US Police Increasingly Peeping At Email, IMs 113
angry tapir writes "US law enforcement organizations are making tens of thousands of requests for private electronic information from companies such as Sprint, Facebook and AOL, but few detailed statistics are available, according to a privacy researcher. Police and other agencies have 'enthusiastically embraced' asking for e-mail, instant messages and mobile-phone location data, but there's no US federal law that requires the reporting of requests for stored communications data, according to Christopher Soghoian, a doctoral candidate at the School of Informatics and Computing at Indiana University."
Happened to me (Score:3, Interesting)
Re: (Score:2)
I always stick to the "email is not secure" motto. Encrypt something that needs to be protected. If the person doesn't screw around with e-mail encryption (let's be honest, it's not easy and most people would give up on it; they don't think there is a need), then I'll at least use an encrypted zip/rar file and stick it in my public dropbox. They can get it there.
Re:Happened to me (Score:4, Informative)
I say that if you're going to encrypt, encrypt everything or at least as much as possible. If the authorities want to come after me with a five dollar wrench so be it, anything that important wouldn't be in my email anyway.
And email encryption is not easy? Install Thunderbird, GnuPG [gnupg.org] and Enigmail [mozdev.org]. You can even set rules to encrypt emails to specific people by default. I've gotten my family, close friends and coworkers using Enigmail and they love it. Even better, and my ulterior motive from the start, is that I now have a good-sized web of trust.
Re:Happened to me (Score:5, Insightful)
I definitely agree that everything should be encrypted, it has a great deal of benefits (aside from my opinion that cryptography is just fascinating). It's problematic though, since most people don't think that way - now we're back at square one, how am I supposed to send an encrypted e-mail to someone without a public key? Even if they had one, we still run into some problems with people not paying attention to what they are doing (did they verify that the fingerprint I gave them matched before they trusted my public key? Not likely).
I think computer security in general is far removed from many people's minds outside of paying their 40$/yr to Symantec. E-Mail encryption? They simply don't care.
Ask Slashdot Submission (Score:3)
It's easy for me and it's easy for you - it's even easy to use once it's set up (assuming they are vigilant). But if I told my (very non-geek) girlfriend to encrypt her e-mails, she would have no clue on where to start. I could certainly help her but the problem is that not everyone has someone to ask or would even care enough to do so (obvious, since most people don't encrypt their email).
I definitely agree that everything should be encrypted, it has a great deal of benefits (aside from my opinion that cryptography is just fascinating). It's problematic though, since most people don't think that way - now we're back at square one, how am I supposed to send an encrypted e-mail to someone without a public key? Even if they had one, we still run into some problems with people not paying attention to what they are doing (did they verify that the fingerprint I gave them matched before they trusted my public key? Not likely).
I think computer security in general is far removed from many people's minds outside of paying their 40$/yr to Symantec. E-Mail encryption? They simply don't care.
I have a submission pending on just this topic. I find it shocking that email encryption has not become simple to set up and standard to use. The reason our friends and family don't use it, is because solutions are platform dependent, or require technical knowledge to set up, or are a total pain to use, or all of the above.
There is really no excuse for this situation. Email encryption (and digital signing) should be automatic and transparent. Granted, only tech-nerds will take proper care of their keys, but
Re: (Score:2)
I'm curious to know if there are any good solutions for Gmail/google apps and encryption/signing within the web application.
I gave up on hosting my own e-mail server a long time ago, and I've really embraced google apps...
Wrench & Geniuses (Score:2)
(Intro note - XKCD is speeding up communication by giving us handy memes!) I agree with the poster below that if the authorities decided to do their thing, we do really have to watch out for the five dollar wrench effect. Encrypted email? "Give us the key". Some double-blind unknown and unknowable key, on both sides? The "what are you hiding" crowd is having a disturbing influence lately.
That's the downside of the "leverage the genius" effect of the new internet - it used to be any old state police
Re: (Score:2)
I dunno, so far I think the gov side is growing worse because churches can't yet slap you with a felony for a misclick and send twelve swat team members to arrest you for copying Shrek 3.
Re: (Score:1)
Re: (Score:2)
The $5 wrench was known as the rubber hose before XKCD. But they helped teach people about it so that's always a plus.
