Policing the Wires
January 9th, 2009 by David Bradley >> 7 Comments
New rules which come into force in March 2009, will mean internet service providers will have to keep details of every single email sent in the UK. Civil liberties groups (and presumably ISPs) say the scheme is a waste of money. Although that said, the BBC reports that GBP25m (about $35m) of taxpayers’ money will be given to ISPs to help smooth the system.
Three points immediately spring to mind.
First: what’s the point? If they’re not recording the actual email content, then why bother tracking at all?
Second: Emails can be sent via public computers, virtual private networks (VPN), proxy systems and webmail, and will be invisible to tracking systems that simply monitor the SMTP/POP3/IMAP mail transfer protocols that conventional email programs use to send and receive messages.
Third: If the aim is to reduce criminal behavior and terrorism then I’ve got news for the authorities, real criminals and terrorists use encryption (unlike British government laptop and thumbdrive users, it seems).
Oh, there is a fourth point made well by Cambridge University’s Richard Clayton, who researches computer security. “There’s going to be a record of every single e-mail which arrived addressed to you and all the emails you sent out via your ISP,” he says, “That of course includes all the spam.” Given that spam messages (even after the McColo Corp. take down) account for almost all email traffic (billions daily) that’s a huge amount of wastage in a monitoring system, especially given the often criminal content of spam emails!
“I’d have liked to see more Bobbies* on an electronic beat investigating internet crimes,” Claytons adds.
*Bobby – English policeman, named for Sir Robert Peel, founder of the first modern police force in England. Also known as peelers (archaic), rozzers (roasting), Mr Plod or PC Plod (Noddy), or coppers or cops (elemental), boys in blue (sexist), flatfoot (medical), Sweeney (as in Todd…Squad) the fuzz (offensive), filth (offensive), pigs (some terms are more offensive than other terms), Dibble (Barberic),
"Deceived Wisdom: Why What You Thought Was Right Is Wrong" from David Bradley. Available now on 
Leave a comment ↓
Nick // Jan 9, 2009 at 2:35 pm
re the Sweeney (as in Todd…Plod) the Sweeney actually refers to The Flying Squad which is based at New Scotland Yard ( an elite branch of the Metropolitan Police Service specialising in combatting armed robbery and violent crime within the Metropolitan Police area in London. )The name derives from Cockney rhyming slang, in which the expression Sweeney Todd rhymes with (and stands for) ‘Flying Squad’.
David Bradley // Jan 9, 2009 at 2:49 pm
Yep, Nick, you’re right…I knew that, I was typing faster than my brain was working at 7:15 this morning right after this news was on BBC Radio 4 Today program…
Dave Pimlott // Jan 9, 2009 at 8:07 pm
Regarding the second point you make: no matter what precautions you take at some point your email will be sent to some Mail Transfer Agent (MTA) which *will* talk (using SMTP) to the destination persons MTA and will therefore be logged by this mythically useful system (point four is a very good point!). That is unless you run your own SMTP server and have everyone who wants to send you email connect via a VPN directly to your mail server.
David Bradley // Jan 9, 2009 at 9:04 pm
Ah, good point Dave…but either way, if you’re pgp’ing your emails there’s nothing for the spooks to read but garbage, right?
Dave Pimlott // Jan 10, 2009 at 9:11 pm
assuming that they haven’t broken PGP (which I rmember reading about is mathematically possible) then the security forces won’t know that the email contained “I like playing with Barbie dolls” but they will know who is talking to who and I believe that sometimes that can be enough for you to be investigated further.
A thought that occurred to me as I was writing – perhaps they aren’t interested in the contents of the emails as much as who is talking to who – i.e. who should we (the security forces) be looking at next. Which (to me) makes a lot more sense that archiving peoples “lolcat” emails to their mates. The security services already have a watch list so legally being able to see who is sending and receiving emails from people on your watch list would be a good way to find other potential terrorists.
Not that a Network Security bod like myself knows the methods used by the security forces….
David Bradley // Jan 10, 2009 at 11:21 pm
Yeah, they’re b*st*rds anyway, if they’re spying on the innocent. But, no I don’t think 256-bit PGP has been broken yet, has it? Got a link for the crack?
Dave Pimlott // Jan 11, 2009 at 11:27 pm
http://www.rossde.com/PGP/pgp_weak.html is a pretty good summary of the problems that have occurred and (I assume) been patched. I haven’t yet found the private key recovery paper that I’m pretty sure I read…