POST Tells UK Government - You Can't Easily BAN Internet Anonymity - ISPreview UK
The Parliamentary Office of Science and Technology (POST) has published an interesting new note that examines Internet anonymity technologies, such as TOR and the so-called DarkNet websites (e.g. SilkRoad), which can be used to support freedom of expression by circumventing censorship and yet also act as a tool that is exploitable by trolls, criminals and terrorists.
Juggling the issue of Internet anonymity isnt easy. On the one hand it allows people to say and do things that may be against the law, while on the other it helps those who live in oppressive countries (e.g. China, Iran.. the United Kingdom etc.) to circumvent Government imposed filtering, thus enabling the free exchange of ideas and political viewpoints; without fear of being arrested.
Ordinary people in safe countries also like their privacy (if we didnt then Im sure wed all be happy for the government to put a CCTV camera in every home?), so the attraction of online anonymity is obvious and it can also help to protect you from spammers and make it harder for hackers to attack your connection.
Never the less the UK Government has already signalled its desire to introduce tough new Internet surveillance powers and to potentially also restrict the use of encryption technologies (here). Meanwhile telecoms and Internet providers have been left to roll their eyes, largely in recognition of the politicians inability to understand how such networks actually work.
The way the Internet is designed means there will always be a way to hide your identity or circumvent restrictions, not least because ISPs can only provide a window to the Internet, but they cannot physically control the content on remote servers. The only true way to block access is to physically cut the cable (dont go online at all) or remove / stop the data at its source. The latter requires global cooperation, which isnt easy because we dont live in a universally friendly world and laws differ.
In practice much of what the Government wants to do is technically almost impossible, although GCHQs impressive (if a little scary) ability to tap and monitor data traffic passing over international fibre optic cables that enter into the UK (here) does show that TOR itself may not always be completely safe.
Likewise the TOR network has in the past been hacked in a way that has allowed law enforcement agencies to identify some of its users. But doing this at a limited scale is one thing, yet it would be rather more difficult to apply such approaches to everybody and TOR is always adapting.
Lest we not forget that anonymity isnt always the intended purpose for using specific systems, such as a Virtual Private Network (VPN), but that can still be the outcome. Businesses across the UK often require their employees to work from home using an encrypted VPN and there are thousands of consumer grade alternatives, such as ones that help people in Spain to get a UK IP address so they can still view the BBCs iPlayer content while away from home etc.
In the above example the IP address comes from the VPN and not your connection, which as a by-product makes the end-user hard to identify; although some VPN providers may share their logs with security agencies. In short, the POST report reflects the fact that a ban on Internet anonymity would be effectively unworkable.
Quote:
The Parliamentary Office of Science and Technology (POST) has published an interesting new note that examines Internet anonymity technologies, such as TOR and the so-called DarkNet websites (e.g. SilkRoad), which can be used to support freedom of expression by circumventing censorship and yet also act as a tool that is exploitable by trolls, criminals and terrorists.
Juggling the issue of Internet anonymity isnt easy. On the one hand it allows people to say and do things that may be against the law, while on the other it helps those who live in oppressive countries (e.g. China, Iran.. the United Kingdom etc.) to circumvent Government imposed filtering, thus enabling the free exchange of ideas and political viewpoints; without fear of being arrested.
Ordinary people in safe countries also like their privacy (if we didnt then Im sure wed all be happy for the government to put a CCTV camera in every home?), so the attraction of online anonymity is obvious and it can also help to protect you from spammers and make it harder for hackers to attack your connection.
Never the less the UK Government has already signalled its desire to introduce tough new Internet surveillance powers and to potentially also restrict the use of encryption technologies (here). Meanwhile telecoms and Internet providers have been left to roll their eyes, largely in recognition of the politicians inability to understand how such networks actually work.
The way the Internet is designed means there will always be a way to hide your identity or circumvent restrictions, not least because ISPs can only provide a window to the Internet, but they cannot physically control the content on remote servers. The only true way to block access is to physically cut the cable (dont go online at all) or remove / stop the data at its source. The latter requires global cooperation, which isnt easy because we dont live in a universally friendly world and laws differ.
Quote:
Extract from the POST Report
There is widespread agreement that banning online anonymity systems altogether is not seen as an acceptable policy option in the UK. Even if it were, there would be technical challenges. For example, when the Chinese government attempted to block access to Tor, Tor Project Inc. introduced secret entrance nodes to the Tor Network, called bridges, which are very difficult to block.
Some argue for a Tor without hidden services, because of the criminal content on some THS [Tor Hidden Services]. However, THS also benefit non-criminal Tor users because they may add a further layer of user security.
If a user accesses a THS the communication never leaves the Tor Network and the communication is encrypted from origin to destination. Therefore, sites requiring strong security, like whistle-blowing platforms, are offered as THS. Also, computer experts argue that any legislative attempt to preclude THS from being available in the UK over Tor would be technologically infeasible.
There is widespread agreement that banning online anonymity systems altogether is not seen as an acceptable policy option in the UK. Even if it were, there would be technical challenges. For example, when the Chinese government attempted to block access to Tor, Tor Project Inc. introduced secret entrance nodes to the Tor Network, called bridges, which are very difficult to block.
Some argue for a Tor without hidden services, because of the criminal content on some THS [Tor Hidden Services]. However, THS also benefit non-criminal Tor users because they may add a further layer of user security.
If a user accesses a THS the communication never leaves the Tor Network and the communication is encrypted from origin to destination. Therefore, sites requiring strong security, like whistle-blowing platforms, are offered as THS. Also, computer experts argue that any legislative attempt to preclude THS from being available in the UK over Tor would be technologically infeasible.
Likewise the TOR network has in the past been hacked in a way that has allowed law enforcement agencies to identify some of its users. But doing this at a limited scale is one thing, yet it would be rather more difficult to apply such approaches to everybody and TOR is always adapting.
Lest we not forget that anonymity isnt always the intended purpose for using specific systems, such as a Virtual Private Network (VPN), but that can still be the outcome. Businesses across the UK often require their employees to work from home using an encrypted VPN and there are thousands of consumer grade alternatives, such as ones that help people in Spain to get a UK IP address so they can still view the BBCs iPlayer content while away from home etc.
In the above example the IP address comes from the VPN and not your connection, which as a by-product makes the end-user hard to identify; although some VPN providers may share their logs with security agencies. In short, the POST report reflects the fact that a ban on Internet anonymity would be effectively unworkable.