Slashdot Mirror

← Back to Stories (view on slashdot.org)

Limited Email Surveillance Approved

Posted by ryuzaki0 on from the but-they-were-all-bad dept.

MrNougat writes "CNet reports that some surveillance of your email has been permitted by U.S. District Judge Thomas Hogan in Washington, D.C., without first requiring any evidence of wrongdoing. Curiously: 'instead of asking to eavesdrop on the contents of the e-mail messages, which would require some evidence of wrongdoing, prosecutors [of the US Justice Dept.] instead requested the identities of the correspondents. Also included in the request was header information like date and time and Internet address--but not subject lines.'"

14 of 249 comments (clear)

  1. Get yer encryption here, folks by chiph · · Score: 5, Informative

    http://www.pgpi.org/

  2. Don't worry. by khasim · · Score: 2, Informative

    You only lose any Rights you haven't used within the last 90 days.

    Now, you have to prove to the government that you're actually using any Rights you want to hang on to.

    I recommend calling and sending real letters to your CongressCritters.

    1. Re:Don't worry. by 3-State+Bit · · Score: 2, Informative
      Halliburton.com told me about the camps.
      okay. where's the link?
      I was wondering too, so I Googled and got the following link:

      Halliburton - Financial News

      * KBR has been awarded a contract announced by the Department of Homeland Security's United States Immigration and Customs Enforcement (ICE) component. The Indefinite Delivery/Indefinite Quantity contingency contract is to support ICE facilities and has a maximum total value of $385 million over a five-year term. The contract provides for establishing temporary detention and processing capabilities in the event of an emergency influx of immigrants into the United States, or to support the rapid development of new programs.       (Emphasis mine.)

      From:
      http://ir.halliburton.com/phoenix.zhtml?c=67605&p= irol-newsArticle&ID=809356&highlight=

      Notes:
      My Google query was "site:Halliburton.com contract emergency detention".

      In case the Halliburton document is taken down, or if you'd like to see it with the search terms highlighted, see the page in Google's cache.
  3. We are on our way to... by dwayner79 · · Score: 2, Informative

    http://www.aclu.org/pizza/

    --
    Religion and politics, without the flame. godgab.org
  4. It's for a grand jury , so different rules apply by reverendlex · · Score: 2, Informative

    Since it's a Grand Jury investigation, the regular 4th Amendment (search and seizure/probable cause) rules are relaxed. A Grand Jury subpoena only requires that the information obtained isn't a fishing expedition.

    This isn't another spying story- grand juries have had the power to read all of your documents to determine if a crime has been committed for hundreds of years.

  5. Re:Btdd by Transcendent · · Score: 3, Informative

    Look up a little about SMTP. You can send e-mails to addresses not contained anywhere in the e-mail header. The sender simply has to put in "RCPT TO: someone@somewhere.something" or even simply the username on the server and it'll get to them, no matter what it says in the To.

    Try it. Telnet to your SMTP server and send an e-mail to yourself:

    EHLO localhost
    MAIL FROM: valid@email.address
    RCPT TO: destination@email.address (or username on the system)
    DATA
    (From, To, Subject, etc would go here)
    Any message
    .
    QUIT

    This will send an e-mail with no To, or Subject in the header (it should contain the From at least). The only restriction you may have is that the SMTP server may do checks on the MAIL FROM or RCPT TO lines, which will restrict the addresses you can send to/from. If it's running AUTH, you may have other troubles too.

  6. Re:So use encryption! by Haxwell · · Score: 5, Informative

    Two words:

    Mixmaster remailer.

    --
    http://www.haxwell.org
  7. Re:Btdd by DavidTC · · Score: 2, Informative
    Right.

    Where an email ends up, and where it gets bounced to, are out of band communication.

    A SMTP converstation looks like this, simplified somewhat and with angle brackets replaced with { and } because I am lazy. client.dom sends C messages and has just connected to server.dom, which sends S messages. (After each response code, the server can send random text, though there are conventions there.)

