Slashdot Mirror
E-Mail, Privacy and the Law
Not From Me writes, "sendmail.net has an eye-opening article about how 'private' e-mail is in the eyes of lawyers and courts, called E-Mail, Privacy and the Law. Scary stuff, and important to know."
← Back to Stories (view on slashdot.org)
"... it can be demanded as potential evidence during litigation."
Isn't this one of the things that has got Microsoft into so much trouble throughout the court case? I wonder how much of what they now stand accused of would not even have seen the light of day without forcing them to disclose their emails?
-- MartinG To mail me: echo kewyjlcxyzvjfxbqwh | tr bcefhjklqvwxyz
Scary stuff, just goes to show that anything we put out over email is public. As a PHB and being pretty close to the Netscape suit that was referenced. Little stuff can haunt you as well, All the jokes, flames etc that an employee might send can also screw you. We had to put out to Friend and associates to please DO NOT send me anything remotely inapropriate over mail, this included Hotmail and the like. It just isn't worth it.
More race stuff in one place,
than any one place on the net.
In this case refering to the key that was used to encrypt the information. Realistically you can't be expected to deliver information that you don't have.
Perhaps the best idea that I have is to simply have a convincing fake on hand to lure would be lawyers into thinking something else when it's really not the case.
Slashdot social engineering at it's finest
Perhaps a email protocol which allows for self destruction and prevention of forwarding of emails needs to be created (not patented). I send an email to a co worker about how I think this and that about another employee, set to destruct in 1 day. Then, when a court case comes up, this email is long gone.
perl -e "print(pack('H37','4d65726b7572795a40676e7572642e6e6574'))"
Actually, it's easier to destroy a letter. All you have to do is stick a lighter under it, and you're done. With email, you have to actually destroy the binary data of the section of the hard drive it's on.
That would be ALL hard drives. Which means:
1) The sender's hard drive
2) The sender's ISP's mail hard drive
3) Your ISP's mail hard drive
4) Your hard drive.
and for every cc:, the number jumps up.
and don't even bother trying, if there was a bcc:
Despite the article's premise that it doesn't matter how many layers of encryption, etc are used to protect e-mail, it is all discoverable. Now, I'm not a lawyer, but my understanding of current US law is that the TEXT of any e-mail is discoverable: if the sender encrypted it, there is no current law on the books that would force surrender of the key. This changes a bit if only the servers encrypt the data -- which is a strong argument for public use of encryption.
On a side note, however, it is important to realize that if the authorities wish to take the time to track down the senders and recievers of e-mail messages, the plaintexts of even encrypted messages can be subpoenaed (sp?), so caution in what is said is still important.
This brings up one last issue, too: with the revision of Yahoo!'s ToS to state that they own all IP expressed over thier services, even instant messaging logs could be subject to this kind of discovery. Write your congressperson, as per usual...
In the meanwhile, encrypt, encrypt, encrypt! At least we'll make them work for the data. :)
--
Never underestimate the power of very stupid people in large groups
We may not imagine how our lives could be more frustrating and complex—but Congress can. – Cullen Hightower
I would think it harder to destroy an email than a tree-based letter, given the path an email has to travel. Emails received and sent are extensively logged by the servers they pass through, no?
(Or maybe I'm being too paranoid after that Law & Order episode last night...)
--
wcb
We all know that e-mail should be private, the but the question is, "Why isn't it?"
E-mail can't be used to "prove" anything. It's disturbingly easy to forge. A printout of an e-mail could easily have simply been typed. There are no signatures, no postmarks, just bytes of data that can be forged by anyone who has half a clue what they're doing.
ICQ: 49636524
snowphoton@mindspring.com
Got Rhinos?
i'm having flashbacks to the days when bbs operators used to leave posted notices that your email was not private and was subject to being read by the sysop at any time.
creepy, huh?
jinkusu
What is it over there in the land of the free that creates such draconian laws ? Giving Lawyers as much power as the likes of the FBI and other elements of the goverment is way beyond bizarre.
Time to have another revolution guys.
An Eye for an Eye will make the whole world blind - Gandhi
The problem with encrypting everything is that you can have your key subpoenaed too. If you don't turn over that you get hefty fines (for the defendant) or you case gets forfetured. (for the prosecuter) Encryption just doesn't do a single thing for you, except allow you to swallow those hefty fines if it's worth it. (company secrets might be worth keeping even if you have to pay millions in fines of course)
Destroying email will help you out quite a lot. Make sure that no email gets saved. And make sure that all deleted email is securely overwritten. Don't make backups and if you really need to save something hide it.
