There's a great talk, Haunted by Data, by Maciej Ceglowski about how tech companies are making a mistake by wanting to collect more and more data on their users, because governments are just going to want to come in and take it.
I want you to go through
a visualization exercise
with me. Really imagine
it.
Nixon's in your datacenter.
He's got his laptop open.
He's logged in! He's got
root! What does he find?
If you didn't break into a
cold sweat at the thought,
congratulations. You are a
good steward of data.
But if Tricky Dick in your
data center scares you,
then consider what you're
doing.
Wouldn't that be the ideal place for companies? If a government is dependent on a company to collect data, wouldn't that government support the company in hard times? Sure, if it was a choice between surviving and throwing the company under the bus, the government would choose the later, but if given the choice, wouldn't the government try to keep one of it's most powerful tools?
And it was "good" for IG Farben to supply Zyklon B to the Nazis. Until they lost and several company executives served prison sentences for crimes against humanity. Amorality certainly pays the bills.
It works in Russia, China, and less so (perhaps) America (e.g. telcos). It's similarly practical for a government to have unlimited intelligence on its populace.
That doesn't mean its good for anyone not working for the government, explicitly (as an employee or contractor) or implicitly (as a data collecting company which can be forced to share).
IMO a) collecting data on users and b) doing it in a way that does not preserve user privacy makes you complicit to mass surveillance.
> That doesn't mean its good for anyone not working for the government directly or indirectly.
I totally agree. I'd argue that it's objectively bad for anyone not working for the government. But I'm talking about from the company's point of view.
Horrible analogy, as what did Nixon do with data towards citizens? It'd be more like the FBI, Hoover, CIA, NSA, etc... who have the capacity to bend the data to invent facts to fit some crime and then act on it with force without fear of repurcussion/retaliation.
Also, if there were a proponent of this kind of collection, wouldn't it be fine for a company like Google, Facebook, Microsoft, etc... if someone with the position of US President wanted to "sit in the datacenter with an open laptop"? Because then they'd be using data as a currency, which they are already very comfortable and capable of doing to meet their own and the "gov" agendas.
But convicing people that their own government can come in with a subphoena is easier than convicing people that their security just isn't likely to be good enough to stop each and every external hacker that tries.
No matter how many examples we get of far better funded companies getting hacked.
The IPB is slightly tainted by the Snowden disclosures. It's an interesting thought experiment to apply Snowden's revelations to newly implemented surveillance measures by any government. Snowden produced documents which gave us all an intimate understanding of the mechanics and operational details of the NSA & GCHQ. It is clear that the apparatus is already in place for spying and is only a quick click away from being galvanized by broad and sweeping laws which allow such apparatus to operate out in the open.
I think the masses are not scared enough to encrypt their communications and that's why such an apparatus has crept in so brashly and abruptly, sort of a 'surveillance creep'.
The moment the masses are conscious of the fact we are going through our second 'crypto war' is also the moment they might encrypt. Not that crypto is some munition they can use, as is wrongly spouted by the cypherpunks (IMHO), but that crypto can provide viable amounts of privacy for their needs and it doesn't need to be absolute privacy as spouted by the 'go dark' movement. Just enough that I can surf the web without my eyeball hours being monetized or that the pressure cooker I am interested in buying is not a potential tool to be used in a terrorist attack several weeks later.
Or the story about how the Dutch thought it would be a swell idea to have the religious affiliation of all citizens in their government files. Nowhere else the rounding up of the Jews went as smoothly as there, once the SS got their paws on those files.
According the the book, the French too, I can't quite remember the story but the guy in charge of the data managed to delay and confuse so not quite as smooth.
If the recently announced Yahoo data breach (which affects a lot of other sites as well if users re-used their passwords, and we know many did) taught us anything is that data is a liability not an asset, and that's how both governments and corporations should treat it. The government at least should've learned that with the OPM hack.
Except that it's only hurting Yahoo because they're trying to sell. Counterexamples include the UK telco TalkTalk, who has managed to increase users and revenue despite the lack of basic security features.
It just doesn't matter that much, because the inconvenience is minimal for the average person, so the backlash is minimal. I mean, most people cannot even be bothered to use different passwords (!). That's how low the bar is. Say something gets hacked, unless you experience identity theft, nothing happens. Banks will reverse any fraudulent charges. Not even a minor inconvenience. So people won't learn and won't care. Brand damage is minimal. Not worth spending on infosec if the maximum fine is less than your CEO earns in a month. Meh.
