The Privacy of Email

An Anonymous Coward writes "A U.S. appeals court in Ohio has ruled that e-mail messages stored on Internet servers are protected by the Constitution as are telephone conversations and that a federal law permitting warrantless secret searches of e-mail violates the Fourth Amendment. 'The Stored Communications Act is very important,' former federal prosecutor and counter-terrorism specialist Andrew McCarthy told United Press International. But the future of the law now hangs in the balance."

dupe

[Egdiroh]

first post.

Also looks like a dupe of this story http://yro.slashdot.org/article.pl?sid=07/06/18/19 48241

future of the law now hangs in the balance

[bl8n8r]

I thought this balanced out to "States Secret", or better put, "You get privacy until we decide you don't need it"

http://www.eff.org/legal/cases/att/

Re:future of the law now hangs in the balance

[Opportunist]

That actually opens up a very interesting question: Who says when the State Secret should better not be secrets because they are being used against the state (ya know, that "we, the people" part of it)?

Power needs control, but who controls what is to be kept secret from "the people"?

Re:future of the law now hangs in the balance

[WWGTom]

AT&T moved to dismiss the case, basically arguing that it should be immune from suit because "whatever we did, the government told us to."

The Nazi's did what they were told to do as well, look at what happens to the ones we still find roaming around.

Asinine

[bconway]

There is no more expectation of privacy in a plaintext email than there is in an open-face postcard. If you want privacy, take steps to encrypt it, not unlike putting a letter in a sealed envelope (as it pertains to the law, not ease of circumvention). This will be overturned, and with good reason.

Re:Asinine

[whisper_jeff]

By your arguement, nobody should expect privacy when talking on the phone since they didn't take steps to encrypt their phonecalls so wiretapping should be enirely acceptable. Or if your arguement only applicable to emails?...

Re:Asinine

[$1uck]

There is no more expectation of privacy in a plaintext email than there is in an open-face postcard.

I'm sorry but that is utter nonsense. Maybe not to you, and maybe not to who ever modded your comment up. I don't expect anyone to read my email other than the recipient. That's an expectation. I don't see how anyone who doesn't open my email will be able to read it.
Correct me if I'm wrong, but its not a typical part of an email server to display the contents of all messages passing through it onto a monitor somewhere is it?
No, I'd say its absolutely nothing like sending an open postcard.

If you want privacy, take steps to encrypt it, not unlike putting a letter in a sealed envelope (as it pertains to the law, not ease of circumvention). This will be overturned, and with good reason.

Yeah I don't think this is reasonable either.. thats like saying if you don't want to be searched hide your stuff better. Utter nonsense.

Re:Asinine

[morgan_greywolf]

There is no more expectation of privacy in a plaintext email than there is in an open-face postcard. If you want privacy, take steps to encrypt it, not unlike putting a letter in a sealed envelope (as it pertains to the law, not ease of circumvention). This will be overturned, and with good reason.

Right. Otherwise, this could have unintended consequences for Carnivore and Eschelon. Plaintext e-mail has been determined consistently to not have any reasonable expectation of privacy attached to it, and why should it? Anyone can read it.

IMHO, people need to stop assuming that what they put out on the Internet is private. Because unless it's encrypted, it just ain't! Even if nobody else can read it by default, anything passing through in plaintext can be intercepted by anybody. This is especially important, because there seems to be a lack of education among Internet users, who still persist in sending private or personally-identifiable data (name, address, phone #s, social security #, even credit card #s) via e-mail. Or maybe the government likes it that way -- after all, if everyone encrypted their communications, how useful would Carnivore and Eschelon be?

Re:Asinine

[daeg]

The ruling doesn't say that e-mail is off limits. All the court said was that there is nothing special about e-mail or phone calls. They are still grounds to be seized, but those wanting the information (FBI, prosecutors, etc) must go through due process to obtain them. If they get a warrant they can seize e-mail all they want.

Re:Asinine

[CastrTroy]

Thank you. This is the point nobody seems to be getting. Nobody is saying that emails can't be used as evidence, but that in order for them to be used, the cops must go through the proper procedures. If they don't use proper procedures to obtain the email, then it is inadmissible in court. Same goes for the telephone. Just as it is trivially easy for the cops to tap your phone, they are not allowed to do it unless they go through the proper procedures for obtaining a warrant. Saying that you should just encrypt your email if you want it to stay private is the same as saying you should build a 20 foot concrete wall around your house if you don't want them doing illegal searches of your property.

Re:Asinine

[Threni]

> No, I'd say its absolutely nothing like sending an open postcard.

It's exactly like sending a postcard in that anyone who picks it up (ie whose server forwards it) can read it. It's just text. Servers can and do routinely keep stuff around, whether in the cache, hard drive or ram. And you can bet that the NSA and related parts of the US government and related bodies own the internet via controlling parts of the backbone, in addition to the various satellites, tapped fibre optic cable and deals with the international carriers (western union etc) which have been going on for decades.

Read `body of secrets` by james bamford if you don't believe any of this. Pay special attention to `operation shamrock`. `Operation northwoods` is also eye opening.

And yes, if reading email is found to be illegal, then the law will simply be changed to make it legal.

Re:Asinine

[lupis42]

Maybe, but think about the difference between a postal working reading your postcard, versus faxing a copy to the FBI, or just his buddies, without your knowledge. It's about to what extent the government is allowed to say "You don't expect it to be completely private, therefore it's going into our database". IIRC the Google street view van is facing similar issues abroad. Just because it isn't entirely private, that doesn't make it entirely public.

Re:Asinine

[honkycat]

It's exactly like sending a postcard in that anyone who picks it up (ie whose server forwards it) can read it. It's just text. Servers can and do routinely keep stuff around, whether in the cache, hard drive or ram. The court realized this and ruled that the ISP is a "mere custod[ian]" of the data. In other words, that data is yours and they only possess it to enable the system to work. The government cannot simply take an action because it is technically simple, it is (and should be) required to consider whether each action is ethical (and/or Constitutional). This is a fantastic ruling on that front.