Re: (Score:2)
There once was a time when the police wouldn't want anyone to know they'd been beating prisoners, hence the non-marking rubber hose.
Today they use wrenches to advertise they can do what they want without fear of consequences.
Re: (Score:2)
I had an out-of-state police dept. gain access to my Gmail account for a joke email I forwarded to somebody who requested it. The intended recipient provided me the wrong email address (off by one letter) and it ended up in the wrong mailbox. It was not threatening/sick/graphic, yet they were able to access my account and locate me by phone.
That's actually really creepy, more so since the email was just a joke email. I always stick to the "email is not secure" motto. Encrypt something that needs to be protected. If the person doesn't screw around with e-mail encryption (let's be honest, it's not easy and most people would give up on it; they don't think there is a need), then I'll at least use an encrypted zip/rar file and stick it in my public dropbox. They can get it there.
"We received a complaint about you sending a gibberish email to the victim, so we accessed your gmail account and found all of your emails are encrypted. Just what are you hiding, jonamous++?"
Just imagine all the spam that gets sent with real people's email addresses as the sender; that potentially justifies a warrant for your email provider now?
Not surprising (Score:1)
As the business of government continually expands in both revenue and power over the people, liberty is oppressed proportinally. There is no way out, except to reduce the size and scope of government. You want a government big enough to give you everything you want? By necessity, that government is big enough to take everything you have -- including your god-given right to self-ownership.
Re: (Score:1)
As the business of government continually expands in both revenue and power over the people, liberty is oppressed proportinally. There is no way out, except to reduce the size and scope of government. You want a government big enough to give you everything you want? By necessity, that government is big enough to take everything you have -- including your god-given right to self-ownership.
Yet the cuts that I see being proposed (yes, even by the tea party/libertarian types) are mostly bullshit on this front.
Where are the proposals to defund DHS or TSA? No one is proposing any. Yet, that's where the real threats to our liberty lie. Instead, it is nickel and dime bullshit directed against planned parenthood, NPR, or head start.
Now tell me, AC, who did you vote for in 2000? 2004? Because that's when the biggest power grab happened.
Fucking faux 'libertarians', you didn't bother getting involv
Re: (Score:1)
You are a sad individual.
Old news (Score:5, Funny)
Comment removed (Score:3, Informative)
Re:The Constitution is federal law. (Score:4, Insightful)
>> against unreasonable searches and seizures
> Any statute which purports to give the government access to our electronic communications without a warrant is not a law at all. It's a usurpation.
First, I agree with you. I believe that the spirit and intent of The 4th, and the spirit and intent of The 1st, are being violated. The 4th for obvious reasons. The 1st because the concept of free association and speech is hollow when the government is always listening.
That said, to clarify how the letter is not being violated, at least in their eyes:
"Unreasonable" is interpreted to mean that searches and seizures are Constitutional in any case where you do not have a reasonable expectation of privacy. Since email travels in the clear (mostly) and when you use a cloud service you are giving the information to an untrusted third party, the courts hold that you do not have a reasonable expectation of privacy.
We can wail and gnash our teeth all we want. It is, to me, unquestionably a violation of the principles upon which this nation was founded. And we should. We should make it clear to everyone we know that this is going on, and ask that the policy be changed.
Meanwhile, we (information science professionals, enthusiasts, and hobbyists) should focus on the letter-of-the-law side as well. Restore the reasonable expectation of privacy in electronic communication. Endpoints, content, protocols, everything. It's not easy, but we can do it.
I have a project in that vein I'm working on. We all should.
Re: (Score:3)
Since email travels in the clear (mostly) and when you use a cloud service you are giving the information to an untrusted third party, the courts hold that you do not have a reasonable expectation of privacy.
*we*, the geeks, don't have a reasonable expectation of privacy, but ordinary folk should. They become very surprised when they find out their emails are more public than a land-line telephone conversation.
Re: (Score:3)
Um, as an Aussie I may just be showing my foreign lack of clue, but if you replace "email" with "postal mail", and "a cloud service" with "FedEx", how the bloody hell does that make one damn iota of difference to the Fourth Amendment? Seems to me Justice wasn't just blind on the day US courts came to
Re: (Score:1)
However, email generally flies around in clear text, which is the equivalent of postcards.