Here in Holland, you have privacy laws on snail-mail, and these days even on E-mail. Reading someone else's E-mail simply is a crime.
I don't know how politics work in the USA, but perhaps there should be new privacy laws overthere, dealing with stuff like this. This means making your Congressman (this is the usual way?) aware of the problem. Perhaps other methods apply.
This E-mail privacy is necesarry, because they can now ask/force you to open up your mail, next they won't ask anymore, where does it stop?
Bizar technology?
This is just an extension of the law from the real (non-virtual) world. Why is it scary? Perhaps people have got into trouble in the past because email is so much easier and convenient to send out than paper memos/letters/etc - perhaps people don't use so much self-discipline and self-control. But that is just part of learning to use a new medium (IMHO).
What I find more disturbing is the ability to produce incomplete or altered email, out of context (copy and paste?). PGP signing of emails can help here.
The same can be done with snailmail. I type a letter, mail it from somewhere close to where you live. same thing. What I am wondering is how the situation in europe and other parts of the world is. Anyone care to enlighten me?
//rdj
No one can understand the truth until he drinks of coffee's frothy goodness.
--Sheikh Abd-Al-Kadir, 1587
Odd chance? Do you keep all your e-mail? Think I delete a good 95% of it immediately after reading (simply 'coz many are CFPs that I really don't care about...). Execs who handle potentially incriminating mail might read/remember/delete as a force of habit.
/dev entries, and dd? If only an unlink was used, and not much writing since then, it might have a chance.
A simple but inadequate approach might simply be to scan through a raw disk device -- remember the
A data recovery specialist would probably be able to describe how to recover material that's been deliberately overwritten (say, just a couple of passes). Recall that some standards call for several differing passes of overwriting in order to prevent recovery of sensitive information...
Only the dead have seen the end of war.
It's one thing when the mundane media express shock at this concept, but one would think that /. editors would have a higher clue level.
The law has a concept of "expectation of privacy". If you tell your lawyer "I'm guilty" in the middle of the courtroom, loud enough for the prosecution to hear, all the claims of attourney-client privalege in the world aren't going to help you, because you had no excpectation of privacy.
Sending private information in the clear over the internet is like walking naked in front of a picture window -- you can be sure that sooner or later, both are going to draw people's attention.
150 Opening BINARY mode data connection for slashdot.sig (129323052 bytes).
I followed the incredibly interesting link from this article regarding the "Really Bad Attitude" newsgroups that Netscape had setup, and that Microsoft subpeonaed (at http://www.jwz.org/gruntle/rbarip.html).
... how many companies out there do this to avoid liability, or is there a different reason for it?
I noticed this quote :
In hindsight, complying with the company's Document Retention Policy (which at Netscape was basically, ``shred anything within 90 days unless you can't get your job done without it'') might have been a good idea.
How many major companies actually have a policy ilke this for electronic information? Most backups are tape/DLTs which last eternity, and is the only purpose of this policy to prevent liability with stuff lying around?
This sounds like it worked with paper-based archiving systems, where space simply doesn't exist to archive forever, and non-essential documents are destroyed, but none of the people I've done work for have had a similar policy at all.
So the question is
At work I have two different systems. One is running Win2K (I have to support it, so I need to know it.) the other running RH 6.1. The RH 6.1 system is almost always connected to my home router/server/firewall through ssh2. I email my wife pretty much throughout the day and converse with her secure in the knowledge that when I send an email it hits the Roadrunner server, and is picked up about 2 minutes later by my wife's computer. You can't beat that. Her emails to me hit the Roadrunner server, and go directly to mine. So I guess if you had a packet sniffer on the POP3 server you could see everything I'm doing. I'm thinking of setting up a pop3 server on my server that only she and I will use, but that's kind of a longer term task.
What's needed is an encryption method that will allow multiple "fake" keys and will legitimatly decrypt something else when used (perhaps you can give it n documents and n passwords, and it just encrypts them in the same file. When asked to produce a key, give them a fake key.
Stegonography could also be useful. Encrypt your email and hide the bits in a jpeg of a weather map and email that.
The problem with just deleting emails is the fact that they may still exist on a backup tape. When I came into the office this morning, I had unread email that was delivered after COB yesterday but before the backups were run. No matter what I do now, a copy of that email (encrypted or not) exists and can be discovered.
-- Don't Tase me, bro!
