Slashdot Log In
UK Email Retention Plan Technically Flawed
Posted by
Soulskill
on Sat Jan 10, 2009 12:09 AM
from the never-stopped-'em-before dept.
from the never-stopped-'em-before dept.
deltaromeo points out a BBC report calling the UK's law requiring ISPs to retain users' emails for at least a year an "attack on rights." The article also points out financial and technical flaws with the plan (which we first discussed in October). TechCrunch goes a step further, detailing how it conflicts with other governmental goals. Quoting:
"...with one hand the government seeks to lock down the British Internet with an iron fist, while at the same time telling us it is boosting innovation and business online. It is quite clearly blind to the fact that one affects the other. Are we also expected to think that the consumers using online services are not going to be put off from engaging in the boom of 'sharing' that Web 2.0 created? How would you feel if every Twitter you sent, every video uploaded, was to be stored and held against you in perpetuity? That may not happen, but the mere suggestion that your email is no longer private would serve to kill the UK population's relish for new media stone dead, and with it large swathes of the developing online economy."
Related Stories
[+]
Every Email In UK To Be Monitored 785 comments
ericcantona writes "The Communications Data Bill (2008) will lead to the creation of a single, centralized database containing records of all e-mails sent, websites visited and mobile phones used by UK citizens. In a carnivore-on-steroids programme, as all vestiges of communication privacy are stripped away, The BBC reports that Home Secretary Jacqui Smith says this is a 'necessity.'"
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Full
Abbreviated
Hidden
Loading... please wait.
Saving emails (Score:4, Interesting)
Well if the government wants to save your email, then use a gmail account, or hotmail or something for all your clandestine operations.
Other than that it's business as usual.
Psstt. Buddy, contact me on the gmail account.
Re:Saving emails (Score:5, Insightful)
There's something deeply wrong with a country's attitude to privacy when its people have to turn to the US for better protection.
Parent
Re:Saving emails (Score:4, Interesting)
Not really. The U.S. has a Constitution which protects the People's rights from stupid Legislators passing anti-liberty laws. The government is forbidden from seizing or archiving personal mail or email. The UK does not have such constitutional protection.
It's too bad the EU Constitution did not pass. Its listing of Rights would have provided a basis to overturn this anti-privacy law in the EU Supreme Court.
Parent
Re: (Score:2)
Considering the UK is half in and half out of the EU (they still have their opt-opt status for many things), that most of the UKs people don't want to be further dragged into Europe and having the EU constitution pass allowing many freedoms in the UK taken away by Eurocrats, I'd say having email retained vs being dictated to by unelected officials is actually not as bad.
Note I said not *as* bad.
The poor old UK has Europe on one side trying to erode their rights and their own government on the other doing th
Re: (Score:3, Insightful)
Countries like Sweden are generally regarded as some of the freest in the world, so the EU can't be all bad.
It depends on your definition of 'freedom'. If you use the American "free to be the biggest arsehole I want and fuck everybody else" definition, then the EU rates pretty poorly.
Re:Saving emails (Score:4, Insightful)
Sweden regarded free? You must be joking.
All emails and phone calls are monitored in the name of national security [thelocal.se]
Sweden is second from bottom in the EU when it comes to protecting its citizens' private integrity [thelocal.se]
This is what happens when a government realises it's large imported religious fundamentalist population has ideas that run counter to their modern progressive ones. See also: the UK
Parent
Re:Saving emails (Score:4, Informative)
Parent
9/11 wasn't due to lack of information (Score:4, Informative)
but rather the overflow, with miscommunication thrown in.
Years ago, when they were talking about information overload - I suppose the people were thinking of individuals. But I'm sure it applies to governments as well.
And with the governments seeming to get more petty all the time, I suppose that the actual important things are getting implemented poorly or wholly ignored.
Re:9/11 wasn't due to lack of information (Score:5, Funny)
Oh data mining can sift through threats to the status quo---erm I mean freedom! quite easily, believe me. Machine learning is capable of quite a bit of strange magic.