I thought it traveled around on a wire, like an unencrypted phone call, and is stored on a disk, like voice mail left for me on my cell phone... which requires a warrant to hear... unless... did Verizon switch to magic flying postcards and not tell us?
Re: (Score:2)
> if you replace "email" with "postal mail", and "a cloud service" with "FedEx", how the bloody hell does that make one damn iota of difference to the Fourth Amendment?
Not that I agree with it, but there are two differences that are in play:
1. The envelope.
2. In-transit versus stored.
I think the former does not hold water because telephone conversations do not take place within an envelope, but are protected. That is when they shift to item 2; phone calls are in-transit, not stored. I think that is a cro
Re: (Score:2)
How could something so simple be gotten so wrong?
Replace "envelope" with "file" or "stream".
And whether envelope, file or stream, in all cases you have a containment mechanism which can, with the appropriate technologies, be penetrated without evidence to the sender's intended recipient.
(and I seem to recall that in the US the police aren't even allowed to casually thermograph your houses as they drive down the street?)
In-transit: "bags in a postal truck" vs "
Re: (Score:2)
. Since email travels in the clear (mostly) and when you use a cloud service you are giving the information to an untrusted third party, the courts hold that you do not have a reasonable expectation of privacy
As more and more mail servers take advantage of TLS (thnk ssl for email), does it change this expectation? if my email never travels a public network in clear text, do i then get an expectation of privacy?
Given that it can be encrypted from teh server w/ no obvious tell tales at a user level, how are users supposed to know whether they are protected or not?
Re: (Score:2)
In principle, I agree with you. But in reality, if the email is stored somewhere else, while it might be yours in name, it's NOT your data. It belongs to everyone who has it.
Re: (Score:2)
Unfortunately, Facebook has set us
Good tip, too bad they named client after Miranda (Score:2)
Re: (Score:1)
Re: (Score:2)
Because prosecutors choose who to prosecute. And cops are above the law, unless they get caught on film beating someone up without cause. And even then, they usually get away with it.
Not legally, but in reality. Welcome to the future. And it's not just the US, we have the same problem in Canada.
Re: (Score:2)
In principle, I agree with you. But in reality, if the email is stored somewhere else, while it might be yours in name, it's NOT your data. It belongs to everyone who has it.
They why is it treated differently if it is "stored" on a piece of paper?
Re: (Score:2)
What does paper have to do with anything? If your physical mail is stored somewhere out of your control then you have to assume someone else could have read it, too. I trust the USPS to carry the mail that I send through it. I trust the internet to carry the email that I send through it. If I feel it needs to be encrypted then I can do that. I don't trust my ISP or gmail to store anything and only give it to me. On the other hand, I don't engage in illegal activity via my gmail account.
Re: (Score:2)
What does paper have to do with anything?
Are you kidding with this? How about 18 USC 1702 [justia.com]?
Re: (Score:2)
You're still not getting it. You get as much justice as you can afford. Can you please explain for me why the USDOJ found that Microsoft had illegally exploited their monopoly position in a variety of ways, yet was let off the hook without so much as a hand-slap, and why Bill Gates continues to be in control of billions of dollars of money whose acquisition was actually proven to be illegal, but people are being evicted from their homes over their inability to pay off bullshit mortgages while companies hold
Re: (Score:2)
You're still not getting it. You get as much justice as you can afford.
Because the government is too big. Shrink it down to a manageable size and they wouldn't require tribute from everyone like they do now.
Can you please explain for me why the USDOJ found that Microsoft had illegally exploited their monopoly position in a variety of ways, yet was let off the hook without so much as a hand-slap.
Because Microsoft had tons of money and pretty much kept out of politics and ignored all the blustery puffing going on in DC. Once they started throwing money at the politicians and paying lobbyists to take them out to fancy dinners and junkets, they got all warm and fuzzy about them.
You really don't have the rights you think you have. One by one they are being eliminated.
Of course. Government grows at the expense of liberty.
Re: (Score:2)
You get as much justice as you can afford.
Because the government is too big. Shrink it down to a manageable size and they wouldn't require tribute from everyone like they do now.
I've seen no evidence that the size of government changes the fact of tribute, although it may well have bearing on the amount.
Re: (Score:2)
I've seen no evidence that the size of government changes the fact of tribute, although it may well have bearing on the amount.
