To object to excessive government surveillance?

[DontHaveAUsername]

www.dailymail.co.uk/news/article-3282309/Security-services-given-new-rights-spy-phones-computers-Dizzying-range-electronic-surveillance-equipment-set-available-MI5-MI6-GCHQ-new-laws.html

With everything that that Edward Snowden has revealed such as security services spying on their partners and abusing their abilities, spying on peoples communications when there is no probable cause to suspect them of any crime, around intimate photos couples send to each other online.sn't it unreasonable for them to be spying on us en masse?

Terrorism is a threat to the country but it shouldn't be used as an excuse to violate the privacy of innocent people, especially when it's never helped prevent terrorism. Even if it did, would surrendering our privacy completely be worth it? Give up our rights so that terrorists can't take them away seems a bit pointless. Has anyone altered how they do things now, I use the TOR browser a lot and PGP to encrypt emails.

unless you think GCHQ will behave like criminal hackers, there's no reason to expect any difference to anyone's personal security

Thanks to Edward Snowden we already know GCHQ are acting like 'criminal hackers'. Not only are they hoovering up all the metadata from our internet searches, they are using their own mobile data masts to gather data from our phones. They know who we're in contact with, just not what we're saying/texting. This is against current privacy law, which is why they want the changes, thus making their behaviour legal.

And there might be a point 4) coders have always left backdoors, just in case they need them in the future. (Any coders about who would care to comment?).

Absolutely not, unless your deliberately building a dodgy piece of software, you may have 2 entry points one with elevate priveledges so you can see diagnostics etc or go by bad web practice and have a defined test case with a specific user but no one specifically built back doors into everyday code, now there is some revelations re snowdon that some government agencies have forced software houses to provide 'back doors' (Facebook) but again this is not a common scenario

As you say they are trying to get legal justification of what they are currently doing, but there are many other things that they are trying to shoe horn in that is worrying. As doctor two mentions that trying to effectively end secure data transfer is worrying, we generated about 40 personal crypt keys for our server farm this week, we understand that said agencies could bust our keys given a few weeks but to automatically hand over our public and private keys just on the of chance that someone wants a route around is not on, and shoul worry your everyday user.

Before snowdon anyone mentioning that government agencies where building profiles and monitoring Internet traffic at large would be classed as tin foil hat, instead of worrying that what they are wanting now is unfettered access to there collection so that your just some ID in a 'big data' database that can be searched against is met with a kind of apathy of either 'well I haven't done anything wrong, why should I be worried' to a 'meh, they already have the thin end of the wedge so...'

There is a thread on the Dark web, that's where they should focus their energy, instead of but it's too difficult instead decent people are taken advantage of, people like The Lawrence family or they chase easy targets.

One way to abuse power and twist evidence was made an example of by a coroner, the second to blame the dwp for a death. A woman claimed benefits for damage caused via a crash not her fault. She set up a pain charity with her Dad, she got no benefits as they said the charity money was her money.

Secure crypto cannot and does not have backdoors, there would be no point in it and a lot of open source so the code is reviewed to confirm thermoset anything. If you have a police backdoor in some encryption, it's only a matter of time before a criminal finds that backdoor and uses it as well. Bye bye bank balance/credit card funds.

"Lot of it is open source so the code is reviewed to confirm there isn't any"

Wait a minute I may not even need encryption now, my phones doing a good job of scrambling what I've typed into unreadable.

The dark web is heavily monitored with many honeypots, the onion layers ,entry and exit nodes change frequently that is why it is difficult.

The dark web does have a lot of nasty stuff which is being closely monitored but the vast majority of it is very mundane.

Hoovering up data, and then keeping it securely and using it in the pursuance of authorised investigations is most emphatically not what hackers do.

Targeting the police and agencies correctly is vital (agree totally about the dark web, but of course we don't know they're not active there) and so us ensuring that capabilities are only used where there is no other way to get the information required, and the requirement can be demonstrated to be totally in keeping with the designated purposes (national security and serious crime).

After all, Liberty's piece on the DRIPA was mainly critical of the weaknesses of oversight, not in the government having capabilities.

.....

"Wait a minute I may not even need encryption now, my phones doing a good job of scrambling what I've typed into unreadable."

If you've nothing to hide what's the issue?

So instead of writing emails or texts why not print out what you want to say and stick it up somewhere they will walk past?
Do you have a door on your toilet?

Privacy is important.

Gmail to gmail emails are encrypted by the way (some other email providers do too...)

