I would also advise writing to your local MP (find them here http://www.theyworkforyou.com/). It's easier to ignore 4,000 digital signatures than 4,000 physical letters. It wouldn't hurt to call them either.
I find myself thinking "I don't want to live on this planet anymore" more and more often these days. Not sure if I'm just getting older, or the world really is going to shit.
So, mega snooping, well publicised. Any serious terrorist or lentil rights protester would encrypt or simply stop using electronics for communication. That leaves the rest of us being snooped on for no terrorist or what ever reason.
I'm a thick idiot and I can work that out, so presumably the government can too.
This is not about terror and all that scare story stuff, its population surveillance.
Some how these governments need reminding that we the people are supposed to be the boss. They serve us, not the other other way round.
I'm actively encouraging the users of the sites I run to encrypt everything.
I'm giving advice in private messages about how to use Truecrypt (especially when using Dropbox or any remote backup or cloud sync service), what a VPN is and how to use Relakks or IPredator, etc.
Just basic things, yet the reaction has been extremely positive. One of the sites I run exists by donations, and just for giving this advice 1 person donated £100 to the running of the site because in his words "No-one else is telling me to encrypt or helping me.".
The big glaring omission in all of this is email. We all want a secure email system, and one that doesn't involve locking yourself into a single provider (Hushmail), and yet can co-exist with sending email to recipients on webmail and corporate solutions.
Talk about a big hole in the market.
I've not pitched this to my users as "here's how to pirate", it's just been "privacy is core to democracy, encryption protects your privacy". And additionally I've argued to them that if they were amongst the people who turned their Twitter avatars green last year for Iran, then by not using encryption they leave encryption to "terrorists, criminals and dissidents", who cares for the first two, but if you care for the last you'll encrypt too to ensure that their dissenting opinion can be voiced safely in private.
I got the idea for telling my users all of this from HN, and specifically a link to a Canadian site:
I truly think that the best response that the people of Britain can give to these proposals is to encrypt everything and take away from the government the ability to pervasively spy on their own populace like this.
With most governments and corps it always feels like that ask for a mile, and when we object they concede half a mile. We're happy, but then they do this a few times and they get to where they wanted to be.
What better way to halt this for good than to encrypt everything.
Now, if someone could just give us email v2, secure by default. I'd happily pay for it. Just make it work, and make it open source and aim for it to be standard... don't give me another closed service to achieve it.
PGP (and it's mathematical foundations to some degree) were invented to solve the secure email problem. Back then the proponents of PGP essentially predicted the situation we're in now. Up until now there's been plausible deniability for any of us normal people to care, so consumer adoption of PGP remains close to nil. Even corporate use I've seen only comes into play when dealing with another company who forces it be used.
That's changing fast. Their original use case (secure messaging in a monitored society) is no longer only a tinfoil hat situation.
The solution is for all of us HNers to adopt PGP 100%. Everyone who wants to talk to use would have to adopt PGP. The friction to start is rather huge but that is how something like this would get adopted.
As for "but it doesn't jive with my gmail nicely".. maybe it's time we give up gmail too. It's value proposition is based on reading your email to be better build a profile on you to sell to advertisers. That's why google plus wanted your real name, so they have a face to put all that mined data to.
PGP on its own will only protect the contents of communications, not the fact that the communication occurred, nor the parties of that communication.
The proposed legislation will apparently still require a warrant for the contents (and in the UK you will be required to decrypt the contents on demand).
So while I agree that PGP is a good thing, it will not work around this proposed legislation at all.
If I had to choose, I would prefer to see effort going into political action to prevent this law being passed instead. This is an unwarranted privacy intrusion by definition. If it were warranted, then the police would be able to get a warrant.
I agree. I want to talk about PGP. But I'm talking to end users who have real trouble setting up a VPN. PGP's big problem back then was that it should be invisible and just work, it was neither. That's what I mean by needing to revisit secure email.
GMail and other webmail providers just need to add this and make it a configurable option in the settings. Heck, even Outlook should give the users this option via some wizard (they seem to have one for everything else!). Totally agree that this needs to be as invisible as possible. When I first set up PGP in Thunderbird a few years back it was quite a bit of flaffing about, add to that the fact that your key reside on any one of a million servers...
The cynic in me says it's been done in this way on purpose, i mean, don't want to make the feds actually do any work to be able to snoop around my emails.
GMail is open about the fact that it mines your emails for your advertising profile. Encrypting the data for you would result in reduced value proposition for them. Not going to happen.
No. Google would of course be able to decrypt the content (I don't see how they would adopt it otherwise in this universe, google must comply if they get a warrant and they are not willing to fight that), thing is only google would be able to and noone else. And that alone is a huge win.
Hushmail only protects the contents. The new law is aimed at routing data (who sent the email; who it was sent to).
Hushmail comply with correctly formed legal requests (they have to) but they go as far as creating back-doored java apps and serving them to specified customers. I guess it's harder for English LEOs to get correct legal documents to an American company for English customers. But I don't know.
Does any of this really stop the snooping, or is it just giving a false sense of security?
Then, would deploying all this on a day to day basis suggest to a paranoid snooper that one is hiding something than there for a legitimate target for more snooping?
1) It anonymises where the traffic originated ( in the case of a VPN run along the lines of Relakks )
2) It encrypts, so whilst if you weren't using a VPN they'd still see traffic go from point A to point B, they wouldn't have a record of the contents of the communication
Neither of those things is a false sense of security.
And yes to the last... if only those who feel that they have something to hide encrypt things, then you might reasonably expect a person who is suspicious of others to reach that conclusion.
