Home / Blogs

Email and Social Media Accounts Under the Spotlight in UK's Proposed New 'Spy' Plan

Susanna Sharpe

It would be reasonable to assume that your employer is archiving your email communications. But what about your personal emails, texts, phone calls and Facebook posts. Are these really private?

Not for long, if the UK government has its way. It has been reported that its new anti-terror plan, if passed, would require Internet providers and phone companies to store all online communications by UK citizens for one year. This would include phone calls, SMS, email, Twitter, Facebook and any other online messages.

While the actual content of the communications wouldn't be stored, details including the time and date it was sent, who it was sent to and the location it was sent from would need to be archived.

Under the European Union's Data Retention Directive, member countries are required to store details on when emails, phone calls and texts were sent. But the Communications Capabilities Development Programme (CCDP) takes this a step further in the UK and if passed, will be the first time Britain has required details of social networking communications to be stored.

The CCDP is similar to a previous plan dumped by the former Labour government because it was deeply unpopular.

The major concern is privacy and security. The plan is for telecommunications companies to individually store the data on their customers, rather than it being transferred to a central database. Can they be trusted to store this data securely? With scores of public organisations potentially authorised to access the data, how can the government guarantee this information won't fall into the wrong hands?

As of mid-2011, more than 80 per cent of the UK population were Internet users. It would be safe to assume that the vast majority of these 41 million people would have email and/or social media accounts. This leads to another important question — who will be expected to pay to store such a massive amount of data? It is hard to imagine the telecom providers would foot this bill. Will it be user pays?

So how far is too far when it comes to balancing national security versus privacy? I would love to know your thoughts. Please contribute in the comments section below.

Sources:
Phone and email records to be stored in new spy plan
Every phone call, email or website visit 'to be monitored'
Regulation of Investigatory Powers Act 2000

By Susanna Sharpe, Social Media Manager. More blog posts from Susanna Sharpe can also be read here.

Related topics: Internet Governance, Law, Policy & Regulation, Privacy, Security

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

Would this law also apply to storage Phil Howard  –  Feb 23, 2012 6:16 AM PST

Would this law also apply to storage locker services?  That's the kind of service where I get some finite amount of space (for example 1 gigabyte) that I can access wherever I have access to the internet.  Now what if such a service could be opted to work like hosting, too, where you could elect to make parts of this data available to the public.  Then what if it were more structured than merely a file server so that user experience with this data was smarter and consistent, like a social media site?  Where and how do we draw that line?

No doubt, there would be copyright issues to deal with if users put up content with copyright ownership held by someone else.  And that issue is likely fairly uniform (copyright takedowns have applied to FTP files as much as they have applied to social comments).  But that's an O(n) problem (where n is the volume of data) ... copyright law exposure is proportional to what is actually out there.  Copyright law has NOT been used to demand a provider keep and hold on to what a user deletes, or what expires in a time limited component.  For example someone might put something online without realizing a copyright issue exists, then quickly take it down when a friend points that out to them.

The problem with a data retention scenario makes it go beyond a simple O(n) issue.  If I were to put up "The ISO of the day" file, which could be from 48MB to 4.8GB each day, does the provider of the service where it is hosted have to keep a copy of ever day's ISO, which could amount to up to 144GB for a month of retention?

But this is a law enforcement issue, supposedly to deal with terrorism or other serious crimes.  And this law supposedly states it applies to social media.  But just what is the definition of social media?  And what content in social media does it apply to?  Must they store every picture uploaded?  Every video?  Every ISO?  Wherever we draw the line between social media vs. file storage, or what files are to be stored and what not, the bad guys could just step past the edge.  Will they (eventually) require it all to be stored?  This looks to be so easily abused ... by both sides.

How far will it go? Susanna Sharpe  –  Feb 24, 2012 6:05 PM PST

At the moment I don't think copyright is so much of a concern as the actual communications ie who spoke to, emailed or Facebooked whom and when. But I agree- I think it enters dangerous territory as to where the line should be drawn. The obvious next move would be to store the actual contents of communications. And as you said - what really defines social media and how far would they go in storing it? It often seems the law is a step behind the 'baddies', so perhaps they dictate where legislation leads.

To post comments, please login or create an account.

Related Blogs

Related News

Topics

Industry Updates – Sponsored Posts

Domain Name .Africa Faces Hurdles - Q&A with Sophia Bekele

Q3 2014 DDoS Trends: Attacks Exceeding 10 Gbps on the Rise

3 Questions to Ask Your DNS Host About DDoS

Afilias Director Wins ICANN's 2014 Leadership Award

Afilias Partners With Internet Society to Sponsor Deploy360 ION Conference Series Through 2016

Neustar to Build Multiple Tbps DDoS Mitigation Platform

The Latest Internet Plague: Random Subdomain Attacks

Digging Deep Into DNS Data Discloses Damaging Domains

DotConnectAfrica Contributes at the 9th IGF in Istanbul, Turkey

New gTLDs and Best Practices for Domain Management Policies (Video)

Nominum Announces Future Ready DNS

New from Verisign Labs - Measuring Privacy Disclosures in URL Query Strings

Video Interviews from ICANN 50 in London

ICANN London Recap Webinar

DotConnectAfrica Delegates Attend the Kenya Internet Governance Forum

Neustar to Launch usTLD Stakeholder Council

3 Questions to Ask Your DNS Host about Lowering DDoS Risks

Continuing to Work in the Public Interest

Verisign Named to the OTA's 2014 Online Trust Honor Roll

Sophia Bekele Weighs in on Obama's August US-Africa Leader Summit at the NYF Africa

Sponsored Topics

Verisign

Security

Sponsored by
Verisign
dotMobi

Mobile

Sponsored by
dotMobi
Minds + Machines

Top-Level Domains

Sponsored by
Minds + Machines
Afilias

DNS Security

Sponsored by
Afilias