Slashdot Mirror
New Zealand Government To Snoop On E-mail
Hairy1 writes: "The New Zealand Government is planning to increase the powers of the police so they may intercept e-mail, according to the
The New Zealand Herald. Paul Swain wants to exempt police from laws against hacking so they may snoop into emails. Read the story." "Recent history suggests the usual glib official assurances that such organisations and people will not be snooped on by state security and intelligence services will be worthless," the story quotes the spokesman for a group called Gatt Watchdog as saying, but insert-your-cause-here. Hard to watch just a few people's e-mail.
Only criminals don't want the police to search their car/house/purse/pockets?
The check is in the mail.
Three lies.
In a free country to keep ones rights, you can't surrender them. For when you do, it ceases to become a free country.
Fight Spammers!
Now HERE is the funny thing, New Zealand has NO large (Or noticeable) religous right.
:-). I seriously doubt that this is something NZ wants. People, and the courts, don't tolerate the Government interfering with their lives when they don't want them too. Ie. Aziz finding the agents in the house. The Security Intelligence Service (SIS) have always flouted laws just a little (The shit I've heard... but can't possibly say because it would result in an international incident :-) ) but now that they could be reading MY email has me concerned. Perhaps they are worried because the drug dealing gangs in NZ (Who are a an okay bunch mostly) organise drug stuff over the internet. Big deal cops, you waste enough money as it is on choppers..
:-). There are no motorcades or anything like that. I'm free to walk around the parliament grounds and could quite easily pick off as many politicians as I want, email would have nothing to do it! To do somthing majorly criminal in NZ is a piss easy, look, the French blew up a Greenpeace ship in a very busy port and wouldn't have been caught if they had simply kept the yacht they had sailed in on.
That is: There are NO "brain-dead voters" as you say. I remember reading that, per head of population, NZ has the largest middle class in the world. By that note, we arn't really that conservative. There is NO large "Mums against porn" movement or "drugs kill children" movement or any sign of "The internet is BAD" movement.
New Zealanders (Like myself) are quite happy to let others do what they like as long as you don't tread on my toes.
Infact, we've got along with our government so well, we don't have a constitution in the traditional sense.
This is very weird for me, it flys in the face of everything we consider normal. We have good privacy laws, it's almost fun using them
What is also very weird is the police assoc. spokesperson referring to political assasination! I see the Prime Minister every now and again walking down the main street (I live in the capital) visibly unprotected. No one even gets out of her way
I doubt it will fly in NZ. It all makes me wonder if this email snooper system could be an addition to the ECHELON system (Which NZ is a member). People will care, and it won't get too far.
Oh, BTW - We have not picked up guns in a over century to fight for our freedom, we should never do it again.
In the UK, it was the Conservatives that were trying to get these powers in first, against the expressed policies of Labour.
Then Labour came into power, made a total about-face despite their pre-election statements, and brought in laws that are every bit as bad or worse than those which they had opposed.
Needless to say, the Conservatives are currently berating Labour for it, despite their previous stance. But when the Conservatives finally oust Labour again, they'll slam the iron fist down even harder --- guaranteed.
Because you see, it has nothing to do with the nature of politicians' beliefs, and everything to do with the fact that the machine of government (which is much more than just politicians) demands absolute control if it can get away with it quietly.
Well, in this instance it can get away with it, because in our innocence we've created an easily interceptable transport and storage mechanism to underpin the Internet's mail service. No big deal: let's create another mechanism which isn't susceptible to interception.
"The question of whether machines can think is no more interesting than [] whether submarines can swim" - Dijkstra
Conservatives tend to be for private companies and against governement power, socialists tend to be against private companies and for more governemental control. Moreover neither is interested in personal freedom.
I'll do it for cheesy poofs.
>Vote against all politicians who suggest, fund and advocate the usage of electronic surveilance of innocent civilians.
