The British IP Bill & Protection From Government Snoopers

Uploaded on 2016-11-25 in NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW, BUSINESS-Services-Law

The UK has just passed the Investigatory Powers Act 2016, at the third attempt, and it will become law by the end of the year. The bill was instigated by the then Home Secretary, Theresa May, in 2012. It is better known as the snooper’s charter.

Jim Killock, the director of Open Rights Group, described it as the “most extreme surveillance law ever passed in a democracy”. It more or less removes your right to online privacy.

The law forces Internet service providers to keep a record of all the websites, not the actual pages, you visit for up to a year. It also obliges companies to decrypt data on demand and gives government security services the power to hack your computers, tablets, mobile phones and other devices.

To some extent, the new law merely legalises the current “custom and practice” as revealed by Edward Snowden. The most obvious difference is that it makes your web history readily available to almost 50 assorted police forces and government departments. These include the British Transport Police, the Department of Health, the Food Standards Agency, the Gambling Commission, and the Welsh Ambulance Services NHS Trust.

Web Tracking and Proxies

When you sign up with an ISP, the traffic from your PCs and other devices goes to your ISP’s servers, which feed most of it, except various blocked websites, on to the Internet. You can track this process yourself using TraceRoute.

Your ISP therefore knows where you are going online. You can avoid this by using one or more anonymous “proxy servers” between your PC and your eventual destination. Your ISP will then know you visited the proxy server, but, if the anonymising is done properly, it won’t know where you went from there.

Enter the VPN

There are two big problems with using free proxies. First, you may not know who’s running them. They could be helpful hackers or criminals, or even CIA honeypots. Second, they may be unreliable and slow. It’s better to use a Virtual Private Network or VPN.

Multinational corporations have long used VPNs as a way of extending their private networks across the public Internet. If they encrypt all the traffic between computers in their British, American and other offices, they can send their traffic securely over the Internet without paying for expensive leased lines. VPN service providers offer the same facilities to ordinary users for a small monthly fee.

The traffic from your PC is automatically encrypted and sent to the VPN supplier’s server, so your ISP can’t see the final destination. The ISP’s records should only contain the VPN company’s server addresses.
Choosing a VPN

Dozens of companies sell VPN services, and you can find plenty of reviews to help you choose. The things to look for include the number of servers and where they are located, their privacy policies, the applications they support (Tor, BitTorrent etc.), speed and price. Some have applications for different devices. For example, NordVPN has them for Windows, MacOS, iPhone, iPad and Android.

If your motivation includes the snooper’s charter, choose a VPN that is not UK-based, and that does not keep any logs. If they don’t keep any logs, they can’t hand them over to government raiders. 

Web Tracking

A VPN stops your ISP from logging your web visits, but they may still be logged. For starters, your own web browser is keeping a history. You’re also being tracked by dozens of advertising services, including Google’s. You can block trackers with a browser extension such as Ghostery or the EFF’s Privacy Badger, but note that Privacy Badger only blocks trackers from third-party sites.

GRC has a “forensics” page, which checks whether you are being tracked by cookies. For increased privacy, you could access the Internet from a “virtual computer” loaded in your operating system, and then throw it away after use. VirtualBox is a good free example. VMware Workstation Player is also free for non-commercial use.

Mail, Messaging and Smartphones

You can’t make smartphone use private because you’re always being tracked by the cellular network. However, you can turn off Wi-Fi and Bluetooth when you’re not using them, they can also be used to track you, and use a VPN for web access. Remember also that many smartphone apps request permissions that enable them to track you.

Last Words

As an ordinary citizen with a life, you can’t hide from the security services, any more than you can defend your house against a tank regiment. If they want to hack your devices, they will. If you’re an investigative journalist, human rights campaigner, one of Snowden’s collaborators etc., you need a higher level of security.

But if they are not out to get you, why act as though they should be? It’s probably better to be as inconspicuous as possible, while limiting the amount of data that might turn up in some bored agency’s random fishing expeditions.

There are already plenty of reasons for using a VPN, to protect yourself in a world of hostile Wi-Fi hotspots and other online threats. That’s why many large businesses use VPNs. The fact that they may also shield you from some State Snooping is a bonus.

Guardian:            MI5's Uncontrolled Bulk Data Collection:     UK Investigatory Powers Bill Will Cost £1bn To Implement:

 

 

 

« Google & Facebook Ban Fake News Sites
Facebook Will Double UK Employees »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Coalfire

Coalfire

Coalfire specialises in cyber risk management and compliance. Our services span the cybersecurity lifecycle from advisory and compliance, to testing and engineering, monitoring and optimization.

Kirkland & Ellis

Kirkland & Ellis

Kirkland & Ellis LLP is an international law firm with offices in the USA, Europe and Asia. Practice areas include Data Security & Privacy.

Radware

Radware

Radware is a global leader of application delivery and cyber security solutions for virtual, cloud and software defined data centers.

Superscript

Superscript

Superscript (formerly Digital Risks) is an insurance broker for small businesses, sole-traders, landlords and high-growth tech firms. Our services include Cyber Liability insurance.

Virgil Security

Virgil Security

Virgil Security provides easy-to-deploy and easy-to-use cryptographic software and services for use by developers and end-users.

Unitrends

Unitrends

Unitrends helps IT pros do more with less by providing an all-in-one enterprise backup and continuity solution.

Anglo African

Anglo African

Anglo African is an information technology firm providing end-to-end solutions to different industries, from IT Infrastructure to DataCom as well as Cloud & InfoSec services.

Carbonite

Carbonite

Carbonite offers all the tools necessary for protecting data from the most common forms of data loss, including ransomware, accidental deletions, hardware failures and natural disasters.

British Blockchain Association (BBA)

British Blockchain Association (BBA)

British Blockchain Association (BBA) is a not-for-profit organisation that promotes evidence-based adoption of Blockchain and Distributed Ledger Technologies (DLT) across the public and private sector

Knowledge Lens

Knowledge Lens

Knowledge Lens builds innovative solutions on niche technology areas such as Big Data Analytics, Data Science, Artificial Intelligence, Internet of Things, Augmented Reality, and Blockchain.

blueAllianceIT

blueAllianceIT

blueAlliance IT is an investment and growth platform that unites local MSP and IT companies around the nation, helping them to grow and operate competitively.

CFTS

CFTS

CFTS 'Computer Facilities Technical Services' is a Ugandan ICT Support Company that specialises in infrastructure and support services including network security.

Armolon

Armolon

Armolon provides comprehensive data breach and cybersecurity, as well cybersecurity audits and certifications, and disaster recovery/business continuity services to clients.

Pointsharp

Pointsharp

Pointsharp delivers software and services that help organizations secure data, identities, and access in a user-friendly way.

Athena7

Athena7

Athena7 is a dedicated assessment practice committed to helping organizations understand how their infrastructure, backups, and security controls will withstand the latest threat actor tactics.

NetAlly

NetAlly

NetAlly network test solutions help engineers and technicians better deploy, manage, maintain, and secure today’s complex wired and wireless networks.