The Home Office has been criticised over plans to keep details of every email sent in the UK.
From March, all internet service providers will, by law, have to keep information about every email sent or received in the UK for a year. The Home Office has insisted that the data, which does not include email content, is vital for crime and terror inquiries.
The new rules are due to come into force on 15 March, as part of a European Commission directive that could affect every UK provider. Firms will have to store the information under the government's Interception Modernisation Programme and make it available to any public body that makes a lawful request, which could include police, local councils and health authorities.
Chris Mayers, chief security architect at Citrix, said: “The Government's responsibility is to uphold national security and protect the public. Building a single national database that holds information about every email sent will achieve neither aim.
“The information will come from ISPs and telcos. Today, law enforcement can simply request that these organisations provide the information under court order. A centralised database merely magnifies the security and privacy risks (and associated costs of strict safeguards). With the continuing spate of data leakages, the public is unlikely to feel confident in the security of the database.
Meanwhile Gary Clark, VP EMEA at SafeNet, claimed that a lack of confidence from the public due to data loss incidents will leave consumers feeling vulnerable.
Clark said: “All organisations have a responsibility to protect the information they hold. The public should be able to trust that they are using stringent practices to secure data and have the necessary safeguards in place to protect it. These include identifying process weaknesses, adopting robust security standards and, most importantly, encrypting all sensitive data.”
The Home Office said the data was a vital tool for investigation and intelligence gathering. A spokesperson said: “It will allow investigators to identify suspects, examine their contacts, establish relationships between conspirators and place them in a specific location at a certain time.
“Implementing the EC directive will enable UK law enforcement to benefit fully from historical communications data in increasingly complex investigations and will enhance our national security.”