Wow way to create a straw man out of something I barely said. It has a bearing not just on the amount, but the ability to demand it and the number of people they demand it from. At one time it was just the whiskey distillers and the import/export businesses. The government actually had to go begging for a loan from JP Morgan because he had money and they didn't. FDR grew government tremendously, and threw a much wider net, until he was demanding tribute from every business and farmer he could get his th
Re: (Score:1)
moreover, if the searches were "reasonable" then they wouldn't have a problem getting a warrant.
Re: (Score:1)
How do they know who it is (Score:1)
Re: (Score:2)
I'm behind 7 proxies. Good luck.
Re: (Score:2)
They use a GUI interface in Visual Basic, duh.
Re: (Score:1)
An email address is easily traced back to the domain it came from. At the company I work for, the domain is either one of our own email domains we give to customers or a hosted domain. All hosted domains point to our company. If someone wants to find out what customer is using an email they send us a subpoena request, then we look up the customer account based on domain/email address (which are records we are required by law to have).
I will (
I'm sure this will get worse (Score:2)
Re: (Score:2)
Any advice, other than do not use these services would be welcome. The dos and donts.
Use your neighbour's wifi and a account in their name.
Re: (Score:2)
This way, at least communication between the people on the mailserver cannot be traced (of course, encrypt traffic to and from the mailserver).
If there are people outside this you are communicating with, then email encryption is probably
Re: (Score:2)
Personally I run my own email-server, its not very expensive and you get full control of a domain. Now with all the virtual servers in-the-cloud, the entrycost is next to none, and you get a domain that you control.
What makes you think this gives you any protection against this? Where is your server located?
Mine is in my house, which will require a warrant to access.
Even if you run the machine in a secure facility where only you have physical access to the box, then it's just a matter of finding a root vulnerability in order to access it. It's not like that hasn't been done before...
I thought we were talking about the police? If I was ever doing anything that would prompt law enforcement to go to that level of effort to access my email ... AND it was something that I could absolutely NOT avoid putting it in an email, well, it wouldn't be stored on anything I own can be linked to anyway.
Re: (Score:2)
Any advice, other than do not use these services would be welcome. The dos and donts.
End to end encryption for all email and IM. We have had strong encryption available to us for decades now.
Land of the free .... (Score:2, Insightful)
Welcome to the land of the free and the home of the brave, where big brother can ask for all of your private information and it will be handed over without record.
Where there is no Fourth amendment, and judicial oversight are things of the past. Where you have no expectation of privacy, and the government involves itself in every aspect of your life.
Never talk to the rest of the world about your freedoms and your wonderful society ... it doesn't exist as you remember it, and you're happy to be blissfully a
Re: (Score:3)
You guys really need to reign in your government, before it's too late for all of us ... because once your government fully becomes asshats who don't respect your rights, all of the rest of us are completely fucked.
We tried that the legal way, electing a guy who was a card-carrying ACLU member who had taught constitutional law and written a lot of pro-civil liberties articles to the highest office in the land. The trouble was that he just turned out to be another asshat who didn't respect our rights once he got in office.
There's good news though: So far, I haven't been privy to any recent attempts to violate my Third Amendment right to not have troops quartered in my home without my consent.
Re: (Score:3)
... and you're happy to be blissfully aware as long as they keep putting out American Idol and Facebook stays online.
I'm reminded of a comment on the fake twitter account for Mahmoud Ahmadinejad when that asshat in Florida was going on about burning the Qur'an a few months ago. "I like to retaliate by burning a book that you Americans hold dear, but the only book you care about is Facebook."
I think Zuckerberg has created a monster. It seems to be capable of helping people organize great changes in their nation, but is equally capable of helping them continue to ignore what they should be paying attention to.
Nanny state (Score:1)
Are you suggesting that a western nanny state government, is looking into the private lives of its citizens? That is simply shocking!
Simple Solution (Score:4, Insightful)
But Gmail? Facebook? I am continually amazed by people who store their personal data in these places and expect it to stay private.
Re: (Score:1)
Nor is it a realistic solution for most of the world.
Re: (Score:1)
"not a complete solution" Nor is it a realistic solution for most of the world.
Running a mail server from home would violate just about every ISP ToS I have seen as well.
Re: (Score:3)
Running a mail server from home would violate just about every ISP ToS I have seen as well.
