In the very near future it looks likely that the UK government may end up retaining for some 12 months the details of every phone call and e-mail we all make and send. The Data Communications Bill is likely to be put before parliament in the next year and it would appear to go further than previous requirements to meet EU Directives on Data Retention for communications providers. The Times covers the issue, and has the following quote from the assistant Information Commissioner.
"This would give us serious concerns and may well be a step too far. We are not aware of any justification for the State to hold every UK citizen's phone and internet records. We have real doubts that such a measure can be justified, or is proportionate or desirable. We have warned before that we are sleepwalking into a surveillance society. Holding large collections of data is always risky - the more data that is collected and stored, the bigger the problem when the data is lost, traded or stolen."Jonathan Bamford, the assistant Information Commissioner
It is not clear whether it is just a record of e-mail headers or the complete e-mail that will be stored. With the masses of spam that is automatically binned by communication providers or filter systems on peoples own computers, sifting through this lot would not be easy. The issue of recording the amount of time spent online which is in the proposals makes little sense, since in these days of connected households, many people will have a device that is always online like a VoIP handset.
Archiving some 3 billion e-mails every day which is the estimate of how many are sent is not a trivial matter. Given the number of personal data leaks from the various databases that hold information on us, concern from the public is very understandable and even if the technology is secured, the weakest link of who has access to the data will still apply.
In theory, police and security services will only be able to access the data after obtaining a warrant from the courts, but what assurances are there that this will not change in the future or that the warrants will start to be issued for increasingly minor things? We have all seen the sort of billing mistakes that arise from time to time due to automated billing software- one wonders what safeguards these surveillance systems will have in place to ensure that e-mails and Internet activity is associated with the right person.
At the end of the day, in all likelihood those planning a terrorist act on knowing that communications are widely intercepted in the UK will find alternate means of communicating, or go unnoticed by using encryption and other methods for anonymising Internet use. Now of course it is illegal to refuse to divulge a password to the police or security services, so will all those using a secure VPN to work from home be under more suspicion than others and receive requests to hand over their keys?
For those still running unsecured wireless networks either intentionally or otherwise this bill is a wake-up call, since if someone borrowed your network and did something that was flagged by the database as perhaps something that threatend national security it is most likely that the police would be visiting you. The broken front door followed by all your computer hardware being taken away for forensics while you protest innocence will not stop the neighbours speculating as to what is really happening.