New law to trak emails...

http://news.bbc.co.uk/1/hi/uk/7819230.stm

Essentially, new rules have been setup to record every email sent/received (addresses/date/time but not content of such email). Some folks say it's against Human Rights.

Discuss.

(I'll post my opinion later)

EDIT: Damn typo in the title. FAIL.

[the_lone_wolf]

in b4 1984

The only question I have is...what is the point of tracking emails if the content isn't looked at? What is the actual point of that? If it is just emails sent/received (addresses/date/time) then I would have thought companies were doing that already?

I personally think that they wouldn't even be able to achieve such a thing due to the sheer volume of emails sent everyday. Where would it all be stored? How would the IT system cope and function? It would probably crash within seconds. At work we use an online patient database system to enter medical notes electronically...the amount of problems & glitches it has everyday is really irritating. (and that little system pales into comparision with storing emails..!)

Maria

[timwilky]

How do the powers that be think this is going to work?.

I run my own SMTP servers at home. Mail comes direct from 3rd parties to me. there are nobody elses servers involved.

So If my mate in the US who runs his own mail servers want to send me a mail. It goes from his server direct to mine. All my ISP knows is there was traffic on port 25. not who sent it or who the recipient was (as in the envelope details) just there was traffic between two servers.

Next if I feel like I want to set up naughty mail between me and my mate, we simply install an AES256 VPN between us. Then the ISP does not even know we are even exchanging mail etc. Or even simpler just move SMTP onto a different port for mail we do not want them to know about.

Well thought out requirement I think not.

Plenty of companies run their own mail servers. We have ours on regional hub points. I send a mail on my company system, It hits the Internet in Switzerland. Somebody in the states sends me a mail, it hits the company mail server in the states, or maybe the one in Singapore etc. guess they will not be monitoring the internet mail I send/receive through work unless they try to enforce UK law to the world.

[SoulKiss]

Quote:

Originally Posted by timwilky

How do the powers that be think this is going to work?.

I run my own SMTP servers at home. Mail comes direct from 3rd parties to me. there are nobody elses servers involved.

So If my mate in the US who runs his own mail servers want to send me a mail. It goes from his server direct to mine. All my ISP knows is there was traffic on port 25. not who sent it or who the recipient was (as in the envelope details) just there was traffic between two servers.

Next if I feel like I want to set up naughty mail between me and my mate, we simply install an AES256 VPN between us. Then the ISP does not even know we are even exchanging mail etc. Or even simpler just move SMTP onto a different port for mail we do not want them to know about.

Well thought out requirement I think not.

Plenty of companies run their own mail servers. We have ours on regional hub points. I send a mail on my company system, It hits the Internet in Switzerland. Somebody in the states sends me a mail, it hits the company mail server in the states, or maybe the one in Singapore etc. guess they will not be monitoring the internet mail I send/receive through work unless they try to enforce UK law to the world.

Yep run my own SMTP server too, providing mail for both Myself and Vixis, as well as my Parents.

Its not really that hard to setup, doesnt need loads of maintainence and not even a very powerful PC.

[ogden]

Quote:

Originally Posted by timwilky

How do the powers that be think this is going to work?.

I run my own SMTP servers at home. Mail comes direct from 3rd parties to me. there are nobody elses servers involved.

So If my mate in the US who runs his own mail servers want to send me a mail. It goes from his server direct to mine. All my ISP knows is there was traffic on port 25. not who sent it or who the recipient was (as in the envelope details) just there was traffic between two servers.

Easy. Transparent redirect by the ISP so all connections out from your machine to port 25 are terminated on the ISP's mail relays. They then log traffic in the usual way and forward the mail on. I've seen it done plenty of times.
OK, so all they're logging is mail you're sending, not receiving, but that's half the battle won.

The actual volume of log data isn't that bad either - it's just text, so easily compressed and nearline storage is cheap as chips with 1TB SATA disks.

As much as I don't like the idea of every email I send being tracked, it's no differeent to the logging of phone call termination info by telcos and they've been doing that for years.

[the_lone_wolf]

Quote:

Originally Posted by timwilky

Well thought out...

[timwilky]

Quote:

Originally Posted by ogden

Easy. Transparent redirect by the ISP so all connections out from your machine to port 25 are terminated on the ISP's mail relays. They then log traffic in the usual way and forward the mail on. I've seen it done plenty of times.
OK, so all they're logging is mail you're sending, not receiving, but that's half the battle won.

The actual volume of log data isn't that bad either - it's just text, so easily compressed and nearline storage is cheap as chips with 1TB SATA disks.

As much as I don't like the idea of every email I send being tracked, it's no differeent to the logging of phone call termination info by telcos and they've been doing that for years.

That is the main problem with this. Who the hell is going to send criminal intent email across systems that would be intercepted. Is big brother so dense as to think we only need the envelope data because the naughty people will encrypt content etc.

Like I said there are a number of things we can do to circumvent simple monitoring of port 25 traffic. VPN, change port, use uucp to shift between mail servers etc. The bad boys are not going to be easily monitored by simply tracking SMTP traffic. Suddenly they are going to have to put every packet through some analysis to see if it may be part of a mail dialog.

Starting with :-

Helo/response
mail from: <******@********>
rcpt to: <*****@********>

only once the response to the setup dialog is OK is there any evidence of a mail transmission etc.

So the above is assuming SMTP protocol is used for the mail, now when everything is then on a VPN between me and my terrorist friend in god knows where (because only terrorists would encrypt mail communication if they knew all mail traffic was being recorded) they need to then decrypt the VPN, then analyse the packets to see if any of them are in fact mail etc.


So would I then use mail. Could I simply not ftp an encrypted file across an encrypted network if I wanted to send my mate a message. or would I use a private protocol of my own design to further encrypted the bits being sent, disassemble the communication and passed psuodo random pieces. etc.



Like I said well thought out plans. the bad boys will love circumventing it. The whole UK network will grind to a halt as monitoring equipment would never keep pace. "Sleep walking into a survailance society" indeed, a bit like a plastic card containing biometric information will stop you from carrying a rucksack of explosives. 1984 is about to happen 25 years late

[SoulKiss]

Quote:

Originally Posted by timwilky

1984 has been happening since about oh, I dont know, 1984

Fixed that one up for you Tim

[ogden]

Quote:

Originally Posted by timwilky

Like I said well thought out plans. the bad boys will love circumventing it. The whole UK network will grind to a halt as monitoring equipment would never keep pace. "Sleep walking into a survailance society" indeed, a bit like a plastic card containing biometric information will stop you from carrying a rugsack of explosives. 1984 is about to happen

Jesus, keep your hair on.

The whole UK network will not grind to a halt. The *vast* majority of email traffic is already logged either on sending (most people use either a web-based mail system or send through their ISP's smarthost) or receipt (again, web-based mail or POP3 from their ISP's mail servers). The only differences are the redirection of mail not currently relayed and an extension of the log retention period. Big deal, not.