Pay a commercial provider for SMTP connections to/from the outside world, and have them forward the messages to your local server. Configure your IMAP server to listen on a non-standard port. The point is to have the storage be local.
An ISP that blocks all incoming connections isn't an ISP.
Re: (Score:3)
An ISP that blocks ANY incoming connections isn't an ISP.
Fixed that for ya.
Re: (Score:2)
An ISP that blocks ANY connections isn't an ISP.
FTFY
Or encryption (Score:2)
GPG for email, OTR for IM, and ZRTP for VoIP. (No. No skype for VoIP. It's encrypted too, but as it's not opensource, nobody can check there's no backdoor).
Everybody has a right to privacy, everybody has a right to use the correct tools for that.
If anyone pulls a "but this will allow the evil pedo-terrorist pirates to roam free" complain, see all the report of arrests :
- How many high level criminal were arrested thanks to communication intercepted by stealing encryption keys, cracking 56-bits password with
Re: (Score:2)
I actually ran my own mail server from home for a little while. The problem with that was because of the IP my email was originating from, people I would send email to, would not receive the email. Their (company) email servers would block my email. I was receiving emails, and some of the free services (like a hotmail) would receive what I sent, but most people would never get the email.
If you get a static IP address from your ISP, ask them to change the reverse DNS record so that it points to your chosen host and domain name. Unless you're in a block that has been specifically included in a blacklist (like some cable company blocks), then passing reverse-DNS will satisfy most other mail servers. I've never had my email not go through and I'm on DSL.
Re: (Score:2)
From a cop... (Score:2, Interesting)
My father is a cop, supervisor of investigations here actually, and I asked him about this once. If I remember correctly, the standard our police use is that any electronic documents that you have in your possession (i.e. a cell phone pic or document on a laptop) at the time of arrest are free game unless they are locked, encrypted, etc. If the document is not in your immediate possession (readable with out connecting to a server or decrypting), then they need a warrant from a judge to view them. The concep
Re: (Score:2)
This should be prosecuted to the fullest extent of the law, IMO.
Done, and done. Oh, I'm sorry, did you mean it should actually be illegal? Maybe you should try saying what you actually mean.
Hm. (Score:1)
This is the only problem I have with this. If they want to look through my logs, fine, but I want to know what they're looking at and why.
And while I don't expect it in a million years, it would also be nice to have the power to tell them to fuck off if I don't want them looking
Re: (Score:1)
Re: (Score:2)
Re: (Score:1)
No, you don't tell them to fuck off. You tell them to come back with the proper paperwork from a judge proving that they are not engaging in a personal vendetta on company time.
Personally, I don't let cops search without a warrant because having nothing to hide means any reason they offer for inspection is false. If it's even remotely plausible, then they should try to gussy it up for a judge first. I've found that judges are, in general, adept at spotting shenanigans.
Please, practice saying this: "I ob
Re: (Score:1)
I think a lot of people in the US need to reread the US Bill of Rights, Constitution, and all of the amendments and really study them. This really needs to be done in the govern
Re: (Score:1)
And on the electee's time and dollar, not the tax payer's.
And that's why it will never happen.
Re: (Score:2)
Of course, many people would say that this leads the cops to have "probable cause" because if the person doesn't have anything to hide, why wouldn't they let the cops look?
Thankfully those morons usually aren't judges. Refusing to consent to a search (along with pleading the fifth) is not, never has been, probable cause.
Hopefully the Privacy Bill of Rights in Congress (Score:5, Informative)
will fix all of this, oh wait, by the standard of law naming in Congress this will do the opposite of what it claims.
See http://www.washingtonwatch.com/bills/show/112_SN_799.html [washingtonwatch.com] and http://www.cato-at-liberty.org/the-privacy-bill-of-rights-is-in-the-bill-of-rights/ [cato-at-liberty.org]
[T]he measure applies only to companies and some nonprofit groups, not to the federal, state, and local police agencies that have adopted high-tech surveillance technologies including cell phone tracking, GPS bugs, and requests to Internet companies for users’ personal information–in many cases without obtaining a search warrant from a judge.
---
In other words, the government seems keen on protecting us from ourselves while opening us to them by any means. It really comes down to crafting laws with safe sounding names all in an effort to circumvent the Constitution. As most realize, Congress's favorite activity of the last fifty or so years has been how to get around the limits our Founding Fathers placed on the Federal Government.
