From March this year all ISPs will by law have to keep information about every e-mail sent or received in the UK for a year. Currently many do this on a voluntary basis but this will now become mandatory. With little evidence to support their position, the government says this move is vital for monitoring crime and combating terrorist activity. The new rules are due to come into force on 15 March, as part of a European Commission directive which could affect every ISP in the country. It will cost between £25m and £70m. The rules already apply to telephone companies, which routinely hold much of the data for billing. The Home Office think the data is vital for investigation and intelligence gathering.
The Home Office insists the data will not contain the email content but data about when and where it was sent. But of course we all known that it is quite possible to work out quite a lot from email headers. This data will be accessible by over 600 public bodies, such as the police and councils, if they make a “valid” request.
Dr Richard Clayton, a security researcher at the University of Cambridge’s computer lab, points out that this will include all the spam out there and would rather see more focused online policing than catch-all initiatives like this. Of course, once the government has this power, they will not draw back from it, and most likely extend it once again, as governments are want to do.
This is not all.
The government has plans for a bigger data retention scheme called the Interception Modernisation Programme involving one central database, gathering details on every text sent, e-mail sent, phone call made and website visited. Consultation on the plans is due to begin later this year.
At the same time, this week, culture secretary Andy Burnham suggested “unsuitable” websites be given cinema-style ratings, a move which played well with some parenting organisations – but as most people who know anything about how the Internet works know, this idea is unworkable.
Yes, pornography is easy to access online, but the solution does not lie in rating web sites (the content of which, unlike films, can change from page to page) but getting parents and schools to educate children about how best to use the Web. There are also technical solutions local to desktop PCs like using OpenDNS or net-nanny software.
As the Guardian recently, and succinctly, pointed out:
“People would be outraged if BT monitored telephone calls for explicit conversations or the Post Office for unseemly letters, yet government is considering such options for ISPs. The monitoring of any such system would be very expensive. It would also incriminate innocent people and make much bigger incursions into the privacy of everyone than could be justified by the few successes it might get. The big porn operators, usually pioneers of new technology, would switch overnight to another corner of the web.”
Plus, how do you rate sites? Who does the rating? I agree with the Guardian: “The government should save the money that might be lavished on an ineffectual Big Brother solution and spend it instead on a concerted campaign to make parents aware of what they can do for themselves.”
What is most incredible about these government proposals, is that one side of the government is not talking to the other. Tom Watson, a cabinet office minister who I am generally a fan of, has made great claim to creating a more listening culture inside government about the innovation economy that technology startups represent. He has held lavish receptions in London and talked a great deal about the amazing technology companies coming out of the UK. He even set up a web site called Showusabetterway.com – about “helping government become more open, transparent and effective through better use of published information.”
But with one hand the government seeks to lock down the British Internet with an iron fist, while at the same time telling us it is boosting innovation and business online.
It is quite clearly blind to the fact that one affects the other.
Are we also expected to think that the consumers using online services are not going to be put off from engaging in the boom of “sharing” that Web 2.0 created? How would you feel if every Twitter you sent, every video uploaded, was to be stored and held against you in perpetuity? That may not happen, but the mere suggestion that your email is no longer private would serve to kill the UK population’s relish for new media stone dead, and with it large swathes of the developing online economy.
These proposals will affect both the blooming of online culture in this country, the development of the innovation economy and its civil liberties – all in one fell swoop.
What is to be done about this?
Well, one approach might be a coalition of civil liberties campaigners, digital rights groups and business. The Open Rights Group is a key thought leader in this. There is also an interesting looking event on soon: The Convention on Modern Liberty. But I also hope that more mainstream figures who are in some way associated with tech, perhaps Stephen Fry, can be persuaded to join.
Why should business get involved?
Mark my words, business would be affected by this: startup technology companies, already restricted by plenty of red tape associated with setting up a business would now have to build in plans for content ratings, tracing users, capturing data for the Home Office – you name it.
