Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Privacy Communications Government News

Every Email In UK To Be Monitored 785

ericcantona writes "The Communications Data Bill (2008) will lead to the creation of a single, centralized database containing records of all e-mails sent, websites visited and mobile phones used by UK citizens. In a carnivore-on-steroids programme, as all vestiges of communication privacy are stripped away, The BBC reports that Home Secretary Jacqui Smith says this is a 'necessity.'"
This discussion has been archived. No new comments can be posted.

Every Email In UK To Be Monitored

Comments Filter:
  • by chiasmus1 ( 654565 ) on Thursday October 16, 2008 @12:17AM (#25394365) Homepage
    Assuming email messages in the UK are actually sent using clients and servers in the UK, it seems that this would be a great time to start working on getting a newer fixed up protocol ready to completely replace the easy to snoop on SMTP.
  • by moniker127 ( 1290002 ) on Thursday October 16, 2008 @12:17AM (#25394369)
    How about this. Lets start a movement for false positives. If you know someone from the UK, email them saying "Hey, dude, dont forget to plant that bomb at the government building on 231 baker st. Oh yeah, and remeber the time we agreed on. 11:15 on tuesday the 21st. " Police state or no police state, they cant arrest us for doing nothing, espically people outside of the UK sending emails to the UK.
  • by deathtopaulw ( 1032050 ) on Thursday October 16, 2008 @12:25AM (#25394451) Homepage
    Whether they read every word or not is irrelevant. The fact that they consistently encroach further upon the privacy of their own people is the real point to get from this. There have been no signs of letting up, and true spying is now only a few steps away.
  • Re:PGP... (Score:5, Interesting)

    by xrayspx ( 13127 ) on Thursday October 16, 2008 @12:25AM (#25394455) Homepage
    I really do hope this drives people to make encryption ubiquitous. All of the egregious US programs have failed to make the public use crypto, but this seems to be well publicized enough that it might make a large chunk of people install and use good crypto.

    GPG plugins for and Thunderbird are at the point now that it's basically set it and forget it, come on folks. (I don't so much like the GPG Outlook plugins, but maybe I haven't messed with it enough)
  • Re:In other news (Score:3, Interesting)

    by TubeSteak ( 669689 ) on Thursday October 16, 2008 @12:30AM (#25394505) Journal

    Snail mail no longer the subject of jokes.

    Does the UK have laws preventing the government from opening your snail mail?

    And don't forget that all incoming and outgoing international mail is fair game, in any country.

  • Re:In other news (Score:5, Interesting)

    by Ihmhi ( 1206036 ) <> on Thursday October 16, 2008 @12:43AM (#25394623)

    It really disturbs me that the plots in various movies, video games, and books that would have been considered "out there" or "couldn't happen" are gradually becoming true.

    Obvious ones (which I've mentioned in a related post a few weeks ago): V for Vendetta and 1984.

    Disturbingly accurate: Mirror's Edge. From the Mirror's Edge Wikipedia Article: []

    The game's name derives from the mirror-like aesthetic of the city of tall, gleaming skyscrapers and Faith's existence on the fringes of that city along with other dissidents, who have been pushed to the edge.

    Though set in a seemingly utopian city environment with low crime, clean streets, and sterile architecture, it is ruled by a totalitarian government regime that conducts unbridled levels of surveillance on citizens. [emphasis added.] In this world of communications monitoring, the only way to deliver confidential information between parties is to employ couriers (called runners) to physically deliver the information.

    Granted, it's more likely that drivers, bicycle messengers, etc. would be used in our current era, but I imagine even vehicles will eventually be surveilled and controlled. "We need to be able to watch people in their cars so we know they're driving safely." "We need to be able to remotely shut off cars in case it is stolen or if someone is driving drunk." etc.

    I wonder how they'd handle couriers delivering information to circumvent this system.

    tl;dr: cute Asian mailwomen will backflip off of walls to get your letter to grandma.

  • by Anonymous Coward on Thursday October 16, 2008 @12:43AM (#25394629)

    Not so much now that the IRA is gone.

    The terrorism card has replaced "think of the children" as the preferred method of forcing through whatever legislation the government wishes (though "think of the children" is still used too).

