E-Mail, Privacy and the Law 176
Not From Me writes, "sendmail.net has an eye-opening article about how 'private' e-mail is in the eyes of lawyers and courts, called E-Mail, Privacy and the Law. Scary stuff, and important to know."
No spitting on the Bus! Thank you, The Mgt.
Scary (Score:1)
S-J
E-mail (Score:1)
Microsoft? (Score:3)
Isn't this one of the things that has got Microsoft into so much trouble throughout the court case? I wonder how much of what they now stand accused of would not even have seen the light of day without forcing them to disclose their emails?
It just isn't worth it (Score:2)
What if you delete or have "misplaced" it. (Score:2)
Perhaps the best idea that I have is to simply have a convincing fake on hand to lure would be lawyers into thinking something else when it's really not the case.
Authentication? (Score:1)
It's just a sequence of bytes anybode could have made, unless you signed it with a known key.
5th Amendment (Score:3)
Re:Scary (Score:3)
That would be ALL hard drives. Which means:
1) The sender's hard drive
2) The sender's ISP's mail hard drive
3) Your ISP's mail hard drive
4) Your hard drive.
and for every cc:, the number jumps up.
and don't even bother trying, if there was a bcc:
Re:Scary (Score:1)
To destroy a letter you need a lighter. Depending on the OS you use, the mail service, the email-client, the email servers your email has passed through - you might just need an H-bomb to be sure all traces of the email are gone...
There are things that can be done (Score:3)
Despite the article's premise that it doesn't matter how many layers of encryption, etc are used to protect e-mail, it is all discoverable. Now, I'm not a lawyer, but my understanding of current US law is that the TEXT of any e-mail is discoverable: if the sender encrypted it, there is no current law on the books that would force surrender of the key. This changes a bit if only the servers encrypt the data -- which is a strong argument for public use of encryption.
On a side note, however, it is important to realize that if the authorities wish to take the time to track down the senders and recievers of e-mail messages, the plaintexts of even encrypted messages can be subpoenaed (sp?), so caution in what is said is still important.
This brings up one last issue, too: with the revision of Yahoo!'s ToS to state that they own all IP expressed over thier services, even instant messaging logs could be subject to this kind of discovery. Write your congressperson, as per usual...
In the meanwhile, encrypt, encrypt, encrypt! At least we'll make them work for the data. :)
--
Never underestimate the power of very stupid people in large groups
Re:Scary (Score:2)
I would think it harder to destroy an email than a tree-based letter, given the path an email has to travel. Emails received and sent are extensively logged by the servers they pass through, no?
(Or maybe I'm being too paranoid after that Law & Order episode last night...)
--
Whatever they want. (Score:1)
Yeah, right. If they read my e-mail in a court, they'd probably let me off just because they felt sympathetic for me.
kwsNI
Deleting isn't enough... (Score:1)
If subpoenaed, how would one actually read and store unused sectors from disks on large multiuser systems like that? (Create a file, lseek out far enough to fill the entire disk, then scan it?)
Re:E-mail (Score:1)
Personally I feel that letters, email and phonecalls should all be rated equal with ordinary conversation. No-one should ever be forced to reveal contents of their personal documents or private conversations. But also I don't feel that planning a murder should be punished, only executing the plan.
What's the point? (Score:4)
We all know that e-mail should be private, the but the question is, "Why isn't it?"
E-mail can't be used to "prove" anything. It's disturbingly easy to forge. A printout of an e-mail could easily have simply been typed. There are no signatures, no postmarks, just bytes of data that can be forged by anyone who has half a clue what they're doing.
ICQ: 49636524
snowphoton@mindspring.com
too much tv (Score:1)
That's the law for ya (Score:1)
Just look at the library filter flap, UCITA, Microsoft being brought up on antitrust laws (a relic from the days of railroad), internet pr0n, and internet taxation. These are all crucial areas of law that the internet has changed the rules on.
What's the solution? I dunno. Legislators have to give some serious time to the the implications of their actions before they totally fxxk up the First Amendment, property law, search-and-seizure, and all the rest of it. Maryland is currently reviewing UCITA in this way (Thank GOD), and hopefully other states (those outdated geography-based domain names) will follow suit.
--
In the article... (Score:1)
>many layers of cryptography you've wrapped around
>it or how well you've squirreled it away.
Bullshit. With enough crypto layered around an email --- or any other piece of data for that matter --- no one besides the recipient and the sender are ever gonna see it.
