Results 1 to 34 of 34
  1. #1

    Time for UK hosts to panic...

    http://news.bbc.co.uk/1/hi/uk_politics/4668903.stm

    Hosts may want to monitor this one and lobby accordingly - to be clear, you'd need to keep regardless of user or account deletion.
    InsideHosts.com - examining the insides of the hosting industry.

  2. #2
    Join Date
    Jul 2002
    Location
    Manchester, UK
    Posts
    774
    In my eyes, this is terrorists scoring one point over the rest of us - Thanks to them, our very privacy is in jeopardy.

  3. #3
    This will blow over...

  4. #4
    Join Date
    Apr 2002
    Posts
    86
    Like it blew over in the US?

    Protect it or lose it.

  5. #5
    Join Date
    Sep 2003
    Posts
    3,854
    Man, what the hell do they think it is? I hate it when stupid people make stupid decisions based on their own ignorance and stupidity. What the hell does that guy know about webhosting!! It's simply not viable for a company to keep so many records. Imagine those emails have large attachments. You can't keep hundreds and thousands of large email for half a year.

    I say if they want that crap implemented, then they pay for it.
    I doubt I would ever want to comply to such a rule that invades your privacy so much. If I want to keep communication private, i'll keep it private same for my clients.
    InnoHosting, Performance Web Hosting || US: 1-888-522-INNO UK: 0800 612 8075
    Web Hosting - Virtual Servers - Managed Servers - Application Hosting
    Reseller Hosting with WHMCS & Preloaded KB | SSL | activGuard | End User Support
    LiteSpeed / CloudLinux / Idera Backups / True 24x7 Support / 10+ Years in Business

  6. #6
    I'm hoping my opinion here isn't going to be in the minority but here is how I feel...

    I would have NO PROBLEM at all complying with this as a hosting provider. If it ment I had to spend more money each month providing a seperate storage area for holding these communications for 6 months to a year, then I would be happy to do so.

    The way I see it, if this is something I can do to help any kind of government office be able to trace down and catch any of these barbaric terrorist, then its WELL worth it! I'm in the U.S. and so far I dont think we have talked about this at all, but if the U.S. did its just one thing I can do to help support the War on Terrorisum! Our brave men and women are over-seas, putting themselves in life and death situations to help protect our freedoms... Paying a few dollars each month to help ensure they find out where the terrorist will be before they get to our brave soliders is the very LEAST I can do!

    I know some will say that its an invasion of privacy... But I feel that if I have nothing to hide, then why should I care! The way I see it, the government has PLENTY of better things to do then look at the love letters I e-mail my wife! The terrorist are doing there best to try and divide us... To try and bring fear to us.. The best thing that the citizens can do is get FULLY behind our governments and support the effort to rid our world of these evil people!

    Again, just my two cents!
    Last edited by C-4 Hosting; 07-11-2005 at 01:17 PM.
    C-4 Hosting
    http://www.C-4.us
    Est. in 2003 - Treating Every Client Like They Were Our ONLY Client!
    Reliable, Affordable, and Professional Web Hosting

  7. #7
    Originally posted by stealthdevil
    [If I want to keep communication private, i'll keep it private same for my clients. [/B]
    The problem is, of course, is the law doesn't permit this you would be acting illegally. Simple as that.

    Remember, folks: we the British won't be bullied by terrorists or "change our way of life".
    InsideHosts.com - examining the insides of the hosting industry.

  8. #8
    Join Date
    Sep 2003
    Posts
    3,854
    Originally posted by InsideHosts.com
    The problem is, of course, is the law doesn't permit this you would be acting illegally. Simple as that.

    Remember, folks: we the British won't be bullied by terrorists or "change our way of life".
    What if you dont have any UK servers? It's not a viable solution. I'm all for stopping terrorism, but although you have nothing to hide, its the principle behind it. I just don't like the way the government imposing laws that aren't thought through properly and are made by people with no clue. I don't see why I have to pay the costs either. I want to protect the country, but you pay the government to do that for you, and if it means the government reinvesting that money on webhosting firms to record email communication, then so be it.

