UK Email Retention Plan Technically Flawed

deltaromeo points out a BBC report calling the UK's law requiring ISPs to retain users' emails for at least a year an "attack on rights." The article also points out financial and technical flaws with the plan (which we first discussed in October). TechCrunch goes a step further, detailing how it conflicts with other governmental goals. Quoting: "...with one hand the government seeks to lock down the British Internet with an iron fist, while at the same time telling us it is boosting innovation and business online. It is quite clearly blind to the fact that one affects the other. Are we also expected to think that the consumers using online services are not going to be put off from engaging in the boom of 'sharing' that Web 2.0 created? How would you feel if every Twitter you sent, every video uploaded, was to be stored and held against you in perpetuity? That may not happen, but the mere suggestion that your email is no longer private would serve to kill the UK population's relish for new media stone dead, and with it large swathes of the developing online economy."

Saving emails

[TheRecklessWanderer]

Well if the government wants to save your email, then use a gmail account, or hotmail or something for all your clandestine operations.

Other than that it's business as usual.

Psstt. Buddy, contact me on the gmail account.

Re:Saving emails

[TGoddard]

There's something deeply wrong with a country's attitude to privacy when its people have to turn to the US for better protection.

Re:Saving emails

[commodore64_love]

Not really. The U.S. has a Constitution which protects the People's rights from stupid Legislators passing anti-liberty laws. The government is forbidden from seizing or archiving personal mail or email. The UK does not have such constitutional protection.

It's too bad the EU Constitution did not pass. Its listing of Rights would have provided a basis to overturn this anti-privacy law in the EU Supreme Court.

Re:Saving emails

[Jane_Dozey]

Considering the UK is half in and half out of the EU (they still have their opt-opt status for many things), that most of the UKs people don't want to be further dragged into Europe and having the EU constitution pass allowing many freedoms in the UK taken away by Eurocrats, I'd say having email retained vs being dictated to by unelected officials is actually not as bad.

Note I said not *as* bad.
The poor old UK has Europe on one side trying to erode their rights and their own government on the other doing the same but having to be more careful about it as they, unlike most EU politicians, actually get elected by the UK voters.

I currently live in the UK but also possess citizenship in another, non-EU, country and am getting more and more tempted to hop on a plane and go live somewhere a little freer.

Re:Saving emails

[SleepingWaterBear]

Note I said not *as* bad. The poor old UK has Europe on one side trying to erode their rights and their own government on the other doing the same but having to be more careful about it as they, unlike most EU politicians, actually get elected by the UK voters.

My impression is that of all the European countries the UK has gone by far the farthest in stripping its citizens' rights and liberties. Countries like Sweden are generally regarded as some of the freest in the world, so the EU can't be all bad. The EU may want to reduce your freedoms somewhat, but I'm quite positive it's nothing compared to what you've done to yourselves.

Re:Saving emails

[commodore64_love]

I thought EU citizens were able to elect one-half of the Parliament, so that's direct representation of your concerns. Right?

Re:Saving emails

[drsmithy]

Countries like Sweden are generally regarded as some of the freest in the world, so the EU can't be all bad.

It depends on your definition of 'freedom'. If you use the American "free to be the biggest arsehole I want and fuck everybody else" definition, then the EU rates pretty poorly.

Re:Saving emails

[nickos]

Sweden regarded free? You must be joking.

All emails and phone calls are monitored in the name of national security
Sweden is second from bottom in the EU when it comes to protecting its citizens' private integrity

This is what happens when a government realises it's large imported religious fundamentalist population has ideas that run counter to their modern progressive ones. See also: the UK

Re:Saving emails

[Garrett+Fox]

Had, not "has." Neither US party upholds the Constitution except in a very loose sense.

Re:Saving emails

[mpe]

Not really. The U.S. has a Constitution which protects the People's rights from stupid Legislators passing anti-liberty laws.

Except that anything which makes it through the legislative process is considered to be "Constitutional" unless the US Supreme court says otherwise. One of the most obvious pieces of anti-consitutional legislation having been drafted by Joe Biden.

