All Your Web Data Are Belong To Us

 0 technology commentary

Yesterday I was casually browsing Twitter when I came across this.

“That doesn’t sound good”, I thought.

This is in reference to something called the Investigative Powers (IP) Bill, or the “Snooper’s Charter” as it’s been referred to. The nickname sounds like it’s something out of “Yes Minister“, but despite its silly nickname it’s a very serious piece of news.

What Is the IP Bill?

 

It effectively gives the UK government much more power over mass internet surveillance.

You can read a full rundown of what it entails in this Wired article, but here are some highlights (emphasis mine):

For the first time, security services will be able to hack into computers, networks, mobile devices, servers and more under the proposed plans. The power will be available to police forces and intelligence services. […] Warrants must be issued for the hacking to take place.

Data can be gathered from “a large number of devices in the specified location”. […] As a result, it is likely the data of innocent people would be gathered.

[…] internet history data (Internet Connection Records, in official speak) will have to be stored for 12 months.

[…] intelligence agencies will also be able to obtain and use “bulk personal datasets”. These mass data sets mostly include a “majority of individuals” that aren’t suspected in any wrongdoing but have been swept-up in the data collection.

Let that sink in: your ISP will now be legally required to store a year’s worth of your browsing history.

Sneak Attack

 

This is all shocking in itself, but the part that really surprised me was how unaware I’d been that this was in the works.

Obviously this is also a reflection on my effectiveness at following the news, but quite a few people I talked to about it since then were as surprised by it as me.

The other big surprise was how little attention it got on Hacker News.

A quick search reveals that there are around 80 mentions of “Snooper’s Charter” in HN stories, and the most comments any story got was 105, two years ago.

By HN standards that’s not a lot. The thread the day after Brexit got over 2,500. This is perhaps not a big a story as Brexit, but it’s also not 25 times less important.

My experience, based on people I’ve spoken to and anecdotes I’ve read, is that people are far less interested in data privacy and mass surveillance than I’d have thought. The fact that even the HN crowd weren’t kicking up a fuss was much less expected.

What We Can Do

 

So is there anything we can do about this? I’ve been thinking about this a bit today, and there are some concrete steps we can take.

Technology

If you’re interested in making a change based on this outcome and if, like me, you’ve become increasingly conscious about losing control over who has access to your personal information, one obvious idea is to get a VPN.

This may change of course, but so far VPNs are not mentioned in the IP Bill.

You could also use the Tor browser for further anonymity.

Social “Engineering”

As software developers, engineers, sysadmins or other computer-related professionals we need to help our less tech-savvy friends and family by educating them about these things. It’s not easy persuading someone about the importance of data privacy for example, but it’s a conversation worth having.

In this instance maybe even the tech-savvy people around you, who might be less interested in politics, have had this story go under the radar. Next time you speak to them bring it up in casual conversation, you might be helping them out.

Let’s not let this story be swept under the rug.

 

Footnote: This is the 18th entry in my 30 day blog challenge.

Leave a Reply

Your email address will not be published. Required fields are marked *