  • Re:Unbelievable (Score:2, Interesting)

    by msclrhd ( 1211086 ) on Thursday October 16, 2008 @12:45AM (#25394639)

    Welcome to the new China.

    Either that, or we have gone back to 1984. I didn't know Orwell wrote non-fiction!

    So what does this mean for email clients like Gmail that use SSL encryption? Are we going to be required by law to give the government all our passwords?

  • by toby ( 759 ) * on Thursday October 16, 2008 @12:48AM (#25394675) Homepage Journal

    Miss the memo? []

    Warrantless surveillance of American domestic communications has been going on for years.

    Not only has it been comprehensively abused [] (to exactly nobody's surprise), the spying infrastructure has no legal reason to exist. []

    That sinister sound you hear is Nixon laughing at you, wearing a Dick Cheney mask.

  • by plasmacutter ( 901737 ) on Thursday October 16, 2008 @12:52AM (#25394719)

    Maybe I'm just an ignorant American, but you got elected officials, chosen by the working classes, against the population in general, and the House of Lords, who are 'appointed' working for the general population? How does this work? :D

    I think it's a rather ominous demonstration of how beholden our political systems (on both sides of the pond) have become to media manipulation.

    We all know how much media loves the internet.

    The rest of it, for all the conspiracy theories, probably goes back to ratings.

    The more apprehension you create, the more likely they are to turn to your channel the next day, and the next, and the next.

    They get their ratings through BOTH edges of the sword too.
    They get the statists who think mama government will save them from the big bad terrorists.
    They get the sane people who feel compelled to at least know what is going on, and turn on the news out of dread of what their own government will do next.

    Welcome to "wag the dog"

  • Re:That's it (Score:3, Interesting)

    by mabhatter654 ( 561290 ) on Thursday October 16, 2008 @12:58AM (#25394775)

    the colonies had representation... they were considered "corporate" employees of the lords that held title to the land and ran the trading companies. When they joined the colonies they promised to follow the "company rules"... sound familiar?

  • Re:Movie quote. (Score:2, Interesting)

    by ChromeAeonium ( 1026952 ) on Thursday October 16, 2008 @01:03AM (#25394837)

    Too bad that in the UK, the authorities and the criminals (but I repeat myself) are the only ones with guns.

    Not much to be afraid of when you can just shoot the dissenters.

    And that is why any politician who wants to take away my 2nd Amendment rights will never get my vote, or, in the event that they do win, my guns. Better a criminal than a subject.

  • Hot Button Checklist (Score:5, Interesting)

    by Jason Levine ( 196982 ) on Thursday October 16, 2008 @01:13AM (#25394937) Homepage

    She said: "Our ability to intercept communications and obtain communications data is vital to fighting terrorism and combating serious crime, including child sex abuse, murder and drugs trafficking.

    Terrorism? Check.

    Protecting Children/Child Pornography? Check.

    Looks like it's got everything that would be needed to pass it were it introduced here in the US. Plus, it has Murder and Drugs as bonuses. (And before someone misreads my post, yes I know this is happening in the UK.)

    Nor are we going to give local authorities the power to trawl through such a database in the interest of investigating lower level criminality under the spurious cover of counter terrorist legislation.

    Of course not. You can trust the highly trustworthy, never corrupt Federal government to keep the corrupt local government's fingers out of that database and to never misuse that database itself. Suuuuure.

  • Re:Revolution? (Score:2, Interesting)

    by ubercam ( 1025540 ) on Thursday October 16, 2008 @01:24AM (#25395041)

    I hope you're not thinking of the French Revolution [] which began in 1789. It all started with the storming of the Bastille, and featured the arrests of both King Louis XVI and Queen Marie Antoinette. They were subsequently beheaded in 1793 and the Revolution ended with Napoleon Bonaparte seizing power and calling himself Emperor. And we all know how that turned out...

    What I think you meant to get at was Charles I of England [] who was executed a little earlier in 1649. He got to that point by sufficiently pissing off Parliament by imposing taxes without their consent, among other things, such as being at war against them (Royalists vs New Model Army []. This of course led to the Interregnum [] period (aka the republican experiment) under Oliver Cromwell. In the end, Charles' exiled son, Charles II, came back from exile and resumed the throne.