    S: 220
    C: HELO {client.dom}
    S: 250
    C: MAIL FROM: {user@client.dom}
    S: 250
    C: RCPT TO: {user@server.dom}
    S: 250
    C: DATA
    S: 354
    C: Entire email message, including the headers
    C: .
    S: 250
    C: QUIT
    S: 221

    The mail server then traditionally preprends a Received header, and delivers the mail, or relays it elsewhere, depending. Although there was probably some more stuff in there consisting of SMTP AUTH commands if they're going to relay it somewhere, as open relays are frowned on. And the HELO is usually EHLO instead, which tells the mail server to say what extended commands it supports.

    But you'll note that routing the message is entirely seperate from the headers. You could have the headers consist entirely of 'Haha: ha ha ha ha' and the message would be delivered with just that, and any Received headers that mail servers in between put in there. Sometimes they put in other things, like 'To: undisclosed-recipients:;' and make up a Message-ID and Date, but you can't rely on that information, because mail servers don't touch those headers if you've forged them...they just put in missing-but-required headers.

    Sometimes mail servers do go ahead and put MAIL FROM as 'Return-Path:' and RCPT TO as 'X-Original-To:', or in other headers, and those almost always end up in the Received lines somewhere, but they are not required to do that, and it's non-standard. (Finding out the original MAIL FROM and RCPT TO is something that all us mail admin have had to do at some time or another, and it's sometimes easier to just look at the Received line for the queue ID, and grep the maillog for it.)

    In fact, most mail servers accept messages with no headers at all, even though they are not supposed to. The headers are just marked by a blank line after them, and thus if they get a message with no blank lines, they technically got a message with no body, but they'll put whatever was received in the body, and make up a header instead, which at least will make something show up in the client. (Usually the problem is a crappy client didn't put the blank line in there, so this way other people at least see the message, although with the headers prepended.)

    --
    If corporations are people, aren't stockholders guilty of slavery?
  8. Re:Land of the free by monkeydo · · Score: 5, Informative

    This article is neither interesting, nor informative. In fact, the summary is very misleading. The application for a pen register requires, "a certification by the applicant that the information likely to be obtained is relevant to an ongoing criminal investigation being conducted by that agency." No evidence of wrongdoing, my ass.

    Plus, as the article mentions, it was the intention of Congress to bring these type of "trap and trace" orders for email in line with phone lines when they amended the law more than 4 years ago, so this isn't really news.

    The Supreme Court ruled as early as 1979 that the fourth amendment doesn't require a warrant for a pen register, because you have no expectation of privacy in what phone numbers you call. I can't fathom any reason why federal investigators should have to meet one standard to get a pen register on your phone, and a different standard to get the same information for your email.

    --
    Si vis pacem, para bellum
    The only thing more annoying than a Libertarian is an (un|mis)informed Libertarian
  9. Use Free Software by massysett · · Score: 4, Informative

    http://www.gnupg.org/

    --
    Penny - plain text accounting
  10. Which is valuable and has precedent by Beryllium+Sphere(tm) · · Score: 2, Informative

    If you accumulate information about who talks to whom, when, how often, and whether they get replies, you are doing "Traffic Analysis"(http://en.wikipedia.org/wiki/Traffic_ana lysis) and getting valuable intelligence.

    Wiretapping law has distinguished between content and header-like information for a long time. Before Skype, even back before email, people used to communicate using devices called "telephones" which set up point-to-point voice grade audio streams. Police would sometimes record, not the actual audio, but just the addressing information that showed who communicated with whom. The laws about wiretapping made it easier to get permission to record traffic patterns than to record conversations.

  11. No such thing as "Land of the free" by ehiris · · Score: 2, Informative

    We're not even free-ish. The boundaries of control are just closing in on us. People in power always fight against individual freedoms because that's what maintains their influence.

  12. Re:So use encryption! by Threni · · Score: 2, Informative

    > To entend the analogy, and answer your question, the situation for the last 30 years has
    > essentially been that RSA have patented front doors and indeed, non transparent walls.

    Wrong.

    1) They patented a certain type of front door, not all of them - you could buy doors from other companies, or make your own. There's a type of door - a `one time door`, which can't be opened by anyone except for you and people you live with, as long as you follow the instructions cafefully.

    2) You've been able to use RSA's front door for free for years now:

    http://www.rsasecurity.com/press_release.asp?doc_i d=261&id=1034

  13. Re:Oh no! They're treating e-mail like regular mai by Anonymous Coward · · Score: 1, Informative

    You know, regular mail doesn't require a return address iirc.