Slashdot Mirror
UK Email Retention Plan Technically Flawed
deltaromeo points out a BBC report calling the UK's law requiring ISPs to retain users' emails for at least a year an "attack on rights." The article also points out financial and technical flaws with the plan (which we first discussed in October). TechCrunch goes a step further, detailing how it conflicts with other governmental goals. Quoting:
"...with one hand the government seeks to lock down the British Internet with an iron fist, while at the same time telling us it is boosting innovation and business online. It is quite clearly blind to the fact that one affects the other. Are we also expected to think that the consumers using online services are not going to be put off from engaging in the boom of 'sharing' that Web 2.0 created? How would you feel if every Twitter you sent, every video uploaded, was to be stored and held against you in perpetuity? That may not happen, but the mere suggestion that your email is no longer private would serve to kill the UK population's relish for new media stone dead, and with it large swathes of the developing online economy."
Well if the government wants to save your email, then use a gmail account, or hotmail or something for all your clandestine operations.
Other than that it's business as usual.
Psstt. Buddy, contact me on the gmail account.
Mean what you say...say what you mean.
but rather the overflow, with miscommunication thrown in.
Years ago, when they were talking about information overload - I suppose the people were thinking of individuals. But I'm sure it applies to governments as well.
And with the governments seeming to get more petty all the time, I suppose that the actual important things are getting implemented poorly or wholly ignored.
Governments always try to take away people's rights. Honestly I don't know how politicians think they have so much power. A good ole fashion revolution would at least remind people that, Governments exist by the will of the people not the other way around.
Anyone except home Windows users has an MTA (or two or three in the case of Linux) included in their OS, and can run their own email. I always use TLS for SMTP. So while the recipient may archive/distribute your email, the ISP won't be able to.
"...points out a BBC report calling the UK's law requiring ISPs to retain users' emails for at least a year an "attack on rights."
China, that the UK has been so adept at criticizing, must be saying..."I told you so...!"
That may not happen, but the mere suggestion that your email is no longer private would serve to kill the UK population's relish for new media stone dead, and with it large swathes of the developing online economy.
I wish I had such faith in the awareness and caution of the average British consumer.
Since a very few years UK (also AUS) looks more like that dystopian paradise that was portrayed on 1984 by George Orwell, seriously, looks bad from a distant point of view. In times like this you can count on youth to say "not to easy" to the "system" sadly actual youth is severely handicapped and out of sync with reality. Oh well, I for one welcome 1984 Beta
"How would you feel if every Twitter you sent, every video uploaded, was to be stored and held against you in perpetuity?"
You mean it's not? Seriously, I'd be shocked if it were not stored waiting to rise up and bite me on the ass at the most inopportune moment.
If we all post as Anonymous Cowards, they will never be able to smite thee!
Sad fact is that about 99% of non slashdot UK chaps couldn't care less about this and isn't web 2.0 sooo 2008?
I'd add a new cron job to email a random 32 bit integer to a freshly created gmail account and have it run as frequently as possible.
I wonder how long it would take them to arrest me, assuming I wasn't just shot in the back during my morning commute.
With the thought of this looming, if ever there was a time for mass-adoption of GPGP or other open PGP/encryption methods, this is it. Shared keys, trust, and full party encryption needs to be adopted and expected by the public before that's outlawed as well in order to allow this type of system.
--
It's been long overdue - the level of surveillance the UK government has set up over the years is really overwhelming ... how many more drops can that barrel take before the UK people finally kick them politicians in their well deserving @sses?
Here in Germany, with data retention and other laws like the BKA law that have been made over the last couple years, people are slowly waking up and seeing what is happening. 34000 people jointly went to the "Bundesverfassungsgericht" opposing the EU-originated data rentention law ... court has already reduced the state and state institution access to data kept through that law, with final decision expected (or hoped for) some time first or second quarter ...
It is time for every citizen in the so-called and formerly free and democratic countries to make sure they do everything they can and get the word out to get rid of the surveillance-measures their countries are putting into effect.
I guess the old saying "Orwell was an optimist" is true after all ...
So I guess they are going to keep copies of mail sent through the postal service as well? Oh wait, that would require opening it.
...and the ``suggestion'' that it isn't will not deter nearly anyone from anything.
No one cares that their email isn't private. You can tell people that their email isn't private all day long; they'll believe you *only* after their "private" email is publicly used against them -- not before.
Meanwhile, they'll keep using new media and loving it. Only the security/privacy paranoid, i.e., us, will be worried.
Honestly.
Delete the /var/mail and get rid of the rootkits /var/mail and keep the rootkits?