If they demand the keys, you can always develop a case of the forgets. "Oops, I forget my password." "Oops. I forget where I stored my email." "Oops. I forget what encryption scheme I used to encrypt it."
Is it illegal to "forget" information like that in a civil trial? I know that a judge wouldn't take to kindly to that in a criminal trial, for sure...
Re:Scary (Score:1)
Re:Authentication? (Score:1)
What would a defense of this look like? Maybe one could prove that the fileserver has been hacked, and thus, one cannot trus the authenticity of the messages stored on it?
Whatever it is, it all looks like a can of worms.
Re:It just isn't worth it (Score:1)
> to please DO NOT send me anything remotely
> inapropriate over mail, this included
> Hotmail and the like. It just isn't worth it.
I completely understand what you're saying here because I've been involved in similar situations, but the part that I don't understand about this is that people don't really seem to understand that you don't have any control over the email that people send you.
I know that people think that you do, but why can't companies understand that you are going to get spam occationally and you're going to get junk mail. The only thing that you can really control is the mail that you are sending out and if that isn't apropriate then they should have words with you, but not because you are being sent some dirty jokes.
arghh, just another one of my peaves against PHBs!
Re:What's the point? (Score:1)
Re:5th Amendment (Score:1)
These people often don't check their mail every day, and if it's a weekend, forget it.
There's too great a potential for your data never getting seen, not to mention abuse...
What if some punk on their parent's DSL/Cable line decides to cc:all@aol.com (or something similar) a 15 meg email, set to destruct in 6 hours?
All of a sudden, every server from his line on up can get nuked, and AOL is SOL (no complaints here).
i'm having flashbacks to the days... (Score:2)
creepy, huh?
Re:E-mail (Score:1)
The US and Lawyers (Score:3)
What is it over there in the land of the free that creates such draconian laws ? Giving Lawyers as much power as the likes of the FBI and other elements of the goverment is way beyond bizarre.
Time to have another revolution guys.
Encryption's No Solution (Score:3)
The problem with encrypting everything is that you can have your key subpoenaed too. If you don't turn over that you get hefty fines (for the defendant) or you case gets forfetured. (for the prosecuter) Encryption just doesn't do a single thing for you, except allow you to swallow those hefty fines if it's worth it. (company secrets might be worth keeping even if you have to pay millions in fines of course)
Destroying email will help you out quite a lot. Make sure that no email gets saved. And make sure that all deleted email is securely overwritten. Don't make backups and if you really need to save something hide it.
What about ICQ? (Score:1)
What about ICQ?
Legal: Is it discoverable? Or is it like a telephone mentioned in the article.
Technical: Suppose the sender and the reciever erases their logs on their local machines. Is it stored somewhere else? Could that be "discovered"?
Re:E-mail (Score:1)
Re:5th Amendment (Score:1)
Re:What if you delete or have "misplaced" it. (Score:1)
Those that live in the UK probably would NOT want to lose the key, IIRC. Over here in the US, failure to produce the key might be contempt of court, destruction of evidence, or obstruction of justice (but hey, IANAL) -- in much the same way that destroying any other form of evidence is itself a criminal act.
As for a fake key -- theoretically you could claim an XOR-based OTP, and simply have a fake key to turn incriminating text into vaguely suspicious, plausible but non-incriminating text (as I sincerely doubt a jury would believe that you OTP'd a cookbook recipe... especially, say, if it's to a staffer at a foreign embassy or whatever). This would might be perjury or worse if caught, however.
Re:Deleting isn't enough... (Score:1)
Its much easier to get a hold of tape backups.
Re:What if you delete or have "misplaced" it. (Score:2)
Who said the authorities would behave "realistically" ?
See this [slashdot.org] previous slashdot story:
Richard Stallman talks about some upcoming laws that could be disasterous for British citizens." Guilty until you prove you're innocent, no right to remain silent, no right to a jury trial, produce your encryption keys or go to jail..
Scary stuff! (Score:2)
Here in Holland, you have privacy laws on snail-mail, and these days even on E-mail. Reading someone else's E-mail simply is a crime.
I don't know how politics work in the USA, but perhaps there should be new privacy laws overthere, dealing with stuff like this. This means making your Congressman (this is the usual way?) aware of the problem. Perhaps other methods apply.
This E-mail privacy is necesarry, because they can now ask/force you to open up your mail, next they won't ask anymore, where does it stop?