And when terrorists can merely default to VOIP or messaging services held on servers outside the UK – hell, they are even using online games to pass messages not old-fashioned, traceable email – it seems utterly ludicrous to subject the ENTIRE population to this burden. All this legislation will do is drive organised crime and terrorists deeper into parts of the Net where they will be virtually impossible to trace, leaving the rest of us monitored like battery chickens.
On Monday I will be calling Westminster Council about how we can go about setting up a public rally against these initiatives, and I’d like to hear from anyone else who wants to get involved.
Stay tuned.
It’s all part of the New Labour Grand Plan for a spot of Totalitarian Government.
It’s also the next step in their Data Mismanagement Project – they’ve run out of personal data to lose, so this is a good way for them to generate some more!
Dungeekin – Great post btw, ” Data Losss Services PLC” . LOL.
I find the slow infringement of civil liberties incredibly worrying, and this latest plan crosses right over the line into ‘Big Brother’ territory.
Please keep us posted any activities, and rallies, as I for one, am interested in participating in any peaceful activities opposing this attack on MY freedom and MY privacy.
If you want privacy, use my encoder/decoder, here’s a free sample so you can see how easy this is:
http://www.pjs-encoder.com/decode/
627vtpz081f ! mzze; 5w! dxzxi! 57d1d9pn52 u71sv44pp9 sd
And what’s to stop anyone else from using the decoder to decode your messages? Cryptography is useless without keys.
I’m with Lach on this one, please keep us informed of any peaceful rallies/protests as this is something I would like to attend.
An interesting side note here is that Tom was considering moving his Parliamentary office to using Gmail. When I asked him about auditing and log management of internal mails his response was thus:
http://twitter.com/tom_watson/status/1071971534
Count us in Mike – anything we can do let us know
They’ve gone mad. Plain and simple. Whether technical, social or logistical, not one aspect of this project is viable.
Count me in too, Mike.
This reminds me of an expression I once heard: “All ideologies are basically variations on human livestock management”.
As opposed to Dungeekin – I don’t think it is a big conpiracy, rather a jumble of unfortunate circumstances:
Groupthink among MP’s afraid to step out of line and face the wrath of the party whip, MP’s being fed proposals they do not understand from bureaucrats (or “civil servants”) looking to expand their personal fiefdoms. Those same bureaucrats wining and dining with lobbyists from various different special interest groups and so on and so forth.
It is basically a large jumble of ignorance, corruption and ambition in an unfortunate mix that ends up like an episode of “Yes, Minister”, but without any of the humour.
On a related note you might be interested in Rewired State – http://rewiredstate.org/. It’s a hackday style event aimed squarely at teaching government about computers.
Great post @mbites online petition is available here http://petitions.number10.gov.uk/GCHQinvasion/
more people need to sign this, if at least only to let them know we’re aware and opposed. how come no major politician or political party opposed to this; lib dems, green party, respect party etc ?
The implication for web-based business systems such as Pearl who transmit confidential business data via web browsers is not clear and its if not accommodated, adoption of new web-based technology will be reduced.
Gartner forecast 70%+ business will transition to web-based systems this year. Poorly analysed legislation cannot be allow to limit this growth.
And during a recession… talk about timing!
Web-systems like Pearl have been seen time and again to reduce overheads and improve business operations enabling business growth. Check our case studies.
If the government wants to enable business to grow, particularly SMEs, policies should support innovation – see China’s $12 billion investment in network or France’s fibre broadband capabilities.
The UK is being left behind – our leaders MUST address these differences
Andrew
Director
http://www.thisispearl.com
I’m in.
whilst not suggesting this is a good use of money and resource, I do think govts around the world have been doing this for ages so not sure why people are acted so shocked
how will they do webmail such as hotmail or gmail? or shouldn’t i have made them aware of that
PaulieA: They might have tried it before, but never before have they had the technological means to do it on such a large, pervasive scale. Now they do.
If we all add “terror bomb plot” to the subject line of ALL email the Gov’t snoops will be swamped with data overload. They won’t have enough time left in the Universe to analyse EVERY email and their project will fail.