And yes, if reading email is found to be illegal, then the law will simply be changed to make it legal. Ok, I'll be waiting for that Constitutional amendment to go through. Unless this ruling is overturned (which is possible), that's what would be required.

Re:Asinine

[$1uck]

No, you are simply wrong. A carrier (a human being) picking up a post card cannot help but to see the text. He may choose not to read it, but it is visible. An email passing through someone else's router is not going to be seen by human eyes by accident. It will not "flash" across a monitor, it will not be opened and read with out specifically and purposefully being opened.
It's exactly like sending a postcard in that anyone who picks it up (ie whose server forwards it) can read it Thats like saying any postal carrier can open your letter and read it (this too is true) but you don't expect it. They still have to open it unlike a postcard.

Re:Asinine

[dreamchaser]

Actually your analogy is what is asinine. A plaintext email is inside an easy to open envelope, but opening that envelope if you're not the intended recipient should still be against the law just as it is with snail mail.

That being said I agree that people should use encryption. It just makes sense. You however need to get off that high horse you're riding.

Re:Asinine

There is no more expectation of privacy in a plaintext email than there is in an open-face postcard

Riiiiight, because everytime someone sends an email unencrypted, it's shown to the whole wild world.

No, actually, if you're neither the recipient nor the sender, you have to take special steps to get a look at the email even if it's in plaintext. Even the server administrator can't sit there and read all 20000000000 emails a day, no, the administrator has to take steps to get your email if he wants to look at it.

Next thing, you'll be telling me that me steaming open all of your envelopes and reading everything you mail is illegal, it's not like you actually took any steps to prevent me from doing so, right?

Re:Asinine

[quanticle]

By your arguement, nobody should expect privacy when talking on the phone since they didn't take steps to encrypt their phonecalls

Your analogy doesn't fit. When I make a phone call, I'm expecting a point-to-point connection, with no intermediaries to intercept or look at my communication. When I send an e-mail, I know that it will be stored and transferred across many server, and that those servers may have logging software that will store a copy of my e-mail.

However, with packet-switched phone networks replacing traditional circuit switching, that distinction is becoming more blurred.

Re:Asinine

[Opportunist]

Actually it's illegal here for the postal worker to read your postcards. You could write your next terror plan onto the postcard and should the police knock down your door because of it, the postal worker is going to jail, not you (unless there's actually a real plan behind it and they find evidence for that, but let's imagine you just wanted to test how nosey the postal service is...).

Funny? Yes. Kinda awkward (because, well, how should you check whether they read your mail except in such rather dumb ways as outlined above)? Yes. Still, one of the more sensible of the unenforcable laws we got.

Re:Asinine

[honkycat]

Beyond illegal, it's just plain BORING. Can you imagine how sad your life would be if you spiced it up by reading other people's frickin post cards?? I mean, it's hard to imagine being that miserable unless you're a postal wor... oh wait.

In all seriousness, don't suppose you have a link to back up the illegality of reading post cards, do you? I suspect you're right, but would just love to smack all the "but email is just a post card" schmucks with something concrete.

Re:Asinine

[BKX]

And yes, if reading email is found to be illegal, then the law will simply be changed to make it legal. Ok, I'll be waiting for that Constitutional amendment to go through. Unless this ruling is overturned (which is possible), that's what would be required. Exactly. Although, I do expect that the Bush administration will simply continue to ignore the courts for it's own ends.

Re:Asinine

[Akatosh]

An email passing through someone else's router is not going to be seen by human eyes by accident. It will not "flash" across a monitor, it will not be opened and read with out specifically and purposefully being opened. Huh? No? Random stuff bounces into the postmaster box all the time, stupid aolers press 'mark as spam' and bam, a copy of your message in _my_ mailbox, fire up ethereal (wireshark w/e) to diagnose some problem and weeeeeee a zillion email messages fly right by my screen. Mail spool's growing exponentially, lets do some greping and figure out who the culprit is.

So ya, people's private messages do, quite literaly, flash across a sysadmins monitor. I really don't want to see them either, but ya know, that's my job so I deal with your petty lovers spats people forward to abuse, your missaddressed candid porno shots from your cell phone and your business deals sent from mail servers you don't know how to configure. You think your email is private unless someone _wants_ to look at it? LOL ya ok.

Re:Asinine

[Opportunist]

I ain't from the US. Don't know if it's legal for the US postal worker to read postcards. I'll ask my friend (he works there) to lend me their "big book" (with all those dos and don'ts), though I hope it's available in electronic form.

Though... knowing our postal service, I kinda doubt it. If you can't slap a stamp on it, they don't want to deal with it.

Re:Asinine

[honkycat]

A very very very small fraction of emails end up in a postmaster's box. That hardly invalidates the legal expectation of privacy. When an arrest is made on evidence found in a bounced email, post the story to slashdot... Grepping the mail spool? As the article points out, the courts specifically distinguished between sender/date (and possibly subject) meta-data and message content, so that's also irrelevant.

Do your job professionally. Just because you have access to something, doesn't give you any right to snoop. If you happen across clear evidence of illegal activities during the normal course of network maintenance, that's one thing. You'd be within your rights (and perhaps even required) to report that to the authorities. Engaging in a systematic filtering / collection of content is quite another, and that's what we're talking about here. And, specifically, by the government. If you, as a private citizen, decided to log and mine all the emails going through your server, that again would be a very different situation.

Re:Asinine

[$1uck]

I don't see how either of your statements are relative. What the recipient does with received mail/email is not relevant. Of course the sender expects the person to whom the mail was addressed to open it. If the sender doesn't get the address correct they can't expect it to not be opened by the person it is addressed to. If it happened to "bounce" to an admin account, I don't see any reason thee admin would need to read it, but if the contents come up on the screen that is the fault system/software. So yeah I would say most people have a reasonable expectation of privacy in their emails.

Re:Asinine

[dave562]

Thanks for pointing this out. The conversation seems to have gone off onto a tangent about whether or not emails are private. That discussion misses the point of the ruling. The ruling just says that the government has to follow due process and obtain a warrant if they want to USE YOUR EMAILS AGAINST YOU IN COURT.

