We are developing the social individualist meta-context for the future. From the very serious to the extremely frivolous... lets see what is on the mind of the Samizdata people.

Samizdata, derived from Samizdat /n. - a system of clandestine publication of banned literature in the USSR [Russ.,= self-publishing house]

Has Britain just joined China in creating panoptic internet survaillance?

I have just heard a rumour from a usually reliable source that effective either yesterday or today, the UK state has put on-line some system by which all access to the internet in the UK now goes through a government server system to enable them to monitor, well, everything you do on-line. Is the UK state now rivaling China in its efforts to control and monitor its subject people?

Has anyone else heard anything about this?

28 comments to Has Britain just joined China in creating panoptic internet survaillance?

  • guy herbert

    The National Technical Assistance Centre, based in Thames House, the Security Service HQ, since 2002, was supposed to fulfil this function. The groundwork was laid in the Regulation of Investigatory Powers Act 2000 (another of those statutes named in irony), but it is generally assumed they have never got the requisite technology working. It would require some intervention at every ISPA, and then the capacity to handle pretty huge amounts of data.

    But that doesn’t mean the ambition has ever been given up. It’s quite conceivable that the current security panic is being used as an opportunity to lean on ISPs to reconsider the black boxes and subvent web requests that match certain watch-lists.

  • Julian Morrison

    Who cares? I always assume that my internet traffic is monitored, or at least accessible to be monitored if anyone bothered to notice. Suppose the government interposes a balck box, what does that change? If I have a need to keep secrets, I’ll use encryption. In the mean time, let the idiots waste hard disk archiving my trail as I post insulting comments about them to Samizdata.

  • Jacob

    “I always assume that my internet traffic is monitored”

    Of course. The internet is like a public domain. The moment you put something on it you must assume that it is visible to all.. so what’s the problem ? Let them monitor internet traffic (if they can).

  • Garbage In, Garbage Out

    bombs explosives detonators codeword osama etcetera

  • Edward

    Crypto is a fabulous thing, but it doesn’t help unless people use it. Few users recognize the need for crypto. They figure they don’t have any secrets worth defending.

    But you can learn an awful lot about a person from his email and web habits, and automated methods will continue to improve.

    Personally, I’d rather stay off the NSA’s list of citizens with insufficient love for the State.

  • Alan

    I agree with Julian Morrison. Who cares?

    Any valuable information I need to transmit will either be encrypted or sent via other means.

    On the other hand, perhaps such a system won’t be used to extract private or secret information but instead will be used to monitor peoples opinions. In which case, posting insulting comments about HMG on Samizdata might one day be a risky thing to do.

  • Fludd

    The RIP Act doesn’t allow the use of cryptography. Anyone who refuses to hand over cryptographic keys faces two years in prison. Also, as far as I can remember, the “black boxes” would only be installed at large ISPs because the cost had to be borne by the ISPs themselves. This might have changed though – look out for small ISPs going out of business.

  • Verity

    Alan – I think that is certainly the intention: to identify enemies of the state. Control of the stupid electorate who voted them in.

  • Wow! I feel such a criminal! What a thrill!

  • 1327

    Small ISP’s usually buy bandwidth from large internet providers so there would be no need to tap each and every small ISP. I don’t think that would be the way they would do it. Far better to aim to tap the few points where the UK bit of the Internet connects to the rest of the worlds Internet via satellite or cable.

  • Julian Taylor

    so what’s the problem ? Let them monitor internet traffic

    I presume that this belongs with the “only the guilty have anything to hide” school of axioms. What happens if tomorrow a junior Grade 9 civil servant at the Home Office decides that he does not like the tone of LittleGreenFootballs and thus places a block on that site, no doubt filled in in triplicate with all appropriate signatures and approvals.

    I don’t object that much to the Singapore Governmental proxy system, since I gather that powerhungry bureacrats are unable to implement bans on a number of websites without very strong vetting to ensure that they do not have an ulterior motive, but we have recently seen how corrupt the British civil service and its masters has now become – passports for sale etc.

  • Jacob

    “…places a block on that site…”

    That would be a casus belli, or reason enough to complain and raise hell.

    But if you complain about everything (like trying to monitor internet traffic) you complains won’t carry weight. There are legitime reasons to monitor the internet: to discover terrorist and criminal plots. Since there is nothing wrong with monitoring you should not complain just because, theoretically, possibly, conceivably, a block might be placed, or someone might be prosecuted arbitrarily.

  • All this talk of the government ‘blocking’ certain websites is silly.

