Forgot your password?
typodupeerror
Privacy Communications Government Your Rights Online

That Was Fast: Leahy Drops Warrantless E-mail Surveillance Bill 107

Posted by Soulskill
from the sees-which-way-the-wind-is-blowing dept.
Presto Vivace writes "Under the right conditions, online activism can be very effective. U.S. Senator Patrick Leahy has already abandoned his warrantless e-mail surveillance bill we discussed this morning. 'The Vermont Democrat said today on Twitter that he would "not support such an exception" for warrantless access. ... A vote on the proposal in the Senate Judiciary committee, which Leahy chairs, is scheduled for next Thursday. The amendments were due to be glued onto a substitute (PDF) to H.R. 2471, which the House of Representatives already has approved. Leahy's about-face comes in response to a deluge of criticism today, including the ACLU saying that warrants should be required, and the conservative group FreedomWorks launching a petition to Congress -- with over 2,300 messages sent so far -- titled: "Tell Congress: Stay Out of My Email!""
This discussion has been archived. No new comments can be posted.

That Was Fast: Leahy Drops Warrantless E-mail Surveillance Bill

Comments Filter:
  • by Attila Dimedici (1036002) on Tuesday November 20, 2012 @05:50PM (#42047213)
    Translation, "I thought nobody would notice."
    • Re: (Score:2, Insightful)

      by geekoid (135745)

      The people didn't like it, he changed his stance.

      It's how it's suppose to work.
      I know,it doesn't fit into your lazy ass whiny spoon fed view point.
      But there you are.

      • by Anonymous Coward on Tuesday November 20, 2012 @06:29PM (#42047821)

        The fact that he even considered it in the first place is disturbing on its own.

        • by Anonymous Coward

          The fact that he even considered it in the first place is disturbing on its own.
           
          This is key, and far more important than the fact that he dropped it when so many people complained. As far as I am concerned, people in power who try to pull this kind of crap should be removed from power immediately. He or others will try it again when they get the chance.

          • by mellon (7048)

            It's impossible to know the truth of the matter. Clearly _someone_ floated a trial balloon, which got shot down. Whether that someone was Leahy is unknowable, and we shouldn't spend a lot of time worrying about it, because it's just time wasted. The fact that he's disavowing it so strongly means either that he didn't float the balloon (he's telling the truth) or that he gets the message. Either result is fine.

      • by DaMattster (977781) on Tuesday November 20, 2012 @06:41PM (#42047981)
        No, Leahy's stance should never have been pro anything that erodes 4th Amendment protections. Our elected representatives are supposed to protect our rights, not sell them away. This is further proof positive that we need a third party. Both Democrats and Republicans want increasing control over us.
        • Re: (Score:2, Interesting)

          by Anonymous Coward

          With the selection of third parties we have, they are not much better.

          The Greens:

          Where I live, they have managed to get public land closed, saying it was for the environment. Said land? Well, the local county "leased" it for a 50+ year term, and now sports a golf course. What once was an area for hiking and mountain biking is for golf carts, and the surrounding area is "blessed" by the runoff from fertilizer.

          They live in a world where they want to deprive people of enjoyment. Usually they end up as pawn

          • by pclminion (145572)

            Our third parties are definitely a bit, uh, radical. But there's a difference between a government made up entirely of Greens, and a government that has a certain amount of Green influence. I voted for some Green candidates in the past election, and some Libertarians too. It's not because I want to see a government entirely composed of those viewpoints. I simply feel that a mixture of all of these views may lead to more diverse and effective government.

            A government composed entirely of Greens would probably

        • This is further proof positive that we need a third party. Both Democrats and Republicans want increasing control over us.

          Problem is, even if there were a slightly viable national 3rd party, it would be another 20 years before they could control any sub/committee - where the real power lies.

      • by rwa2 (4391) *

        aw... and we were that | | close to convincing everyone to finally encrypt their emails...

        Oh well.

      • by jxander (2605655)

        The fact that he heard the people and changed his stance to appease constituents : good.

        The fact that he was trying to cornhole us san lube until a collective "WTF are you trying to do back there??" : bad

      • The people didn't like it, he changed his stance.

