UK Surveillance Law

[Veep Peep 13]

Hello,

 

I just heard of a news story that said the UK government is mandating all ISPs keep records of peoples browsing habits for a year - all webpage they have gone to.  This will also be shared with other governments.  No warrant required, your info sits in a database for whenever they need it.
The European courts said it was illegal, the UK cited security concerns.  Oh and that have been doing it all along - but now being transparent about it.

 

Question:  What does that mean for VPNs?

Are they subject to these laws?  What about VPNs outside the UK?

 

Thoughts, comments?

 

Thanks,

 

Mr. V

[LZ1 672]

Hello!

 

You should search the forums before posting, as this has been covered several times already . You're still safe - although of course, VPNs don't do everything.

[serenacat 83]

Maybe it would be handy to have a more definite tree of topics, subtopics and encourage adding to an existing easily found topic rather than general search.

This local forum which has a lot of traffic does this, but also see this topic for "scope creep" of the surveillance state:

https://forums.whirlpool.net.au/forum-replies.cfm?t=2593571

"Urgent warning from ACMA /Skymesh?"

"We recently received an AISI report from the ACMA indicating that a computer connected to your SkyMesh broadband service has been compromised and might be infected with malicious software. The following details were provided to us:"

"Our Support Team has told me that AISI includes "Vulnerable Services" in their scope. Vulnerability reports can just mean something the customer is running on their network is exposed and is vulnerable to being misused by third parties"

"ISP Representative

We have no idea how they detect the infection. The ACMA sends us the IP address of the infected computer and the date and time they observed it on the Internet. We work out who was using that IP address at that time, and we send the notification to the Billing Email Address. That's the limit of our involvement.

In the vast majority of cases, the customer removes the virus from the offending computer and the emails stop. In some cases they ignore our emails or are recalcitrant and the ACMA notifies us to suspend their service until they do. We comply with the ACMA's directions."

"What I would like to know is how are AISI flagging these conditions?

I think that one of those 'They can tell you but then they would have to kill you' type of situations. More information here – http://www.asd.gov.au/publications/protect/dns_security.htm

Mmmm, 'Australian Signals Directorate', I wonder where I have heard that name before. :-)"

 

Australia seems rather to have the worst of both "worlds" - a government and police who want to have all the power and privileges of the Communist Party of China, and American big corporations that run oligopys to screw customers to their credit limits and harvest their private information and behaviour for sale to all buyers. But what happens here may also apply (soon) in places like the UK.

 

1. The ASD was originally a secretive organisation with special powers for the purpose of national security information processing. It now appears to be monitoring all domestic internet traffic, and probing attached routers and computers and mobile phones/tablets for "security vulnerabilities".

2. For detection of bot behaviour monitoring of IP traffic to "addresses of interest" is more general than webpages accessed. Logging at the IP level could include what "cloud storage" is used, what mail servers, skype sessions, and whatever else a mobile phone app connects to.

3. This "government initiative" is new and attracting attention in technical forums, but the mainstream media has no coverage or comment.

4. The case can be made that such activity is beneficial to society similar to checking for drunk or unlicensed drivers, or removal of infectious students from school and transport. But alternatives of education and resources would empower citizens, rather than secret police "protection".

5. Another reason to use a VPN, but also pay for effective antivirus subscriptions and warn family about phishing etc threats.