Browsing Privacy - Off With Your Headers!

andyo writes: "Incredible assertion in this Wired article that 'Americans have no reasonable expectation of privacy in the identities of their e-mail correspondents, or the addresses of Web pages they visit.' Cites two senators who I'd thought to be more clueful (Orrin Hatch and Chuck Schumer)." Sure, the FBI should be able to check out every URL I visit without a warrant. They'll never abuse that power.

The ultra Conservative right

[q-soe]

In normal times the opinion of these 2 avowed members of the ultra conservative christian right would be ridiculed, but at this moment in time they will get wide support in some areas.

the terrorist actions commited on the 11th are such that many many americans will give up what they see as small freedoms in order to fight the supposed evil around them.

Enough small freedoms and you are living in a police state - and the scary thing is how easily this could be done in the US.

But in a way they are sort of right - with many modern systems and tools you dont have a hell of a lot of privacy in these areas unless you set out to make sure you have it.

Re:The ultra Conservative right

Enough small freedoms and you are living in a police state - and the scary thing is how easily this could be done in the US.

No, the scary thing is that it looks like it will be done in the US. The Bush administration seems to be right behind it, and they've rallied enough support to do it. There's serious support for a national ID card. People who speak out in dissent are being ostracized, and it wouldn't surprise me to see dissenters start to experience violent suppression soon. People are driving around with big American flags on their vehicles and displaying these in the name of patriotism. We've seen this kind of patriotism before - or at least if we haven't, our grandparents and great-grandparents have (treading close to the Godwin line here, but not in histrionics as would normally be the case).

Don't fear that terrorists might win - fear that they have already won, because from this angle it looks like they have.

Re:The ultra Conservative right

[AaronStJ]

Enough small freedoms and you are living in a police state - and the scary thing is how easily this could be done in the US.

With all the patriotism and support for the Bush administration, I'm beginning to wonder if the majority might not eventually want to live in a police state. And if that's what the majority wants, who are we, I wonder, to stop them? If the majority wants to be opressed, isn't that kind of (ironically) their right?

And if so, what are we to do? Interesting stuff to think about.

Re:The ultra Conservative right

[sfe_software]

I think there's some confusion about "reasonable expectation of privacy". There should be no expectation of security, eg email is plain text and easily intercepted. But you should, in the United States, have a reasonable expectation of privacy.

If just anyone were reading someone's email without permission, certainly there would be legal recourse. That's where a "reasonable expectation of privacy" comes in. Just because they're in plain view doesn't mean people have a right to view it. Think 900 MHz (analog) cell phones and the ban on scanners/down-converters. This is really no different in my opinion.

Re:The ultra Conservative right

[sfe_software]

What is scaring you guys with these proposals??? The FBI may scan your emails? Log your web-traffic? What about every curious sys. admin. in every ISP that your traffic goes throu? They all already have the power to do this.

They already have the ability to do this, but not the legal right without a warrant (or at least it can't be used as evidence). Just because it's in plain text does not mean you have no rights protecting you.

They already have the ability to listen in on your phone line, but they do not have the legal right to do so without a warrant. This is not much different, really.

Mind you, some ISPs and web hosts have provisions in their agreements making sure they can view any data on their machines for whatever reason. In those particular situations, this proposal doesn't make much difference. Personally I will only view or give up information on my customers when required to do so by law (eg, a warrant); this proposal certainly changes things.

Re:The ultra Conservative right

[phantomlord]

In normal times the opinion of these 2 avowed members of the ultra conservative christian right would be ridiculed, but at this moment in time they will get wide support in some areas.

So now Chuck Schumer is a member of the "ultra conservative christitan right"? Let's see... He authored the Brady Bill back in 1993 and the assault weapons ban in 1994, wrote the Freedom to Access Clinic Entrances Act, he's for socialized medicine and free prescription drugs, etc. Do you know who he beat to get his Senate seat? Conservative republican Al D'Amato.

Stop and think about all of that for a minute. Just because someone did something you don't like, they must be a member of the VRWC(Vast Right Wing Conspiracy), right? You want to talk about knee jerk situations in a crisis? You're calling one of the most liberal democrats in DC a right wing extremist. If you can't be bothered to do your homework regarding the people whom you're attacking, why should anyone bother listening to your attack. This is one of the reasons why /. would make a horrible lobbying group - so many people here are ignorant of politics but think because they're 1337 perl hackers, they can solve all the problems of the world. You think the legal advice offered on /. is usually bad, the political information is often 10x worse. Moderators: -1 flamebait, -1 attacks /. elitism, -1 must be right wing nut

Re:The ultra Conservative right

[4of12]

Sounds very practical, and I'm sure almost everyone in Deutschland trusts their government not to abuse the system of identification.

