'Black boxes' to monitor all internet and phone data

Originally posted by XstanX888
Why are you guys over in the UK so f*** up over there in terms of surveillance? I just do see how it has moved that far.

It's kind of a global problem, barring the surveillance camera situation (we've got more than China, apparently), but proposals like this get far more attention here because of various intricacies in the way legislation is passed. More weight is given to the views of service providers, during at least one consultation stage, and the press keeps an eye on the Green Papers released by Parliament.

Sometimes legislation gets torn down, as happened with the National Identity Register, and other times countermeasures just evolve so we're always one step ahead anyway. Whatever governments implement, the Internet will just adapt to that. Almost nobody encrypted their connections 10-15 years ago, and today everyone does for about 70% of online services. By the end of the decade, I reckon IPSEC and VPNs will become standard.

One little secret about surveillance and traffic interception is the methods are pretty much universal across the parties using them, whether they're criminal groups, governments, crackers, targeted advertisers, etc. We're talking about capabilities that were around for a long time, and have pretty much been dealt with.

Originally posted by SilentKoala
You can encrypt your own data yourself if you want it to remain private. There are several encryption algorithms out there that haven't been cracked.

Yes you can encrypt data... but how do you suppose one might encrypt a http connection to a website when the server obviously wont understand the protocols or data you are sending it? The only safe websites will be https websites, assuming the Government doesn't have some way to compromise the SLL certificates... and it sounds like they are working on ways to do that for large services such as Facebook and Gmail.

Ok, one little question........
All this is being done to allegedly catch criminals/terrorists....

Erm, cant they just go out and buy an unregistered 3g pay-as-you-gi phone?
If their name and address are not registered, then what is the point in reading the emails? How would they be able to track any illegal content emails if they cant track back to the individual who owns that phone?
it just makes no sense. If there are easy methods to stay annonimous, then it kinda defeats the whole purpose.
If you can stay annon that easy, then the content of the email does not really matter, you aint gonna get caught.

That being the case, then does this scheme have an ulterior motive?
What info could they really be after, if its not to capture the underworld?

Change your DNS to 8.8.8.8 and the secondary to 8.8.4.4 (Google Open DNS) This will make it harder for them to track you! Also use Hide My Ass.

Originally posted by notcanny
Change your DNS to 8.8.8.8 and the secondary to 8.8.4.4 (Google Open DNS) This will make it harder for them to track you! Also use Hide My Ass.

I hate to break this to you, but changing your DNS wouldn't help. The TCP/IP packets still reveal your IP address and that of the server you're trying to reach, plus whatever content you're communicating. This is what the black boxes are pulling from the traffic.

HideMyAss also won't hide your ass if you commit an offence and law enforcement requests logs from them. This is how one of the LulzSec guys got busted.

I recall a series of court decisions that disallowed for this kind of monitoring, so I don't think its constituationally legal and won't hold water. I suggest the telephone and cable companies don't do what I believe was disallowed in court.

Solution:

Everyone who uses outlook or any mail service where you can use a signature template - put every suspicious word that the government would flag in your signature, in random order. That will create so much noise in their system that they'd become overwhelmed.

Originally posted by Unity_99
I recall a series of court decisions that disallowed for this kind of monitoring, so I don't think its constituationally legal and won't hold water. I suggest the telephone and cable companies don't do what I believe was disallowed in court.

Which constitution?

This is in the UK.

Originally posted by Unity_99
I recall a series of court decisions that disallowed for this kind of monitoring, so I don't think its constituationally legal and won't hold water. I suggest the telephone and cable companies don't do what I believe was disallowed in court.

That's usually decided by case law here in the UK, and there's been nothing on that as far as I'm aware, apart from a criminal investigation into Phorm which didn't lead to a prosecution. Since we don't have a constitution (apart from the Magna Carta), the only limitation I can see is the Regulation of Investigatory Powers Act, 2000, which says the government (and police) can look at information about your communications, but not the content itself without a warrant, plus a load of other things. How they'll separate the two in the context of email communications is anyone's guess.
The only benefit I can see from the revised legislation is that fewer people would be allowed to access the data.

news flash

the NSA already has echelon

read all about it

imo snooping has been here since forever in one form or another.
if you have access to spycatcher by greengrass (certain it was banned in the uk for some time) you will understand how snooping evolved in the decades mentioned.
i feel the system has become that big, government has decided to outsource the activities and frontload the isp's with the cost and running of the systems. they just cherrypick what stands out for them.

when you consider the amount of traffic that will be logged and retained, anyone using solid cyphers when it is noticed will be required to hand the keys over to the authorities if they suspect or have credible evidence of criminal activity. failure to hand over the keys will result in jail time innocent or guilty. it goes beyond the principle of privacy i suspect.

i wonder who is in tender for manufacturing the black boxes? government approved of course!

f.

Originally posted by syrinx high priest
news flash

the NSA already has echelon

read all about it

NEWSFLASH!

