The burden of Telecommunications data retention laws and subpoenas
Lavabit.com (an email service provider like Gmail/Hotmail, but with better privacy features) abruptly shut down this week, possibly due to complications from a subpoena, e.g. “National Security Letter” (NSL).
This brings some concerns for email service providers everywhere, uncertainty for the users of email services likewise.
Guerrilla Mail doesn’t store any email for more than an hour, so it should be immune from such problems – by the time such a request comes, the email(s) would be long deleted, automatically, because that’s how the system is designed to work. And there’s no account registration, so there’s no account data to disclose.
As at August 2013, up to 40GB+ of data is deleted daily. At present, our server access logs are turned off, to save the disk from frying. If the logs are ever turned on, it’s done so for troubleshooting problems or generating local reports, all raw access-log data is discarded quickly after such use.
One potential problem on the horizon is the introduction of Data Retention Laws. These laws are slowly being introduced world-wide, country by country, including the US, UK, EU. Wikipedia has an article about the current state of these requirements http://en.wikipedia.org/wiki/Telecommunications_data_retention
Why do they need these laws? To conduct mass surveillance of all citizens of course! What else can mandatory data retention laws be used for? OK, it’s understandable that some companies or industries have their own specific policies for retaining their communications data for their own purposes. However, it may be overreaching and unreasonable if these laws should be applied to the communications of ordinary citizens.
These laws also place additional burden on internet service operators, since they now have to store all that extra data and comply with the added bureaucracy. It would be a great burden on Guerrilla Mail to store 40+GB of data per day for such a long time.
Also there’s the burden of dealing with subpoenas. Some types of subpoenas can include a gag order, which can have quite a psychological effect, including an ethical dilemma, on the persons receiving such an order. Probably that’s why the operator of Lavabit decided to shut it down. (There’s speculation that the Lavabit operator was under a gag order, facing a position where they would need to to lie to their users, they chose the more honorable decision to shut it down instead)
Data retention laws already exist and are probably already in force where you live. In the European Union, “Directive 2006/24/EC” requires that communications, such as emails and email access data must be stored for 6 to 24 months. This directive has been implemented in most EU countries, some even going for more than the directive required. Fortunately, some countries such as Germany and Romania deemed the directive as unconstitutional. It should be noted that Germany and Romania are countries where many of their citizens can still remember what it is like to live under total surveillance.
There is no similar “Data Retention Directive” for the United States yet. Several attempts were made, but failed. Certainly, more attention needs to be given to these topics, or else very soon, we will wake up one day in an Orwellian 1984.