UK ISP Boss Highlights Technical Stupidity Of The Snooper's Charter Proposal

from the surveillance-magic dept

Mon, Nov 30th 2015 11:38am — Mike Masnick

There's just something absolutely nutty when politicians with no technical knowledge whatsoever try to make technology policy, and it often crosses over into out-and-out slapstick when that technology policy involves surveillance. It's why we see things like talk of "golden keys" for encryption that somehow wouldn't be "backdoors" (even though they are). Over in the UK, they're going through something similar with the current "debate" (if you can call it that) over the latest Snooper's Charter bill, officially known as the "Investigatory Powers Bill" or the "IPBill."

A key element in the bill is the demand for "internet connection records." The draft bill has a whole section on these "ICRs" which it defines as:

A kind of communications data, an ICR is a record of the internet services a specific device has connected to, such as a website or instant messaging application. It is captured by the company providing access to the internet. Where available, this data may be acquired from CSPs by law enforcement and the security and intelligence agencies.

An ICR is not a person’s full internet browsing history. It is a record of the services that they have connected to, which can provide vital investigative leads. It would not reveal every web page that they visit or anything that they do on that web page.

That definition, by itself, seems somewhat self-contradictory, but we'll leave that aside for now. Adrian Kennard, the head of a small UK ISP, Andrews & Arnold, has filed some comments highlighting how technically clueless this idea is:

The explanatory notes, and one of the clauses in the bill, make use of the term “Internet Connection Record”. We are concerned that this creates the impression that an “Internet Connection Record” is a real thing, like a “Call Data Record” in telephony.

An ICR does not exist - it is not a real thing in the Internet. At best it may be the collection of, or subset of, communications data that is retained by an operator subject to a retention order which has determined on a case by case basis what data the operator shall retain. It will not be the same for all operators and could be very different indeed.

We would like to see the term removed, or at least the vague and nondescript nature of the term made very clear in the bill and explanatory notes.

From there, it goes even further, pointing out that the justification for needing these non-existent ICRs was a statement from UK Home Secretary Theresa May about how useful such info would be in finding a missing girl:

"Consider the case of a teenage girl going missing. At present we can ask her mobile provider for call records before she went missing which could be invaluable to finding her. But for Internet access, all we get is that the Internet was accessed 300 times. What would be useful would be to know she accessed twitter just before she went missing in the same way as we could see she make a phone call"

Except, as Kennard points out, that's not how the internet actually works. You don't "connect" to Twitter like that, because you're constantly connected to Twitter:

...in yesterday’s meeting I, and other ISPA members immediately pointed out the huge flaw in this argument. If the mobile provider was even able to tell that she had used twitter at all (which is not as easy as it sounds), it would show that the phone had been connected to twitter 24 hours a day, and probably Facebook as well. This is because the very nature of messaging and social media applications is that they stay connected so that they can quickly alert you to messages, calls, or amusing cat videos, without any delay.

It should be noted that it is quite valid for a “connection” of some sort to last a long time. The main protocol used (TCP) can happily have connections for hours, days, months or even years. Some protocols such as SCTP, and MOSH are designed to keep a single connection active indefinitely even with changes to IP addresses at each end and changing the means of connection (mobile, wifi, etc). Given the increasing use of permanent connections on mobile devices, it is easy to see how more and more applications will use such protocols to stay connected - making one “internet connection record” which could even have passed the 12 month time limit by the time it is logged.

Connections are also typically encrypted and have some data passing all the time, so it would not be practical for an ISP, even using deep packet inspection, to indicate that the girl “accessed twitter” right before she vanished, or even at all (just that there is a twitter app on the phone and logged in).

This seems like a rather important point: the people who put together the Snooper's Charter for spying on the internet don't seem to understand the first thing about how the internet actually works. And yet we're supposed to give them sweeping powers to spy on it? How does that make any sense?

