Mass Tracking of Website Traffic in the UK

May 13, 2020 0 Comments

Earlier, we talked about how regulators in the United States are going to require IT businesses to report on customer and user activities. Similar processes are underway in the UK, but such information is collected there in different ways. Let’s talk about this in more detail.

Five Years Old Law

At the end of 2016, the Queen of Great Britain signed into law the Investigatory Powers Bill. He gave the green light to develop a large-scale system for monitoring and collecting data from digital devices. In addition, intelligence officers were allowed to hack not only gadgets, but also the IT infrastructure of entire cities, if required to ensure national security. Also, law enforcement officers were given the opportunity to view which sites British citizens visit and monitor the activity of mobile applications. The tasks of storing and collecting this information were entrusted to Internet providers and mobile operators, and funds for the implementation of relevant solutions were allocated from the budget.

At the time of the adoption of the law, no technical regulations had been approved, so the details of the implementation of such a large-scale system remained unknown for a long time.

More specifics

In 2018, legislators amended the “Communications Data Code of Practice” document, which describes the mechanisms for accessing personal data of UK citizens by law enforcement agencies. It became known that the government plans to develop a unified database with the history of Internet browsing. It was planned to include tracking of visited resources, access time and duration, client IP, as well as some information about the user’s device. Access to the database of police officers was provided using a special search engine – “request filter”.

The development of the new system has been carried out over the past two years – by the forces of Internet providers and the Ministry of Internal Affairs. In March this year, the first test launches were carried out. An example of a table with the data that we managed to collect can be found at the link. Interestingly, the Investigatory Powers Bill prohibits providers from spreading about how the tests are progressing, but the Office of the Investigative Powers Commissioner (IPCO) notes that they conduct regular checks and try to assess which set of data will be “necessary and proportional to the task at hand.” However, some of the data collected may not be useful – for example, the session time maintained within a day.

Man is what he consumes. This statement in the modern world now applies not only to food. Man is alive thanks not only to his daily bread. Every day we consume gigabytes of information, in one day we process it as much as in the Middle Ages people did not receive in their entire life. We just woke up and immediately check e-mail notifications, while we have breakfast, scroll through the feed on VKontakte or any other social network, in our free time we watch videos on YouTube, etc. etc. By these actions, we not only consume, but also create information. Each of our steps on the Internet, any of our clicks, all movements from site to site are recorded and recorded. This is called the user’s social data. It is they who make up our virtual personality. And this personality of ours has its own price, for which they are willing to pay big money.