PDA

View Full Version : Web surveillance - who’s got your data?



Terpe
2nd April 2012, 17:55
The government's plans to extend surveillance of our communications to cover email, the web and social networking have provoked quite a storm, with MPs from across the political spectrum joining with privacy campaigners to express concern.

I'll leave coverage of that to my political colleagues - but let's turn to the practicalities, and how this surveillance might affect you and me. Or, to be selfish, me.

From what we know of the plan, it involves asking Internet Service Providers and mobile phone companies to store records of users' email and web traffic - not the content, but the destination. So the companies could be asked to hand over details of who you emailed and when, not what you were talking about.

So how much of that data do they store already? I approached Virgin Media, my current Internet Service Provider, O2, a mobile phone network I use, and Google, which provides my personal email, to ask them for details of what they knew about me - and how much effort it would be to collect more data. Here's what I found:

Virgin Media

My ISP Virgin Media says it doesn't store any data on my personal web or email use, though it does collect data at a network level to understand the overall patterns of traffic.

If it is served a warrant, though, it can allow the authorities to access data about an individual customer's web and email use. As far as I understand it that could include web-based email services like Hotmail and Gmail. The company was keen to stress that there are very strict limits on how many such warrants can be issued, under the Regulation of Investigatory Powers Act, and Virgin itself doesn't get to see or keep that data involved.

So what happens if the government does want to go further? The company was reluctant to go into any detail, but I get the impression that starting to collect data on my web and email use on a routine basis would be a complicated operation, but by no means impossible.

Now I was left a little confused here because my understanding was that secure web-based email such as Gmail, where HTTPS pops up in your browser, could not be accessed by your ISP. So I then turned to Google.

Google

As a user of various Google services, from search to Gmail, I know that the company does have plenty of data on me. For example, it obviously knows who I've emailed and when - the sort of information that the government may want to see in the future.

Google pointed me towards its transparency report which details requests for user data from the UK authorities. Between January and June last year, it received 1,279 such requests, and complied with 63% of them.

But what about that secure web email question? Here, Google had a different story from Virgin Media. The search firm insists that when I send an email from my Gmail account on my home broadband connection using SSL - the secure system - Virgin can't see who I'm emailing.

In other words, the security services may be more interested in targeting the likes of Google than your ISP if they want to know who you're talking to.

O2

My mobile phone network, O2 pointed me towards their privacy policy which details what kind of information they collect. It's quite a list:

"Phone numbers and/or email addresses of calls, texts, MMS, emails and other communications made and received by you and the date, duration, time and cost of such communications, your searching, browsing history (including web sites you visit) and location data, internet PC location for broadband, address location for billing, delivery, installation or as provided by individual, phone location."

The policy says it can be disclosed to third parties "where required by law, regulation or legal proceedings", under the same rules which Virgin mentioned. The data is retained "for not less than six months and not more than two years".

What seems clear from this is that both Google and the mobile networks already collect plenty of data which might be of interest to the police and intelligence services - and which they can already access, subject to quite strict controls. A move to make it easier for the authorities to access that data might not impose much of an extra burden on them.

For ISPs like Virgin Media, however, it seems to be a different story. They will have concerns about the cost of collecting this information and the impact on their relations with their customers. And, given how disgruntled ISPs are already over plans to force them to police copyright abuse on their networks, prepare for a battle over what they will see as a new burden.

Source:-
http://www.bbc.co.uk/news/technology-17586605

andy222
3rd April 2012, 07:33
Hmmm wont be long before we are all wearing tracker tags or micro chipped at birth.:doh

joebloggs
3rd April 2012, 07:38
May again :angry:
I hope this one does cost her, her job :D
she's probably reading this now :doh

time to start using a VPN :rolleyes:

tone
3rd April 2012, 16:53
Good sum up there Mate - there are a range of Virtual Private Network providers out there but usually its more for hiding internet traffic and allowing someone to pop out here when abroad for UK TV/Lottery services I think.

As ever the real criminals will be using encryption technologies to hide their tracks and possibly use a number of obfuscation methods to hide the information they want to transmit! Lets face it most of these people know what they are doing and it will be up to GCHQ to crack the algorithms in use by the nasty people.
Its uncommon for corporate and government to send email without encryption, but who knows someone may accidentally send something in plain text and get done.

They can read my email if they want its nothing useful! They will simply store data and use it after the horse has bolted so to speak..