Featured on Liberal Democrat VoiceGoogle released the latest update to their half-yearly Transparency Report today, something I’ve reported on previously. The Google data lists the number of “user data requests” per country, but what it doesn’t do is break it down per head of population.

Doing that breakdown gives depressing results. The UK had slipped into second place behind Singapore in terms of the number of requests per citizen, but as of the latest data – covering the second half of 2011 – we’re back on top. The table below shows the top ten countries, with the number of user data requests per million population. For comparison, I’ve also included the rankings of each country appearing in the top ten for the last couple of years since Google’s records began.

Rank
Country Requests 2011 H1 2010 H2 2010 H1 2009 H2
1 United Kingdom 23.5 2 2 1 2
2 France 21.5 3 3 3 3
3 United States 20.4 4 5 4 5
4 Singapore 20.1 1 1 2 4
5 Australia 19.8 5 4 7 8
6 Germany 17.4 8 7 8 11
7 Italy 14.0 6 6 6 6
8 Portugal 13.8 7 9 10 13
9 Norway 9.8 28 26 22 22
10 Taiwan 9.7 15 16 13 22

You can download the raw data (CSV) used to calculate this from the google figures too.

Remember, this is before the latest government plans come before parliament. We would probably drop off the charts completely if this legislation were to go through as they would no longer have to ask google for the data: The ISPs would be forced to do the snooping instead.

It was reported yesterday that the Home Office are now saying that they’re not worried about encryption, because they can look inside HTTPS. Most people’s reaction is that this isn’t possible, or at least isn’t easy unless you’re going to throw huge resources at the problem. (Edit: Privacy International have reported this in more detail)

Sadly, it’s not that hard – but it has worrying implications.

The technical bit

There’s been a trick used by large corporate IT departments for a while to check on what employees are doing, which they often need to do for regulatory compliance. It works because the IT department controls your PC and the can tell it what Certificate Authorities (CAs) to trust to authenticate remote sites. The proxy you use to access the internet has a root CA on it that your PC has been told to trust, so it can create apparently legitimate looking certificates on-the-fly for any web site on the internet you visit.

This is known as a “Man-in-the-Middle” attack, because you’re sitting between A and B and altering the communications, rather than just listening to it passively. It’s also out there and used today – here’s an example of a commercial device that uses this technique.

That’s fine for corporates, because they control the end devices. However, things became a little scarier earlier this year when one of the real root Certificate Authorities broke the trust of the community.

CAs don’t use their highest level certificates for day-to-day signing. Those certificates are installed in every web browser out there and they have to negotiate with browser manufacturers individually if they’re to change them, so if they’re compromised it’s game over for them. Instead, they generate an “intermediate root” certificate and use that, so it can be revoked if someone leaks it. The real root key stays locked in a safe somewhere. One root CA, Trustwave, didn’t just generate intermediate roots for it’s own use, however: It also generated one for use in one of these snooping devices.

Unsurprisingly, the shit hit the proverbial fan, Mozilla threatened to revoke their CA status (Which would have ended them as a company) and they apologised and promised never to do it again.

Back to where we are today

It seems likely that if the Home Office think they can break HTTPS, they’ve spoken to someone with one of these magic SSL snooping boxes and also spoken with a root CA willing to let them have a certificate. If that’s the case, it’s concerning because they think it’s acceptable not just to listen in on traffic but to alter it in transit in order to glean the contents. We’ve seen the unintended consequences of such actions before, when the Internet Watch Foundation listed Wikipedia as a child porn hosting site.

I can see nothing in the proposed Bill that would act as a safeguard against the Home Office mandating the ISPs engage in such behaviour.

Luckily, it probably won’t work. The moment a CA is caught giving the Home Office a root certificate, Mozilla would likely revoke it. They can lean on Apple, Google and Microsoft as corporate entities to play along but Mozilla is run by the community and it’s going to be hard to pull the wool over everyone’s eyes there.

You wouldn’t be able to get on a site without being snooped on, but at least your browser will pop up lots of warnings letting you know that Big Brother is watching.

P.S. If you’re worried about this sort of attack being used on you, I can recommend Certificate Patrol for Firefox. It pops up quite a few false-positives, but will give a pretty good clue if something suddenly causes all your certificates to change.

Featured on Liberal Democrat VoiceThe draft Communications Data Bill has, at last, been published. We can finally debate what has been written down, rather than what the Home Office have been telling people in off-the-record briefings. Julian Huppert MP has an excellent post on safeguards which might be worth a look first, as those are the principles I would like to see in the Bill. Sadly, the draft bill falls down on several counts.

Firstly, we did point out quite forcefully in early debate that the police and security services were asking for powers that they did not have over the postal service. They’ve fixed that in the draft… by granting themselves powers over post too. Under the draft bill, the Royal Mail would need to scan and store the outside of every envelope that goes through the postal system if the Secretary of State asked them to.