But effectively the lack of oversight is the primary issue and somethings should remain private, we will not know the true extent of how the data is used, that is the problem here. We know already that in the most extreme of of examples 'they' are just mirroring all Internet traffic, and we know they can decrypt SSL traffic when specifically targeted.

There are public means already of becoming just another big data statistic by opening yourself up to google, Facebook etc, this law is wanting to not only join the dots, but effectively prevent any third party resistance in joining these dots.

Hackers use data to either exploit the end user or the company so the comparison isn't quite true

I don't want myself, or more importantly my child, being a verbose search string away being denied or granted access to things.

Everyone complains of the government owning the media, this is their attempt at trying to get a firm grip on the Internet, wether you personally have something to hide or not, this is something you should be concerned with.

YANBU at all. We've given away our hard fought freedoms for nothing

You wouldn't be allowed to use any encryption the government didn't have a backdoor to, which would restrict the public from being able to use secure crypto

One wonders quite how they think they might do that.

en.wikipedia.org/wiki/Distinguishing_attack

We know already that in the most extreme of of examples 'they' are just mirroring all Internet traffic, and we know they can decrypt SSL traffic when specifically targeted.

The recent discussions about weak Diffie Hellman groups being tractable under some (reasonable) assumptions aren't as shocking as is made out: they provide quantitative estimates of how hard messing about with 1024 bit moduli is, but I think we all knew that 1024 bit DH moduli were a bad idea anyway; Suite B recommends 3072 bits for TOP SECRET and I don't see why anyone wouldn't use that for stuff they cared about.

Attacks on SSL are going to get a lot harder as time goes on. Certificate pinning post-dates the Snowden revelations and leaves most of the obvious attacks dead in the water; it's not hard to write your own code to check on changes to the presented certificate, and there's a Chrome and Firefox extension to do it automatically (CertPatrol). If the spooks actually had a tractable attack on sensibly sized moduli for DH or RSA and/or a tractable attack on AES, rather than "practical" methods involving subverting key exchange or certificate signing, they would be out of their minds to not assume the Chinese had it, and therefore they would not continue to recommend DH/RSA/AES in Suite B.

(1) www.lawfareblog.com/nsa-and-weak-dh

(2) www.nsa.gov/ia/programs/suiteb_cryptography/

(3) en.wikipedia.org/wiki/HTTP_Public_Key_Pinning

"One wonders quite how they think they might do that. "

Plausible deniability is a hopeful way of circumventing this issue. Can you prove that the random file full of garbage data on my PC actually IS an encrypted file, or is it just a random data file I generated? Got to prove beyond reasonable doubt that it is encrypted before you demand a password :)

It doesn't come as a surprise to me that the government are going to such lengths to monitor us, what alarms me is the fact that they are openly talking about such grave violations into our privacy. Yes I know that criminals, terrorists, paedophiles all flock to TOR and encrypted chat as a good way to operate without being monitored, but that doesn't mean we should ban it. We need to accept that there will always be ways where we have absolute privacy from the authorities, otherwise we end up sticking cameras in everyones house because "paedophiles might be using the privacy of their homes to organize stuff". The downside of this is that criminals will use that to plan/organize/get away with their crimes, but banning the act of having privacy from the government is a much worse thing to do.

"If you've nothing to hide what's the issue?"

I do have something to hide. Nothing illegal I can assure you, but just things that I'm not comfortable with people in the government or the police knowing about. So I need a way to conceal it from them. I don't know every employee at GCHQ or every police officer, so I can't guarantee they are all legit and won't abuse the information they know about me, so I need some way to prevent them listening in on me. PGP encrypting my emails and using a vpn when browsing the internet are the steps I've taken towards that. Will those measures stop GCHQ if they are absolutely determined to see what I'm doing? Certainly not, if they decided I was a high value target that merited devoted resources, they would simply covertly break into my house and put a keylogger into my PC, or sit outside my house from some distance and monitor the EM transmissions from my computer monitor (See "TEMPEST" on wikipedia as this is a real thing) to read what's on the screen. I can't prevent GCHQ from seeing what I'm doing if they are willing to devote unlimited resources towards it. What I CAN do is prevent them from easily sweeping up my private communication in their surveillance dragnet. So I force them to make a choice - Is it worth devoting extra resources towards finding out what this guy is up to, or is he just some privacy nut? Hopefully the massive cost of devoting more resources to finding out what I'm up to, coupled with the fact that there's nothing to suggest I'm a terrorist and am just some guy obsessed with protecting his privacy, prevents them from going to these extreme measures, is enough of a deterrent to prevent them snooping.