    Thus concludes my brief and not so detailed lesson on 17th century British & 18th century French history.

  • ParanoidLinux (Score:3, Interesting)

    by FilterMapReduce ( 1296509 ) on Thursday October 16, 2008 @01:38AM (#25395147)

    Geez, this makes me wonder how well that ParanoidLinux [] project is coming along. This sort of story really shows why it's such a good idea—having anonymity and encryption is good, but having them auto-configured and applied seamlessly to your online presence is better, especially since privacy is everyone's right, not just techno-geeks'. With undirected, warrantless government monitoring going on, even non-technical users should start asking for good privacy tech. (Disclaimer: Auto-configuration and seamlessness are not necessarily goals of the ParanoidLinux project, but I anticipate that it could be done if enough developers get involved. I am not involved in the project.)

    Hmm, turns out they made their first alpha build earlier this week. That's good news; I've been worried that it would turn into vaporware. (Although in the spirit of the article I suppose I should spell that "vapourware".)

  • Annoyed (Score:5, Interesting)

    by QuoteMstr ( 55051 ) <> on Thursday October 16, 2008 @01:39AM (#25395153)

    There are many people to whom the UK's system is perfectly reasonable.

    Earlier tonight, I had an argument tonight with this woman who favors censoring YouTube. It went like this:

    Her: I can't believe people put videos of woman being raped up on YouTube. They should stop that.

    Me: Well, they'll take them down, and they're usually taken down pretty damn fast.

    Her: Thousands of people can see the videos on the meantime. YouTube should screen all videos before putting them up. If they won't do it, they should be forced.

    Me: Ugh. That would break YouTube. The expense would be huge. It'd drive YouTube out of business. Would you really rather have no YouTube at all?

    Her: Then we'll have the government pay for it, or even set up an agency to review the videos.

    Me: The cost to society would still be astronomical. And doing that would provide a very easy avenue for the government to censor anything anyone finds offensive. It's dangerous. If you want to go down that route, why not pass a law stipulating some huge fine for posting videos of rape? Then YouTube will at least be forced to comply on its own.

    Her, crying by this point: I don't care. Fines aren't good enough. People might still see the videos. We have to filter them all.

    [cut argument about my supposedly not knowing when to stop debating]

    Her: It's not about 'cost to society', it's about protecting women. I'm appalled that you would put not being censored ahead of that. I don't know if I can care about someone who doesn't want to protect women. You should go.

    Keep in mind this woman will have a doctorate in less than a year. *sigh*

  • Re:That's it (Score:5, Interesting)

    by corsec67 ( 627446 ) on Thursday October 16, 2008 @01:56AM (#25395265) Homepage Journal

    One good campaign to try and fix some of that is [] , where they want to have 1 member of the house for at most every 30,000 people. Considering the House hasn't been expanded since 1910 aside from Hawaii and Alaska, it has been very distorted from what it should be.

  • Re:In other news (Score:2, Interesting)

    by Gibsnag ( 885901 ) on Thursday October 16, 2008 @02:22AM (#25395453)

    There are already plans for an extensive license plate monitoring system in the UK. Any car on any reasonably significant road will be tracked.

  • by Anonymous Coward on Thursday October 16, 2008 @02:54AM (#25395693)

    Power grab. However given their track record with IT projects I have a feeling some one is going to be making a fortune off this too.

    Never mind the fact that that much data is going to be an interesting storage problem, never mind search problem. Even if its just email from this person to this person, it was this big and sent at this time. That's going to be an amazing amount of raw data never mind all the indexes and meta data that's going to be needed to make it searchable.

    Never mind the fact that any one with an gram of computer knowledge will just forge the headers to make it look like the email game from Fred on the other side of the country.

  • by messner_007 ( 1042060 ) on Thursday October 16, 2008 @03:20AM (#25395839) Why can't I browse slashdot with https ???
  • by erikina ( 1112587 ) <> on Thursday October 16, 2008 @03:33AM (#25395929) Homepage
    Is 98% of the email you send also spam?
  • Re:PGP... (Score:3, Interesting)

    by Richard W.M. Jones ( 591125 ) <`rich' `at' `'> on Thursday October 16, 2008 @04:28AM (#25396335) Homepage

    I really do hope this drives people to make encryption ubiquitous. All of the egregious US programs have failed to make the public use crypto, but this seems to be well publicized enough that it might make a large chunk of people install and use good crypto.