I'd think you could refuse to disclose your encryption keys on the grounds that there could be something encrypted by them that could incriminate you. Maybe there is, maybe there isn't, but there could be.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Gawd I'd love to immigrate to Amsterdam :))
"New Amsterdam" is the pits.
try { do() || do_not(); } catch (JediException err) { yoda(err); }
The article explained that an email is "discoverable" because it fits all the legal definitions of a "document", and documents are discoverable. That much I can follow.
Then it went on to say that encryption won't help, because your key can be subpoenaed; but no legal grounds for this were given. If I've committed my key to memory, it certainly doesn't seem to fit any definition of "document" (unless legal definitions are even crazier than I thought possible). So what are the legal grounds for forcing me to reveal something that exists only in my head?
Could someone with some legal expertise comment on this?
As I remember the Co$-vs-the-Net war, $cientology subpoenaed computer files from Grady Ward (who most certainly was not Scamizdat). So he turned over a bunch of files, including PGP-encrypted files, and that was that. He was never even asked for a key, IIRC. The Co$ went on to hire a Special Master who attempted to decrpyt the files, much to the continuing amusement of all observers.
The Co$ notoriously uses every legal means available to get what it wants. So if they didn't even ask for a key, I'd very surprised if there is any legal grounds for doing so at all.
Always keep a sapphire in your mind
Yes we have a 5th amendment that is supposed to protect the accused from all self-incrimination in criminal trials. But we also have a Supreme Court that in recent years has been rather fond of undermining civil liberties like these. The 5th amendment won't protect you from having to submit a urine sample for chemical analysis, and that's the line of argument the government will likely use if the crypto-key issue gets tested. Something like "Revealing the key isn't the same as forcing you to incriminate yourself. It just lets us understand a document where you already committed the self incrimination." This stands in stark contrast to other systems of law (particularly Jewish Law) where all self-incriminations are disregarded, without regard for how or why they were made.
Remember, the "land of the free and the home of the brave" is the same place where the highest court of the land looks poised to rule that anonymous tips are sufficient for giving probable cause to government agents to stop and frisk citizens on the streets. "Hey Bob, the person over there who looks like he's a member of a disfavored racial minority group looks like he could be carrying some drugs (or even a bomb!). Why don't you step into that phonebooth and call the station and leave an anonymous tip so we can go over there and get medieval on his civil rights! And remember, anonymity means zero accountability."
We're also the country where, right after the Diallo verdict came back, police three blocks from Diallo's house went and shot another unarmed black man at point-blank. But at least this time he had a sketchy criminal record and the whole thing was just a big mistake, so that makes it justified, right? Right? I hate this place.
"If one is really a superior person, the fact is likely to leak out without too much assistance" -- John Andrew Holmes
Since encrypted emails practically guarantee authenticity of the sender and/or receiver, it becomes impossible to repudiate.
However, sending everything in the clear using non-secure channel means you could possibly repudiate any email evidence: Just demonstrate how 1-anybody could have altered the contents 2-anybody could have used my PC to send that email 3- the plaintiff could have forged the message
(obIANAL)
---
The police need more than probable cause: they need a warrant, which is issuable upon a showing of probable cause. Why go through all the hassle of going before a judge and asking for a warrant? To protect people's privacy.
The third ammendment protects citizens from having troops quartered in their homes during times of peace. Why? Privacy. It's quite easy to understand the fifth amendment protection from self-incrimination in the same way. And then of course there's the ninth amendment which explicitly says that just because the right isn't specifically enumerated, that doesn't mean it doesn't exist.
Have you read Griswold v. Connecticut? Katz v. US? Pierce v. Society of Sisters? Stanley v. Georgia? Eisenstadt v. Baird? Are you aware of federal and state legislation that proscribes the invasion of privacy, as well as state constitutional amendments specifically enumerating it? Do you actually have any experience in this matter, or are you just railing away at a pet peeve that's perhaps itched by Roe v. Wade? Do you even care?
"If one is really a superior person, the fact is likely to leak out without too much assistance" -- John Andrew Holmes
# umount /dev/sda2 /dev/sda2 /dev/sda2
# dd if=/dev/zero of=/dev/sda2
# mkfs.ext2
# mount
Would this hold up in court? Well your honour, unfortunately the drive which may have contained the pertenant information appears to have been zeroed.
Oh crap, but they still got my tape backups. =)
Seriously though, I strongly believe that encrypted means of communication, or filesystems, should not become open to the court system. That defeats part of the point of encryption right there (well duh, I don't want other people reading my data). The government will never pass a bill on this though, as they have to much pressure from the FBI, DOD, CIA, police, and courts to be able to access any information they want at their free whim.
