Slashdot Mirror
E-Mail, Privacy and the Law
Not From Me writes, "sendmail.net has an eye-opening article about how 'private' e-mail is in the eyes of lawyers and courts, called E-Mail, Privacy and the Law. Scary stuff, and important to know."
← Back to Stories (view on slashdot.org)
jiggy jiggy jiggy smalls is da illest
But then counting email as the same as a letter makes sense. Far easier to delete an email than to destroy a letter though....
S-J
Why is there a sudden concern about the privacy of e-mail? E-mail has never been 100% private nor will it ever be. Even with encryption there is always a way to decode. The solution is simple: don't send sensitive messages over e-mail. -
Good, Bad... I'm the guy with the gun. -Ash
"... it can be demanded as potential evidence during litigation."
Isn't this one of the things that has got Microsoft into so much trouble throughout the court case? I wonder how much of what they now stand accused of would not even have seen the light of day without forcing them to disclose their emails?
-- MartinG To mail me: echo kewyjlcxyzvjfxbqwh | tr bcefhjklqvwxyz
Scary stuff, just goes to show that anything we put out over email is public. As a PHB and being pretty close to the Netscape suit that was referenced. Little stuff can haunt you as well, All the jokes, flames etc that an employee might send can also screw you. We had to put out to Friend and associates to please DO NOT send me anything remotely inapropriate over mail, this included Hotmail and the like. It just isn't worth it.
More race stuff in one place,
than any one place on the net.
In this case refering to the key that was used to encrypt the information. Realistically you can't be expected to deliver information that you don't have.
Perhaps the best idea that I have is to simply have a convincing fake on hand to lure would be lawyers into thinking something else when it's really not the case.
Slashdot social engineering at it's finest
what can you do with an email, legally?
It's just a sequence of bytes anybode could have made, unless you signed it with a known key.
Perhaps a email protocol which allows for self destruction and prevention of forwarding of emails needs to be created (not patented). I send an email to a co worker about how I think this and that about another employee, set to destruct in 1 day. Then, when a court case comes up, this email is long gone.
perl -e "print(pack('H37','4d65726b7572795a40676e7572642e6e6574'))"
1) email is not secure
2) a court order can seriously comprimise your privacy
3) is this what passes for news these days?
blog and junk
Despite the article's premise that it doesn't matter how many layers of encryption, etc are used to protect e-mail, it is all discoverable. Now, I'm not a lawyer, but my understanding of current US law is that the TEXT of any e-mail is discoverable: if the sender encrypted it, there is no current law on the books that would force surrender of the key. This changes a bit if only the servers encrypt the data -- which is a strong argument for public use of encryption.
On a side note, however, it is important to realize that if the authorities wish to take the time to track down the senders and recievers of e-mail messages, the plaintexts of even encrypted messages can be subpoenaed (sp?), so caution in what is said is still important.
This brings up one last issue, too: with the revision of Yahoo!'s ToS to state that they own all IP expressed over thier services, even instant messaging logs could be subject to this kind of discovery. Write your congressperson, as per usual...
In the meanwhile, encrypt, encrypt, encrypt! At least we'll make them work for the data. :)
--
Never underestimate the power of very stupid people in large groups
We may not imagine how our lives could be more frustrating and complex—but Congress can. – Cullen Hightower
Yeah, right. If they read my e-mail in a court, they'd probably let me off just because they felt sympathetic for me.
kwsNI
I find it odd that they would expect a company or institution to be required to pull unused sectors of their disk drives in the odd chance that there would be unlinked emails in the data.
If subpoenaed, how would one actually read and store unused sectors from disks on large multiuser systems like that? (Create a file, lseek out far enough to fill the entire disk, then scan it?)
(nil)
Peole in this country are obssesed with privacy when are you going to realize that the only privacy left is your thoughts. Ahemm... can you say Echelon?
We all know that e-mail should be private, the but the question is, "Why isn't it?"
E-mail can't be used to "prove" anything. It's disturbingly easy to forge. A printout of an e-mail could easily have simply been typed. There are no signatures, no postmarks, just bytes of data that can be forged by anyone who has half a clue what they're doing.
ICQ: 49636524
snowphoton@mindspring.com
Got Rhinos?
Forgetting the private key brings the wrath of court upon you? Eh, so what? There is no way to tell (yet:) if you have forgotten it for real or not. Sounds like the author has been watching too much tv lately.
Just look at the library filter flap, UCITA, Microsoft being brought up on antitrust laws (a relic from the days of railroad), internet pr0n, and internet taxation. These are all crucial areas of law that the internet has changed the rules on.
What's the solution? I dunno. Legislators have to give some serious time to the the implications of their actions before they totally fxxk up the First Amendment, property law, search-and-seizure, and all the rest of it. Maryland is currently reviewing UCITA in this way (Thank GOD), and hopefully other states (those outdated geography-based domain names) will follow suit.
--
>There's nothing private about it, no matter how
>many layers of cryptography you've wrapped around
>it or how well you've squirreled it away.
Bullshit. With enough crypto layered around an email --- or any other piece of data for that matter --- no one besides the recipient and the sender are ever gonna see it.
