The UK Government's "snoopers charter", which requires ISPs to store everybody's emails for a year so that the security services can read them any time they want, has been declared illegal by the European Court of Justice.
The court said that emails can be stored and read only when specific people are suspected by the police or the security services.

I don't know how this will be affected by brexit.

The ruling was made by the European Court of Justice, which is a purely EU body. So, with Brexit coming, we can tell them to get lost.

This whole "snooper's charter" fuss, and the name, is ridiculous, but then The Grauniad has to find something to panic about to keep its readers happy. My ISP stores my emails until I collect them. Why should I care if it keeps them for a year? If countries like France and Germany had better security services, they wouldn't have so many terrorist attacks.

In every terrorist case we've had in the UK so far, the security services knew about the perpetrators beforehand but didn't follow up their leads energetically enough. How is reading my emails going to help in that case? How would you feel if all your letters were steamed open? It's grotesque!

Well, unless(!) you encrypt your e-mails, they are being "steamed open." In fact, that isn't even necessary: you're sending them on postcards.

Furthermore, e-mails might be being captured and analyzed at any "hop" of their journey from here to there, and so many copies of each and every message might be made. They could be being made, furthermore, in any country of the world.

No-one's going to be reading your emails. Think how many are sent: if they were all read, think how many people would be required! The idea is that if a terrorist is apprehended or some-one is under suspicion, then they can check who that person has been corresponding with. Emails are not like letters, or even telephone conversations. They are like post-cards, or conversations on the bus: publicly accessible. Why aren't you in a flap over the fast that the staff of your ISP can see them all?

Emails don't have to be read: they can be scanned in much the same way that web pages are scanned, to build up all sorts of information of interest to marketers ... or, other people.

For instance, I recently engaged in a fabricated conversation in which my Uncle Wilbur was very sick with Alzheimer's and was about to die which he soon did. The junk-email that we received changed within days to include everything from Alzheimer's (specifically) to hospice to burial insurance to funeral homes to grief management. And there was a lot of it, which began to come in very quickly.

So, this told us that our e-mail conversations were being analyzed in very nearly real time and that somewhere our e-mail address was being sold as a "lead" to hungry marketers. (I have done projects for such scum, so I know far too much about how they think and work.

If you click on an AdWord, there is quite possibly a real-time bidding battle in which marketers compete to pay money to receive notification of your click. It happens within a matter of seconds.

Now, we were baiting this process, and I encourage you to try the same experiment.

If you want e-mail to be both private and verifiable as to provenance and content, you must encrypt your e-mail. There are two widely-supported ways: GPG and S/MIME. Your mail client probably supports one or the other, possibly with a plug-in, or both.

You'll also from time to time encounter an outright forgery. I received an e-mail "from my friend" in connection with this same conversation which I knew to be false, because it was not signed with my friend's private key. I knew at once that it could not, and did not, actually come from him. The same intruding marketers were happy to "stop at nothing."

Only with digital signing and encryption can you be certain of the following:

• That the message did come from its purported sender.
• That the message you received is the one that was sent.
• (If encrypted ...) That it probably was not read by anyone else.

Any decent e-mail client (Linux or otherwise) makes this process seamless, unobtrusive and painless. When the rogue e-mail arrived, my e-mail client immediately flagged it and quarantined it, because the absence of a valid signature was proof-positive that the message was fake.

"You have the technology." It works, and it's been made easy. Use it. Always.

No, you'd never see that, but the above block of gibberish can be used to verify that the blog-post above it, in its editor-view form, has not been tampered with. (And the client would do so automatically.) Attached to an otherwise-unencrypted message, it would vouch for its authenticity and its content, and be automatically verified on-the-fly.

The insuperable problem with PGP is that it can only be used if the people you are emailing use it too. And I don't know anyone who does.

With Brexit coming up that won't matter much to the UK.

The same ruling applies to the German Vorratsdatenspeicherung (leo.org translates it as "data preservation", not sure the translation is any good) though.

While I don't care too much about governments reading my emails (as I'm not in touch with any even (to my knowledge) potentially dangerous people and don't email things I consider private) that law also permits a general phone call and web traffic surveillance and even forced providers to store all that data for a whole year originally.

I actually do think that such a surveillance might help against terrorist attacks, but that's just not been done in Germany. All that data was only used in court cases obviously after something had happened. - I assume there has just not been enough money around to have several thousands of people read every email written and listen to every phone call 24/7. Software may but doesn't have to be able to help out here as computers are stupid and don't get most things that are hidden almost in plain sight between the lines.

But while my data probably will never get any specific attention, I'm still somewhat happy to know most of it will be gone a lot sooner now.

On the other hand, secret services like the NSA are not going to care at all, not if/when TTIP or other transatlantic agreements fail, possibly not even if a US court decided similarly. Who wants to control them? (But then again, they don't have the manpower to have humans do all the reading between the lines, most likely not even for traffic within their own country.)

We're living in an era in which Google, Microsoft and Apple can track most people on the planet, know their habits and their preferences and are all into "big data". And I assume all of them are actively using that knowledge. - And I care about governments reading my emails! Compared to huge companies my data probably is quite safe with the secret services.

