Just to be clear on our policy here - when DRIPA comes in to force, and if
A&A become subject to a retention notice for all customers, we aim to work on all
practical legal means to minimise the amount of data retained under that
legislation - making full use of the bad wording in the Schedule in the
2009 regulations where possible. We also aim to clearly publish what is
retained under such a notice and what steps we have taken to minimise
such data. Such steps may mean separate companies running email or other
services, or even hosting some servers outside the UK, if those are
practical steps we can take.
Why? Because blanket mass surveillance is illegal under EU law as it is against our basic human right to privacy as decided by a court, that's why!