What is the government thinking? The BBC and The Times are reporting that the Home Office are planning to put together a national database of all phone and email communications. It is another of the schemes proposed to combat terrorism and improve national security – but like all the others, it is just a disaster waiting to happen.
I have a number of problems about introducing a database such as this from the point of view of both a service provider, and an email user. In my opinion, this is a step too far (but then again, so are some of the other schemes).
From a service provider’s point of view, I do not see how it is going to be possible. I operate 2 mail servers (3 if you include the one I use for testing). The company I work for operates 4, and my internet provider has loads more. If you think that a small operation like mine is using 2 servers, how many mail servers must be operating in the UK? This is a hell of a lot of data! How are we expected to pass this information along to this national database?
If it is going to be compulsory to provide this data – and I suspect it is or there wouldn’t be any point having the database in the first place – then how is it going to be policed? How would the government know that I am running a mail server at home and not putting the data into the database?
Any tech person with half a brain knows how to set up a mail server, so this could become the standard way for those acting against the national security of the UK to communicate (if it isn’t already). When you consider that hundreds of thousands of computers are sending out SPAM emails without their owners realising, how would the government check that these weren’t being used for terrorists to communicate? On the other hand, what would stop them setting up emails servers in another country? For that matter, there isn’t anything stopping me from moving my servers to another country to avoid having to comply with the law.
Another more worrying thought is that the government could attempt to ban the use of mail servers other than those that are registered with them and provide them with the data. Again though, it would be impossible to police. However this would cause significant financial hardship on a lot of small businesses that operate their own systems. These companies would either have to move their servers out of the country, or pay whatever is required to comply with the law.
From a more personal point of view, why do they need the information? They already force phone companies to keep records of my calls for 12 months; they already keep details of my tax payments, capture me on CCTV countless times a day and even store records of where I’ve driven. Now they want my emails as well?
Bearing in mind how well the government has looked after my data in the past, I’m not sure I trust them with this amount of data. All it takes is for someone to burn off a DVD of the data and sell it to the highest bidder. If systems like Phorm become more widespread, how long will it be before the websites I visit become the next part of this database? It certainly makes sense that it would be next on the list.
Luckily, the Information Commissioner has suggested that this is a step too far. We can only hope that this idea is stopped before it gets much further.
Edit: I suppose I should mention that under current legislation, email providers are supposed to keep this information already and hand it over when the police come knocking on the door However, these plans would involve all the data being held in one central place rather than with the provider.