Why's this scary? (Score:2)
What I find more disturbing is the ability to produce incomplete or altered email, out of context (copy and paste?). PGP signing of emails can help here.
Re:In the article... (Score:1)
Re:Authentication? (Score:1)
Surely without a digital signature, or BOTH "original" messages (senders and receivers), they can't prove much - it's trivial to forge an email in your own mailbox - I could simply (manually) create a message on my server, and tell my email program to retrieve messages from that rather than my ISP's server. Result, a message that has all the right headers for whoever I want to set up. Likewise I could do the same to make it appear I had sent a message to someone.
It's about time lawyers and the law was dragged into the 20th century, just as we're about to leave it...
Re:Authentication? (Score:2)
//rdj
actually... (Score:1)
even police reports can fall under hearsay if
one party denies what is said within it.
Re:Deleting isn't enough... (Score:2)
A simple but inadequate approach might simply be to scan through a raw disk device -- remember the
A data recovery specialist would probably be able to describe how to recover material that's been deliberately overwritten (say, just a couple of passes). Recall that some standards call for several differing passes of overwriting in order to prevent recovery of sensitive information...
Well.... maybe... (Score:1)
Expectation of privacy (Score:2)
It's one thing when the mundane media express shock at this concept, but one would think that /. editors would have a higher clue level.
The law has a concept of "expectation of privacy". If you tell your lawyer "I'm guilty" in the middle of the courtroom, loud enough for the prosecution to hear, all the claims of attourney-client privalege in the world aren't going to help you, because you had no excpectation of privacy.
Sending private information in the clear over the internet is like walking naked in front of a picture window -- you can be sure that sooner or later, both are going to draw people's attention.
What about Slashdot posts? (Score:1)
Can Slashdot forum contents be subpoenaed? We often discuss on "controversial" topics such as hacking, computer security, virus, etc. We often express our displeasure with people (Bill Gates), entities (Microsoft) and even countries (Australia). What if Bill Gates was murdered by some Linux zealot cult. Will every Linux mailing list and Slashdot contents be subpoenaed?
If such a thing every did happen, will we start to refrain ourselvers from posting notes that may be used in some court of law? Very scary stuff indeed. And these days we are seeing bigger hard drivers, and better backup software/hardware. This will make Document Retention times higher.
Let me finish by saying my employer sucks! We need some release parties! We want free sode like at Microsoft! Higher pay! :)
Cheers.
--Ivan, weenie NT4 user: bite me!
Re:Authentication? (Score:1)
Re:What if you delete or have "misplaced" it. (Score:5)
Woah. I think you might be on to something here.
I'm not a crypto guru. I barely understand public key encryption as it is, but here goes:
What if an encryption scheme were devised where the plaintext is encrypted with two or more pivate keys (belonging to one person), plus the other key. The encrypted would decrypt to two or more different texts, depending which key is used.
So, I could encrypt "Meet me at midnight." and "Happy birthday, Ed." With two keys, into one block of encrypted text. Then, if I use my private key A, it returns "Meet me at midnight." and if I use my private key B, it returns "Happy birthday, Ed."
If we could somehow make the number of original plaintexts undetectable, could supply keys to those who demand them, where they would decrypt our code to get "Happy birthday, Ed." when the REAL secret was "Meet me at midnight."
I know I could've worded that better, but is this a possibility? Is it already being done? I know it's a little along the lines of Steganography [tripod.com], where the encrypted text is inserted into a piece of digital media, making it look less like an encrypted message.
Summary:
If we could encode, say, 4 strings into one crypto block, and have it return different unencrypted text for 4 different keys, while keeping the number of original strings undeterminable, the party decyphering the string would never know if they have ALL of they keys, thus they would never know if they have the data that the sending party doesn't want them to see.
Legal defense (Score:1)
Given this, might it be possible to safeguard your email by making sure it all goes over a phone line?
Just a thought...
--G
Re:What if you delete or have "misplaced" it. (Score:2)
So what do they do just beat you until you talk? Dosn't the military work like this?
I have my (reasonable?) doubts. (Score:1)
Then I wonder how anyone can find out without violating my privacy (non-email) ? Supose someone sue's our firm and I just wrote an email (whether internal or external) to a collegue in which I describe the person being a jerk.
So? How the heck could this be a major problem for me? If the person doesn't know about the email I really wonder how he could convince the judge that this email contains evidince which is really vital for his cause and that in order to get it he should be allowed to access my computer. Yeah right.
