Nice article from the Beeb:
http://www.bbc.co.uk/news/technology-34842854
Some great quotes...
'Cybercrime consultant Prof Alan Woodward says the availability of
encrypted systems makes the security agencies crackdown "absolutely
pointless".'
'And Prof Woodward says: "There are more power outages caused by
squirrels than by cyber-terrorists."'
On 05/11/15 13:28, Robin Wilton wrote:
Have you heard the English expression “dog’s breakfast”?
R
On 5 Nov 2015, at 05:45, Joseph Lorenzo Hall <[email protected]> wrote:
I should also point out, on a different part of the Bill, section 189,
"Maintenance of technical capability" requires non-UK
providers/companies to provide access to cleartext. e.g., this part
reaches non-UK folks:
"An obligation specified in regulations under this section may be
imposed on, and a technical capability notice given to, persons
outside the United Kingdom (and may require things to be done, or not
to be done, outside the United Kingdom)"
:/
On Thu, Nov 5, 2015 at 2:08 PM, Robin Wilton <[email protected]> wrote:
It’s very hard to work out exactly what UK policymakers think they are aiming
for here… quite possibly because their own understanding is less than perfect.
In the parliamentary debate yesterday, the Home Secretary repeatedly referred
to retention of “the first page or device accessed by a user”.
I don’t think I know what that means.
I also wonder, for instance, how that would work in a “portal”-style
environment, where a single “landing page” could contain dynamic content
elements.
Nor is it clear to me whether, once I visit a site, my CSP would have to log
the “first connection” my browser gets to each embedded third-party-served
element on that page (e.g. ads, ssh sessions etc… etc…).
If it does, there’s potential for this measure to result in volumes of data
that are so large as to be increasingly unusable. (Obviously, as a
privacy-concerned citizen, if the interceptors drown in data, I can see an
upside in that ;^) )
I will be looking at the detail of the Bill over the coming days, and no doubt
ISOC will be publishing some analysis, comments and conclusions.
Yrs.,
Robin
Robin Wilton
Technical Outreach Director - Identity and Privacy
Internet Society
email: [email protected]
Phone: +44 705 005 2931
Twitter: @futureidentity
On 5 Nov 2015, at 04:34, Joseph Lorenzo Hall <[email protected]> wrote:
(moving a thread from Stephane on dns-privacy here to perpass)
I wanted to highlight for perpass the draft UK Bill [1] that dropped yesterday.
It includes the following language in Section 71(9) that ISPs, on
notice, will need to retain the following for one year (and, yes, some
of this is completely crazypants and totally unclear how to map these
concepts onto technical concepts):
----
(9) In this Part “relevant communications data” means communications
data which may be used to identify, or assist in identifying, any of
the following—
(a) the sender or recipient of a communication (whether or not a person),
(b) the time or duration of a communication,
(c) the type, method or pattern, or fact, of communication,
(d) the telecommunication system (or any part of it) from, to or
through which, or by means of which, a communication is or may be
transmitted,
(e) the location of any such system, or
(f) the internet protocol address, or other identifier, of any
apparatus to which a communication is transmitted for the purpose of
obtaining access to, or running, a computer file or computer program.
In this subsection “identifier” means an identifier used to facilitate
the transmission of a communication.
----
While the press before had highlighted this bill would require
retaining "web browsing history" it seems both somewhat worse, and
potentially Netflow data for what seems like all an ISPs subscribers.
Wondering if others have thoughts.
best, Joe
[1]:
https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/473770/Draft_Investigatory_Powers_Bill.pdf
---------- Forwarded message ----------
From: Stephane Bortzmeyer <[email protected]>
Date: Wed, Nov 4, 2015 at 10:28 PM
Subject: [dns-privacy] We'll have stakeholders in Great Britain...
To: [email protected]
http://www.bbc.com/news/uk-politics-34715872
The bill will force companies to hold "internet connection records"
for 12 months so they can be requested by authorities.
Such data would consist of a basic domain address,
_______________________________________________
dns-privacy mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dns-privacy
--
Joseph Lorenzo Hall
Chief Technologist
Center for Democracy & Technology
1634 I ST NW STE 1100
Washington DC 20006-4011
(p) 202-407-8825
(f) 202-637-0968
[email protected]
PGP: https://josephhall.org/gpg-key
fingerprint: 3CA2 8D7B 9F6D DBD3 4B10 1607 5F86 6987 40A9 A871
_______________________________________________
perpass mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/perpass
--
Joseph Lorenzo Hall
Chief Technologist
Center for Democracy & Technology
1634 I ST NW STE 1100
Washington DC 20006-4011
(p) 202-407-8825
(f) 202-637-0968
[email protected]
PGP: https://josephhall.org/gpg-key
fingerprint: 3CA2 8D7B 9F6D DBD3 4B10 1607 5F86 6987 40A9 A871
_______________________________________________
perpass mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/perpass
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
Office Tel: +44.(0)1274.730505
Office Fax: +44.(0)1274.730909
www.comodo.com
COMODO CA Limited, Registered in England No. 04058690
Registered Office:
3rd Floor, 26 Office Village, Exchange Quay,
Trafford Road, Salford, Manchester M5 3EQ
This e-mail and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed. If you have received this email in error please notify the
sender by replying to the e-mail containing this attachment. Replies to
this email may be monitored by COMODO for operational or business
reasons. Whilst every endeavour is taken to ensure that e-mails are free
from viruses, no liability can be accepted and the recipient is
requested to use their own virus checking software.
_______________________________________________
perpass mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/perpass
