Usually when we write about snooping and tracking on the Panda Security blog, it is to alert our readers to a new scam or technique being used by criminals to steal personal data. But it’s not just cybercriminals who collect your data – marketers like Facebook and Google also operate massive monitoring and data collection programs to refine their targeted advertising.
And as you might expect, governments also engage in some web monitoring, usually in an effort to combat criminal activity like terrorism. What most people don’t realise is just how invasive this monitoring can be.
Totalitarian state monitoring?
Imagine every online interaction you ever make being monitored and recorded, stored in a massive database that is controlled by the government. This information can be queried and analysed, revealing your most personal information to authorised government bodies. Imagine a tracking and profiling system that you cannot opt out of, nor do you know exactly what that information is being used for.
This sounds like the type of mass surveillance program you might encounter in a totalitarian state like North Korea or China. But this is the Great Britain. And it’s happening right now.
Putting the Investigatory Powers Act to work
In 2016 the British parliament passed a new law – the Investigatory Powers Act 2016 – greatly expanding the rights of official bodies to monitor and surveil the population. The law allows the state to collect ‘metadata’ about online activities. Metadata is information about what you have been doing, so investigators can see that you sent an email to your best friend, but they cannot see the contents of the email for instance.
The government argues that collecting metadata protects sensitive information belonging to citizens, but when analysed carefully, it will still reveal personal details. The types of websites you visited (every web visit would be logged) reveals your interests, political and religious beliefs, health status and much more.
According to the law, this metadata is only made available to government bodies when they have obtained a warrant issued by a judge. In the meantime however, your ISP (the company that provides your internet connection) still has to collect all this metadata just in case the government needs it.
Should I be worried?
Many people argue that you have nothing to fear if you have done nothing wrong, which is true. But at the same time, mass surveillance is contrary to most democratic principles – especially when there is no way to opt out of monitoring.
Can you stop yourself from being monitored? Not easily. Technologies like Tor and onion routing offer high levels of privacy, but they can be quite slow and some websites and services will not work at all. It is also likely that using Tor will attract more government attention, rather than less.
Alternatively you could consider using a VPN to encrypt your web traffic. Government monitoring will only be able to see connections to the VPN service – all your other metadata is protected. That said, some VPN providers will collect your activity logs themselves – and some will hand over that data to the government if requested. Always check the details of any prospective VPN service to check what the provider does with the information they collect about you.
The Investigatory Powers Act is a concerning development for Britain and beyond – depending on the success of the British government’s tests, other countries may be tempted to adopt similarly invasive processes under the excuse of ‘crime prevention’.
To learn more about limiting online data tracking, and how to better protect your privacy, download a Panda Dome Premium free trial including our premium VPN service.