More on UK Snooping Billgreenspun.com : LUSENET : Grassroots Information Coordination Center (GICC) : One Thread
Wednesday, 26 July, 2000, 22:59 GMT 23:59 UK 'Snooping Bill technically inept'
It is easy to hide from police patrolling the web
By BBC News Online internet reporter Mark Ward The UK Government's plans to eavesdrop on criminals that use the internet are "technically inept", say security experts.
The technologies that the Regulation of Investigatory Powers (RIP) Bill would allow police use to spy on computer-literate criminals are easy to avoid, experts believe.
They say those likely to suffer most as a result of the proposed methods would be ordinary citizens who do not know how to safeguard their privacy.
The comments came as Lords amendments to the bill passed the House of Commons without a vote.
During the debate the government moved to reassure the business community over the controversial bill.
Home Office Minister Charles Clarke said firms could be ordered to hand over only information in plain text, rather than the key to any code used to encrypt the information.
Mr Clarke insisted the changes were designed "to give reassurance" that they were not seeking "a back door route" to obtaining commercially sensitive computer keys.
In a report prepared for the Foundation for Information Policy Research, security experts Brian Gladman and Ian Brown have studied just how the police are proposing to spy on and catch criminals that use the internet to commit or plan crimes.
The RIP Bill gives police the power to install "black boxes" in the offices of internet service providers to monitor net traffic and pull out the messages or data in which they are interested.
I cannot understand why the government is going through with the RIP Bill. It is so technically inept Brian Gladman, FIPR Advisor It also gives them the power to demand encryption keys so they can unlock any scrambled data they intercept or find on seized computers.
But the authors of the FIPR report say it is easy for the computer-literate to avoid the attentions of the security forces and keep data private.
"We have been saying for a long time that it is trivially easy to get round the technology provisions in the Bill," said Mr Gladman, a former director of the Nato technical centre. "I cannot understand why the government is going through with the RIP Bill. It is so technically inept."
Criminals catch up
Rather than stop criminals using the net, the methods outlined in the RIP Bill will "undermine the privacy, safety and security of honest citizens and businesses", says the report.
News of the report appeared first in New Scientist.
As one example, Mr Gladman said it was easy to stop e-mail messages being intercepted by using an offshore e-mail account that encrypted messages as they moved across the net.
The report also mentions that the new version of the Internet Protocol will make it much harder to intercept data. The protocol allows two internet-connected computers to use encryption keys that are destroyed after each exchange of data.
Protecting e-mail Use an offshore e-mail service Encrypt when sending and receiving Send messages direct to recipients Use software that supports IPv6 The advent of "always-on" technologies such as ADSL might remove the need for a mail server that holds mail until you download it, said Mr Gladman. People may start to send messages direct to each other, making it much more difficult for them to be caught in flight.
Mr Gladman said that although there were many ways for people to avoid the attentions of the security forces, many of them demanded technical knowledge to set up and use.
Criminals will be prepared to invest the time and energy to learn how to use software or techniques that can help them avoid arrest but others may be left vulnerable.
-- Martin Thompson (firstname.lastname@example.org), July 27, 2000