Re:Saving emails

[GreyWolf3000]

I must be out of the loop... what would that legislation be?

9/11 wasn't due to lack of information

[rolfwind]

but rather the overflow, with miscommunication thrown in.

Years ago, when they were talking about information overload - I suppose the people were thinking of individuals. But I'm sure it applies to governments as well.

And with the governments seeming to get more petty all the time, I suppose that the actual important things are getting implemented poorly or wholly ignored.

Re:9/11 wasn't due to lack of information

[calmofthestorm]

Oh data mining can sift through threats to the status quo---erm I mean freedom! quite easily, believe me. Machine learning is capable of quite a bit of strange magic.

Re:9/11 wasn't due to lack of information

[sjames]

So the answer is to post your email address on every public forum you see. Let them go ahead and store the terabytes of spam per account. Meanwhile, get a gmail account or something for your real email.

Re:9/11 wasn't due to lack of information

[turgid]

Better yet, get your friends all to set up email accounts for drivel and get one of those markov-chain text generator thingies and send hundreds of emails a day between the accounts. For a bonus, attach random binary data (old jpegs etc.) to some of them.

Buy shares in storage and network companies. Retire. :-)

Governments

[Dyinobal]

Governments always try to take away people's rights. Honestly I don't know how politicians think they have so much power. A good ole fashion revolution would at least remind people that, Governments exist by the will of the people not the other way around.

Re:Governments

[Repossessed]

Revolutions just set up worse governments. Riots make the current government clean up its act.

Re:Governments

[zippthorne]

And besides, revolutions are *expensive.* You've got to get a whole lot of people to pledge their blood and treasure to your cause.

And anyone who's that kinda popular can just run for office and win in a landslide with no need to risk bloodshed.

Re:Governments

[Dan541]

Governments attack their people because that is the will of the corporations that put them in power.

No sane person would bite the hand that feeds it.

Re:Governments

[hobbit]

The problem with the democratic process is that you've got to get such a quantity of people behind you. With revolution, you don't have to get a majority, as long as you've got the quality (the military is often quite a good clincher).

Why use ISP email?

[CustomDesigned]

Anyone except home Windows users has an MTA (or two or three in the case of Linux) included in their OS, and can run their own email. I always use TLS for SMTP. So while the recipient may archive/distribute your email, the ISP won't be able to.

Re:Why use ISP email?

[sigipickl]

that is unless your residential ISP blocks port 25 outbound at their gateways (and it seems most do nowadays), then you are somewhat bound to at least relay your outbound messages off their servers... TLS doesn't protect much at that point.

Re:Why use ISP email?

[EdIII]

that is unless your residential ISP blocks port 25

It's not just your residential ISP that may be doing it. I administrate several large mail servers and I use PBL's. They stand for "policy block lists". These lists are submitted by those same ISPs and my mail servers reject any SMTP connections from those IP addresses.

SPAM has caused us to resort to blocking whole ranges of IP addresses from being able to send mail.

If people in the UK have a problem with this then they can use email addresses hosted on servers OUTSIDE the UK. That's the double edged sword of the Internet. You either have to allow it all, or block it all, and there is no in between. The Great Firewall (China), and the The Great Barrier (under construction down unda) will be more leaky than a pasta strainer.

Re:Why use ISP email?

[palegray.net]

Ummm... change the SMTP-TLS port on your remote mail server to something other than the standard?

BTW, I use residential cable for at the house for Internet access, and have no issues sending encrypted mail to my server across the country. Generally, only the standard port (25) is blocked.

The parent post does skip over one important issue, however: in GB, you can be compelled to hand over your encryption keys or face jail time simply for failing to do so. P-O-L-I-C-E S-T-A-T-E.

Re:Why use ISP email?

[palegray.net]

Sounds like a golden opportunity for someone in a crypto-friendly jurisdiction to set up something akin to what HushMail used to be (before they were compromised by U.S. authorities). I can't be bothered to get such a beast started myself; have at it.

Re:Why use ISP email?

