Beginning in March, a new law in the UK will force Internet Service Providers to store information on all emails sent and received for a minimum of 12 months. The official reason given for this new measure, which is part of a European Commission directive, is to assist in the fight against crime and terrorism.
In recent days several critics, including the Association of Internet Service Providers, have spoken out against this intended measure, casting doubts on its effectiveness as well as questioning the ethics behind the law.
Approximately three billion emails are sent daily in the UK, spam included. Although the current government does not intend to store the content of the emails themselves, the connection data will be archived in a database. This database in turn will be made accessible to over 500 different offices and bodies, ranging from law enforcement to local government and health authorities, who make a “lawful” request to access the data.
The government is considering spending between £25m and £70m on financial assistance to the Internet Service Providers who will be responsible for setting up the initial system. Currently, there are no specific details in regards to how the systems will be regulated, who will guarantee its integrity, or what information will be accessed and more importantly, by whom.
History has seen many societies take the path of increasing surveillance at the expense of civil liberties, none of which have worked out terribly well. I believe that this has the potential to result in a society which spies on its own citizens, who, per divination, are all guilty of crimes which they have not yet been proven to be involved in.
Return Path is all for sharing information between ISPs and supports those trying to stem the tide of incoming spam. Approximately 80-90% of all email sent today is spam. However, it is unclear how much of a technical and financial burden this will place on ISPS – at the very least 12 months of data seems unnecessarily onerous. The component of this new law that is promising is allowing ISPs to freely share IP and connection data – information that is generally not considered to invade personal privacy in the majority of the world. It would seem that this opens the door for allowing UK ISPs to participate in feedback loops and other information sharing requests to help fight spam without violating an individual’s right to privacy.