        It's how it's suppose to work.
        I know,it doesn't fit into your lazy ass whiny spoon fed view point.
        But there you are.

        I thought in politics (USA, anyway), you aren't ever, EVER supposed to reverse your political stance until the Supreme Court says you must.

        I kid, I kid...

      • He took an oath to support and defend the constitution, and did the opposite until it became clear he couldn't. It's not "suppose" to work that way.
    • by bhlowe (1803290)
      Now what was my hand doing in that cookie jar?
    • by klingers48 (968406) on Tuesday November 20, 2012 @06:42PM (#42047987)
      This is the key point. They will try again when the heat dies down. Spooks and ignorant senators/congressmen can't actually divorce themselves from the mentality of the intelligence community and really understand where most of the pushback is coming from. It's never been about having something to hide or not... It's a community of informed IT enthusiasts who embrace the technology to a point where it becomes a feeling of violation when their digital privacy is threatened.

      I'm not a behavioral scientist or a psychologist, and this might even be wrong, but I'm sure I've read before that our brain remaps our "personal space bubble" when we drive a car. I also believe that (beyond the obvious) reasons why we get angry at telemarketers/doorknockers, wear clothes, put locks on our doors and curtains on our windows is because we have a deep-down, hard-wired intellectual personal space that has evolved alongside our physical personal space.

      Problem is, every unsolicited knock on the door, phone ring from a stranger or person peeking through the curtains rankles us in our lizard brain because an external force is attempting to wrest some control of our intellectual personal space. It's no different to a perfect stranger standing two inches from our face. It's wrong. Our lower brain connected to our higher brain sees "THREAT!!"

      We feel the same way when the government pries into our communications, movements or histories. It's not about being ashamed of anything or having "something to hide", it's about a feeling of an exterior force violating our intellectual idea of personal space. We are being denied the control we desire over what we show the world. That is in my opinion the core issue governments will never be able to understand. That's the answer to the inevitable "Why are they protesting?" question.
      • This is the key point. They will try again when the heat dies down.

        "The price of liberty is eternal vigilance." -- Thomas Jefferson

        • "The tree of liberty must be refreshed from time to time with the blood of patriots and tyrants." -Thomas Jefferson
      • by Culture20 (968837)
        It's more that we rightly view email and other written communications to be papers/effects.

        The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

      • by pclminion (145572)

        It's never been about having something to hide or not...

        Privacy in general is not about hiding things, not just restricted to IT-related topics. I once had a debate with a previous manager -- her claim was that if you didn't want anybody to know you were doing something, then perhaps you shouldn't be doing it. I wanted to counter that if she believed that, perhaps she wouldn't mind installing a camera in her bedroom so I could watch her having sex.

        Of course, I didn't say that. But I wanted to.

    • by slashmydots (2189826) on Tuesday November 20, 2012 @08:37PM (#42049469)
      Exactly! This is why we need a randomly selected American civilian (similar to jury duty) to follow around every congress member and every time they do something stupid or controversial or clearly evil, they'd get to react like "WTF are you signing that crap? Are you shittin' me right now? Why are you adding that to the bill? Why are you going to a $1000 luxury dinner with that oil company exec?"
      Now that's representative-based democratic oversight, lol.
      • You're angling towards what's called deliberative democracy. It takes many forms, including the Open Mic discussion form invented by the Spanish protestors and popularized by OWS. There is a jury duty based approach that's practical form for large governments :

        You simply replace the presidential veto with the requirement that all legislation must pass a jury trial with 300 jurors randomly selected from amongst the voters---you need a couple hundred for any real statistical significance. Advocates selecte

  • by hawks5999 (588198) on Tuesday November 20, 2012 @05:53PM (#42047269)
    Whenever this stuff can't get through Congress it just ends up in a Friday night EO dump. Is this one important enough for Black Friday? We'll know by Monday.
  • No time like the present to start using encrypted forms of communication.

    • by lister king of smeg (2481612) on Tuesday November 20, 2012 @06:02PM (#42047409)

      try convincing nongeeks and nontinfoilhaters to use double public key encryption for all of their communication be it email chat or voip. they will fight it tooth and nail because it "more complicated" translated requires one additional click per message maybe a couple keystrokes for your password.