If they demand the keys, you can always develop a case of the forgets. "Oops, I forget my password." "Oops. I forget where I stored my email." "Oops. I forget what encryption scheme I used to encrypt it."
Is it illegal to "forget" information like that in a civil trial? I know that a judge wouldn't take to kindly to that in a criminal trial, for sure...
i'm having flashbacks to the days when bbs operators used to leave posted notices that your email was not private and was subject to being read by the sysop at any time.
creepy, huh?
jinkusu
What is it over there in the land of the free that creates such draconian laws ? Giving Lawyers as much power as the likes of the FBI and other elements of the goverment is way beyond bizarre.
Time to have another revolution guys.
An Eye for an Eye will make the whole world blind - Gandhi
The problem with encrypting everything is that you can have your key subpoenaed too. If you don't turn over that you get hefty fines (for the defendant) or you case gets forfetured. (for the prosecuter) Encryption just doesn't do a single thing for you, except allow you to swallow those hefty fines if it's worth it. (company secrets might be worth keeping even if you have to pay millions in fines of course)
Destroying email will help you out quite a lot. Make sure that no email gets saved. And make sure that all deleted email is securely overwritten. Don't make backups and if you really need to save something hide it.
>Like any document - physical or electronic - email is "discoverable," meaning that it can be demanded as potential evidence during litigation.
What about ICQ?
Legal: Is it discoverable? Or is it like a telephone mentioned in the article.
Technical: Suppose the sender and the reciever erases their logs on their local machines. Is it stored somewhere else? Could that be "discovered"?
The surprise isn't how often we make bad choices; the surprise is how seldom they defeat us.
about email "privacy". I don't use it for offical business nor do I have anything to hide. It's great for emailing buddies, it's great for emailing technical-related questions, comments, and suggestions, but I certainly wouldn't use non-encrypted email for anything mission-critical.
Here in Holland, you have privacy laws on snail-mail, and these days even on E-mail. Reading someone else's E-mail simply is a crime.
I don't know how politics work in the USA, but perhaps there should be new privacy laws overthere, dealing with stuff like this. This means making your Congressman (this is the usual way?) aware of the problem. Perhaps other methods apply.
This E-mail privacy is necesarry, because they can now ask/force you to open up your mail, next they won't ask anymore, where does it stop?
Bizar technology?
This is just an extension of the law from the real (non-virtual) world. Why is it scary? Perhaps people have got into trouble in the past because email is so much easier and convenient to send out than paper memos/letters/etc - perhaps people don't use so much self-discipline and self-control. But that is just part of learning to use a new medium (IMHO).
What I find more disturbing is the ability to produce incomplete or altered email, out of context (copy and paste?). PGP signing of emails can help here.
this might fall under the hearsay rule.
even police reports can fall under hearsay if
one party denies what is said within it.
A year spent in artificial intelligence is enough to make one believe in God.
Bizar technology?
It's one thing when the mundane media express shock at this concept, but one would think that /. editors would have a higher clue level.
The law has a concept of "expectation of privacy". If you tell your lawyer "I'm guilty" in the middle of the courtroom, loud enough for the prosecution to hear, all the claims of attourney-client privalege in the world aren't going to help you, because you had no excpectation of privacy.
Sending private information in the clear over the internet is like walking naked in front of a picture window -- you can be sure that sooner or later, both are going to draw people's attention.
150 Opening BINARY mode data connection for slashdot.sig (129323052 bytes).
Can Slashdot forum contents be subpoenaed? We often discuss on "controversial" topics such as hacking, computer security, virus, etc. We often express our displeasure with people (Bill Gates), entities (Microsoft) and even countries (Australia). What if Bill Gates was murdered by some Linux zealot cult. Will every Linux mailing list and Slashdot contents be subpoenaed?
If such a thing every did happen, will we start to refrain ourselvers from posting notes that may be used in some court of law? Very scary stuff indeed. And these days we are seeing bigger hard drivers, and better backup software/hardware. This will make Document Retention times higher.
Let me finish by saying my employer sucks! We need some release parties! We want free sode like at Microsoft! Higher pay! :)
Cheers.
--Ivan, weenie NT4 user: bite me!
--weenie NT4 user: bite me!
"Computers are nothing but a perfect illusion of order" -- Iggy Pop
IIRC (IANAL of course), anything that passes over a phone line is protected like a phone call -- that's why you can listen in on any part of the radio spectrum except for the phone part: Since the phone part could be going on phone lines, listening to it constitutes wiretapping.
Given this, might it be possible to safeguard your email by making sure it all goes over a phone line?
Just a thought...
--G
Then I wonder how anyone can find out without violating my privacy (non-email) ? Supose someone sue's our firm and I just wrote an email (whether internal or external) to a collegue in which I describe the person being a jerk.
So? How the heck could this be a major problem for me? If the person doesn't know about the email I really wonder how he could convince the judge that this email contains evidince which is really vital for his cause and that in order to get it he should be allowed to access my computer. Yeah right.
The only way this could be a problem IMHO is in a situation where this person gets some inside information. Its the only way he can know about the existence of this valuable information.