:-)
:-)
Unfortunately, that will make things worse here. The Government currently in power is pretty much a coalition of the parties least likely to endorse dubious police powers like this. The last government is (I think) still "on trial" for allegedly encouraging police abuse/over-reaction during the APEC summit here. Other notable features of that government included a huge campaign to get the public to anonymously report people who they suspected of recieving a social welfare benefit they were not entitled too. That one was right out of "Brazil" and had resident Jews who survived Nazi Germany writing of how fearfully reminiscient it was becoming. (Everybody yells "Nazi" against policy that they disagree with, but I sit up and pay attention when the people saying it are speaking from first-hand experience). Fortunately it was abandoned when something like over 80% of reports turned out be false alarms (read: made out of spite or ignorance)
The key, I think, is to bluff the Members of Parliment into thinking you would vote against them, and hope you never have to
Or even better would be the ability to mix'n'match the policies of the different parties, cause there ain't a single one whose policies don't have big problems. (read: things I disagree with
As for court orders.. can a court not subpoena snail mail as well? Can they not search/examine/sieze mail? If not.. why doesnt' everyone use the USPS to send their cocaine shipments around?
As for 'public', don't take the term as literally as that. For all intents and purposes, it *IS* public.
Yes, it's a bunch of private/semiprivate/public/whatever else depending on jurisdiction, networks all hooked together by zillions of different agreements in different jurisdictions. To me, and to any sane individual, this is what 'public' is. You are carrying all kinds of traffic that you didn't originate. Especially if you are a larger carrier.
This is why it is 'public'.
1) Add encryption into sendmail's transmission of mail.
The latest release of the free version of sendmail (8.11.0) includes some encryption features (specifically, STARTTLS. TLS is Transport Layer Security, and provides encrypted communications server-to-server). See sendmail.org for more info.
If the people responsible for some of these "excesses" (or, to put it in plain English, these crimes) routinely spent time in prison (real don't-bend-over-for-the-soap prison, not Club Fed), this argument would carry some weight. As long as the the "public watchdogs" have no real teeth to sink into abusive LEOs, they provide a mere illusion of protection.
Its not really that big a change if the taps are held to pre-existing standards of survielance.
The problem is that the de facto "pre-existing standards" are far too loose -- even if somebody gets caught stepping over the wide-ranging line, it doesn't much matter.
/.
/. If the government wants us to respect the law, it should set a better example.
1) With court order, why should computer systems be treated any different than meatspace systems?
2) Why do you assume you have a 'right' to privacy when you send cleartext data on the public internet? (I know we feel we DO have a right to privacy, but if it is there in the clear, a court can take it).
3) USE ENCRYPTION.
Firstly, some email addresses for those concerned by these events:
The Hon. Paul Swain: pswain@ministers.govt.nz
(Minister of Information Technology, Associate Minister of Justice, and proponent of the increased powers in the NZ herald story)
The Hon. Phil Goff: pgoff@ministers.govt.nz
(Minster of Justice)
Both can be snail-mailed at:
Name
Parliament Buildings,
Wellington
New Zealand (if you're overseas)
Now, does anyone know of any petitions or anything being organised that I can contribute too?
This is, of course, why people should be worried about what happens in other countries. Whenever something unpleasant happens in the US, smug Europeans tend to have a good laugh, and vice versa.
This is a perfect example of why such smugness is so dumb. Attempts to grant police more draconian powers in .nz are being justified with the UK RIP bill; no doubt people in the US will be unpleasantly surprised when the FBI justify Carnivore (and more) on the same grounds.
Once it is considered acceptable for one country to behave abhorrently, other governments will do the same. How often have you heard proponents of strong government point to Asian dictatorships like Singapore as evidence of what could be achieved by strong government unquestioned (and unquestionable) by the people?
Good for them! Email needs to be read by someone, why not the government?
But seriously, this is a bad thing. It's a bad thing in the US, a bad thing in NZ, and a bad thing wherever else this type of thing happens. As superfluous laws crated solely to appease brain-dead voters (such as anti-porn/anti-prostitution, and especially in the US anti-drug laws). The Modern big governments seek to make anything that might be considered 'immoral' by anyone illegal, and make criminals out of all of us. And criminals need to be watched of course. Grab your guns people, our freedoms are being taken away every day.
The real Eric S Gaymond is #216600. Everyone Else is a liar.