Or preserve the
This is the problem with all such laws. They only effect those that don't care and thus either idiots or people that have nothing to hide. Ergo it's a massive scheme that will at best catch stupid criminals while generally inconveniencing everyone else.
If I'm a criminal that must have his online traffic kept private I can do that anywhere in the world regardless of the access restrictions. From China or Dubai, I can send encrypted communications or proxy my traffic so that no one knows where its' coming from.
Any kind of general program is entirely pointless and probably counter productive because it will only mean that smart criminals are that much more likely to take precautions. Only when these tools are used in a specific and targeted means do smart criminals get sloppy. They figure "oh, they could but they're not." so they leave themselves open to wiretaps, mail searches, etc.
Imagine who would throw evidence in the trash if they KNEW all trash was saved and searched? They'd never throw anything away that could be useful. Or imagine if you KNEW that every phone conversation were being tapped and recorded? Would you EVER say anything incriminating over that line? Of course not... Thus by monitoring everyone you make the whole process pointless.
It is the act of fools.
Even in police states people find clever ways to getting around the monitoring so any free state that thinks to apply the same practices is just wasting its time.
How about...
An Unmanaged server, with no password?
No need to preserve anything except rootkits!
These people think that email is private?
sudo mount --milk --sugar
The only requirement is to keep the logs for a year, from/to/time/date. Their thoughts (rightly or wrongly) is they want to be able to bring email inline with telephone records, where they can find out who called who and when - but not what you spoke about (we'll leave that to Echelon).
If (or when) the technology is developed to listen to and log everyone's face to face conversations, then the government will want to use it. After all, anyone could conspire with anyone else at any time to plot a crime, and they are the government, they need to know about it.
And if people are talking in a language or even a pronounciation that the snoopers cannot understand, it will be an offence not to provide an exact translation.
the mere suggestion that your email is no longer private would serve to kill the UK population's relish for new media stone dead
I only wish that were true, but sadly I feel your statement is something you dragged out of your ass. Most people's behaviour so far in using the likes of Facebook have shown that they're not likely to worry.
Pete Boyd
The elderly population is growing in Britain. This large group is full of fear-filled ignorant and backwards people.
Despite being alive either in or around WWII or during the 60's when they were all for love and peace, these people are happy to turn the UK into a Nazi state so long as it keeps the coloured people out and criminalises young people just for being born.
Supposedly there is a public debate on this very topic beginning early this year.
Does anyone know how one goes about participating in such a debate?
Here are some links for you guys to check out. Please get out there and get involved: The Open Rights Group look to promote your rights in a digital age: http://www.openrightsgroup.org/ Tom Watson (a labour cabinet minister who has a blog) recently encouraged debate about a proposal by the culture secretary Andy Burnham concerning internet censorship. Here is a link to that post, and be sure to bring up this is issue and the proposed issue of a wider internet database: http://www.tom-watson.co.uk/2008/12/andy-burnham-and-internet-site-classification/ Try getting in contact with the Home Office directly and make your views heard: Address: Home Office, Direct Communications Unit, 2 Marsham Street, London SW1P 4DF. Tel: 020 7035 4848 Email: public.enquiries@homeoffice.gsi.gov.uk The Labour Party can be contacted at: Address: The Labour Party, Eldon House, Regent Centre, Newcastle Upon Tyne, NE3 3PW. Tel: 08705 900 200 And above all else, keep up the pressure. Governments are concerned with one thing and one thing only. Power. If they realise this is an issue that could cost them an election, they will have very little option but to rethink. Thank You.
...yet any criminal or terrorist need only ask a bright 14-year-old to set up an email server for them on their local machine serving encrypted mail through a non-standard port. As with most "fixes" of this nature they will only catch idiots and the innocent.
Remember that phrase? The older ones here might (depending on what country you're in) from the age when operators still existed.
Next step was talking in "code". Cryptography in a very crude fashion. So Uncle Martin was sick when we couldn't talk about that.
And why does anyone think this will be different now? Imagine you're a multinational terrorist organisation. Do you really think you have fewer tools at your disposal than the average company? In other words, the ability to inform your people about the threat, what not to talk about in emails and handing them guidelines how to use PGP and similar encryption tools? Unlike companies you can simply execute those that don't follow the rules, ain't that a lot more convincing and motivating to follow orders than the odd chance that you might have to look for another employer?
So what's the deal? Either our politicians are even more braindead than I thought, or the target is something completely different. Don't bother answering, I think there ain't anyone reading here who doesn't know the answer yet.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Really, I don't think most people will care. If a nice leaflet/broadcast/website from the government explains "it's to catch terrorists" and "it's to catch really super big evil criminals" - most people will say "well I am not one of those so I don't care". A few people will mutter over their pints of beer and a couple of articles will appear in the papers, uber-geeks will use some encryption or other work around, the real criminals will read the geek websites and learn how to cover their tracks, and 99% of the population will just go on as before. They don't mind giving their credit card details out to online stores they've never heard of before, they'll not worry the government keeps a copy of their emails.