[BuckoA51]

The law is supposed to catch "scary terrorists"
Given that there are dozens of ways to side-step your ISP's E-mail, do they only plan on catching the sort of terrorist that is computer illiterate?

Re:Why use ISP email?

[Inda]

I find this whole saga slightly amusing. I ditched my ISP's email nearly ten years ago because 500 spam emails a day would soon max-out the 10mb mailbox limit. The fact that you had to use [first name].[last name]@isp.co.uk is ripe for a UK census name list attack makes it even more laughable.

As for the suggestion that random noise emails are sent as a poisoning tool: it's pointless. They are only saving headers.

Re:Why use ISP email?

[Dan541]

You can always ask the provider of your smtp service to open another port. This gets around the port block.

Re:Why use ISP email?

[mpe]

The law is supposed to catch "scary terrorists"
Given that there are dozens of ways to side-step your ISP's E-mail, do they only plan on catching the sort of terrorist that is computer illiterate?

And of course the only communication mechanism terrorists can possibly use is email in plain English (or Arabic). They'd never use codes, letters, telephones, dead drops (in either the physical world or "cyberspace"), face to face meetings, etc.
Of course if you are not "Islamic" you'd probably be able to operate a terrorist group quite openly in the UK. Even if you didn't have the support of the British Government (or another government Whitehall considers "friendly").

Re:Why use ISP email?

[CustomDesigned]

While someone knowledgeable about the system they are using (i.e. Mac/Windows Pro/BSD/Solaris/Linux distro) will have to tell them a few specifics, it is just a matter of putting in localhost or the SMTP service instead of the ISP.

If the ISP blocks port 25, it costs about $10 USD/mo to contract with someone in another country without such laws to relay mail via port 587 (the standard submission port). Use port 80 if everything else is blocked. My home ISP blocks port 25, for instance, so I have to do that (the port 587 thing). I had no trouble instructing non-technical family on configuring thunderbird to relay through my home machine. (Sharing my SMTP relay service.)

Question:

Someone already noted that GB can force you to divulge encryption keys. However, TLS generates random keys each connection, and keeps no record of them. Does that mean that TLS is illegal in GB?

Re:Why use ISP email?

[amw]

Someone already noted that GB can force you to divulge encryption keys. However, TLS generates random keys each connection, and keeps no record of them. Does that mean that TLS is illegal in GB?

No; one valid defence in the eyes of the [British, at least] law is not to know, or to have, the decryption keys for any encrypted content you may have.

A Classic example of the west's hypocrisy

[bogaboga]

"...points out a BBC report calling the UK's law requiring ISPs to retain users' emails for at least a year an "attack on rights."

China, that the UK has been so adept at criticizing, must be saying..."I told you so...!"

Re:A Classic example of the west's hypocrisy

[DNS-and-BIND]

Why is it that China's authoritarian system is excused by Western inconsistencies?

Let me point out that in China, the BBC (government-owned media) would never, ever be permitted to criticize the government, except in the case that the government engages in self-criticism. But no, the West is always wrong and China is always vindicated. I know some bigoted Chinese nationalists that agree 100% with that sentiment.

Re:A Classic example of the west's hypocrisy

[arevos]

A Classic example of the west's hypocrisy

You may not be aware of this, but the western world is made up of many individuals with differing opinions.

Such optimism

That may not happen, but the mere suggestion that your email is no longer private would serve to kill the UK population's relish for new media stone dead, and with it large swathes of the developing online economy.

I wish I had such faith in the awareness and caution of the average British consumer.

happy 1984

[indi0144]

Since a very few years UK (also AUS) looks more like that dystopian paradise that was portrayed on 1984 by George Orwell, seriously, looks bad from a distant point of view. In times like this you can count on youth to say "not to easy" to the "system" sadly actual youth is severely handicapped and out of sync with reality. Oh well, I for one welcome 1984 Beta

Re:happy 1984

[1984]

And here comes a chopper to chop off your head.

Sorry. Bad habit.

Re:happy 1984

[myspace-cn]

Buddy. Your spot on.
As personal BOFH, I promise I will tune up your /var/mail with mc every time the alarm goes off.

