Skip Navigation


What impact will Counter-Terrorism Bill have on UK Internet
Thursday 27 November 2014 10:22:06 by Andrew Ferguson

Security through obfuscation is a common trick and to some extent now we can actually read the detail of the Counter-Terrorism and Security Bill 2014-15 and how it relates to Internet providers we are still not sure what the impact really will be. It is this confusion that has lead to the press and ministers using varying language to describe the measures, often instilling a sense of fear and invoking war type language.

For those with a degree in Law feel free to have a read of the bill which is set for its second reading in the House of Commons. We have read it and the extract relevant to the Internet is shown below, and when reading it bear in mind this quote made with respect to RIPA 2013 "I do not think the ordinary person or Member of Parliament would be able to follow the Act without a lawyer" - Sir David Omand, former Director of GCHQ.

17 Retention of relevant internet data

  1. Section 2(1) of the Data Retention and Investigatory Powers Act 2014 (temporary provision about the retention of relevant communications data 20subject to safeguards: definitions) is amended as follows.
  2. In the definition of “relevant communications data”—
    1. for “means communications data” substitute “means—communications data”;
    2. after “Regulations” insert “, or relevant internet data not falling within paragraph (a),”;
    3. the words from “so far as” to the end of the definition become full-out words beneath the new paragraphs (a) and (b).
  3. After the definition of “relevant communications data” insert—““relevant internet data” means communications data which—
    1. 30relates to an internet access service or an internet communications service,
    2. may be used to identify, or assist in identifying, which internet protocol address, or other identifier, belongs to the sender or recipient of a communication (whether or not a person), and
    3. is not data which—
      1. (i)may be used to identify an internet communications service to which a communication is transmitted through an internet access service for the purpose of obtaining access to, or running, a computer file or computer program, and
      2. is generated or processed by a public telecommunications operator in the process of supplying the internet access service to the sender of the communication (whether or not a person);”.
  4. In addition—
    1. before the definition of “communications data” insert—““communication” has the meaning given by section 81(1) of the Regulation of Investigatory Powers Act 2000 so far as that meaning applies in relation to telecommunications services and telecommunication systems;”;
    2. after the definition of “functions” insert— ““identifier” means an identifier used to facilitate the transmission of a communication;”;
    3. after the definition of “notice” insert—““person” includes an organisation and any association or combination of persons;”.
  5. Subsections (1) to (4) are repealed on 31 December 2016.
Section 17 from Counter-Terrorism and Security Bill

So what do we think it means, basically any service provider be they a traditional ISP or a Wi-Fi hot-spot or mobile provider will have to retain logs of when and which account IP addresses are handed out to. Exactly how long and in what format access will have to be provided in appear to be unknown quantities. As things stand providers generally retain authentication logs, hence who the copyright infringement letters finally find their way to an account holder, so one presumes this is about ensuring that providers archive the data rather than just clearing the logs from a device every few months.

It seems to exclude the recording of any information about where people are visiting with their Internet service, which has previously been a sticking point when similar legislation has been attempted. While authentication information is useful, it tells no-one about those accessing open with weakly secured Wi-Fi networks, particularly as all the IP assignment logs tell you is the account involved.

Of course the problem with the language used is that a lawyer can probably come up with a dozen different meanings and maybe that is why it is written this way, but after the previous problems with RIPA and 'abuse' one would have hoped to start out the journey to a law with something a little clearer.

If we go back to the days when cheap printing and leaflets handed out in public were a key information source, the printed word was considered dangerous and subversive. The Internet is still at that stage it seems.

Comments

Posted by TheEulerID over 2 years ago
I think that's a reasonable summary. It seems to be a log of what IP address was allocated to a particular identifiable entity and when (might be an authenticated user, or an ISP customer's router etc.).
From reading this it would also appear to apply to addresses allocated within NATed domains. I'm not sure how this relates to company internal networks, coffee shops and so on. I assume it also means MAC addresses have to be recorded at the time of allocation.
Posted by baby_frogmella over 2 years ago
Even more reason to use arguably the best VPN service out there...ain't cheap tho!

https://secure.cryptohippie.com/
Posted by tommy45 over 2 years ago
@baby_frogmella
I wouldn't be in any hurry to pay a company who has its servers in the USA they also don't say if they keep any logs or not, There are many other VPN providers who state that they do not log your activities or IP address or any personal details , only the e-mail address you use to create the account, some even except anonymous methods of payment
Posted by TheEulerID over 2 years ago
With any VPN you depend on the integrity of the operators. Who knows what backdoors there may be.

Also, the use of VPNs & offshore proxies to hide endpoints is one way of bringing attention to yourself (internet can reveal the use of such).

VPNs to known end points, like company networks, don't raise such interest.
Posted by tommy45 over 2 years ago
25 GB for 275 USD is that for 1 month or a year.lol?
Posted by baby_frogmella over 2 years ago
@tommy45
I think its for a year. If cost is an issue then cheaper alternatives like airvpn.org or ivpn.net both get very good reviews and are based in Italy & Malta respectively.
Posted by tommy45 over 2 years ago
@baby_frogmella: Still 25gb of data is soon consumed, and IMO is very low even for watching youtube geo restricted content, like some of the old channel 4 stuff,that was broadcast here in the uk,
Posted by mervl over 2 years ago
What's all the fuss about? What's the problem with an on-going database of virtual addresses, as the Government has a database of physical addresses and occupiers? It seems to me it's about what the Government might be doing that it doesn't tell us about, or what the Government might want to do in the future. That is, speculation. And speculation is just that.
You must be logged in to post comments. Click here to login.