Tag: technical

Apparently as of March the government will be requiring ISP’s  to keep email traffic for a year for use by police and security services.

Yes, it’s another of those cases where we have to work out whether we’re more appalled by the government’s viciousness or by its stupidity.

Here’s a little primer in email for novices and government ministers:

The Internet, the Web, and email are three different things.  The internet is a network that can carry data.  The Web is a lot of servers which provide hypertext and media over the internet in response to requests.  Email is an addressing system and message format by which messages can be sent between users over the internet.

ISPs provide internet service.  Sometimes they also provide web or email services over the internet as an add-on, and sometimes they don’t.

It is quite possible to send and receive email messages without one’s ISP even being aware of the fact.  Indeed, most people do.  If you have a large site, you probably run your own email servers.  You emails go over your ISP’s internet service, but do not use your ISP’s email service, even if it has one.

Conversely, if you use webmail, your email does not reach your network in the form of messages – only web pages.  Your messages originate or terminate with your webmail provider, who may well not even be in this country.

Only if you use the old-fashioned POP3+SMTP setup, or  your ISP’s  webmail service, will your ISP see your email as email.  In some cases it might be possible for them, by searching your entire network traffic, to identify and extract  email from your network flow.  That involves a whole lot of processing that they would otherwise not need to do.

If you use an offshore webmail provider, they can’t even do that, because the traffic between you and the webmail provider is encrypted.

I don’t actually know whether Google, Yahoo and Microsoft, the biggest webmail providers, have mail servers in this country.  I suspect not.

Note that if you use email encryption, as I recently recommended, you are still leaving a trail of who you sent mail to and when.

Attempts to get email out around inspection (without using webmail) are handicapped by measures taken to prevent spam.  It is quite possible to send mail in the same way a large site does – your mail software uses DNS to locate the recipients’ mail servers, and then sends them the mail directly.  However, many ISPs for residential users filter out direct email of this sort, and many recipients spam filters refuse it if it has come from a residential ISP network.  This compromise of the end-to-end principle came in some years ago, and did little harm at the time, but as governments become more nosy, the requirement to pass all emails to your ISP’s SMTP server is more of a problem.  It just goes to show how compromising important principles usually has a cost in the long run.

I don’t know how well-provided the world is these days with anonymous remailers – they were all the rage fifteen years ago.  It might be possible to use TOR to get email out of the local ISP network securely – I will be investigating both these avenues over the next few days.

None of this is because I have anything to hide in my email traffic.  As I explained previously, the problem is that if in a year or ten years I do, it will be too late.  These channels are awkward to set up, and they have to be done ahead of time.

GPG key is linked to from the sidebar.  Ideally you should get me to confirm the fingerprint in person.  I carry it around with me, so if you meet me it’s easy to do.

There’s been fuss the last couple of days about police powers to hack into suspects’ computers.  Apparently under RIPA they do not need any kind of warrant, just approval from a chief constable.

As some bloggers have pointed out, the power doesn’t imply the ability.  If your system is secure against hackers, it’s secure against the police.  Provided you don’t do anything reckless, like run an open wireless network, or run Windows, you should be safe.

Having said that, it is worth noting that the police have resources that private hackers do not.  In particular, they may get cooperation from ISP staff, or other service providers.  Even if that theoretically requires further authorization, if they are given, for example, a password, informally and without authorization, they would then be legally allowed to use that password to access your system.  In practice, they are unlikely to have to account for how they managed to get the password.  When I worked in telecoms, the authorities were given traffic data (billing itemizations) on informal request on a regular basis.

I’m not actually sure what the law is.  I’ve been looking at the text of the 2000 Regulation of Investigatory Powers Act, but it’s hard to puzzle out.  So I’m relying on press reports.

If you want to keep the police out of your PC, follow normal IT security (use WPA2 or IPsec on wireless, don’t use Windows, don’t run code of unknown origin), and also assume that any passwords you use on external systems are known to attackers, so use different passwords for logging into your box, for remote access, and for wireless.  Don’t expose these passwords over unencrypted email.  Set good passwords on routers.

There’s another reason for making a fuss about this.  Even if your system is safe, most people’s won’t be.  That means that over time, it will become accepted that police have access to everyone’s computers.  Eventually, the “loophole” that some people actually have secure systems will be “exposed” as compromising the ability of the police to protect us (or to protect THE CHILDREN), and secure systems will be simply banned.  This is despite the fact that there is already law allowing the police to demand encryption keys etc. with a warrant.

That sounds far-fetched, but is there any reason why one would assume that a mobile phone was something too dangerous to allow an anonymous person to own?  No –  only that, for business reasons, it happened to be impossible to anonymously own one until the technology for pay-as-you-go was released, and everyone got used to the idea that phones could be traced.   When people are used to the idea that computers can be searched by the police on a whim, they will not mind making it illegal to prevent it.

And just because you have nothing illegal, doesn’t mean it doesn’t matter.  Once someone hacks into your computer, they are likely to damage things by accident.  That’s always been recognised by the law, which (rightly) considers it a crime even if no damage is done, because of the cost of going over the system and making sure everything is OK.  If police plant a backdoor on your system for their own use, it may be found and exploited by criminals. (This was one of the major issues with the Sony CD rootkits a year or two back.)  Civil damages are also assessed on the same basis.  As well as that, information which is gathered may be misused.   A police officer was convicted of using private information for blackmail purposes just recently.

I may come back to this issue tomorrow if I can figure out what RIPA actually says.

Andy Burnham has been given such a bashing over his idiotic comments a week ago about how the internet should be censored that I felt no need to chime in with a “me too”.   Particular derision greeted his claim that he was not against free speech. But the misunderstanding about what the internet is worth elaborating.

He said he wants internet-service providers (ISPs) to offer parents “child-safe” web services.   The only feasible way to do that is to have a whitelist-based filter that allows “safe” sites to be viewed.  That’s quite doable – I do it myself for my children, using squidGuard.  It’s very much better done at the home end than the ISP, because that way my 9-year-old can ask for a site that he’s heard about, and I can add it to the whitelist, but the filtering can be done “in the cloud” if you can’t be bothered to learn how to use a computer.  Nonetheless, the filter means that essentially, the boys do not have internet access – only this ersatz “pages from ceefax” version, and with the 9-year-old now 10, the time is approaching that it will have to be turned off for him. 

The internet is dynamic.  It changes year by year, very significantly.  That is what has made it what it is.  It is able to do this only because of the fact that, on the internet, anything goes.  That’s not an incidental feature of the network, it’s what made it what it is.  Anything goes in terms of technology (the end-to-end principle), and in terms of content (creating a web page without getting it approved beforehand by the BBFC).

You can make a copy of many of the most useful features of the internet at a given point in time, without that freedom.  But what you have is frozen, dead.  As the internet moves on, it can’t keep up.  It’s like creating a command economy: when you start you have prices, traces of the market that used to exist.  You can plan your economy based on those prices (with whatever adjustments you think will improve things).   But where the market would have changed, you can’t see those changes.  Over time, your dead market prices will become less and less appropriate to reality.

If anything-goes makes the internet unsuitable for children (and a reasonable person might well consider that it does), the only possible course of action is to stop children from using the internet.  Let them revive Prestel or Compuserve for them – that would be more useful than the “child-safe” internet Burnham somehow envisages.