Slashdot Mirror
Browsing Privacy - Off With Your Headers!
andyo writes: "Incredible assertion in this Wired article that 'Americans have no reasonable expectation of privacy in the identities of their e-mail correspondents, or the addresses of Web pages they visit.' Cites two senators who I'd thought to be more clueful (Orrin Hatch and Chuck Schumer)." Sure, the FBI should be able to check out every URL I visit without a warrant. They'll never abuse that power.
In normal times the opinion of these 2 avowed members of the ultra conservative christian right would be ridiculed, but at this moment in time they will get wide support in some areas.
the terrorist actions commited on the 11th are such that many many americans will give up what they see as small freedoms in order to fight the supposed evil around them.
Enough small freedoms and you are living in a police state - and the scary thing is how easily this could be done in the US.
But in a way they are sort of right - with many modern systems and tools you dont have a hell of a lot of privacy in these areas unless you set out to make sure you have it.
I refuse to argue with Anonymous Cowards - if you want a discussion get an account....
I totally agree with you. It's extremely scary, but how can we fix the problem?
From what I can tell, there aren't enough "educated" people that care enough to make a difference. For instance, out of everyone that reads this site and agrees that all this additional privacy invasion is bad, how many people would actually DO something to make a difference and end this nonsense?
The man who trades freedom for security does not deserve nor will he ever receive either. - Benjamin Franklin
It is not very surprising to hear a public official claim that email and web traffic is not private. For the most part ISPs will tell you as much in their disclaimers, and most schools and colleges will claim that email is the property of the school. Companies vary on policy, but most of them consider email and web traffic as part of their business and ultimately as their domain to moderate. What we should be doing is creating an online bill of rights to secure rights to privacy in electronic transactions and communications.
just my $.02
-b
When government officials, cops or otherwise, follow your every move on the internet without a warrant it's considered acceptable. But if they follow you around and watch your every move offline without a warrant, it's considered harrassment.
You know, I'm the first to agree that it's assinine to make new laws to cover territory already covered by old laws simply because of a new information medium, but if we can't reverse the trend what about making new information-based laws to protect our rights there, as our parents originally did with old laws? If the RIAA can pass the DMCA, why can't we get stuff through like "digital harrassment laws" and the like? What, are we too few in numbers or something? We've all seen how sites linked here get slashdotted within minutes; why not slashdot the government similarly? We would seem to have the same basic concerns and motivations, with a few exceptions here and there. Talk about a special interest group waiting to happen.
Now don't get me wrong - I'm a total privacy advocate (ok, some would say nut), and I don't agree with these morons, but in a certain sense they are both correct and incorrect.
1) Correct: You don't have any expectation of privacy in the *ADDRESS* of the person you are corresponding with. You *DO* have an expectation of privacy with the contents of the envelope (let's not even go near postcards). In fact, the USPS has been known to photograph the outside of the envelopes for DECADES of people they want to learn more about, but don't have a warrant for just yet...
2) Incorrect: I do not concur that my surfing habits are 'public'. There's nothing public about the sites I choose to visit on the Net. This is my own damn business, and too many incorrect assumptions could be drawn from stalking me on the Net. If you have probable cause that I'm committing some crime (like I bought 5000 bags of fertilizer and 2000 gallons of diesel and 1000 pounds of aluminum powder and 500 pounds of pink dye plus a case of blasting caps) - then STAY THE FUCK OUT OF MY LIFE.
Now, given that these two camels really want to get their noses underneath the tent so they can collapse the whole thing in the name of 'security', here's what we do:
1) Encrypt everything. Use anonymous chaining remailers. Base your email address upon a key which changes at least every day, if not every minute. Something along the lines of my dear departed anon.penet.fi
2) Use a different scheme to encrypt the contents of the message. Use digital signatures. At least 4096 bit encryption - more if you and your recipients can stand it.
