Swiss ISPs Required to Log and Store Email for Six Months
SWISS ISPS MUST LOG AND STORE CONSUMERS' EMAIL DATA As of April 1, Swiss ISPs will have to keep a log for six months of all the emails sent by their customers. Experts criticize the measure, saying it will be both difficult and costly to implement. http://www.statewatch.org/news/2003/apr/01switz.htm ===== The law was passed in January 2002, and ISPs had until April 1 to implement. Does anybody know if this only applies to email providers, or exactly what kinds of email providers, or if it also requires ISPs who provide IP transport to eavesdrop it? What about businesses providing email for their employees and other users? How much of the Swiss email business will be driven out of the country, either to US email providers or European providers like Wanadoo and Tiscali? And does anybody know if they have to keep _all_ the spam? Or is keeping one copy of each enough? Or can they give their customers _some_ privacy protection by always giving the authorities all of the spam in addition to whatever they really wanted? --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
SWISS ISPS MUST LOG AND STORE CONSUMERS' EMAIL DATA As of April 1, Swiss ISPs will have to keep a log for six months of all the emails sent by their customers. Experts criticize the measure, saying it will be both difficult and costly to implement. http://www.statewatch.org/news/2003/apr/01switz.htm
If I understood it correctly, they want to keep "only" the traffic-analysis data, the SMTP server logs, not the messages themselves (though I'd bet they would love to, if it would be reasonably practical). I am curious if this applies even on provately-operated servers; eg, if you aren't cheap and instead of an account you buy a colocation server, with your own mailserver, when the ISP provides only the connection itself, without additional services. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
At 9:41 AM -0700 4/9/03, Thomas Shaddack wrote:
SWISS ISPS MUST LOG AND STORE CONSUMERS' EMAIL DATA As of April 1, Swiss ISPs will have to keep a log for six months of all the emails sent by their customers. Experts criticize the measure, saying it will be both difficult and costly to implement. http://www.statewatch.org/news/2003/apr/01switz.htm
If I understood it correctly, they want to keep "only" the traffic-analysis data, the SMTP server logs, not the messages themselves (though I'd bet they would love to, if it would be reasonably practical).
I am curious if this applies even on provately-operated servers; eg, if you aren't cheap and instead of an account you buy a colocation server, with your own mailserver, when the ISP provides only the connection itself, without additional services.
I see a market oppertunity for SMTP servers outside Switzerland which use SSL/TLS for communication, and perhaps listen on non-standard ports. Cheers - Bill ------------------------------------------------------------------------- Bill Frantz | Due process for all | Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. frantz@pwpconsult.com | American way. | Los Gatos, CA 95032, USA --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
I see a market oppertunity for SMTP servers outside Switzerland which use SSL/TLS for communication, and perhaps listen on non-standard ports.
SMTP servers, if they have to receive mails, HAVE to listen on port 25. There is no way in the standard how to tell that SMTP on whateverserver.com listens in port 1234 instead. However, if it is only a server for sending mails, it CAN listen on any other port (which then has to be specified in the mail client configuration). You can also have your own internal mail forwarding network on nondefault ports; eg, qmail allows manual specifying of server and port to any domain it has to forward mail to (in default configuration, /var/qmail/conf/smtproutes). For SSL-wrapping of the connections to SMTP/POP/IMAP servers (or even to offshore HTTP proxies), stunnel <http://www.stunnel.org/> is the tool of choice; many mail clients have SSL support, but they typically lack certificate management. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
Thomas Shaddack wrote:
SMTP servers, if they have to receive mails, HAVE to listen on port 25. There is no way in the standard how to tell that SMTP on whateverserver.com listens in port 1234 instead.
Incidentally, this is not true for SRV records. In some ways, SRV is like MX, but it does a lot more. One of the new features is that you can specify a port. Unfortunately SRV is not widely used as yet. This may have positive implications for privacy, and negative implications for firewalls that do egress filtering. -- Pete
On Wed, Apr 09, 2003 at 06:41:16PM +0200, Thomas Shaddack wrote:
I am curious if this applies even on provately-operated servers; eg, if you aren't cheap and instead of an account you buy a colocation server, with your own mailserver, when the ISP provides only the connection itself, without additional services.
Transparent outgoing HTTP proxying has been deployed for years now. Not too difficult for the ISP to also "provide" transparent outgoing SMTP proxying. So, even with your own colo mail relay, you'd still want SMTP-over-SSL whenever possible, between your desktop(s) and your relay, and between your relay and elsewhere. -- Ng Pheng Siong <ngps@netmemetic.com> http://firewall.rulemaker.net -+- Manage Your Firewall Rulebase Changes http://www.post1.com/home/ngps -+- Open Source Python Crypto & SSL --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
participants (5)
-
Bill Frantz -
Bill Stewart -
Ng Pheng Siong -
Pete Chown -
Thomas Shaddack