Comments

Pat CahalanMay 22, 2008 2:11 PM

At least they're not pretending that it's not wholesale, or just going ahead and doing it and hoping that nobody notices.

Wait, that's not much of a consolation.

HarryMay 22, 2008 2:15 PM

There's so much data involved that I don't think I'm worried. The government couldn't manage the db. Too much info has the effect of snowing under the system.

Paraniod? Me? Why do you ask?May 22, 2008 2:22 PM

Now you're assuming todays technology level forever. "Too much data" only needs more money to just be "data" when They have near-AI computers to do the searching, surveying and data mining.

PhilMay 22, 2008 2:23 PM

They'll be bogged down in all those spam emails so kindly sent by others on my behalf!

jammitMay 22, 2008 2:30 PM

It isn't racism if you hate everyone equally.
Privacy isn't about hiding your illegal actions from the authorities. Privacy is what keeps us from becoming illegal to the authorities. The best weapon of all is fear. We need to use the governments fear against itself.

Brandioch ConnerMay 22, 2008 2:30 PM

And, once again, the question is whether you believe that there are more terrorists in Britain ... or more crooked cops.

RoyMay 22, 2008 2:48 PM

Too much data? Nonsense.

Make a list of your political enemies, then find out everything you can about them, and use that information -- with added 'salt' (planted evidence) -- to destroy them.

Then, tomorrow, spy on hot chick celebrities, listen in on their phone calls, read their texting and email, and see if you can get surveillance imagery of them getting into or out of cars while 'going commando'.

paulMay 22, 2008 2:51 PM

Shall one assume that no more court orders also means no more audit trails? The transition from a) 12-month retention b) access by court order to a') essentially unlimited retention b') essentially unlimited government contractor access is pretty enormous.

Anyone want to bet that this version is being floated so that retention by carriers (at carrier expense) and unlimited government/contractor access is touted as a marvelous privacy-preserving compromise?

Andre LePlumeMay 22, 2008 2:56 PM

I, for one, salute our new data-hoarding British overlords, and remind them...yadda yadda

Given recent UK experience with boneheaded PII exposures, I am frankly astonished that this "idea" has been voiced.

David MeryMay 22, 2008 2:56 PM

The title doesn't really reflect the recent news.

The UK already has compulsory retention of traffic data for fixed and mobile phone for one year (Data retention (EC directive) regulation 2007). It will also introduce retention of traffic data for VoIP calls, emails and web visits by March next year (Communications data bill).

What is new in these articles is that the government has apparently plans to have all this traffic data on a government run central database instead of leaving it at the telecom operators and ISPs.

See http://gizmonaut.net/bits/police_state.html#data_retention for a short recap.

br -d

alanMay 22, 2008 3:13 PM

Reminds me of the Monty Python sketch "Blackmail".

Sounds like a new way to fund the government. Just blackmail anyone doing "wrong" and focus on your political enemies.

Sounds like what has happened since W. started tapping the phones in the US.

P GaloreMay 22, 2008 3:19 PM

I personally love spying, but I save my spying for the young ladies. One must wait for them to spread their legs just right before getting the shot.

Guys, seriously. Don't hate on spying until you try it. If we must live in a surveillance society, then relish it. Head to the beach, take your camera, and wait for the young booties to give you that perfect shot. Don't forget the close-ups.

Hey, they're used to it by now. We live in a surveillance society after all. There's always some good in everything. Tee hee. I'll post some pics/videos if anyone wants.

Davi OttenheimerMay 22, 2008 3:28 PM

Ok, I'm confused. Is this a database in addition to those already required to be held by the providers, in direct competition with them, or is it in lieu of the requirement for providers, easing the burden for the private sector? More importantly, does this mean people will need to maintain their own logs to dispute potential error in these upstream databases or will they have another right of refusal/dispute?

Bruce, any insight on WWBCD? (What will BT-Counterpane do)

Nomen PublicusMay 22, 2008 3:36 PM

Data is not information.

A vast database just increases the number of false positives because of random coincidences.

The trouble is, each positive result must be investigated. This takes investigators away from doing real work.