Doesn't hacking sometimes result in peripheral damage? For example, doesn't an overflow bug kill the service that had the bug. If this is important for the ISP (For example a web server) then does that mean that the police would be immune from prosecution even if even if they find no evidence in a search?
My Greek friends were bitching to me about this treaty a few years ago. Seems they used to have the mountains along the Albanian border mined, and never had any problems. Then the mines came out, and they started having problems with packs of armed bandits crossing the border at night, pillaging isolated houses, and slipping back before dawn.
I don't know how popular or unpopular the treaty was with most Greeks. But I do suspect mines, like most things, aren't such a black-and-white issue.
"The best we can hope for concerning the people at large is that they be properly armed." - Alexander Hamilton
The Mongrel Dogs Who Teach
The Mongrel Dogs Who Teach
In order to make laws like in the UK that require giving up keys meaningless, I think we should also start keeping random data on our hard drives (e.g., filling the empty blocks with random data) and adding random bits to our communications (for images and speech, the low order bits are usually already random enough). That's good security anyway. Here is a start--or is it a secret message... ?
QUDIHKOO DPKAPOAM REFPQTII ITOXOBWF WANELCSO RCOHRPUJ TZYKTHTB AHYOJUUF UHKFKCUC FIJXXEGR EFBXMUYM CXBMSVSN DCTNFNPK VZHSDOKH TLEFGDRJ ATVSONFR QYEVLUGG TNZXCJFV VJBBNSKN MGFAUKRK JVGUQMBJ AAHCKMXG WYIJRTWD ZCETMVEV
http://bear-software.freeservers.com/
-----
"Almost isn't good enough - but it's almost good enough."
-Me
(I live in NZ) Who cares really if the Police will be able to read email, considering that 75% of NZ's international traffic is brought in over satellite (in some cases using Cisco's weak export grade encryption) does it really matter when the Echelon station in Waiopai has been reading our email since before there was email?
Not only that, but our Government doesnt even have access to this data - they let the US and Australia snoop our private communications and cant even check to see that it's not being abused!
Much more frightening that someone reading my personal mail (usually innane messages to my friends anyway) is the thought of other countries using this information to make sure that the next international contract my company is tendering for goes to someone else!
That will be all.
Both. New Zealand cabinet ministers are typically involved in several roles, usually with one primary area of responsibility and a number of assistant roles.
The main potential problem we have inNew Zealand is that the New Zealand Labour party is cursed with a desire to emulate Tony Blair's Labour Party, right down to having a little proto-facist in cabinet (Phil Goff, the .nz Minister of Police, should be called mini-Straw).
The Libertarianz are very much on the fringe of New Zealand politics; we're futher to the left here, and, historically, the left have been guardians of civil liberties in most areas. Sadly, as I mentioned earlier, their desire to emulate .uk's New Labour extends to a mindless "get tough on law and order issues" posture.
Only if you don't have a personal email account, fair enough if they want to read email to your business account, and knowing about that you can remember not to use it for anything you don't want them to read, e.g. job applications, messages to your doctor. The problem is that when goverment gets involved they have access to everything, the potential is that you have NO privacy whatsoever communicating via email, or even surfing the web, EVERYTHING you do can be watched and logged. There is a pretty big difference, and while it probably isn't very important at the moment if you are just a reasonably avarage citizen, well think of the worst government you can imagine (well ok it doesn't have to be _that_ bad [you are one sick puppy btw]), and what they could do with tools like this. You don't know who is going to be governing next decade, next century... but it will be way easier for them to prevent any dissent if they already have all the regulations, hardware, software, and historical logs/archives at their fingertips. Also the gradual erosion of privacy is quite likely to lead to that sort of government.
~ppppppppö
Get used to your e-mails being insecure. I know people are going to say "encryption", but think about this:
Before Quantum Cryptography becomes available, Quantum Computing will have arrived (many suggest within a few years) and it will render insecure most or all encryption methods using conventional computers. It has been proven that a quantum computer will be able to factor large primes (see reference in RSA's overview which, interestingly, predicts that quantum cryptography will be realised before quantum cryptoanalysis -- but they would say that, I guess ...).
(Find more about Quantum Cryptoanalysis on AltaVista.)
