The home secretary has stressed the need for even greater surveillance powers for government.
In a speech to an Institute for Public Policy Research commission on Wednesday, the home secretary, Jacqui Smith, said the introduction of new laws to monitor modern communications is necessary in order to combat terrorism and serious crime.
The Home Office is already consulting on plans, due to come into effect in 2009, that would require all ISPs to keep the 'who', 'when' and 'where' details of all web, VoIP and messaging traffic for at least 12 months, bringing the UK in line with an EU directive.
Telecoms operators are already required to store similar details of phone calls and text messages for an equivalent length of time.
In her speech, Smith suggested that forthcoming legislation will go further than simply making it a statutory requirement to retain online traffic details for at least 12 months.
She said: "The changes we need to make may require legislation. The safeguards we will want to put in place certainly will. And we may need legislation to test what a solution will look like."
Smith was thought to be referring to plans proposed under the Interception Modernisation Programme (IMP), which are believed to include proposals to siphon details of internet traffic from ISPs and store it in a central government database for at least 12 months.
Lord West of Spithead revealed that the IMP and the Communications Data Bill, due for its first reading in December, are bound together when he told Parliament in July 2008 that more details on the IMP would be available after the draft bill is published this December.
A spokesperson for the Information Commissioner's Office opposed the move towards a centralised database, saying: "It is important to highlight that creating large collections of data is not a risk-free option."
"This not only engages concerns about unwarranted intrusion into the lives of every citizen, it also raises worries about making sure that people's personal information is properly safeguarded, is not misused and can never fall into the wrong hands," said the spokesperson.
Smith said public consultation on any legislation relating to communications retention will begin in the new year.
She added that there are no plans to keep the contents of emails, texts, instant messages or phone calls, and that local authorities will not be given powers to listen in on calls.
She said: "Our ability to intercept communications and obtain communications data is vital to fighting terrorism and combating serious crime, including child sex abuse, murder and drugs trafficking."
"But the communications revolution has been rapid in this country and the way in which we intercept communications and collect communications data needs to change too," Smith said.
Talkback
If you send an email from your UK ISP supplied email account to another UK ISP supplied email account, then your traffic will be logged under these new proposals; but then the traffic is already being logged today and the ISP can be forced to give it up to the "authorities" for the flimsiest of reasons. eg checking that your kid is enrolled in the right school.
If you use:
- An offshore https web based email account.
- An offshore conventional email server over an SSL connection.
- A UK based, self hosted email server with SSL.
Then any of these (and probably more examples I have yet to think of) will completely bypass these regulations and be utterly invisible to the snoopers.
If I were planning a criminal enterprise and wanted to chat about it with my co-conspirators, I would probably set up a self hosted email server and equip my fellows with netbooks, paltops or laptops using a mail client enabled for IMAPS & SMTPS and WiFi and configure them to use my new email server. When the jobs done, I would 7xcrypto-wipe the hard drive and sell the whole lot at a car boot sale.
Given that there are so many ways round these proposals, one of three scenarios applies. I encourage fellow correspondents to vote for the one they think applies here :-)
1) Jaqubootie Smith and her fellow travellers haven't even got the first clue about IT and genuinely think that the bad people are going fall for their dastardly ploy and march themselves into prison in lines two abreast.
2) They know about these work arounds and don't care because they're not actually worried about results, or how much it will all cost or indeed the gross, un-British invasion of individual privacy; they just want the "Tough on Crime" headlines in the hope "The Great Unwashed" will be impressed and vote for them.
3) They know about these work arounds and don't care because they actually want the data on us; the vast majority of law abiding subjects. This begs the question WHY they might want to pokey nose on us in this way, but none the less they do seem to get off on that sort of thing.
Me? I'm going with 2) .. plus a side order of 3) for texture and added interest.
Unfortunately, reality suggests otherwise
I had to laugh at your comment "the Great Unwashed" well I do shave !! but seriously, I totally agree with your arguments and what worries me regarding company site security is that the British gov is currently improving its trackrecord of leaving data on trains, suffering data theft left right and centre so how can we be sure that their snooped stuff which can easily include perfectly innocent company trade secrets are not going to be discovered dumped on a bus for anyone to look at and perhaps use? It's the government's lack of security acumen that worries me the most. They need to get their own House in order first before they start poking around copying everything they lay their hands on. They will take more data than they have eyes to evaluate so there will be a lot of data that they have no control over and the data left on buses etc, might include inventions like mine that I definitely don't want seen by my competitors before we launch our products. With the government data theft levels as high as they are, it won't be long before companies end up being blackmailed by "passengers" for the return of stolen data. Meanwhile, real professional criminals will evade IT detection anyway. so I do not see the advantages of these government snooping and copying strategies.
Throw away email addresses, proxy IP addresses, buying pay as you go sim cards from Tesco with cash.... all going to grow in volume. Don't get the point of all this. If you're clever, you disappear under the radar anyway. Buy with cash, surf over open wifi networks (Milton Keynes springs to mind). How on earth do the 'powers that be' expect this to improve security. It'll drive illicit use of IT and comms underground. Only the fool will be caught. With handsets costing £12.00 each, just bin the mobile when you've committed the crime.
Actually, they are already setting up plans to cover that. The idea is that you won't be able to buy a mobile phone at all without presenting your passport.
Rather begs the question of a little old lady who's never stepped out of her village and has no desire to do so.