In the United States, from a practical perspective we probably don't have any much more reason than you do to distrust our government's intentions if they were permitted to institute a similar system.

It's just that we still cling nostalgically to the idea that we are empowered with not just votes to change our government, but guns, (just in case!).

That's the part that is interesting, because conservative politicians have to walk a fine balance between being pro-law enforcement and pro-gun ownership.

Remember that the deciding factor in Bush's election was white, male, rural voters that helped him get electoral college majority despite a popular vote minority.

The current administration can't afford to alienate their constituency too much with measures that smack of a police state.

If I were in the administration and facing this situation, I'd take advantage of the fact that citizen's object vehemently to government intrusions into their affairs, but think little or nothing about corporate intrusions into their private lives. The wise move would simply be for the government to start buying information from all the direct marketers, credit card companies, frequent shopper cards, etc. Those profiles are already light years ahead of a national identity card.

We need to organize

[maddman75]

We've got to beat them at thier own game. I started a mailing list after reading the "Slashdot in Politics" thread. I'm wanting to get involved, to change the system. Anyone want to help? We've got to do it open source style. Each person works on a small chunk, ending up with a massive effort.

Follow the link in my sig to sign up for the newsletter. We can't just stand by and let this happen.

Natural Justice

[os2fan]

Under the days before computers, copying and tracking was a costly process. This cost provided a dissentive to engage in these, and copyright and privacy laws were intended to finish it off.

Observing a particular action of you is of course not protected. To build a database of this on the other hand is time consuming, and attracts the attention of the law, eventually. Likewise, pressing bootleg or pirate money, books or records.

Copying and tracking have become essentially free. The effect is that the laws of copyright and privacy struggle to deal with the ability to use computers to track and copy things.

At the moment, what is seriously lacking is some measure to deal with the correct use of copies, and who can legitimately copy things and for what.

To deal with "privacy" and "copyright" and "licensing" as separate issues is to miss the point.

But it's true.

[Giant+Hairy+Spider]

You don't have a reasonable expectation of privacy, any more than you do about where you go when you leave your house or who you send letters to. That's just the nature of public actions... they're not private. People can see them, and they are free to tell others, including police. They can be asked with no warrant, and freely cooperate, or if they refuse to cooperate, and reasonable justification can be found, a warrant can be issued to require them to provide it if they have it.

The questions of mass-databasing this information and of requiring private parties to give constant, full reports on the data available to them, are entirely different.

Wait a sec...

[ClubPetey]

*puts on asbestos*
Ok, seriously, I'm not trying to be difficult here, but where is the part in the constitution that says you have the right to be anonymous. I understand the right of free speech, and general "freedoms" granted, but the right to say what you want is not the same as the right to say things anonymously. People need to be responsible for their actions and their words. While sometimes anonymity is usefull and necessary (such as children reporting sexual abusers), most of the time all an anonymous service does is encourage people to behave poorly. When people are not responsible for their actions, they behave irresponsibly.

Take for example the SPAM I get through YIM (or Email). If one was REQUIRED to properly identify themselves in order to get a YIM account, and that identity included name, phone number, etc. How many "HOT SEXXX!!!" messages would you get? Very few, considering you could call them or get their address and harass them back if they annoyed you.

The same applies to the web, I see no reason why a company can't track you through a site. your are on THEIR servers, using THEIR service. They can do what they want as far as it extends to tracking your way around their system. AS for telling you about it. I think people need to realize that they have NO privacy unless they work to create it. Assume all companies are trying to get EVERYTHING from you they can (since they are) and assume that any information you give out unsecured on the web is public domain (since it is anyway).

I know this has been discussed before, but I do honestly believe that a "National ID system" may be useful. The question is making the system difficult to circumvent. The best solution I have at the moment is smartcard chips embedded under the skin (seriously, I think this is cool!) that could be used to track you, grant you access to things you should have access to, and keep you out of things your shouldn't. Just think of the criminal uses if anyone could be tracked. The whole determination of who was at the scene of a crime and who wasn't would be a simple database query. Yea, yea, I know, mark of the beast, but I don't subscribe to that religion.

Oh, no, I don't see National ID cards, tracking, or the FBI reading my E-mail as a loss of my privacy, I didn't think I had privacy in the first place. Besides, if the FBI is really interested in reading the love letters between me and my Fiancee, be my guest.