Disclaimer: These are my personal thoughts. If you agree with them that's fine. If you don't agree with them, that's fine, too. But don't bother to try to tell my I'm wrong. - I'm way too stubborn.

Obviously, you simply download the plugins (if need be), and set it up.

The other de facto encrypted e-mail standard, S/MIME, is built-in to just about every e-mail client I've seen or used. "Your mileage may vary.™"

Anyhow: if, as long-ago Phil Zimmerman (the original inventor of PGP) put it, "it's nobody's business but yours," and you're sending it over the Internet any public network, encrypt it. (And if it's not that secret, at least sign it. Otherwise, the time will come when you do get a deliberate forgery, and, without this crucial step, no one knows.)

This is the only way to get the same assurances that you do (expect to) have when you drop a sealed envelope into any physical mailbox.

P.S.: I am still stunned that big businesses, having worked so hard to put SSL into their web sites, still do nothing (not even S/MIME signing) of their billions of e-mails, which are certainly of equal importance and comparable sensitivity. It would be a trivial matter to arrange things so that, say, "an e-mail from FedEx" did not go through unless it really did come from FedEx. All of the technology needed to do this (and, to do it unobtrusively) is in our (and, GMail's) hands, yet it has never even been attempted. Yet. Don't ask me why.

You've missed my point. Setting up encryption is easy, but how are the recipients to decrypt the message if they don't have some form of PGP/GPG installed? And you can't go around saying to people, "From now on, all my emails to you will be encrypted so you'll have to install decryption software if you want to go on corresponding with me".

You simply arrange this with each person with whom you wish to send or receive encrypted email. When you send or receive email with this party, you have the option (which can be enabled or disabled by default, normally enabled) to sign and/or encrypt your messages. "It just happens."

Every email that I send to anyone is signed. If I expect a message from one of my friends to be at-least signed, I am loudly alerted if I receive one that isn't.

Really, it's no more "obtrusive" than using a secure web page.

As far as I was aware the ECHR and the EU are completely different things covered by completely different law? Care to let me know where to read?
As to mass surveillance as far as I',m concerned it's there for a few reasons -- it will help to sell technology so that chiefs of police get nice public-sector jobs and board memberships to retire upon, it will allow the police to make almost anybody guilty of something (think of how many people have accessed some data which isn't necessarily legal in the UK) for starters.
The fact our government has declared us all criminals is just despicable (and typing that is probably illegal).
As to PGP, I tend to agree with hazel -- distributing public keys to everybody and all managing to use PGP on all the devices used for email today is not a simple thing by any stretch of the imagination. Public key distribution, for a start, is not as simple as it may first appear.

Public key distribution is effortlessly simple: one of my e-mail signatures includes the following line:
(There are many well-known GPG/PGP key servers, and this is a URL reference to a "pool" of servers.)

Some e-mail systems can actually, upon seeing the presence of another key, automatically retrieve the corresponding public key if it exists (as it should) on a public server.

As I said, if you choose to use these technologies, it is minimally intrusive (or, unobtrusive) to do so. Long ago, I and my family and friends chose to start using it for all correspondence of importance. Even if we do not choose to encrypt a particular message, we see automatically that the messages who claim to come from one of us did come from one of us. (Whereas, I continue to from time to time receive perfectly plausible-looking emails from my dead aunt ... and I doubt that Heaven has an Internet feed, although these days you never know.)

You certainly should know how to use them, and when/how to recommend them to your employers or clients.

(Incidentally, message signing and encryption can be implemented and is routinely implemented for corporate e-mail servers which need to tender traffic over the public Internet, e.g. to save telecommunications cost. When implemented at this level it might not be visible to end-users within the company, but it assures the company that messages are both authentic and secure. We're not talking about "spooks" here, but we're certainly talking about corporate competitors and corporate spies.)

Erm, the UK operates in such a way that nothing on the internet can be verified while using any link the UK government has access to. We now have to assume that all traffic is subject to man-in-the-middle. This is not a drill.
I suppose we could all go abroad and log on to make sure we have the correct certs, and some of us can swap certs by USB but thatKs not really useful for phones and the like.
TOR is assumed to be compromised.
Really, truly, we're China-like screwed.

Actually, I'm not really speaking of protection against agencies with three-letter names. I doubt you can protect against them. (And, given the billions if not trillions of m-y dollars that they're spending, I'd be rather pissed if I could.)

I'm talking mostly about keeping your personal correspondence out of the ready hand of marketers and others who, at least to my way of thinking, "have no business knowing about your private life," but who are quite determined to make it (literally) their business. When you mail a letter, you seal it in an envelope and you might recognize the handwriting on the envelope when you receive it. I see no reason why you should throw caution to the four winds and simply allow anyone to not only steam-open every letter that you send (because they don't have to!), but also catalog it and use it to build up a dossier profile of you that they have utterly no business with.

If my "private" emails to my "relative" about my "uncle" had been genuine, then I would have been very upset to discover that they were generating junk messages about cemetery plots.