In message <EAB46D0D-1F32-40AB-BA11-3687635046E9@frobbit.se>, at 15:42:46 on Wed, 19 Jun 2013, Patrik Fältström <patrik@frobbit.se> writes
The problem was that the people that want DRD to cover as much as possible claimed also web based messaging (i.e. the HTTP transaction) did fall under the directive. My response has all the time been that we have to choose between: (a) requiring DPI so that only webmail http transactions are included or (b) treat webmail as any other http transaction, i.e. not be covered. In Sweden we did pick alternative (b) btw.
This discussion completely stalled because some "experts" did claim there is *no* difference from a technical perspective between web based access to messages and IMAP or POP based access.
There is of course a technical (operational) difference between IMAP/POP and Webmail, which should be fairly easy to demonstrate. However, from a regulatory (public policy) point of view, it's clear that all forms of email are "messages", including webmail. The objectives of law enforcement would probably be satisfied if logging of webmail was restricted to messages to/from a small set of "top 10" global providers. They are never looking for universal solutions, just to pick the low-hanging fruit. [I know some people will say "but the criminals will just move to a different and less well known webmail provider", but any tech-savvy criminal will already be communicating by something other than IMAP/POP or Webmail, so they need a different approach anyway.] -- Roland Perry