Re:happy 1984

[hobbit]

As for the Pentagon, even if it had stayed in pristine shape and was never struck, isn't the attack on the Twin Towers enough reason to assassinate Bin Laden? I say yes.

I think you might have missed the point.

surprised

[retech]

"How would you feel if every Twitter you sent, every video uploaded, was to be stored and held against you in perpetuity?"

You mean it's not? Seriously, I'd be shocked if it were not stored waiting to rise up and bite me on the ass at the most inopportune moment.

Re:surprised

[corsec67]

"How would you feel if every Twitter you sent, every video uploaded, was to be stored and held against you in perpetuity?"

Wouldn't that mean storing all http traffic?

What about https traffic, if the destination is in a foreign country that doesn't have the British "give us your keys" lunacy?

Re:surprised

[subreality]

That was my first thought. When I was young and naive, I posted to Usenet under my real name. I knew that was for worldwide distribution, but at the time I didn't expect it to be for worldwide *perpetual* distribution. Then DejaNews comes along and brings back a lot of things that I'd expected to fade away like BBS posts used to do.

I'm lucky. There's nothing horribly embarrassing or wildly contradicting my current opinions out there. I'd hate to be, say, a reformed racist who'd posted some crazy stuff out there, and who now gets to have people he meets form their opinions about him based on who he was ten years ago.

These days my real name is a conformist sheep, and I keep my crazy politics to pseudonyms. And even still, I have to think twice about what I say because I know the government is archiving it all for when they want to cherry-pick it to declare me unpatriotic if I embarrass them in some major way. I've accepted that level of exposure, but it's disheartening that the world's superpowers are devolving into this level of totalitarianism.

Free speech, indeed.

Re:surprised

[Teun]

I'm lucky. There's nothing horribly embarrassing or wildly contradicting my current opinions out there.

Same here, I used my real name on usenet, the difference is that I still use my real name.

Because I'm not afraid to defend my opinion.
That opinion might on some subjects have changed over the last 15-odd years but that's only natural, after all I believe in Evolution.

Re:surprised

[subreality]

Because I'm not afraid to defend my opinion.

Well, neither am I. I can admit when I was wrong, and I can take the heat for the things I think are right despite being unpopular ideas.

But that's beside the point. The problem is when I'm not given the opportunity to defend my opinions. Like in the hypothetical "reformed racist" scenario: Someone searching the net to read about him will come across that, and find what he's said... And then shun him, but he'll never find out why. Or maybe he'll get fired, or people come and key his car. What should he do? Post a sign in his front yard that says "I'm no longer a racist, I was wrong, and I'm sorry for the stupid shit I said in the past"?

And when it's the government that's archiving everything I've said, it's way worse. Instead of keying my car, they're going to take provocative things I've said in the past and trump them up to make me look like a terrorist, if they ever think I'm rocking their boat too hard.

Re:surprised

[Teun]

Evolution is the Most Intelligent Design.

If I were subject to having all my email stored

[Zerth]

I'd add a new cron job to email a random 32 bit integer to a freshly created gmail account and have it run as frequently as possible.

I wonder how long it would take them to arrest me, assuming I wasn't just shot in the back during my morning commute.

Re:If I were subject to having all my email stored

[tftp]

Worse still, in UK after you are arrested you will be requested to provide a key to decrypt hundreds of KB of those random numbers that you sent, and you will be in prison until the key is working. Do you think they will believe that your emails were just random numbers? "That's what every crypto-terrorist is claiming!" they will tell you.

As it stands, you'd be better off if every 32-bit word that you sent is a sequential group of 4 bytes from your favorite book (or its ciphertext, if you wish, made with a known key.) At least when they put your feet over hot coals you will be able to save yourself. If that doesn't happen the numbers remain pretty random and your experiment will be unaffected.

Re:If I were subject to having all my email stored

[Zerth]

Note to self, after encrypting secret plans, XOR with my digital library. Claim it was DRM for ebooks.