Re: (Score:2)
As most realise, most people are ignorant. [wikipedia.org] Knowledge is power!
Sprint Is Lo-Jacking Customers (Score:2)
So Sprint admits that they are essentially lo-jacking th
Re: (Score:2, Insightful)
It's about time... (Score:2)
In related news, criminals (and everybody else, for that matter) are increasingly using email and IMs to plan or discuss crimes (or family reunions).
What's happened to the rate of landline wiretaps, or good old-fashioned undercover following? How many telegrams per day are intercepted now?
Everything is done by email now, and I find it perfectly reasonable that the police are increasingly turning to email for evidence. That's where the evidence is.
Re: (Score:1)
In the "good old days" you describe, police still needed a warrant to seize and read your mail/telegrams or add a wiretap to your landline...
Now they don't, they don't need to get a permission or tell anyone and it is not registered, they can just "walk in" and say "Hey, give us all the email sent to and from someone@aol.com" and then read through that persons private life...
In the best possible cases, this can lead to "the good cop" (only existing on TV) being able to bust some crook that otherwise hid his
Re: (Score:2)
Re: (Score:3)
I'm concerned about the instances where cops take bribes
A bit of a tangent, but it pertains to the larger issue of police corruption that's been enabled by granting them too many powers.
Police like to say that they're "always a cop", even when off duty. If that's the case, then why are they allowed to get paid by people they may have to investigate in the future? What if a cop on a detail is getting paid, I dunno, $2000 a month to work as a part-time security guard (while in his police uniform) at a theater, then the theater owner becomes a suspect in a crime. H
Re: (Score:3)
It's one thing for the police to look for evidence in email, that's all well and good. The problem here is twofold: they don't have to serve a warrant to the person whose email they're perusing, and they don't have to even tell that person they're snooping around. Contrast that with if the police want to search your house, your car, or even your CPA's office. In all of those cases you at least have an idea that they're doing this, which provides some oversight on these activities.
The idea that just because
Just wondering (Score:1)
I'm curious, at what point does a country become a police state? Is there an objective measure? Because at a cursory glance the US is ticking all the right boxes; imprisonment without trial, torture, executive kill orders, mass surveillance...
Because seriously, if the only metric is “at least it's not as bad as North Korea” then we're headed for some interesting times.
Re: (Score:1)
Re: (Score:1)
Or perhaps we're talking a really self-confident police state? One that's reached such an impervious level of power that it can tolerate a little harmless dissent?
The real test of course is can you say something that might realistically damage the president? For example if your average citizen (without, say, the protection of a press pass) were to say something like "my president is a war criminal and I have official evidence to the fact", would he still be safe from being thrown in jail?
Re: (Score:1)
Re: (Score:2)
Weren't there arrests at several of Bush's (Jr) speeches?
Let's see how my google fu is today.
There's this:
http://news.bbc.co.uk/2/hi/americas/4672676.stm [bbc.co.uk]
which is a little bit different, as it's at the State of the Union, not a public speech. Just remember, our best and brightest men and women are over there fighting for your freedoms. So don't dishonor them by actually exercising any of those freedoms.
And it's not just in the US of A:
http://www.msnbc.msn.com/id/16752321/ [msn.com]
Hey Fosters, what's Australian for
Defcon 2010 - Your ISP and the Government BFF (Score:2)
Defcon 2010 - Your ISP and the Government Best Friends Forever - Christopher Soghoian
http://www.youtube.com/watch?v=jJDCxzKmROY [youtube.com]
Sit back, relax, be freaked out and go make a tinfoil hat out of desperation.
Recent NPR story (Score:2)
I heard a story on NPR last Sunday about someone being taught by their parents that what made America great (and so much better than "the old country") was our privacy. Specifically, that it was a "federal crime to open the mail".
The story was about the effects of living connected lives. It also mentioned Zuckerberg's recent comments about the pointlessness of privacy. And how the more connected we are, the harder it is to reinvent ourselves.
More and more if feels like we've lost something of our individ
Encrypt previously clear emails? (Score:1)
Re: (Score:2)
Dicks.
A request for your IP address has already been registered.
Re: (Score:2)