OR I am missing a major factor; the difference between European and US laws. However, difference or not, I can't imagine that a judge will give another person access to my PC just because he thinks (hopes) to find evidence.
I followed the incredibly interesting link from this article regarding the "Really Bad Attitude" newsgroups that Netscape had setup, and that Microsoft subpeonaed (at http://www.jwz.org/gruntle/rbarip.html).
... how many companies out there do this to avoid liability, or is there a different reason for it?
I noticed this quote :
In hindsight, complying with the company's Document Retention Policy (which at Netscape was basically, ``shred anything within 90 days unless you can't get your job done without it'') might have been a good idea.
How many major companies actually have a policy ilke this for electronic information? Most backups are tape/DLTs which last eternity, and is the only purpose of this policy to prevent liability with stuff lying around?
This sounds like it worked with paper-based archiving systems, where space simply doesn't exist to archive forever, and non-essential documents are destroyed, but none of the people I've done work for have had a similar policy at all.
So the question is
At work I have two different systems. One is running Win2K (I have to support it, so I need to know it.) the other running RH 6.1. The RH 6.1 system is almost always connected to my home router/server/firewall through ssh2. I email my wife pretty much throughout the day and converse with her secure in the knowledge that when I send an email it hits the Roadrunner server, and is picked up about 2 minutes later by my wife's computer. You can't beat that. Her emails to me hit the Roadrunner server, and go directly to mine. So I guess if you had a packet sniffer on the POP3 server you could see everything I'm doing. I'm thinking of setting up a pop3 server on my server that only she and I will use, but that's kind of a longer term task.
What's needed is an encryption method that will allow multiple "fake" keys and will legitimatly decrypt something else when used (perhaps you can give it n documents and n passwords, and it just encrypts them in the same file. When asked to produce a key, give them a fake key.
Stegonography could also be useful. Encrypt your email and hide the bits in a jpeg of a weather map and email that.
The problem with just deleting emails is the fact that they may still exist on a backup tape. When I came into the office this morning, I had unread email that was delivered after COB yesterday but before the backups were run. No matter what I do now, a copy of that email (encrypted or not) exists and can be discovered.
-- Don't Tase me, bro!
I'd think you could refuse to disclose your encryption keys on the grounds that there could be something encrypted by them that could incriminate you. Maybe there is, maybe there isn't, but there could be.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Gawd I'd love to immigrate to Amsterdam :))
"New Amsterdam" is the pits.
try { do() || do_not(); } catch (JediException err) { yoda(err); }
What about putting the e-mail archive in a different country, nominally outside your control (you have to go through a person in that country to access the e-mail)? Then it would take a court order in that country to get the e-mail revealed. If that country has privacy laws, like the Neatherlands, it should be safe.
-- Support a free market in the field of government
Ok, I'll probably get flamed for this, but here are my overall sentiments on the subject. No where in the constitution does it say that we have a right to privacy. For example, the police can get a warrant and search your house if they have probable cause. I think that email should be the same way, I certainly don't think that any law enforcement agencies should be allowed to look through your stuff without cause, but I do think that if they suspect you of a crime, they should be able to obtain a warrant and examine your personal information, whether or not you have encryted your emails. I don't believe that we should let criminals get away with telling people things just because they did it on the internet. I know geeks don't like the idea that authorities can see what they've been doing (probably because what they've been doing is disgusting), but the only justification they have is this mythical "right to privacy" that doesn't even really exist. Anyway, that's all I have to say about that.
while its true that a photograph can be faked altered etc (yes, you can output to negative and then process as normal) usually clues can give it away, such as the "noise" being too regular in one part of said picture etc. its a game of cat and mouse.
this is not so easy with files. files are a closed set and thus alot easier to doctor for the courts without leaving any holes.
i personally dont think any electronic communication should be concidered admissible evidence in any court of law.
so whatever happend to the fifth ammedment?
1) Use a mixmaster or some other type of anonymous e-mail server with PGP.
.PDF file)
:)
That way, the mail cannot be as easily traced back to you. (especially if the servers log the mail transactions)
2) Use steganography.
Encrypt the information and hide it in a JPEG file or some other document that looks acceptable.
(I wonder if you can hide something in a
3) The multiple decrypt keys with two different messages was a good idea. Maybe we should start working on something like that!
I think #2 works the best. I mean, who is going to suspect a picture of The Weather Channel's latest radar to be a secret message to set off a small globalthermonuclear device at 1 Microsoft Way, Redmond, WA.?
Fialar
We've got links to several related stories on our Personal Security page: http://www.tecsoc.org/persec/persec.htm
A. Keiper
The Center for the Study of Technology and Society
The article explained that an email is "discoverable" because it fits all the legal definitions of a "document", and documents are discoverable. That much I can follow.
Then it went on to say that encryption won't help, because your key can be subpoenaed; but no legal grounds for this were given. If I've committed my key to memory, it certainly doesn't seem to fit any definition of "document" (unless legal definitions are even crazier than I thought possible). So what are the legal grounds for forcing me to reveal something that exists only in my head?
Could someone with some legal expertise comment on this?