It is very good news that this is being challenged; I was appalled when it passed through parliament almost unchallenged, and it's heartening to see that there is actually a plan by the opposition to do something about it.
Should be noted that opposition in this case is the Liberal Democrats, SNP and Greens and the people supporting Liberty, its not the political oppoosition (the Labour party) who voted for it.
It should also be very cynically [1] noted that Shami Chakrabarti, the director of Liberty for 12 years and excellent spokesperson, followed Labour party line and abstained [2]. So much for her strongly held beliefs. She wasn't a sell-out though - so she says [3]. No wonder voters are truly cynical about politics.
As far as I'm aware the case was originally bought by Conservative MP David Davies when he was a backbencher. He then had to excuse himself from it when he became a Cabinet member and was constrained by collective responsibility.
Extraordinary as it might seem, Tom Watson and Jeremy Corbyn aren't on speaking terms. Watson finds out most of Corbyn's decisions by reading about them in the newspaper. To call Watson a loose cannon would be a gross understatement.
Not really - opposing this is natural for the liberal democrats who have consistently been the biggest party consistently pushing for the right to personal privacy.
Everyone trashes them for supposedly just bandwagoning on student loans and not backing it up, but they were the junior partner in a coalition - right now we are seeing the proof that their involvement held the conservative government back from a huge range of terrible policy, which they are now pushing through given their full government.
It's a travesty the Lib Dems got slaughtered, right after proving their value.
Firstly, they didn't have to go for the coalition. They did it for the electoral system referendum, which proposed a mediocre system and lost. Given that a serious chunk of their vote is expressly anti-Tory, the coalition was always electorally risky.
Secondly, their popularity was built in large measure on their reputation for honesty - for not being the same two-faced shits as other politicians. Signing an ironclad pledge on tuition fees before the election and then reneging didn't just piss off students and their parents, it cannibalised their own political brand.
They didn't, but by doing so they ensured much better policies for that period. It's clear based on what the government is doing now that the liberal democrats firmly kept them in check and gave us a few years of much better governance.
As to the second part, this often stated thing about the pledge on tuition fees - they were the junior partner in a coalition - expecting them to somehow be able to uphold all their policies in that situation is insane.
They took the sane route and compromised to make sure that the situation was better, apparently people will only accept zealous idealism and pragmatism is wrong. They held a louder voice in the role they had, and used it to ensure better policies from the government in that period.
They made the best play, results-wise. That apparently doesn't matter to the voting public.
> It's clear based on what the government is doing now that the liberal democrats firmly kept them in check and gave us a few years of much better governance.
I'll agree so far as saying that Conservative/LibDem governance produces better policies than solely Conservative governance (as least as far as civil liberties etc. are concerned), but I'm unconvinced it was the right move to make.
Firstly, it may have enabled them to keep the Conservatives in check to some degree, but, by providing an effective government majority, it may have resulted in some of the Conservative proposals passing at all, rather than being rejected in the House of Commons if the Conservatives formed a minority government.
Secondly, I suspect that the LibDem support of the Conservatives, and the years of stable government that followed, may have contributed to Conservative gains in future elections (the Conservatives being the senior party, it is easier for them to claim the credit, deserved or otherwise).
> As to the second part, this often stated thing about the pledge on tuition fees - they were the junior partner in a coalition - expecting them to somehow be able to uphold all their policies in that situation is insane.
Again, I'll agree so far as them to uphold all of their policies in coalition is something that could never happen, but the pledge on tuition fees was rather different from the traditional manifesto pledges. It was signed by individual candidates/MPs, rather than as a party, and stated:
"I pledge to vote against any increase in fees in the next parliament and to pressure the government to introduce a fairer alternative"
Expecting MPs to follow through on something so plainly stated, and importantly something that is not contingent on the LibDems being in government, is not unreasonable IMO. It should have been obvious that reneging on that pledge would cause a huge loss of trust in the LibDems, regardless of what they were able to achieve in government, especially in a year when one of their election broadcasts was titled "Say goodbye to broken promises".
Their own fault they got slaughtered tho. I lost count of the number of times I watched a Lib Dem politician on TV defending idiotic Conservative policies.
They were all so blinded by actually being asked on TV most never seemed to think it would be a problem that they were being asked to defend things completely opposite to their views.