*takes asbestos off*

Re:Wait a sec...

[prizog]

"where is the part in the constitution that says you have the right to be anonymous."

1st and 9th amendments. See also McIntyre (sp?!) v. Ohio Election Commission

"I understand the right of free speech, and general "freedoms" granted"

The constitution does not grant freedoms. It acknowledges that the gov't will not take them away.

Actually...

Now don't get me wrong - I'm a total privacy advocate (ok, some would say nut), and I don't agree with these morons, but in a certain sense they are both correct and incorrect.

1) Correct: You don't have any expectation of privacy in the *ADDRESS* of the person you are corresponding with. You *DO* have an expectation of privacy with the contents of the envelope (let's not even go near postcards). In fact, the USPS has been known to photograph the outside of the envelopes for DECADES of people they want to learn more about, but don't have a warrant for just yet...

2) Incorrect: I do not concur that my surfing habits are 'public'. There's nothing public about the sites I choose to visit on the Net. This is my own damn business, and too many incorrect assumptions could be drawn from stalking me on the Net. If you have probable cause that I'm committing some crime (like I bought 5000 bags of fertilizer and 2000 gallons of diesel and 1000 pounds of aluminum powder and 500 pounds of pink dye plus a case of blasting caps) - then STAY THE FUCK OUT OF MY LIFE.

Now, given that these two camels really want to get their noses underneath the tent so they can collapse the whole thing in the name of 'security', here's what we do:

1) Encrypt everything. Use anonymous chaining remailers. Base your email address upon a key which changes at least every day, if not every minute. Something along the lines of my dear departed anon.penet.fi

2) Use a different scheme to encrypt the contents of the message. Use digital signatures. At least 4096 bit encryption - more if you and your recipients can stand it.

3) Use encryption. Use a dual proxy scheme. Proxy 1 is behind your firewall. Whatever you key into your browser get's encrypted by the proxy and passed to an anonymous recipient proxy (one of many chosen at pseudo-random). Anonymous recipient proxy decrypts the info, hits the site, returns the data. There's some key management and exchange issues, differential traffic analysis issues to accomodate, and some other cryptographic goodies, but if enough people do this - it'll totally fuck up the tracking... Check out the AT&T research paper on "Crowds"...

I for one believe that what those terrorist bastards did was a heinous act beyond belief. However, it is not worthy of my blood-won freedoms. Rather the price of freedom is eternal vigilance. Find every terrorist, expel them into space, and DON'T TREAD ON ME!

Privacy is Important to a Free Society

[Tranvisor]

Privacy, in of itself, is a lofty goal. It means that we all have to have the respect, trust, and good will to believe that others know what they are doing, and that they are, at least to some extent, 'good' people. That's alot of trust.

Many seem to have the view that "Well I'm not doing anything wrong, I don't mind the government watching me." This view is not a good one to have, and anyone who disagrees hasn't read enough Orwell. To achieve the goal of a better society, we must go the road that is harder to travel. It is to easy to approve programs of National ID cards, National skin implants, or National Internet tracking. They all avoid the real problem, which is fear, doubt and uncertainty.

We all need to feel secure. We need to feel that we can do something to avert past terrorist disasters. Well the truth is, if we want to stay a free society, we can't. Maybe for a month, or a year security checks will improve with hieghtened attention. But like the Cole, and the WTC bombing before it, these things will pass into history and we will be open again. Anybody can drive a bomb into a building. This is the price we pay for not having security checks before we enter our cities, or crossing fellow state borders.

If we want to look at how our society will be after all these proposed new laws, we have many places we can check. In Singapore crime is kept low with harsh penalties, no one wants to litter if the penatly is a beating. In Isreal crime is kept low by placing police everywhere, nobody wants to hijact a plane if they have to deal with 3 cops with guns to do it. We have to ask ourselves as a people, is all that really worth it? Is it worth living in a police state, to reduce one's chances of dying in a terrorist attck from .8% to .3%?

I trust my paper to be delivered on time, my university to provide me with good professors, and the police to protect me. They have enough power now, as it is. Privacy is that measure of trust I bestow on others to go about their business without my interference. If we loose that trust, we will become less then we are. It will be a step in the wrong direction. Wars sometimes cannot be avoided, they should be fought over these princepals, they are what makes us the remarkable people we are today. Remember these next few words in your heart, and carry them with you, throughout your daily lives. They are worth fighting for.