As I remember the Co$-vs-the-Net war, $cientology subpoenaed computer files from Grady Ward (who most certainly was not Scamizdat). So he turned over a bunch of files, including PGP-encrypted files, and that was that. He was never even asked for a key, IIRC. The Co$ went on to hire a Special Master who attempted to decrpyt the files, much to the continuing amusement of all observers.
The Co$ notoriously uses every legal means available to get what it wants. So if they didn't even ask for a key, I'd very surprised if there is any legal grounds for doing so at all.
Always keep a sapphire in your mind
Yes we have a 5th amendment that is supposed to protect the accused from all self-incrimination in criminal trials. But we also have a Supreme Court that in recent years has been rather fond of undermining civil liberties like these. The 5th amendment won't protect you from having to submit a urine sample for chemical analysis, and that's the line of argument the government will likely use if the crypto-key issue gets tested. Something like "Revealing the key isn't the same as forcing you to incriminate yourself. It just lets us understand a document where you already committed the self incrimination." This stands in stark contrast to other systems of law (particularly Jewish Law) where all self-incriminations are disregarded, without regard for how or why they were made.
Remember, the "land of the free and the home of the brave" is the same place where the highest court of the land looks poised to rule that anonymous tips are sufficient for giving probable cause to government agents to stop and frisk citizens on the streets. "Hey Bob, the person over there who looks like he's a member of a disfavored racial minority group looks like he could be carrying some drugs (or even a bomb!). Why don't you step into that phonebooth and call the station and leave an anonymous tip so we can go over there and get medieval on his civil rights! And remember, anonymity means zero accountability."
We're also the country where, right after the Diallo verdict came back, police three blocks from Diallo's house went and shot another unarmed black man at point-blank. But at least this time he had a sketchy criminal record and the whole thing was just a big mistake, so that makes it justified, right? Right? I hate this place.
"If one is really a superior person, the fact is likely to leak out without too much assistance" -- John Andrew Holmes
Encrypt your mailbox with a long random password that you keep on a seperate floppy. If forced to reveal contents.. throw the floppy in the furnace.
We'd really like to submit all the slander and dirt, but that would be gravy, and I'm pretty sure if the plaintiff tries to submit any email it, too, would not be considered primary source material.
I understood this was the case in the States, but what about the rest of the world? Do we here in Europe for instance have similar laws?
If not, what if the suing company is from the States? Or what if my company's mail server happens to sit in there? It's my property but it's your country, so my rules or your rules?
... if you can't choose your sysop.
I don't mind terms of service that say "The sysop can read your mail," at least not necessarily. What I'd object to is this as legislative fiat.
timothy
jrnl: http://tinyurl.com/c2l8yr / foes: http://tinyurl.com/ckjno5
If you are an employee (I know...I know.... US employees would commit murder for a couple of extra bonus bucks ;-) ) do not engage in illegal activities. The judge and the lawyers could then read all your mail and not find anything incriminating. If, like M$, you engage in potentially illegal activites, I am quite happy to see the lawyers go after you and find that incriminating evidence.
You'll find that the private sector tramples your privacy much more often (and with more deleterious effects) than the govt. or the justice system.
The original article says:
A sensible document retention policy is the next step. Destroying older data - really destroying it, not just deleting the files - will prevent it from being discovered. Log files should also be purged on a regular basis. While they don't include the contents of messages, they can be used to establish that communication occurred.
This might cover tracks that could potentially be problematic during a lawsuit, but it certainly destroys information that would be useful for future generations of historians and researchers. I seem to remember that most of what we know about the past comes from seemingly trivial records like trade accounts, financial records, personal correspondance, and garbage dumps.
I think it is irresponsible to suggest that out of a fear of lawsuits today, we should rob the future generations of an opportunity to learn about their own history. Especially in the technological sector which is building the infrastructure for tomorrow. Perhaps there should be some sort of legal protection for an "Information Archive" site that keeps sealed documents in confidence for 50 years but then releases the contents into the historical record.
Your data should be in a jurisdiction other than the one you live in. And it should be encrypted.
Since encrypted emails practically guarantee authenticity of the sender and/or receiver, it becomes impossible to repudiate.
However, sending everything in the clear using non-secure channel means you could possibly repudiate any email evidence: Just demonstrate how 1-anybody could have altered the contents 2-anybody could have used my PC to send that email 3- the plaintiff could have forged the message
(obIANAL)
---
# umount /dev/sda2 /dev/sda2 /dev/sda2
# dd if=/dev/zero of=/dev/sda2
# mkfs.ext2
# mount
Would this hold up in court? Well your honour, unfortunately the drive which may have contained the pertenant information appears to have been zeroed.
Oh crap, but they still got my tape backups. =)
Seriously though, I strongly believe that encrypted means of communication, or filesystems, should not become open to the court system. That defeats part of the point of encryption right there (well duh, I don't want other people reading my data). The government will never pass a bill on this though, as they have to much pressure from the FBI, DOD, CIA, police, and courts to be able to access any information they want at their free whim.
Does anyone want to write a feature into POP3/IMAP for desctructive emails ala 'You have 30 seconds to read this email before it self destructs' or 'sender requests that this email be destroyed'? I'm more than game.