    I don't see it as costing a few dollars per account. It can easily work nearly $30 - $40 per account if you consider the cost of implementation and maintenance and then seperate backups and security.
    InnoHosting, Performance Web Hosting || US: 1-888-522-INNO UK: 0800 612 8075
    Web Hosting - Virtual Servers - Managed Servers - Application Hosting
    Reseller Hosting with WHMCS & Preloaded KB | SSL | activGuard | End User Support
    LiteSpeed / CloudLinux / Idera Backups / True 24x7 Support / 10+ Years in Business

  9. #9
    Join Date
    Jun 2003
    Location
    Nova Scotia, Canada
    Posts
    4,126
    Quite the law he wants to put in to place.

    What they are suggesting, is a recode of mail rules, and software, as part of this ruling.

    A second part of this is a severe one:

    Right now, using one of own mail servers as an example, we have around 30-40GB email come through each week. What this rule is asking, is that we retain that mail for six months, as far as I can see.

    In a six month period, this would mean that a whopping 960GB of email would be stored. To abide by those rules, you'd have to have redundancy for that storage in case of any issues, so either RAID or dual NAS solutions (on every disk). Encryption would have to be in place for the large scale storage, so add a pretty penny or two to the integration costs.

    His suggestion, should it pass, will drive prices up for many hosts, if they wish to be compliant. Software and application recodes could cost companies (Think outlook: Uncheck box to delete messages off source server) tens, and possibly hundreds of thousands of dollars.

    I would have to question whether or not Charles Clarke thought this through, before suggesting it. The continent-wide costs for this would run close to the billions. I have to wonder if Mr. Clarke has plans for supplementing those costs.

    Simon
    EIRCA Ltd, home of The Genius Network.

  10. #10
    There is no way I would see the EU footing the money bill for this in any way, shape or form. This kind of thing has been suggested before, and has always been knocked back - if this gets anywhere on Wednesday, particularly due to the recent bombings, I can see an obvious impact for a great many people.

    Of course, if I was a terrorist, I'd just open an email account abroad, problem solved.
    InsideHosts.com - examining the insides of the hosting industry.

  11. #11
    Join Date
    Sep 2003
    Posts
    3,854
    Originally posted by InsideHosts.com
    There is no way I would see the EU footing the money bill for this in any way, shape or form. This kind of thing has been suggested before, and has always been knocked back - if this gets anywhere on Wednesday, particularly due to the recent bombings, I can see an obvious impact for a great many people.

    Of course, if I was a terrorist, I'd just open an email account abroad, problem solved.
    You could do that, but what's stopping a terrorist from getting their own server either in a datacentre or in your own house. You can set up your own mail server on a 28.8kbps dial up connection. And what's stopping the terrorists from enforcing strong encryption on the messages?

    I simply don't see the logic for this proposal. It's just a waste of time. Always a way round things.
    InnoHosting, Performance Web Hosting || US: 1-888-522-INNO UK: 0800 612 8075
    Web Hosting - Virtual Servers - Managed Servers - Application Hosting
    Reseller Hosting with WHMCS & Preloaded KB | SSL | activGuard | End User Support
    LiteSpeed / CloudLinux / Idera Backups / True 24x7 Support / 10+ Years in Business

  12. #12
    Join Date
    Aug 2000
    Location
    Sheffield, South Yorks
    Posts
    3,480
    Exactly, we had this discussion on WebHostChat.co.uk this isn't going to bother terrorists, just put a large burden on providers. Terrorists are going to use secure communication mediums if they realise every conversation will be logged - AES256 with PGP anyone? Encrypted with two different keys? (Just encrypt twice with the same PGP key if you want, as it'll generate two different AES256 session keys) Now you're not going to break that in a hurry. It's another one of those rash decissions, that will end up producing a law that allows more data to be compiled on the innocent and will be used for many reasons, but rarely for those it was intended for.
    Karl Austin :: KDA Web Services Ltd.
    UK Business Hosting and Managed Servers - Hosting for Business Users :: 0800 5429 764
    Call us today and ask about our hosting solutions.

  13. #13
    Join Date
    Oct 2002
    Location
    EU - east side
    Posts
    21,913
    It's another one of those rash decissions, that will end up producing a law that allows more data to be compiled on the innocent and will be used for many reasons, but rarely for those it was intended for.
    So you see it becoming a law?