Sorry guys, but encryption will soon be a thing of the past (before it rises again in a different form on a different infrastructure). Bye, bye privacy, bye e-commerce, bye.
Learn to live with it.
(For the record: there is a different issue in some of the comments: should the Govt snoop your e-mails as a matter of routine? I don't think they should, any more than I think they should read all the postcards that are sent through the mail.)
---
"Where do you come from?"
Hi!
I should have added that steganography will probably still work. However, that is not what most people are using or seem to be talking about when they say "encryption". Shame, really.
---
"Where do you come from?"
Hi!
Recent, similar sentiments on the part of the government are being bandied about in France, England and the good ol' home of the free, United States.
In all cases, these politians make generalizations that claim that criminals are making use of the Internet (please, no more "cyberspace" or "the Web") as a means of communication.
Don't buy this bill of goods without proof. Demand proof that established criminals and terrorists are using the Internet as an intergral part of their planning and execution of their crimes.
Otherwise, this is only another means for scared, outdated governments to try and tap into our privacy.
Vote against all politicians who suggest, fund and advocate the usage of electronic surveilance of innocent civilians. Put your money where your vote is.
Things have changed between 1998 and now. (one significant change is that they now have a Breakfast show instead of BBC World in the morning, and the first show is not "Maggie's Garden Show".)
:P
There seems to be a trend of Christchurch becoming a new center of technology in the Austrialiasia sector, some companies have been bought by international outsiders and then left alone to continue their efficient development models. Lots of large companies (Compaq, Trimble Navigation, Pulse-Data, The Holliday Group, etc) have their heavy-duty development houses here.
Because of the scale of the country, many new technologies are trialed here first, and then implimented otherwhere once proven successful. The government is being put under enough pressure to change immigration procedures for information technology people.
Don't count New Zealand out just yet.
In New Zealand we have a little piece of paper known as the Privacy Act. This little bill makes it illegal for anyone to obtain, use, distribute or whatever, anything about me unless they have MY direct permission to do so. In all the discussion I have read on Slashdot, no one seems to have taken this into consideration.
Effectively what this means is that the police cannot read my emails unless I give them permission to do so, or they obtain them from the intended recipient with their permission. It is just the same as the police being unable to give out my name, address, phone number and criminal record details unless they have a court order or my permission.
So how does this play into effect as far as I'm concerned?
Simple. Primarily, for the government and the police to pull this off, they'd have to amend the already existing and established Privacy Act before they could even pass this new bill before the house. Secondly, we live in a democratic country. If we can get enough people to back it and sign a petition, a referendum can be forced which would request that all those eligable to vote do so on this particular topic. The downside is that this requires that there be those willing to stand up, make a stand and prepare a petition. There also needs to be awareness of this petition for people to sign it.
The first thing us NZ'ers need to do is write to our local MP (Member of Parliament) and express our concern and state exactly what our views on this issue are. Tell them exactly why we think this is a bad idea and why we consider it a breach of our privacy. In New Zealand, if you contact any MP or Minister, they are legally required to reply in some form or another.
As a service to all out there, here is the website to go to to find the email address of not only the Prime Minister herself, but also of the MPs and Ministers.
http://www.parliament.govt.nz/mp s-and-ministers.htmlSo what about this argument of using encryption? I don't encrypt mail when I send it snail mail. I don't encrypt my cheques when I pay bills. I don't encrypt my postcards home when I'm overseas. I don't have to decrypt my newspaper when I read it in the morning. Would someone tell me why I should have to encrypt email? It is my right to send email in the manner I so choose. I know there are elements on the internet that are "shady", but I calculate that risk into the content of the email every time I press the send button. I don't see why a government should force me to use encryption simply because a few bad eggs on the net have gotten smart enough to use a computer instead of the phone.
The most amusing part to all this is that the last time there was any terrorist activity in New Zealand was when a few Frenchmen bombed the Greenpeace boat "Rainbow Warrior" in Auckland harbour. (What is it about the French and blowing things up? Rainbow Warrior, Muaroa Atol and the nuclear testing, and more recently a Concorde full of Germans.) With the lack of terrorist activity in NZ, and crimes being mostly theft and road issues, why does the police even need to snoop emails? Bank robbers in NZ just go into a bank with a gun and a stocking and demand money over the counter.
