US Policy Would Allow Government Access to Any Email

An anonymous reader writes "National Intelligence Director Mike McConnell is currently helping to draft a new Cyber-Security Policy that could make the debate over warrantless wiretaps seem like a petty squabble. The new policy would allow the government to access to the content of any email, file transfer, or web search."

Really?

[by Anonymous Coward]

And what is it going to do about my encryption keys?

Not that I support this, but I sure as hell don't intend to make it easy for people to invade my privacy when I'm not doing anything illegal.

Re:Really?

[gnick (1211984)]

And what is it going to do about my encryption keys?

If things go really badly, they could pass legislation similar to the UK's that makes it illegal to withhold encryption keys and passwords if you're hit with a warrant. I'm sure if anyone has tried the "I forgot" defense yet.

Re:Really?

[Fulcrum of Evil (560260)]

I'd just go with the 5th ammendment defense - I don't have to tell you things that could incriminate me.

Re:Really?

[turbidostato (878842)]

"I'd just go with the 5th ammendment defense - I don't have to tell you things that could incriminate me."

So, how exactly is revealing a password any more incriminating than say, allowing police into your home -which is "standard practice"?

-Don't tell us that you killed her -which would be incriminating, just tell us your password -which is something absolutly neutral.

Re:Really?

[ashridah (72567)]

Taking your comment on face value, this only really works if you're communicating with a peer whom you already know, *and* whom you already have exchanged public keys with, in a trusted manner (no, a key on a public key chain isn't trusted, if you don't know why, then you fail at cryptography).

This doesn't work for public discussion lists, or even private ones, unless they're very strictly controlled.
It also doesn't help for p2p traffic, as those are between two essentially anonymous parties, and thus, have no way to prevent a man in the middle attack, even if they DO use encryption (unless the tracker mediates, which, for most implementations that I've seen, it doesn't, even if it's using SSL)

The simple fact of the matter is that encryption is the wrong mechanism to solve this problem. Removing power from your government is the right mechanism, ideally.

Luddite revolution

[ari_j (90255)]

I guess we'll just have to do this the old-fashioned way. Now accepting (paper) applications for the next Paul Revere.

He's just stretching the constraints

[blair1q (305137)]

so he can get through something we would consider "less onerous" but is still an affront to the Constitution.

They found a way to make encryption mainstream!

[Drake42 (4074)]

Because you can be damn sure that if they pass this law people will finally make sure to heavily encrypt what they say on the internet.

Then again, it's almost certain that they're already reading all the e-mail. This law is probably just to prevent them from getting sued about it later. Ug

 

I got an idea....

[bherman (531936)]

When the White House produces their missing emails, we'll produce ours
That should sufficiently prevent this from becoming law!

Re:I got an idea....

[EriDay (679359)]

The Ass Hats running our government have it backward. We're supposed to be able to read their communications, and they aren't supposed to be able to read ours.

Sounds like FUD

[MobyDisk (75490)]

This article is entirely speculation. The only source it links to is an article that was not printed, and the link points to a 404 page.

PGP + Constitution

[Rinisari (521266)]

Gnu Privacy Guard [gnupg.org] (or other PGP) + Judge: Man can't be forced to divulge encryption passphrase [news.com] = safety in communications.

You can't let the terrorists win

[MosesJones (55544)]

You need to have this sort of thing because you can't let the terrorists win, so what if you have to give up basic fundamental rights like privacy at least the terrorists won't have won.....

Oh hang on we were fighting for freedom and liberty weren't we? So you need to give up all your freedoms to protect your freedom? You'd almost thought that the government was a repressive regime that wanted to subjugate people.

Re:You can't let the terrorists win

[chuckymonkey (1059244)]

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

As this applies to regular mail, I think that it applies to email as well despite the government not getting a cut of the money.

No person shall be held to answer for any capital, or otherwise infamous crime, unless on a presentment or indictment of a Grand Jury, except in cases arising in the land or naval forces, or in the Militia, when in actual service in time of War or public danger; nor shall any person be subject for the same offence to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation.

Self Explanatory, encrypt. Also as the beginning states they cannot do anything to you unless they bring you before a Grand Jury. The wording is clear that the only exception are members of the Military. Which brings me to a fun story.

When I was in the Army deployed to Iraq they told us that they had to scan our computers before we left to look for secrets and obscene material. Well this made me very angry so first I offered my services to a few friends and setup truecrypt volumes for them. Then I took a picture of myself flipping off a camera, labeled them things like Fuck Me hard(several different variations on that theme) and distributed 30,000 copies all over my hdd. Let's just say that when they put in the scanning disk the person performing the scan got really tired of seeing me flip him off and they didn't find anything. I know it was petty and he really wasn't doing it because he wanted to, but I think that I made a point even if it was in a very small way. The leadership never ever scanned anything of mine again.

Who cares?

[GodfatherofSoul (174979)]

Regardless of the laws, we've already seen that the telecoms will grant the government whatever access it wants. If they get busted, they'll go cry to Congress for retroactive protection. Same results with or without legal protection of your privacy.

Make your voice heard

[cohomology (111648)]

Tell the highest levels of the intelligence community what you think about this idea by picking up a phone and calling any number.

I know, it's not original.

Encrypt your email

[gillbates (106458)]

Seriously. There are already libraries such as FLTK [fltk.org] and QT for the graphic front end. For the back end, you could use XySSL [xyssl.org], OpenSSL [openssl.org], or even GNU GPG.