    For example, why block access to a website like Samizdata, which would alert the readers and operators of the website to the government’s labelling of it as ‘dangerous’ or ‘subversive’, when you can simply monitor those who regularly read and post at Samizdata, without anyone being any the wiser… until the time comes?

    The answer to the legislation requiring disclosure of encryption keys comes in the form of a system like ‘StegFS’ (Steganographic File System – http://stegfs.sourceforge.net/). StegFS creates several ‘layers’ of encrypted data, hidden inside other layers using steganographic techniques – so when the government seizes your computer, you can give them your private key (well, one of them) and they will be able to decrypt one ‘layer’ of the encrypted file system, whilst being unable to prove the existence of another ‘deeper layer’, which is obviously where you hide the really incriminating Samizdata posts. Further details about StegFS here: http://www.mcdonald.org.uk/StegFS/FAQ.txt

  • guy herbert

    For example, why block access to a website like Samizdata, which would alert the readers and operators of the website to the government’s labelling of it as ‘dangerous’ or ‘subversive’,[…]

    Sounds like you don’t understand much about the authoritarian mind set. It serves the same purpose as any other censorship. You block it in order that its “polluting” ideas aren’t read by anyone else. That’s why the Saudis, Cuba, China, Singapore, etc have extensive controls on access to the external net and fierce censorship internally. Indeed they do round up site owners and known subversive users.

    Since the administration’s latest moral panic is indeed about radical Islamist websites proselytising to British youths, and stopping this is on TB’s wishlist, it may be that someone is investigating the practicalities of doing so. But there’s some way to go.

    Not perhaps as far as all that, however. My own dear ISP, BT, still close to government though privatised, does claim to monitor and filter all web traffic in the name of anti-paedophilia, through its Cleanfeed system. Whether this works or not I don’t know. As outlined in the linked article it wouldn’t affect the user of anonymous proxy unless they too were blocked, and they aren’t. But note one would also never know as a casual surfer whether the site one was attempting to visit was just a bad link, or whether it was on BT’s suspect list.

    I thought of changing ISPs in protest, but it was too much hassle. Thus does control creep up on us.

  • Suw

    Perry, I wonder if what you heard about was actually the draft framework for telecommunication traffic data retention, which the UK, France, Ireland and Sweden are attempting to push through into European legistlation. This would enable them to force all telecos and ISPs in all member states to retain traffic data (i.e. data about your telephone calls, but not the cal itself, and data about your web surfing and email habits, but not the emails themselves) for up to three years. It’s not a central repository, as each company would be responsible for retaining their own data, but it would provide access to any number of government departments who would otherwise find it difficult to think of a good enough reason to gain access under the current system. There are, of course, a whole bunch of reason why this is a really bad idea, and I’ve blogged about it in depth.

  • Andrew Milner

    Be advised: Refusal to disclose your encryption password carried a prison sentence of up to two years. Welcome to Police State UK. Suggest you dust off your exit strategy. And while you’re at it, investigate alternative nationality. Because if you “piss off” British authority sufficiently with your anti-government blogging, the Embassy may refuse to renew your passport, or even try to arrest you. Introduction of the Super Speed is gathering speed, so fly the coop before exit visas and currency controls are introduced. And get out of Sterling. Don’t knock paranoia; it keeps you alive and it keeps you free.

  • Julian Morrison

    For folks quoting the RIP act, there are crypto techniques using “ephemeral” keys, which do not persist beyond the ending of the conversation. These are standard for example in SSL which is what browsers use on https:// pages. Even if they took your keys, they’d have no means short of time-travel to recover the content of your message.

    RIP act is less a serious law, more a way for a frustrated government to hit out at a civilian who thwarts it.

  • Anon Person

    A vast majority of UK internet traffic goes through LINX (The London Internet Exchange). At a member’s meeting nearly 2 years ago their legal council informed members that they’d recieved enquiries from the government on the technical feasibility of ‘”shutting down” sections of the net (or rather UK access to it) should the need arise and monitoring traffic routed through LINX. The levers were already in place at that time (it’s technicaly fairly simple to do). The feeling amongst the member ISPs was that, unfortunatly, now the levers exist – a government would find it impossible to resist the temptation to use them.

  • Jack Maturin

    I wouldn’t worry, Perry. The guy who’s supposed to watching your email is actually goofing off on his second real job, selling expensive sports watches on E-bay. Yeah, I know he’s using his civil service desk at work to run this business, but so long as he’s doing something productive, that’s better than what he’s supposed to be doing.

    I have great faith in the total and absolute incompetence of government, in every sphere which it touches, from the bloody murder of innocent Brazilians, for which nobody will ever be made to properly pay, to the bolting of the airline suicide bomber gate, after the Al Qaeda horse had already blown itself up.