IPBill evidence1 (PDF)IPBill evidence1 (Text)

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: adrian kennard, encryption, icr, internet connection records, investigatory powers bill, ipbill, metdata, snooper's charter, theresa may, uk
Companies: andrews & arnold

18 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Anonymous Coward, 30 Nov 2015 @ 11:58am

and because it IS SO STUPID is exactly why everyone's fears and concerns will be ignored and it will be brought into law! the idea is not and never will be to catch terrorists, but to keep the ordinary people under the 'scope, making sure they are not organising any protests against the government or members because of some other ridiculous thing they have done or intend to do, but want to keep secret!! and i doubt if any other UK government has been as secretive or underhanded as Cameron's lot!!
[ link to this | view in chronology ]
Mason Wheeler (profile), 30 Nov 2015 @ 12:06pm

This seems like a rather important point: the people who put together the Snooper's Charter for spying on the internet don't seem to understand the first thing about how the internet actually works. And yet we're supposed to give them sweeping powers to spy on it? How does that make any sense?

I'm reminded of one of the more thought-provoking passages from Brandon Sanderson's epic, The Way of Kings:
I walked from Abamabar to Urithiru. In this, the metaphor and experience are one, inseparable to me like my mind and memory. One contains the other, and though I can explain one to you, the other is only for me.

I strode this insightful distance on my own, and forbade attendants. I had no steed beyond my well-worn sandals, no companion beside a stout staff to offer conversation with its beats against the stone. My mouth was to be my purse; I stuffed it not with gems, but with song. When singing for sustenance failed me, my arms worked well for cleaning a floor or hog pen, and often earned me a satisfactory reward.

Those dear to me took fright for my safety and, perhaps, my sanity. Kings, they explained, do not walk like beggars for hundreds of miles. My response was that if a beggar could manage the feat, then why not a king? Did they think me less capable than a beggar?

Sometimes I think that I am. The beggar knows much that the king can only guess. And yet who draws up the codes for begging ordinances? Often I wonder what my experience in life—my easy life following the Desolation, and my current level of comfort—has given me of any true experience to use in making laws. If we had to rely on what we knew, kings would only be of use in creating laws regarding the proper heating of tea and cushioning of thrones.
[ link to this | view in chronology ]
Anonymous Coward, 30 Nov 2015 @ 12:12pm

Stupid Geek
Adrian Kennard obviously doesn't have a clue about how the internet works. Of course internet "connections" are just like telephone "calls". How could he not know that? Oh, wait, he's one of those "geeks", isn't he? That explains it. Well, thank goodness there are plenty of government officials to straighten his little geek ass out and "educate" him on how the internet really works.
[ link to this | view in chronology ]
- art guerrilla (profile), 30 Nov 2015 @ 4:39pm
  
  Re: Stupid Geek
  no, he's just a tool...
  *my* theory for why so many of these tech-ignorant ideas are floated, is because they DON'T want capable, knowledgeable, experienced nerds, et al to provide any significant advise and guidance (never mind leadership)...
  
  *that* would shoot down ALL their idiotic ideas; and they don't really care they are idiotic, they just want to out-bluster the other pols...
  
  actually listening to the nerderati and basing decisions on that could lead to well-measured and smart responses (which *might* include 'doing nothing', *gasp*), and we can't have that ! ! !
  
  (reminder: action is not achievement)
  [ link to this | view in chronology ]
- David, 1 Dec 2015 @ 1:19am
  
  Re: Stupid Geek
  Internet connections are not like telephone calls. Internet consists of multiple protocols. TCP connections are a bit like a telephone call (with continuity) but without the realtime guarantees. UDP is more like a hitch hiking network where the order of departure and arrival (if a packet does not get terminally lost after all) are not really synchronized. ICMP is like one-time semaphoring.
  
  And so on.
  [ link to this | view in chronology ]
  - Anonymous Coward, 2 Dec 2015 @ 12:55pm
    
    Re: Re: Stupid Geek
    You obviously don't know as much as the people who put together the Snooper's Charter because they say otherwise and they have power!
    [ link to this | view in chronology ]
Anonymous Coward, 30 Nov 2015 @ 12:20pm

Formal education
[Policymakers] don't seem to understand the first thing about how the internet actually works.
Years and years ago, when I went back to school, my introductory, undergraduate networking course was 5 quarter-credits (we were on the quarter system), geared towards EEs and CSs (dual-listed course), and used an early edition of Andrew Tanenabum's Computer Networking as the course textbook.

Most policymakers would not have the prerequisites to get into that introductory, undergraduate course.

