the victims have to communicate with the perpetrator for a substantial period before the crime is committed. So they need a consistent way of communicating that doesn't prompt suspicion in the victim, and which will be resistant to forensic after-the-fact analysis. … I'm thinking of TOR with a combination of the other suggestions you and others have made. … That, however, leaves email—I also need my the "murderer" to be able to email his victims and others without being traced (after-the-fact). What would be the best way for him to do this? – Gary William Murning May 02 '13 at 17:18
  • 1
    Well, you have options of: compromising an innocent's email account (eg if they were away on holiday, or deceased) and discard it once not needed any more, or just setting up a range of free accounts with email providers in various countries. Some have very poor information sharing relationships with the UK. – Rory Alsop May 02 '13 at 23:00
  • Thanks, Rory. That was pretty much what I was thinking—but, having only read around these subjects, REALLY good to have that confirmation. – Gary William Murning May 03 '13 at 08:28