Little public outrage was voiced here in the UK when Echelon became known about. A few left wing and liberal newspapers wrote big articles on it blowing the whole thing open to the middle class public and it didn't get much more feedback than a few people switching their vote to a different mainstream party, a couple of letters from Angry of Tunbridge Wells to the Times, and a few dozen hackers waving banners outside a government building or two. The man on the Clapham omnibus just won't care.
I always pretty much assumed that anyone's net traffic would be passed through some kind of analysis, e.g. looking for certain keywords, or maybe some kind of Bayesian thing based on known 'offender patterns'. Usually I think conspiracy theories are nonsense, but in this case I think it's only to be expected that it's already happening in at least some places where packets flows through.
So I suppose the only difference here would be more is stored, but if the stuff the government is 'interested in' already was, the problem of 'false positives' possibly already existed.
With this system it would be prudent for more people to use encryption of their communications. But from personal experience, 99% of people just don't care. They are perfectly happy to use a website for credit card purchases if there's a little padlock in their browser.
But when it comes to email or IM, they are happy for their thoughts to be in plain text. As a test, I tried sending a signed email to people I chat with, and they mostly complained what the hell is this crap in the email. Most were using MS-Outlook which trashed the formatting of the original message, so I had to remove it, so no email is guaranteed to be from me as it's not using my key.
For company emails, I've only ever got one email which attached their key to say that you paid your bill, and by the way, the email REALLY did come from the company, not some phishing attempt.
As for IM, there are applications that can encrypt the text, but nobody I've met uses these applications, so everything is in plain text. They are happy to stick with MS-Messenger or AOL-AIM.
It appears that people do not want to take basic precautions for their personal life remaining personal. I would say more fool them, but their arrogance also affects the wider community.
Take Nobody's Word For It.
And send them to the gov...
Their problem after that. ;)
I wonder why no one here has mentioned the real answer, The once famous Royal Mail is in financial trouble and this is a veiled method of getting people off that foreign internet and back to sending real letters.
In the days of the Empire it worked, it will save the nation once more.
"The likes of Facebook and WhatsApp are free to those whose privacy is of zero value."
How would you feel if every Twitter you sent, every video uploaded, was to be stored and held against you in perpetuity?
How stupid do you have to be to say "oh noes, the government wants to store information I willingly send to the whole wide world"
Could we please go back to a day and age where people will actually stop moaning about governments storing data, considering you're giving everything up to huge corporations anyway? How many spams do you get? How many snail-mail spams do you get? You are in the corporate directories, what's the difference with it being a government or a corporation?
Quote Steve Rambam: "Privacy is dead, get over it"
I live in a Faraday cage and only come out to post on slashdot.
[Intentionally left blank]
...with one hand the government seeks to lock down the British Internet with an iron fist, while at the same time telling us it is boosting innovation and business online. It is quite clearly blind to the fact that one affects the other.
No shit Sherlock?
Most of the problems in UK governmental IT are down to the fact that while the government wants to be at the cutting edge of digital technology, they have little or no understanding of the things they do.
This leaves them as easy prey to the tens of thousands of consultants, many of whom are probably partners of the service providers, who will happily stand there with a straight face telling ministers that their latest hare-brained scheme is do-able within budget and will of course be delivered on-time despite the fact that such a result is as rare as rocking horse shit.
Ultimately, no matter what half arsed fiasco results, the government will keep praising the scheme and plugging its merits because (a) they don't understand it enough to see how fucked up it all is. (b) An admission reveals the fact that they don't know what they're doing and (c) An admission results in an open declaration of "Whoops, we just pissed £4,000,000,000 of tax-payer's money down the drain.
And at the end of the day, the only people to be affected will be the honest,law abiding types while the terrorists, paedo's and all will just go back to using the memory sticks, dead letter drops and the post.
Tragic, truly tragic.
Hmmmmmm..... Deep fried and look like Squirrel.
I wonder if they're going to steam open every letter sent in the UK, and photocopy the contents?
Environmentalism is the new Victorianism. Everyone ties on a green corset and pretends we're virtuous.
Anyone who can't tell the difference between the UK and England is hardly in a position to be too critical.
Actually, Scotland is covered by the European Convention on Human Rights, so it'll be interesting to see whether the UK government dares move on any Scottish ISP.
"Wise men talk because they have something to say; fools, because they have to say something" - Plato