      • by Krojack (575051)

        Yeah I would love to do this but the thought if having to explain let alone help my parents and other siblings set this up makes me cry.

        • by fuzzyfuzzyfungus (1223518) on Tuesday November 20, 2012 @06:10PM (#42047533) Journal

          No problem! We can just simplify the process by setting up a large number of so called "certificate authorities", who we will trust implicitly and pay yearly fees for little chunks of math! Nothing could possibly go wrong, and we can have a comforting little padlock symbol for noobs...

          • you forgot employing scare tactics against people who don't pay for the little bits of math opting to generate it on their own computer. go look at any https site that uses a self-signed certificates, the first thing your browser does is give you a large warning about how you are at risk. then make you click through several dialog boxes saying you really are sure that you simply want to veiw the encrypted page

            • by 0123456 (636235)

              Duh. That's because a self-signed certificate delivered over the Internet from a random web site provides no protection whatsoever against a man-in-the-middle attack.

              • by Score Whore (32328) on Tuesday November 20, 2012 @07:28PM (#42048657)

                It does if you'd bother to look at the fingerprint and verify it's the same as last time. Which the browsers should do, but they don't because it cuts into their CA root key inclusion fees.

                • by ATMAvatar (648864)
                  To be fair, you can install an untrusted, self-signed certificate to your machine. This will eliminate future prompts and provides the same notifications when the certificate suddenly changes its fingerprint. Unfortunately, you have to click through a link and several dialogs to do it.
            • by dzym (544085)

              Just because you, personally, are not interested in a solution to the problem of authentication in the computer security field doesn't mean SSL certificates shouldn't make a stab at attempting to solve it. Access control (encryption) isn't really much use without the other.

              • or we could simply use a separate header for authorized cirts and self signed explain to people the defference. or we could make signing free or cheap.

                • by dzym (544085)

                  That sounds like what's happening now. Except your software vendors are not interested in making the distinction.

                  And there are free/cheap certificate providers out there that are generally accepted by most major software packages and OSes. I use one such for my home needs: StartSSL.

      • by geekoid (135745)

        Once again wrong approach.
        Fight for restriction in what people can do with that data.

        The best encryption in the world is no stronger then a knee cap.

        • Lets assume for a minute that the government and carriers/isp's and mail providers were willing to abide by the rules and actually care about and respect people privacy you would still have the problem of crackers and other malicious entities. The government is just the most potentiality scary bogeyman. Every one should be using encryption on all communication and conceivably sensitive/embarrassing/compromising data. I personaly have to settle for merely cryptographically signing rather than encrypting most

        • by pclminion (145572)
          If the government is willing to break laws, why would they break them in the most atrocious way possible? Instead of shattering my knees, they would just fabricate evidence. That's a much safer plan.
      • by tragedy (27079)

        Not to mention that they're all using web-based mail, or tweets, or facebook posts.

      • If you only type a couple of keystrokes for your password, it must not be much of a password.

        Or perhaps you are averaging out keystrokes/message?

        Or have your applications save your passwords?

  • by BinarySolo (1951210) on Tuesday November 20, 2012 @06:22PM (#42047715)
    According to this [thehill.com], Leahy claims CNET was incorrect in its original article and that he never supported the warrantless wiretapping. When he tried to clarify this stance, CNET comes out with this article saying that he backtracked because of the backlash caused by their article. Not going to make the judgment call on which side is right, but it should at least be noted that there are two sides to the story.
    • by Anonymous Coward

      Three sides. Leahy, CNET, and the truth.

      • by Nimey (114278)

        Just because there are two sides doesn't mean that one of them is lying or only partly right.

  • by sconeu (64226) on Tuesday November 20, 2012 @06:26PM (#42047777) Homepage Journal

    When the ACLU and a conservative group are loudly on the same side of something, you know whatever it is is bad.

    • When the ACLU and a conservative group are loudly on the same side of something, you know whatever it is is bad.

      The age old adage applies, "The enemy of my enemy is my friend."

      • by Sique (173459)
        Not a friend, just a temporary ally.
      • by Anonymous Coward

        The enemy of my enemy is my enemy's enemy. Nothing more, nothing less.