If anyone in NZ wants to get a petition going (I've already started one in my area of Auckland) look at my user info page, remove the "nospam" from my email address and get in touch with me.
Try an ISP in S. Ireland, I think they have legislation now making it illegal for the government to read your email.
~ppppppppö
In the last century, the democracies of the world fought innumerable wars, with tens of millions of casualties, to prevent the loss of our freedoms at the hands of fascism and communism. No one suggested that we surrender our freedoms to Hitler or Stalin in order to avoid battlefield casualties. But today, the governments of the English-speaking countries and more than a few of our European allies are suggesting that we surrender our freedoms to avoid a few dozen deaths a year from terrorism. What a crock!
Freedom comes at the price of bloodshed, folks. And these days, it's surprising little bloodshed. Terrorism exists precisely because the enemies of freedom lack the power to do significant damage, so they concentrate on some high-profile but not especially great carnage. Terrorism should be suppressed to the best of our ability, of course, but please bear in mind that more people die in domestic disputes every night in America than die in terrorist attacks in a decade. Terrorism is only an issue because we allow ourselves to be panicked by a few crazies.
In the one case that could have been a major terrorist disaster -- the World Trade Center bombing -- the disaster was averted by the ignorance of the terrorists, not Carnivore. The intelligence agencies like to make mysterious noises about all the attacks they've averted, but we never see any evidence to back up those claims.
State security is a dangerous thing. The very apparatus necessary to ensure total security is the same apparatus necessary to ensure totalitarian rule.
I can't speak for other countries, but we have much more pressing problems in America. Tens of thousands die every year on the highways due to drunk drivers; somewhere between one-sixth and one-third of all women will be sexually assaulted at least once in their lives; child abuse and neglect is rampant; the two leading causes of death for minors are murder and suicide. When we make progress on those fronts, then let's pour our resources into chasing a handful of terrorist acts. Until then, don't tread on me.
Proud member of the Weirdo-American community.
I was having a discussion a week or so ago on a mailing list about Carnivore and how to get around it by using encryption. Encrypting email between specific people is relatively easy (if you can convince them to use encryption), but the question came up about how we could easily encrypt list traffic.
The list structure is the common one where there's a central address that recieves mail and churns it out lots of times to everyone who's signed onto the list - but since people can subscribe and unsubscribe dynamically, posters don't know who is on the list at any given time.
The only obvious way I can think of doing this is if everyone encrypted their postings to the central list-server, which would in turn decrypt it and re-encrypt it maybe hundreds or thousands of times over for each person subscribed to the list. This doesn't seem very efficient and I'm not sure if there are any list servers out there that will do this, anyway. (Please yell out if you know of any.)
Does anyone know of any relatively efficient methods of running distributed mailing lists where all the traffic is encrypted? (Preferably something that's not very difficult to set up.)
I'm fully aware that people could just subscribe to the list, but I don't think it's as important because there might still be standard security steps like requiring authorisation before joining.
===
It's very smart of governments around the world to begin to take away people's civil liberties quickly, and before the entire population of the world is online.
Why are they trying to get it done so quickly?
So when EVERYONE and their mother is online, the won't know the difference betwixt the (non-existant) privacy they have now, and the privacy people used to enjoy years ago.
Now is pretty much the time to get our asses in gear and make a statement that we will not tolerate this kind of flagrant violation of our civil liberties. Anyone else remember anything about illegal search and seizure? Write your congressmen, vote...and most importantly - VOTE WITH YOUR POCKETBOOK! This is the online equivalent of the FBI or whomever basically just coming into your home and looking through your shit while you're not there. The only difference is most people don't know enough right now to care. CHANGE THAT! MAKE PEOPLE AWARE!
I, for one, am making PGP a standard. (Apologies for the US specific references....you all get the point).
FluX
After 16 years, MTV has finally completed its deevolution into the shiny things network
"It is seldom that liberty of any kind is lost all at once." -David Hume
Yeah, but that's false reasoning and the public and the authorities must be taught that encryption does not imply that crime.