Why the beep they didn't say "Your policy, you defend it" I'll probably never know.
On Topic: I was worried this would be a "we're leaving the EU so we don't care" thing. But turns out they already lost in the UK courts and it was the government trying to use the EU to overrule the British legal system. Which is the first good thing I've heard the British legal has done in ages.
Because very very few people vote for them, we have a defacto two party system in that voting for any other party feels worthless.
~2010 due to a number of factors a third party (the lib dems) gained a significant increase in votes on campaign promises centred around free university courses for UK citizens.
As no party had a majority, a coalition was formed between the conservative party & the liberal democrats.
The Lib Dems went back on every single thing they had promised and essentially forced a new generation of voters to either pick conservative of labour.
The "defacto two party system" results from the first-past-the-post voting system, not the number of voters who cast their ballot for other parties.
Other parties got around 30% of the vote at the last General Election, but won only 13% of seats.
(It is also worth noting that the Liberal Democrats did not gain a "significant increase in votes" in 2010 (23%) vs. 2005 (22%), and that they won fewer seats in 2010 than in 2005.).
Yes. Public perception and understanding of voting systems is consistently and distressingly abysmal. FPTP is an awful system that promotes ideologues and those that manufacture, manipulate and profit from them.
The fact that the legislation OP is talking about passed in the majority cons government and not under the Con/Lib coalition suggests that the Lib Dems did not: "Go back on every single thing they had promised."
What they did is go back on tuition fees which the press then merrily highlighted at every opportunity. Meanwhile New Labour & now the Cons are free to break promises every day of the week with barely a whisper from their mates in the press.
It should be noted that this ruling is related to the predecessor (DRIPA) to the current Investigator Powers Act (IPA), however it sets a precedent for the IPA to be challenged.
The ECJ has agreed with the British High Court's previous ruling on DRIPA, so should still carry weight regardless of Britain's status within the EU (unless further legal amendments are made post departure, such as the replacement of the Human Rights Act).
Interestingly one of the MPs who brought this to the European courts was David Davis, the cabinet minister who has the title 'Secretary of State for Exiting the European Union'
As much as I detest most of David Davis' views, by virtue of him being a Tory for starters, he deserves praise for being a principled and staunch defender of human rights and privacy rights in general.
As long as he is part of the cabinet, we can assume Theresa May will at least be faced with internal opposition. And as long as the Tories have as slim a majority as they do, he will be one of the people guaranteeing that e.g. her ambition to abolish the Human Rights Act won't happen, as he's virtually certain to leave cabinet and stage a rebellion in the commons if she goes that far.
There's plenty of stuff he won't be able to stop, though, especially in cases where May can rely on Labour to prop her up.
Because he can't be seen to oppose it from cabinet.
I don't think his position makes it any more interesting though, this issue has little to do with the EU - other than it being the location of the appropriate court for as long as we remain in the Union.
> Under [the new Investigatory Powers Act], the state now also has access to every person’s internet use – every website visited or app used – which service providers must generate and store for 12 months.
"App used"? How? I understand that "website visited" is clearly 'public' even if not recorded by ISPs for the state, but I don't understand how, technically, "app used" is known - unless it means "web application visited", which is of course exactly the same as "website visited".
I saw a very interesting hearing when the Bill was still at committee stage, discussing concerns raised by small and community-run ISPs that although they of course have every intention of complying with the law, it's so non-technical and under-specified that it's not at all clear to them what they need to actually do: precisely what to record, how to store it, what guarantees they need to be able to make (e.g. are they liable if data is corrupted? If they're hacked?) etc.
Indeed, the simplification is probably for reader: so they don't think they can avoid being monitored by simply using the facebook app rather than facebook in a browser.
Yes, you are right in strict definition that they won't know specifically which app you used to visit a site. Yes you visited for example Hacker News (according to the IP log) but they wouldn't know which of the many Hacker News apps you used to visit it. That is right and accurate, so yes they don't know which specific app you used.
However, the use of the term app is probably more to do with vast usage of apps to now consume the internet. So if you now just use the term "website", many of the general populace (who aren't technical) will think that's fine they won't know because I use apps for Facebook etc.
It's important people know that this covers access through apps. So they simplify the usage of that term.
Technically incorrect yes, but probably a proper description for general readers.
While I think you are correct in your prediction, I also think that the UK government can simply outlaw any type of attempts at protecting ones' data, such Tor, VPN ect.
