Draft UK ISP Internet Snooping Law Will Not Log Web Page Addresses
Yesterday’s meeting of the Joint Parliamentary Committee that is responsible for scrutinising the draft Communications Data Bill, which threatens to expand the UK’s existing internet snooping laws and force ISPs into monitoring a bigger slice of everybody’s online activity, appears to have confirmed that the bill will not require full web page addresses (URL) to be logged.
The bills first draft, which was published last month (full summary), is worrying vague on a number of points and not least with its definition of “website addresses“, or lack thereof. At present the existing rules would log the IP (e.g. 85.32.6.87) address of a communication, which could be connected to a domain (e.g. ispreview.co.uk) / website but not individual web pages (full URL addresses).
This is a critical point because web page addresses can easily contain sensitive personal data, such as names and phone numbers (e.g. http://example.com/signup.php?name=bob_riley&phone=12345), which would normally occur as part of a private process but could potentially be logged by an ISPs systems.
Thankfully yesterday’s meeting heard the Director of the Office for Security and Counter-Terrorism, Charles Farr OBE, state that, “comms data will show which website you have accessed” but not “the pages or other aspects of a website” (i.e. no change from the current rules). But take this all with a pinch of salt until we see the final text.
Separately, while watching the proceedings, we also noted that one of the three witnesses (made up of police and security officials), suggested that many ISPs already use Deep Packet Inspection (DPI) technology and these might also be used for data collection as part of the new law. But different DPI systems, such as those used for Traffic Management, do different things and are by no means perfectly designed for what the government has in mind.
Meanwhile Charles Farr also admitted that the bill wouldn’t catch everything, with about 25% of data remaining inaccessible due to encryption and or any other issues that might prevent its collection. Farr suggested that the bill would aim to reduce this figure to 15% by 2018, which seems to assume, perhaps wrongly, that people won’t adapt to circumvent its measures.
Draft Communications Data Bill (PDF)
http://www.official-documents.gov.uk/document/cm83/8359/8359.aspJoint Parliamentary Committee – Communications Data Bill
http://www.parliament.uk/business/committees/committees-a-z/joint-select/draft-communications-bill/..
Mark is a professional technology writer, IT consultant and computer engineer from Dorset (England), he also founded ISPreview in 1999 and enjoys analysing the latest telecoms and broadband developments. Find me on Twitter, Google+, Facebook and Linkedin.
« Vouchers to Help 900000 UK Homes Fix TV Loss Caused by 4G Services
Privacy Notice: Please note that news comments are anonymous, which means that we do NOT require you to enter any real personal details to post a message. By clicking to submit a post you agree to storing your comment content, display name, IP, email and / or website details in our database, for as long as the post remains live.
Only the submitted name and comment will be displayed in public, while the rest will be kept private (we will never share this outside of ISPreview, regardless of whether the data is real or fake). This comment system uses submitted IP, email and website address data to spot abuse and spammers. All data is transferred via an encrypted (https secure) session.
NOTE 1: Sometimes your comment might not appear immediately due to site cache (this is cleared every few hours) or it may be caught by automated moderation / anti-spam.
NOTE 2: Comments that break our rules, spam, troll or post via known fake IP/proxy servers may be blocked or removed.
I personally don’t give a damn if they log my internet connection as long as:
A) There is a strong reason to look at the browsing habits, although i’m pretty sure i won’t go on anything that would cause suspicion i.e. terrorist website (which will never happen).
B) They have a warrant to do so.
so your saying you trust the government? when they put such technology in places can you trust that they arent logging more than they say they are? do you bank online? can you say with complete trust that they wont be logging what you have in your bank account or log the transactions you make if you buy something..
what about if you order a repeat prescription for a embarrassing ailment? (not that lm suggesting you have one, lm being purely hypothetical here). would you want disks left on trains, flash drives left unencrypted or laptops stolen with your information on?
suffice to say, no matter the government.. not one party has proved they can be trusted with our personal data and now they want to harvest more of it. and imho the more thats harvested the more likely it will be used for other purposes.. it will be just too much for them to keep their hands off.. after all most of them have interests other than being MPs etc that will find it very interesting marketing material, not to mention that the more thats logged the more appealing it will be to hackers who will direct more hacks towards ISPs in the name of obtaining a treasure trove of information which could contain banking details, after all as far as lm aware its hard to be completely picky about what data you want to harvest because all data will have to go through their hardware, stripping pages to what you want always leaves the possibility you still have remnants of other data.
Couldn’t trust the government as far i as can throw them. I wouldn’t be surprised if they started selling the data for businesses.
I can’t comment to everything you said but you make very valid arguments. In an ideal world i would still agree with what i said in my first comment however realistically they will be many issues, ‘accidents’, hacking, etc…
The very idea that they want to log everyones online activities just in case they are plotting a terrorist attract, does not hold water with me ,i not only do not trust any government with private data but i don’t trust them full stop, trust is something that they have to earn, so far they have only made me suspicious of them, combine this snooping bill with the censorship website blocking, outdated copyright, and all this talk about yet another entity in the tv internet platform league,