Personally I'm of the opinion that if you're up to shady stuff that carries any sort of legal liability you shouldn't be leaving a record of it anywhere. But, with the way the law is written, you're allowed to keep a record of what you're up to and also you're allowed to have the expectation that law enforcement will have to jump through some hoops to use your own records against you. I'm pretty sure that the Constitution was written in the way that it was written to give people the belief that they could freely criticize the government and perhaps even plot against it when it stops serving the people. I don't think it was written to protect child pornographers and drug dealers.

Re:Asinine

[thePowerOfGrayskull]

However, with packet-switched phone networks replacing traditional circuit switching, that distinction is becoming more blurred.

It seems to me the analogy is a valid one. Any switching means that there are multiple points where your unencrypted conversation can be intercepted. Even back to the early days of a telephone, where such interception was required via an operator in order to make a connection. You may have expectation of a point-to-point communication, but it's never actually that (obviously excluding the pioneering work).

Re:Asinine

[Lockejaw]

Plaintext e-mail has been determined consistently to not have any reasonable expectation of privacy attached to it, and why should it? Anyone can read it.

The term "reasonable expectation" has nothing to do with how easy it is to read the email. It's about what sorts of actions/accesses are kosher.
A person whose admin password is "password," who never patches his system, who runs all kinds of unneeded services, and has no firewall still has a "reasonable expectation" that nobody will access his system without authorization.
A person who leaves town for a week, doesn't lock the door, and even lets his mail and newspapers pile up (showing that he isn't home) still has a "reasonable expectation" that other people will not enter his house.

Re:Asinine

[KarmaOverDogma]

I agree with you. IMO, the closest analogy to a postcard email would be one where the entire message of email content was in the title bar only.

IMO, the average person has the expectation of privacy with email, so that when Mrs. Wilson sends a love letter by email to her Hubby while he is away, she knows any perverts along the way won't be be reading it without risk/liability for doing so.

Whether this is law or not is another matter, but I believe it is a social norm, in any event. And Laws often follow from them.

McCarthy?

[Red+Flayer]

This is about overturning aspects of the 1986 Stored Communications Act. FTA:

'The Stored Communications Act is very important,' former federal prosecutor and counter-terrorism specialist Andrew McCarthy told United Press International. But the future of the law now hangs in the balance.
[snip]
Some observers warned that the ruling might hamper federal counter-terrorism efforts.
[snip]
'The USA Patriot Act broke down the wall between intelligence and law enforcement. Criminal prosecutors can now share information with the intelligence side of the house,' [McCarthy] said.

But if the ruling stopped prosecutors from gathering information, it could not be passed along. 'If you can`t get it, you can`t share it,' he said.

Is it just me, or would it have been a little smarter for the government to use a mouthpiece with a name other than McCarthy when discussing tactics for terrorist witch-hunts?

Re:McCarthy?

[mulvane]

First thing I thought of when I read this is how we should drop 50 nuclear bombs...I don't know where, when and how, but damn it!!! 50 nuclear bombs need to be dropped somewhere!!

is this actually useful?

[iHasaFlavour]

I have a few doubts. There are billions of emails flying about constantly. Anyone who beleives they can be effectivelly monitored has to be kidding themselves, so how useful is a law that says you can't do this?

Besides, if you are convicted, or suspected of crime, they can always obtain legal access to your mails, regardless, just as they could anything else you owned.

Perhaps I haven't had time to grow a sufficiently impressive tin foil hat, but I am given to think the whole idea is just plain silly.

You might as well pass laws that say you aren't allowed to follow the movement of a grain of silt in the Amazon.

Re:is this actually useful?

[lupis42]

It's not a matter of tracking everything. Even if they only track "suspected dissidents," who will doubtless be selected by procedures as effective and precise as those that get people on to no fly lists, it's still a massive invasion of the privacy of the people who get tracked.

Re:is this actually useful?

[Daneboy]

I think you misunderstand. The law says that you CAN do this -- and the court has now struck down the law, saying that a warrant is needed before your email can be searched, just like any other kind of mail search or wiretap. This is a Good Thing, even if the original law was stupid to begin with.

Re:is this actually useful?

[TheNicestGuy]

There are billions of emails flying about constantly. Anyone who beleives they can be effectivelly monitored has to be kidding themselves, so how useful is a law that says you can't do this?

You've got an awfully low opinion of information technology. Emails don't "fly about", they pass in an orderly, organized, somewhat predictable fashion through multiple servers. Along the way they are almost always written to at least medium-term storage (meaning something less volatile than RAM, although not necessarily archived for posterity) on each machine they pass through, and to longer-term (possibly much longer; see Gmail) storage in the final receiving mailbox. Even if none of the intermediate servers held on to the message for more than the few seconds or minutes it took to work through the queue, and even if you delete the message from your mailbox as soon as you read it, there's still a chance that it made it onto some archived backup that your mail host made. And even if none of that happens, you're almost guaranteed to have it at least mentioned in long-held logs on most of those servers. The software to pull any message of interest out of all that information has been part of every mail admin's toolkit since email was invented.

Who needs to monitor anything in real-time when such good records are kept? I, for one, am terribly glad that you now need a warrant or subpoena to get those records into court, just like any other personal records.

Re:is this actually useful?

[Zigurd]

Don't get a false sense of security thinking that "billions" or even "trillions" of emails would make it difficult to keyword-scan them all.

If your ISP has a good spam filter, they are performing non-trivial processing of every email bound for their mail servers. There is no insurmountable scaling problem for drift-net monitoring of e-mail, SMS, and other text message traffic.

Re:is this actually useful?

[lupis42]

So... if hundreds of thousands of concerned citizens started to uses sigs like "Obliterate the infidel" or "Assassinate the president"... what exactly would happen? I'm merely curious here, as to just how sophisticated these systems are.

Re:is this actually useful?

[element-o.p.]