Parent
Re: (Score:2)
So the answer is to post your email address on every public forum you see. Let them go ahead and store the terabytes of spam per account. Meanwhile, get a gmail account or something for your real email.
Re: (Score:2)
Better yet, get your friends all to set up email accounts for drivel and get one of those markov-chain text generator thingies and send hundreds of emails a day between the accounts. For a bonus, attach random binary data (old jpegs etc.) to some of them.
Buy shares in storage and network companies. Retire. :-)
Why use ISP email? (Score:4, Informative)
Anyone except home Windows users has an MTA (or two or three in the case of Linux) included in their OS, and can run their own email. I always use TLS for SMTP. So while the recipient may archive/distribute your email, the ISP won't be able to.
Re:Why use ISP email? (Score:4, Informative)
that is unless your residential ISP blocks port 25 outbound at their gateways (and it seems most do nowadays), then you are somewhat bound to at least relay your outbound messages off their servers... TLS doesn't protect much at that point.
Parent
Re:Why use ISP email? (Score:4, Informative)
It's not just your residential ISP that may be doing it. I administrate several large mail servers and I use PBL's. They stand for "policy block lists". These lists are submitted by those same ISPs and my mail servers reject any SMTP connections from those IP addresses.
SPAM has caused us to resort to blocking whole ranges of IP addresses from being able to send mail.
If people in the UK have a problem with this then they can use email addresses hosted on servers OUTSIDE the UK. That's the double edged sword of the Internet. You either have to allow it all, or block it all, and there is no in between. The Great Firewall (China), and the The Great Barrier (under construction down unda) will be more leaky than a pasta strainer.
Parent
Re: (Score:2, Insightful)
BTW, I use residential cable for at the house for Internet access, and have no issues sending encrypted mail to my server across the country. Generally, only the standard port (25) is blocked.
The parent post does skip over one important issue, however: in GB, you can be compelled to hand over your encryption keys or face jail time simply for failing to do so. P-O-L-I-C-E S-T-A-T-E.
Re: (Score:2)
You can always ask the provider of your smtp service to open another port. This gets around the port block.
Re: (Score:2)
As for the suggestion that random noise emails are sent as a poisoning tool: it's pointless. They are only saving headers.
A Classic example of the west's hypocrisy (Score:4, Insightful)
"...points out a BBC report calling the UK's law requiring ISPs to retain users' emails for at least a year an "attack on rights."
China, that the UK has been so adept at criticizing, must be saying..."I told you so...!"
Re: (Score:2)
A Classic example of the west's hypocrisy
You may not be aware of this, but the western world is made up of many individuals with differing opinions.
Such optimism (Score:2, Insightful)
That may not happen, but the mere suggestion that your email is no longer private would serve to kill the UK population's relish for new media stone dead, and with it large swathes of the developing online economy.
I wish I had such faith in the awareness and caution of the average British consumer.
surprised (Score:5, Informative)
You mean it's not? Seriously, I'd be shocked if it were not stored waiting to rise up and bite me on the ass at the most inopportune moment.
Re: (Score:2)
Wouldn't that mean storing all http traffic?
What about https traffic, if the destination is in a foreign country that doesn't have the British "give us your keys" lunacy?
Re:surprised (Score:5, Insightful)
That was my first thought. When I was young and naive, I posted to Usenet under my real name. I knew that was for worldwide distribution, but at the time I didn't expect it to be for worldwide *perpetual* distribution. Then DejaNews comes along and brings back a lot of things that I'd expected to fade away like BBS posts used to do.
I'm lucky. There's nothing horribly embarrassing or wildly contradicting my current opinions out there. I'd hate to be, say, a reformed racist who'd posted some crazy stuff out there, and who now gets to have people he meets form their opinions about him based on who he was ten years ago.