EraseMe
The same thing can be said of all witness evidence, audio- and video-taped evidence, etc.
In all of these cases you look for messages (or items) that refer to other things that are 1) verifiable, and 2) not widely known. The email message could still be forged, but it's far less likely. Do that with hundreds or thousands of messages and the "reasonable persons" on the jury will decide that the messages must be legitimate.
The defense can still assert that some messages were forged, of course, but if the prosecution/plantiff believes it's legitimate it will be presented to the jury as a "question of fact."
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
-----BEGIN PGP SIGNED MESSAGE-----
t 7CmzfltUjoYAoIWd
Hash: SHA1
People scoff at day-to-day crypto.
"It's not convenient!"
"Why do you need to encrypt email to your grandmother with a 4096-bit
PGP key?!"
Well, this, friends, is why we need to make encryption an
integral part of every mail reader. This is why we need to
thoroughly zero deleted data by default. And this is why you need to
empty your mailbox every time you read it. If you can live without
it, delete it (wiping the freed space).
Encryption and data wiping need to be the rule rather than the
exception.
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.3 for non-commercial use
iQA/AwUBOL6Zwe8mZ1H4eRoZEQLAngCffD3K9GB9h5m6F7q
upw1aDIK7ahf3URvbcX/6rZk
=Ef+L
-----END PGP SIGNATURE-----
Sweaty palms eh? Slow down on coffee, you'll get rid of the problem. Oh, and your shoes will probably smell better also.
Cheers!
In particular, deleted but non-zeroed hard drive sectors. The latest version of PGP includes an extension which replaces "Empty Trash" with "Wipe Trash". Now, when I empty my trash, it takes a LOT longer, but PGP overwrites all the files three times, instead of just removing them from the filesystem. I back this up with a scripted weekly zeroing of ALL free space on my hard drive. No one'll be pilfering MY private email. And if they can reconstitute the data after that many overwrites, it's pretty hopeless anyway.
As for crypto keys, I thought it was determined in the Mitnik case that you could not be compelled to hand them over if you think the data might incriminate you. Fifth amendment to the constitution as I recall. You can't be forced to contribute to your own prosecution. So among your encrypted, but not yet wiped, data, just include a little line about how you were driving at 70MPH in a 65MPH zone the other day. Bingo... incriminating data protected by your PGP key, making the key protected under the fifth.
IANAL, but I'm almost SURE I can recall Mitnik's crypto keys being protected, but YMMV on the legal issues.
I DO know tho that PGP does a damn good job zeroing your freespace. I've checked my free sectors with Norton both before AND after a PGP wipe before. And it worksquite nicely, thank you very much. IF you remember to wipe your data.
And PGP is available for damn near every OS as well.
john
Imagine all the people...
Even if encrypted all passwords can be cracked from any location in 30 seconds or less.
Seriously though the notion that you would have to hand over the keys to unencrypt subpoened mail is on target, just like you would have to provide the combination to your gun locker if that was subpoened (of course you could refuse, they would hold you in contempt, arrest you jail you and bust the lock anyway.) In the case of a 'secret' like a key or something like that they would do all of the same except they wouldn't be available to bust the lock. They'd just outwait you. There is no fifth ammendment right against evidence, only testimony and if anyone thinks they could successfully defend email as testimony - - good luck.
There seems to be two distinct issues here. 1) privacy and the expectation thereof. 2)the ability to defeat attempts to legally (that is procedurally compliant)gain access to said mail.
You may feel that you have a right to privacy but you should not have an expectation of that right. This forum pretty much sums that up. Do you have a legitimate course of action to turn away a subpoena? Not bloody Likely!
The problem really hinges on what you send, not what you get. Whenever you send email, web posting, usenet posting, or slashdot message, you have to assume that it will be recorded for the rest of time, with your name attached. Send an email to your cow-orkers? Family? Friends? You can't rely on *them* deleting your mail, so you need to assume it's written down for good. At any time, some lawyer can go searching for it and find it. The problem with keeping all this data is that it's not difficult to single out a person, read everything he's ever said, and then find a crime to charge him with. But that's neither here nor there. Even stuff you don't explicity send isn't immune. I'm sure in a few years, we're going to start seeing people (e.g., elected officials) getting grilled for looking at porn on the web, just because some server logged an IP address and someone was smart enough to figure it out. I love computers, but their ability to track almost everything we do scares me sometimes.
I can explanate how to administrate your network. You must configurate and segmentate it, so it can computate.
Dan Boneh has written relevant papers on revocation of encryption keys, esp.
"A revocable backup system"
and
"Revocation of unread E-mail in an untrusted network"
both at http://crypto.stanford.edu/~dabo/pubs.html
The basic idea is to effectively destroy files using a two-layer key scheme. Files are encrypted using automatically generated keys. These keys are together encrypted using a master key. At user specified intervals (or manually), the keys are reencrypted with a new master key; revocation occurs by omitting the keys of the desired files. It works across archives, and supports repudiation - the file owner only knows master keys, thus can access only those files encrypted by keys encrypted in turn by the current master key, (and can say so honestly in court). Of course, old key files encrypted with old master keys should be deleted immediately and securely, and should not themselves be backed up!