I don't know quite what to do about the problem. Obviously, that level of formal education isn't necessary for everyone. Many other people have informally picked up all that they need to become competent in their field, here and there as they went along. In fact, I myself was doing some professional computer networking before I decided to go back to school.

But, otoh, when I start to think about diving into the distinctions between circuit-switching and packet-switching, and then talking about virtual-circuits on top… contrasting that with connected-oriented versus connectionless protocols… distinguishing between protocols and services… You know, I think that people who haven't had the advantage of a formal education are handicapped more than they might realize.

Iow, they don't even know what they don't know.
[ link to this | view in chronology ]
- Whoever, 30 Nov 2015 @ 12:36pm
  
  Re: Formal education
  Those policymakers don't understand how the Internet works, but they have an army of advisers, many of whom do understand how the Internet works. They have access to GCHQ, where there are lots of geeks who have an excellent understanding of how the Internet works.
  
  So, if the policymakers have plenty of people who can tell them that the proposed snooping isn't going to provide useful information, what is it for? IMHO, it is likely that there is an ulterior motive for the snooper's charter, which hasn't yet been revealed.
  [ link to this | view in chronology ]
Cybe R. Wizard (profile), 30 Nov 2015 @ 1:06pm

Setting up non-existent ICRs is easy:
...if you only first make π equal to exactly 3.
[ link to this | view in chronology ]
Anonymous Coward, 30 Nov 2015 @ 2:21pm

All Internet Connection Packet Cookies must be downloaded to the Cloud Cache for strict Sniffing.
[ link to this | view in chronology ]
gezzerx, 30 Nov 2015 @ 6:10pm

Vote the Bumbs out of Office
Why would any true loyal Americans, be they Democrat or Republican, Male or Female, White,Black,Hispanic or other, vote for a Democrat or a Republican when both .parties have shown their willingness to subvert the Constitution, our Civil Liberties, and our National Sovereignty through the TPP (The Trans Pacific Partnership) and have been doing so for decades & the Governments own records have proven this to be true ! We are being sold out by the Democrats & Republicans ! It now has become a choice between Fascism or Liberty & Fascism is winning !

Both parties have been complicit in this criminal activity. Some will say they don’t want to waste their vote, but you are already wasting your vote on Democrats & Republicans because they are the ones who have already betrayed us ! This should be a joint effort on the part of all Americans, Democrats,Republicans & Independent voters ! Organize now before its to late ! Your liberty is at stake and that of your children & grandchildren !

We get the Government we deserve, and nothing will change until we stop electing Democrats & Republicans after all they are the ones subverting the Constitution, & they must be held to account both politically & legally !

Both parties are owned by corporate America, two sides of the same coin ! Wise up America .

No more lies, excuses, rationalizations,or justifications, the public needs to hold these officials to account to the fullest extent of the law under Title 18 sec. 241 & 242 (Google it), so any future traitors will know there will be consequences to such behavior.

Unaccountable power is absolute power, & is absolutely corrupt !

As Mr. Snowden said the Politicians are afraid of you ! Now is the time exercise you power, you
may not get another chance !

REMEMBER: POLITICIANS, BUREAUCRATS AND DIAPERS SHOULD BE CHANGED OFTEN AND FOR THE SAME REASON.

Some words of true Patriots are as follows, as opposed to the words of false flag patriotism of today.

He that is of the opinion money will do everything may well be suspected of doing everything for money.
Benjamin Franklin

He that is good for making excuses is seldom good for anything else.
Benjamin Franklin

Experience hath shown, that even under the best forms of government those entrusted with power have, in time, and by slow operations, perverted it into tyranny.
Thomas Jefferson

Rightful liberty is unobstructed action according to our will within limits drawn around us by the equal rights of others. I do not add 'within the limits of the law' because law is often but the tyrant's will, and always so when it violates the rights of the individual.
Thomas Jefferson

Tyranny is defined as that which is legal for the government but illegal for the citizenry."
Thomas Jefferson.

“But when a long train of abuses and usurpations, pursuing invariably the same object evinces a design to reduce them under absolute despotism, it is their right, it is their duty, to throw off such government, and to provide new guards for their future security,”
Thomas Jefferson wrote this in the Declaration of Independence .

