vostok
Well-Known Member
After weeks of conflicting reports, the draft Investigatory Powers Bill (IPB) has been revealed.
It represents the UK government's attempt to update and tidy up the powers the authorities have to delve into the public's data to combat crime.
It is a huge document - but at its heart is the argument it is illogical officials can scan through itemised lists of the phone calls people make but not the websites and chat apps they use.
So, the bill proposes the authorities be given the right to retrospectively check people's "internet connection records" without having to obtain a warrant.
That means, for example, they would be allowed to learn someone had used Snapchat at 07:30 on their smartphone at home and then two hours later visited Facebook's website via their laptop at work.
The bill would oblige broadband and mobile phone providers to hold connection records for 12 months and then delete them "in a way that ensures access is impossible".
It says this would involve the companies logging IP addresses - strings of digits that can make it possible to identify which computer was used and what service or site was visited.
However, the bill recognises that an IP address can sometimes be simultaneously shared by different customers, so additional information would also have to be recorded.
"It is going to be costly and require a lot of equipment, but the big issue is that this is mass surveillance of the public," said Adrian Kennard, director of Andrews & Arnold, a Bracknell-based internet provider.
To be clear, the authorities would still need a warrant to make service providers store and hand over browser history - eg which specific Facebook pages or tweets had been looked at.
And there are also restrictions on what types of things can be requested without one.
"Law enforcement agencies would not be able to make a request for the purpose of determining, for example, whether someone had visited a mental health website, a medical website or even a news website," Home Secretary Theresa May told the Commons.
"They would only be able to make a request for the purpose of determining whether someone had for example accessed a communications website, an illegal website or to resolve an IP [internet protocol] address where it is necessary and proportionate to do so in the course of a specific investigation."
Even so, the very fact all this information would be stored away raises concerns.
As TalkTalk's recent cyber-breach illustrated, people have reason to question how securely ISPs store their information, especially when that data might include:
which porn sites they have visited and how frequently
details about the political and religious sites they have looked at
their use of health-focused websites
their visits to sites hosting pirated media or links to such content
"Making sure there's no way the hackers can get in is a challenge for any company, and that is hard work," said Mr Kennard.
"This is sensitive personal information, even if you are just holding the websites people went to and not the specific pages.
"That makes it a very valuable target for criminals to go after - they may even try to infiltrate employees into companies to try to access it."
here: https://www.gov.uk/government/uploa...a/file/473770/Draft_Investigatory_Powers_Bill.
Link: http://www.bbc.com/news/technology-34719569
