New UK Surveillance Bill Appears In The Wake of Snowden

Uploaded on 2015-11-07 in NEWS-Cybersecurity News, INTELLIGENCE--Europe, GOVERNMENT-National, FREE TO VIEW

Critics call it a revived snooper’s charter, because the government wants police and spies to be given access to the web browsing history of everyone in Britain. However, Theresa May says her measures would require Internet companies to store data about customers that amount to “simply the modern equivalent of an itemised phone bill”.

 
The government is attempting to push into law the ability for law enforcement agencies to be able to look at 12 months of what they are calling “internet connection records”, limited to the website domains that UK internet users visit.
This is the log of websites that you visit through your internet service provider (ISP), commonly called internet browsing history, and is different from the history stored by your internet browser, such as Microsoft’s Edge, Apple’s Safari or Google’s Chrome.

It does not cover specific pages: so police and spies will not be able to access that level of detail. That means they would know that a person has spent time on the Guardian website, but not what article they read.Clearing your browser history or using private or incognito browsing modes do nothing to affect your browsing history stored by the ISP.

What will they be able to learn about my Internet activity?

Information about the sites you visit can be very revealing. The data would show if a person has regularly visited Ashley Madison – the website that helped facilitate extramarital affairs. A visit to an Alcoholics Anonymous website or an abortion advice service could reveal far more than you would like the government or law enforcement to know.
The logged internet activity is also likely to reveal who a person banks with, the social media they use, whether they have considered travelling (e.g. by visiting an airline homepage) and a range of information that could in turn link to other sources of personal information.

Who will store my web browsing data?

May wrong to say surveillance bill creates judicial authorisation for interception, says Liberty – live
Rolling coverage of the day’s political developments as they happen, including Theresa May publishing the draft investigatory powers bill.The onus is on ISPs – the companies that users pay to provide access to the internet – to store the browsing history of its customers for 12 months. That includes fixed line broadband providers, such as BT, TalkTalk, Sky and Virgin, but also mobile phone providers such as EE, O2, Three and Vodafone.

But after what happened with TalkTalk, can ISPs keep my data safe?

TalkTalk may have been hacked by a group of teenagers, going on recent arrests. The customer data targeted was not all encrypted, a practice for which TalkTalk was roundly criticised.But the most worrying aspect of the TalkTalk hack is that the company’s chief executive, Dido Harding, said the company’s cybersecurity was “head and shoulders” above its competitors.Consumers are likely to need reassurance from the companies and government that all ISPs can maintain the security of customer data.

Will that push up the prices of phone bills?

May announced that the government would cover the costs of storing internet connection records and establishing the new judicial oversight regime. She estimated it would cost between £245m and £250m over 10 years.
This includes £175m for the cost of storing everyone’s Internet records, which means ISPs should not have to put up prices to cover their costs.

Don’t ISPs already store this data?

They already store a limited amount of data on customer communications for a minimum of one year and have done for some time, governed by the EU’s data retention directive. That data can be accessed under the Regulation of Investigatory Powers Act 2000 (Ripa).
The new bill will enshrine the storage of browsing history and access to that data in law.

Can people hide their Internet browsing history?

There are a few ways to prevent the collection of your browsing history data, but each way is a compromise.
The most obvious way is the use of virtual private networks (VPNs). They channel your data from your computer through your ISP to a third-party service before immersing on the Internet. In doing so they can obfuscate your data from your ISP and therefore the government’s collection of browsing history. Companies routinely use VPNs to secure connections to services when off-site such as home workers. Various companies such as HotspotShield offer both free or paid-for VPN services to users.Using the Tor browser, freely available from the Tor project, is another way to hide what you’re doing from your ISP and takes things a stage further. It allows users to connect directly to a network of computers that route your traffic by bouncing it around other computers connected to Tor before emerging on the open Internet.Your ISP will see that you are connected to Tor, but not what you are doing with it. But not everybody has the technical skills to be comfortable using Tor.

Is there any downside to using a VPN?