Trbetr BejryyMay 22, 2008 3:55 PM

Jryy gvzr gb rapelcg bhe cevingr pbairefngvbaf jvgu fbyvq rapelcgvba fpurzrf !

derfMay 22, 2008 4:55 PM

I'm sure we need even more nude pictures on the internet from the less intelligent people with camera phones tied to email accounts, but why put the corrupt government officials and police in charge of this distribution?

Jan SchejbalMay 22, 2008 5:33 PM

If this is "only" about the connection data (eg. who called whom at what time from which location etc.), it is not just the UK, but the whole EU, and it is already decided upon since years.

brianMay 22, 2008 5:45 PM

This may be the best excuse for massive war-dialing and spamming. Fill the database with utter garbage and overwhelm it.

SteveJMay 22, 2008 7:20 PM

@Jan Schejbel: Not quite.

Current EU situation is that routing data must be stored by telecoms companies and specific information can be requested from them by law enforcers. I think the EU directive is so far implemented in the UK for phone but not internet communication.

Storage by telecomms firms is not quite the same thing as all data being delivered to the government and stored by them in their own database. So even if this is just about routing rather than content, it's still goes further than the EU directive. I think the technical term is "gold-plating".

If the Tories are genuinely against it (which is a big if, the quote from them so far is "this might be a bad idea"), then it may well not happen even if the government wants it. I don't see such a database being created very quickly, and the government may well lose the next election.

Mind you, it's charmingly naive of all the reporters (all the articles Bruce links to seem to be based on a single wire report) to think that the database would contain "every email". We don't all use ISP-provided email: what if my PC connects to yours by secure SMTP? Over TOR? Even aside from that, somehow I don't see Google and Microsoft turfing over to the UK government all email traffic from all gmail and hotmail accounts which might belong to UK residents.

So, as is so often the case, this law enforcement measure will be "opt out" - someone with sufficient time and energy to spend can keep themselves off the database when necessary. Only the innocent and incompetent will be subject to scrutiny.

paulMay 22, 2008 7:37 PM

@SteveJ

Depending on how the thing is worded, it may indeed be incumbent on people like Google or Microsoft to turn over appropriate records or else face penalties in GB. And since the ISPs are already required to register web site visits, it will be easy to audit whether gmail/etc accounts are being used. (Depending on just how the definitions are written, the ISPs could be required to log all TCP connections, just in case they involved http, in which case anyone on the receiving end of a potentially mail-carrying protocol might receive a polite inquiry about what records they had neglected to turn over...)

Miguel AlmeidaMay 22, 2008 8:22 PM

This is just so senseless. People who need to keep their messages private will start using cryptography and render the system useless (unless, of course, the use of crypto becomes illegal...). And those who really want to fly under the radar will use some foreign servers, probably some webmail over SSL and steganography, PGP, etc. Telephones? Same principle, different technic - VoIP over some form of secure channel. So, what will be the real purpose of this? Will it be worth the [mega] Pounds? Do these people know what they're talking about? Do they know how the Internet works? I wonder...

P GaloreMay 22, 2008 11:01 PM

In all seriousness, where do these elected politicians come from. Every week, they come up with some new, egregious form of spying/monitoring/logging. It's not just one country but the entire planet.

One must conclude that the whole human race is totally hopeless and destined to fail. The average person simply is hopelessly incapable of understanding the long-term ramifications of his/her actions. Most peoples' brains are simply not wired to look at the long-term. Once you accept this hypothesis, you can look back and laugh, confident in the knowledge that you're smarter than 99.9% of the fluff out there.

Having superior intelligence, and despite the downfall of the human race, there are always opportunities for you to capitalize on the misfortune of your stupid brethren. While this planet will eventually be flushed down the toilet by the short-sightedness of the human race, it probably won't happen in my lifetime. So, the best I can do is find ways to profit from this.

Peace.

Or no peace. Who cares?

dogMay 23, 2008 2:32 AM

Informational cold war.

"We know who" is collecting data for industrial, political and military espionage since 10-20 years (at least), due to the fact most of the companies pionereed IT are based in that contry and must live with its governament.