Yes, there is indeed a deluge of e-mail flying across the net, but there are also a number of tools that can be used to reduce the amount of work needed to process all that data. For example, I remember reading about software a little while back that could be used to correlate seemingly unrelated pieces of information (sorry, I don't remember where I read about it or what it was called, or I'd post a link). Couple this with keyword searches or meta-data from the e-mails (sender, recipient, date/time stamps, etc.) or with other intel sources and now you have the ability to flag "suspicious" e-mails. To this, add the ability to build massive hard drive arrays and extremely fast multi-processing computers, and it becomes possible to store and search through gobs of data. Correct me if I'm wrong, but I think the consensus was that this is exactly the type of processing that the NSA wiretapping nonsense was supposed to be doing.

In short, I think that yes, this information could be mined, and that yes, this is exactly the type of thing that Americans should be very, very worried about. The Constitution was written in such a way as to prevent this kind of abuse for a reason.

Re:is this actually useful?

[myrdos2]

You do it with a Spam filter. But instead of checking for spam, it checks for signs of terrorism and criminal intent. You can even train it in exactly the same way. That way, only a tiny fraction of emails get read by actual FBI agents.

Re:is this actually useful?

[sgt_doom]

Sorry, iHasaFlavour, hate to be the one to break this to you, but with regard to the USA (not sure about the other countries) all one needs is SilentRunner (or another high-end sniffer) attached to each IXP (which occurred at all the North American IXPs in 1996) and ALL the e-mails are being monitored....

'Nuff said.....

Woot

[lupis42]

I do like the "Where the third party is not expected to access the e-mails in the normal course of business ... the party (sending them) maintains a reasonable expectation of privacy." bit. We need more decisions like this, if we want to remain an even somewhat free society.

Andrew McCarthy

[otacon]

Wasn't he in Weekend at Bernie's?

prosecutors|police vs mere mortals

[misanthrope101]

Yes, I can see why a prosecutor would consider the ability to read people's email without warrants, oversight, or checks/balances "very important." It makes sense that he doesn't want to have to go before a third party and demonstrate probable cause, otherwise he can't go fishing for information, target people he doesn't like for political|religious reasons, etc.

Despite the torrent of "email isn't private, and only stupid people think it is" posts that will follow, if a monkey at the local ISP took sensitive customer emails (to each other, not to the company) that he had plucked from their servers and posted them to a blog or whatever, there would be an outcry, criminal investigation, lawsuit, and (fake) apologies. If the prosecutor's own dirty emails to his wife|mistress|whatever were publicized, the prosecutor would suddenly discover that a crime had been committed.

When it comes to private parties, either communication is private, or it isn't. If it isn't, then Joe Schmoe who works at AOL or the local ISP can read customers' emails at random and post the amusing bits to a public forum. Anything Joe Schmoe can't legally do, his brother Officer Jim needs a warrant to do. If Officer Jim doesn't need a warrant to do it, that means Joe the private citizen can do it with impunity.

What we're saying is, "you have an expectation of privacy in your private affairs, unless it's a police eyeball/eardrum, and in those cases you have no expectation of privacy because your action was public and they don't need a warrant." Bullshit. Anything the police don't need a warrant for is something every single private citizen should be able to do with impunity. Anything we don't want the public doing (privacy-wise) is something the police should need a warrant to do. Otherwise you're giving police and prosecutors the power to arbitrarily target anytone they want, without any oversight at all. This isn't complicated, people. I can understand why they would ask for it, but not why we would be so stupid as to give it to them.

Re:prosecutors|police vs mere mortals

[Attila+Dimedici]

I think you defined a good rule of thumb on privacy: "Anything the police don't need a warrant for is something every single private citizen should be able to do with impunity." Now there may be some exceptions, but they need to be carefully srutinized.

Re:prosecutors|police vs mere mortals

[CensorshipDonkey]

Everyone who's posting here should be forced to read parent first. Beautiful post.

Re:prosecutors|police vs mere mortals

[inviolet]

:golf clap:

Well said. You just added a compelling new idea into my standard repertoire.

Re:prosecutors|police vs mere mortals

[dave562]

Despite the fact that I completely disagreed with your definition of what makes someone stupid, I completely agree with what you've said here.

Re:prosecutors|police vs mere mortals

[swillden]

if a monkey at the local ISP took sensitive customer emails (to each other, not to the company) that he had plucked from their servers and posted them to a blog or whatever, there would be an outcry, criminal investigation, lawsuit, and (fake) apologies.

Would there? What is the crime? The guy would probably get canned for pissing off a bunch of customers, and the ISP would apologize, and maybe the ISP could sue him for some breach of his employment contract, but I don't think there are any criminal statutes that would apply, and I don't see any grounds for suing the ISP.

Keep in mind that the fourth amendment restrictions on unlawful search and seizure apply only to the government. If I search your house or tap your phones, you can have me prosecuted for trespassing, but we don't have any real privacy laws that apply to either individuals or corporations.

I agree that law enforcement officials should have to have a warrant or a subpeona (depending on the situation) before they can get the emails from my ISP, but I also think that you're not too bright if you put sensitive information in unencrypted e-mails. You should have some expectation of privacy, but there's really no legal mechanism to enforce it, except perhaps from the government.

What we're saying is, "you have an expectation of privacy in your private affairs, unless it's a police eyeball/eardrum, and in those cases you have no expectation of privacy because your action was public and they don't need a warrant."

I think it's actually the reverse. You can have an expectation of privacy if the police are the ones looking, but your only expectation of privacy from your ISP is whatever they choose to put in their privacy policy, and in most cases that policy probably isn't really binding on them.

May be hope yet.

[bryan1945]

Seems like some judges are starting to understand this whole "electronic medium" stuff.

I wonder if their (grand)kids play WoW?

yeah?

[weighn]

There is no more expectation of privacy in a plaintext email than there is in an open-face postcard. If you want privacy, take steps to encrypt it you could always sign into gmail using ssl - gmail doesn't display your ip when sending, so only google has a co... oh, hang on...

people are so stupid

[misanthrope101]

Your speech isn't encrypted either, but if I bug your house it's considered a violation of your privacy. I don't even have to enter your house for that--the laser microphone will let me listen/record from the sidewalk. Since your sound waves are traveling outside your home, you must not have an expectation of privacy.