The only way this could be a problem IMHO is in a situation where this person gets some inside information. Its the only way he can know about the existence of this valuable information.
OR I am missing a major factor; the difference between European and US laws. However, difference or not, I can't imagine that a judge will give another person access to my PC just because he thinks (hopes) to find evidence.
Re:What's the point? (Score:3)
For that matter, if you've subpoenaed the server logs, you've a copy you can edit to your heart's delight.
At one point, in England, computer-based evidence was ruled inadmissable for this exact reason. There is absolutely nothing external to prove that any computer printout is genuine. Any or all of it could be forged, and there would be no way of telling. (Several Poll Tax cases were booted out over this.) However, since then, the Government has decreed that it's admissable, anyway, whether it can be proved plausable or not.
Re:The US and Lawyers (Score:2)
//rdj
Document Retention Policy (Score:3)
I noticed this quote :
In hindsight, complying with the company's Document Retention Policy (which at Netscape was basically, ``shred anything within 90 days unless you can't get your job done without it'') might have been a good idea.
How many major companies actually have a policy ilke this for electronic information? Most backups are tape/DLTs which last eternity, and is the only purpose of this policy to prevent liability with stuff lying around?
This sounds like it worked with paper-based archiving systems, where space simply doesn't exist to archive forever, and non-essential documents are destroyed, but none of the people I've done work for have had a similar policy at all.
So the question is
Re:What about ICQ? (Score:1)
ICQ even gives you a chance to save all of the messages and chat that you have with other members. Unfortunately (although I don't like it) I think that ICQ is just glorified email.
The way I do it. (Score:2)
Deniable Decryption (Score:2)
Stegonography could also be useful. Encrypt your email and hide the bits in a jpeg of a weather map and email that.
The problem with just deleting emails is the fact that they may still exist on a backup tape. When I came into the office this morning, I had unread email that was delivered after COB yesterday but before the backups were run. No matter what I do now, a copy of that email (encrypted or not) exists and can be discovered.
Wouldn't Enccryption Keys fall under 5th ammedment (Score:3)
I'll be right over (Score:2)
"New Amsterdam" is the pits.
Re:Encryption's No Solution (Score:2)
Doesn't the Fifth Amendment of your constitution make provisions to allow a defendant to refuse to incriminate themselves? Does this only apply to testimony? Would a key be considered evidence, or testimony? Would location of that key be considered testimony?
Re:What if you delete or have "misplaced" it. (Score:1)
IANAL, but this could definately be obstruction of justice if discovered. Which brings an interesting point -- could someone who encrypts data and refuses to surrender the key be charged with obstruction of justice??
--
Never underestimate the power of very stupid people in large groups
Re:In the article... (Score:1)
subpoenaed and compelled to testify (as long as
they aren't forced to incriminate themselves in
the process...). It might take an offer of
immunity in certain cases, but it can be done.
Well, 'k. There's the husband-wife exception
and bits about national security and whatnot.
But if you speak to a coworker and diss the
boss and talk 'bout how you're going to "get
back" at a company if you're laid off while
el PHB gets bonuses, and the coworker gets
subpoenaed... same thing as if you'd sent him
angry e-mail raging against the company.
* With e-mail, you KNOW that the other person now
has a copy of what you sent; the other person
KNOWS that you may have kept a copy; and both
should be aware that mail servers and every
machine along the path already has copies. With
voice, OTOH, in most cases there is no certainty
that everything's being recorded.
Both speech and mail, then, are allowed as evidence. Failure to produce such when explicitly subpoenaed and called upon to testify is not appreciated... but with e-mail, there can be verbatim copies substantiated by being in multiple places (and having left a trail in server logs), which could make a plaintiff or prosecutor even happier.
Re:There are things that can be done (Score:1)
Molog
So Linus, what are we doing tonight?
Re:There are things that can be done (Score:1)
But if you encryption key is protected by a passphrase and that passphrase is only in your hear. They will not be able to get that passphrase. So you are protected. They cannot discover what's in your head.
And you can hide behind the constitution in the case that they ask you your passphrase in court.
So encrypt sensitive information and keep the key in your head!
Routing around the government (Score:1)
the 'right to privacy' (Score:1)
Re:Encryption's No Solution (Score:2)
Suppose I have a very long passphrase, and considerable mental effort is required to reproduce it. Say you make few spelling errors in it and on purpose do not remember exactly what these errors are, so you have to try several times each time you type it. Can you be required to make this effort?