  14. #14
    Originally posted by ldcdc
    So you see it becoming a law?
    In the EU, yes.
    InsideHosts.com - examining the insides of the hosting industry.

  15. #15
    Join Date
    Aug 2000
    Location
    Sheffield, South Yorks
    Posts
    3,480
    Yes, I see it being pushed through in light of the recent terrible events, that's what governments to.
    Karl Austin :: KDA Web Services Ltd.
    UK Business Hosting and Managed Servers - Hosting for Business Users :: 0800 5429 764
    Call us today and ask about our hosting solutions.

  16. #16
    Join Date
    Dec 2004
    Location
    San Francisco, CA
    Posts
    1,905
    If something like this does happen in the EU, terrorists could use mail servers located in non-EU countries.. It doesn't seem practial to me. They are assuming that like phone calls, if you access email from the UK.. UK ISPs would be able to access that email.. This of course is not true.. If the mail is exchanged on US servers.. UK ISPs would have nothing to do with that nor could they stop any such correspondence
    init.me - Build, Share & Embed

    JodoHost.com - Windows VPS Hosting, ASP.NET and SQL Server Hosting
    8th year in Business, 200+ Servers. Microsoft Gold Certified Partner

  17. #17
    Quick update:

    http://news.bbc.co.uk/1/hi/uk_politics/4675273.stm

    "The costs of forcing firms across Europe to keep phone and e-mail records is worth paying to stop terror attacks, Foreign Secretary Jack Straw has said.
    Mr Straw used a visit to the European Parliament to call for anti-terrorism plans to be implemented more quickly.

    Fears of the cost of keeping records were exaggerated, he argued, and phone and internet companies were not the world's "most impoverished" firms.
    "

    Full meeting goes ahead tomorrow.
    InsideHosts.com - examining the insides of the hosting industry.

  18. #18
    Originally posted by probonic
    In my eyes, this is terrorists scoring one point over the rest of us - Thanks to them, our very privacy is in jeopardy.
    Isn't that the whole point of terrorism?

  19. #19
    Join Date
    Aug 2000
    Location
    Sheffield, South Yorks
    Posts
    3,480
    lol, not the most impoverished, it's hardly a high margin business these days, I think Mr Straw has been in his time machine and gone back to the .com hayday.
    Karl Austin :: KDA Web Services Ltd.
    UK Business Hosting and Managed Servers - Hosting for Business Users :: 0800 5429 764
    Call us today and ask about our hosting solutions.

  20. #20
    Join Date
    Dec 2004
    Location
    San Francisco, CA
    Posts
    1,905
    I don't see it too expensive to store email but really. You can setup a 1TB storage server for less than $3000. And as Simon said, that should be able to handle storage for a decently active mail server

    The cost is next to nothing if you are running a profitable firm. But I do question the effectiveness of such a tool and the sort of abuse it could be open to...
    init.me - Build, Share & Embed

    JodoHost.com - Windows VPS Hosting, ASP.NET and SQL Server Hosting
    8th year in Business, 200+ Servers. Microsoft Gold Certified Partner

  21. #21
    Join Date
    Aug 2000
    Location
    Sheffield, South Yorks
    Posts
    3,480
    1Tb wouldn't last more than 3 months with the volume of emails that traverse our network, plus you can double that $3k, because you're going to have to mirror it to make sure you definately have a copy (They aren't going to settle for, "oh but the storage server broke"). So we're quickly at $24k to store emails for 6 months - That, I don't call cheap. Then there are implementation costs - how do you actually go about making sure you get every email that traverses your network? More expense.
    Karl Austin :: KDA Web Services Ltd.
    UK Business Hosting and Managed Servers - Hosting for Business Users :: 0800 5429 764
    Call us today and ask about our hosting solutions.

  22. #22
    Join Date
    Dec 2004
    Location
    San Francisco, CA
    Posts
    1,905
    1TB for a decently active mailserver. We have a # mail servers and yes, the investment wouldn't be too cheap. Yes there would be implementation costs. Software could be written to log outgoing an incoming email.. It is not that hard at all

    The actual costs for something like this would only be proportional to the size of your business. The costs wouldn't be overwhelming at all..