Secondly, the vast majority of requests would still not require any form of judicial warrant. Instead, the police would still retain the ability to authorised themselves to go after communications data.

Finally, (for the major concerns), clause 1 which places the obligations on ISPs to collect data is still far too broad. “Interception” is not allowed, but that would seem to only rule out real-time monitoring as it uses the previous RIPA definition. ISPs could still be mandated to look at the content of all traffic to try to drag out “communications data”.

Internet traffic is not like the post, with the addressee neatly written on the outside. Instead, the outer envelope (IP) contains another envelope (TCP). You need to collect together all the IP envelopes in order to make sense of the TCP conversation. Once you have that, you need to open the TCP envelopes to see if they contain little Instant Message, Club Penguin, World of Warcraft or Facebook envelopes. Then, we need to read the data off that envelope, no mean feat given that World of Warcraft envelopes will be written in whatever language makes sense to them, not to us as service providers.

By the time you’ve built this system, even assuming you figure out how, you have something that is required to read the entire content of everyone’s communication to figure out where the envelopes stop and the letters start.

All this is before anyone puts wax seals on their envelopes encrypts their data, which I suspect will start happening quite widely should this bill pass.

How are the Home Office going to do this anyway? Black Boxes. Clause 1(2) allows the Home Office to impose “requirements for telecommunications operators… to acquire, use or maintain specified equipment or systems“. The Home Office might not operate the black boxes, but by mandating the supplier they’re not far off having complete control. I rather suspect ISPs will have very limited information on or access to any mandated systems, which will limit technical oversight.

Even then, Labour’s original “central database” idea isn’t far off, courtesy of clauses 14 to 16 which talk about “filtering” systems operated not by service providers but by the Home Office. There are no safeguards proposed to stop the Home Office from simply demanding all data held by an ISP as part of a trawl for interesting information.

There are a few other holes that need addressing too, but I would expect them to be tightened up in the usual course of events. For example, if you’re given a notice saying your data might be needed for a court case, you have to keep it until you are told it is no longer needed. However, there is no provision, requirement or obligation for the scope of the retention to be limited. Given how long court cases can take, this could mean that an ISP ends up storing all of it’s communications data for years.

It still needs a little more scrutiny. I notice they’ve slipped in powers to allow snooping to collect unpaid fines and taxes, but I forget if that’s still in RIPA. No doubt as people pour over this more, we’ll get better and better breakdowns of what it all means.

Writing in The Times today, the comissioner for the Metropolitan Police defends forthcoming legislation to allow the police to intercept emails by saying that for him, “policing… is about a Total War on crime”. (£)

According to Wikipedia, Total War involves “less differentiation between combatants and civilians than in other conflicts, and sometimes no such differentiation at all“.

So it seems, in comissioner Hogan-Howe’s view, a bit of collateral damage with civilians getting caught up in the conflict is OK. To me, if that’s the case then the police have failed: they are supposed to be protecting the general population, not dragging us into their conflicit with the criminals.

If Hogan-Howe needs to use the failure of his own police force to justify draconian new powers for the police, then something has gone very wrong with policing in this country. We do not yet know the contents of the snoopers bill, to be revealed later today, but so far these are worrying noises.

Yes, there are many responses out there but this one is mine.

Most of the interesting bits, where I will have said something different to someone else, are in Question 16 as that’s the “any other comments bit”. The language is slightly clunky due to their quite restrictive word limits and I would like to have said more, although I’ve actually ended up sending this via email as the Home Office site is down. If you’d like to response and have not done so far (You have until Thursday) but can’t because of web site issues, there is a copy of the consultation document handily mirrored by the other side, C4M (PDF link). If you don’t want to read through the whole thing to pick out the questions, they’re also reproduced right at the end.

Question 1: Do you agree or disagree with enabling all couples, regardless of their gender to have a civil marriage ceremony?

Agree.

Question 2: Please explain the reasons for your answer. Please respond within 1,225 characters (approx. 200 words).

Even if Civil Partnerships and Marriage were legally identical, “Separate but equal” is not truly equal. Separation of the two institutions creates the impression of “second class citizens” in the thoughts of the general population, which can lead to more widespread discrimination. In this regard, the government should be setting the tone for the rest of the country to follow.

Failure to recognise marriage equally in the UK can also create unexpected and unintentional corner-cases in legislation. For example, I am aware of one British-born Trans person who does not have a Gender Recognition Certificate (GRC) and is currently resident in another country. They are legally married there to someone of the opposite gender, but lack of a GRC is not an issue because that country allows marriage regardless of the (legal) gender of the partners. They cannot obtain a GRC, because they are “married”/”civil-partnered”, and the other country would not recognise an interim GRC as grounds for divorce/annulment.