Does anyone want to write a feature into POP3/IMAP for desctructive emails ala 'You have 30 seconds to read this email before it self destructs' or 'sender requests that this email be destroyed'? I'm more than game.
EraseMe
The same thing can be said of all witness evidence, audio- and video-taped evidence, etc.
In all of these cases you look for messages (or items) that refer to other things that are 1) verifiable, and 2) not widely known. The email message could still be forged, but it's far less likely. Do that with hundreds or thousands of messages and the "reasonable persons" on the jury will decide that the messages must be legitimate.
The defense can still assert that some messages were forged, of course, but if the prosecution/plantiff believes it's legitimate it will be presented to the jury as a "question of fact."
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
In particular, deleted but non-zeroed hard drive sectors. The latest version of PGP includes an extension which replaces "Empty Trash" with "Wipe Trash". Now, when I empty my trash, it takes a LOT longer, but PGP overwrites all the files three times, instead of just removing them from the filesystem. I back this up with a scripted weekly zeroing of ALL free space on my hard drive. No one'll be pilfering MY private email. And if they can reconstitute the data after that many overwrites, it's pretty hopeless anyway.
As for crypto keys, I thought it was determined in the Mitnik case that you could not be compelled to hand them over if you think the data might incriminate you. Fifth amendment to the constitution as I recall. You can't be forced to contribute to your own prosecution. So among your encrypted, but not yet wiped, data, just include a little line about how you were driving at 70MPH in a 65MPH zone the other day. Bingo... incriminating data protected by your PGP key, making the key protected under the fifth.
IANAL, but I'm almost SURE I can recall Mitnik's crypto keys being protected, but YMMV on the legal issues.
I DO know tho that PGP does a damn good job zeroing your freespace. I've checked my free sectors with Norton both before AND after a PGP wipe before. And it worksquite nicely, thank you very much. IF you remember to wipe your data.
And PGP is available for damn near every OS as well.
john
Imagine all the people...
That will protect you from a jail sentence or monetary settlement for your activities. But it doesn't protect you from other damage that can be done by exposing your private data. Court transcripts are usually public information unless they are sealed. The purpose of that is to protect us from abuses of and by the courts by opening them to public scrutiny.
I can think of a significant number of things that I don't want made part of the public record. My financial records are a good place to start. That is simply going to invite more telemarketters who are going to have rather specific information about me. How about my medical history. Many doctors have e-mail accounts. While ordinarily medical information is considered private, by the time my hard disk has been unerased, that won't prevent the information from being leaked.
Robbing people of their privacy has a chilling effect on legal expressions of non-mainstream viewpoints, whether they are political, ethnic, religious, scientific or otherwise. If you can't discuss those views with people of like minds in harmless ways without having every word exposed to your neighbors and coworkers, won't you think twice about talking at all?
The net will not be what we demand, but what we make it. Build it well.
(I don't think this is a spoiler, but if you haven't read the book, proceed at your own risk.)
At one point the bad guys want a particular piece of information that they are pretty sure resides on our hero's mail server. So, in order to get it they jimmy up a lawsuit and subpoena the mail server.
Returning to the real world, I don't think that this is a particularly stunning revelation; people have been aware of these issues surrounding paper documents for a long time. The only difference is that we are accustomed to thinking of email as a more informal medium than paper. Apparently the courts don't agree. Just follow the same policy with confidential email that you follow for confidential paper documents, and you should be all right.
-rpl
There are a few companies offering various solutions; a handful escrow the private key for decryption centrally and rent it out for people wishing to read it, and then (claim to) hard-delete it after x amount of time.
I'd presume the keys are backed up, however...
Then there's a few that offer one-shot sends (can't reply to these) that delete all traces of the message from their servers.... just not from the recipient's machine...
The best solution is to take the advice of the article. Use harshly separated accounts, do what you can to (hard)delete files regularly, etc.
I'd recommend setting up an alternate personality or three that you access only via anonymous proxy(s) that offer encryption (hushmail, ynnmail, the various anonymous remailers). Use the PGP plugin's secureviewer if you're truley paranoid to defend against Tempest attacks... and for chrissakes, clear out your cookies, temporary internet files, and temp dirs regularly and do a 11-time rewrite of the emptied space.
Returned Peace Corps IT Volunteer
Which of the following words is unclear?
/.
/. If the government wants us to respect the law, it should set a better example.