3) Use encryption. Use a dual proxy scheme. Proxy 1 is behind your firewall. Whatever you key into your browser get's encrypted by the proxy and passed to an anonymous recipient proxy (one of many chosen at pseudo-random). Anonymous recipient proxy decrypts the info, hits the site, returns the data. There's some key management and exchange issues, differential traffic analysis issues to accomodate, and some other cryptographic goodies, but if enough people do this - it'll totally fuck up the tracking... Check out the AT&T research paper on "Crowds"...
I for one believe that what those terrorist bastards did was a heinous act beyond belief. However, it is not worthy of my blood-won freedoms. Rather the price of freedom is eternal vigilance. Find every terrorist, expel them into space, and DON'T TREAD ON ME!
You moron. You don't do anything wrong now. But what if something you do now becomes a 'crime'. Then how will you feel about being watched all the time?
Privacy, in of itself, is a lofty goal. It means that we all have to have the respect, trust, and good will to believe that others know what they are doing, and that they are, at least to some extent, 'good' people. That's alot of trust.
.8% to .3%?
Many seem to have the view that "Well I'm not doing anything wrong, I don't mind the government watching me." This view is not a good one to have, and anyone who disagrees hasn't read enough Orwell. To achieve the goal of a better society, we must go the road that is harder to travel. It is to easy to approve programs of National ID cards, National skin implants, or National Internet tracking. They all avoid the real problem, which is fear, doubt and uncertainty.
We all need to feel secure. We need to feel that we can do something to avert past terrorist disasters. Well the truth is, if we want to stay a free society, we can't. Maybe for a month, or a year security checks will improve with hieghtened attention. But like the Cole, and the WTC bombing before it, these things will pass into history and we will be open again. Anybody can drive a bomb into a building. This is the price we pay for not having security checks before we enter our cities, or crossing fellow state borders.
If we want to look at how our society will be after all these proposed new laws, we have many places we can check. In Singapore crime is kept low with harsh penalties, no one wants to litter if the penatly is a beating. In Isreal crime is kept low by placing police everywhere, nobody wants to hijact a plane if they have to deal with 3 cops with guns to do it. We have to ask ourselves as a people, is all that really worth it? Is it worth living in a police state, to reduce one's chances of dying in a terrorist attck from
I trust my paper to be delivered on time, my university to provide me with good professors, and the police to protect me. They have enough power now, as it is. Privacy is that measure of trust I bestow on others to go about their business without my interference. If we loose that trust, we will become less then we are. It will be a step in the wrong direction. Wars sometimes cannot be avoided, they should be fought over these princepals, they are what makes us the remarkable people we are today. Remember these next few words in your heart, and carry them with you, throughout your daily lives. They are worth fighting for.
Those who desire to give up Freedom, in order to gain Security, will not have, nor do they deserve, either one. -Thomas Jefferson
Look at the big picture. The attacks on the core values of democracy are just symptoms of a larger sickness.
The U.S. is undergoing a social breakdown. The U.S. has the highest divorce rate in the world. The U.S. has the highest percentage of obese people. The U.S. has the highest percentage of its citizens in prison of any country ever, in the history of the world.
There is evidence that the secret agencies of the U.S. government and the weapons manufacturers have too much control. Few Americans know how much the U.S. government has meddled in the government of Saudi Arabia, so few realize the extent to which Arab complaints are justified.
The U.S. government (not necessarily the U.S. people) has a history of thinking that violence is the answer. The U.S. government killed an estimated 2,100,000 people in Vietnam and an estimated 150,000 people in Iraq. The U.S. has bombed 14 countries in 30 years, killing a roughly estimated 3,000,000 people. None of the people who were killed in any way directly threatened the U.S. These people had mothers and fathers, wives and families and friends. The U.S. government has a history of valuing the lives of its citizens much more highly than the lives of people in poor countries. Although violence can never be condoned, it is not surprising that some people want to make an effective protest against this.
Some of this is discussed in the article: What should be the Response to Violence?Bush's education improvements were
I don't do anything wrong
You're probably wrong about that. Most people don't realize how many states still have silly blue laws. Enforcable, but not enforced. Oral sex is illegal in many places. Here in Massachusetts we have "consentual striking laws" so a guy can go to jail for spanking his girlfriend even if she asks him to. In some southern counties, exotic sex positions are outlawed. If you have any sort of sex life at all, odds are you've broken a law.