I'm about 20 hours into an encryption client, and I've already got people using it. I initially wanted to use GPG, but realized that most technophobes won't go for a command line application. So I pulled out FLUID (the FLTK design utility) and had a prototype working within hours.

Today, there's no excuse for not encrypting your email. I realize that you may think you have Constitutional rights in this regard, but GW & Co. have the guns, the taxpayer financing, and even the (unsolicited!) cooperation of the major network carriers. It doesn't matter what you think the Constitution says if you can't even get a trial. You're on your own from here on out.

So why encrypt, even if you've nothing to hide? Well, simple, really. Why let the government violate the 4th ammendment with impunity? If you encrypt your email, the government can't perform secret, mass surveillance. Sure, they can pound on your door, and even demand the key. You might even have to give it to them. But in them doing so, you've achieved three key goals:

1. In order to get the key from you, they'll have to contact you. So they can't secretly eavesdrop on your communications.
2. Should you refuse the key, they will have to convince a judge to order you to divulge it - thus, your 4th ammendment rights are preserved - the judge will require probable cause before issuing the order.
3. In demanding the key, the issue will move from the administrative branch to the judicial branch. You want to force the government into the courtroom so that your other rights are not trampled as well.

Encryption is highly Constitutional (TM) software. It keeps terrorists from eavesdropping on our conversations, knowing our whereabouts, and stealing our valuable intellectual property. If the government can't read my email, neither can the terrorists.

Be patriotic. Support the Constitution. Encrypt everything.

Re:The Constitution...

[LWATCDR (28044)]

Well except that there is no proof that this is true. That story is kinda short on any proof at all.
email? Does anybody think that email is private? It is sent in clear text so I would say that it is as private as a postcard.
There is an election coming soon. So for those that really fear this find out where the candidates stand on it.
Then vote.
BTW don't focus so much on the President BTW take a hard look at your congressional reps.

Re:The Constitution...

[timmarhy (659436)]

why must we have to justify privacy? it's obvious to anyone that if a letter isn't addressed to you then it's an invasion of privacy regardless of the measures we take to stop you.

Re:The Constitution...

[Chris Burke (6130)]

email? Does anybody think that email is private? It is sent in clear text so I would say that it is as private as a postcard.

As I say in every discussion of this nature, "private" in the sense of "can a police officer legally look at this and use it as evidence?" is completely different than in the sense of "could a malicious person who wanted to snoop on what I was saying possibly look at this, the law be damned?"

E-mail is about as physically private as a letter. They are fairly trivial to read but it does require you take take deliberate action to do so. As opposed to a post card which could literally fall out of the postman's hand text-up and be read by accident, other people's emails don't just randomly show up on your screen even if you are an email server sysadmin.

And thanks to recent precedent email is becoming -legally- as private as a letter. Which to repeat, is a different standard, and regardless of the fact that letters are easy to read, they are still considered private. So while a malicious mail man could read your mail whenever they chose, a cop who wanted their evidence to stand up at trial could not without a warrant.

We need to remember both of these. First if you want real privacy even from malicious people, you need to encrypt your email. Second, we still need to keep unencrypted email to be legally private, since otherwise the idea is that if the police -can- read your encrypted emails then they don't count as private and thus no warrant is needed.

There is an election coming soon. So for those that really fear this find out where the candidates stand on it.
Then vote.
BTW don't focus so much on the President BTW take a hard look at your congressional reps.

True that. Sadly enough it's hard enough to get specific answers on what the Presidential candidates' stances are on the subject, much less all the representatives.

Re:The Constitution...

[pilgrim23 (716938)]

A new product is all the rage in the District these days:
    Bill of Rights Toilet Paper (tm)
It comes with all 10 printed on each sheet. Congress Critters find it to be heavy duty absorbent. Somehow though, that stuff you water the Tree of Liberty with seems to slip through anyway, just a little, but it slips through....

It's in the New Yorker's print edition

[by Anonymous Coward]

As re-reported in Raw Story: [rawstory.com]

National Intelligence Director Mike McConnell is drawing up plans for cyberspace spying that would make the current debate on warrantless wiretaps look like a "walk in the park," according to an interview published in the New Yorker's print edition today. ...

McConnell is developing a Cyber-Security Policy, still in the draft stage, which will closely police Internet activity.

"Ed Giorgio, who is working with McConnell on the plan, said that would mean giving the government the autority to examine the content of any e-mail, file transfer or Web search," author Lawrence Wright pens.

"Google has records that could help in a cyber-investigation, he said," Wright adds. "Giorgio warned me, 'We have a saying in this business: 'Privacy and security are a zero-sum game.'"

Re:Diminishing returns

[cptdondo (59460)]

I think you miss the point. The data will be mined after the fact or to build a case against someone the gov't doesn't like.

Let's say you do something to piss some mucky-muck off and you get on the monitor list. It's only a matter of time before you mention in passing that you copied a DVD or any other heinous crime and bingo! The FBI/Federal marshals/etc are at your door.

Paranoid? I grew up in a communist state. I hate to think I've escaped to one, too....

Re:Diminishing returns

[KublaiKhan (522918)]

That's really the only way it could be useful at all; as a method of detection, there's no real way that one could find anything useful with that sort of shotgun approach at all.

But if the government really wants your hide, then they'll have it whether they have any real evidence or not--witness Cardinal Richelieu's words: "Give me four lines written by the most innocent of men, and in them I will find something to hang him." That was just as true then as now.

Re:And what about foreign nation TLD's?

[nuzak (959558)]

> We'll see what our governments have to say about that.

Something along the lines of "More! More! Harder! Deeper!" is my guess.