Now that IT is more pervasive and many more govenaments understood the strategic value of control about data flow, suddenly the very same practices become "fascism" and media are so concerned to inform us that we must not accept our governaments to use that practices.

That, however, it is basically reasonable and right (for citizens to refuse such an invasive mean of control), but the distubing fact is that "we know who" uses the "public opinion", with the wide support of media, to tell that thing (fight for your right!) while the governament(s) the very same people have elected keep doing exactly the opposite (monopolizing IT software and hardware backbones).

Probably "we know who" wants *other* governaments to be stopped by (well directed from themselves) "public opinion" before they can do the same things "we know who" is doing.

Hey, just admit it, "public opinion"'s activism is just a part of it: they just want to keep the edge on the informational cold war and they fear that oter countries may enter this field and develope good IT based intelligence and counter-intelligence tools as the ones they are using *aginst* the rest of the world well before publicly half-admitting it with DMCA and Patriot Act.

D0RMay 23, 2008 3:02 AM

George Orwell was just a little bit ahead of his time.

War is Peace
Freedom is Slavery
Ignorance is Strength

arctanckMay 23, 2008 4:06 AM

Perhaps we can propose alternatives on how else can we track down criminals and terrorists if we do not want the government doesn't go down this unpopular path?
Anyway I agree with Nomen Publicus that monitoring everything is just wasteful of resources.

Martin BuddenMay 23, 2008 5:11 AM

Bruce,

your statement "UK Wants to Monitor All Phone Calls and E-mails" is too sweeping. It is only the current UK government that wants to do this. Your first link contains statements from both the main opposition parties that they do not support this (see below). Indeed the shadow home secretary recognizes that this could be more of a threat than a support to UK security. A better title would be "UK government wants to monitor all phone calls and emails" or "UK Labour Party wants to monitor all phone calls and emails". The distinction is important because it recognizes that there is opposition to this policy at the parliamentary level.

Quotes from your first link:

The shadow home secretary, David Davis, said: "Given [ministers'] appalling record at maintaining the integrity of databases holding people's sensitive data, this could well be more of a threat to our security than a support."

Liberal Democrat home affairs spokesman Chris Huhne called the proposals "an Orwellian step too far".

nerdboyMay 23, 2008 7:04 AM

Even if this system is successful in catching criminals, a big 'if', is this really worth sacrificing privacy for?

MarkMay 23, 2008 7:20 AM

@Brandioch Conner
And, once again, the question is whether you believe that there are more terrorists in Britain ... or more crooked cops.

Also the crooked cops might be more competent at causing harm. With the likes of Nicky Reilly this wouldn't be too hard.
Of course there is nothing to stop crooked cops being terrorists or terrorist supporters.

MarkMay 23, 2008 7:51 AM

@P Galore
In all seriousness, where do these elected politicians come from. Every week, they come up with some new, egregious form of spying/monitoring/logging. It's not just one country but the entire planet.

Yet these politicans rarely volunteer to be watched by their constituents.

@P Galore
One must conclude that the whole human race is totally hopeless and destined to fail. The average person simply is hopelessly incapable of understanding the long-term ramifications of his/her actions. Most peoples' brains are simply not wired to look at the long-term.

The human race has been managing for a fair amount of time. Lack of understanding long term is also likely to be relevent to things like copyright terms. Politicans especially are trained only to consider short term things too.

MarkMay 23, 2008 8:11 AM

@nerdboy
Even if this system is successful in catching criminals, a big 'if', is this really worth sacrificing privacy for?

Even if it is sucessful in catching "criminals" there is likely to be an issue of the nature of "criminals" who are caught. The police are only human and left to their own devices are likely to seek the best "result" for the least effort and danger. Which could easily mean the police prefer to use such systems to catch petty and non violent criminals.

@arctanck
Perhaps we can propose alternatives on how else can we track down criminals and terrorists if we do not want the government doesn't go down this unpopular path?