@Wille
Viewed in isolation, I would agree that it looks like “a jumble of unfortunate circumstances”.
However, when one looks at the larger picture, in the context of the legislation already implemented or in the pipeline by the Brown Regime, you see something very different.
Examples:
The creation of a ‘Rapid Rebuttal Unit’, led by Derek Draper, to astroturf and kill off negative stories about the Labour Party in the Blogosphere;
The intent of the Intelligence and Security Committee to press ministers to introduce legislation that would prevent news outlets from reporting stories deemed by the Governmnent to be against the interests of national security;
The arrest of a member of Her Majesty’s Opposition, Damian Green, for doing his job and holding the Government to account:
A DNA Database you can’t get off, and a CCTV camera for every 14 citizens;
Plans to capture ‘communications endpoint data’ whether or not you’re suspected of an offence.
Now put this announcement into the context of the above – does this sound like the UK, or North Korea?
D
Last time the Govt tried to do something this dumb was when they tried to set up a central repository of encryption keys.
It got killed because the financial and legal burden of running it was painstakingly explained to them.
That’s the way to kill this – let the politicians run the freedom angle – techies and businesses should talk about what they know best.
Here’s a starter – lets make ‘positive’ comments such as: “it should include a right to recompense individuals if their information is leaked – no crown immunities either.”
Complete farce as usual.
The data will not help catch criminals and it won’t help catch any terrorist… all it does is add additional costs to an already low margin business and of course massively infringe on our our privacy.
Do they actually know how much data (And cost) this will involve? Keeping a record of every email sent to and from a UK account, including the spam? For one of our customers alone this amounts to 35,000 emails/day.
Their are so many ways around this (For the criminals and terrorists)… it won’t for example include small ISPs, it won’t be able to cover webmail only services that are not based in the UK, it won’t be able to cover all other forms of communication (IM, In game chat, SSL communications, etc, etc).
What use are the headers in crime fighting anyway?
So they know that criminal A sent an email to criminal B at 8:40 in the morning… depending on what they call “headers” they may also know the subject of the message.
They will also know that criminal A was sent 14 viagra emails, 5 penis enlargement emails and 3 bust enlargement emails… oh, and that he emailed a few of his (none-criminal) friends and relatives – who are also now being monitored too.
Whats interesting is that any government body will also be able to access this vast database of private information… remember the local council using terrorism laws to spy on a family who they thought lived outside a school catchment area?
Absolute farce and a massive invasion of privacy.
I’m with you on this one Mike!
Pardon my naivety, but can they actually monitor our email traffic if it goes through an encrypted connection (which is the case with most email providers these days), or even better if we encrypt our messages with PGP? Clearly this is an outrageous proposal, but surely we have means to elude government control, right?
Needless to say though, it breaks my tech-savvy heart that it must come down to this.
This is lunacy, but hardly surprising.
My fear is that many people will still be stuck in the “nothing to hide, nothing to fear” camp.
Possibly the best way to stop this is to approach businesses from a corporate confidentiality / due diligence angle – i.e. are they comfortable with having client contacts exposed + will they be prepared to sue the government when that data is exposed?
Count me in. Ludicrous.
Tim Panton – I like your thinking: Automatic £10m compensation for personal data leaks; MP email data on public record etc. Let’s make a list!
No worries, use my encoder/decoder, works on Myspace, Facebook, email, and will probably work on Twitter too.
kcw0uz9lwv9 t9pcspcsai k? ck, rw7lh0, h9bcoo-lxd kwv6ut6m. fgte, a1faqie3dx fqnhfcw4-, 0jaxybgn-b x3pxzy5, q; 3
http://www.pjs-encoder.com
uh yeah that looks super secure.. not
I will certainly attend the rally. I’ve no idea about what kind of work and preparation goes in to such events, but please add me to any “planning & preparation” mailing list:
rlancefield@gmail.com
I’m in as well.
The current trends are very worrying. We have people who understand nothing, will not listen to their own advisors and think that they can predict the future making policy on the fly.