Still think privacy is worthless?
You want the government to have a list of things they can arrest you for, in case you ever piss them off?
Since the days when man first gathered together in tribes and the biggest became Chief, he has been concerned with the Chief (or the neighbours) looking into his life. So he built walls and fences and claimed the space as his own, private space.
And while the sun shone, and the harvests were good and the children played in the street all was well.
But when the enemies gathered at the gate and fear gripped the citizens hearts, then a great fear arose that there could be enemies in their midst. And the Chief and his people, by dint of their power, would enter and search their people homes in order to safeguard the people, and for fear of losing their power.
So it was then, and so it is today. The space of 'privacy' is much greater and is no longer just fences and walls, but email and conversations, but the same principle applies. The 'enemies at the gate' may be real or percieved, the fear may intensified by the media, the Chiefs may be more concerned with their own well being than that of their citizens, but basically, the same ball game.
The US Constitution is supposed to guarantee its citizens the right to their privacy. One of the worlds great documents, but still just a document. It does not list the rights granted to people by nature, it is more the hopes and aspirations of those building a new society. And now they've gone and the society is becoming old and staid and the Constitution is just a document. And so those dreams fade away. Privacy being one of them....
And thats why I say the right to privacy is an illusion. Just an idea in a document. A great document to base a society on, when times are good and citizens have a song and a great hope in the hearts. But when their courage fails and fear strikes, then like all societies, it will close in on its self and its dreams be considered inappropriate for the great fight ahead.
From here in Europe, we can just hope that the dreams of your founders win out over the fears of your people.
----------------
.sig restricted on need to know basis.
----------------
.sig available on 'Need To Know' basis only!
I've seen sigs like that myself, warning the reader that they should not read the message unless they are the intended recipient. This always brought the same question to mind: Why put it at the end of the message?
It goes from God, to Jerry, to me.
Your phone land line in an unencrypted, insecure wire. With some parts from Radioshack I could easily listen in to everything you have to say. But it's still protected by law.
Your cell phone is even easier to listen in to. But again, your conversations are protected by law.
Paper mail is incredibly insecure. Open the envelope. But we prosecute the hell out of anyone who dares to do such a thing.
I could bug your home with a little effort and a bit of technical know-how without ever having to walk through the front door. Just need some windows, is all. How much time do you think I'll spend in jail if I do it?
And yet, for some strange reason (or perhaps not-so-strange reason) email is considered to be a free-for-all. The hypocrisy of the exception is rather funny, if you ask me.
Good thing I use encryption on all of my important emails.
Max
My god carries a hammer. Your god died nailed to a tree. Any questions?
1. Employers... I'm self employed but if I worked for a company, I wouldn't want my company knowing that I'm searching for another job
in the sense that i own a business that has employees, i can say as a "company" that most companies generally don't give a rip about the average employee leaving. most savy employees realize this, too: when working for someone else, you can be replaced.
2. The government doesn't need to know how I spend all my time on the web just so they can run my browsing habits through a script that decides if I'm a bad guy. For instance, what if I'm searching for crop duster information, they log it and show up at my door the next day wanting to know why I'm trying to find out info about crop dusters when I never have before.
many reasonable people -- including me -- would argue that a script like that would be damn handy to have right now. i pray the FBI is looking very, very closely at any and all records they have about people accessing crop duster info. and commercial ventaliation systems. and large water supplies.
3. In the U.S. Anonomousity is one of the many freedoms that we have earned. No one should take that away.
i'm not being specious, but where is this in the Constitution? Bill of Rights? anywhere? i honestly don't think anonymity is a "right".
4. Too much risk of security holes. So they want to install a crypto backdoor in EVERY computer... Can you imagine the chaos as soon as it was cracked? yikes!
just like your employeers, the "govment" really doesn't care about your data. if they did, they can break any encryption you cared to apply to it, because all it takes is cycles.
I agree. You should believe nothing without good evidence.