The answer is simple. You use human police officers to investigate and infiltrate. Most likely with a reduction in "police powers" and over use of machines together with considerably more oversight. e.g. no "wiretapping" without a warrent, warrent valid only for a certain amount of time, renewing a warrent requires a judge who hasn't seen it before.
There also needs to be a lot of thought given to keeping criminals out of the police.

Andy DingleyMay 23, 2008 8:33 AM

I'm not worried (much) about corrupt cops in the UK

What concerns me far more are local councils who used the vast powers of RIPA (justified by the War On Terror, naturally) to conduct covert surveillance of a 4 year old, so as to check if they lived in the correct catchment area for a local school.

Deliberate corruption isn't the British way, feature creep amongst small-town bureaucrats is.

MarkMay 23, 2008 8:39 AM

@Miguel Almeida
And those who really want to fly under the radar will use some foreign servers, probably some webmail over SSL and steganography, PGP, etc. Telephones? Same principle, different technic - VoIP over some form of secure channel. So, what will be the real purpose of this? Will it be worth the [mega] Pounds? Do these people know what they're talking about? Do they know how the Internet works? I wonder...

A very "under the radar" technique would be steganography or codes in spam. Since this hides who the recipients even are.
There's also a form of steganography which is akin to hiding a "tree" in a "forrest".
It's also possible for people to communicate without using the Internet. There's no requirement for the post office to scan every letter and store that information, AFAIK. Even if there was it probably couldn't cope with every kind of invisible ink known or ink/paper combinations intended to be scanner/photocopier unfriendly. Even if you cover all forms of telecommunication people can still meet face to face.
It's not so much a matter of not knowing how the Internet works so much as failing to understand how people work. If a group of people want to communicate without third parties knowing what they are saying (or even that they are communicating at all) there are many many ways of this happening. Any kind of mass evesdropping can easily be subverted to distribute "misinformation".
It's a variation on the "movie plot" senario, you need to guess the plot exactly or you need some way to find the "actors".

Mage99May 23, 2008 9:19 AM

It's already been done it's called Eschalon, Oh wait what am I talking about that one doesn't exist I forgot! (I'm pretty sure that's not a keyword...sorry Bruce)

Jeremy DuffyMay 23, 2008 10:07 AM

The UK is really missing the boat here. If they'd just round everyone up and kill them, there wouldn't be any crime. Simple!

Miguel AlmeidaMay 23, 2008 11:28 AM

@Mark

I agree when you say "(...) failing to understand how people work." That's probably the very essencial thing that's being missed here.

Your idea of using spam and steg to hide the information [and the recipients] might do the trick, alright. Picture exchange newsgroups and forums would also be good channels - one wouldn't easily find the tree ; )

Bryan FeirMay 23, 2008 11:46 AM

@Jeremy Duffy

The Brits already did that approach in the Judge Dredd comic book at one point: see 'Judge Death'.

Trbetr BejryyMay 23, 2008 12:55 PM

Fortunately the situation in Europe - UK excluded - is much better for now. As quoted in this - see below - article in Le Monde, the CNIL, an independant French official privacy watchguard, has recommended to include rights over personal data in the French Constitution. Such a move would make any actions of this type illegal and it appears that 13 of the 27 countries from European Union just did that.

http://afp.google.com/article/ALeqM5hxK28dohcmDKoMUyL27VDW-YoCAQ
or (in French)
http://www.lemonde.fr/societe/article/2008/05/16/la-cnil-veut-inscrire-dans-la-constitution-la-protection-des-donnees-personnelles_1046127_3224.html

That's the way to go as the police state way may bring some result in the next few years but once the bad guys learn their lesson it will be an arms race, once again... Unless we make strong cryptography illegal as it used to be in many European countries until the 90's, we will face a much bigger problem.

Dom De Vitto May 24, 2008 2:10 AM

I'm 50/50 about this. I want the spooks to have faster access to case data, but I'm concerned Poole Council will use the data for frivolous, and ultimately self-defeating investigations.

For 'David Mary', this is big news, EU DR has been on the cards for years, it ensures evidence is retained, if needed.

