Home / Blogs

Email and Social Media Accounts Under the Spotlight in UK's Proposed New 'Spy' Plan

Susanna Sharpe

It would be reasonable to assume that your employer is archiving your email communications. But what about your personal emails, texts, phone calls and Facebook posts. Are these really private?

Not for long, if the UK government has its way. It has been reported that its new anti-terror plan, if passed, would require Internet providers and phone companies to store all online communications by UK citizens for one year. This would include phone calls, SMS, email, Twitter, Facebook and any other online messages.

While the actual content of the communications wouldn't be stored, details including the time and date it was sent, who it was sent to and the location it was sent from would need to be archived.

Under the European Union's Data Retention Directive, member countries are required to store details on when emails, phone calls and texts were sent. But the Communications Capabilities Development Programme (CCDP) takes this a step further in the UK and if passed, will be the first time Britain has required details of social networking communications to be stored.

The CCDP is similar to a previous plan dumped by the former Labour government because it was deeply unpopular.

The major concern is privacy and security. The plan is for telecommunications companies to individually store the data on their customers, rather than it being transferred to a central database. Can they be trusted to store this data securely? With scores of public organisations potentially authorised to access the data, how can the government guarantee this information won't fall into the wrong hands?

As of mid-2011, more than 80 per cent of the UK population were Internet users. It would be safe to assume that the vast majority of these 41 million people would have email and/or social media accounts. This leads to another important question — who will be expected to pay to store such a massive amount of data? It is hard to imagine the telecom providers would foot this bill. Will it be user pays?

So how far is too far when it comes to balancing national security versus privacy? I would love to know your thoughts. Please contribute in the comments section below.

Sources:
Phone and email records to be stored in new spy plan
Every phone call, email or website visit 'to be monitored'
Regulation of Investigatory Powers Act 2000

By Susanna Sharpe, Social Media Manager. More blog posts from Susanna Sharpe can also be read here.

Related topics: Internet Governance, Law, Policy & Regulation, Privacy, Security

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

Would this law also apply to storage Phil Howard  –  Feb 23, 2012 7:16 AM PDT

Would this law also apply to storage locker services?  That's the kind of service where I get some finite amount of space (for example 1 gigabyte) that I can access wherever I have access to the internet.  Now what if such a service could be opted to work like hosting, too, where you could elect to make parts of this data available to the public.  Then what if it were more structured than merely a file server so that user experience with this data was smarter and consistent, like a social media site?  Where and how do we draw that line?

No doubt, there would be copyright issues to deal with if users put up content with copyright ownership held by someone else.  And that issue is likely fairly uniform (copyright takedowns have applied to FTP files as much as they have applied to social comments).  But that's an O(n) problem (where n is the volume of data) ... copyright law exposure is proportional to what is actually out there.  Copyright law has NOT been used to demand a provider keep and hold on to what a user deletes, or what expires in a time limited component.  For example someone might put something online without realizing a copyright issue exists, then quickly take it down when a friend points that out to them.

The problem with a data retention scenario makes it go beyond a simple O(n) issue.  If I were to put up "The ISO of the day" file, which could be from 48MB to 4.8GB each day, does the provider of the service where it is hosted have to keep a copy of ever day's ISO, which could amount to up to 144GB for a month of retention?

But this is a law enforcement issue, supposedly to deal with terrorism or other serious crimes.  And this law supposedly states it applies to social media.  But just what is the definition of social media?  And what content in social media does it apply to?  Must they store every picture uploaded?  Every video?  Every ISO?  Wherever we draw the line between social media vs. file storage, or what files are to be stored and what not, the bad guys could just step past the edge.  Will they (eventually) require it all to be stored?  This looks to be so easily abused ... by both sides.

How far will it go? Susanna Sharpe  –  Feb 24, 2012 7:05 PM PDT

At the moment I don't think copyright is so much of a concern as the actual communications ie who spoke to, emailed or Facebooked whom and when. But I agree- I think it enters dangerous territory as to where the line should be drawn. The obvious next move would be to store the actual contents of communications. And as you said - what really defines social media and how far would they go in storing it? It often seems the law is a step behind the 'baddies', so perhaps they dictate where legislation leads.

To post comments, please login or create an account.

Related Blogs

Related News

Topics

Industry Updates – Sponsored Posts

Nominum Announces Future Ready DNS

New from Verisign Labs - Measuring Privacy Disclosures in URL Query Strings

ICANN London Recap Webinar

DotConnectAfrica Delegates Attend the Kenya Internet Governance Forum

Neustar to Launch usTLD Stakeholder Council

3 Questions to Ask Your DNS Host about Lowering DDoS Risks

Continuing to Work in the Public Interest

Verisign Named to the OTA's 2014 Online Trust Honor Roll

Sophia Bekele Weighs in on Obama's August US-Africa Leader Summit at the NYF Africa

4 Minutes Vs. 4 Hours: A Responder Explains Emergency DDoS Mitigation

Dyn Acquires Internet Intelligence Company, Renesys

Tips to Address New FFIEC DDoS Requirements

DotConnectAfrica's Expert Selected to Attend the Hague Institute of Global Justice

DotConnectAfrica Delegates Attend the KHRC Internet & Human Rights Breakfast Roundtable in Nairobi

Smokescreening: Data Theft Makes DDoS More Dangerous

Internet Business Council for Africa Participates at the EU-Africa 2014 Business Forum, Brussels

dotStrategy Selects Neustar's Registry Threat Mitigation Services for .BUZZ Registry

24 Million Home Routers Expose ISPs to Massive DNS-Based DDoS Attacks

DotConnectAfrica Statement Regarding NTIA's Intent to Transition Key Internet Domain Name Function

What Does a DDoS Attack Look Like? (Watch First 3 Minutes of an Actual Attack)

Sponsored Topics