These days my real name is a conformist sheep, and I keep my crazy politics to pseudonyms. And even still, I have to think twice about what I say because I know the government is archiving it all for when they want to cherry-pick it to declare me unpatriotic if I embarrass them in some major way. I've accepted that level of exposure, but it's disheartening that the world's superpowers are devolving into this level of totalitarianism.
Free speech, indeed.
Parent
Re:surprised (Score:4, Insightful)
I'm lucky. There's nothing horribly embarrassing or wildly contradicting my current opinions out there.
Same here, I used my real name on usenet, the difference is that I still use my real name.
Because I'm not afraid to defend my opinion.
That opinion might on some subjects have changed over the last 15-odd years but that's only natural, after all I believe in Evolution.
Parent
Re:surprised (Score:4, Insightful)
Because I'm not afraid to defend my opinion.
Well, neither am I. I can admit when I was wrong, and I can take the heat for the things I think are right despite being unpopular ideas.
But that's beside the point. The problem is when I'm not given the opportunity to defend my opinions. Like in the hypothetical "reformed racist" scenario: Someone searching the net to read about him will come across that, and find what he's said... And then shun him, but he'll never find out why. Or maybe he'll get fired, or people come and key his car. What should he do? Post a sign in his front yard that says "I'm no longer a racist, I was wrong, and I'm sorry for the stupid shit I said in the past"?
And when it's the government that's archiving everything I've said, it's way worse. Instead of keying my car, they're going to take provocative things I've said in the past and trump them up to make me look like a terrorist, if they ever think I'm rocking their boat too hard.
Parent
If I were subject to having all my email stored (Score:4, Interesting)
I'd add a new cron job to email a random 32 bit integer to a freshly created gmail account and have it run as frequently as possible.
I wonder how long it would take them to arrest me, assuming I wasn't just shot in the back during my morning commute.
Re:If I were subject to having all my email stored (Score:5, Insightful)
Worse still, in UK after you are arrested you will be requested to provide a key to decrypt hundreds of KB of those random numbers that you sent, and you will be in prison until the key is working. Do you think they will believe that your emails were just random numbers? "That's what every crypto-terrorist is claiming!" they will tell you.
As it stands, you'd be better off if every 32-bit word that you sent is a sequential group of 4 bytes from your favorite book (or its ciphertext, if you wish, made with a known key.) At least when they put your feet over hot coals you will be able to save yourself. If that doesn't happen the numbers remain pretty random and your experiment will be unaffected.
Parent
Re: (Score:2)
Note to self, after encrypting secret plans, XOR with my digital library. Claim it was DRM for ebooks.
Re:If I were subject to having all my email stored (Score:4, Interesting)
Parent
Re:If I were subject to having all my email stored (Score:4, Funny)
This is why my basement is wired with explosives.*
While the cops are entering through the front door, I am exiting out the back, so I can remotely detonate the bombs and blow them to Kingdom Come. (Unless of course they have a valid warrant signed by a judge, in which case they may enter peaceably.)
*
* I'm just kidding.
Or am I?
Parent
When will the UK citizens finally rise up? (Score:2, Insightful)
It's been long overdue - the level of surveillance the UK government has set up over the years is really overwhelming ... how many more drops can that barrel take before the UK people finally kick them politicians in their well deserving @sses?
Here in Germany, with data retention and other laws like the BKA law that have been made over the last couple years, people are slowly waking up and seeing what is happening. 34000 people jointly went to the "Bundesverfassungsgericht" opposing the EU-originated data r
Re: (Score:2)
Not very soon. Do you know anyone who got arrested because of government spying on communications? over 99,9% of "normal" people neither. They don't know government is spying on them, because it isn't clearly visible. Normal people just want to continue their plain ex
Email is private? (Score:2, Informative)
These people think that email is private?
Its not the content (Score:5, Informative)
The only requirement is to keep the logs for a year, from/to/time/date. Their thoughts (rightly or wrongly) is they want to be able to bring email inline with telephone records, where they can find out who called who and when - but not what you spoke about (we'll leave that to Echelon).
