I’ve actually met the lovely Mr Quist in person, very briefly, and his blog is fast becoming essential reading.
However his post about the Email part of the Great Internet Monitoring Folly is… disappointing.
Sometimes it really is the principle of the thing.
Andrew Hickey said...
6 Apr 09 at 3:58 pm
Absolutely. Who I choose to talk to and when is nobody’s business but mine. Claiming people are guilty by association is not something that needs to be encouraged.
Paul Lockett said...
6 Apr 09 at 4:08 pm
As he works for an e-mail provider, the other thing he should consider is that many people will start to seek out providers in more privacy friendly countries.
As well as being damaging to privacy for the end-user, it presents a competitive disadvantage for the UK based provider.
Ian B said...
6 Apr 09 at 4:54 pm
Looks like offshore is safe (for now) then. It’s the email server logs they’re after.
What vaguely bothers me is, who is responsible for an offshore email server? My email is both sent and received by my offshore .com’s email server, but that’s not my own server, it’s run by the American hosting company for all domain owners (I’m on shared hosting, el cheapo). Thing is, I set up another domain exclusively for my sister and her husband’s email also on that American shared hosting. So, since I own the domain, am I responsible for keeping logs? Or does this just apply to people selling email service with equipment in the UK?
I mean, aren’t all the terrorist child molesters just going to do the same as me? Are the police hoping they will plot their evil deeds on AOL accounts?
giolla said...
6 Apr 09 at 5:52 pm
IanB,
either off shore or run your own server, the legislation does just reference public providers, so far private providers are exempt, also it’s a required retention of data, so if you happened to configure your server to not generate any log files then there’d be nothing to retain (though it would make debugging a pain). As far as I read it the EC directive only applies to EU companies selling email services, and our particular law just those within the UK. So either off shore out of the EU or run a private server.
Charlotte Gore said...
6 Apr 09 at 5:58 pm
I used to run a mail server from home. Not hard but annoying to set up and you absolutely have to leave the computer on 24×7 and remain connected to the internet.
But remember – chances are the email’s been logged somewhere else anyway (if it’s sent from a UK based mail provider)
giolla said...
6 Apr 09 at 6:18 pm
True but colo prices have fallen to under a tenner a month, which if you split it between some friends becomes very affordable. On the other hand I’ve run several servers on ADSL at home for several years now with no problems. As you say it’s probably been logged somewhere but the more holes in the logging the better.
Costigan Quist said...
6 Apr 09 at 6:22 pm
The principle of the thing is wrong; but if we’re going to invoke Orwellian dystopias, we should be realistic about the practical implications.
As far as I can tell, for example, it is not the case that plod can go datamining or on fishing expeditions, nor can public servants decide on a whim (or because they’ve been bribed or blackmailed to do it) to see what you’ve been up to.
I reserve my what the fuck do they think they’re doing full outrage for the centralised databases, where the information is actually altogether in State hands, handily packaged to be used and abused by whomever is given access.
Although your email and web browsing habits will reveal more about your life and friends to anyone who actually goes through them, the centralised, State-owned databased like t NHS Spine and National Identity Database are genuinely more dangerous to our liberties.
Charlotte Gore said...
6 Apr 09 at 7:16 pm
Hmm. I keep thinking about the metaphor of boiling frogs.
If you saw someone building a gallows, would you wait until they brought in the first prisoner before you complained?
I agree the email aspect of this is the least odious, but I can’t help but note they haven’t justified why this is necessary other than ‘it would be handy’ – illegal under the rules of the Data Protection Act.
The immediate civil liberties concerns about even this measure is making whistle blowers afraid of using email to leak information – if the Government invokes ‘national security’ and used this new data to compile list of all the sources of emails to a particular individual – say an opposition MP – they could then have enough ‘evidence’ to justify going through the mailboxes of all those individuals – presumption of guilt by association.
We’re taking an awful lot on trust here, considering this is the same Government that has already used Anti-Terror police before to arrest an Opposition MP (because of a leak), and they’ve abused anti-terrorism legislation to nationalise Icelandic assets.
At every stage in the erosion of our civil liberties they’ve sworn there’s adequate safeguard, that they wouldn’t be used for the ‘wrong’ purposes and they’ve proven incapable or unwilling to stick to their word.
So no, this really is, already, too far. It might not be enough to provoke public outrage (boiling frogs and all that) but that doesn’t change the fact that this new regulation is profoundly troubling.
Costigan Quist said...
6 Apr 09 at 7:41 pm
Don’t get me wrong, Charlotte. I’m not saying don’t complain.
If anything, the opposite.
My point is:
Don’t spend time trying to evade these rules: the immediate threat to you isn’t enough to make it worth putting lots of effort into anonymising your email or web browsing.
Instead, take the time you would have spent on that and use it to fight this and, in particular, make sure it isn’t extended into a State-owned database.
That’s not to say the current law change has no implications for anyone, or that it’s a good or even an OK thing. Clearly the privacy implications outweigh the benefits to law-enforcement, especially on web-browsing; and you’re right to point out the danger for whistle-blowers.
None of which I managed to express clearly in my original post.
Charlotte Gore said...
6 Apr 09 at 7:44 pm
Ah, yes, I agree with the sentiment of where to place the effort
Costigan Quist said...
6 Apr 09 at 8:24 pm
And if I’d managed to say it in the first place, we’d have wasted the afternoon doing something productive and missed all the fun of comment tennis.
Charlotte Gore said...
6 Apr 09 at 9:17 pm
Quite