Basing marriage on one set of legislation, regardless of gender, would remove such problems.

Question 3: If you identify as being lesbian, gay, bisexual or transsexual would you wish to have a civil marriage ceremony?

Yes.

Question 4: If you represent a group of individuals who identify as being lesbian, gay, bisexual or transsexual would those you represent wish to have a civil marriage ceremony?

This question doesn’t apply to me

Question 5: The Government does not propose to open up religious marriage to same-sex couples. Do you agree or disagree with this proposal?

Disagree – religious marriage should be opened up to same-sex couples

Question 6: Do you agree or disagree with keeping the option of civil partnerships once civil marriage is available to same-sex couples?

Agree (Also see answer to Question 16)

Question 7: If you identify as being lesbian, gay or bisexual and were considering making a legal commitment to your partner would you prefer to have a civil partnership or a civil marriage?

Civil marriage

Question 8: The Government is not considering opening up civil partnerships to opposite-sex couples. Do you agree or disagree with this proposal?

Disagree – civil partnerships should be opened up to opposite-sex couples (Also see answer to Question 16)

Question 9: If you are in a civil partnership would you wish to take advantage of this policy and convert your civil partnership into a marriage?

This question doesn’t apply to me

Question 10: Do you agree or disagree that there should be a time limit on the ability to convert a civil partnership into a marriage?

There shouldn’t be a time limit. (Careful answering this question, as there appear to be two versions out there depending on which document you have)

Question 11: Do you agree or disagree that there should be the choice to have a civil ceremony on conversion of a civil partnership into a marriage?

Yes, there should be an option

Question 12: If you are a married transsexual person would you want to take advantage of this policy and remain in your marriage while obtaining a full Gender Recognition Certificate?

Yes. (Although I am now divorced)

Question 13: If you are the spouse of a transsexual person, would you want to take advantage of this policy and remain in your marriage whilst your spouse obtained a full Gender Recognition Certificate? This question doesn’t apply to me

Question 14. Do you have any comments on the assumptions or issues outlined in this chapter on consequential impacts? Please respond within 1,225 characters (approx 200 words).

No.

Question 15: Are you aware of any costs or benefits that exist to either the public or private sector, or individuals that we have not accounted for in the impact assessment? Please respond within 1,225 characters (approx 200 words).

No.

Question 16: Do you have any other comments on the proposals within this consultation? Please respond within 1,225 characters (approx 200 words).

Q5: As noted, (2.12) “many faiths” view marriage as only mixed-sex, but not all and prioritising the views of some above others is discriminatory. There is already differing marriage legislation per religion & this could be continued, e.g. one option may be secondary legislation allowing some faiths the ability to conduct same-sex marriage. Those not supporting this would be unable to carry them out & thus could not be forced to.

Q6&8: Whatever is chosen, it should be equal, i.e. nothing open to same-sex couples not also available to mixed-sex couples. Also, creating anything gender-specific may cause problems for GRCs. Although legislation can handle unusual cases, the bureaucracy often can not, e.g. the intent with Interim GRCs was no break between an annulment & new relationship but this is not possible in practice.

Q10: Having a time limit would serve no purpose, and not every couple will necessarily be in a position to convert in a given time e.g. because they do not hear about it, no money, living abroad.

Other: The precise meaning of 2.30 (“we would not be in a position to reinstate their benefit contributions or entitlements from their original marriage“) is not clear. If backdated payments would be an issue, any previously annulled relationship should on restoration also restore full future state & private entitlements.

All prescribed wording and forms/certificates should also have a gender-neutral option. (E.g. Refer to partners as well as/instead of husband/wife)

News in this afternoon, via a statement on their web site and an email to those that complained, is that Conway Hall have cancelled the booking for the controversial RadFem2012 conference.

The statement is quite interesting, in that it includes the line “In addition, we are not satisfied it conforms with the Equality Act (2010)” and – this is the interesting bit – “We had sought assurances that the organisers would allow access to all“. Note they don’t say “transwomen”, they say “all”: it’s as much about excluding men from a feminist conference being unlawful as it is transwomen, which is right and proper.

Basically, you can run a women-only workshop as part of a conference for rape victims. You can run a cis-only workshop for partners of trans people. These are good ideas and, as long as sensitively handled, to be encouraged.

You absoultely can not run a whole conference on the basis that you hate transwomen, men and anyone who identifies as anything other than pure female so much you’re going to exclude them.

From an activism point of view, it’s good to note that the legal advice received by venues hosting events such as this is sufficient to make them think twice and I also see that the RadFem2012 web site currently mentions simply that “the venue has been changed”. I suspect they’ll only tell paid-up attendees where it is this time, and try to keep it from everyone else.