Social network sites 'monitored'

The UK politicians and authorities seems to think that use of technology in a completely unfettered and unlimited way to monitor or record,and snoop on it's citizens is fair-game. If you consider as a whole the powers the govenment has now awarded itself, then every aspect of your life can be invaded, monitored and possibly investigated. So so wrong and yet most people not only accept it but endorse it by freely publicising what really should be kept private and welcoming unecessary CCTV monitoring and tapping in response to government scaremongering about terrorism, immigration and crime.

BigD

__________________
You make your own luck.

www.shootingthecheese.ch
The place for fun and chat in Switzerland.

I'm not convinced the government understand the volume of data they are talking about here, in fact I'm not sure it is technically feasible to capture it all at the moment let alone store it in a useful manner. This is way more data than Google capture for example, where do they plan to store it? How will they implement this mega database quicker than it becomes obsolete?

The more immediate problem is Phorm, BT could feasibly capture this amount of information and this dubious man in the middle situation is a bit scary:
BBC NEWS | Technology | Big websites urged to avoid Phorm

I wonder how long it would be , once the government has access to all this information, before they happen to loose it on a train somewhere , or someone or some organisation manage to hack into the system and monitor the monitors... George Orwell was 100% correct only 20 years to early... with 1984... Brits are already the most watched country in the world... almost makes me want to give up my British Citizenship....

__________________
Dont let the Bastrads grind ya down

Both valid points, first the government have an especially poor track record with private data and this should be addressed before such a scheme is even considered, and second such a massive DB would be a serious target.

Obviously there is a practical problem and those reasoning: "it'll never work!" seems to be enough of an excuse for others to discount the possibility of it being used.

A friend of mine was involved in datamining at a major supermarket, and although initially they had little clue what to do with their millions of transactions, when faster and better analytics came along, they started doing some quite scary stuff. It is amazing what you can infer from someones shopping basket and details of their transactions.

The problem is not just the agency that gathered the data, but also third parties that want to exploit it and relate it to other databases.

I want to establish if MrX is an alcoholic so his exwife can shaft him in a divorce. Without any inside information from his ex, I obtain his shopping details, which help me to determine his current marital/domestic status and address, then I use the quantities and frequencies of alcohol purchases. Then I obtain CCTV footage of his movements near the pubs during times when he is not using his Sky satellite box or his ISP connection. If possible I track his movementsusing his mobile phone triangulation which I obtain from a colleague at the mobile phone company. Then I establish how frequently he has had sick days from his job by hacking his Time&Attendance computer. Then I look at his facebook account to establish how often he goes on "drinking events".... and so it goes on....

BigD

__________________
You make your own luck.

www.shootingthecheese.ch
The place for fun and chat in Switzerland.

The problem here, specifically regarding the feasibility, is more than just capturing the data (I tried to find the post on Slashdot about 6 months ago where somebody worked out how much data this actually is but can't find it)

I am by no means an expert in encryption, in fact I consider myself a novice, and I know how to send a message to somebody that is encrypted beyond the level that the UK govt could break. So if somebody wanted to send an unreadable message what are they (UK govt) going to do about it? On the flip side assuming terrorists do use Facebook to plot attacks are they likely to include keywords such as bomb? Of course not, they will appear to be standard conversation in some kind of proprietary encryption (word substitution, whatever). How do they hope to retrieve this from the mass of data or even identify it as malicious?

With an overload of information, it's almost certain that profiling will be used, certain patterns sought to quickly identify persons of interest for further investigation. How acurate will these be?

Suspicious transmissions would be flagged up as non-standard encoding of traffic in a voice application for example. A low bandwidth voice is expected to be encoded in a certain way. If someone that knew the protocol for voice encoding, start of message frame , on a closed channel (multiplexing obviously makes it more difficult) etc etc, could recognise that your data payload does not correspond with the characteristics of open-traffic. That would set alarm bells ringing without you having to do anything.

I have no direct knowledge of any of this in use other than I would be very surprised if such alarms are not already in use.

BigD

__________________
You make your own luck.

www.shootingthecheese.ch
The place for fun and chat in Switzerland.

It's pretty easy to identify encrypted voice traffic but then it could be tunneled though an ssh tunnel (a VPN) for example and there is no way of knowing what that carries. You'd have to accept that some traffic you will not be able to sniff, or block certain types of ssl traffic which has it's own limitations.