    Many industries are regulated. The webhosting industry is the least regulated. If email is a major tool for terrorists to communicate, we could definately give law enforcement a hand. And I'm sure the govt would give enough time to implement such changes..

    I don't mean to sound as I'm supporting this, but it should be given more thought. I do still question how effective it would be unless it is adopted universally by many countries...
    init.me - Build, Share & Embed

    JodoHost.com - Windows VPS Hosting, ASP.NET and SQL Server Hosting
    8th year in Business, 200+ Servers. Microsoft Gold Certified Partner

  23. #23
    Join Date
    Aug 2000
    Location
    Sheffield, South Yorks
    Posts
    3,480
    Sure, in a shared environment it's easy, what about in a dedicated and colo environment, where ultimately you are the service provider - How do you propose to write software cost effectively to work with the 1000s of different combinations of software that can appear?

    You can't possibly look at monitoring email on a per server basis, it has to be done at the network level - What do you do if a customer installs a mail server onto a box, that they took on the basis of hosting images only, then the NHTCU come calling and want to know why you've got no records? So we're into the realm of monitoring large volumes of traffic, and that's not a cheap thing to be doing, a good quality passive ethernet tap for 100mbit ports can cost from 3000, then you've got the actual hardware to keep up with that many PPS.

    Generally people who think something like this is trivial, have very actual little experience with software development and large scale deployment, I speak not only as a Software Engineer (My training), but as someone who manages our network day to day, it's not as simple as you'd think on the surface. With some of our customers, they do more email traffic than all their other types of traffic put together, so it certainly isn't proportional
    Karl Austin :: KDA Web Services Ltd.
    UK Business Hosting and Managed Servers - Hosting for Business Users :: 0800 5429 764
    Call us today and ask about our hosting solutions.

  24. #24
    Oh dear.

    Knee jerk reaction pushed through at the last minute...

    Forcing European companies to store phone and internet records is among anti-terror measures agreed by EU interior ministers.

    UK Home Secretary Charles Clarke chaired an emergency summit on terror measures after the London bombs.

    He said there was unanimous agreement that EU nations must do better and "cannot delay in getting this right".
    No time to debate, lobby or do anything - they've got it through. It'll be passed down now through the countries.

    Have fun, hosts.
    InsideHosts.com - examining the insides of the hosting industry.

  25. #25
    Join Date
    Oct 2002
    Posts
    353
    Umm, hello - am i I the only one that actually read it ?

    All they want you to store is the mail LOGS not the mail itself - would be a pain in the arse but hardly earth shattering . . . . .

  26. #26
    Join Date
    Aug 2000
    Location
    Sheffield, South Yorks
    Posts
    3,480
    Space wise no, but how do you get hold of all those logs if you're running many servers in different configurations? You're talking network level monitoring, and that doesn't come cheap, we're talking into 5 figures.
    Karl Austin :: KDA Web Services Ltd.
    UK Business Hosting and Managed Servers - Hosting for Business Users :: 0800 5429 764
    Call us today and ask about our hosting solutions.

  27. #27
    Originally posted by KDAWebServices
    You're talking network level monitoring, and that doesn't come cheap, we're talking into 5 figures.
    Maybe its just me not getting it... But if we are talking about storing just logs, where does the 5 figures come in?

    Can you break that down a little?

    Thanks!
    C-4 Hosting
    http://www.C-4.us
    Est. in 2003 - Treating Every Client Like They Were Our ONLY Client!
    Reliable, Affordable, and Professional Web Hosting

  28. #28
    If you're talking multiple servers (eg 50), including clients dedicated servers (which you can't control, but you would be responsible for), you'd need to monitor remotely. If you have switches which only allow monitoring of one VLAN (eg Procurve) you'd need gigabit network tabs and a dumping box, with RAID and backups.

    Depending on the size of the network it's potentially expensive. Not bank breaking. The biggest cost would be resource planning and human resources to test and implement.
    InsideHosts.com - examining the insides of the hosting industry.