Re:If I were subject to having all my email stored

[bootup]

Too late. I already do that sort of. I have a server that I maintain and do daily backups to a gmail account automatically. I use GPG to encrypt the data in 15MB segments. I have it sent to a gmail account daily. Gmail stores up to 8GB (I think/about) and that gives me about 30 days worth of backups at any given moment. When Gmail gets the email they are sent to trash. This way after about 30 days the old stuff gets deleted automatically. It's already working pretty well. I'm in the process of using it right now to restore my server.

Re:If I were subject to having all my email stored

[commodore64_love]

This is why my basement is wired with explosives.*

While the cops are entering through the front door, I am exiting out the back, so I can remotely detonate the bombs and blow them to Kingdom Come. (Unless of course they have a valid warrant signed by a judge, in which case they may enter peaceably.)

*
* I'm just kidding.
Or am I?

Re:If I were subject to having all my email stored

[Redlazer]

I've been doing that a few weeks now, and nothings happened y(NO CARRIER)

Re:If I were subject to having all my email stored

[amw]

I wonder how long it would take them to arrest me, assuming I wasn't just shot in the back during my morning commute.

If the police arrested you simply for sending a lot of emails, the UK Government would have a lot more to worry about than whether they can get ISPs to retain sections of SMTP logs or not.

PGP

[novalogic]

With the thought of this looming, if ever there was a time for mass-adoption of GPGP or other open PGP/encryption methods, this is it. Shared keys, trust, and full party encryption needs to be adopted and expected by the public before that's outlawed as well in order to allow this type of system.

When will the UK citizens finally rise up?

[garry_g]

It's been long overdue - the level of surveillance the UK government has set up over the years is really overwhelming ... how many more drops can that barrel take before the UK people finally kick them politicians in their well deserving @sses?

Here in Germany, with data retention and other laws like the BKA law that have been made over the last couple years, people are slowly waking up and seeing what is happening. 34000 people jointly went to the "Bundesverfassungsgericht" opposing the EU-originated data rentention law ... court has already reduced the state and state institution access to data kept through that law, with final decision expected (or hoped for) some time first or second quarter ...

It is time for every citizen in the so-called and formerly free and democratic countries to make sure they do everything they can and get the word out to get rid of the surveillance-measures their countries are putting into effect.

I guess the old saying "Orwell was an optimist" is true after all ...

Re:When will the UK citizens finally rise up?

[Yetihehe]

It's been long overdue - the level of surveillance the UK government has set up over the years is really overwhelming ... how many more drops can that barrel take before the UK people finally kick them politicians in their well deserving @sses?

Not very soon. Do you know anyone who got arrested because of government spying on communications? over 99,9% of "normal" people neither. They don't know government is spying on them, because it isn't clearly visible. Normal people just want to continue their plain existence without any disruptions like protests, where you sometimes have to spend night in prison (just think what your neighbours would be talking about you!). If there is not any close threat, most people do not want to do anything and they will slowly drop by drop accept what is put on them.

Post Office

[rxan]

So I guess they are going to keep copies of mail sent through the postal service as well? Oh wait, that would require opening it.

Here's a dilemma you wankers!!

[myspace-cn]

Delete the /var/mail and get rid of the rootkits
Or preserve the /var/mail and keep the rootkits?

Re:Here's a dilemma you wankers!!

[myspace-cn]

maybe I will just take midnight commander to your shit like a true BOFH!!

One final solution.

[myspace-cn]

How about...

An Unmanaged server, with no password?

No need to preserve anything except rootkits!

Email is private?

[dov_0]

These people think that email is private?

Its not the content

[Metatron]

The only requirement is to keep the logs for a year, from/to/time/date. Their thoughts (rightly or wrongly) is they want to be able to bring email inline with telephone records, where they can find out who called who and when - but not what you spoke about (we'll leave that to Echelon).

Re:Its not the content

[smoker2]

Mod parent up.

Lots of frothing about encryption and privacy, when in fact encryption won't help and privacy is moot. The ISPs already have logs of who connected to who and when. This plan merely seeks to increase and then enshrine the length of time they are kept, into law.

Their logs are going to be full of spam anyway.

