Banksy — Spybooth

The UK public are now legally the most spied on citizens in the democratic world. The Snoopers Charter gives the Government and intelligence agencies the power to spy on every citizen in the United Kingdom.

These new powers mean any data that passes through a Communications Service Provider (CSP) can be collected, and analysed — often times without a warrant. This includes telephone, mobile and Internet providers. The provisions of the act are defined on the Wikipedia page.

The following provisions affect the entire population:

Internet Service Providers and Telecommunications Providers have to — by law — store information on you for one year. This will allow the Government and it’s agencies to see what websites you’ve visited, phone calls you received/made, and SMS messages.

Allows Government departments to view your Internet records. This includes: HMRC, Department of Health, Food Standards Agency, Gambling Commission, Department for Transport and the Department for Work and Pensions.

Force ISP’s in the UK to remove encryption.

This sounds like a great idea to combat terrorism and crime, but what does it mean for the general public?

The Right To Privacy Is Removed

The right to privacy is a fundamental human right. Article 8 of the human rights act states (Liberty has a great article that explains it):

Everyone has the right to respect for his private and family life, his home and his correspondence.

What we do in private should be kept private — excluding criminal activity. People are very sensitive about their privacy and personal data. Watch what happens when a member of the public asks other members of the public to view their personal data:

The new Investigatory Powers Bill removes the right of privacy from every UK citizen. No longer are communications and browsing activities private. This includes, and is not limited to:

Internet browsing activity

Emails you send

Messenger and application communications

Videos you watch

Music you listen to

Files you download

Phone calls you make and receive

SMS messages sent and received

It’s important to note that the right to privacy can, and should, be limited in the following situations:

In accordance with law.

In the interests of national security.

In the interests of public safety or the economic well-being of the country.

In the prevention of disorder or crime.

In the protection of health or morals or the protection of the rights and freedoms of others.

The problem with the Snoopers Charter is that it places these limitations on all citizens regardless of whether a person is conducting criminal activities or not.

How Do The Government Collect Data?

To better understand how the Government are able to spy on your communications, here’s a simple explanation of how the internet works:

You type www.google.com into the address bar in your browser Your computer sends a request, which is a small packet of data, to the ISP. Think of this packet as an envelope. Within the envelope is a bit of paper that contains the IP address that made the request (your IP address) and the IP address of the website you’re trying to access. These addresses are called the source address, and the destination address. The ISP sees the destination IP address is for Google and sends the packet on its way to Google’s servers. Think of the ISP as a mail sorting office that knows how to send the envelope to the correct destination. Google’s server receives this request, acts on it, and then sends the data back to you. For example, if you searched Google for “Cat Pictures” Google’s server would fetch the results from their database and then send the data back to the IP address that made the request (your IP address) and it displays in your browser with lots of cute kitties.

One thing I didn’t mention above is the packet that is sent to Google also contains other data. For example, if you searched for “Cat Pictures” this data will also be contained within the packet so Google can search it’s database for whatever you searched for. But, many websites use something called HTTPS. This basically means the data in the packet is encrypted when it leaves your computer/device. Anyone snooping on your activities — including the ISP — can not see what data you searched for. Only Google can decrypt the data because they have the key to decrypt it. But, the ISP can see what websites you’re accessing because the source and destination IP addresses are not encrypted.

The ISP is the central hub that processes these requests. All Internet traffic will go through the ISP you’re subscribed to. As it passes through the ISP it will be stored and made available to the Government and its agencies under the new laws.

What Will The Government Do With This Data?

The intention is to prevent crime and terrorism. But, that’s not say the data won’t be used for other purposes. The Government and it’s agencies will already have special software that can analyse and make inferences from this data at lightning speed at any point in time.

This raises serious concerns as it effectively allows the Government to spy on the population at will. Some hypothetical applications it could be used for:

Collecting information on peaceful activists in order to halt protests and campaigns

Issue fines to citizens who download torrents, or watch copyrighted movies on sites like PutLocker. Applications like Kodi could soon become illegal

Aggregate and pigeon hole citizens who disagree with Government decisions and policies

Create smear campaigns or leak data that could make political competition look bad

Accurately predict your actions before you’ve done them based on your routines and interests

Use your online purchase history or conversations to interpret your tax payments, or lack of them

Mass Surveillance Will Not Thwart Criminals And Terrorists

The new bill will only force criminals and terrorists to evolve their strategies. It’s not difficult to stop the Government from snooping on your Internet activities. In fact, it’s very easy.

The Snoopers Charter law only applies to UK companies. This means anyone can use outside VPN companies — especially companies in countries where the UK has no jurisdiction —who are under no obligation to hand over any data to the UK Government.

Criminals and terrorists could set up VPN servers in these countries and route their Internet and DNS traffic through those servers. Combine that with a VOIP server, and a secure messaging system such as Pidgin (with OTR) and criminals can now safely communicate with each other whilst remaining completely hidden from the Government.

What’s Next?

I feel that every citizen should have the right to remain private. In my next article I will provide a complete tutorial on how the average Joe can secure their Internet connection and remain private from Government spying and data retention.