    The problem is that we fucked this up in the early 90s. HTTPS is a non-starter -- it's far too hard to set up, requires that you pay for each encrypted site, needs a separate IP for each site (so doesn't work with shared hosting), and requires the user to do something special and non-intuitive to visit the encrypted site. Moreover it's not the default for web servers, even though most web servers nowadays are free software written by and for the technocratic elite.

    I won't even start on the problem of email - it took me (a serious techie) half a day to set up encryption for my email, and after one year was up I let it lapse because I don't think I'd sent a single encrypted email in that time, and it was going to take another hour or two to renew the certificate.

    We screwed this one up I'm afraid.


  • by Vitani ( 1219376 ) on Thursday October 16, 2008 @04:55AM (#25396503) Homepage
    If the information in the database can be used to identify you (which it obviously can at the very least for emails & mobile phone communications) then you can send a Freedom of Information Request [] to the Government to be sent a copy of said information.

    Now, in itself one request wouldn't really make them reconsider - but if a few tens of thousand or more people started making these demands - which the government has to comply to - then they might get so swamped with requests, that it becomes too costly to maintain the system.
  • by gb7djk ( 857694 ) on Thursday October 16, 2008 @06:07AM (#25397035) Homepage
    The problem is, of course, that UK Gov seems to think that everyone uses an ISP's mail server. And it is true that many (most) ordinary netizens do. However, many companies run their own smtp servers and configuring an encrypted SMTP server is very easy (exim [] is a wonderful thing) - I have done it for years. One of the features of this is that the actual smtp conversation is encrypted - the senders and recipients are not visible. Given that my MXs are not any ISP, how is GCHQ going to monitor my email senders/recipients - even with fancy deep packet inspection?
  • Re:PGP... (Score:2, Interesting)

    by andyh-rayleigh ( 512868 ) on Thursday October 16, 2008 @07:41AM (#25397661)

    PGP doesn't help - this is a traffic-analysis database - only(!) collecting address (and possibly size) data not content (even for SMSs).
    As it is it will be too big to try speculative "fishing trips" and probably too big for any searches to be affordable for any but the most serious cases (like putting the wrong items in a recycling bin - wish I WAS joking).
    It will also be too big to backup.

    For a while when I was employed by the IT department of a relatively small University I had to spend some time analysing the logs we took of all web accesses (who fetched which web page) to discover who was accessing pron or other items in contravention of our conditions of usage. It was not a job I enjoyed or thought necessary*, but even for less than 4000 users it needed near-supercomputer processing power to handle one days traffic in reasonable time. To search all the corresponding data for (say) 20 million users of landline, mobile, and VOIP phones plus email plus SMS plus web access plus IM (bet they've forgotten that) is going to need ridiculous amounts of power - even by GCHQ standards.

    * we did catch two nursing students accessing child-porn (but not via this method), and about two students a week going beyond reasonable limits in accessing "forbidden" material and it did have a useful side-effect of pointing me at anything that was new and interesting (because lots of people suddenly started accessing it). But it really was a waste of time and resources.

    This looks like it is going to be exactly the same for the UK Security Services.


  • Re:PGP... (Score:4, Interesting)

    by janrinok ( 846318 ) on Thursday October 16, 2008 @07:42AM (#25397667)

    Unfortunately, in the UK they already have the power to demand that you hand over your encryption keys. The solution is not just encryption, but genuine random data sent between your encrypted emails. When they demand your keys simply, and legally, show them that it is random data. The system will not be able to cope with masses of data that _they_ will still believe is encrypted but for which no keys can be produced. Perhaps they will make an example of a few by taking them to court. Well, let's see what happens when it gets bounced to the European Court of Human Rights. The crime has not been committed unless it can be _proven_ to be committed.

    When they (eventually) find some way of closing this loophole, then you start sending binary dumps of data. It is not encrypted but, to all intents and purposes, it is meaningless to anyone looking at it in transit. Will they then make sending binary data illegal? Can you imagine the economic and industrial fallout of such a law?