Letters in the mail? Sealed with glue. Glue. Wow. You must not have much expectation of privacy there, otherwise you would've used a more robust method of ensuring your privacy. Even your phone calls are unencryped, sent as electrical impulses over wires and cables. Is it okay to listen to and record cellphone conversations, because they are transmitted through the air? If not, why not? If people wanted security, they wouldn't have transmitted those radio waves all over the place. People are so stupid.

It's true that we have laws against most (or all) of this type of surveillance. But it's just to protect the stupid people. I think that anytime it's possible to intercept your message, everyone should be able to do so, no warrant or probable cause needed, and use it in any way they want. That's the only way people will stop being so stupid that they think they have an expectation of privacy.

Re:people are so stupid

[Strawser]

Your speech isn't encrypted either,

Depends on how much I've had to drink . . .

Re:people are so stupid

[dave562]

But it's just to protect the stupid people. I think that anytime it's possible to intercept your message, everyone should be able to do so, no warrant or probable cause needed, and use it in any way they want. That's the only way people will stop being so stupid that they think they have an expectation of privacy.

Your post got modded Insightful but it should be modded Sad. What kind of society are we living in where you have to assume that everyone else is out to screw you and if you don't you're "stupid"? I'm all for encryption and discretion and all of that. I'm also all for having the right to beat your ass for sticking your nose into my business. There are some societal understandings that we all agree to in order to have well, order. You don't listen into what your neighbors are doing because you don't want them doing the same thing to you. How is having an expectation of privacy any more "stupid" than having an expectation of safety? Are you stupid for thinking that I'm not going to beat your ass if you spout off some random crap? Of course not... there are laws there to punish me if I cause you bodily harm. There are also laws to punish you for listening into my conversations. Those laws lead to expectations. I don't think those expectations are necessarily stupid, especially when they're founded upon Constitutionally protected rights (the 4th amendment in this case).

Re:people are so stupid

[misanthrope101]

Well, I was being ironic, but ultimately I think it's about veneration of power. People get fed up with red tape and complication and dream of just having the power to "get stuff done." Law enforcement/military ops superficially seem to be areas where stuff most urgently needs to get done, so seem to be prime candidates for cutting the red tape and administrative overhead, including oversight. It's not for nothing that people love action movies of burly men just mowing through the bad guys, namby-pamby due process "rights" be damned. It's a power fantasy. I don't think we're a particularly healthy country, mentally speaking. Not to say that others are wonderful by comparison, but this one is mine, so the problems are more relevant to me than those of Lichtenstein.

Re:Does it matter?

[weighn]

'The Stored Communications Act is very important,' former federal prosecutor and counter-terrorism specialist Andrew McCarthy told United Press International. But the future of the law now hangs in the balance. [snip] Some observers warned that the ruling might hamper federal counter-terrorism efforts. Oh no, they've amused some Slashdotters. That's about it, honestly, your average American doesn't know who Joe McCarthy was and has no notion of the reign of terror his inquisition brought about. and here I was thinking that was an actual McCarthy quote until the quote came to the PatriotAct. but then, my only knowledge of McCarthy era us politics comes from the Dead Kennedys.

the cost of freedom

[SuperBanana]

I thought this balanced out to "States Secret", or better put, "You get privacy until we decide you don't need it"

"Those who give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety."

The cost of freedom is the risk you take that someone will use that freedom to harm you. The payback is that you and your family live your lives free.

Re:the cost of freedom

[lupis42]

And it's high time we remembered that. I for one would rather see, or even be killed in, another 9/11 than see us continue as we have. We Americans have become far too cowardly when it comes to defending our own freedoms lately, particularly against our own government.

Re:the cost of freedom

[RealityProphet]

So, Iraqis should be ecstatic, right?

Re:the cost of freedom

[BVis]

I was going to mod you up but I decided to comment instead. I wish more people got that. While I don't think that we're at the torches-and-pitchforks, ruby-ridge-bunker stage, I can see how people would get there from here.

We're operating under the specious principle that if we restrict freedoms in the name of preventing terrorism, we will be safer. Not even a LITTLE. All this does is cause inconvenience and infringe on the civil rights that our founding fathers found so essential to the existence of our country. I took a vacation last week that took me out of the USA, and even I, not being a trained "terrorist", figured out about a dozen ways that I could have gotten a weapon/explosive on the plane. It's not helping at all. Suicide bombers are happy to be martyrs for a cause they believe in; shouldn't we be ready to do the same if we REALLY want to fight fire with fire?

Oh, wait, dying for your country is only for the poor. What was I thinking?

MOD PARENT UP, other people.

Re:the cost of freedom

[Alpha830RulZ]

On the question of airline security, I encourage you all to perform the same little experiment I do. I will often leave a golf ball mark repair tool in my pocket while going through security. This is a piece of soft steel, about 3 inches long, 1/2 inch wide, and about 1/16 inch thick, with prongs on it. In other words, it has more metal in it than a box cutter.

In my travels, this tool has -never- been detected by the metal detectors. I've run this experiment about 6 times now, through SFO, LAX, DFW and O'hare.

The laptops that flood onto planes have plenty of nooks and crannies in which blades could be secreted. A blade fits in the crevice between my battery and the wall of the case. Since this is vertical when it goes through the Xray, I have no doubt that it would pass.

The much vaunted liquid explosives that are causing us to fear sippy cups are a non-starter. Google the reaction, it starts with instructions on the order of "collect 5 gallons of ice. Mix reagents carefully, and stir for 45 minutes. " I think I can determine a more robust security procedure than forbidding water bottles.

When do we take our country back from the idiots?

Re:the cost of freedom

When do we take our country back from the idiots?

When people like you run for political offices.

I am sure you won't. I won't either. Why? Because we would hate the job.

Be that as it may, simply voting and funding the ACLU won't cut it. So long as the lawmakers are people who represent the interests of the wealthy aristocracy rather than the general public, this sort of idiocy will continue.

