BBRoundtable

Posted: **Thu Nov 06, 2008 3:44 am**

Internet "black boxes" could be used to record every email and website visit made by computer users in Britain.

What do YOU think of this?

Source: Telegraph.uk

By Graham Tibbetts
Last Updated: 12:24AM GMT 06 Nov 2008

Under Government plans to monitor internet traffic, raw data would be collected and stored by the black boxes before being transferred to a giant central database.

The vision was outlined at a meeting between officials from the Home Office and Internet Service Providers earlier this week.

It is further evidence of the Government's desire to have the capability to vet every telephone call, email and internet visit made in the UK, which has already provoked an outcry.

Richard Thomas, the Information Commissioner, has described it as a "step too far".

The proposal is expected to be put out to consultation as part of the new Communications Data Bill early next year.

At Monday's meeting in London representatives from BT, AOL Europe, O2 and BSkyB were given a presentation of the issues and the technology surrounding the Government's Interception Modernisation Programme (IMP), the name given by the Home Office to the database proposal.

They were told that the security and intelligence agencies wanted to use the stored data to help fight serious crime and terrorism.

Officials tried to reassure the industry by suggesting that many smaller ISPs would be unaffected by the "black boxes" as these would be installed upstream on the network and hinted that all costs would be met by the Government.

One delegate at the meeting told the Independent: "They said they only wanted to return to a position they were in before the emergence of internet communication, when they were able to monitor all correspondence with a police suspect. The difference here is they will be in a much better position to spy on many more people on the basis of their internet behaviour. Also there's a grey area between what is content and what is traffic. Is what is said in a chat room content or just traffic?"

Ministers have said plans for the database have not been confirmed, and that it is not their intention to introduce monitoring or storage equipment that will check or hold the content of emails or phonecalls on the traffic.

A spokesman for the Home Office said: "We are public about the IMP, but we are still working out the detail. There will a consultation on the Communications Data Bill early next year."

Posted: **Thu Nov 06, 2008 4:30 am**

$5 says they're already doing that here...

Posted: **Thu Nov 06, 2008 2:23 pm**

KenseidenXL wrote:$5 says they're already doing that here...

I doubt it. Maybe the idea has been thrown out there, but if really is being actively discussed, then it's probably still in the Bickering Incessantly Over It stage in Congress.

Anyway, unlike the wiretapping issue, this really would piss me off. It's one thing to have somebody possibly observing my phone calls without my knowledge, since it's not like I have anything to hide in my phone conversations and the person is just listening in. On the other hand, recording every website I've been to and every email I've made means that database could theoretically be hacked into, and that's just not a risk I'm willing to take. The government, in its massive inefficiency in all matters, would be far too prone to being hacked, particularly if it dangles a massive target that says "HACK ME!!!" on it like that database would.

Posted: **Thu Nov 06, 2008 3:24 pm**

You should look at the current definition of "wiretapping"...

Posted: **Thu Nov 06, 2008 6:54 pm**

I can see a privacy outcry here as it could be potentially used to sniff out passwords & sensitive information, including SSL stuff... granted SSL stuff is encrypted, but enough brute force can eventually crack it.

Posted: **Sun Nov 09, 2008 7:25 am**

One of my UK mates told me they've been doing this for years there.

Posted: **Sun Nov 09, 2008 2:24 pm**

You don't get it, do you. The collected info would NOT be kept on servers with internet links. Skimmed data traffic can be passed through a one-way node to storage servers for later data mining and analysis. The connection would be through a specially-extruded fiber optic cable that PHYSICALLY allows data to flow only one direction.

Posted: **Mon Nov 10, 2008 12:36 am**

Every such recorded connection first must make it to where the beginning of one of those cables are. That would require either (a) an ordinary connection between every ISP and the government, which does not address those concerns, or (b) an unfeasible amount of money being spent on such special lines being run from every ISP in the country to one such server. Alternatively I suppose is (c) storing boxes at every ISP or in locations in every city, but that leaves a whole new cost on things and also lower physical security of the information.

Posted: **Mon Nov 10, 2008 4:27 am**

In-line prism splices work just as well for opitcal cable and induction taps are quite good for coax lines.

Posted: **Tue Nov 11, 2008 2:51 pm**

The fact that it'd be monitored at all would still leave the possibility open for someone stealing the data, even if the lines do only run one way. Keep in mind that the human element of the equation is the most vulnerable, and the second some fookup security guy neglects his responsibilities, someone will jump at the opportunity and steal data on his watch. Human oversight error is probably the reason security breaches happen half the time anyway.

Posted: **Wed Nov 12, 2008 4:36 am**

If the storage computer has no connection to the internet, EXCEPT via the inbound-only trunk line, HOW could the data be stolen by someone OTHER than an insider.

Posted: **Thu Nov 13, 2008 4:18 pm**

You act like insiders have never stolen anything in the history of mankind. I'd think you of all people would be more skeptical about this.

Posted: **Thu Nov 13, 2008 10:34 pm**

KenseidenXL wrote:If the storage computer has no connection to the internet, EXCEPT via the inbound-only trunk line, HOW could the data be stolen by someone OTHER than an insider.

Aah, maybe it's just a Data CD, a laptop or an USB stick left behind by an INSIDER in a car or just the next McD stolen by an OUTSIDER - I have heard that things like these happen quite frequently in the UK.

Posted: **Fri Nov 14, 2008 4:04 pm**

I know that's how a medical records database at Ohio U., where I went to college, got stolen. Some diptard left a laptop with the information on it in his car, and someone broke into the car and yoinked it. JEEEEENYUS.

BBRoundtable

Internet black boxes to record every email and website visit

Internet black boxes to record every email and website visit

Re: Internet black boxes to record every email and website visit

Re: Internet black boxes to record every email and website visit

Re: Internet black boxes to record every email and website visit

Re: Internet black boxes to record every email and website visit

Re: Internet black boxes to record every email and website visit

Re: Internet black boxes to record every email and website visit

Re: Internet black boxes to record every email and website visit

Re: Internet black boxes to record every email and website visit

Re: Internet black boxes to record every email and website visit

Re: Internet black boxes to record every email and website visit

Re: Internet black boxes to record every email and website visit

Re: Internet black boxes to record every email and website visit

Re: Internet black boxes to record every email and website visit