It’s 2008. Ireland is supposedly a democracy, yet the Gardai (Irish police force) are now demanding that ISPs provide them with live access to browser data.
Say goodbye to your privacy!
The story was covered in The Irish Times today
Basically the Gardai are asking ISPs to give them a live link into their networks to capture realtime data!
Retaining personally identifiable data falls outside the scope of the data retention directive, as it clearly conflicts with privacy legislation.
The EU data retention directive will come into force in Ireland in the near future, but what it covers is quite slim in many respects and even that is viewed by many as an invasion of privacy.
Having said that it is possible for the gardai, or other law enforcement agencies, to request web logs and other data from ISPs in specific circumstances ie. on a case by case basis where the access request is controlled etc.,.
But providing constant, live, realtime access? That’s a new one.
According to the press coverage today, which is the first I’d heard of the entire thing, the Gardai are trying the “good citizen” ploy as their excuse for what is clearly a request to ignore our civil rights.
Do I want some police officer watching my every move online?
Would I be comfortable with that?
Would you?
I somehow doubt it.
In a country like Ireland where there have been so many cases of government bodies “mislaying” sensitive data this kind of request is insane.
(Disclosure: We are members of the Irish ISP Association (ISPAI) and I’m personally involved with the data retention working group within ISPAI)
I really don’t like the sound of that, for a number of reasons.
I can see Tor becoming a lot more popular.
Niall
If this kind of thing goes ahead I’ll want a vpn or similar at home. Period
Michele
Francis
1 – Unlikely
2 – If the data retention is anything to go by, then ISPs will be expected to foot the bill, so they’ll have to recoup the cost somewhere
3 – very little, since anyone with half a clue will circumvent it anyway
4 – that’s the million dollar question which shouldn’t even be asked! ie. the situation where that question even comes into play should not be allowed to happen
Michele
And what good will a VPN do unless you have a box outside Irish jurisdiction to terminate it? VPN traffic can still be traced and the endpoint determined.
With something like Tor, you more or less donating bandwidth to the Tor cloud which anyone in the cloud can use. This means that there is no easy way to know what traffic is being generated by you, and there is also no way of knowing where your traffic is going to emerge into the general internet.
It could be appear to be from your ip, or from some random ip in San Paulo 🙂
I played with Tor in the past; it’s hugely unreliable and very slow — if there were more hubs it would work better, but it’ll need a massive uptake for that.
Hugely concerning privacy impact though; like hell am I handing that kind of information over.
It has a fascinating parallel to the efforts at security in our airports since the highly suspect attempt by some group of other to board planes, build an explosive device from water bottles of combustible liquid and blow themselves out of the sky.
Since that apparent attempt we’re now all expected to go through the ‘appearance’ of enhanced security measures… we all know what they are so won’t rehash here… but the reality is it’s like trying to find a needle in a haystack and it’s so obvious that no semi-intelligent malcontent is likely to bring anything through security that would look remotely like what the authorities are searching for. The liquid thing’s just a joke. It really is all show and no substance (if you’ll excuse that pun).
Anyway, point being this latest move on live real-time browsing data from ISPs, were it actually to progress to practice, would be much the same. How on earth could the Gardai actually keep on top of the volumes of traffic and god knows how many false positives that might crop up that possiby look suspect according to some measure or other. And who polices the police?
It might reassure a few politicians and other vested interests that something is being ‘done’ but for what actual return and at what cost to our privacy and civil liberties? It’s utter nonsense. In no time there would quite rightly, be a proliferation of sites assisting those not in the know, on how to anonymise their online activity, thus making a farce out of the whole thing.
Is this the first steps towards a great wall of Ireland, where our freedom to see and do what we like is monitored by organs of the state at every turn (however incompetently)? Is this even palatable in a democracy?
If people break the law then it’s right that they should be prosecuted. But are we to allow our very own thought police to effectively censor our choices before we might even make them?
And what precisely are the Gardai going to do if they do find some activity they don’t like the look of? Lets say I decide, purely out of curiosity, to investigate the fine print of the anarchist’s handbook online. Does that make me guilty of a crime?
I think it’s incumbent on the gardai to prove that this isn’t a mighty waste of their time, our money and everyone’s liberties.
Ralph A.
Ralph
Funny that you should mention the airports. Didn’t they announce recently that they were going to be rescinding a lot of those restrictions?
Michele
I think you’re implying that this simply emphasises the ridiculousness of those rules in the first place… and I agree!
Cheers
R
Today’s Userfriendly is particularly apt: http://ars.userfriendly.org/cartoons/?id=20081109
Niall
that’s incredibly apt !
Michele
“How on earth could the Gardai actually keep on top of the volumes of traffic and god knows how many false positives that might crop up that possiby look suspect according to some measure or other.”
The hardware and software is available. However that level of datamining does not get covered in the Irish Times. While most technology journalists will have heard the term ‘datamining’, they have little or no idea of its capabilities. Dealing with gigabytes or even terrabytes of data is not extremely difficult.
John
And who is going to pay for all this hardware and software?
The amount of data involved could be huge, so the processing power to pull anything of any value from it would have to be massive.
Michele
They also want the “url or browser data” so there’s the cost and clutter of all that traffic and infrastructure to handle it too.
Initially the Gardai, Michele,
But the taxpayer would inevitably pay for it all. This kind of monitoring would generate a lot of data but most processing solutions are horizontally scalable.
How exactly are ISPs supposed to do this without putting in massive clusters of transparent proxy servers? And even then it’s possible to get around them with the minimum of fuss.
To give a simple way of getting around it:
1. Get a VPS in random country with no such laws
2. ssh -f -D 1080 user@vps (or if on Windows, uses Putty’s proxy functionality)
3. Set socks proxy to localhost port 1080
4. ….
5. Profit
The closest that a lot of ISPs come to this at the moment is Netflow. However, that works at a far lower level and won’t give ISPs the info that Gardaí seemingly want.
If this goes through, the net result will be to raise the barrier to entry for new isps and thereby reduce competition.