Encryption on its own is not enough to deal with the issue of mail interception. The interceptors are giving themselves progressively greater powers to ensure that encrypted mail can either be decrypted by them or used as incriminating evidence in its own right by being encrypted in the first place.
The problem is inherent in the current naive SMTP/POP3/IMAP model of mail service. It served us well for two decades, at a time of network openness and innocence. That time has now gone. DARPA researchers wanted to make their network stand the odd atomic bomb. Now we have a different evil to overcome.
Here are the key aspects of the problem, and the areas that a solution would need to address: Time to replace SMTP/POP3/IMAP.
"The question of whether machines can think is no more interesting than [] whether submarines can swim" - Dijkstra
This Paul Swain guy, is he
(a) the Information Technology and Associate Justice Minister as referenced here or is he
(b) the Commerce Minister as referenced here?
I read this, and actually started getting interested in New Zealand politics. (slow weekend) A bunch of good starting points here
IANAL (I am not a Libertarian) but maybe these guys have the right idea: Libertarianz
Altho as a whole, Libertarians are pretty strong on intellectual property rights, a whole 'nother issue...
M$: "We're #2!"
use gpg or pgp. use mailers like pine, mutt or eudora that support them.
US Citizen living abroad? Register to vote!
then they should use encryption. use gpg or pgp. use mailers like pine, mutt or eudora that support them.
US Citizen living abroad? Register to vote!
First, the UK said it would survey email, then Janet Reno ruled that Carnivore would be allowed to be used, and now this. It seems as each day passes it is getting more and more important to encrypt your emails.
We'll, we've been hearing about the United States governments actions in regards to the monitoring of email (the carnivore system, etc), and now its about the right time for the rest of the world to come in a bit too. It does look as if all governments are taking it upon themselves to monitor email for "illegal activity" which brings up some interesting questions.
Why do governments beleive that email is different than snail mail? Is it because its easier to use, or just easier for them to read? I'm not quite sure, I tend to think that they are treating it like phone lines because they can, not because of any sort of precedent. You can't open up a snail mail letter because of the envelope and people would know you're reading it, but you can easily tap a phone line, as its not as easy to detect the intrusion of privacy. Email follows the path of the phone line, but its just easier, as they can just intercept it before it gets there, and there is really no way for anyone to know if they've read it. I guess this is quite obvious material...
While I have nothing to hide in my emails, I guess its just starting to piss me off that all the governments of the world are starting to take their turns reading my email just in case I might be a terrorist threat. Seriously now, how many terrorist organisations would be dumb enough to not encrypt their emails that they send to each other, its ludicrous. I for one am going to start encrypting everything just to piss of the government...
If enough people would do this sort of thing, it would be impractical for the government to do this sort of thing, and hopefully it will just go away.
Fucking government assholes... if you weren't such snooping bastards, maybe I wouldn't feel it was necessary to ensure my privacy. My problem is that not-so-savvy friends and business associates require me to use cleartext e-mail. Ah, life is depressing...
---------///----------
All generalizations are false.
--
I like to watch.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is just yet another wonderful reason to start informing people of PGP, what it is, and how to use it.
h h/9//okvcAn2+u +XGNFWpb9zM+t8Dk3+UlEBkO =JyHX -----END PGP SIGNATURE-----
Stop whining, and start encrypting. Then they can read all the email they like... course... decrypting it would be harder... and you'd at least be aware of the fact that your email is compromised if they court-order your private key.
Be vigilant. -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.3 iQA/AwUBOYNAL8Q/V8QYw1ouEQKrjQCfSajlPpgnBxpDeWJNi
There are five aspects of Internet mail services that have attracted this attention from the interceptors:
1. Mail addressing is in the clear during transport.
2. Mail content is in the clear during transport.
3. Mail storage is in the clear after delivery.
4. Senders send mail to their own ISP's servers.
5. Recipients receive mail from their own ISP's servers.
(This refers to the mail services used by the largest proportion of Internet users, the ordinary Joe Bloggs with a dynamic dialin account with a free or very low-cost high-volume ISP.)