Public key exchange protocols can support similar revocation of delivered content. Obviously, this only works until the content is in the clear, whether email, MP3s, DVD video...
That's why I suspect all the "might makes copyright" groups will start pushing content copy tracking...try
"An efficient public key traitor tracing scheme"
(same URL) on for size!
(I don't think this is a spoiler, but if you haven't read the book, proceed at your own risk.)
At one point the bad guys want a particular piece of information that they are pretty sure resides on our hero's mail server. So, in order to get it they jimmy up a lawsuit and subpoena the mail server.
Returning to the real world, I don't think that this is a particularly stunning revelation; people have been aware of these issues surrounding paper documents for a long time. The only difference is that we are accustomed to thinking of email as a more informal medium than paper. Apparently the courts don't agree. Just follow the same policy with confidential email that you follow for confidential paper documents, and you should be all right.
-rpl
There are a few companies offering various solutions; a handful escrow the private key for decryption centrally and rent it out for people wishing to read it, and then (claim to) hard-delete it after x amount of time.
I'd presume the keys are backed up, however...
Then there's a few that offer one-shot sends (can't reply to these) that delete all traces of the message from their servers.... just not from the recipient's machine...
The best solution is to take the advice of the article. Use harshly separated accounts, do what you can to (hard)delete files regularly, etc.
I'd recommend setting up an alternate personality or three that you access only via anonymous proxy(s) that offer encryption (hushmail, ynnmail, the various anonymous remailers). Use the PGP plugin's secureviewer if you're truley paranoid to defend against Tempest attacks... and for chrissakes, clear out your cookies, temporary internet files, and temp dirs regularly and do a 11-time rewrite of the emptied space.
Returned Peace Corps IT Volunteer
If my memory of business law serves me correctly, a lot of law out there is based on precedence. A good example would be Roe v Wade setting the precedence for the legalization of abortion.
My question is can anyone think of any case out there which would establish precedence where someone had to surrender their encryption key/password or else risk contempt of court? In other words, has this actually been tested in the legal system?
I think it is sad how laws are forsing us out of fear to destroy any record of our past.
people get in trouble for the mere possession of tools that could potenially be used to intercept proprietary information from a company, but lawyers can intercept our email and use it for whatever they want. maybe all geeks should start using geek code so that we cant get in trouble for nothing
what is this world coming to?
Opportunities multiply as they are seized. --Sun-Tzu
twi
My only advice is, use encryption everywhere you can, and protect your keys with the most secure passphrase(s) you can remember .. previous poster is right, if it's not written down it's awful hard to get out of you.
;-)
The principle should be obvious: if I send 99 innocuous emails and one that's 1024-bit encrypted, anyone watching the datastream knows which one to try and crack, or bully me to get the key for. If all 100 are encrypted, and they guess, and crack or extort the key for the one that says 'let's do lunch sometime', then they look like the jerks they are.
The more of the data that's encrypted, the less practical it is to make us stop. Yeah, that was grammatically horrible, but you get the point, right?
73 de N5VB (ex-KD5BIV) AR SK
A lot of posts suggest that you encrypt your messages, some even suggest using steganography to encode your messages. That's great and all, especially for messages that you consider "sensitive" (which makes me wonder why you'd use email for highly sensitive information, but whatever trips your trigger). But, what many of you forget is that it's not the stuff we know is going to come back and haunt us, it's the little things. Off hand remarks, rush jobs, and even messages that are completely innocent can be turned against you. Even if they are not directly incriminating, they can be used to paint a negative profile of you in court. The point is, lawyers can and will exploit the smallest things and turn them against you.
I'm in no way saying "Encryption is for the birds, why bother". I'm saying that in many cases it's not feasible to encrypt every single piece of mail (esp. to those who'd have no clue as to decrypt it), and chances are, those "little" things are the ones that's going to come back to you.
What I find interesting is the way a subpoena for email might be worded and what actions it might require of the person holding data.
:-)
I work for a large government agency where all email is saved forever because everyone is accountable for everything they do for all time. That's fine. We're public sector law enforcement; we should have such rules. Recently, though, an employee sued the agency and requested all email files. Our lawyers argued that such a subpoena would be overbroad and would reveal a great many private things shouldn't be made public. The judge agreed and a compromise was worked out. Several years worth of Microsoft Exchange backup tapes were sequentially reloaded on a system set up for the purpose. Each time a tape was restored, all files were searched for a text string matching the name of the woman who brought the suit. Then, all emails that contained her name were *printed out* and delivered to her lawyers. Not surprisingly, lots of folks had been jabbering about this woman in email, so there were boxes and boxes of printouts. It took the poor admin assigned the task literally weeks to complete, but at least there was no way for all sorts of extraneous data to go public.
Contrast that situation with the situation of the airline employees who found their computers seized. Were they entirely without recourse? Were they not given a chance to produce the documents without having to turn over their hardware? I don't know, but I do know that if such a thing happened to me, I'd be less than happy. I have lots conventionally encrypted files that are relatively safe since the only copy of the password is in my head. But would I be willing to sit out a contempt citation to protect that data? Talk about feeling conflicted!!
