Tuesday, December 11, 2012

Electronic Big Brother

I've said it before and I'll say it again - the government doesn't understand the internet. Back in 2009 there was an attempt to make Internet Service Providers keep tabs on all their users activities; in 2011 they wanted ISPs to block pornography. Now they want to revive that old 2009 attempt with a thin lick of paint.

The old bogeymen of paedophiles and terrorists are being trotted out to explain why the government wants to be able to see exactly where you visit online, who you talk to etc.and yet exactly the same reasons why this wouldn't work for censorship applies to this 'new' law.

Okay to start off some may consider that I'm doing something wrong by laying out exactly how this law could be circumvented; except anyone wanting to know this can easily find out about it. So:

Consider you're a terrorist wanting to communicate with others and you know that the government is keeping such records. Step one hide your traffic. Not a case of just clearing your browser history and cache, but of redirecting all traffic. When you connect to an ISP they assign you an IP number let's say When you want to talk to Google the compute looks up their address and packets get sent through your ISP with both numbers. As such they can see that you are talking with Google. Emails work in a similar way when sent directly from your computer they go to your mail server with your address on it and the address it's being sent to. Again easily tracked. How not to be tracked.

The first method is a redirector. I'll invent one whose address is You at connect to 127.111.05 and the ISP records this fact. However you then use the redirector to access Google at From Google's point of view it's sending information to the redirector from the ISP's point of view you're also talking to the Redirector. The only way for anyone to discover that it was you talking to Google would be to access the Redirector's lists; which would be great if it wasn't located in Switzerland.

For emails this can be even easier. Most email providers come with a web interface allowing access to your emails from any browser. In this instance pick an email provider that's not also your ISP say Hotmail or GoogleMail. The ISP sees that you're talking to Hotmail. You write a new message to an existing contact. The ISP is seeing that you're still talking to Hotmail. You post the message. The ISP sees that you're still talking to Hotmail. The address of the recipient doesn't pass through the ISP in a recognisable form.

At which point the ISP is ordered by the government to start recording the content of the packets being sent; which is akin to the government ordering that the telephone companies start recording every conversation that passes over their lines. Great voice scramblers already exist for standard telephone conversations they're even more widely available for online communications.

Anyone serious even to be involved at this level is going to take simple precautions and such will negate the entire point of this law. The only ones it will catch are the amateurs and the incompetent.

The big joke is that if they're investigating someone post-crime they're likely to have physical access to their online-used devices. If they're trying to watch someone 'live' they can apply for the equivalent of a wiretap and just watch their traffic (which still wouldn't be helpful if they took precautions against it). Forcing ISPs to record all this is completely and totally pointless. Something anyone with a smattering of knowledge of the subject would be able to tell them and have been doing so.