The article referenced at the bottom of this post provides official U.S. government statistics. (Search on "prison".) An interesting link mentioned there gives another statistic: The murder rate in Washington, D.C. is 170 times the murder rate in Brussels, Belgium.
You can do a Google search for the prison rate in other countries. You will find that European countries have about 1/6 as many of their citizens in prison as the U.S.
"Ever read The Gulag Archipelago?"
Yes, I read that book. During that time in the Soviet Union, there was a far smaller percentage of people in prison than now in the U.S. Also, the Supermax prisons in the U.S. are less humane than Gulag prisons. There is a difference, though; the U.S. apparently has few or no political prisoners.
Check out one prisoner's story: Supermax Prison is Torture and Death. This is not obscure data. I learned about U.S. prisons from a PBS TV program. The two links in this and the previous paragraph are just the 2nd and 4th Google links from a search on "supermax prison".
We live in a time when a well-dressed, educated man or woman in a leadership position will look into your face or a camera, be very clear and logical-sounding, and speak complete nonsense. That's how things got to be such a mess. Tonight on a TV news program a U.S. government official was talking about the "Talley Bahn". He meant the Taliban. From years of experience with this kind of thing, I know it is a good guess that the speaker knows nothing of importance about Afghanistan.
We live in a time when total bullshitters are allowed attention equal to people who know what they are doing. That's how we got the dot-com dot-bombs.More about the social breakdown: What should be the Response to Violence? .
Bush's education improvements were
All this kind of thing will do is give those who have made hidden archives of subversive materials into isolated pockets of power. It's like certain martial arts, the harder the oposing force pushes, the greater the force coming back at them. The target slips to the side at the last minute and the concrete wall takes the force of the fist breaking every finger in the bloody hand of these idiots.
If anybody can use a search engine to find their --fill in the blank subversive material these guys are looking for-- then everybody is a pro and nobody is a leader. But as soon as you start trying to pinpoint who's doing what, you scare people into looking for the "secret" way so they don't get caught. Bang, up step the wannabee disenfranchised pros with their encrypted magic decoder rings and assorted gang paraphanalia.
Now you've creating leaders and gangs and mafiettes where there were nothing but curious or perhaps malicious individuals. Okay, so the Senators say, Great! That's what we wanted, targets, an orgainzed conspiracy.
Alright, now who are the bad guys?
Encryption is an effective tool for providing privacy. Encryption is on their chopping block as well. They are taking away the means to achieve a thing and then saying it's no big deal because the thing cannot be realized. Circular argument.
I would be comforted to see more sincere methods
of pursuasion from our leaders.
I don't think they are competant to act on these issues in the first place. Their only education has been from lavishly generous lobby that has been leading them by the nose for practically every internet related issue that has occured. This is not a responsible way to act on behalf of the people.
What about the list of books I've checked out from the library? The list of movies I've rented? To the best of my knowledge both are protected; in the case of video rentals by the video rental privacy act which allegedly came about as a direct result of some reporters checking into their congressmen's video rental habits. Shouldn't web sites visited fall into the same general category? Maybe posting a list of websites visited by selected congressmen would have the same effect as it did with movie rentals. (-:
At this point, I'm just waiting for someone to put 2 and 2 together and figure out that we have already declared 'war' against another amorphous, invisible, undefeatable enemy: drugs. Anyone remember that? How long will it be until some militant 'Drug Czar' figures out that they can also use the current frenzy of 'security at all costs' to eradicate any/all civil liberties in the name of fighting the evil drug empires. It's a very slippery slope we're heading down right now.
Karma: Professionally Doomed (mostly affected by inability to keep opinions to self)
Same argument applies to HTTP headers. Guys, you're sending traffic across an unencrypted, insecure wire. What expectation of privacy do you really have?
You're absolutely right. Fuck it. If you send a letter through the post office, unless you've physically secured it by putting a lock on it, anyone and everyone should be able to open it and toss it around the office. If you make a phone call without encrypting the voice stream, you're sending it out over an unsecure wire, and you deserve to have anyone and everyone listen in on your conversation for whatever reason their whim may dictate.
