That Was Fast: Leahy Drops Warrantless E-mail Surveillance Bill 107
Presto Vivace writes "Under the right conditions, online activism can be very effective. U.S. Senator Patrick Leahy has already abandoned his warrantless e-mail surveillance bill we discussed this morning. 'The Vermont Democrat said today on Twitter that he would "not support such an exception" for warrantless access. ... A vote on the proposal in the Senate Judiciary committee, which Leahy chairs, is scheduled for next Thursday. The amendments were due to be glued onto a substitute (PDF) to H.R. 2471, which the House of Representatives already has approved. Leahy's about-face comes in response to a deluge of criticism today, including the ACLU saying that warrants should be required, and the conservative group FreedomWorks launching a petition to Congress -- with over 2,300 messages sent so far -- titled: "Tell Congress: Stay Out of My Email!""
Oops, somebody noticed (Score:5, Insightful)
Re: (Score:2, Insightful)
The people didn't like it, he changed his stance.
It's how it's suppose to work.
I know,it doesn't fit into your lazy ass whiny spoon fed view point.
But there you are.
Re:Oops, somebody noticed (Score:5, Insightful)
The fact that he even considered it in the first place is disturbing on its own.
Re: (Score:1)
The fact that he even considered it in the first place is disturbing on its own.
This is key, and far more important than the fact that he dropped it when so many people complained. As far as I am concerned, people in power who try to pull this kind of crap should be removed from power immediately. He or others will try it again when they get the chance.
Re: (Score:3)
He didn't.
http://thehill.com/blogs/hillicon-valley/technology/268929-leahy-denies-supporting-bill-to-allow-warrantless-email-searches [thehill.com]
Re: (Score:2)
It's impossible to know the truth of the matter. Clearly _someone_ floated a trial balloon, which got shot down. Whether that someone was Leahy is unknowable, and we shouldn't spend a lot of time worrying about it, because it's just time wasted. The fact that he's disavowing it so strongly means either that he didn't float the balloon (he's telling the truth) or that he gets the message. Either result is fine.
Re:Oops, somebody noticed (Score:5, Insightful)
Re: (Score:2, Interesting)
With the selection of third parties we have, they are not much better.
The Greens:
Where I live, they have managed to get public land closed, saying it was for the environment. Said land? Well, the local county "leased" it for a 50+ year term, and now sports a golf course. What once was an area for hiking and mountain biking is for golf carts, and the surrounding area is "blessed" by the runoff from fertilizer.
They live in a world where they want to deprive people of enjoyment. Usually they end up as pawn
Re: (Score:3)
Re: (Score:3)
Re: (Score:3)
Decades? The 12th amendment (which changes the method for selecting VP) was ratified in 1804. That's only 17 years after the Constitution was formally adopted by the US.
Re: (Score:2)
Anyway, what incentive would the runner up have to take the VP position? The incredible powers of the vice president? VP is a good chance to establish yourself as a presidential contender. If you were already a presidential candidate in the general election, the VP position is pretty much completely worthless.
Re: (Score:2)
Re: (Score:2)
The tie breaking vote? If the second-placer was a senator, as has been the case two out of the three most recent elections, that would be less power. For the amount of campaigning one does to survive the primaries, less power than a senator gets would be not even a consolation prize. It would be an embarrassment.
No,
Re: (Score:3)
Re: (Score:3)
Our third parties are definitely a bit, uh, radical. But there's a difference between a government made up entirely of Greens, and a government that has a certain amount of Green influence. I voted for some Green candidates in the past election, and some Libertarians too. It's not because I want to see a government entirely composed of those viewpoints. I simply feel that a mixture of all of these views may lead to more diverse and effective government.
A government composed entirely of Greens would probably
Re: (Score:2)
Problem is, even if there were a slightly viable national 3rd party, it would be another 20 years before they could control any sub/committee - where the real power lies.
Re: (Score:2)
aw... and we were that | | close to convincing everyone to finally encrypt their emails...
Oh well.
Re: (Score:2)
The fact that he heard the people and changed his stance to appease constituents : good.
The fact that he was trying to cornhole us san lube until a collective "WTF are you trying to do back there??" : bad
Re: (Score:2)
The people didn't like it, he changed his stance.
It's how it's suppose to work.
I know,it doesn't fit into your lazy ass whiny spoon fed view point.
But there you are.
I thought in politics (USA, anyway), you aren't ever, EVER supposed to reverse your political stance until the Supreme Court says you must.
I kid, I kid...
