When you send an email, it feels like such an ethereal thing, effective, cheap, convenient and relatively instant, yes, but it has none of the permanence of physical postal mail does it? Does it?
From today Internet Service Providers in the UK, and soon enough throughout Europe will be obliged to keep a log of every email you send, a record of who you are sending it to and when you sent it. Of course it goes without saying this log will also cover every email you receive… This is all being implemented as a part of a European Directive which obliges ISPs to hold this information, and it is due to enter into force in the UK today, March 15th 2009.
It is true to say that most ISPs keep this kind of informaiton (and more) on a voluntary basis, but the worry when it becomes mandated is “what happens next?” The answer to that seems worryingly clear in the UK at least and it’s called the Interception Modernisation Programme, a huge, government owned and controlled database, recording every text, email and telephone call made and every website visited by every person in the UK.
If your national or local postal service were to open and check every letter you sent in order to keep a record of who you correspond with, would you not be outraged? What if the postal service then made all this information available to over 600 public bodies such as local councils and police forces on request?
The Home Office insist that this information is vital for fighting crime and terrorism; but is this legislation really going to be effective against the people at whom it is supposedly aimed?
If national governments and law enforcement organisations truly believe that online criminals and international terrorists don’t know how to hide their online traces, then we have a bigger problem than we thought (sending an email with spoofed sender address from an internet café is only lesson one).
On the other hand, if those same governments and law enforcement organisations are actually fully aware of the ease with which online crime is perpetrated, and online traces hidden, then wouldn’t it have made more sense to take the time, money and technology necessary for a scheme of this magnitude and direct it towards a few more online police on the internet beat, and to building international cyber-crimefighting organisations that truly work and are truly global in remit?