A lot of posts suggest that you encrypt your messages, some even suggest using steganography to encode your messages. That's great and all, especially for messages that you consider "sensitive" (which makes me wonder why you'd use email for highly sensitive information, but whatever trips your trigger). But, what many of you forget is that it's not the stuff we know is going to come back and haunt us, it's the little things. Off hand remarks, rush jobs, and even messages that are completely innocent can be turned against you. Even if they are not directly incriminating, they can be used to paint a negative profile of you in court. The point is, lawyers can and will exploit the smallest things and turn them against you.
I'm in no way saying "Encryption is for the birds, why bother". I'm saying that in many cases it's not feasible to encrypt every single piece of mail (esp. to those who'd have no clue as to decrypt it), and chances are, those "little" things are the ones that's going to come back to you.
What I find interesting is the way a subpoena for email might be worded and what actions it might require of the person holding data.
:-)
I work for a large government agency where all email is saved forever because everyone is accountable for everything they do for all time. That's fine. We're public sector law enforcement; we should have such rules. Recently, though, an employee sued the agency and requested all email files. Our lawyers argued that such a subpoena would be overbroad and would reveal a great many private things shouldn't be made public. The judge agreed and a compromise was worked out. Several years worth of Microsoft Exchange backup tapes were sequentially reloaded on a system set up for the purpose. Each time a tape was restored, all files were searched for a text string matching the name of the woman who brought the suit. Then, all emails that contained her name were *printed out* and delivered to her lawyers. Not surprisingly, lots of folks had been jabbering about this woman in email, so there were boxes and boxes of printouts. It took the poor admin assigned the task literally weeks to complete, but at least there was no way for all sorts of extraneous data to go public.
Contrast that situation with the situation of the airline employees who found their computers seized. Were they entirely without recourse? Were they not given a chance to produce the documents without having to turn over their hardware? I don't know, but I do know that if such a thing happened to me, I'd be less than happy. I have lots conventionally encrypted files that are relatively safe since the only copy of the password is in my head. But would I be willing to sit out a contempt citation to protect that data? Talk about feeling conflicted!!
Short side note: There are a zillion different circumstances when testimony *can* be compelled. I'm surprised by the number of posters who don't understand that 5th amendment protections are often non-existent, especially in civil actions. They can even be circumvented in criminal actions rather easily, assuming you aren't the primary target of the prosecution. I guess high school civics classes aren't what they used to be.
IANAL, of course.
Not really. The fifth amendment protects someone charged with a crime from being forced to testify against himself. He must still give up any evidence that might implicate him. If you are a murder suspect, and you own a gun, you cannot refuse to turn in the gun because it might incriminate you.
On another note, this wouldn't matter anyway in this case. The 5th amendment only applies to criminal cases. A lawsuit is a civil case, so the protection of the 5th doesn't apply.
Believe it or not, someone actually has created (and is trying to market) such an animal.
Editor Emeritus and Senior Writer, TeleRead.org
Business e-mail is a completely different thing. A court order to view *corpotate* mail is definitely OK. Wether or not they can "prove" anything.
People will just have to learn to separate their personal and professonal e-mails. Perhaps companies should insist on digital signatures on business mail, informing employees that business mail is company property.
STOP Hold the flame thrower! Of course, they ought to provide a semi-private mail account too, for company (or personal) mattter "off the record".
Hey, it works for snail mail. If I write to:
TheCompany Ltd
att: Anonymous Coward
Someville
It is understood that my letter is meant primalily for the company, and simply adressed to AC. If AC is not there, I expect someone else to take care of it.
OTOH If I write:
Anonymous Coward
TheCompany Ltd
Someville
It is understood that the content meant for AC and not to be opened by someone else.
Why should not the same thing work for e-mail? (if laws are applied wisely, that is)
All opinions are my own - until criticized
Doctors are subject to the law. And the law even says doctors *have to* protect the privacy of the patients. However, that doesn't mean they can keep quiet when there's a court order. Only priests can refuse to talk without being penalized.
Many of us sysadmins feel this way, I think we have to be serious about it.
In that case, it's easy for you. Next time you get a court order to open your logfiles, refuse. If you think your code of honour superceedes the law, you shouldn't have a problem dealing with the consequences.
-- Abigail
So, you end up in jail and/or heavily fined, and your harddisks seized. What exactly did you gain?
-- Abigail
ofcourse I would type the letter. Just like spoofing email, you actually do have to do a little more than just writing one as yourself..
//rdj
No one can understand the truth until he drinks of coffee's frothy goodness.
--Sheikh Abd-Al-Kadir, 1587