This makes recursive, cascading searches trivial, and intrusive.
I, for instance, am only '3' (three) orders of separation from Yasser Arafat.

How many are you?

David MeryMay 24, 2008 8:53 AM

@Dom De Vitto, is your post ironic? You misspelt my name and misrepresented what I wrote.

The Data Retention (EC Directive) Regulations 2007 came into force on 1st October 2007. The deadline (from the EU) for the Communication Data Bill to come into force is 15th March 2009.

Again, the recent news - and every reader can decide for him/herself whether it is big - is about "all data being delivered to the government and stored by them in their own database" (as SteveJ explained above possibly more clearly).

The degree of separation (aka Milgram's "small world study") is not helpful as, in closely knit groups such as the Palestinians, once you're related to a Palestinian you're likely not very far from Yasser Arafat. For a good debunking of the Milgram experiment see http://www.judithkleinfeld.com/ar_bigworld.html

(For other non UK readers, the reference to Poole Council in Dom's post is about how the Poole Council has been most notorious in its use of the Regulatory of Investigatory Powers Act to spy on its residents such as oystercatchers and a family applying to a school. See links in http://gizmonaut.net/bits/police_state.html#ripa if interested.)

br -d

GroundhogMay 24, 2008 5:33 PM

Plenty of people mock the 1960's hippies, but fail to see the truth:

The hippies were not weak and useless by themselves, any fruitful movements were penetrated by government intelligence and rendered useless, read history and discover this for yourself.

In the 1960's you see people breaking away from the cattle control of the government and doing their own thing, forming their own communities. Today any serious break away group or community, whether they be truly peaceful or whether they harbor ill intentions, are penetrated and scattered. I'm surprised the Amish are allowed to exist in today's world, but I'm sure they are heavily infiltrated and kept under constant observation. There have been attempts to bring them into the grid as I'm sure they will be swallowed into it given enough time and excuses.

Do you hate the war in Iraq? The futile and immoral war on drugs?

Posting online and talking about it do nothing, YOU (via taxes) ARE FUNDING these things you hate! You are as guilty as the ones who directly participate in it!

Without OUR funding, there would be no war in Iraq, there would be no war on drugs! Why do you continue to fund matters you don't agree with? Because you are scared of this same monster throwing you in jail?

Why do concern yourself with matters outside your "illusion of control" when you continue to fund them?

If you pay into the things you hate, hate yourself first, you are to blame, there is no hand washing, you are the problem.

Where do we go today? First, read "Food of The Gods" by Terrence Mckenna. See how the television is the worst drug of all, controlling and manipulating our perception. Timothy Leary was right, and hallucinogenic drugs are banned and some schedule I because they allow us to break free of the lies and brainwashing, you wouldn't know unless you've tried them.

Why are mushrooms in cow shit illegal? Didn't nature give these gifts to us?

Why is marijuana illegal? Why do we allow government, controlled by big Pharma, to control and dictate to us?

Why do we cower in fear and OBEY?

Why are so many of us scared to peacefully stand up and say ENOUGH? Because we might lose time at the computer, game consoles, etc? Because standing up for our rights and liberties which have been stolen from us would deprive us of our enjoyment? "But I have a family..." is not a good excuse, if you do not defend your freedom you do not deserve to live in a land where people went to war and died to protect them.

Anyone who cares about protecting our freedom is labeled a nut or added to a database. This has to STOP. Maybe the image of the dirty street dweller shouldn't return, but damnit, the peace sign and all it embodies should make its way back into the culture, we need to unite, we are divided, and we have already began to fall.

If you do nothing but talk and blog while funding the corrupt system, you are the corruption you hate. Change does not happen by people funding and rewarding a broken and corrupt government.

"All governments are liars and murderers" - Bill Hicks

Jonh SmihtMay 27, 2008 11:14 AM

I'm sure that absolutely no one is thinking about doing anything at all that might degrade the quality of their data. I certainly would never seed my e-mail with misspelled names like Jon Doh, or references to public figures who have nothing to do with the topic like Dennis Kucinich. I certainly wouldn't randomly mention irrelevent place names like Austin, TX for no reason at all.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..