Tech firms seek to bypass internet history log law

The Investigatory Powers Bill is due to become law before the end of 2016.  Its aim is to help combat terrorism, but critics have described it as a “snoopers’ charter”.

Internet providers will soon be required by law to record which services their customers’ devices connect to including websites and messaging apps. Under some circumstances, police and other authorities will be able to access the data without a warrant and critics of the law have said hackers could get access to the records.

James Blessing, chairman of the Internet Service Providers’ Association (ISPA) said, “It only takes one bad actor to go in there and get the entire database.  You can try every conceivable thing in the entire world to [protect it] but somebody will still outsmart you.  Mistakes will happen. It’s a question of when. Hopefully it’s in tens or maybe a hundred years. But it might be next week.”

Now, some virtual private network (VPN) operators have taken the opportunity to offer their services as a way to get round the law.

VPNs digitally scramble a user’s internet traffic and send it to one of their own servers before passing it on to a site or app in a form they can make sense of. A similar process happens in reverse, helping mask the person’s online activity. As a result, instead of ISPs having a log of everywhere a customer has visited, the only thing they can provide to the authorities is the fact that a subscriber used a VPN.

Jodi Myers, a spokeswoman for NordVPN said,  “We saw a boom in Australia last year correlated to when its data retention law went into effect and we are already seeing an increase in inquiries from the UK.  Our biggest advantage is we have a zero log policy. Our headquarters are in Panama, which doesn’t have data retention laws, so it allows us to do this. And even in the worst-case scenario that our servers are confiscated, there would be nothing on them because of the way they are configured.”

Caleb Chen, a spokesman for Private Internet Access, another VPN provider said the UK government would find it difficult to prevent the use of such workarounds, “The legislation specifically mentions connection service providers and not just ISPs, and the assumption is that VPNs based in the UK will have to give up their logs under this law.  But as a US-based company, my legal team has advised me that we would not be under any obligation to do so.  And even if the government were to try to take it a step further and say no UK citizen could use a VPN that was not compliant with the law, those services would still be available.”

Plus the widespread use of VPNs by businesses to provide staff with remote access to their email and other work-related files would also make it difficult to restrict the technology’s use.

A spokeswoman for the Home Office declined to discuss ways it might tackle such efforts.

“The Investigatory Powers Bill provides law enforcement and the security and intelligence agencies with the powers they need to protect the UK and its citizens from terrorists and serious criminals, subject to strict safeguards and world-leading oversight.  Terrorists and serious criminals will always seek to avoid detection.   To ensure they do not succeed, we do not comment publicly on the methods or capabilities available to the security and intelligence agencies.”

Be the first to comment

Leave a Reply