        (one of the maxims of maximally effective mercenaries)

    • Final Jeopardy Answer: The opposite of political "Mom and Apple Pie"

      Contestants, all politicians, risk political capital in guessing what this is.

      Final Jeopardy Question: Anything the ACLU and conservative groups vocally oppose

    • Re: (Score:3, Insightful)

      by Anonymous Coward

      Not really. ACLU shares many same beliefs as libertarians. So more correctly, when they do line up on the same side you know its a government versus privacy issue. In this particular case, I think they are correct. But I'll reserve my judgment for their future endorsements, as they both are kind of bizare at times.

  • by nurb432 (527695) on Tuesday November 20, 2012 @06:41PM (#42047979) Homepage Journal

    Now that it was shot down from being in the open, it will reappear in a unrelated bill, buried under 1000's of other layers so it wont be noticed until its too late.

  • Translation: The CNET story was wrong [computerworld.com].

    Politicians do a lot of dumb things, but this would have been a total reversal for Leahy.

    • Direction aside, two things come up here:

      1) Way to pimp your own stuff. I'll grant that you did at least disclose (well, offhanded). ;)

      2) Leahy backed PIPA and SOPA full-throttle, fer hell's sake... so while neither are perfect parallels to TFA, it does prove one thing: His hands are definitely *not* clean when it comes to the whole Intarwebs thing.

      • by grantus (261016)

        PIPA and electronic privacy are entirely different issues. Believe it or not, it is possible to be for electronic privacy and also be for heavy copyright enforcement. Apples and oranges.

        And yes, it's pretty evident I wrote that story. I thought the story was on topic.

        • by Anonymous Coward

          In a purely theoretical sense, yes. In practical, when you consider technology involved, no.

          In order for heavy copyright enforcement to work, providers have to disclose inordinately large amounts of information to parties interested in enforcing their copyright.

          On top of that, PIPA had very little to do with actual heavy copyright enforcement, or privacy for that matter. If you read the bill or even its description on the wikipedia, you'll see that the primary goal of the bill was to give the government rig

  • by Anonymous Coward

    Leahy denies that the CNET story was ever true, so it may be not be the case that he changed his mind. As far as I can tell, every source for the claim that he was backing warrantless e-mail surveillance comes from the same story in CNET based on the same anonymous leak. Senator Leahy says that the version of the bill cited was never his. Other reporters have doubted the story from the start, and think that the draft is actually something proposed by Sen. Chuck Grassley (R-Iowa). It sounds more in character

  • This is especially ironic since Leahy is not only handling this warrantless wiretap issue, but he is also a man who has already has resigned from a Senate committee for his inability to keep secrets. http://www.nytimes.com/1987/07/29/us/iran-contra-hearings-senator-leahy-says-he-leaked-report-of-panel.html [nytimes.com]
  • by Okian Warrior (537106) on Tuesday November 20, 2012 @07:10PM (#42048399) Homepage Journal

    We could have fixed this whole privacy thing from the beginning, but for whatever reason we didn't.

    There was a time when people read E-mail using local clients. Freeware programs such as Thunderbird [mozilla.org] and Pegasus Mail [pmail.com] were common.

    The issue could have been addressed by fiat from any one popular software package. It would only have required:

    1) For each user, generate a default public and private key on install
    2) Add a field to the protocol requesting the recipient's public key if they have one
    3) Add a field advertizing the sender's public key
    4) Add a button on the interface for "Prevent others from reading the content"

    Done right, that's all it would have taken.

    The protocol allows for experimental fields which can be ignored if the client doesn't understand, and there is already a mechanism for "delivery confirmation" which could be adapted for "public key confirmation". It would have taken very little to have the client intercept the public key response, process it, and not bother the user about it.

    The mouseover for the button could have said "use encryption if the recipient has a compatible client".

    At the time, this would have been a feature that mainstream clients didn't have (Outlook, Exchange, &c), so it would have been a selling point for open source. It would have led people to encourage the recipient to change to a more secure client. There would be an incentive to make other packages compatible, and soon the feature would be everywhere.