    To those that think that this is pointless, I disagree. The first thing that will be apparent is the degree to which this monitoring is actually being conducted. No, not the hype that every email will be kept and read, but what can they _actually_ do with that much data? How many people will actually get a visit from the police? (My guess is none.) What I think will be apparent is that they will have a database that, once a suspect is identified, can be examined to find possible additional evidence. But they are not going to be reading everyone's emails everyday. That doesn't make the system any more acceptable but it will show that they are not going anywhere near the 'microphone in very home, restaurant etc' claim that someone posted earlier.

    Then one has to think of all the data that they don't want. Spam, technical updates, forum summaries, OS binaries etc. Perhaps they will discover the ultimate filter for spam or, gasp, get tough on those that generate it - Heaven forbid that something useful might come from this ridiculous law. But, until that time, I sure there is someone bright enough on this forum to devise a piece of software that can hide a message inside something that appears to be spam, a technical update, or a forum summary. Flood the system so that the demands of storing and analysing this entirely innocent and legal data simply make the whole thing unworkable.

    For the 'websites visited' database, that is even easier to flood. Google for a random word, and then have software visit every alternate link on that page, one every second, and simply discard the data. Hey, my broadband is already paid for, it will not affect my data downloading in the slightest. But the database that they have to hold is getting much bigger than they might first have imagined that it would. Out of all the sites that I might visit in 24hours (86400) they have to discover if one of them is actually a front for something more sinister. Before you howl about how one might download something that you wouldn't want to see anyway (pornography, terrorist website or whatever) my answer is that you might already stumble upon such a site anyway. The fact that you did no more that go to a Google link is not yet a criminal offence, and if they want to make it one then much of the internet advertising model is well and truly stuffed the minute they do so.

    All of this is entirely legal but will get the public point of view across very quickly. And if the public don't want to do this sort of thing they perhaps they deserve the sort of Government that they seem to have. Yes, I'm a Brit but, no, I no longer live in the UK, by choice. Just my thoughts....

  • by xaxa ( 988988 ) on Thursday October 16, 2008 @07:54AM (#25397747)

    The lower chamber (House of Commons) has MPs (members of Parliament) each directly elected by about 70000 people. There are 650-ish MPs in total.
    Many MPs are members of the Labour party (they have the majority in the House of Commens, 349) or the Conservative party (next biggest, 193), but there are also Liberal Democrats (63) and others (~40). They can propose new laws. If they vote to pass a law, it goes to the House of Lords.

    The House of Lords is about 750 people. 26 of them are Bishops of the Church of England -- because officially we're still religous here. They speak, but they don't vote -- personally, I'd like to see them removed, but as long as they don't vote no one seems to care enough to do anything about it.
    There are then some Law Lords, but they're being removed because of a reform next year (they are the judges of the highest court in the UK).
    The other lords are nominated/suggested and serve a life term. Generally, they're people with "a record of significant achievement within their chosen way of life". In theory, because they don't need to worry about being elected they can act as a check on the House of Commons -- and they generally do. Most of the stories on Slashdot -- this one included -- seem to pass the House of Commons but the House of Lords tell them to fuck off. The 42-day detention thing was rejected by the Lords earlier this week. []

  • by TheRaven64 ( 641858 ) on Thursday October 16, 2008 @09:16AM (#25398519) Journal
    We did, then some people flew planes into the Twin Towers and suddenly the Mayor of NYC realised that hosting terrorist fundraisers was no longer cool, and once their funding had dried up the last of the few that had been holding out started negotiating. Since then, there have been a couple of attacks, but nothing like the frequency I remember when I was growing up.
  • by JCWDenton ( 851047 ) on Thursday October 16, 2008 @09:16AM (#25398523)
    How's this different from the systems already in place in the UK and Europe? []

    On 15 March 2006 the European Union formally adopted Directive 2006/24/EC, on "the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC"

    The Directive requires Member States to ensure that communications providers must retain, for a period of between 6 months and 2 years, necessary data as specified in the Directive

    * to trace and identify the source of a communication;
    * to trace and identify the destination of a communication;
    * to identify the date, time and duration of a communication;
    * to identify the type of communication;
    * to identify the communication device;
    * to identify the location of mobile communication equipment.


