Reports that ISPs will have to store details of every email sent via their systems for at least 12 months from March onwards seems to have civil libertarians up in arms (http://tinyurl.com/8rxl3l), but, surprisingly enough, there is no mention of any complaints from the ISP community.

 

This actually isn't that surprising, when you remember that the ISP community were making a fuss a few years ago, when the prospect of storing email for six years was mooted.

 

Against this backdrop, storing email for a 12 months is a comparative let-off, especially when many ISPs keep their backup tapes for this long a period anyway, so creating and interface to interrogate the data mountain isn't hat onerous a task

 

But will keeping emails for 12 months tackle the online crime problem?  You can join a vote on the poll here: http://www.infosec.co.uk/page.cfm/Action=Poll/pollID=142/nocache=true

 

It's highly debatable, largely because many Internet users make use of Web-based and impersonal email services from the likes of Hotmail and others.

 

Registering a Hotmail or Yahoo mail is a relatively easy task, and given the numbers of users with a moniker of `pinkfluffybunny701' or similar, tracing the real owners of these types of mailboxes can often turn into something of detective hunt.

 

On top of this, the planned month mandate to store emails for at least 12 months only applies to UK ISPs. International ISPs such as AOL and CompuServe, as other international ISPs who have large minorities of UK subscribers, fall outside the legal remit.

 

The Internet, in case you hadn't noticed, is international, unlike the laws that are attempting to bind its illegal usage.

 

And when you realise that around 20 billion emails are estimated to be sent each week in the UK, the value of storing that volume of data for the Police and around 600 other agencies to sift through when they wish starts to reduce somewhat.

 

That's a lot of agencies, but it's also a lot of data to sift through.

 

Few agencies have the resources to tackle such an information mountain, let alone search that data on regular basis. The IT and manpower resources required would put an IT manager in a daze.

 

And when you begin to factor in the estimates that four in every five emails sent are spam, you realise the futility of it all.

 

It was Douglas Hird, the UK's former foreign secretary and veteran politician that is famously reported to have said that you can make walking on the cracks in the pavement illegal, but enforcing such a law is nothing without the support of the people.

 

The ISP email retention law, which forms part of the European Commission directive, is expected to come into force on March 15 at a reported taxpayer cost (depending on who you talk to) of between 15 and 70 million pounds.

 

That's the cost, apparently, of creating an IT infrastructure capable of giving various agencies easy access to the required data mountain - never mind the fact that most agencies have insufficient resources to search in the first place.

 

And what happens if the sender of the email(s) has used a high-level encryption system? How will the various government agencies handle that no-so-minor inconvenience?

 

Words like "waste," "time" and "of" spring to mind...

Permalink:
http://www.infosecurityadviser.com/view_message?id=91