ISP data collection and retention policy - Page 2

qasdfdsaq · 22-10-2013, 03:02

Quote:

Originally Posted by Qtx

Oh that can't be forced by law. The have a think about encryption keys being handed over to unlock files but wouldn't help them with a VPN, Kinda no point for some, especially if you further route TOR through that original encrypted VPN connection. Few machines with different gateways and you can have layers of encrypted that the NSA won't casually scrape up

Yes it can. What do you think VPNs are encrypted with, if not encryption keys? RIPA specifically covers "electronic data protected by encryption etc.", it makes no reference to "files" and couldn't care less whether that data was sent over a SATA cable to your hard drive or an ethernet cable to your modem. Encrypted data = encrypted data.

There may be no point in trying but the law doesn't have to make sense. The fact that they can force you to hand over encryption keys at all - despite even most power users not having the faintest clue what the actual key is - is quite preposterous in itself yet that's what RIPA does. Hell, even if you legitimately didn't know it, the fact that you refuse to disclose it could be treated as criminal.

---------- Post added at 03:02 ---------- Previous post was at 03:00 ----------

Quote:

Originally Posted by ferretuk

The relevant law being what exactly? Not saying you're wrong of course but without a reference it looks like meaningless scaremongering...

http://www.legislation.gov.uk/ukpga/2000/23/contents

Qtx · 22-10-2013, 10:56

RIPA is a nasty law, no doubts about that. As you said though most don't know what their vpn encryption key is though so can' hand it over. The VPN provider I use changes the keys every hour too. Its not like handing over the keys to a truecrypt container.

All of that assumes you have potentially done something bad enough to warrant the involvement of authorities though. A VPN is still a valid method of hiding your internet activity from isp logging

qasdfdsaq · 22-10-2013, 13:15

Indeed, however most people may know the *password* but not the *key* to a truecrypt container - the latter being randomly generated 4096 bit unintelligible garbage. Hasn't stopped some idiots trying to force people anyway.

Thing is, ISP logging is mainly there for one reason only and that is for the authorities - ISPs themselves cannot even access the data without the same sort of involvement as would be required to force you to disclose your encryption keys. Well, some sneaky ISPs do but that's a different sort of data logging...

Point being, if you've done something bad enough to warrant anyone getting a court order to retrieve data the ISPs have logged about you, you've done something bad enough to warrant the authorities also forcing you to hand over your passwords and encryption keys, whether it's actually practical or not. So again, it doesn't give you any legal protection from the authorities and it doesn't give you protection from anyone else, because nobody else can access the data to begin with anyway.

Dude111 · 23-10-2013, 23:08

Quote:

Originally Posted by Qtx

Take away their ability to see what you are doing and then you don't really have to worry about what they log and for how long

Yes but then cant they threaten to terminate your service for blocking them?? (I dunno,i wouldnt put it past them)