This is in the UK, and ECHELON is in the US.

Also, worth noting, the technology being discussed here is in no way comparable to ESCHALON's capabilities.

Of course, if you took the time to read beyond the headline before jumping to conclusions, you would know that.

Originally posted by fakedirt
when you consider the amount of traffic that will be logged and retained, anyone using solid cyphers when it is noticed will be required to hand the keys over to the authorities if they suspect or have credible evidence of criminal activity. failure to hand over the keys will result in jail time innocent or guilty. it goes beyond the principle of privacy i suspect.

Yes, if the judge suspects the person is capable of decrypting whatever content. Sometimes people 'forget' the decryption key. As far as encrypted connections and asymmetric encryption are concerned, the sender can only encrypt a message, never decrypt it.

reply to post by Amanda5


I totally agree with what you have said. I think we are already being watched and have been for quite some time. I also think that TPTB don't really care what we know and/or what we may find out...they figure (what can we do about it!)

reply to post by XeroOne


of course it will depend on other information/intelligence on an individual for the judiciary
to make a decision and the 'forgot' argument will be taken into account. frequency of cypher use,
destination, affiliation, in fact the whole works will be placed upon the table, so, some kid
fooling with 256/512 with a classmate will not raise as many eyebrows as some individual sending
regular encrypted packets offshore, especially if in the locations of sensitive areas or privy to classified
content for example.

f.

Originally posted by fakedirt
reply to post by XeroOne

 

of course it will depend on other information/intelligence on an individual for the judiciary
to make a decision and the 'forgot' argument will be taken into account. frequency of cypher use,
destination, affiliation, in fact the whole works will be placed upon the table, so, some kid
fooling with 256/512 with a classmate will not raise as many eyebrows as some individual sending
regular encrypted packets offshore, especially if in the locations of sensitive areas or privy to classified
content for example.

f.

You've raised another good point. The type of encryption and the context in which it's used can matter a lot. For example, and exchange over SSL and maybe VPN wouldn't attract too much attention, as everyone else is using it, but a message encrypted with PGP is a different story because fewer people are prepared to put the effort into encrypting stuff manually.
Sending classified material from sensitive locations isn't really an option these days, since companies started putting more effort into preventing the exfiltration of 'intellectual property' from their networks, plus it's common practice to audit network activity.

Originally posted by Unity_99
I recall a series of court decisions that disallowed for this kind of monitoring, so I don't think its constituationally legal and won't hold water. I suggest the telephone and cable companies don't do what I believe was disallowed in court.

I'm sure they are listening...breathlessly.

reply to post by XeroOne


the 'individual' would not need to be on-site per se. take logistics at airports/bases both naval and military, just in visual range would be enough to gather intel for a sitrep. walk to a flat, power up a second hand notebook with payg dongie and juice the airway.

i suspect the initiative will encapsulate all government departments. tax,benefit,immigration, again in fact all dept's will i suspect require access to these databases to cross-reference information to keep a handle on any and all individuals for the purposes of recognising activites deemed illegal/questionable, especially if the government can benefit from the gleaning of fixed penalties or prosecutions leading to financial benefit to the state.

we already have the likes of experian possibly searching databases for questionable activity of individuals on behalf of the government i am led to understand.
are the government unknowingly setting themselves up for abuse as much as the failed/struggling pfi initiatives of hospitals?

ta f.

Its already established that any data entering the USA can be intercepted by the NSA as at the point they get it delivered its not actually in the USA so all the stuff you pull in from abroad will have a 'checked by the nsa' stamp on the data packets and i'm sure the same happens in the UK and we probably trade the data so we can read each others data streams legally via some security treaty

Originally posted by fakedirt
reply to post by XeroOne

 

the 'individual' would not need to be on-site per se. take logistics at airports/bases both naval and military, just in visual range would be enough to gather intel for a sitrep. walk to a flat, power up a second hand notebook with payg dongie and juice the airway.

I'm pretty sure they're well protected against that kind of naughtiness.

i suspect the initiative will encapsulate all government departments. tax,benefit,immigration, again in fact all dept's will i suspect require access to these databases to cross-reference information to keep a handle on any and all individuals for the purposes of recognising activites deemed illegal/questionable, especially if the government can benefit from the gleaning of fixed penalties or prosecutions leading to financial benefit to the state.

That was actually one of the intentions behind the National Identity Register which the New Labour government tried ramming through. A database that centralised all that would have been subject to numerous security risks, both insider and external, which was why I campaigned against it at the time.

Its already established that any data entering the USA can be intercepted by the NSA as at the point they get it delivered its not actually in the USA so all the stuff you pull in from abroad will have a 'checked by the nsa' stamp on the data packets and i'm sure the same happens in the UK

Easily determined with a protocol analyser like WireShark, although I haven't looked into that yet. I'm not sure where in the packet they'd place the stamp, or how exactly they'd properly check the packets without adding a shedload of latency.