These features together have been instrumental in the current domino effect as more and more countries decide to violate their citizens' privacy. They provide the interceptors with a known fixed point at which to intercept any given person's mail, full knowledge of where his mail is going, full knowledge of the source of incoming mail, and full legibility of the content of correspondance.
If you consider the nature of the people concerned, one might as well have called these mail standards the Please Intercept Me Protocol. We've made it ridiculously easy for them to snoop, so they're doing it. It's our fault. You can't blame them for lack of scruples -- if they had any, they wouldn't have placed themselves in a position where they can wield coercive power over others.
So, let's take our standard catch-all phrase and modify it to suit the new circumstances: The Internet interprets mail interception as a fault and routes around it.
In other words, let's create a mail system with the following attributes:
1. Mail addressing details are not visible except between pairs of delivery points, which see only the from/to information that applies to them at that point in the transport. Multiple layers of encryption keep all other details of addressing invisible. Something along the lines of onion routing seems feasible.
2. Separation of payload from addressing, and the payload is of course always encrypted. Encryption must not be optional, ever, and apart from a strong default, the encryption algorithms used must be arbitrary, multiple, and unidentified.
3. No storage of mailboxes on a customer's ISP's servers. This can be addressed either by using remote servers in safe jurisdictions, or preferably by doing away with the concept of remote mailboxes altogether, ie. keeping mail in transit at various dynamic funnel points until the destinee appears online and signals his presence.
4. No single transit destination for a person's mail. The biggie here is that MX records direct mail to the fixed point of the ISP's choosing, so this whole methodology needs revising to allow the use of a dynamic set of customer-chosen remote funnels instead.
5. Senders should not send mail to their own ISP's relay as smarthost, but bypass it, ie. communicate directly with some remote destination. Unix-type boxes already do direct end-to-end delivery by default anyway, but the new scheme should make that the norm on all platforms.
Well, that doesn't sound like a particularly difficult spec. Let's have a little think about it, rummage around the IETF to see if there's anything already in the works that might do the trick or be a good starting point, and get to it.
"The question of whether machines can think is no more interesting than [] whether submarines can swim" - Dijkstra
I can't exactly say I like snooping, but I don't think it's unnatural given what the Internet is.
The Internet is just a bunch of networks joined together with archaic unreliable agreements, carrying each other's traffic. It's impossible to tell what's going to happen to data once it's transmitted into the open system, and if people want to monitor the traffic passing through their system I don't think anyone can really complain about it. I do have a problem when governments coerce ISP's into letting them watch, but it even if they didn't it can't be relied upon that the ISP wouldn't simply choose to show the government what was in your email anyway.
The whole point is that by default the net is insecure, and the idea has always been that integrity and security have to be established at each end. To do otherwise is like talking in an open courtyard and assuming everyone will turn their backs, ignore you, and not talk over the top of you.
Right now we have some great end-end protocols for ensuring integrity (and I guess TCP is the most obvious), but it really irritates me that there are so many people out there who don't give a damn about the security part of it. (Probably because of the sudden explosion in people who aren't interested in what goes on behind the send button.)
Has anyone out there ever had any real success in convincing people (not just computer geeks) to use encryption automatically?
===
I find it interesting that the more socialist governments seem to be the ones first out of the box with these sorts of proposals. Australia, New Zealand, Great Britain, France, etc. talk a good game about being for the ordinary person, but are the first ones to heave individual rights over the side when it suits them.
Damn, but this whole thing stinks.
--
Dyolf Knip
Everyone has heard this before: "You should send all your email encrypted, not just the important stuff, so that (insert many good reasons here)".
/var/mail) in an encrypted form. Again, this involves adding something onto sendmail, this time when the mail is written into the mail spool. This would be a bit more tricky than 1), since user mail programs would either have to be able to do the decryption or call some agent to do it for them.
In a perfect world, this would in fact be the optimal solution. But, realistically, since this isn't happening any time soon, how about some other options that at least get us part of the way there?
1) Add encryption into sendmail's transmission of mail. The goal here is to have the actual email traffic sent over the open wire encrypted, like ssh traffic is. OpenSSL could be used for this. Of course this does nothing to protect you if your computer is cracked or stolen (including by the gov't), hence:
2) Store mail (in
Despite the complications in 2), these still both seem very doable to me. 1) would require extending the SMTP protocol slightly, so that mailers can talk to each other and send things between each other in an encrypted form only if both are encrypted-capable. Has anyone else thought of doing something like this before? Is it as feasible as I think it is (or am I just low on sleep and not thinking clearly)?