Short side note: There are a zillion different circumstances when testimony *can* be compelled. I'm surprised by the number of posters who don't understand that 5th amendment protections are often non-existent, especially in civil actions. They can even be circumvented in criminal actions rather easily, assuming you aren't the primary target of the prosecution. I guess high school civics classes aren't what they used to be.
IANAL, of course.
Not really. The fifth amendment protects someone charged with a crime from being forced to testify against himself. He must still give up any evidence that might implicate him. If you are a murder suspect, and you own a gun, you cannot refuse to turn in the gun because it might incriminate you.
On another note, this wouldn't matter anyway in this case. The 5th amendment only applies to criminal cases. A lawsuit is a civil case, so the protection of the 5th doesn't apply.
Hi,
Reading this, I must reply. Actually, I've got a completely new Slashdot scope, it's kinda important.
One of the latest saturday specials of the Dutch newspaper <A HREF="http://www.ad.nl/">Algemeen Dagblad</A> there was an article about Echelon.
This is supposed to be a kind of European FBI/CIA project that makes you entirely paranoia. It's just like in the movies, but it's for real.
They filter all kind of info, but explicitly telephone information, to see if there's something of interest to America there. Officially they're supposed to filter only political information to prevent rebellistic actions, but it seems that also the American economy uses confidential info to respond to the market.
As a sidenote, the article told us that "somebody with a mobile phone can be traced to 10 meters precisely".
Ocalan was arrested after doing a telephone. Before that telephone nobody knew in what country he was. Another example is that of a lawyer whose client phones him and is arrested the other moment - the phone being tapped.
There are actually laws in Holland (and I suppose we're not the only one) that a phone company should always reserve a large percentage of its capacity for tapping phone lines.
Note that I'm not some paranoia alien-believer, but that I quote the article, and that the article quotes authors of books, lawyers and amazed ministers.
So if you think you're safe on a phone, you'd better email and destroy your private key once in a while.
Greets,
Stefan
It's... It's...
"We can confirm that Debian does *not* ship the version with the trojan horse. Our version predates it." [CA-2002-28]
Using Jabber would be ideal to break around this. There's no central server, the new laws make enroute standard crypto wrappers possible, and a message type of "top secret" could be created where the client goes out of its way never to let it touch the disk, and to properly wipe it, if it ever does. (multiple random overwrite)
:-)
Of course, it would be neat if jabber could include some standard antitrace mechanism as well, possibly even with nyms.
Now if someone could just rig distibuted CVS over a snoop-proof system like that, folks could get back to coding DeCSS and there would be exactly nada the law could do about it. Except bluster and fume
The article also mentions a case where Microsoft benefited from this law. During a battle with Netscape, Microsoft was able to obtain emails from the mailing list Netscape employees used to vent frustrations by bashing their own bosses and company.
Like on /. ?
So, if I were to slander the fundie stooges Jerry and crew, and they sued me.. would slashdot get raided?
Interesting. If the answer is no, i'll just send sensitive information via a public forum!
;)
"Ma'am, we have evidence that you spammed your co-workers with a list called the Darwin Awards, a chain-letter involving a sick boy and business cards, and an .mpg movie of an African man lifting a stone with his penis. What do you have to say for yourself?"
"Did you see that guy! That rock must've weighed a ton! Isn't that hilarious?"
The Divine Creatrix in a Mortal Shell that stays Crunchy in Milk
The House Between - Original Sci-Fi Series
I just had to sign up with sun again as a result of forgetting my password again. I forget these things way too often.
I also have some pgp keys out on the net womewhere from the days when I first started to play with pgp and I don't remember where my private keys are or what my passphrase is.
This is the truth.
caio
I don't see any problems with the law here. How is this any different than being called to testify in a court case? Think about it. Lets say your friend Bob writes you a letter talking about how his company screwed someone out of a lot of money. 6 weeks later the victim sues him. The court is justified in demanding that letter from you because it is relevent evidence in the a _CIVIL_ action. I think we all agree on that point. Now, does anyone think that if you lock it up in a vault that the court is somehow not entitled to it anymore? I'm a careful person myself. If I got a letter like that from a friend I would read it and then put it through the paper shreader. The judge can still order me to appear in court so that the plaintiffs lawyer can question me about the letter. I am required by law to tell the truth anyway. It's that simple.
Yes, encrypting e-mail is important. It helps keep unauthorized eyes from reading your secrets. It can also give you the power of choice if a judge orders you to divulge the contents in open court. You can comply, or tell the judge that you're very sorry, but you refuse to hand over the key and you refuse to take the stand and that you are willing to go to jail over it. Journalists do it all the time when the court demands that they rat on their sources.
I don't feel the same way in criminal matters. If you are the accused then you should NOT have to cooperate with prosecuters in any way. Forcing the defendant to give them the keys (if the keys are passwords that only you know) or tell where the keys are is like forcing him to help brainstorm arguements that suggest his guilt. You can't demand that the accused write out directions with a map to the location of the murder weapon.. well.. I guess you can.. but you can't punish him if he tells you to jump off a cliff.