We run the risk of sleepwalking into a nightmare society. I’ll carry a placard.
To those who recommend encryption-style measures as a the only required “solution”, may I respectfully suggest that this is misguided.
A free society shouldn’t need such measures. If you need to encrypt your data to prevent your government and authorities from viewing it at will, you’re already living within a non-free society. In other words, encryption (when it’s done to prevent state intrusion) is a symptom rather than a cure. It’s not the “answer”, any more that the French Resistance was the answer to Nazi occupation.
Great! more money being wasted on something totally unnecessary that could instead be spent on medical research or housing for the homeless.
I’m in. And so, I imagine, would most of the Liberal Democrat blogosphere be. Add me onto any co-ordination/planning email list.
Best
Alix
freedom vs. security, the same old story
Burnham has been making noises about a regulated internet since June, by the way. Add to that Mandelson’s apparent plans for Nominet, Labour’s own development of a party internet team PLUS in the non-tech sphere ID cards, abusable anti-terrorist legislation, incitement of hatred legislation and 28 days without trial, and it all begins to look slightly terrifying.
Just to add to Alix’s list, let’s not forget the amendment to Section 58 of the Counter Terrorism Bill which will make it an offence, punishable by up to ten years imprisonment, to publish or elicit information about any police constable “of a kind likely to be useful to a person committing or preparing an act of terrorism”. (Still think you want to take a picture of that police officer at the next rally for posting on Flickr?).
Then there’s the pending Extreme Pornography laws that redfine what the government thinks consenting adults may get up to within their own homes, and the pending introduction of police cattle prods, AKA Tasers, and the pending comprehensive mobile phone owners database, etc. etc.
As Alix says, it’s moving from worrying, through incomprehensible, to terrifying.
This is bloody outrageous.
This is why I plan to escape this country some time soon.
Another waste of taxpayers money and another step towards Nineteen Eighty Four. We must fight this, just as we must fight against the unnecessary ID card project.
What about using an email provider located in some other country ? For example, Canadian Hushmail or some Swiss webmail provider ?
AFAIK there is no way to intercept and record emails, especially if their webmail uses HTTPS.
£70 million of taxpayers money to catch terrorists and organised criminals. Oh, but only those disorganised enough to use their ISP’s mail server and not the many alternatives. Or those who don’t know how to use an anonymous re-mailer. Or those that don’t realise regular E-mail is fundamentally insecure anyway and use alternative, encrypted communication methods.
Darn, there must be some disorganised organised criminals about! Why don’t the government just set up a facebook group called “I want to blow stuff up” and investigate everyone who joins. I think that would be just as effective as this pointless law.
Glad to see you taking a stand on this Mike. It’s something that a lot of people I speak to in the tech industry are concerned about, but sometimes it takes someone to stand up and be counted before others can do the same.
btw, this post has been picked up on Slashdot and reddit and seems to be getting a positive response.
I’m glad to see you angry about this, Mike, because we do need people to feel angry and for that anger to spur them on to action. There are concrete actions that can be taken, although none of them are a silver bullet, they are important.
Firstly, people should give money to the Open Rights Group. The data retention directive was the first thing I started campaigning on, long before ORG even had a name. But as a supporter-funded organisation, they can only do so much. The more people who give them a fiver or tenner each month, the more that they can do. I know that people are feeling poor right now, but what price our rights?
http://www.openrightsgroup.org/support-org/
The second thing that people can do is volunteer for ORG. Get involved, offer to help organise a demonstration or some other collective action. Blog about it, start a pledge on Pledgebank, or start fundraising for a campaign. Turn the anger into action. It’s very easy to get involved with ORG – join their mailing lists and make suggestions and turn up to the volunteer meetings. They need people to help out, so everyone is welcome.
Thirdly, write to your MP. Be concise, polite and articulate your worries clearly and in your own words. MySociety have made it stunningly easy to contact your MP via http://www.writetothem.com/
Finally, talk to your friends and get them involved too. We need to spread the concern about this issue beyond the usual tech circles. We need as many people involved as possible. Many hands make light work, and many campaigners make campaigns work.
