 The government are not,(normally), listening in to everyone's conversations though the GSM system was deliberately made "hackable".
Publicly, the "Snoopers' Charter" is about the government extending and regularising it's trawl for so-called "metadata".
For ten years, this had consisted of who you call and who calls you, but now they want to know what platforms you are on: WhatsApp, Kik, mail providers and social media platforms.
They do this by checking with your ISP for the IP addresses you visit and/or the site names you resolve through DNS.
(This is made a lot more difficult by feeding your traffic and DNS through a VPN or Tor, plus you get to watch American Netflix, so I've heard).
-
It is very costly in bandwidth and storage terms to intercept data in transit, so the usual point of attack is at one end or the other, either the server or your computer/phone.
If the server platform is accessible to them or is helpful, they can get data about you easily.
There is a big difference in the behaviours of social media platforms.
e.g. Reputedly, Facebook is very cooperative with the security services, but Twitter typically gives government enquiries two fingers.
Most of the time, though, the security services can get what they want from your friends list without having to ask anyone and there are automated tools that compile "spider diagram" of who is connected to who.
If the state are interested in you, you will then be targetted for individual hacking and surveillance.
-
The government is planning to outlaw "unbreakable" encryption, (though there is no such thing if you've got the time and CPU power to devote).
This will apply more to storage devices than to networks, (where the traffic from many sources flies by mingled and often just exposes more layers of encryption).
The internet is not a physical thing. The nearest it gets to that is the interconnecting points of a group of smaller networks: Historically, MILNET/NIPRNet, ARPANET, AMPRnet, Internet2 and later the commercial ISPs you know and love like Demon, BT and Virgin.
Private systems connect to the internet but run on their own fibre, microwave and radio links including transcontinental digital shortwave and satellite.
There are also a plethora of hidden and "dark" nets.
If network traffic does not cross government-friendly ISPs, it doesn't get monitored.
-
Criminals, serious paedophiles, and terrorists DO NOT USE the consumer internet.
They use independent networks, and darknets.
Some of these networks run in VPN and p2p "tunnels" over the consumer internet, but are very expensive and time consuming to monitor.
Unless draconian but applied in a discriminatory manner, encryption laws are irrelevant compared to the crimes the folks above are hiding.
Also, the "sigint", (chatter), the security services gets back is low grade, requiring a lot of interpretation and is hugely inferior to human intelligence gained by infiltrators.
Therefore INTERNET LAWS HAVE LITTLE TO DO WITH SERIOUS CRIMINALITY other than as a public justification.
Their aim is to:
a) prevent "contagion" by monitoring, "gaslighting" and spreading FUD among low-level amateur malcontents: Occupy, ecowarriors, anti-Europeans, trade unions.
b) leverage human intelligence at the fringes of more serious activities through compromised relatives and associates.
-
Hidden away in the new bill, Section 189 enables a 'Technical capability notice'
This give the right for the government to impose 'an obligation on any relevant operators' where 'the Secretary of State considers it is reasonable to do so.'
That means your ISP has to do ANYTHING TECHNICALLY POSSIBLE at the whim of a politician at any time in the future.
There is no "sunset clause" that requres periodic renewal of state power.
As the capabilities of technology increase, so this law will reach further an further into our lives, with no safeguard. (Look at the wording).
-
One purpose of the new law is to force ISPs to give access to endpoint machines, (your computers, phones etc.)
They can do this by providing holes in firewalls and passing on the backdoor access they already have to customers' home routers.
It will become a jailable offence to even reveal the existence of these backdoors.
Tim Cook, the boss of Apple, has warned that the UK bill will have 'Dire consequences' and that 'Any backdoor is a backdoor for everyone'.
Change the admin password on your home router and make sure remote admin is disabled.
If you using default WiFi passwords or running an open network, this is VERY important, but while it will deter hackers, it won't stop your ISP and therefore the government.
Most home machines have no password or the same password as used on websites, and therefore any local files, internet history and cache are at the disposal of the police, HMRC and intelligence services.
"Hardened" workstations can be brute-force attacked or hit with an unpatched exploit.
So if you don't want hackers in your computers, don't make everyone an admin; set unique passwords more than 8 characters on at least the admin accounts; don't use simple dictionary words as passwords; keep you machines updated.
-
With the development of the Internet of Things, (IoT), your home alarm, cameras, electricity meter, heating and even fridge will be telling manufacturers, marketers, the state and burglars what you're up to.
Your "smart" TV or digibox is telling the vendor (and hence advertisers) what you are watching, possibly listening full-time to your conversations and passing them to cloud servers for recognition.
In some cases, the TV has a camera that can be remotely accessed.
ASIDE: Verizon has patented a system that delivers targetted advertising based on "ambient actions", - whatever viewers are doing in front of the TV.
Quite what it would make of the average Fab chat user is not known.
-
Ponder the feasibility of these example scenarios where involvement with underground websites could provide leverage:
-
 Your nephew is selling , but they cannot get to him because he only uses burner phones and keeps at arm's length the folk who hold for him.
The DS ask you for information about his habits and contacts, - but you tell them where to go.
They remind you that "a little bird" has told them you are into some embarrassing sexual scenes.
-
Some of your footy mates are in one of the few far-right outfits not run by the security services, (and not susceptible through an enthusiasm for chang).
They see from your metadata that you are connected and might be of like mind.
They use a closed web community to "friend" you, gain your trust and/or pressure you.
They then have an "in" on the target group though an introducer or informer.
-
You are a politician of questionable loyalty over, say, Europe or fracking.
You also have some unusual sexual tastes.
You are inducted into select circles managed by political insiders assisted by MI5, the BND or the Mossad.
The kink gradually pushes the boundaries of acceptability.
You are now owned, and won't be making any more trouble.
-
You have called the HSE into a construction site and upset the main contractor, who has warned (lets call them) "The Consulting League".
The League ask for some info from their police insiders, who read you stirring things online.
You try for a sub contract from one of the big firms, whose security guy rings The League. No work for you. |