Those who desire to give up Freedom, in order to gain Security, will not have, nor do they deserve, either one. -Thomas Jefferson

The attacks on core values are just symptoms.

[Futurepower(tm)]

Look at the big picture. The attacks on the core values of democracy are just symptoms of a larger sickness.

The U.S. is undergoing a social breakdown. The U.S. has the highest divorce rate in the world. The U.S. has the highest percentage of obese people. The U.S. has the highest percentage of its citizens in prison of any country ever, in the history of the world.

There is evidence that the secret agencies of the U.S. government and the weapons manufacturers have too much control. Few Americans know how much the U.S. government has meddled in the government of Saudi Arabia, so few realize the extent to which Arab complaints are justified.

The U.S. government (not necessarily the U.S. people) has a history of thinking that violence is the answer. The U.S. government killed an estimated 2,100,000 people in Vietnam and an estimated 150,000 people in Iraq. The U.S. has bombed 14 countries in 30 years, killing a roughly estimated 3,000,000 people. None of the people who were killed in any way directly threatened the U.S. These people had mothers and fathers, wives and families and friends. The U.S. government has a history of valuing the lives of its citizens much more highly than the lives of people in poor countries. Although violence can never be condoned, it is not surprising that some people want to make an effective protest against this.

Some of this is discussed in the article: What should be the Response to Violence? .

Privacy -- the Great Illusion

[jalalski]

Since the days when man first gathered together in tribes and the biggest became Chief, he has been concerned with the Chief (or the neighbours) looking into his life. So he built walls and fences and claimed the space as his own, private space.

And while the sun shone, and the harvests were good and the children played in the street all was well.

But when the enemies gathered at the gate and fear gripped the citizens hearts, then a great fear arose that there could be enemies in their midst. And the Chief and his people, by dint of their power, would enter and search their people homes in order to safeguard the people, and for fear of losing their power.

So it was then, and so it is today. The space of 'privacy' is much greater and is no longer just fences and walls, but email and conversations, but the same principle applies. The 'enemies at the gate' may be real or percieved, the fear may intensified by the media, the Chiefs may be more concerned with their own well being than that of their citizens, but basically, the same ball game.

The US Constitution is supposed to guarantee its citizens the right to their privacy. One of the worlds great documents, but still just a document. It does not list the rights granted to people by nature, it is more the hopes and aspirations of those building a new society. And now they've gone and the society is becoming old and staid and the Constitution is just a document. And so those dreams fade away. Privacy being one of them....

And thats why I say the right to privacy is an illusion. Just an idea in a document. A great document to base a society on, when times are good and citizens have a song and a great hope in the hearts. But when their courage fails and fear strikes, then like all societies, it will close in on its self and its dreams be considered inappropriate for the great fight ahead.

From here in Europe, we can just hope that the dreams of your founders win out over the fears of your people.

----------------
.sig restricted on need to know basis.
----------------

Believe nothing without good evidence.

[Futurepower(tm)]

I agree. You should believe nothing without good evidence.

The article referenced at the bottom of this post provides official U.S. government statistics. (Search on "prison".) An interesting link mentioned there gives another statistic: The murder rate in Washington, D.C. is 170 times the murder rate in Brussels, Belgium.

You can do a Google search for the prison rate in other countries. You will find that European countries have about 1/6 as many of their citizens in prison as the U.S.

"Ever read The Gulag Archipelago?"

Yes, I read that book. During that time in the Soviet Union, there was a far smaller percentage of people in prison than now in the U.S. Also, the Supermax prisons in the U.S. are less humane than Gulag prisons. There is a difference, though; the U.S. apparently has few or no political prisoners.

Check out one prisoner's story: Supermax Prison is Torture and Death. This is not obscure data. I learned about U.S. prisons from a PBS TV program. The two links in this and the previous paragraph are just the 2nd and 4th Google links from a search on "supermax prison".

We live in a time when a well-dressed, educated man or woman in a leadership position will look into your face or a camera, be very clear and logical-sounding, and speak complete nonsense. That's how things got to be such a mess. Tonight on a TV news program a U.S. government official was talking about the "Talley Bahn". He meant the Taliban. From years of experience with this kind of thing, I know it is a good guess that the speaker knows nothing of importance about Afghanistan.

We live in a time when total bullshitters are allowed attention equal to people who know what they are doing. That's how we got the dot-com dot-bombs.

More about the social breakdown: What should be the Response to Violence? .

Re:Believe nothing without good evidence.

[bacchusrx]

I found the last article you linked to had many if interesting facts. I found it a bit too pro-Laden though

You've created a fallacious false dilemma--as if the only two options were "support the US government" or "support bin Laden."

