As ‘Snoopers Charter’ becomes law, one ISP is showing how state surveillance can be bypassed

The Investigatory Powers Bill, or ‘Snooper’s Charter‘, is about to become law. This will make legal the mass surveillance technologies that UK agency GCHQ and its partners have deployed for the last decade or more, as revealed by Edward Snowden.

The Canary has already published a guide to help individuals, such as bloggers and online journalists, to protect themselves against state or commercial predators. Now a UK company called Brass Horn intends to go one step further, and provide a comprehensive anti-surveillance service to anyone – individuals, organisations and businesses.

It’s not surprising that many internet users, especially bloggers and political activists, may want to find out in simple terms how to be safe online from predators such as ‘Big Brother’, consumer organisations, and those who simply wish to steal identities. Now is the time to act. But finding the right technology and advice is not always that easy. It appears that Brass Horn is trying to fill that gap.

Online protection

Brass Horn Communications, a Reading-based Internet Service Provider (ISP), is now offering highly-secure facilities and services for internet users. Brass Horn describes itself as “a non-profit ISP with the purpose of helping people protect their privacy in light of increased mass surveillance”.

It aims to:

show the Government that we have a right to privacy online, by building a form of broadband network where a modem/router connects to a private Wide Area Network (WAN) that only contains Tor Bridges.

Using Tor or VPN services are the most common way for security-conscious users to connect to the internet. However, these services are not perfect.

For that reason, Brass Horn also offers an OnionDSL service, which is basically a closed network between an end user’s modem and the Brass Horn Tor bridges.

Workshops

In addition, Brass Horn is offering free “Mass Surveillance Self Defence Workshops” (two dates, so far, in November) at its International Solidarity Centre.

These workshops will examine a range of topics, including Bulk Interception, Stingrays, Internet Connection Records as well as targeted surveillance (Regulation of Investigatory Powers Act, communications data, metadata, threat modelling, etc).

Also, the workshops will demonstrate how to set up and use a number of privacy/security tools: Tor, TAILs, Signal, GPG, SSL / TLS and full disk encryption.

Brass Horn’s ‘political agenda’

Significantly, Brass Horn states that:

All connections to our services are encrypted (TLS, Tor, SSH) and we will not surrender private keys. Periodic key rotation will be announced. We will not keep any logs for any services (httpd, sshd, postfix, Tor bridges, etc). UK staff do not hold the decryption keys for any of the disks in servers physically located in the UK so cannot be coerced to decrypt a seized server under RIPA s.49.

Brass Horn has also assisted campaigning organisation the Open Rights Group. But whether it can successfully out-maneouvre GCHQ remains to be seen.

The services offered by Brass Horn could be characterised as a direct challenge to government thinking and the surveillance state generally. They won’t suit everyone, but may in time become more commonly available as more people take them up. Such services will prove to be particularly useful for lawyers, who wish to protect their clients. Similarly, journalists – whose media organisation has not yet adopted highly secure systems – may find such services beneficial.

A guide for online (and offline) security

Meanwhile, a detailed guide for political activists on how to protect yourself online (and offline) has been published in Germany. The guide states that it:

aims to be a concise overview on information security for anyone in emancipatory struggles against structures of power.

It covers:

• Security Culture: introduces the social side of things.
• Physical security: describes securing physical access to information.
• Traditional communication: is about the pre-internet kind.
• Digital base security: discusses building a digital base to communicate from.
• Internet services: points out problems with and alternatives to common internet communications services.

Here is the English version of the guide.