With the UK Government debating the introduction of surveillance laws that would see browsing data stored by Internet Service Providers (ISP) for up to a year, what will the new laws mean for the average internet user?
New measures under the Investigatory Powers Bill are being proposed by the UK government which, if implemented, would allow police and intelligence officers to see which websites a user has visited without a warrant.
Home Secretary Theresa May says the measures are necessary in order for Britain to fight against terrorism. While the draft bill is still some way off potentially becoming law, what are the main issues surrounding the draft bill and internet safety in the wake of the recent TalkTalk data hack?
Professor Bill Buchanan, Director of the Centre for Distributed Computing, Networks and Security at Edinburgh Napier University for his insight into safe surfing.
He said “Make sure the whole family know that activity will be logged. Corporate users should use Virtual Private Network [VPN] connections and remote desktops.”
The use of HTTPS - a system which encrypts and decrypts internet user page requests and results - is also recommended for those wishing to preserve their privacy.
Make sure the whole family know that activity will be loggedProfessor Bill Buchanan
Nevertheless, the potential threat to ISPs who hold more data about their customers is not to be undersold. Professor Buchanan said: “An insider breach in the Internet Service Provider [ISP] would cause major embarrassment for citizens, along with breaches from the public sector.”
Allaying some of the concerns of those concerned by the legislation, he added: “It is extremely difficult to determine which computer within a home network actually generated the Web access, as only a single IP address is logged.”
While the government may be able to see which websites users have accessed, it will find it much harder to work out which internet-enabled device in the house was the one to actually access the site. This is because of the nature of the connections used to carry the data requests we make.
“Most of the sites that we are visiting now use HTTPS, where the ISP cannot see the content of the request or the results. In a few years time, virtually all accesses will be done over a secure tunnel (SSL), so that it will be impossible to determine the “content” of the request and the replies.”
Professor Buchanan believes that criminals will use these “tunnels”, proxy systems or Virtual Private Networks [VPNs] to hide their illicit activities, thus stopping them from being traced effectively.
As for the realism of these proposals, internet expert Professor Buchanan believes that it will have “little impact”.
“Email is almost always done through a secure tunnel, so all the logging system will see is that the user is connected to the mail server, but all the content will be tunneled. Google and Firefox have been increasingly moving site to use secure protocols, and this bill will increase its adoption.”