Oops, did I say dictate ?
The truth about Scientology, Xenu, and you: Operation Clambake
What happens when the FBI starts using your web surfing habits to obtains search warrants or to detain you?
For all you "I don't do anything wrong people": What happens when reading slashdot makes you a suspected hacker (ie terrorist)?
What happens when you have to have a Star of David on your national ID card to identify if you are Jewish?
"...We need to err on the side of having tools available."
No, no, no! We need err on the side of the protection of our freedoms and civil liberties!
Which part of "inalienable" don't you understand?
There are 10 types of people in the world. Those who know binary, and those who do not.
Disclaimer: IANAL.
First, unless you use IMAP4 or POP3 over SSL, you don't even have a reasonable expectation of privcacy about the body of the e-mails you pull down to you own personal machine. The argument is that if you really cared if anybody read your mail, you would send it in an envelope. Similarly, if you don't want people reading your e-mail, put it in an electronic envelope. (Notice that this envelope need not be secure in order to trigger the privacy provisions, just as a real physical envelope is not secure. You need merely have shown that you intended the communication to be private.) Even then, the address on your mail is only private because a post office box is a secure container. If you leave your mail on a table in a restaurant where I can read the addresses, even upside down, you just gave up your expectation of privacy about those addresses.
In that light, it's clear that the headers you send in the clear through a public network as dissassembled packets which not only can but must be reassembled on the way aren't sent with the expectation of privacy. If you wanted that, then you'd have sent the headers in a way that indicates you care whether third parties can read them. There's no case law about that, but I expect that the threshold you'd need to reach to trigger such an expectation would be quite low indeed. It might well be enough to send your headers as a post request over SSL -- that's the equivalent of putting your letter inside another envelope and having a trusted third party (such as your attorney) forward it for you. There, you have a reasonable expectation of privacy, even for the address to which the letter is sent.
OK guys, privacy is not the right to break the law and not be caught. Law enforcement is entitled to colect evidence against you without your consent if they already have probable cause, or if the evidence is out in the open.
Courts have already ruled that who you call and who calls you is not private and that information can be collected without a warrant. The police can also follow you and film you in a public place without a warrant to see who you meet with
Everyone who reads slashdot is smart enough to know that Hatch is right on this one. THERE IS NOTHING PRIVATE ABOUT EMAIL HEADERS. It's like the address on a letter, it has to be public or it wouldn't work.
Do you believe that the FROM: field on that email you just sent is private? Even when it passes through 20 routers and 5 servers? Of course not. Since you don't resonably expect it to be private, hence you have no "expectation of privacy" and no warrant is needed to gather that information.
Si vis pacem, para bellum
The only thing more annoying than a Libertarian is an (un|mis)informed Libertarian
Maybe you have never seen the FBI bungle investigations first hand?
Maybe under the Whistle blower act, you could expose one of the top 10 construction companies in the entire world, to massive litigation the scale and scope of which makes the tobacco settlements look like a joke.
Maybe just maybe, you live in an asbestos suit, but last check asbestos does not prevent a plasma ray.
mmm good.
The true criminals never care to follow laws, most laws are only enforced upon average joe citizen. As the average joe, is easy to catch, and fine.
Scooby Yoda Zai.
The constitution does not grant rights. Rights are inalienable. If the constitution contained a clause that said you didn't have a right of privacy, then it would be wrong and we would fix it.
But amendment IV of the constitution is actually pretty clear on this point:
I'd say email counts as ones "papers" in this context. The police need a warent to track it, and that shall not be violated.
Now the common carrier I use to send my papers might have some right to do traffic analysis,
but the police have no right to do so without a court order. They certainly can not force my ISP to turn over such records, or impose on my ISP in any way, without a court order.
Warents aren't that hard to get. All that is necessary is to convince a judge that you have
probable cause to believe the person is involved in something illegal. The fact the law enforcement is trying to remove this requirement make me wonder why. Are investigations so poor that they don't even withstand that tiny amount of scrutiny?