In framing a government which is to be administered by men over men you must first enable the government to control the governed; and in the next place oblige it to control itself.
James Madison

Liberty may be endangered by the abuse of liberty, but also by the abuse of power.
James Madison

The liberties of a people never were, nor ever will be, secure, when the transactions of their rulers may be concealed from them.
Patrick Henry

"We the People are the rightful masters of BOTH Congress and the courts, not to overthrow the Constitution but to overthrow the men who pervert the Constitution"
Abraham Lincoln

America will never be destroyed from the outside. If we falter and lose our freedoms, it will be because we destroyed ourselves.
Abraham Lincoln

We should not forget the warning of President Eisenhower .
https://www.youtube.com/watch?v=vLqWfWxqh_0
The NSA is controlled & operated by the DOD & the MIC (Military Industrial Complex) Private Corporations.

"The very word "secrecy" is repugnant in a free and open society; and we are as a people inherently and historically opposed to secret societies, to secret oaths and secret proceedings. We decided long ago that the dangers of excessive and unwarranted concealment of pertinent facts far outweighed the dangers which are cited to justify it."
President John F. Kennedy
Waldorf-Astoria Hotel
April 27, 1961

As is said in the law, falsus in uno, falsus in omnibus. ("False in one thing, false in all things" is an instruction given to jurors: if they find that a witness lied about an important matter, they are entitled to ignore everything else that witness said.) The Government has been lieing to the American public for decades !

As a reminder Hermann Goering said at the Nuremberg Trials .
"The people can always be brought to the bidding of the leaders. That is easy. All you have to do is tell them they are being attacked and denounce the pacifists for lack of patriotism and exposing the country to danger. It works the same way in any country."

“Fascism should more appropriately be called Corporatism because it is a merger of state and corporate power.”
Benito Mussolini

Time to start removing the corporate Congress from office & defunding the NSA & the Police Surveillance state, to pre 9-11 levels & force them to comply with the law & impose jail time for non compliance under USC Title 18 Sec. 241 & 242 (Google it) .

Only after the members of our 3 branches of Government, both Republicans & Democrats who conspired in this criminal conspiracy & violated the Constitution are prosecuted, should Mr. Snowden be charged with a crime. Prosecute those who broke the law first, in chronological order, then the Government can get around to Mr Snowden .

The short version of the above is as follows:
Any Government or Party that doesn't abide by the Constitution does not deserve our respect or support ! ! ! They are traitors !

Disclaimer: Be advised it is possible, that this communication is being monitored by the National Security Agency or GCHQ. I neither condone or support any such policy, by any Government authority or third party that does not comply, as stipulated by the 4th Amendment of the U.S. Constitution.
[ link to this | view in chronology ]
- G Thompson (profile), 30 Nov 2015 @ 7:31pm
  
  Re: Vote the Bumbs out of Office
  hey dimwit...
  
  Your pasting of all things dumb is even more telling when this whole article was about the United Kingdom and not the USA.
  [ link to this | view in chronology ]
  - Anonymous Coward, 30 Nov 2015 @ 9:50pm
    
    Re: Re: Vote the Bumbs out of Office
    Could be applied to the UK as well these days. Seems like every "first world" nation is letting itself slide into tyranny of a third world dictatorship.
    [ link to this | view in chronology ]
    - Wendy Cockcroft, 1 Dec 2015 @ 6:57am
      
      Re: Re: Re: Vote the Bumbs out of Office
      And all at the same time too. Funny, that...
      [ link to this | view in chronology ]
Anonymous Coward, 30 Nov 2015 @ 10:19pm

ℏ
[ link to this | view in chronology ]
- Anonymous Coward, 30 Nov 2015 @ 10:22pm
  
  Re:
  sorry, meant to preview, but mouse slipped to submit button :-(
  [ link to this | view in chronology ]
Spencer, 2 Dec 2015 @ 4:18am

ICR
The ICR sounds like the metadata being tracked by the NSA and GCHQ.
[ link to this | view in chronology ]
tranzy, 29 Dec 2016 @ 12:09pm

Felice Anno nuovo
Good information A lot of helpful info here thanks for sharing the post
[ link to this | view in chronology ]