Re:Its not the content

[sa1lnr]

"The initial requirement is to keep the logs for a year"

There, fixed that for you.

Look at RIPA, initially only 9 organisations could use it. Now nearly 800 can use it.

What about using anti-terror laws to detain/arrest an 82 year old man for having the temerity to shout the word "nonsense" at a political meeting.

I'm sure our dear leaders would never allow feature creep with this latest wheeze of theirs.

It will come round to face to face conversations

[AxeTheMax]

If (or when) the technology is developed to listen to and log everyone's face to face conversations, then the government will want to use it. After all, anyone could conspire with anyone else at any time to plot a crime, and they are the government, they need to know about it.

And if people are talking in a language or even a pronounciation that the snoopers cannot understand, it will be an offence not to provide an exact translation.

Sadly, I don't think anyone cares

[thegoldenear]

the mere suggestion that your email is no longer private would serve to kill the UK population's relish for new media stone dead

I only wish that were true, but sadly I feel your statement is something you dragged out of your ass. Most people's behaviour so far in using the likes of Facebook have shown that they're not likely to worry.

Pete Boyd

Re:Sadly, I don't think anyone cares

[JudasBlue]

Exactly! The UK is bristling with cctv cameras running into police stations and campaigns to have citizens turn in other citizens over simply taking pictures on the street. This isn't a society that, as a whole, has shown a whole lot of wanna when it comes to protecting their privacy or really giving a crap.

They'll get their way

[thetoadwarrior]

The elderly population is growing in Britain. This large group is full of fear-filled ignorant and backwards people.

Despite being alive either in or around WWII or during the 60's when they were all for love and peace, these people are happy to turn the UK into a Nazi state so long as it keeps the coloured people out and criminalises young people just for being born.

Re:They'll get their way

[adamofgreyskull]

I have no idea why the parent post was modded "Troll"?? This is what concerns me more than anything. The Daily Fail will sensationalise anything, and unfortunately it's read by a lot of old people and a lot of people who are marginally too intelligent to read The Sun but not intelligent enough to realise the Daily Mail is no better. People who will turn out in record numbers to vote for any legislation that will hang hoodies and expel immigrants.

Light bulbs...not a particularly sensational story right? Wrong. Apparently. My grandad now believes it's every citizen's right to be able to buy "traditional" light bulbs, especially as those new-fangled light bulbs can give you The Skin Cancer!

The 70 and 80 year olds around today may have fought in the war, but they didn't know why. They were at war with The Hun and that's about as far as there understanding of world-politics ever went. "The 60s" as you say, was an era of love and peace, but think about all the 25-40 year olds who couldn't shirk responsibilities like work and family to discover theirselves. While Mary Quant was stirring up the Kings Road, and The Beatles were visiting the Maharaja, they were working to put food on the table. So the dissonance between those two things is actually quite easy to understand. And don't forget, anyone over 18 between 1939 and 1952 will have had to carry an ID Card, as they see it, if you have nothing to hide, then why should you have anything to fear?

Re:They'll get their way

[thetoadwarrior]

While not every old person is the same (duh) to pretend the typical Daily Mail reader isn't a ageing, drooling mongoloid is just silly.

All old people complain about the government and, in fact, a lot of old people will complain about anything actually.

But since old people, by far, vote more than the youth and evil immigrants can't vote then they can't blame their favourite scap goats. They're the only ones to blame.

In fact most things that are wrong with the world can be traced back to older generations. The youth does no run corporations, most people in government are from older generations and even that horrible new pop music they hate and reality TV are run by older people behind the scenes wanting to make a load of cash.

So quite frankly I wish old people would just shut the hell up about how bad the world is and how it's everyone's fault but theirs.

It just goes to show how good we have life in the west because these people don't have real complaints like not being able to feed themselves or not having housing.