Sadly, I don't think anyone cares (Score:4, Insightful)
the mere suggestion that your email is no longer private would serve to kill the UK population's relish for new media stone dead
I only wish that were true, but sadly I feel your statement is something you dragged out of your ass. Most people's behaviour so far in using the likes of Facebook have shown that they're not likely to worry.
Pete Boyd
They'll get their way (Score:2, Troll)
Despite being alive either in or around WWII or during the 60's when they were all for love and peace, these people are happy to turn the UK into a Nazi state so long as it keeps the coloured people out and criminalises young people just for being born.
Re: (Score:3, Insightful)
Light bulbs...not a particularly sensational story right? Wr [dailymail.co.uk]
Get Involved (Score:5, Informative)
The goal is to fight "crime and terrorism"... (Score:2)
...yet any criminal or terrorist need only ask a bright 14-year-old to set up an email server for them on their local machine serving encrypted mail through a non-standard port. As with most "fixes" of this nature they will only catch idiots and the innocent.
Re: (Score:2)
Or open an anonymous Gmail account (and turn on SSL)?
"Not on the phone!" (Score:2)
Remember that phrase? The older ones here might (depending on what country you're in) from the age when operators still existed.
Next step was talking in "code". Cryptography in a very crude fashion. So Uncle Martin was sick when we couldn't talk about that.
And why does anyone think this will be different now? Imagine you're a multinational terrorist organisation. Do you really think you have fewer tools at your disposal than the average company? In other words, the ability to inform your people about the th
Most people won't care (Score:5, Insightful)
Really, I don't think most people will care. If a nice leaflet/broadcast/website from the government explains "it's to catch terrorists" and "it's to catch really super big evil criminals" - most people will say "well I am not one of those so I don't care". A few people will mutter over their pints of beer and a couple of articles will appear in the papers, uber-geeks will use some encryption or other work around, the real criminals will read the geek websites and learn how to cover their tracks, and 99% of the population will just go on as before. They don't mind giving their credit card details out to online stores they've never heard of before, they'll not worry the government keeps a copy of their emails.
Little public outrage was voiced here in the UK when Echelon became known about. A few left wing and liberal newspapers wrote big articles on it blowing the whole thing open to the middle class public and it didn't get much more feedback than a few people switching their vote to a different mainstream party, a couple of letters from Angry of Tunbridge Wells to the Times, and a few dozen hackers waving banners outside a government building or two. The man on the Clapham omnibus just won't care.
Re: (Score:2)
Protect the children...
It's against the terrorism...
The most used phrases to pass illegal law!
[yes a law is illegal if it's against existing laws as this is]
D-fence (Score:2)
With this system it would be prudent for more people to use encryption of their communications. But from personal experience, 99% of people just don't care. They are perfectly happy to use a website for credit card purchases if there's a little padlock in their browser.
But when it comes to email or IM, they are happy for their thoughts to be in plain text. As a test, I tried sending a signed email to people I chat with, and they mostly complained what the hell is this crap in the email. Most were using MS-O
Just print them... (Score:2)
And send them to the gov...
Their problem after that. ;)
Royal Mail (Score:2)
In the days of the Empire it worked, it will save the nation once more.
Re:Governments (Score:4, Insightful)
Revolutions just set up worse governments. Riots make the current government clean up its act.
Parent
Re:Governments (Score:4, Insightful)
And besides, revolutions are *expensive.* You've got to get a whole lot of people to pledge their blood and treasure to your cause.
And anyone who's that kinda popular can just run for office and win in a landslide with no need to risk bloodshed.
Parent
Re: (Score:2)
Governments attack their people because that is the will of the corporations that put them in power.
No sane person would bite the hand that feeds it.
Re: (Score:2)
And here comes a chopper to chop off your head.
Sorry. Bad habit.