To make a rational argument against US policy does not make one an apologist for terrorists. Or worse, a supporter of terrorists as you claim this person to be.

I think most people would find it hard to believe the violence is really about that. It really angers me to see an attempt at rationalizing terrorism in this way.

By the same argument, you could posit that American rebels during your* own revolution were terrorists against the British Empire. I don't think people find it so hard to believe that one might be willed to violence against an oppressive empire in the pursuit of liberty.

In any case, this attitude of "if you're not with us, you're against us" will only inevitably lead to witch hunts and the further degradation of what little democracy we have. Such arguments don't hold water.

BRx.

Another slogan

[lightray]

``Liberty may be blind, but she has some sophisticated listening devices.''

Senators are citizens too...

[DJerman]

Perhaps the EFF should set up a facility for monitoring all politicians' surfing and email habits... surely some of them go online. If they have no expectation of privacy, it wouldn't be illegal, any more than publicizing their voting record or public appearance schedule, right? Sauce for the goose.

Sometimes I wonder if the people proposing these laws plan to emigrate when they retire...

Re:The Slashdot Hypocrisy Meter is Pegging

[camusflage]

Same argument applies to HTTP headers. Guys, you're sending traffic across an unencrypted, insecure wire. What expectation of privacy do you really have?

You're absolutely right. Fuck it. If you send a letter through the post office, unless you've physically secured it by putting a lock on it, anyone and everyone should be able to open it and toss it around the office. If you make a phone call without encrypting the voice stream, you're sending it out over an unsecure wire, and you deserve to have anyone and everyone listen in on your conversation for whatever reason their whim may dictate.

Oops, did I say dictate ?

This is a GOOD thing

[fajoli]

From the perspective of encouraging people to understand the realities of email, this is a GOOD thing. A reason people do not use encryption on their email is the belief that no one will read the email enroute. The first high-profile case of someone being arrested for statements made in supposedly private email will drive the public to protect themselves.

An example of this is the now common confidential paper handling companies. Twenty years ago companies didn't hire these confidential paper shredding companies as a matter of normal business. Even shredders were not that common outside of payroll and human resources departments. Companies found out that they had no expectation of privacy for papers in their dumpster. Police shows and news reports highlighted secrets being found through dumpster diving. Today, one may be hard pressed to find a company that doesn't ensure as many documents as possible find their way into confidential trash bins picked up by specialized waste handlers.

In the end, the more hub-bub that comes out of this reality, the better. Nothing drives sales like a real risk uncovered.

I look forward to a Law & Order episode where they read the email of a suspect, find it all encrypted, and later find out the suspect had nothing to do with the crime.

Unsigned vs Unaccountable Speech, Privacy

[Speare]

[stock rant on the subject]

There have been several postings already that point out that the First Amendment does, or does not in fact, protect anonymous speech.

There is a confusion about what 'anonymity' means. Courts have ruled specifically about two aspects of anonymity, and have ruled that one form is protected, and one form is not protected. Others tend to think that anonymity is related to privacy. To lump them all under 'anonymity' is to ensure further confusion.

There is a First Amendment right to 'unsigned' expression. You can CHOOSE not to put your name on something you write, because you have the right to express yourself how you wish to express yourself, and to COMPELL an author or artist or whistleblower or witness to SIGN their own expressions is a blow against freedom of self-expression, and has a chilling effect on expression.

There are regulatory exceptions: the post office usually does not reject to unsigned envelopes, but sometimes does reject unsigned packages.

However, there is no right of 'unaccountability'. That is, if a third party is able to prove that you were the responsible author/artist/whistleblower/witness, then this fact is admissible, and you are able to be prosecuted if your expression is libelous, slanderous, or in some other way breaks existing laws. You are always accountable for your actions, including expression.

The Internet makes it easy to elude obvious signatures, but most ISPs keep enough logs to ensure some modicum of accountability. It is because of this linkage, and because of the confusion over the use of 'anonymity' that the courts are beginning to form guidelines, and the law enforcement community is interested in shaping that process to favor the availability of latent evidence.

The guidelines describe what standards must be followed to force ISPs to divulge private records to turn 'unsigned' expressions into 'accountable' expressions. In short, the courts seem to say that the specific expressions must be shown specifically to have a strong case for illegal forms of expression: again, libel, slander, or other legally disallowed forms of expression. This hurdle must be met BEFORE the ISPs are required to divulge private information.

[end of stock rant]