Get Involved

[DrChrisJ]

Here are some links for you guys to check out. Please get out there and get involved: The Open Rights Group look to promote your rights in a digital age: http://www.openrightsgroup.org/ Tom Watson (a labour cabinet minister who has a blog) recently encouraged debate about a proposal by the culture secretary Andy Burnham concerning internet censorship. Here is a link to that post, and be sure to bring up this is issue and the proposed issue of a wider internet database: http://www.tom-watson.co.uk/2008/12/andy-burnham-and-internet-site-classification/ Try getting in contact with the Home Office directly and make your views heard: Address: Home Office, Direct Communications Unit, 2 Marsham Street, London SW1P 4DF. Tel: 020 7035 4848 Email: public.enquiries@homeoffice.gsi.gov.uk The Labour Party can be contacted at: Address: The Labour Party, Eldon House, Regent Centre, Newcastle Upon Tyne, NE3 3PW. Tel: 08705 900 200 And above all else, keep up the pressure. Governments are concerned with one thing and one thing only. Power. If they realise this is an issue that could cost them an election, they will have very little option but to rethink. Thank You.

The goal is to fight "crime and terrorism"...

[Peet42]

...yet any criminal or terrorist need only ask a bright 14-year-old to set up an email server for them on their local machine serving encrypted mail through a non-standard port. As with most "fixes" of this nature they will only catch idiots and the innocent.

Re:The goal is to fight "crime and terrorism"...

[Locklin]

Or open an anonymous Gmail account (and turn on SSL)?

"Not on the phone!"

[Opportunist]

Remember that phrase? The older ones here might (depending on what country you're in) from the age when operators still existed.

Next step was talking in "code". Cryptography in a very crude fashion. So Uncle Martin was sick when we couldn't talk about that.

And why does anyone think this will be different now? Imagine you're a multinational terrorist organisation. Do you really think you have fewer tools at your disposal than the average company? In other words, the ability to inform your people about the threat, what not to talk about in emails and handing them guidelines how to use PGP and similar encryption tools? Unlike companies you can simply execute those that don't follow the rules, ain't that a lot more convincing and motivating to follow orders than the odd chance that you might have to look for another employer?

So what's the deal? Either our politicians are even more braindead than I thought, or the target is something completely different. Don't bother answering, I think there ain't anyone reading here who doesn't know the answer yet.

Re:"Not on the phone!"

[David+M.+Andersen]

"Never write when you can call; never call when you can visit; never talk when you can whisper; and never whisper when you can wink." -- supposedly by Russell Long

Re:"Not on the phone!"

[mpe]

Next step was talking in "code". Cryptography in a very crude fashion.

Codes are not "crude cryptography". Codes are a part of "natural language". Even "slang" and "jargon" can have the effect of rendering a conversation subject to being misinterpreted or impossible to understand by a third party even without that being a specific intention. It isn't exactly hard to come up with a code which is deliberatly misleading to evesdroppers. Assuming they even have to. e.g. The Brazilian police would probably have difficulty dealing with a a gang of Welsh speaking criminals.

Most people won't care

[fantomas]

Really, I don't think most people will care. If a nice leaflet/broadcast/website from the government explains "it's to catch terrorists" and "it's to catch really super big evil criminals" - most people will say "well I am not one of those so I don't care". A few people will mutter over their pints of beer and a couple of articles will appear in the papers, uber-geeks will use some encryption or other work around, the real criminals will read the geek websites and learn how to cover their tracks, and 99% of the population will just go on as before. They don't mind giving their credit card details out to online stores they've never heard of before, they'll not worry the government keeps a copy of their emails.

Little public outrage was voiced here in the UK when Echelon became known about. A few left wing and liberal newspapers wrote big articles on it blowing the whole thing open to the middle class public and it didn't get much more feedback than a few people switching their vote to a different mainstream party, a couple of letters from Angry of Tunbridge Wells to the Times, and a few dozen hackers waving banners outside a government building or two. The man on the Clapham omnibus just won't care.

Re:Most people won't care

[Kindaian]

Protect the children...

It's against the terrorism...

The most used phrases to pass illegal law!

[yes a law is illegal if it's against existing laws as this is]

Re:Most people won't care

[mpe]

If a nice leaflet/broadcast/website from the government explains "it's to catch terrorists" and "it's to catch really super big evil criminals" - most people will say "well I am not one of those so I don't care".