Re: (Score:2)
Re: (Score:2)
Re:Oops, somebody noticed (Score:4, Insightful)
I'm not a behavioral scientist or a psychologist, and this might even be wrong, but I'm sure I've read before that our brain remaps our "personal space bubble" when we drive a car. I also believe that (beyond the obvious) reasons why we get angry at telemarketers/doorknockers, wear clothes, put locks on our doors and curtains on our windows is because we have a deep-down, hard-wired intellectual personal space that has evolved alongside our physical personal space.
Problem is, every unsolicited knock on the door, phone ring from a stranger or person peeking through the curtains rankles us in our lizard brain because an external force is attempting to wrest some control of our intellectual personal space. It's no different to a perfect stranger standing two inches from our face. It's wrong. Our lower brain connected to our higher brain sees "THREAT!!"
We feel the same way when the government pries into our communications, movements or histories. It's not about being ashamed of anything or having "something to hide", it's about a feeling of an exterior force violating our intellectual idea of personal space. We are being denied the control we desire over what we show the world. That is in my opinion the core issue governments will never be able to understand. That's the answer to the inevitable "Why are they protesting?" question.
Re: (Score:2)
This is the key point. They will try again when the heat dies down.
"The price of liberty is eternal vigilance." -- Thomas Jefferson
Re: (Score:2)
Re: (Score:2)
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
Re: (Score:3)
It's never been about having something to hide or not...
Privacy in general is not about hiding things, not just restricted to IT-related topics. I once had a debate with a previous manager -- her claim was that if you didn't want anybody to know you were doing something, then perhaps you shouldn't be doing it. I wanted to counter that if she believed that, perhaps she wouldn't mind installing a camera in her bedroom so I could watch her having sex.
Of course, I didn't say that. But I wanted to.
Re:Oops, somebody noticed (Score:5, Interesting)
Now that's representative-based democratic oversight, lol.
deliberative democracy (Score:2)
You're angling towards what's called deliberative democracy. It takes many forms, including the Open Mic discussion form invented by the Spanish protestors and popularized by OWS. There is a jury duty based approach that's practical form for large governments :
You simply replace the presidential veto with the requirement that all legislation must pass a jury trial with 300 jurors randomly selected from amongst the voters---you need a couple hundred for any real statistical significance. Advocates selecte
Executive Order in 3... 2... 1... (Score:5, Insightful)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
or maybe go ahead and do it anyway (Score:3)
No time like the present... (Score:1)
No time like the present to start using encrypted forms of communication.
Re:No time like the present... (Score:4, Interesting)
try convincing nongeeks and nontinfoilhaters to use double public key encryption for all of their communication be it email chat or voip. they will fight it tooth and nail because it "more complicated" translated requires one additional click per message maybe a couple keystrokes for your password.
Re: (Score:2)
Yeah I would love to do this but the thought if having to explain let alone help my parents and other siblings set this up makes me cry.
Re:No time like the present... (Score:5, Insightful)
No problem! We can just simplify the process by setting up a large number of so called "certificate authorities", who we will trust implicitly and pay yearly fees for little chunks of math! Nothing could possibly go wrong, and we can have a comforting little padlock symbol for noobs...
Re: (Score:2)
you forgot employing scare tactics against people who don't pay for the little bits of math opting to generate it on their own computer. go look at any https site that uses a self-signed certificates, the first thing your browser does is give you a large warning about how you are at risk. then make you click through several dialog boxes saying you really are sure that you simply want to veiw the encrypted page
Re: (Score:3)
Duh. That's because a self-signed certificate delivered over the Internet from a random web site provides no protection whatsoever against a man-in-the-middle attack.
Re:No time like the present... (Score:5, Insightful)
It does if you'd bother to look at the fingerprint and verify it's the same as last time. Which the browsers should do, but they don't because it cuts into their CA root key inclusion fees.
Re: (Score:2)
Re: (Score:2)
Just because you, personally, are not interested in a solution to the problem of authentication in the computer security field doesn't mean SSL certificates shouldn't make a stab at attempting to solve it. Access control (encryption) isn't really much use without the other.
Re: (Score:2)
or we could simply use a separate header for authorized cirts and self signed explain to people the defference. or we could make signing free or cheap.
Re: (Score:2)
That sounds like what's happening now. Except your software vendors are not interested in making the distinction.
And there are free/cheap certificate providers out there that are generally accepted by most major software packages and OSes. I use one such for my home needs: StartSSL.
Re: (Score:2)
Once again wrong approach.
Fight for restriction in what people can do with that data.