What if you encrypt your key with a passphrase, and then mail this encrypted key to your friend abroad? Then each time you want to use your key, you request it from your friend. Arrange it so you never see the key, or store it on your computer (even encrypted). When you are subpoenaed, tell your friend so. He will promptly destroy the key.
--
email is not evidence (Score:1)
while its true that a photograph can be faked altered etc (yes, you can output to negative and then process as normal) usually clues can give it away, such as the "noise" being too regular in one part of said picture etc. its a game of cat and mouse.
this is not so easy with files. files are a closed set and thus alot easier to doctor for the courts without leaving any holes.
i personally dont think any electronic communication should be concidered admissible evidence in any court of law.
so whatever happend to the fifth ammedment?
Re:Why's this scary? (Score:3)
Hash: SHA1
Hmmm. You're very right on the self-control things.
Me, I don't
It would be interesting to have a "slashdot" public key floating around...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAji+jB0ACgkQh3MeQyZWueSbuACeMEsZyyf
oF0AoIqi5q6xpU0p588mBPz9Yk+gvrmT
=n/x7
-----END PGP SIGNATURE-----
Re:Encryption's No Solution (Score:1)
The only case that I am aware of in which a court attempted to compel key discovery is the Mitnick case, which is a criminal case. Is there any precedent for a court compelling key discovery in a civil case? In other words, is there any factual basis for the above-quoted claim?
Here are some possible solutions (Score:1)
That way, the mail cannot be as easily traced back to you. (especially if the servers log the mail transactions)
2) Use steganography.
Encrypt the information and hide it in a JPEG file or some other document that looks acceptable.
(I wonder if you can hide something in a
3) The multiple decrypt keys with two different messages was a good idea. Maybe we should start working on something like that!
I think #2 works the best. I mean, who is going to suspect a picture of The Weather Channel's latest radar to be a secret message to set off a small globalthermonuclear device at 1 Microsoft Way, Redmond, WA.?
Fialar
Possible Solutions, Related Articles (Score:1)
We've got links to several related stories on our Personal Security page: http://www.tecsoc.org/persec/persec.htm [tecsoc.org]
A. Keiper
The Center for the Study of Technology and Society [tecsoc.org]
Why is an encryption key discoverable? (Score:4)
Then it went on to say that encryption won't help, because your key can be subpoenaed; but no legal grounds for this were given. If I've committed my key to memory, it certainly doesn't seem to fit any definition of "document" (unless legal definitions are even crazier than I thought possible). So what are the legal grounds for forcing me to reveal something that exists only in my head?
Could someone with some legal expertise comment on this?
As I remember the Co$-vs-the-Net war, $cientology subpoenaed computer files from Grady Ward (who most certainly was not Scamizdat). So he turned over a bunch of files, including PGP-encrypted files, and that was that. He was never even asked for a key, IIRC. The Co$ went on to hire a Special Master who attempted to decrpyt the files, much to the continuing amusement of all observers.
The Co$ notoriously uses every legal means available to get what it wants. So if they didn't even ask for a key, I'd very surprised if there is any legal grounds for doing so at all.
Re:Encryption's No Solution (Score:1)
>considerable mental effort is required to
>reproduce it. Say you make few spelling errors in
>it and on purpose do not remember exactly what
>these errors are, so you have to try several
>times each time you type it. Can you be required
>to make this effort?
This reminds me of the ACC and Gentry Lee's book "Rama II". In it, three military officers on a spacecraft have 50 digit numeric codes to arm the ship's nuclear bombs. The entry of any two of the officers' sequences activates the bombs, so the system is defended against the actions of either a single rogue officer or a stubborn one. The scheme is called Trinity.
During the spaceflight, one of the officers dies in surgery. Near the end of the book, the two remaining officers are ordered by Earth to activate the bombs for a time-delay, set them down inside a giant spacecraft that's about to crash into Earth, and leave in their own exploration ship.
Anyway, the 50-digit string that one of the officers had was a mathematical sequence that he didn't actually remember, but he knew how to work out. I don't have the book handy, but it was some kind of obscure theorem that the authors described. It's an interesting way to generate a password for when you're shipping a HD across the country or something similiar.
Yes and no (Score:3)
Remember, the "land of the free and the home of the brave" is the same place where the highest court of the land looks poised to rule that anonymous tips are sufficient for giving probable cause to government agents to stop and frisk citizens on the streets. "Hey Bob, the person over there who looks like he's a member of a disfavored racial minority group looks like he could be carrying some drugs (or even a bomb!). Why don't you step into that phonebooth and call the station and leave an anonymous tip so we can go over there and get medieval on his civil rights! And remember, anonymity means zero accountability."