In practice it would be huge surprise if this wasn't used for everything except terrorism and organised crime. Given that so called "anti terrorist laws" have been used for all sorts of things which have nothing to do with terrorism whilst actual terrorists (such as SHAC) arn't even even prosecuted under such laws. That's if they even get prosecuted at all.

D-fence

[Wowsers]

With this system it would be prudent for more people to use encryption of their communications. But from personal experience, 99% of people just don't care. They are perfectly happy to use a website for credit card purchases if there's a little padlock in their browser.

But when it comes to email or IM, they are happy for their thoughts to be in plain text. As a test, I tried sending a signed email to people I chat with, and they mostly complained what the hell is this crap in the email. Most were using MS-Outlook which trashed the formatting of the original message, so I had to remove it, so no email is guaranteed to be from me as it's not using my key.

For company emails, I've only ever got one email which attached their key to say that you paid your bill, and by the way, the email REALLY did come from the company, not some phishing attempt.

As for IM, there are applications that can encrypt the text, but nobody I've met uses these applications, so everything is in plain text. They are happy to stick with MS-Messenger or AOL-AIM.

It appears that people do not want to take basic precautions for their personal life remaining personal. I would say more fool them, but their arrogance also affects the wider community.

Re:D-fence

[Locklin]

You were concerned about privacy so you started signing emails but not encrypting them??

Re:D-fence

[drsmithy]

It appears that people do not want to take basic precautions for their personal life remaining personal. I would say more fool them, but their arrogance also affects the wider community.

Most people don't care mainly because they don't really understand that anything they send in the typical text or email is like writing it on the back of a postcard, and once something is on the internet, it's there for good.

Another rather large problem is that there aren't many good tools to make encryption simple and transparent (this is somewhat due to the point above, and somewhat due to the inverse relationship between security and usability).

Re:D-fence

[omz13]

Unless you have a public key for the recipient, you can only send signed mail... when they reply to your signed mail they can then encrypt their response and give you their public key (and from then on you can send encrypted mail to them).

Just print them...

[Kindaian]

And send them to the gov...

Their problem after that. ;)

Royal Mail

[Teun]

I wonder why no one here has mentioned the real answer, The once famous Royal Mail is in financial trouble and this is a veiled method of getting people off that foreign internet and back to sending real letters.
In the days of the Empire it worked, it will save the nation once more.

Doesn't affect me

[EdgeyEdgey]

I live in a Faraday cage and only come out to post on slashdot.

Same old, same old.

[mormop]

...with one hand the government seeks to lock down the British Internet with an iron fist, while at the same time telling us it is boosting innovation and business online. It is quite clearly blind to the fact that one affects the other.

No shit Sherlock?

Most of the problems in UK governmental IT are down to the fact that while the government wants to be at the cutting edge of digital technology, they have little or no understanding of the things they do.

This leaves them as easy prey to the tens of thousands of consultants, many of whom are probably partners of the service providers, who will happily stand there with a straight face telling ministers that their latest hare-brained scheme is do-able within budget and will of course be delivered on-time despite the fact that such a result is as rare as rocking horse shit.

Ultimately, no matter what half arsed fiasco results, the government will keep praising the scheme and plugging its merits because (a) they don't understand it enough to see how fucked up it all is. (b) An admission reveals the fact that they don't know what they're doing and (c) An admission results in an open declaration of "Whoops, we just pissed £4,000,000,000 of tax-payer's money down the drain.

And at the end of the day, the only people to be affected will be the honest,law abiding types while the terrorists, paedo's and all will just go back to using the memory sticks, dead letter drops and the post.

Tragic, truly tragic.

Snail mail ?

[permaculture]

I wonder if they're going to steam open every letter sent in the UK, and photocopy the contents?

Re:WTFIWWE?

[hobbit]

Anyone who can't tell the difference between the UK and England is hardly in a position to be too critical.

Actually, Scotland is covered by the European Convention on Human Rights, so it'll be interesting to see whether the UK government dares move on any Scottish ISP.