The best encryption in the world is no stronger then a knee cap.
Re: (Score:2)
Lets assume for a minute that the government and carriers/isp's and mail providers were willing to abide by the rules and actually care about and respect people privacy you would still have the problem of crackers and other malicious entities. The government is just the most potentiality scary bogeyman. Every one should be using encryption on all communication and conceivably sensitive/embarrassing/compromising data. I personaly have to settle for merely cryptographically signing rather than encrypting most
Re: (Score:2)
Re: (Score:2)
Not to mention that they're all using web-based mail, or tweets, or facebook posts.
Re: (Score:2)
If you only type a couple of keystrokes for your password, it must not be much of a password.
Or perhaps you are averaging out keystrokes/message?
Or have your applications save your passwords?
Re: (Score:1)
Two sides to every story (Score:4, Informative)
Re: (Score:1)
Three sides. Leahy, CNET, and the truth.
Re: (Score:2)
Just because there are two sides doesn't mean that one of them is lying or only partly right.
Re: (Score:2)
The purpose of having another candidate is to remind you what the first one did wrong.
Strange bedfellows... (Score:4, Insightful)
When the ACLU and a conservative group are loudly on the same side of something, you know whatever it is is bad.
Re: (Score:2)
When the ACLU and a conservative group are loudly on the same side of something, you know whatever it is is bad.
The age old adage applies, "The enemy of my enemy is my friend."
Re: (Score:2)
Re: (Score:1)
The enemy of my enemy is my enemy's enemy. Nothing more, nothing less.
(one of the maxims of maximally effective mercenaries)
Not bad (Score:1)
Final Jeopardy Answer: The opposite of political "Mom and Apple Pie"
Contestants, all politicians, risk political capital in guessing what this is.
Final Jeopardy Question: Anything the ACLU and conservative groups vocally oppose
Re: (Score:3, Insightful)
Not really. ACLU shares many same beliefs as libertarians. So more correctly, when they do line up on the same side you know its a government versus privacy issue. In this particular case, I think they are correct. But I'll reserve my judgment for their future endorsements, as they both are kind of bizare at times.
Trial Balloon (Score:3)
Now that it was shot down from being in the open, it will reappear in a unrelated bill, buried under 1000's of other layers so it wont be noticed until its too late.
Leahy switched his mind twice? (Score:1)
Translation: The CNET story was wrong [computerworld.com].
Politicians do a lot of dumb things, but this would have been a total reversal for Leahy.
Re: (Score:2)
Direction aside, two things come up here:
1) Way to pimp your own stuff. I'll grant that you did at least disclose (well, offhanded). ;)
2) Leahy backed PIPA and SOPA full-throttle, fer hell's sake... so while neither are perfect parallels to TFA, it does prove one thing: His hands are definitely *not* clean when it comes to the whole Intarwebs thing.
Re: (Score:1)
PIPA and electronic privacy are entirely different issues. Believe it or not, it is possible to be for electronic privacy and also be for heavy copyright enforcement. Apples and oranges.
And yes, it's pretty evident I wrote that story. I thought the story was on topic.
Re: (Score:1)
In a purely theoretical sense, yes. In practical, when you consider technology involved, no.
In order for heavy copyright enforcement to work, providers have to disclose inordinately large amounts of information to parties interested in enforcing their copyright.
On top of that, PIPA had very little to do with actual heavy copyright enforcement, or privacy for that matter. If you read the bill or even its description on the wikipedia, you'll see that the primary goal of the bill was to give the government rig
Re: (Score:2)
Why assume CNET was correct? (Score:1)
Leahy denies that the CNET story was ever true, so it may be not be the case that he changed his mind. As far as I can tell, every source for the claim that he was backing warrantless e-mail surveillance comes from the same story in CNET based on the same anonymous leak. Senator Leahy says that the version of the bill cited was never his. Other reporters have doubted the story from the start, and think that the draft is actually something proposed by Sen. Chuck Grassley (R-Iowa). It sounds more in character
Safeguarding our privacy? (Score:2)
We could have fixed this, but didn't (Score:3)
We could have fixed this whole privacy thing from the beginning, but for whatever reason we didn't.
There was a time when people read E-mail using local clients. Freeware programs such as Thunderbird [mozilla.org] and Pegasus Mail [pmail.com] were common.
The issue could have been addressed by fiat from any one popular software package. It would only have required:
1) For each user, generate a default public and private key on install
2) Add a field to the protocol requesting the recipient's public key if they have one
3) Add a field advertizing the sender's public key
4) Add a button on the interface for "Prevent others from reading the content"
Done right, that's all it would have taken.