We're also the country where, right after the Diallo verdict came back, police three blocks from Diallo's house went and shot another unarmed black man at point-blank [cnn.com]. But at least this time he had a sketchy criminal record and the whole thing was just a big mistake, so that makes it justified, right? Right? I hate this place.
Encryption / PGP : a two-edged sword (Score:2)
However, sending everything in the clear using non-secure channel means you could possibly repudiate any email evidence: Just demonstrate how 1-anybody could have altered the contents 2-anybody could have used my PC to send that email 3- the plaintiff could have forged the message
(obIANAL)
---
Re:the 'right to privacy' (Score:2)
The third ammendment protects citizens from having troops quartered in their homes during times of peace. Why? Privacy. It's quite easy to understand the fifth amendment protection from self-incrimination in the same way. And then of course there's the ninth amendment which explicitly says that just because the right isn't specifically enumerated, that doesn't mean it doesn't exist.
Have you read Griswold v. Connecticut? Katz v. US? Pierce v. Society of Sisters? Stanley v. Georgia? Eisenstadt v. Baird? Are you aware of federal and state legislation that proscribes the invasion of privacy, as well as state constitutional amendments specifically enumerating it? Do you actually have any experience in this matter, or are you just railing away at a pet peeve that's perhaps itched by Roe v. Wade? Do you even care?
Cover yourself.. (Score:2)
# dd if=/dev/zero of=/dev/sda2
# mkfs.ext2
# mount
Would this hold up in court? Well your honour, unfortunately the drive which may have contained the pertenant information appears to have been zeroed.
Oh crap, but they still got my tape backups. =)
Seriously though, I strongly believe that encrypted means of communication, or filesystems, should not become open to the court system. That defeats part of the point of encryption right there (well duh, I don't want other people reading my data). The government will never pass a bill on this though, as they have to much pressure from the FBI, DOD, CIA, police, and courts to be able to access any information they want at their free whim.
Does anyone want to write a feature into POP3/IMAP for desctructive emails ala 'You have 30 seconds to read this email before it self destructs' or 'sender requests that this email be destroyed'? I'm more than game.
EraseMe
Colloberation (Score:2)
In all of these cases you look for messages (or items) that refer to other things that are 1) verifiable, and 2) not widely known. The email message could still be forged, but it's far less likely. Do that with hundreds or thousands of messages and the "reasonable persons" on the jury will decide that the messages must be legitimate.
The defense can still assert that some messages were forged, of course, but if the prosecution/plantiff believes it's legitimate it will be presented to the jury as a "question of fact."
The latest PGP handles some of these matters... (Score:2)
As for crypto keys, I thought it was determined in the Mitnik case that you could not be compelled to hand them over if you think the data might incriminate you. Fifth amendment to the constitution as I recall. You can't be forced to contribute to your own prosecution. So among your encrypted, but not yet wiped, data, just include a little line about how you were driving at 70MPH in a 65MPH zone the other day. Bingo... incriminating data protected by your PGP key, making the key protected under the fifth.
IANAL, but I'm almost SURE I can recall Mitnik's crypto keys being protected, but YMMV on the legal issues.
I DO know tho that PGP does a damn good job zeroing your freespace. I've checked my free sectors with Norton both before AND after a PGP wipe before. And it worksquite nicely, thank you very much. IF you remember to wipe your data.
And PGP is available for damn near every OS as well.
john
Re:Document Retention Policy (Score:2)
I think to get around this, you'd need to design both your directory structure and your backup strategy around your retention policy. You'd have an area where the stuff subject to retention lives. Likely your e-mail system, whatever it is, would be here. By default, stuff gets deleted after a certain period of time (according to policy). Backups of this area are done on separate tapes, which would get recycled in the same time frame, and never archived. (And don't forget to destroy that backup tape you made before you moved those files to any new machines!)
Then your only problem is when you have to explain to the president of the organization (who of course doesn't understand these things) why it is absolutely not possible for him to get back that e-mail from Fred that he left in his in-box one day too long.
Re:Naive (?) solution (Score:2)
That will protect you from a jail sentence or monetary settlement for your activities. But it doesn't protect you from other damage that can be done by exposing your private data. Court transcripts are usually public information unless they are sealed. The purpose of that is to protect us from abuses of and by the courts by opening them to public scrutiny.