    All of this could have been implemented transparently for the naive user, with a more sophisticated interface for advanced users who needed more control.

    But for some reason we didn't do that, and now everyone reads their E-mail online. We didn't make this a de-facto standard, and now we've missed our chance. (I've often wondered if the browser could automatically encrypt/decrypt the content of specific named text blocks from specific sites such as gmail. Then the content could be encrypted online, but show cleartext to the user.)

    We have the means and expertise to fix some of these problems, all it takes is the will to do it.

    • by Obfuscant (592200) on Tuesday November 20, 2012 @07:38PM (#42048793)

      The issue could have been addressed by fiat from any one popular software package.

      Thus solving it for users of one package.

      2) Add a field to the protocol

      Which protocol? SMTP? POP? IMAP? UUCP?

      The protocol allows for experimental fields

      Same question.

      The mouseover for the button

      Oh, this would solve the problem only for the people with GUI mail clients.

      could have said "use encryption if the recipient has a compatible client".

      Sorry. How does my email client know what email client YOU are using and whether it supports this? Is there a new protocol you are proposing where one client asks another prior to sending an email? What happens if the recipient is offline?

      But for some reason we didn't do that,

      Mainly because it is an intractable problem, much more difficult than simply having one GUI email client start doing it. Here's one big problem: how do I read those encrypted emails sitting in my mailbox when I'm not using the specific GUI email client that deals with them, or I don't happen to have the key and can't get it because I'm not online at the moment?

      (I've often wondered if the browser could automatically encrypt/decrypt the content of specific named text blocks from specific sites such as gmail. Then the content could be encrypted online, but show cleartext to the user.)

      If you are limiting yourself to defining "email" as "gmail accessed via a web browser", you simplify the problem considerably. Of course Google could store all your email in an encrypted form and send you a javascript (if you have a js enabled/capable broswer) applet that decodes it on your system. If you send them your public key, they could even encrypt the stuff they store on their disks as it came in for you, if it wasn't already. You still have the problem of how you make sure every system you use to access that email has the key kept locally, and what happens for people who have gmail forwarded to some place else.

      So, yes, the problem is rather trivial if you force everyone and everything through one mail server and ignore the huge diversity in protocols used to transport email and the kinds and types of clients/servers used to do it.

      • The issue could have been addressed by fiat from any one popular software package.

        Thus solving it for users of one package.

        Yes, solving it for one package. As mentioned in the post, there would be an incentive for other packages to implement the scheme in order to be compatible. As mentioned in the post. Perhaps enough incentive to form a Tipping point [wikipedia.org].

        2) Add a field to the protocol

        Which protocol? SMTP? POP? IMAP? UUCP?

        The protocol allows for experimental fields

        Same question.

        Which one do you think? Do you need a complete spec, or will just an outline do? Google is your friend.

        The mouseover for the button

        Oh, this would solve the problem only for the people with GUI mail clients.

        Did you really think I was advocating implementing this only on GUI clients?

        The point was to get enough naive users into the system to make it a de-facto standard. Most naive us

        • You're overcomplicating it: all that Thunderbird would need to do would be to come with Enigmail bundled and have it set up automatically (with the keyring password stored in the password manager - insecure, but idiot-safe), and, in easy-install mode use PGP-MIME, automatically sign by default, and encrypt if you have the recipient's key. That makes everything work without any addition to the protocols, and is almost transparent to non-PGP users (who just see some meaningless parts attached to their message

  • The law enforcement and intelligence agencies continue to push for more and more data (warrentless wiretapping of every internet packet that flows through AT&Ts tapping points, wholesale retention of internet data by ISPs, email snooping, increasing numbers of CCTV cameras private and public and who knows what else) yet I dont see any funding anywhere for the massive numbers of agents required to find the few needles in that ever-larger haystack and turn that massive pile of data into useful information

  • Great, shining a light on this got the asshole to withdraw his latest attempt to violate his oath of office, but it is NOT ENOUGH. Until and unless Ruling Party politicians can expect to get their asses bounced off the public teat for this kind of behavior, they'll try again and again. It's long past time to end Leahy's career of public disservice.

    -jcr

Air is water with holes in it.

Working...