January 9th, 2009

British ISPs must log all emails for 12 months

Posted by Richard Koman @ January 9, 2009 @ 12:22 PM

Categories: International, Privacy

Tags: Security, Internet Service Provider, Internet Service Providers (ISPs), E-mail, Storage, Databases, Internet, Online Communications, Hardware, Enterprise Software

As part of an overreaching plan from Britain’s Home Office to drastically expand surveillance capabilities, new rules will go into effect in March that will require ISPs to keep data about every email sent or received for no less than 12 months.

As the date nears, ISPs and privacy rights organizations are starting to complain bitterly about the new rules, IT Pro reports.

The Information Commissioners Office, a watchdog agency, said:

It is likely that such a scheme would be a step too far for the British way of life. Creating huge databases containing personal information is never a risk-free option as it is not possible to fully eliminate the danger that the data will fall into the wrong hands. It is therefore of paramount importance that proposals threatening such intrusion into our lives are fully debated.”

And Chris Mayers, the chief security architect at Citrix, added:

The Government’s responsibility is to uphold national security and protect the public. Building a single national database that holds information about every email sent will achieve neither aim. A centralised database merely magnifies the security and privacy risks. With the continuing spate of data leakages, the public is unlikely to feel confident in the security of the database. It is hard to see any public benefit of such a database, whatsoever.

Under the European Commission rules, which become effecting March 15, any public agency that makes a lawful request will be able to access ISP data. Ironically, the EC’s conference on Computers, Privacy and Data Protection takes place March 16.
That should be an interesting conference.