    Thank God for the absolute incompetence of government. Without it the US would still be a British province, Ludwig von Mises would have been shot by the Nazis before he completed Human Action, and you would have suffered a mysterious accident years ago.

    I’m hoping that within your lifetime you will be the point at the tip of the spear which starts dismembering the British state. And as it all (hopefully) starts collapsing, a process I’m convinced we are already witnessing, and the more efficient they get at shutting down people like you, the quicker they will bring on their own demise (witness the Soviet Union, wtiness the eventual success of the original Samizdatistas).

    Bollocks to them.

  • Julian Taylor

    Jack Maturin wrote

    The guy who’s supposed to watching your email is actually goofing off on his second real job

    Or, as in the case of the Stockwell Shooting, relieving himself whilst evil anti-authoritarian Samizdatanistas plot their next subversive bloggerbash …

  • I doubt if it’s monitoring at ISP level- all they need to do is drop a server on internix in (center in The City where all the big ISPs transfer traffic between each other, and where the big internet pipes to overseas end up) and they get a list of everything that people are accessing- since everything needs to go through said exchange at some point. If you’re that bothered, use TOR and Open PGP.

  • Julian Taylor

    Suw,

    That was a good article you wrote, however I think the thing that GCHQ or the Home Office (or whoever is in charge of this) introduced is an actual proxy server in line with the BT proxy servers we currently go via and thus separate from the 2003 Voluntary Retention of Communications Data Act so beloved of Clarke and Blunkett. To date all I can see about this server is the notification to high expenditure, as recently published in the latest Home Office audit figures, and there is an article in their inhouse journal – if any kind libertarian Home Office staffer would care to copy us on this I’m sure we would all be appreciative.

  • Not terribly surprised by this. I suspect it has already been going on and this is a way of making it public. I expect everything I write to be monitored by someone.

  • Sigivald

    How about we get at least an inkling of actual evidence that it’s happened, before assuming it has?

  • Lascaille

    I have yet to see a coherent technical analysis of these ideas that makes sense or is feasible.

    Asking all ISPs to record emails: a lot of users use webmail. Webmail travels over encrypted HTTP (HTTPS). Everything is encrypted: the message body, headers, address, etc. HTTPS is pretty hard to break within an adequate timeframe even making orders-of-magnitude assumptions about the decrypting power available to the government. This means that they’d have either to identify possible senders to target and decrypt only their transactions, or track the _outgoing_ from the webmail service – and hotmail, etc isn’t in the UK. Also because the requests are encrypted, you can’t do a user-to-email-address mapping from recording the packets (as the email address and password are sent to the webmail server encrypted.)

    So, web: Well, you could record all HTTP requests and map a ‘user at IP address X asked for website Y’ and then filter that with a list of target websites or target users. The infrastructure required for this would be astounding. You’d be installing new hard disks at a rate of a vanload per day, and that’s just to log the requests, not the actual content transmitted.

    I am reluctant to get overly technical on a non-technical forum but, basically: it’s all doable, it’s not doable without effectively restructuring a huge part of the UK internet infrastructure: you’d have to go ‘into’ LINX (which is just a routing map not a building or anything) and totally restructure it, you’d need to take over a whole floor of London Telehouse to install the infrastructure, and then you’d basically need to take the net down for about a week to update all the routing maps so that everything is routed via the new gateway or whatever. Basically, when this happens you’ll know about it because your internet will get pig slow, among other things.

    Don’t fret. But it is possible.

  • We frequently call friends and relatives in the PR China. When the PSB doesn’t have somebody available to listen in, we get this message:

    “Your callee has no right to receive this message.”

    Chilling, but at the same time, very amusing.

  • Brock

    I was under the impression that the UK already participated in the NSA’s Eschelon program, so this is probably a minor development. They already knew what you were doing anyway.

    /it’s like a bad joke.

  • rosignol

    What happens if tomorrow a junior Grade 9 civil servant at the Home Office decides that he does not like the tone of LittleGreenFootballs and thus places a block on that site, no doubt filled in in triplicate with all appropriate signatures and approvals.

    Then you go to google.com, click on ‘language tools’, and ask it to translate the URL ‘www.littlegreenfootballs.com/weblog/ from japanese to english.

    Google’s translation software passes anything untranslated along in the original format, thus, you get LGF, but to someone blocking ip addresses or domain names, it looks like you’re just doing a google search, same as several million other people… and that’s just the quick-and-dirty way to get around such nonsense.

    Now, if you want to get technical about it, there are plenty of ways to do it, if you’re willing to learn a bit about VPNs and proxy servers.