It may seem like a lost cause, but if everybody acted on their anger, maybe we could start to turn around the Titanic before she sinks.
Great post Mike, let’s hope all this will prove to be too costly considering today’s economy. Keep us posted on this!
This is plain lunacy, thanks to you and Slashdot for bringing this to my attention. Yet another ill conceived and not thought through plan from this Goverment. I seriously wonder if they are incredibly stupid or just plain incompetant.
Karl: I seriously wonder if they are incredibly stupid or just plain incompetant.
They are both. And malicious.
what can be done about this ?
get your own email server and use SSL for all transports
simple
they look at everything on the wire if they want anyway so this is just a backup way of accessing data on you by using your own mail server and using SSL it means things stay private and business like
oh and please adopt DKIM…
regards
John ‘the email guy’ Jones
http://www.johnjones.me.uk
Does your Government own you?
Great post Mike.
Everyone can do their own thing to fight this, and they should do that, but to get a bum on a seat in the corridors of power to practically stop these kind of lunacies before they are rendered stone, a few quid to Open Rights Group is needed. ORG spends practically all its supporter funding on paying two people a not very impressive wage to do just that, all day long. Please make it a New Year resolution to put just a few quid ORG’s way over the year to ensure we can keep on doing it.
+1 for any public rally/demonstration.
Great post Mike. It really is a slippery slope and if nothing is done now, such government action will soon become the “norm”. I am a dab hand with a pen and cardboard so primed and ready for some industrial scale placarding.
Count me in for any protest. This is an invasive law that will curtail our freedoms and our children’s freedoms for years to come.
Another idea thought up by idiots who have nothing better to do with their time. In the current economic climate no one wants to see this big brother approach being implemented. It will be probably good for the Post Office as terrorists will just revert to using the good old postal system or has the goverment got plans in place to open and read everyones mail – would not surprise me.
IS there a campaign website yet? Should try and get on TV. Also need to make sure it doesn’t appear to be a *geek* campaign but something that effects everyone.
People should ask themselves would that want anyone they met not to see such personal data about them (put in terms of personal profiles, what they say etc), if they say no then they need to be shown that if that person works in the public sector it is quite likely that they will have access to it.
With the sheer number of people involved it highly dangerous too, at least one person in the chain will take money to get data for someone else – for sure. Secondly if I owned a company there is no way I’d want commercially sensitive information being intercepted by government and the people who are in government, it is such a great unknown as to where that data could potentially end up – take for example a local council which really wants to reject planning permission but has no grounds to do so – remembering that local councils already have used anti-terror laws to spy on people to check their bins and make sure they are within the attachment area for the school they are sending their children to.
@AndyC
It definitely isn’t just a geek campaign. Correction: it definitely isn’t just a *techie* geek campaign. There are political geeks as well
Mike
Let me know if I can do anything to help too.
It’s a real threat on our democracy if New Labour get this through. What is safe if we can’t protect our private from state?
The whole idea is against the very notion of democracy. My fear is that the general populus of this country will sleep walk into this giving away more of our civil freedoms to an authoritian government.
So demonstrations / online activity .. count me in!
I am not a tekkie, but I am a Libertarian, so count me in on any rally. Happy to help organise it anyway I can. I am amazed how silent most people seem to be on this and other current issues of our civil liberties and their erosion. We have got to get together and shout!
ООО «ЭлектроКомпания» – Челябинск
осуществляет лицензированные услуги по производству электромонтажных работ в любых объемах.
Предлагает Вам сотрудничество на взаимовыгодных условиях, в частности текущее обслуживание электрохозяйства, монтаж вновь вводимого и реконструируемого электрооборудования, проектирование, комплектация и поставка электротехнической продукции со склада и под заказ .
Условия сотрудничества предлагаем обсудить дополнительно
т.(351)235-15-50, (351)270-56-54
Email: daupadova@gmail.com