But I would argue that everyone has something to hide. Privacy isn't just core to democracy and free speech, it's core to intimacy too.
So you end up with two strong arguments to encrypt, one is to protect your own privacy, and then from your argument about how only "those with something to hide, encrypt", comes the second which is that most freedoms enjoyed by people were earned through dissent and revolution (and war, but that doesn't help this particular argument)... are such things possible in a society that pervasively spies in it's own citizens?
So to protect the future dissidents you should in addition to caring for your own privacy, encrypt to ensure you give protection to those who may one day be fighting for your rights.
Home Secretary Theresa May has said the move will help bring "criminals, paedophiles and terrorists" to justice.
However, the home secretary told the Sun that "ordinary people" would have nothing to fear from the government's plans.
I think those 2 quotes sum it up really. And they say the Arab nations are oppressive... I can't believe the kind of morons we have running this country for us, but certainly explains when we're in such a financial sh!t.
No, this was always accepted in times of war. The notion we have to fight is that of perpetually being at war (terrorists! child pornographers! pirates!).
It's worth pointing out that this law would allow monitoring of communications with a warrant.
The idea that communications can be monitored with oversight is not a new one. Law enforcement departments have been able to tap phones with a warrant for decades.
Edit: Hm, the article is actually a little unclear on whether or not a warrant is needed. At the top it says it is, and then in the middle it quotes a bunch of people saying it isn't...
It would also reportedly allow intelligence officers to access emails, calls and texts as they happen, without a warrant, rather than retrospectively.
I think previously they could only start monitoring after a court order had been granted (same as listening in on your phone calls) whereas now they record everything and (presume) would have historical access once the court order had been granted...
It seems like there's little escape these days. I'm from the UK originally, and my adoptive country, Poland, yesterday had a story written about how it's the most surveilled country in the EU:
A nearly-identical law, the Recording and Interception of Communications Act (RICA), was enacted in 2002 in South Africa. While in theory it contained all the legal protections that have been proposed for the UK legislation, in practice it has been badly abused.
Between 2006 and 2010 just one of the South African government's regional interception centres (of which there are at least four and potentially many more) carried out over 3 million legal interceptions, a number which is known to have increased since then. Subsequent leaks to the media have revealed that even this is a drop in the ocean; illegal interceptions are performed routinely and are easily hidden from oversight amongst the millions of legal interceptions performed every year.
Looking at the numbers involved, it's not unreasonable to assume that every single connected South African will have their communications intercepted at some point, sometimes in illegal interceptions with no official control over the data collected. In fact, there have been examples of staff inside the interception centres being bribed by business rivals, spouses and others to spy on innocent citizens.
I see no reason why the UK will be immune to these types of abuses, despite having a less corruptible civil service. This kind of power in the hands of poorly-monitored government intelligence agencies is always a bad idea.
Not a definitive answer, but I quite liked the fact that my home country, Switzerland, apart from being neutral and having a government that doesn't have executive power centralised in a single person's hands, and having a relatively sane reaction to violent acts (see the Zug shooting, for example), also recently made a public statement that they did not feel that the issues that the movie/music industries face warranted any change of fair use or internet monitoring laws.
"The information commissioner said public bodies not involved in dealing with serious crime or national security, such as the Department for Work and Pensions, should have to apply to a court before access was granted."
I don't have much of a problem with GCHQ using it... but the Department for Work and Pensions? Also, a lack of warrants is concerning.
It feels very much like a law that could be exploited by anyone.
DWP handles benefits. Organised crime is involved in a lot of benefit fraud.
Allowing the DWP to have access to anything without a warrant would be bad. Allowing them to have access to destination / address data with a warrant might be okay. Allowing them to have access to content data is probably a bad thing. I think I'd prefer Serious Organised Crime Agency to all of it; and I'd prefer some better oversight. Whether that's a warrant (good) or a chief inspector of another force (bad) remains to be seen.
Don't forget that this is, essentially, just an extension to things like RIPA (Regulation of Investigatory Powers Act) to cover new forms of communication.
I agree that we need to be careful that they don't kludge in things like "looking at the content is fine" or "you don't need warrants".
The proposal would allow the UK government to query, without a court order, logs of who talked to whom and when. They would have to apply for a court order to see the content.
It would compel UK based startups to keep a log of all this data, which of course costs time an money, reducing the UK's competitiveness.
How do all those European data retention laws apply to US companies? Do US companies (with offices in Europe, but servers in the US) need to adhere to those data retention laws, or is it safe to use US-based services?
If you think this has not already been implemented in the UK for a LONG time, i.e. pre-RIPA 2000, then you are very naive.
Ask anyone who has ever worked on infrastructure at a large UK ISP or exchange (e.g. LINX). Copious secret services systems are already used.
The key difference, the key burden that is being (publicly) demanded in 2012 by the services is real-time! Presumably, this was such a burden to the overall infrastructure of the majority of UK ISPs that they just pushed back when requested... hence the new law proposals.
Now you can observe the difference in Europe and US tech journalism. When an anti-internet bill (SOPA) was being discussed in the US, any noteworthy US journalist - those with and without vested interests in the matter - were talking about it very loudly. Compare with the similar situation where TC Europe and others are happily and silently carrying on their daily duties of - mostly - using their media outlet for their own personal short sighted benefits.
It only became news when the likes of Google and Wikipedia decided to protest and carry out a blackout... (I am not in the US, but this is what I have read)
No. Google and Wikipedia decided to protest when everyone from Tim O'Reily to Mike Arrington protested and wrote against it. It is hard to compare that with articles from the likes of Mike Butcher, because he hasn't written any on the subject - yet.
http://epetitions.direct.gov.uk/petitions/32400