I can think of a significant number of things that I don't want made part of the public record. My financial records are a good place to start. That is simply going to invite more telemarketters who are going to have rather specific information about me. How about my medical history. Many doctors have e-mail accounts. While ordinarily medical information is considered private, by the time my hard disk has been unerased, that won't prevent the information from being leaked.
Robbing people of their privacy has a chilling effect on legal expressions of non-mainstream viewpoints, whether they are political, ethnic, religious, scientific or otherwise. If you can't discuss those views with people of like minds in harmless ways without having every word exposed to your neighbors and coworkers, won't you think twice about talking at all?
Neal Stephenson fans may remember this plot point (Score:2)
(I don't think this is a spoiler, but if you haven't read the book, proceed at your own risk.)
At one point the bad guys want a particular piece of information that they are pretty sure resides on our hero's mail server. So, in order to get it they jimmy up a lawsuit and subpoena the mail server.
Returning to the real world, I don't think that this is a particularly stunning revelation; people have been aware of these issues surrounding paper documents for a long time. The only difference is that we are accustomed to thinking of email as a more informal medium than paper. Apparently the courts don't agree. Just follow the same policy with confidential email that you follow for confidential paper documents, and you should be all right.
-rpl
Your options (Score:2)
I'd presume the keys are backed up, however...
Then there's a few that offer one-shot sends (can't reply to these) that delete all traces of the message from their servers.... just not from the recipient's machine...
The best solution is to take the advice of the article. Use harshly separated accounts, do what you can to (hard)delete files regularly, etc.
I'd recommend setting up an alternate personality or three that you access only via anonymous proxy(s) that offer encryption (hushmail, ynnmail, the various anonymous remailers). Use the PGP plugin's secureviewer if you're truley paranoid to defend against Tempest attacks... and for chrissakes, clear out your cookies, temporary internet files, and temp dirs regularly and do a 11-time rewrite of the emptied space.
Re:It just isn't worth it (Score:2)
Re:the 'right to privacy' (Score:2)
Which of the following words is unclear?
/.
Re:What if you delete or have "misplaced" it. (Score:2)
Re:Scary stuff! (Score:2)
Re:Document Retention Policy (Score:2)
It'll cost you a packet if you do get subpoena'd, BTW, in any case; my understanding is that you have to pay the upfront costs of providing the documents. I don't know if you get them back if the other guy loses at the end of the day, but still, if you have to pick through years worth of backup tapes extracting e-mails from (say) a proprietary, database-type system, it will cost you lots.
And yes, for my sins I did use to work for people who had real reason to worry about this stuff ;)
What you all are forgetting.... (Score:2)
I'm in no way saying "Encryption is for the birds, why bother". I'm saying that in many cases it's not feasible to encrypt every single piece of mail (esp. to those who'd have no clue as to decrypt it), and chances are, those "little" things are the ones that's going to come back to you.
A recent experience (Score:3)
I work for a large government agency where all email is saved forever because everyone is accountable for everything they do for all time. That's fine. We're public sector law enforcement; we should have such rules. Recently, though, an employee sued the agency and requested all email files. Our lawyers argued that such a subpoena would be overbroad and would reveal a great many private things shouldn't be made public. The judge agreed and a compromise was worked out. Several years worth of Microsoft Exchange backup tapes were sequentially reloaded on a system set up for the purpose. Each time a tape was restored, all files were searched for a text string matching the name of the woman who brought the suit. Then, all emails that contained her name were *printed out* and delivered to her lawyers. Not surprisingly, lots of folks had been jabbering about this woman in email, so there were boxes and boxes of printouts. It took the poor admin assigned the task literally weeks to complete, but at least there was no way for all sorts of extraneous data to go public.
Contrast that situation with the situation of the airline employees who found their computers seized. Were they entirely without recourse? Were they not given a chance to produce the documents without having to turn over their hardware? I don't know, but I do know that if such a thing happened to me, I'd be less than happy. I have lots conventionally encrypted files that are relatively safe since the only copy of the password is in my head. But would I be willing to sit out a contempt citation to protect that data? Talk about feeling conflicted!!
Short side note: There are a zillion different circumstances when testimony *can* be compelled. I'm surprised by the number of posters who don't understand that 5th amendment protections are often non-existent, especially in civil actions. They can even be circumvented in criminal actions rather easily, assuming you aren't the primary target of the prosecution. I guess high school civics classes aren't what they used to be.