Re:the cost of freedom

[jrister]

James Madison had it right 200 years ago:

"If tyranny and oppression come to this land, it will be in the guise of fighting a foreign enemy. Of all the enemies to public liberty, war is perhaps the most to be dreaded because it comprises and develops the germ of every other. War is the parent of armies; from these proceed debts and taxes; and armies, and debts, and taxes are the known instruments for bringing the many under the domination of the few. The loss of liberty at home is to be charged to the provisions against danger, real or imagined, from abroad."

This continuous fearmongering by our government is being used to subdue our people. This mindset of "If you dont submit to this injustice or that that the terrorists win" is ruining our country. Unfortunately, by and large, the citizens of our country are too uneducated or apathetic to see it and do something about it. This constant BS about "If you are doing nothing wrong, you have nothing to hide...", people/media/govt insinuates that because people value their freedom and privacy, there must be something wrong with them, or they are terrorist agents. Thats not the case. The founding fathers didnt place caveats on the Constitution, because it was this sort of thing they were trying to get away from when they left England.

The thing that makes me so sick about this is that I remember clearly Bush saying on 9/11 that we wont let these terrorists change our way of life. But that was a bald faced lie. Because he and the rest of the government set to work to do just that. That being the case, the terrorists have already won. They have fundamentally changed the American way of life, for the worst.

If we are to win the "War on Terror" the first step is to restore Freedom and the Constitution. Then we can deal with everything else.

Re:the cost of freedom

[boater+rich]

I invite you to try this in the UK... if you like a firm frisking. Here in the UK the gate detectors are pinging on your watch strap... let alone golf tools. And just like the US, our border officials leave their sense of humour at home. Rich

Re:the cost of freedom

[BVis]

If we are to win the "War on Terror" the first step is to restore Freedom and the Constitution. Then we can deal with everything else.

Why do you hate Amer.. oh, wait. Nevermind.

The real litmus test will be in 2008, if/when the Democrats win the presidential election and martial law gets declared for the good of the country. (I seriously don't put it past this bunch of losers. Tinfoil hat? Maybe. Plausible? That's the problem, it is.) One only hopes that the military sees that for what it is, an unconstitutional attempt to hold on to power in the name of "national security." If it happens, that is.

*waves to the Echelon operator*

Re:the cost of freedom

[AaronBenage]

Why is this guy getting modded down? He is exactly right.

Re:the cost of freedom

[Kadin2048]

I invite you to try this in the UK... if you like a firm frisking. Here in the UK the gate detectors are pinging on your watch strap... let alone golf tools. And just like the US, our border officials leave their sense of humour at home. Rich

They make hard plastic and fiberglass knives now, too. Not sure what the metal detectors are supposed to do about them.

Sure, they're not as sturdy as metal knives -- I wouldn't want to use one as a pocketknife, because it would get dull -- but you can make a hell of a single- or few-use stiletto out of one.

The crap at the airports is just security theater. They go around confiscating people's pen-knives and soda cups, because for some strange reason people feel safer when their pen-knives and soda cups are confiscated. The real terrorists have lots of ways of getting instruments of mayhem through, if they want to.

If we wanted real airline security, we'd stop putting all our faith in expensive gadgets and employ more (and pay substantially more, so we can stop getting idiots) human beings, so that every single passenger gets an interview before they get on the plane. People are substantially better at detecting the intentions of other people than machines are, based on many more possible factors. The Israelis have had lots of luck with approaches like this, but the fact is in the West, we really don't want security, we want the appearance of, and feeling of, security.

Re:the cost of freedom

[Toonol]

if/when the Democrats win the presidential election and martial law gets declared for the good of the country. ...[snip]... Tinfoil hat? Maybe. Plausible? That's the problem, it is.

It's not plausible, but spouting insanity this way does tend to make it more likely that the Democrats will lose. It's a good part of what lost the last election for Kerry.

Re:the cost of freedom

[encoderer]

I don't think Echelon is in use any more. No, that's not a good thing. IIRC, the new system is far more powerful.

And I'm curious why you think a Democratic president would declare martial law.. every one of the problem we're talking about have been created by the current Repuglican administration.

Re:the cost of freedom

[BVis]

It's not plausible, but spouting insanity this way does tend to make it more likely that the Democrats will lose.

And it's different from the insanity we've seen for the last 7 years how, exactly? I'll take my chances.

Re:the cost of freedom

[kbielefe]

If tyranny and oppression come to this land, it will be in the guise of fighting a foreign enemy.

Foreign enemy? Not only was this law passed in 1986 when Americans couldn't care less about terrorism, this particular case was a fraud investigation of the Enzyte natural male enhancement "smiling Bob" people.

Also, you are using Madison's quote to try to prove its converse. President Madison certainly didn't believe that fighting a foreign enemy always leads to tyranny and oppression.

Not only that, the mere existence of this ruling shows that if tyranny was allowed to creep in through this law, it was not allowed to persist.

Re:the cost of freedom

[JazzLad]

Perhaps I misread the GP, I read it to be that the current administration would be the one declareing martial law, post-election, pre-handover. As you say, they are the ones who have created the vast majority of the current problems - what's one more?

Re:the cost of freedom

[BVis]

And I'm curious why you think a Democratic president would declare martial law.. every one of the problem we're talking about have been created by the current Repuglican administration.

I think you misunderstood me. What I meant was, once it had been official that a Democrat had been elected, THEN the current lame duck administration would declare martial law "for the good of the country".

Re:the cost of freedom

[encoderer]

Aahhh!

Well, naturally ;)

After all... in a post september 11th world.....

Re:the cost of freedom

[Altus]

Bush saying on 9/11 that we wont let these terrorists change our way of life.
but he was right, the terrorists didn't change his way of life or that of his cronies. Its just a matter of who, exactly he meant when he said "our" way of life.

Re:the cost of freedom

[my+$anity++0]

"Give me liberty or give me death!"
~Patrick Henry

Re:the cost of freedom

[jeremyp]

I hope nobody on the security staff of SFO is reading this because otherwise the next time you use this trick there will probably be rubber gloves, a security guard with large hands and cavities involved.

Or perhaps it's not you doing this but somebody you work with that you dislike intensely.