    SMS, EMS and MMS Data - retention period 6 months. Calling number, IMEI - Called number, IMEI - Date and time of sending - Delivery receipt - if available - Location data when messages sent and received, in form of lat/long reference.

    Email Data - retention period 6 months. Log-on (authentication user name, date and time of log-in/log-off, IP address logged-in from) - sent email (authentication user name, from/to/cc email addresses, date and time sent) - received email (authentication user name, from/to email addresses, date and time received).

    ISP Data - retention period 6 months. Log-on (authentication user name, date and time of log-in/log-off, IP address assigned, Dial-up: CLI and number dialed, Always-on: ADSL end point/MAC address (If available).

    Web Activity Logs - retention period 4 days. Proxy server logs (date/time, IP address used, URL's visited, services. The data types here will be restricted solely to Communications Data and exclude content of communication. Web browsing information is retained to the extent that only the host machine or domain name (web site name) is disclosed. For example, within a communication, data identifying would be traffic data, whereas data identifying would be content and not subject to retention.

    Other Services - retention period relative to service provided. Instant Message Type Services (log-on/off time) if available.

    Collateral Data - retention period relative to data to which it is related. Data needed to interpret other communications data, for example the mapping between cell mast identifiers and their location, and the translation of dialing (as supported by IN networks.

    Does the proposal apply only to emails send from eu/uk based ((web)email)providers? Or any emails travelling through their networks?

  • by Anonymous Coward on Thursday October 16, 2008 @09:50AM (#25398987)

    This stuff was in place under Clinton. I know an Ameritech switch tech that set up OC-192s from every tandem switching office in Michigan to North Carolina, the OC-192s carry mirrored traffic off the tandem switch. The processing requirements to mirror traffic so screwed up the tandem switches that they split the four tandem offices covering Metro Detroit into seven tandem offices. In the case of the Pontiac tandem it handed over up to 60,000 calls at any time, now every tandem handles about 25,000 calls peak. So if you make a call outside your central office and it doesn't go over a DIOT (Direct Inter Office Trunk) you're call is being recorded.

    So this predates the Bush Administration. It is so mind boggling that something this huge has been set up and it has taken over 12 years to be exposed. But hey, one single switch tech did this to every tandem office in one state, that means that as many as 50 people knew about this, plus the software guys at Nortel and Lucent.

  • by Bill, Shooter of Bul ( 629286 ) on Thursday October 16, 2008 @10:39AM (#25399765) Journal
    Not justifying any violent acts, but I think the difference in reaction comes down to one reason: familiarity. The unknown is always more frightening than the known. GB knows Ireland. Its close by, they visit every so often. They have a long history together, not all of it pleasant. Islamic terrorism is performed by individuals that don't look or talk like people they know. That makes it more frightening as they can heap all of their fears, superstitions and hatred upon them.
  • Re:PGP... (Score:3, Interesting)

    by DaveAtFraud ( 460127 ) on Thursday October 16, 2008 @12:24PM (#25401417) Homepage Journal

    Actually, I have read quite a bit about cryptanalysis. David Kahn's "The Code Breakers", Yardley's "American Black Chamber", "The Puzzle Palace", "The Ultra Americans", etc. Breaking into an unknown cipher is non-trivial. All the correspondents need to do is agree on the cipher *outside of their e-mail correspondence* (e.g., if this is Thursday then its ROT13 day). The analysis software has to first attempt to identify the cipher being used and then attempt to recover the key. The idea is that even ROT13 means the analysis software has to do some fairly hefty computing until the cipher is identified.

    Having seen what kind of computing resources it takes to just analyze and classify all plain text network traffic at a moderate sized business (10,000 to 20,000 employees), I can tell you that just monitoring millions of people will take a huge amount of computing power. If the watchers are interested in only specific traffic, the task becomes feasible. If their goal is to monitor all traffic, the cost of computation means they'll need a huge amount of computing power. Throw in a little obfuscation and the task becomes incredibly difficult. Effectively, the sea of data collected puts the watchers back precisely where they are now: they can focus on just a small subset of the traffic.


Perfection is acheived only on the point of collapse. - C. N. Parkinson