---
At least mafia-owned pizzarias make excellent pizza. Compare to Bill Gates.
you should write a screenplay!
I believe it's just standard power control freak activity. Look at telephone wiretaps. I personally find them abhorrent, a violation of privacy, etc. Way too open to abuse. I don't even like the idea of police listening to closed doors. But I digress :-)
Think back to before the telephone. Criminals has to meet face to face or send letters, and I doubt letters did much for simple crime. Most likely, to organize a bank robbery or any kind of activity, they met face to face. The only way for police to listen in was informers in the meeting, or ear to the door. I doubt there was much ear to the door stuff, it would be too easy to prevent. So there wasn't a whole ot of police listening in on crooks.
Then along comes the phone. Crooks weren't stupid, they could see how they could get together for a combined effort so much easier with a few phone calls. Police recognized this too, but suddenly they had the *capability* of listening in without having to put their asses in danger from twitchy guards protecting the meeting. And just like nowadays, they conned a mostly ignorant public into going along with their plans, with much the same message -- the innocent had nothing to fear, there would be no abuses, etc.
IIRC wiretaps were originally thrown out of court until Congress passed some enabling legislation, which did not get completely smooth sailing. There was debate, but not enough. Probably a web search would refresh my memory, but I haven't a clue now where I read this, or how much I remember correctly.
--
Infuriate left and right
One of the things about New Zealand that lends itself to this sort of official snooping is the small number of providers. There's maybe three nationwide providers, and not that many smaller ones, so the government has only a few points to cover in order to read 90%+ of email. Added to that is the limited number of overseas links, and you have a situation ripe for official suppression.
The funny thing is that, at least in NZ, this is completely the opposite way around. The government that let the secret service (SIS) off the hook without explanation was the same one that pushes for free market etc. Hell there was even a report from the Herald that they were intending to give the SIS the ability to search someone/someplace without a warrant. They got found out and had to back-pedal on that one.
The people most likely to shoot this one down are both extremes of the spectrum. The Greens (You can't get more socialist!) and Act (Almost managed a flat tax rate, and ditching of social welfare). The real evil is the ignorant centre, who have never had to campaign for anything in their lives.
Yes, I think its "OK" for law enforcement agencies to monitor my communications after demonstrating reasonable cause for suspicion but before formally charging me. Thats what warrents are for. So, I guess I don't need to worry ablout constitutional garantees of privacy.
Personally, I do believe in privacy, but as a balanced, rather than absolute right. That is, all things being equal, people should have a right to personal privacy. However, the world is full of situations in which all things are not equal and the right to privacy must be balanced against other equal or more important rights. Unfortunately, /. is the land of absolutes and slippery slopes, making a reasonable balancing of rights nigh impossible.
As for the title question, I don't think criminals will "wise up" to the extent of making this useless. Taps are useful at the stage where the criminal does not yet know how suspicious the leos are of him/her. Everyone who commits a crime is not a criminal mastermind with an evil tech wizard advising them on how to stay one step ahead. Email taps will be helpful for leos, and public watchdogs will continue to act against excesses of all kinds by leos. Its not really that big a change if the taps are held to pre-existing standards of survielance.
-Kahuna Burger
...will work for Chick tracts...
Imagine your boss giving you the feedback: "Ooops, your poorly worded e-mail got the organization into trouble today..."
Your last jibe about corporate spying could shed more insight into the continued Echelon sabre rattling...
US spy relic has Europe talking quietly
(I doubt the referenced corporate example was from a *random* Echelon interception.)
From the article:
So, won't criminals just use PGP and anonymous remailers (based in other countries with strict privacy laws) now?
Citizens should be pushing for constitutional protection of privacy (in nations that don't have it already; it exists in the US, but only by Supreme Court fiat, AFAICT). Unless you think it's OK to read your mail before even charging you with anything.
Java: the COBOL of the new millenium.