UK- Reintroducing Snoopers Charter and Then Some
Last week of May saw political observers and cybersecurity experts calling predictions that UK government would propose the comeback of ‘Snoopers Charter’ during the Queen’s Speech.
The predictions came true with the proposal of the ‘Investigatory Powers Bill’. The newly coined bill would allow the government to monitor every UK citizen’s social media activities and online browsing behaviour if passed. Furthermore, the bulk data collection by intelligence agencies is included in the proposal.
The Communications Data bill nicknamed ‘Snoopers Charter’ was initially proposed in 2012 by UK Home Secretary Theresa May, but the Liberal Democrats blocked it before it became law. After the majority win by the conservative party in May of 2015, Theresa May promised to reintroduce the bill.
The new Investigatory Powers bill is controversial to say the least.
The bill is meant to replace DRIPA (Data Retention and Investigatory Powers Act 2014), which has been ruled unlawful by the UK High Court arguing that the vague terms and descriptions of powers in the controversial surveillance legislation renders the act incompatible with human rights under European law. DRIPA is meant to be phased out in 2016 and the UK government hopes to pass a law to replace it.
In the UK, YouGov polls show that 46 % of UK citizens are doubtful the data collected would be kept safe.
Recently elected Cameron government, however, wants to send a strong message that security state matters above all other rights.
The critics and civil rights groups were assured that bill would provide adequate oversight and strong safeguards to protect privacy, though details of these procedures have been scant. Security experts as well as privacy advocates were quick to express worry over the merit for the bill, stating there was no argument to support such strong invasion of peoples privacy.
Tim Berners-Lee, inventor of world wide web, said Britain had “lost the moral leadership” on privacy and surveillance as he urged Britons to reject the new snoopers charter.
How could IPB affect you?
- ISPs will have to keep peoples internet web history for up to a year under the new surveillance bill. As most data retention laws this probably means the collection of metadata, which is not full content of your web and mobile interactions, but enough to composite a profile of your online activity, id who you interact with and when. The content of your online activities is not as important as your online habits, preference patterns in combination with your personal details. That type of information is very valuable. If any of the companies (ISPS + Telcos) or government agencies mishandle internet user information – the cybersecurity breach could become a huge and costly fiasco. With so many stakeholders involved – the likelihood of mishandled data is quite high.
- Communications companies will be legal bound to help access peoples mobile devices and computers
- Agencies will be allowed to interfere with electronic devices to help collect information from a device
- Several judges will be appointed as Judicial Commissioners to administer intrusive capabilities. Around seven judges will be appointed as judicial commissioners for authorizing more intrusive capabilities, such as when agencies see the content of communications and collect bulk data – they will also have the power to veto warrants signed by senior ministers
- Investigatory Powers Commissioner will be appointed to keep police and police services in check
- You will end up paying for the program. ISPs and Telcos would incur a lot of expenses in managing the data collection, in addition to costly security measures and administration of government agency requests to access data. Back in 2012 it was estimated that enacting ‘Snoopers Charter’ would cost an estimated 2.5 Billion UK Pounds.
Timeline going forward
- The proposals of the Bill will now be subject to further consultation and pre-legislative scrutiny by a Joint Committee of Parliament
- A revised Bill will then be introduced to Parliament in the spring, where it will receive careful Parliamentary scrutiny
Ways to avoid mandatory data retention
• Get a VPN
A VPN encrypts your data through a secure tunnel before accessing the internet – this protects any sensitive information about your location by hiding your IP address. Virtual Private Networks connects you to the internet through an alternative path than your ISP. The only information visible to them is that you are connected to a VPN server and nothing more. All other information is encrypted by the VPN’s protocol. This is handy when you don’t want your real IP traced back to you.
• Connect via Proxy
All packets exchanged between the internet and your device go through a remote machine used to connect to the host server. The IP address of the proxy server appears to be that of a remote machine, which enables the user to hide their true IP address. However, web proxy does not encrypted your traffic. Learn more: VPN vs. Proxy
• SOCKS5 Proxy for Torrenting and P2P
SOCKS5 is an internet protocol which routes packets between a server and a client using a proxy server. To put it simply – your data is routed through proxy server that generates an arbitrary IP address before you reach your destination. It is a good option for torrenting or P2P, but not web-browsing. Learn more: SOCKS5 Proxy.
• Use offshore Email Account
There a number of email services that are not based in countries that have mandatory data retention laws. However, be mindful of other online data retention and sharing programs out there– pay attention to their privacy policies and the country they are based in.
• Tor Network
Tor Network is a privacy network is designed to hide information of which computer actually requested the traffic. Routing traffic through different nodes, it makes it difficult to say whether your computer initiated the connection or it may just be acting as a relay, relaying that encrypted traffic to another Tor node. Learn more: Anonymous Browsing with Tor Network
A little reminder of why privacy advocates argue against the bill and why Privacy Matters.