IP Bill: tech firms attempt to offer respite from surveillance

News by Roi Perez

Now that the Investigatory Powers Bill has been passed, tech firms are looking for ways to offer customers ways to circumvent the spying associated with the law.

Now that the Investigatory Powers Bill has been passed, tech firms are looking for ways to offer customers ways to circumvent the spying associated with the law.

The Investigatory Powers Bill was approved by the House of Lords on 19 November and is expected to become law before the end of 2016.

Parts of the law, mandate that UK ISPs must keep a record of all UK citizens' online activities,  including which services their customers' devices connect to, and which messaging apps they use.

As part of Schedule 4 of the act, this data is then accessible by government agencies like the Gambling Commission and Food Standards Agency.  

The Home Office, who has put forward the bill, and some MPs, have all staunchly supported the bill have on multiple occasions stressing that the law is an essential tool in combatting terrorism.

Dan Tentler, founder of the Phobos Group, tweeted and pointed out that having this kind of information accessible to government agencies could lead to abuses of rights.

Owing to a recent swathe of data breaches, many security experts have questioned whether or not ISPs would have the ability to securely maintain all the internet connection records they would collect under the law.

Jacob Ginsberg, senior director at Echoworx points out, “What happens when this treasure-trove of metadata is made publically available by a malicious attacker? We need to think longer and harder about the implications of unavoidable outcomes and the impacts they will have on people's lives, whether it's discrimination over an insurance policy or an outright attack on privacy.”

In a response to this, several virtual private network (VPN) companies are looking to notify the public of their offerings as the British public seek to counter this new level of government surveillance.

Research by internet privacy and VPN comparison site BestVPN.com amongst UK internet users show that the principles of the bill are a major concern to the nation, with one in eight (12 percent) saying that they would halve their internet use.

A third (36 percent) went on to say that they would not disclose details such as their address and even bank/card details, which would mean them stopping buying anything online.

Douglas Crawford, cyber security expert at BestVPN.com, comments: “The passing of the [Investigatory Powers Bill] is a clear move towards the erosion of privacy for individuals and businesses in the UK. A wide range of government organisations could have access to a huge amount of untargeted surveillance metadata. While bulk warrants will only be made available to security organisations - there is nothing to prevent police from applying for a targeted warrant against an entire organisation, such as an entire hostile foreign intelligence service.”

SC spoke with Jodi Myers, a spokeswoman for NordVPN who said, "There was a major uptick of customers coming from Australia last year, which we think correlated to when its data retention law came into effect,” adding,  "and we are already seeing an increase in customers from the UK are after the same thing. ."

Myers told SC of how NordVPN has doubled the encryption it uses in UK: “Double VPN servers UK-NL and NL-UK will ensure the traffic is encrypted twice and securely tunneled between the two servers,” she said.

NordVPN, like many other VPN service providers, believes in barrier-free Internet and online privacy, and feels that instead of weakening online encryption, governments should work towards protecting people's privacy and online security.

Myers added: "Our biggest advantage is we have a zero log policy, as our headquarters are in Panama, which doesn't have data retention laws.”

Taking privacy even further, one UK ISP named Andrews & Arnold, is looking into providing DSL to a firm named Brass Horn, who plan to offer Tor-based internet browsing.

SC spoke with Adrian Kennard, managing director of Andrew & Arnolds, who said that they “are working with Brass Horn, by providing them the L2CP tunnel to allow them to place TOR over that to encrypt it. We are essentially going to relay the traffic.”

Kennard added, “I'm not entirely sure on their logic, it's a tiny market.” However, he recognised that when combining the Investigatory Powers Bill and the Digital Economy Bill which is criticised for blocking pornography, he said “people want a quiet uninterrupted life.”

Kennard also mentioned that, "In addition, we're considering using Iceland as a location for servers which aren't in the UK, to reduce the amount of information that is logged and recorded.” Adding, “at this point, anything is better than the UK with its draconian laws. So Iceland seemed like a logical choice, as they have great data centres and will allow for low latency connectivity for our customers in the UK.”

Concluding, Kennard said, “Our customers do come to us with questions regarding privacy. We pride ourselves on being transparent in what we do, and we hope to never get a court order to turn over records on one of our customers, though we're probably too small for them to do that.”

The Open Rights has now said it plans to challenge the Investigatory Powers Bill in court.

Open Rights Group's executive director, Jim Killock, said in a statement: “While parliamentarians have failed to limit these powers, the Courts may succeed. A ruling by the Court of Justice of the European Union, expected next year, may mean that parts of the Bill are shown to be unlawful and need to be amended. ORG and others will continue to fight this draconian law.”

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews