US Wants Courts to OK Warrantless Email Snooping 476
Erris writes "The Register is reporting that the US government is seeking unprecedented access to private communications between citizens. 'On October 8, 2007, the United States Court of Appeals for the Sixth Circuit in Cincinnati granted the government's request for a full-panel hearing in United States v. Warshak case centering on the right of privacy for stored electronic communications. ... the position that the United States government is taking if accepted, may mean that the government can read anybody's email at any time without a warrant. The most distressing argument the government makes in the Warshak case is that the government need not follow the Fourth Amendment in reading emails sent by or through most commercial ISPs. The terms of service (TOS) of many ISPs permit those ISPs to monitor user activities to prevent fraud, enforce the TOS, or protect the ISP or others, or to comply with legal process. If you use an ISP and the ISP may monitor what you do, then you have waived any and all constitutional privacy rights in any communications or other use of the ISP.'"
Re:"Think about it" (Score:5, Informative)
Oh, and for the "it's the Register, pooh pooh" crowd, the original FA was frist psoted on Security Focus [securityfocus.com].
Unprecedented is seriously inaccurate (Score:3, Informative)
And we're not even going to "really" oppressive countries like north korea or pakistan.
If you speak dutch, read http://www.onderwereldblog.nl/?page_id=64 [onderwereldblog.nl] for example.
Re:Outrageous conclusion? (Score:3, Informative)
Let them read... my headers. (Score:5, Informative)
No problem... let them snoop. Now I'll just be twiddling the "Encrypt and sign all outgoing email" box on my MUA, and finally start using GPG [gnupg.org] full-time for all of my incoming and outgoing email, instead of with just my friends and close colleagues.
There are plugins for Evolution [lwn.net], pine [dma.org], mutt [codesorcery.net], Thunderbird [mozdev.org] and just about every other Mail User Agent you can find out there.
Another great benefit, is that I can automatically block/quarantine/delete any and all email that does not contain a gpg-signed component (i.e. 99.999% of all email out there, mostly spam). dspam [nuclearelephant.com] does an amazing job, but being able to just reject it at the MTA level would be great.
And for those that wish to converse with me, please make sure to use my GPG key [veridis.com] to do so (also available here [pilot-link.org] with detailed instructions).
The perfect time to discover enigmail (Score:3, Informative)
Life, Liberty and the Pursuit of Happiness (Score:3, Informative)
Re:Outrageous conclusion? (Score:1, Informative)
Any society that would give up a little liberty to gain a little security will deserve neither and lose both.
Re:Outrageous conclusion? (Score:2, Informative)
The UK Government already have this covered, by making it a criminal offence not to hand over your keys. Don't worry, I'm sure the US will catch up soon, as obviously only criminals have something to hide...
Nor can the president ride in cars. (Score:1, Informative)
Re:Postcard/envelope analogy (Score:3, Informative)
But in that case, sending the postcard itself constitutes a crime, in that you're making a threat. I presume he meant the information obtained by the authorities reading a postcard whilst it's sent through the post. A better experiment would be to send it to someone else, detailing your plans.
Two words (Score:3, Informative)
Can someone please explain.... (Score:4, Informative)
How is it that the US government can choose to violate the constitution? Isn't the whole point of the constitution that they are obliged to conform to it?
Re:Let them read... my headers. (Score:3, Informative)
IMHO the way out of this problem is for banks to issue security documents like certificates and keys. To begin with, they're in the security and trust business, in a very fundamental way. Next, they *know* who you are, in a very government-like way. They could also act as an escrow agency assuming the legitimate government need to execute a warrant, and banks would treat this the same as their other financial dealings with you - not available without warrant. Finally, most people deal with banks, and moving their "computer security documents" into the bank would help to properly calibrate their treatment of their keys and/or certificates.
The downside is that it presents too powerful a target for malware writers to ignore, because it would potentially grant even greater access than is available today.
Re:"Think about it" (Score:2, Informative)
I don't encrypt my conversation when I speak to my wife as we're walking down the street. If someone were hiding behind a tree, they might be able to hear what we are saying. If they had a parabolic microphone, they certainly could hear what we're saying. Now if we're speaking over the phone, our conversation is routed through AT&T equipment. It's trivial for them to tap our call. Does that mean I should not have an expectation of privacy in my phone calls? If the government employs lip-readers (and they do) with telephoto lenses, can I no longer expect anything I say not to be monitored?
There is equipment that can read mail through envelopes. Should I have an expectation that the government will not read my mail even though they don't have to open the envelope to do it? Or is that also "unreasonable"?
Here is the problem: Regular Americans now see the government as their adversary when the government is supposed to be us. My wife grew up in an Eastern Bloc country, and she felt the same way about her government most of the time (and she lived in one of the more "liberal" soviet satellites). When I was growing up in the 60's and 70's, there was not this sense of absolute dread about what the US government was doing (at least until Watergate). We saw our government as sometimes corrupt, sometimes ineffective, and sometimes even evil, but we believed we could do something about it come the next election.
That feeling is now gone. Which one of you feels like anything substantive is going to change regarding the secretive, snooping, no-habeas corpus, torturing, renditioning, Guantanamo mentality of our government no matter what the results of the election.? Or maybe the question is better put this way: who feels like the results of the next election will have anything to do with the votes that Americans will cast on their electronic voting machines? Instead of the officials being afraid of what we the voters will do, we are afraid of what the officials will do.
Soon, we will be asking if it's "unreasonable" to expect that our government not ask us for our citizenship papers when we're walking down the street or driving in our cars. Or whether it's "unreasonable" to expect that they not blow down our doors and search our houses and our persons when we are eating our dinner or helping our kids with their homework. After all, there's a war on terror going on. A war that is designed to give our "leaders" unlimited power. A war that is designed to last forever. A war on us.
Re:Can someone please explain.... (Score:3, Informative)
First off, IANAL, so this won't be entirely correct but here's the basic idea. The 4th amendment to the constitution say this:
How that has been interpreted is firstly that your own personal home and belongings are safe from government interference without a warrant. That one's pretty obvious. Other court rulings have extended that into the public sphere for communications. For example, if you make a phone call on a public phone system, you have a right to the government not listening on that line without a warrant, even though it's not directly addressed by the language of the 4th amendment.
What that doesn't cover is public speech. For example, if you are talking to your friend in the street so that others can overhear or shouting from a bullhorn, the government has every right to listen to that. What the Bush administration is doing is trying to get a federal court to rule that since most email is unencrypted and passed through different servers indiscriminantly, that the person sending it is has no expectation of privacy and that email is basically public speech. That would mean the government could legally monitor email traffic. It's pretty obviously a privacy breach, but legally it's not as ridiculous a claim as it seems on the surface.
Re:Expectation of Privacy (Score:3, Informative)
Well yes it IS a technical term because we're talking about Constitutional Law here. The fact that it is expressed in English, where words can have multiple meanings, should not be taken to mean that any definition you like is the one that applies. The meaning of the phrase is put down in case law, not the Oxford English Dictionary.
And no, it doesn't just mean "desired", it means that it was the intent to be private, and that one could reasonably expect that privacy to be respected. So having a conversation in a public park has no "expectation of privacy" because no reasonable person would expect that others would not hear them -- they couldn't help but hear as they are walking past. Whereas having a conversation in a private house does have an expectation of privacy, even though it is fairly trivial to listen in (put an ear to the window).
Without cryptography, it's too easy for lots of people to be reading your email, and it'll happen without you ever knowing it happened.
I repeat: It has nothing to do with how easy it is. It has nothing to do with what unscrupulous people performing illegal actions could do.
Your mail is trivial to read by holding it up to the light. Your conversations in your home are trivial to listen to by holding a glass up to the door. Hell, I could read the contents of your phone conversations, or the contents of your computer screen, without ever physically coming into contact with the phone lines or your computer. So... for none of these things should you have an "expectation of privacy"? Law enforcement should be able to spy on these things at will without a warrant?
Likewise, it's so incredibly easy to use crypto, that refraining from doing so, is almost like
So easy eh? So how do you exchange keys with the one you are communicating with? You seem to be proposing the theory that if it is trivial to violate your privacy, then you never had any expectation of privacy at all. Well guess what? It is trivial to modify the unencrypted packets used to exchange public keys such that they are the public keys of a 3rd party, who can then act as a man-in-the-middle reading all the unencrypted communications with neither side the wiser.
Would you say, then, that your encrypted emails should carry no expectation of privacy? After all, it's so easy to get around this problem (always exchange keys with the intended recipient in person using a physical medium for the data) that you're basically giving consent by not doing it, right?
I know it's not, not really. But it's sort of like you put a sign in front of your house, saying, "This house is unlocked. Gee, I hope none of my stuff disappears. *wink* *wink*"
But we're not talking about what an unscrupulous criminal could do. We're talking about what a law abiding government agent should do to remain in compliance with the law. Does leaving your door unlocked imply that it should be legal for a cop to enter your house and search through your stuff for something incriminating (like your mp3 collection)? Of course not, and you know it's not.
Again, if it's not clear enough, let me try to make it so: The issue here is about the 4th Amendment and the requirement for a warrant before conducting a search. It is about what law enforcement and government intelligence agencies are allowed to do legally to read citizen's communications. It has nothing to do with what someone - law enforcement or otherwise - is physically capable of doing if they have no regard for the law.
Is privacy a right that, unlike all other rights, really can just be taken for granted, without anyone ever having to defend it? The obvious defense is right there to be used, and we just say, "Nah, it's not important enough."
Yes
Re:"Think about it" (Score:1, Informative)