IANAL, of course.
Re:Wouldn't Enccryption Keys fall under 5th ammedm (Score:2)
On another note, this wouldn't matter anyway in this case. The 5th amendment only applies to criminal cases. A lawsuit is a civil case, so the protection of the 5th doesn't apply.
Re:What if you delete or have "misplaced" it. (Score:2)
I am currently re-reading Cryptonomicon, and I recently came across the bit (about a third of the way through) where Randy and Eb discuss something like this, and I've been thinking about it some more. How does this sound:
In addition to encrypting your real messages, you have your systems set up to send fake messages consisting of random garbage to each other at random intervals. Hence, no monitoring of server logs, or even physical sniffing of transmissions, can prove that a message was ever sent.
That was Eb's idea, but they didn't go further into it. Here's my addition: The problem is that they can still require you to surrender your keys, and when you do, they can see which messages decrypt to meaningful text and which are garbage. However, suppose each person actually has two keys, called, say, the major key and minor key. The minor key is the one that you use publicly, and everything about the major key, including its very existence, is kept secret.
You send messages back and forth using the minor keys when the content is not particularly important (important enough to encrypt normally, but not damaging should it come out in discovery), and use the major key for the things that you really don't want to have discovered. When sub-poenaed to surrender your messages, you surrender your minor key, and explain that, to protect against information leakage, you have been chaffing your communications with garbage and that decrypting all the messages with this key will reveal which ones were real and which were chaff.
What they don't know, and couldn't prove even if they suspected it, is that the set of messages that decrypt to gibberish are further subdivided into the actual garbage and the important messages that were encrypted with the major key. The main point is that you have a plausible explanation for the existence of observed transmissions that cannot be decrypted, so they have no real choice but to believe you when you deny the existence of any other messages.
David Gould
Re:Why is an encryption key discoverable? (Score:2)
Self-Destructing E-mail (Score:2)
Re:What if you delete or have "misplaced" it. (Score:2)
dave "what if you can't speak? you're screwed."
Should it? (Score:3)
Business e-mail is a completely different thing. A court order to view *corpotate* mail is definitely OK. Wether or not they can "prove" anything.
People will just have to learn to separate their personal and professonal e-mails. Perhaps companies should insist on digital signatures on business mail, informing employees that business mail is company property.
STOP Hold the flame thrower! Of course, they ought to provide a semi-private mail account too, for company (or personal) mattter "off the record".
Hey, it works for snail mail. If I write to:
TheCompany Ltd
att: Anonymous Coward
Someville
It is understood that my letter is meant primalily for the company, and simply adressed to AC. If AC is not there, I expect someone else to take care of it.
OTOH If I write:
Anonymous Coward
TheCompany Ltd
Someville
It is understood that the content meant for AC and not to be opened by someone else.
Why should not the same thing work for e-mail? (if laws are applied wisely, that is)
Re:Encryption's No Solution (Score:2)
Yes, but that's for criminal cases, and it covers only the defendant. You cannot use that for a civil case, nor can use "plead the fifth" if you are a witness. In the cited case, Netscape vs Microsoft, the fifth amendment didn't play a role.
-- Abigail
Re:What's the point? (Score:2)
Take a look at the example case, Netscape vs Microsoft. Should Netscape argue in front of the judge that the copies of the emails found on the disks of *Netscape* employees were forged by Microsoft? Of course, Microsoft also had to forge the logs in all the servers where the email passed through. And boy, they started early with this forgery, as the backup tapes have those emails as well!
-- Abigail
Re:Scary stuff! (Score:2)
Yes, but that's not the point. Reading someones mail or email without their consent can be a crime, but that doesn't mean it's a crime after a court order. And that's what's being discussed here. Court orders.
-- Abigail
Re:code of ethics for sysadmins (Score:2)
Doctors are subject to the law. And the law even says doctors *have to* protect the privacy of the patients. However, that doesn't mean they can keep quiet when there's a court order. Only priests can refuse to talk without being penalized.
Many of us sysadmins feel this way, I think we have to be serious about it.
In that case, it's easy for you. Next time you get a court order to open your logfiles, refuse. If you think your code of honour superceedes the law, you shouldn't have a problem dealing with the consequences.
-- Abigail
Re:How to keep email private (Score:2)
So, you end up in jail and/or heavily fined, and your harddisks seized. What exactly did you gain?
-- Abigail
Re:Authentication? (Score:2)
//rdj