At the very least, they could make a law that would focus most of the energy in hacking those who do try to conceal and protect their privacy. They blindly believe the time trotted motto of "if you're doing nothing wrong, you have nothing to hide."
Brainwashing program of citizens has been successful. They are unaware its tool to oppress political opponents, activists, journalists, whistle blowers and undesirables.
Very impressive results.
Eh, this is just another step towards the Great Island Firewall.
I Googled some info on Sudafed dosages (specifically interested in pseudoephedrine, even though they changed that to phenylephrine apparently) and half of the links were blocked because they were "adult content".
Well fuckers, if you're blocking information like that, good fucking job. It will not affect anyone but the general population, so it's all good. The Brits are pretty complacent with what the government tells them, compared to many other countries.
The Human Rights Act (1998) translates those rights into primary UK legislation.
Now the problem is that the current government is desperate to get rid of the HRA, because of a mixture of authoritarianism and ridiculous and often plain false tabloid stories about criminals supposedly getting away with crimes because of "human rights".
Thankfully, the current cabinet has at least one minister - David Davis, ironically in charge of Brexit, - that's been a firm defender of the HRA to the extent of in the past staking his position on it.
Now, if he's booted from or leaves cabinet, we should be worried as in that case it's a good sign May is about to take her authoritarianism one step further.
David Davis is also one man with basically no power-base in the party. It's not a coincidence that he was handed the hottest seat in cabinet this time around, the one most likely to fail no matter what he does.
Given the ECHR was drafted based on the work of British lawyers I'd like to see what we come up instead, certainly something that we can persuade everywhere else in Europe to sign up to.
Pulling out of it tells every tinpot wannabe dictator that it's perfectly fine not to sign up to basic human rights.
I am totally opposed to the idea of complete state surveillance but I would like to share an alternative point of view. Perhaps DRIPA and IPA will push technology forward so that encryption becomes widely adopted to the point where it is no longer practical to collect and process data at mass. While the state will still be able to target (not good but happens anyway) privacy will simply shift in another realm through adoption of better hardware and software encryption technologies, P2P networks, Bitcoin, etc. In such environment the security industry will flourish.
It was the Renaissance and the French Revolution. And yes, the printing machine helped the spread of ideas. But so did Voltaire, Thomas Paine, the Quakers, etc. You cannot have progress and freedom without humanistic disciplines.
In other words, they are perfectly obedient slaves to those exploiting them and murdering others, and will never ever resist, or aid anyone else. Maybe translate it to them sometime? There's more to be said about this, a lot of it written by Hannah Arendt.
What I would like to know is: how does it help fellow EU states? I live in Finland, would these new changes be carried over to stop UK from targeting Finns or must EU courts pursue to restrain UK in similar fashion as its citizens attempting now?
I guess for now EU members can still use VPNs and the like.
The new law received royal assent at the end of November and is now a done deal, though it hasn't actually come into effect yet and there will inevitably be legal challenges.
I believe some of it has already come into effect. According to s. 272[1] several sections come into effect on the day the Act is passed and another few after a period of two months.
Fair point, though IIRC those sections are the technicalities about definitions and the like. The real substance isn't due to start doing anything until some next year, as I understand it.
Or rather it gives grounds to UK courts to rule against the Snoopers' Charter over and over. It's very unlikely the ECJ will ever get back to this topic; like the US Supreme Court they carefully choose what to accept for review, and they don't like to repeat themselves.
What I'm curious about is why the people of UK don't challenge this more themselves through revolts. It's a very serious issue. Couldn't people easily mobilize through social media?
No one cares. Why should they care? There's far worse stuff happening. For example, the massive TV licence database; the massive police DNA database; the huge numbers of poorly regulated CCTV.
Simply put, people don't care enough. We haven't had the history some countries like Germany have had to realise the huge amount of problems spying on your citizens causes.
And they've put it through whilst most people are busy being annoyed over the Brexit and you've got a situation where people just have bigger (in their minds) things to worry about.
Request rejected. Your voice, command, location and all digital history were logged and sent to authorities. Please calm down and stay on place. Thank you for cooperation Jim.
Correct, but in this case they haven't even figured out that they are being oppressed yet. Or that terrorism isn't then reason such policy was implemented,for that matter.
Video: https://youtube.com/watch?v=GAXLHM-1Psk