Many people targeted by fascist regimes, in Europe, South America etc had 'nothing to hide' except the fact that they were some supposedly undesirable minority. Many of those funding/arming those fascists live in Western countries.

Yabu. I'm glad there's so much surveillance, hopefully it deters crime and helps catch paedophiles etc. my life is utterly boring and I've got to issue with spooks knowing I looked up pelvic pain or whatever. If I have something private I only ever say in person awaits spooks following me

If you've nothing to hide what's the issue I don't think I could imagine a more sickening comment ..

How about the fact that our governments, Labour and Conservative, have colluded and connived for decades with radical Islamic forces, including terrorist organisations. They've worked alongside them. Even trained and financed them, in order to promote specific foreign policy objectives and to attempt to maintain influence in the world? Now these violent, maniacal groups have turned on us, and we ought to be perfectly happy and relaxed about giving up our hard fought for civil liberties in order to combat the threat they are supposed to offer?

Well put, batshit.

or sit outside my house from some distance and monitor the EM transmissions from my computer monitor

And laptops, too, somewhat surprisingly:

www.cl.cam.ac.uk/~mgk25/pet2004-fpd.pdf

Yes I know that criminals, terrorists, paedophiles all flock to TOR

TOR was developed with US government funding. Syverson, the main architect, was an employee of the Naval Research Laboratory at the time:

www.usenix.org/legacy/events/sec04/tech/full_papers/dingledine/dingledine.pdf

The original target markets were (a) protection of government information (b) use by people in repressive regimes and (c) one suspects, at least, use by spies in the field. Similarly, Phil Zimmerman originally developed PGP as part of his human rights campaigning. It's an iron rule of nature that technology that protects human rights campaigners from the Chinese government also protects child abusers from the UK government. Life's complicated, isn't it?

using a vpn when browsing the internet

In the light of the recent papers on pre-processing the modulus of DH key exchange, I've shifted my private VPNs from group 5 (1536 bits) to group 15 (3072 bits). The problem is that the performance is shocking: it takes tens of seconds to establish a key (admittedly, one end of the link is a Raspberry Pi). For fun, this is fun, but for serious use I'd need a faster machine...

if you've got something to hide, here's a top tip - don't put it on the internet.

You can write letters and send printed photos. Clever, eh?

"if you've got something to hide, here's a top tip - don't put it on the internet."

I'd say that's wrong though, because then you've effectively been forced into self censoring because of fear of being watched. It's only been a few decades since the GDR collapsed, but to see a resurgence of the surveillance state so soon is unnerving. What is "something to hide"? I have lots of things I want to hide, not one of them is illegal, but I just don't want random people in government from having the capability to see it at will.

What is "something to hide"?

^^This.

There are so, so many reasons other than illegality that you might not want the government - and its associates - knowing everything about you.

"I'm glad there's so much surveillance, hopefully it deters crime and helps catch paedophiles etc"

But that doesn't mean it's worth it though. We have rights, and we accepted long ago that the existence of those rights would inevitably be exploited and used by criminals to get away with crime. But we ultimately decided it was worth it to ensure that we kept those rights. For example many smart criminals abuse "innocent until proven guilty" to get away with crime, it doesn't matter that we know they are guilty, as long as they make sure there's not enough proof we can't touch them. It would be so much easier to convict paedophiles if we didn't have to prove their guilt to such a high standard, but it wouldn't be worth it because the cost would be that no one has the right to a fair trial. With surveillance, I suppose greater surveillance does mean a greater capability to catch and deter paedophiles but the cost means that no one has the ability to communicate privately away from the governments watchful eye online.

Many people targeted by fascist regimes, in Europe, South America etc had 'nothing to hide' except the fact that they were some supposedly undesirable minority. Many of those funding/arming those fascists live in Western countries

There all kinds of petty reasons why we should be entitled to our privacy and they alone should be a good enough reason to protect it. But the fact is that governments are not necessarily benign and looking after our best interests. What if an opposition candidate is assassinated because his every move is being monitored? He/she could well say that they have nothing to hide, but it doesn't mean he/she is not considered a threat.

I wonder about industrial secrets too. In my line of work as a translator I have to sign lots of confidentiality agreements, but then I am sent the documents over the internet!

"I wonder about industrial secrets too. In my line of work as a translator I have to sign lots of confidentiality agreements, but then I am sent the documents over the internet!"

The leaks showed that the NSA was using their powers to carry out economic espionage to give American companies an advantage over their foreign competitors. And people still say that they wouldn't do anything wrong, and "I have nothing to hide", it's sad that people seem to have so much faith that these people will do no wrong.