In using a VPN you are placing all your trust in the company that operates the VPN to both secure your data and repel third parties from intercepting your connection. A VPN based in the UK may also be required to keep a log of your browsing history in the same way an ISP would. The speed of your Internet connection is also limited by the VPN. Most free services are slow, some paid-for services are faster.Tor also risks users having their data intercepted, either at the point of exit from the Tor network to the open Internet or along the path. This is technically tricky, however. Because your Internet traffic is bounced between computers before reaching you, Tor can be particularly slow.

Can I protest-browse to show I’m unhappy with the new law?

One way to prevent an accurate profile of your browsing history from being built could be to visit random sites. Visiting nine random domains for every website you actually want to visit would increase the amount of data that your ISP has to store tenfold. But not everybody has the patience for that.At some point it will be very difficult to store that much data, should everyone begin doing so.

What about smartphones?

Hiding your browsing history while using a smartphone or tablet is harder. Most devices, including Apple’s iPhone and Google’s Android devices can use both VPN services and Tor, but the service is at risk of slowing down and not protecting every connection made by every app.


Guardian:

 

« Russian Air Crash Investigation Changes The Encryption War
Bank of England Partners With US for Cyberattack Simulation »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Homeland Security Advanced Research Projects Agency (HSARPA)

Homeland Security Advanced Research Projects Agency (HSARPA)

HSARPA's Cyber Security Division (CSD) was set up to address DHS cyber operational and critical infrastructure protection requirements.

Cyber London (CyLon)

Cyber London (CyLon)

CyLon is a leading cyber security accelerator and seed investment programme. We help entrepreneurs from across the globe to build cyber security businesses, raise investment, and develop partnerships.

Nuspire

Nuspire

Nuspire provide services to protect your network with best-in-class managed detection and response, allowing you to stay focused on managing your business.

Pryv

Pryv

Pryv is a Swissmade software for privacy, personal data collection, usage, sharing and storage.

ReFirm Labs

ReFirm Labs

ReFirm Labs provides the tools you need for firmware security, vetting, analysis and continuous IoT security monitoring.

Titan Labs

Titan Labs

Titan Labs is a Cyber Security Consultancy that provides advice and technical expertise to government, international finance and telecommunications providers.

Sealing Technologies (SealingTech)

Sealing Technologies (SealingTech)

SealingTech is a leader in cutting edge research, products, engineering, and integration services in the Internet of Things, Edge, Machine Learning, Artificial Intelligence, and Cloud.

EdgeWatch

EdgeWatch

EdgeWatch is a platform that helps information accredited security practitioners discover, monitor, and analyze devices that are accessible from the Internet.

Professional Labs

Professional Labs

Professional Labs specialize in simplifying complex problems for our customers with Cloud Services, Managed Services and Cyber Security.

AKS iQ

AKS iQ

AKS iQ leads the RegTech sector with AI, automating regulatory compliance in the banking industry and ensuring paperless TBML and CFT adherence in finance.

Telenor Cyberdefence

Telenor Cyberdefence

Telenor Cyberdefence is a newly established (2024) cloud-born Managed Security Service Provider focused on the Nordic markets.

Hubble

Hubble

Hubble grew from the idea that legacy solutions were failing to provide organizations with the asset visibility they needed to effectively secure and operate their businesses.

Integrated Cyber Solutions (ICS)

Integrated Cyber Solutions (ICS)

Integrated Cyber Solutions is a managed security service provider that humanizes cybersecurity managed services to the Small-to-Medium Business (SMB) and Small-to-Medium Enterprise (SME) sectors.

JustunSecure

JustunSecure

JustunSecure is dedicated to promoting information technology and cybersecurity in Africa.

Stern Cybersecurity

Stern Cybersecurity

Stern Cybersecurity offers a robust defense against the ever-evolving landscape of digital threats.

Hexagate

Hexagate

Hexagate is at the forefront of blockchain threat prevention and automated risk management, proactively detecting and mitigating threats to smart contracts and onchain assets.