Re:the cost of freedom

[Brad+Eleven]

Close, but no cookie. When people like him run for political office, they'll be handily defeated by the fundraisers who dominate American politics. It costs big bucks to get elected, and along the way, it's de rigeur to include lurid and sensational content like you see in the Mainstream Media.

As Borat called it--erroneously and accurately--this is a War of Terror.

Re:the cost of freedom

[stenn]

Complaining about the problem without suggesting a solution, is just whining.

If you believe you could devise a better plan... then detail it. I am sure all of /. will peer review your efforts. A working, 'open source' solution would also be useful the world over.

Keep in mind, your goal would be to stop terrorists from achieving a 'victory'.. however you define it. Airlines, ships, trains, cars, WMDs, etc...

Bothers me when people complain about a solution while never detailing a fully thought out alternative. If you truly don't like it, and come up with a better one, the current model will get replaced. THAT is how you improve the situation.

Re:the cost of freedom

[sgt_doom]

On the question of airline security, I encourage you all to perform the same little experiment I do.

On the question of airline security, I encourage you to both realize and research that reality the Kroll (it might be Blackwater by this time) does the background checks on the TSA personnel and four of the TSA personnel were recently convicted and jailed (at the Sea-Tac International Airport, Seattle-Tacoma, Washington, USA --- for pilferage of luggage). With this type of situation - security really doesn't matter.....

If you think airport security actually had anything to do with 9/11/01 - you truly are hopelessly clueless....Holy Mother of God, how can anyone be so completely lacking in any form of critical thinking skills???? Just how many connections does there have to be between the Bushies and the bin Ladens before you actually catch a clue, dood????

Allow me to explain the game plan to you:

It's all about absolute privatization (really piratization) leading to absolute ownership! [I apologize for my strident tone, but the hour is late....]

Re:the cost of freedom

[Jeff+Molby]

If we wanted real airline security, we'd stop putting all our faith in expensive gadgets and employ more (and pay substantially more, so we can stop getting idiots) human beings, so that every single passenger gets an interview before they get on the plane.

Riiiiight. More intrusion and an extremely subjective analysis. That's the ticket. I have a better idea. - Change the "No Fly" list to an "Extra Attention" list. - Go back to a reasonable screening process. It should be capable of screening out the likely force multipliers, but it doesn't necessarily have to catch the boxcutters. - Train and equip the air marshalls so they can handle the limited types of weapons that could get through screening - Put at least one air marshall on X% of flights where X is >= 50% - If someone on the "Extra Attention" list boards a flight, put at least two marshalls on the flight. Voila. Highly effective, unintrusive security. Cheap? No, but it's not like we've been pinching pennies anyways. It's a small price to pay to be safe and free.

Re:the cost of freedom

[shellbeach]

They make hard plastic and fiberglass knives now, too. Not sure what the metal detectors are supposed to do about them. That's all well and good, but where can I find the true terrorist's weapon of choice - the fibreglass nail-clipper?

Re:the cost of freedom

[Reziac]

You can make a quite durable and sharp blade from a long piece of bone. You can make an effective stabbing weapon from a sharpened piece of wood. And you can make a nasty cutting weapon from wood with broken glass embedded in it.

For that matter, someone could club you to death with their cane, or poke your eye out with their high heel. And what are they going to do about a boxer's fists -- cut off his hands??!

As you say, security theatre abounds, and makes us no safer. A few well-armed ordinary passengers, OTOH, would make all the difference in the world.

How does this affect Ryan McFadyen?

[vrmlguy]

To refresh your memory, think back to the 2006 Duke University lacrosse case. Sophomore Ryan McFadyen, a member of the team and an attendee of the party, sent an email that parodied a bit from the book American Psycho, which is (or at least was) required reading in one of Duke's English Lit classes. The police got their hands on the email and threatened to release it to the press if he didn't admit to witnessing the alledged rape. To his credit, McFayden refused; he was subseqently villified by the press and suspended by the university.

It seems to me that this ruling means that McFadyen now has an excellent chance to pursueing a case against the prosecuter's office.

It is like a postcard...

[Ericular]

In many ways, a plaintext e-mail is exactly like a postcard.

When I send a postcard, I have good faith that nobody along the way (mail carrier, other postal worker, OCR systems) will read what I have written. However, if someone or something handling my postcard along its journey really wanted to read the contents, to do so would be relatively easy.

It's the same case with a plaintext e-mail. I have good faith that no system administrators or automated monitoring systems will read my plaintext e-mail along its journey, but if someone really wanted to read the contents, to do so would be relatively easy.

Preventing this requires encryption for e-mail, and for tangible mail either a sealed letter (not much of a roadblock for the determined), or by actually encrypting the text I write on the postcard.

So yeah, there are some similiarities in my mind.

Re:It is like a postcard...

[timeOday]

if someone really wanted to read the contents, to do so would be relatively easy.

What does that have to do with anything? If I wanted to walk up from behind and hit somebody over the head with a brick there's nothing to stop me, so why should it be illegal?

This is great and all...

[Jaysu]

But after seeing articles like this, where the FBI already oversteps legal boundaries pertaining to email, I wonder if this will change anything at a government level?

Re:Protected by the Constitution?

[Y2KDragon]

Our Founding Fathers (and Mothers too), IMO, did not intend for the protections under the Constitution to be limited to "a select few". The words "ALL MEN" appear in this document for a reason. Therefore, not only should it apply to US Citizens, those here with Green Cards, foreign visitors, and even those here illegally, but it has to apply to everyone worldwide. Either they apply to everyone, or they apply to no one.

Exemptions

[phorm]

Except if they're investigating mail issues, fixing user accounts, etc. Some of this can be done with permission, which actually checking into the user account should. I've had to login to clients' email accounts myself in order to verify whether a problem is on the server (misconfiguration), the client (misconfiguration, connection issues, etc), or the user (wrong password, etc). Of course, sometimes it's just a telnet to port 110/25 in order to receive/send a test email, so I never see actual messages, but at times it can involve locally popping into the user's webmail or imap account to check that things work as expected.