  29. #29
    Join Date
    Aug 2000
    Location
    Sheffield, South Yorks
    Posts
    3,480
    I'll assume from that you've never looked at how much devices to monitor gigabit network segments cost?

    You can't just copy the servers log files and store them, how do you propose that works with:

    1) a colocated server?
    2) an un-managed server?
    3) a customer that initially doesn't run any mail service?

    In any of those situations you will miss emails, the customer can:

    1) Stop your logging
    2) Stop you copying the logs off
    3) Modify the logs
    4) Not tell you they've started running a mail service

    Also, how do you cope with the myriad of configurations?
    Karl Austin :: KDA Web Services Ltd.
    UK Business Hosting and Managed Servers - Hosting for Business Users :: 0800 5429 764
    Call us today and ask about our hosting solutions.

  30. #30
    Join Date
    Aug 2000
    Location
    Sheffield, South Yorks
    Posts
    3,480
    Originally posted by InsideHosts.com
    and a dumping box
    Not quite as easy as that, you need some form of protocol analyser too, you can't just check the IP port numbers, as Mr B Guy, could be running mail on different ports, so you're going to need to delve deeper, which needs more processing power and logic and thus equals more cost.
    Karl Austin :: KDA Web Services Ltd.
    UK Business Hosting and Managed Servers - Hosting for Business Users :: 0800 5429 764
    Call us today and ask about our hosting solutions.

  31. #31
    Join Date
    Jun 2002
    Location
    Welwyn, UK
    Posts
    72
    It looks as though Charles Clarke is going to be pressing for this in the next few days, with a view to getting it in place "by Christmas".

    Reading the articles over at The Register I'm not clear on exactly what it is that we would be supposed to be storing, and it doesn't look like they are either.

    At the most extreme, I guess this involves some/all of the following:

    - Setting up a global copy mailbox on the mail server and copying every email to/from all Customers into it, then archiving that mailbox daily along with all the attachments

    - Backing up the Sql Server transaction logs and data daily and then archiving and keeping that data

    - Keeping copies of web/ftp logs

    - Somehow keeping a copy of every incarnation of every web page a Customer uploads to their webspace

    - For super safety, pulling down local copies of all archives periodically

    I haven't done any work on the figures, as I'm hoping this will be seen to be unworkable and the idea dropped.

    However if it is pushed ahead and introduced hurriedly the worst case scenario could be that the day it's law, ISPs unprepared for this might have to turn everything off until they can get procedures in place so as to comply with the law.

    If we were required to do all of the above and then store that for three years, I'd hate to hazard a guess at the new price of a hosting package that's currently, say, 199.

    The other worrying aspect is that with prepaid accounts, we'd be obliged to foot the bill until the expiry of the prepaid period, and then introduce the new charging structure.

    For hosts like us who have some servers in the US: might it be the case that we're exempt - is is the location of the Company, or the location of the physical servers that matter?

    If the latter, then we'll be moving everything to the US.

    If the former, it would be ... interesting... to see what happens to the pricing of hosting based in the affected Countries.

    This legislation is worrying to say the least...

  32. #32
    Join Date
    Aug 2005
    Posts
    73
    With this kind of intrusion into privacy, who will want to use email for sensitive material (personal or professional) anymore?

    It sets up the ISP for a lot of commercial liability as well if anyone every managed to get at all this stored email.

    A lot of companies deliberately purge data immediately to avoid this kind of liability.

    I would think law enforcement has enough access to the pipes that they should be able to fish for what they want.

    As far as the terrorists go, they will be off to other means of communication.

    A real mess.

  33. #33
    Join Date
    Aug 2000
    Location
    Sheffield, South Yorks
    Posts
    3,480
    The only thing is, most of what they want, isn't going to be easily obtainable without customer consent anyway - And do they really expect Timmy Terrorist to complay by letting my govt. spy server download their logs etc?
    Karl Austin :: KDA Web Services Ltd.
    UK Business Hosting and Managed Servers - Hosting for Business Users :: 0800 5429 764
    Call us today and ask about our hosting solutions.

  34. #34
    Join Date
    Jan 2005
    Location
    AZ
    Posts
    157
    Over here in the states we already have the NSA & the CIA doing that for us... YAY!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •