UK email and Web monitoring law – just use TOR

The UK is about to introduce a new law (late 2013 I suspect) that allows police and the intelligence community increased powers to monitor email and social media communications. The new surveillance system will involve Internet Service Providers (ISPs) collating and providing the intelligence community and Police with email and web browsing behaviour on every UK citizen who uses an email address and the Web. This new law will not cover telephone calls, but we all know these have been monitored for years anyway.

The UK will still be able to monitor the ‘majority’ of its citizens with this new law, but its the ‘minority’ they will want to ‘watch’. That minority includes the terrorists and criminals groups, so one suspects these groups will continue to use reverse proxy services and a network/client proxy called TOR. TOR is short for ‘The onion router’. The user runs an onion proxy client on their machine. It encrypts and re-encrypts data traffic several times over on multiple server relays (nodes). Each of these relays (nodes) decrypts and encrypts data to pass onto the next relay (node) and finally a destination. So what does the government expect to achieve? Probably very little.

Worth noting UK plc – the internet address of the sender and recipient isn’t in cleartext. This makes it next to impossible for anyone to decipher start and end points for the data transiting the Internet. So how will the government answer this? ISPs and the intelligence community will be unable to monitor this traffic. Period.

In addition, terrorists and criminals will still continue to use underground networks (dark web and IRC forums which also use TOR) and encrypted email, so what is the government aiming to achieve by introducing such a law? They want to monitor the easy targets and collect your online profile data for sale or rent in years to come. The UK remains the most monitored state (some claim even more so than China) in the world right now. If you don’t want to be monitored you can check out TOR (or use a reverse proxy service) or you should remove yourself or restrict what you say in cyberspace right now. You decide.

Safe surfing folks!

This entry was posted in browser, privacy and tagged , , , . Bookmark the permalink.

3 Responses to UK email and Web monitoring law – just use TOR

  1. JB says:

    You might want to check your facts about data being encrypted. The end points are not encrypted and data is sent in clear text. Anyone running an end point can then monitor data going to the “internet”. TOR has a use, but it doesn’t guarantee secrecy only anonymity.

  2. Julian says:

    #JB# What I said was correct to a point – that said I’d like to reiterate what you said and that exit node sniffing is an issue of course for both secrecy and anonymity. HTTPS could resolve this. Hackers could also replace genuine SSL certificates with one of their own. This actually isn’t out of the question. As for the intel community, they will only look to monitor specific traffic on the end nodes. There is also the small issue regarding the cost of deploying the monitoring technology.

  3. Pingback: UK email and Web monitoring law – just use TOR | News | IT Security Magazine - Hakin9

Leave a Reply

Your email address will not be published. Required fields are marked *