Home / Blogs

Email and Social Media Accounts Under the Spotlight in UK’s Proposed New ‘Spy’ Plan

It would be reasonable to assume that your employer is archiving your email communications. But what about your personal emails, texts, phone calls and Facebook posts. Are these really private?

Not for long, if the UK government has its way. It has been reported that its new anti-terror plan, if passed, would require Internet providers and phone companies to store all online communications by UK citizens for one year. This would include phone calls, SMS, email, Twitter, Facebook and any other online messages.

While the actual content of the communications wouldn’t be stored, details including the time and date it was sent, who it was sent to and the location it was sent from would need to be archived.

Under the European Union’s Data Retention Directive, member countries are required to store details on when emails, phone calls and texts were sent. But the Communications Capabilities Development Programme (CCDP) takes this a step further in the UK and if passed, will be the first time Britain has required details of social networking communications to be stored.

The CCDP is similar to a previous plan dumped by the former Labour government because it was deeply unpopular.

The major concern is privacy and security. The plan is for telecommunications companies to individually store the data on their customers, rather than it being transferred to a central database. Can they be trusted to store this data securely? With scores of public organisations potentially authorised to access the data, how can the government guarantee this information won’t fall into the wrong hands?

As of mid-2011, more than 80 per cent of the UK population were Internet users. It would be safe to assume that the vast majority of these 41 million people would have email and/or social media accounts. This leads to another important question—who will be expected to pay to store such a massive amount of data? It is hard to imagine the telecom providers would foot this bill. Will it be user pays?

So how far is too far when it comes to balancing national security versus privacy? I would love to know your thoughts. Please contribute in the comments section below.

Phone and email records to be stored in new spy plan
Every phone call, email or website visit ‘to be monitored’
Regulation of Investigatory Powers Act 2000

By Susanna Sharpe, Social Media Manager

Filed Under

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet


Would this law also apply to storage Phil Howard  –  Feb 23, 2012 2:16 PM

Would this law also apply to storage locker services?  That’s the kind of service where I get some finite amount of space (for example 1 gigabyte) that I can access wherever I have access to the internet.  Now what if such a service could be opted to work like hosting, too, where you could elect to make parts of this data available to the public.  Then what if it were more structured than merely a file server so that user experience with this data was smarter and consistent, like a social media site?  Where and how do we draw that line?

No doubt, there would be copyright issues to deal with if users put up content with copyright ownership held by someone else.  And that issue is likely fairly uniform (copyright takedowns have applied to FTP files as much as they have applied to social comments).  But that’s an O(n) problem (where n is the volume of data) ... copyright law exposure is proportional to what is actually out there.  Copyright law has NOT been used to demand a provider keep and hold on to what a user deletes, or what expires in a time limited component.  For example someone might put something online without realizing a copyright issue exists, then quickly take it down when a friend points that out to them.

The problem with a data retention scenario makes it go beyond a simple O(n) issue.  If I were to put up “The ISO of the day” file, which could be from 48MB to 4.8GB each day, does the provider of the service where it is hosted have to keep a copy of ever day’s ISO, which could amount to up to 144GB for a month of retention?

But this is a law enforcement issue, supposedly to deal with terrorism or other serious crimes.  And this law supposedly states it applies to social media.  But just what is the definition of social media?  And what content in social media does it apply to?  Must they store every picture uploaded?  Every video?  Every ISO?  Wherever we draw the line between social media vs. file storage, or what files are to be stored and what not, the bad guys could just step past the edge.  Will they (eventually) require it all to be stored?  This looks to be so easily abused ... by both sides.

How far will it go? Susanna Sharpe  –  Feb 25, 2012 2:05 AM

At the moment I don't think copyright is so much of a concern as the actual communications ie who spoke to, emailed or Facebooked whom and when. But I agree- I think it enters dangerous territory as to where the line should be drawn. The obvious next move would be to store the actual contents of communications. And as you said - what really defines social media and how far would they go in storing it? It often seems the law is a step behind the 'baddies', so perhaps they dictate where legislation leads.

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.



Threat Intelligence

Sponsored byWhoisXML API

Domain Names

Sponsored byVerisign

Brand Protection

Sponsored byCSC


Sponsored byVerisign

IPv4 Markets

Sponsored byIPv4.Global