The protocol allows for experimental fields which can be ignored if the client doesn't understand, and there is already a mechanism for "delivery confirmation" which could be adapted for "public key confirmation". It would have taken very little to have the client intercept the public key response, process it, and not bother the user about it.
The mouseover for the button could have said "use encryption if the recipient has a compatible client".
At the time, this would have been a feature that mainstream clients didn't have (Outlook, Exchange, &c), so it would have been a selling point for open source. It would have led people to encourage the recipient to change to a more secure client. There would be an incentive to make other packages compatible, and soon the feature would be everywhere.
All of this could have been implemented transparently for the naive user, with a more sophisticated interface for advanced users who needed more control.
But for some reason we didn't do that, and now everyone reads their E-mail online. We didn't make this a de-facto standard, and now we've missed our chance. (I've often wondered if the browser could automatically encrypt/decrypt the content of specific named text blocks from specific sites such as gmail. Then the content could be encrypted online, but show cleartext to the user.)
We have the means and expertise to fix some of these problems, all it takes is the will to do it.
Re:We could have fixed this, but didn't (Score:5, Informative)
The issue could have been addressed by fiat from any one popular software package.
Thus solving it for users of one package.
2) Add a field to the protocol
Which protocol? SMTP? POP? IMAP? UUCP?
The protocol allows for experimental fields
Same question.
The mouseover for the button
Oh, this would solve the problem only for the people with GUI mail clients.
could have said "use encryption if the recipient has a compatible client".
Sorry. How does my email client know what email client YOU are using and whether it supports this? Is there a new protocol you are proposing where one client asks another prior to sending an email? What happens if the recipient is offline?
But for some reason we didn't do that,
Mainly because it is an intractable problem, much more difficult than simply having one GUI email client start doing it. Here's one big problem: how do I read those encrypted emails sitting in my mailbox when I'm not using the specific GUI email client that deals with them, or I don't happen to have the key and can't get it because I'm not online at the moment?
(I've often wondered if the browser could automatically encrypt/decrypt the content of specific named text blocks from specific sites such as gmail. Then the content could be encrypted online, but show cleartext to the user.)
If you are limiting yourself to defining "email" as "gmail accessed via a web browser", you simplify the problem considerably. Of course Google could store all your email in an encrypted form and send you a javascript (if you have a js enabled/capable broswer) applet that decodes it on your system. If you send them your public key, they could even encrypt the stuff they store on their disks as it came in for you, if it wasn't already. You still have the problem of how you make sure every system you use to access that email has the key kept locally, and what happens for people who have gmail forwarded to some place else.
So, yes, the problem is rather trivial if you force everyone and everything through one mail server and ignore the huge diversity in protocols used to transport email and the kinds and types of clients/servers used to do it.
Please stop being a troll (Score:3)
The issue could have been addressed by fiat from any one popular software package.
Thus solving it for users of one package.
Yes, solving it for one package. As mentioned in the post, there would be an incentive for other packages to implement the scheme in order to be compatible. As mentioned in the post. Perhaps enough incentive to form a Tipping point [wikipedia.org].
2) Add a field to the protocol
Which protocol? SMTP? POP? IMAP? UUCP?
The protocol allows for experimental fields
Same question.
Which one do you think? Do you need a complete spec, or will just an outline do? Google is your friend.
The mouseover for the button
Oh, this would solve the problem only for the people with GUI mail clients.
Did you really think I was advocating implementing this only on GUI clients?
The point was to get enough naive users into the system to make it a de-facto standard. Most naive us
Re: (Score:1)
You're overcomplicating it: all that Thunderbird would need to do would be to come with Enigmail bundled and have it set up automatically (with the keyring password stored in the password manager - insecure, but idiot-safe), and, in easy-install mode use PGP-MIME, automatically sign by default, and encrypt if you have the recipient's key. That makes everything work without any addition to the protocols, and is almost transparent to non-PGP users (who just see some meaningless parts attached to their message
Its not about data, its about information... (Score:2)
The law enforcement and intelligence agencies continue to push for more and more data (warrentless wiretapping of every internet packet that flows through AT&Ts tapping points, wholesale retention of internet data by ISPs, email snooping, increasing numbers of CCTV cameras private and public and who knows what else) yet I dont see any funding anywhere for the massive numbers of agents required to find the few needles in that ever-larger haystack and turn that massive pile of data into useful information
Re: (Score:2)