UK e-mail law 'attack on rights'

By Angus Crawford
BBC News

Service providers will have to store information for 12 months

Rules forcing internet companies to keep details of every e-mail sent in the UK are a waste of money and an attack on civil liberties, say critics.

From March all internet service providers (ISPs) will by law have to keep information about every e-mail sent or received in the UK for a year.

Human rights group Liberty says it is worried what will happen next.

The Home Office insists the data, which does not include e-mails' content, is vital for crime and terror inquiries.

Some three billion e-mails are thought to be sent each day in the UK.

Safe keeping

Shami Chakrabarti, director of Liberty, said ISPs already kept the information on a voluntary basis.

"The thing we have to worry about is what happens next because the government is already mooting plans not just to leave this stuff with the providers but to create a central government database where they hold all the information.

"I'm afraid we just don't trust any government or any organisation to keep that much very sensitive information about us all and to keep it safe."

WHAT IS BEING PROPOSED? To keep details of every e-mail sent in the UK for a year Internet Service Providers will have to record who sent the email, to whom and when The e-mail's content will not be stored Data can be accessed by more than 600 public bodies, such as the police and councils, if they make a valid request Part of a European Commission directive

Critics of the new rules also include an association of internet service providers and computer experts.

Dr Richard Clayton, a security researcher at the University of Cambridge's computer lab, said the money could have been better spent.

He said:"There's going to be a record of every single e-mail which arrived addressed to you and all the e-mails you sent out via your ISP.

"That, of course, includes all the spam.

"I'd have liked to see more bobbies on an electronic beat investigating internet crimes.

"There are much better things to do to spend our billions on than snooping on everybody in the country just on the off-chance that they're a criminal."

The new rules are due to come into force on 15 March, as part of a European Commission directive which could affect every ISP in the country.

HAVE YOUR SAY

What next ? A copy of every letter you send ?

Adrian Mugridge, Chester

Send us your comments

The firms will have to store the information and make it available to any public body which makes a lawful request, which could include police, local councils and health authorities.

To help set up the system the government may end up paying ISPs between £25m and £70m.

The rules already apply to telephone companies, which routinely hold much of the data for billing.

The Earl of Northesk, a Conservative peer on the House of Lords science and technology committee, said it meant anyone's movements could be traced 24 hours a day.

"This degree of storage is equivalent to having access to every second, every minute, every hour of your life," he said.

"People have to worry about the scale, the virtuality of your life being exposed to about 500 public authorities.

The position as to what the ISPs are to do is not clear Malcolm Hutty London Internet Exchange

"Under Article 8 of the European Convention on Human Rights, privacy is a fundamental right... it is important to protect the principle of privacy because once you've lost it, it's very difficult to recover."

The Home Office said the data was a vital tool for investigation and intelligence gathering.

"It will allow investigators to identify suspects, examine their contacts, establish relationships between conspirators and place them in a specific location at a certain time.

"Implementing the EC directive will enable UK law enforcement to benefit fully from historical communications data in increasingly complex investigations and will enhance our national security."

'Better things'

But the industry itself has concerns about how the new rules will work.

Malcolm Hutty, from LINX (London Internet Exchange), a membership association for ISPs, said: "The position as to what the ISPs are to do is not clear."

He said on paper the law applied to all companies, but the Home Office has been saying informally that small ISPs would be exempt.

He said they were now left "in limbo", fearful of legal action if at some time in the future as the company became bigger, they were then expected to collect the data.

Reports have suggested the government has even bigger plans for data retention called the Interception Modernisation Programme.

It could involve one central database, gathering details on every text sent, e-mail sent, phone call made and website visited.

Consultation on the plans is due to begin later this year.