Essential Reading for Email Users
The following ideas point the reader to legislation and facts about email security. There are a number of factors which affect your security when using email. The links below are to official government sources and other respected websites. There is also a list of suggested search engine terms if you want to discover more.
WiFi Security - Hacking Techniques in Wireless Networks
WiFi and wireless networks are a major email security weakness. This is an exhaustive technical paper dealing, among other things, with the vulnerability of wireless connections. Prabhaker Mateti is Associate Professor at the department of Computer Science and Engineering at Wright State University, Dayton, Ohio.
"Wireless networks broadcast their packets using radio frequency or optical wavelengths. A modern laptop computer can listen in. Worse, an attacker can manufacture new packets on the fly and persuade wireless stations to accept packets as legitimate."
Hacking Wireless Links
Data Protection Act 1998
Schedule 1, Part 1 gives the eight principles of Data Protection covered by law. The Information Commissioners Office (ICO) has wide powers available to punish breaches of personal data security.
The Data Protection Act 1998
Regulation of Investigatory Powers Act 2000
Part 1, Chapter 1, Section 5, Sub-Section 3 defines the circumstances in which the UK government may intercept and utilise electronically transmitted data. Although the Act is mostly an anti-terrorist measure there have been reported examples of local councils obtaining warrants enabling surveillance for exceptionally minor misdemeanours. Recent new guidelines have been issued in an attempt to curb the worst excesses.
This is the UK Government's main intelligence gathering centre. It possesses one of the largest computer complexes in Europe - see About Us, Technology. It has links with America's National Security Agency. GCHQ's activities and objectives are governed by the Regulation of Investigatory Powers Act and the Intelligence Services Act.
Intelligence Services Act 1994
Specifically to underpin GCHQ activities. Section 3 details the scope of activities.
Intelligence Services Act
Data Retention (EC Directive) Regulations 2009
This came into force on April 6th 2009. It implements Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006. It places requirements on Internet Service Providers to retain client data and to disclose it to UK authorities in defined circumstances. Schedule, Part 3 gives the specifics. Although the data to be retained does not specify email contents, the Deep Packet Inspection system may well be legally used to to achieve this.
Data Retention Regulations
Deep Packet Inspection
The UK government has made a number of moves to allow surveillance of all email contents sent in Britain. So far vociferous opposition has impeded the progress of legislation with objections focused on the compilation of databases. Deep Packet Inspection allows the scanning of traffic content on the fly and does not of itself involve databases. (The related system of Deep Packet Capture is designed to produce databases.) The technology is well-established and available from numerous vendors. It was developed for anti-virus, anti-spam and other traffic management purposes. It forms part of the 'Mastering the Internet' project, formally known as the Interception Modernisation Programme, controlled from GCHQ Cheltenham.
In the US the technology forms the basis of the Communications Assistance for Law Enforcement Act (CALEA) presented as an accreditation scheme for law enforcement agencies.
Deep packet inspection - technical
LEARN MORE - Google Search Terms
Interception Modernisation Programme
Deep Packet Inspection
Deep Packet Capture
Email RSA Security