Sean
(forgot my damn password)
It would be a pain for everyday use, but if every time someone wants to send me a message I create a new keypair, send them the public key, get and read the message then immediately properly delete the text version and the private key. Is there any reason this wouldn't work?
Honk
See what happens when you get sued & the lawyers try to "discover" the email of all those senators.
Cc early, Cc often.
Much more work would be getting dirt on one of those same people in a form that couldn't normally be discovered (recorded phone conversations, whatever), and emailing it. Poof! It's discoverable.
The fifth amendment protections afforded by US law apply to criminal cases. Civil cases can compel more compliance. So be very careful.
By segregating your email into different folders, you have a better position to avoid confiscation of your data. While it would be uncommon for a court to sanction walking into someone's office and carting out every file cabinet, their ignorance of technology enables them to think it somehow reasonable to cart out your computers wholesale. By segregating your mail, you might be able to prevent this by turning over relevant mail folders and you would have better recourse and possibility for some ultimate justice should a court decide (as they all too often do, these days) to shit all over the fourth amendment (which once provided protections against "unreasonable search and seizure") for marginal reasons (like the mere suspicion that someone _might_ be dealing drugs or have participated in computer crimes). Sounds unreasonable? It is. Your congressman doesn't care if you write, unless you are writing a big fat check. Join the EFF instead.
And for Linux/*BSD/UNIX, try 'obliterate'. It erases files by writing them over several times with random data and _then_ deleting them. Windows users can also use Datafellow F-Secure desktop for win32s, if they feel compelled to spend buckaroos (and most do). With a little luck, there will be free PGP-based utilities by year's end (the studied randomness in PGP encryption provides a good source of random data for wiping).
Expanding a vast wasteland since 1996.
There is a company called disappearing inc that gets around this problem nicely. I didn't go way into the tech specs, but essentially:
1) you encrypt the email with a key they send you. This key is never recorded on your drive. You tell them how long you want the message to last.
2) the recipient of the encoded message decrypts the message by requesting the key from disappearing inc. Neither the key nor the plaintext are stored on the recipient's computer.
3) after the set time, disappearing inc deletes the key from their server. At that point the message exists only in encrypted form, and the key does not exist at all.
I thought that was a slick way to get around this problem. The url is www.disappearing.com
--Jack
Believe it or not, someone actually has created (and is trying to market) such an animal.
Editor Emeritus and Senior Writer, TeleRead.org
(So, in a criminal case, if you lose, you can go to jail. In a civil case, you can't go to jail -- but the person who sued you could collect millions of dollars, personally. The consequences to the victim are "less severe", but the incentives for plaintiffs to abuse the system are much greater.)
What's worse, the US and the states have passed a huge number of laws making an increasing number of things into civil offenses -- including, paradoxically, some government prosecutions (like "civil forfeiture", where the government sues you to take away property which you might have gotten as a result of a crime). Sometimes these civil lawsuits are an indirect way for the government to take away individual rights, by shifting the responsibilty onto some "private" plaintiff. The Digital Millennium Copyright Act is a recent example of this. Rather than ban certain kinds of software, the government gave copyright owners the power to bring civil lawsuits against people who distribute them. In this case, as in many cases, the effect is to chill a particular kind of activity, without having the government ban it outright.
And in all these civil cases, the Fifth Amendment and similar protections do not apply to protect the defendants; you do not "have the [legal] right to remain silent", nor any fundamental privacy rights.
I think system administrators must consider it part of their own code of honour not to read their customers' personal messages and files, regardless of what local laws or their company/institution's policies say about it. Many of us sysadmins feel this way, I think we have to be serious about it.
This problem is as much about fostering the right kind of attitude as it is about formal law and jurisdiction.
Business e-mail is a completely different thing. A court order to view *corpotate* mail is definitely OK. Wether or not they can "prove" anything.
People will just have to learn to separate their personal and professonal e-mails. Perhaps companies should insist on digital signatures on business mail, informing employees that business mail is company property.
STOP Hold the flame thrower! Of course, they ought to provide a semi-private mail account too, for company (or personal) mattter "off the record".
Hey, it works for snail mail. If I write to:
TheCompany Ltd
att: Anonymous Coward
Someville
It is understood that my letter is meant primalily for the company, and simply adressed to AC. If AC is not there, I expect someone else to take care of it.
OTOH If I write:
Anonymous Coward
TheCompany Ltd
Someville
It is understood that the content meant for AC and not to be opened by someone else.
Why should not the same thing work for e-mail? (if laws are applied wisely, that is)
All opinions are my own - until criticized
Unfortunately the solutions he suggests are so narrow minded it almost depresses me.
We live in a global village in case you forgot. Store your mail on a server thats not located in the USofA and let them sue all they want, theyll never get access to a single word I wrote, period.
--
So whats the hype?
Idempotent operation: Like MS software, wether you run it once or often, that doesn't make it any better.
someone read my e-mail once. i was mad.
ICQ: 49636524
snowphoton@mindspring.com
Got Rhinos?