informa
/
Risk
News

U.K. Orders ISPs To Archive Private E-mail Records

Critics say the plan amounts to an unwarranted invasion of privacy.
In less than two months, British Internet service providers will be required to maintain records on U.K. citizens' e-mail traffic.

The United Kingdom's Home Office has ordered providers to retain records of all e-mail sent and received in the country for at least 12 months, beginning March 15. The government said it aims to increase national security and help prevent terrorism by requiring ISPs to capture and store the information. New European Commission rules will allow public agencies to access ISP data if they make a legal request.

The plan, which could cost the country's government $34 million, has drawn fire from ISPs and privacy advocates. Aside from being an invasion of privacy, the mandate can't guarantee the records would be protected from data breaches, critics said. They also point out that such a database could actually increase risks of criminal activity by placing an extraordinary amount of personal information in one place.

The requirement applies to e-mail sent by foreigners to U.K. citizens, but it doesn't cover the actual content of the e-mail.

The Information Commissioner's Office, which aims to protect privacy, issued the following statement opposing the plan:

"It is likely that such a scheme would be a step too far for the British way of life. Creating huge databases containing personal information is never a risk-free option, as it is not possible to fully eliminate the danger that the data will fall into the wrong hands. It is therefore of paramount importance that proposals threatening such intrusion into our lives are fully debated."

Recommended Reading:
Editors' Choice
Kirsten Powell, Senior Manager for Security & Risk Management at Adobe
Joshua Goldfarb, Director of Product Management at F5