Now when it comes to actual server issues, let's say you have consistently large emails bogging down the system. Or a new variety of SPAM, etc. At some point you might legitimately have a strong need to investigate what it is that's causing the holdup, and/or filter it appropriately (you do want to block large spams, you don't necessarily want to block normal emails with large attachments, etc).

Actually, the postal model works quite well. While the gov't can't just decide to rifle through your mail, I believe there are procedures for postal services to inspected and/or open-to-inspect suspicious mail. The only problem with this in the e-world is that the volume of email in a minute amount of time might be much greater than snail-mail, which if there is a "permission" process could become a bottleneck.

I wouldn't want the government reading all my emails. I might be OK if the ISP potentially ran across some of them in the scenario of a real issue... provided they weren't targeting anyone specific or for the purpose of reading emails. I've used a traffic sniffer at work to identify bad packets or virus-caused flooding, and seen all sorts of interesting goodies at the same time (why would ANY website submit a login via plan http instead of https??)

Re:Exemptions

[Kadin2048]

Actually, the postal model works quite well. While the gov't can't just decide to rifle through your mail, I believe there are procedures for postal services to inspected and/or open-to-inspect suspicious mail. The only problem with this in the e-world is that the volume of email in a minute amount of time might be much greater than snail-mail, which if there is a "permission" process could become a bottleneck.

It's called a warrant [1]. Antiquated concept in this day and age, but it's worked fairly well for a long time. I've never been completely convinced by the "internet exceptionalism" arguments, i.e. that because now things are on computers, we need to toss out all the rules and just start everything over, build up an entirely new legal framework. That, quite simply, is crap. If it's taking too long for the police to get warrants, than we need to look at the warrant-issuance process, and make it faster, not eliminate the requirement altogether. There's good reasons for having a quasi-disinterested person (a judge) in the loop when Authority Figures are rifling through citizens' stuff, and that doesn't change because it's electronic rather than paper.

[1] There are other court orders that can have the same effect, too, probably varying with jurisdiction.

Re:Exemptions

[flonker]

You are opening an email to check if your new spam filter is working properly. This requires a search warrant. Do you have a warrant?
[Yes] [No]

repeat 100 times.

Other concerns?

[Etgen]

Shouldn't Ohio be more worried about the personal information of over 200,000 taxpayers that it has leaked instead of keeping email secure?

Wasn't this already shown

[The_mad_linguist]

in the Steve Jackson Games case?

My journal extry 6/18

[arbitraryaardvark]

Here's how I submitted the story a few days ago:

At Volokh, Professor Orin Kerr notes a 6th circuit decision (pdf) about whether the 4th Amendment's expectation of privacy applied to Yahoo emails. Yes. Wired has more. EFF's friend of the court brief may have helped.
--
Meanwhile Dr. Kerr has more on the case, here.

interesting timing

[punterjoe]

Is it just coincidence that the 'sanctity of email privacy' precedent is being established at the same time there's growing attention to the practice of certain parties in the executive branch of the us gvt using non government mailservers (like partisan RNC email systems) to possibly sidestep public record retention laws?

Re:interesting timing

[sgt_doom]

Personally I don't believe everyone (that is the Pentagon) deserves e-mail privacy. Someone has to check and see what those Office of Special Plans' doods are screwing off on.....

I am going to promote something

[roman_mir]

LeetKey FF extension. Use it to keep your email privacy. Before sending a message, select it, right click on it, select 'LeetKey, Text Encryptors, AES Encrypt' menu option and type in a password. Tell the other party to use AES Decrypt and tell them the password for this email.

Re:Darwin wins

[lupis42]

I hope so.

You're special

[ninjafirepants]

Most of the public doesn't know how an email goes from me to you. They don't get it, and it'd be hell to try to explain it to them.

Note the difference between ease of interception and expectation of non-interception. I can send you a letter in the mail, but all it takes is someone with a finger (maybe two) to open the letter, and we no longer have that privacy. However, we still regard snail-mail as having an expectation of privacy. Hell, you can even encrypt an email and someone can intercept it and break the encryption, but we still have the same expectation of privacy. When it comes to email, most people don't know anything about TCP/IP or how the internet works.

Whether or not they encrypt their email, or obfuscate messages or just leave it as plaintext, they expect that their email will make it to its destination in its entirety without anyone looking at it. Simple? Naive? Yes, but it's a reasonable assumption for a person with limited-to-no technological knowledge to make. And those are the people that the law is trying to protect.

I draw a parallel to phone conversations. In most states, phone conversations recorded without the knowledge of both parties are inadmissible in court. That's why customer support tells you up front. We, as phone users, know the technology is available to intercept phone calls, and that it could be used to record our phone conversations, but we have an expectation that we're just talking to someone without being recorded unless they tell us otherwise. We can dig through our TOS for any email account we have, and unless we see that our emails are being logged and stored, we expect them not to be. It's easy to do, but we just expect them not to do it.

Now, forget the technical specifications of this, why shouldn't a warrant be issued for something like this? That's the crux of the case. Why should a law enforcement officer be able to go through your stuff without your knowledge or consent if no warrant has been issued? I'm sick and tired of the government taking away my liberties for law enforcement or national security. Why am I not running for office? Because the American people are sheep; I'd be painted as weak on national security and lose in a landslide. So instead, I'm treating the government like a corporation, which it essentially is, and fighting with my wallet. I'm moving the hell out of here to a country which respects my rights and liberties.

But before I do, I'm voting for Ron Paul. I'm not a fan of the Republicans, but this guy is a libertarian at heart and thinks the federal government is overstepping its bounds on just about everything it does. Give him a shot.

the cost of freedom - or maybe just the followup

[sgt_doom]

I for one would rather see, or even be killed in, another 9/11...

I, for one, would rather there be a criminal investigation of 9/11/01 - than to die in the next one.

The trouble with the "Greatest Generation" (to use that draft-dodging newsy, what's-his-face's tired, lame description) was their inability to have a full-scale criminal investigation of President Kennedy's assassination - had that actually occurred - there probably would never have been a 9/11/01 to ever take place (and the Bush family would have either been eradicated or completely run out of the country)...

Re:Protected by the Constitution?

[sgt_doom]

And on the e-mail privacy topic, it appears someone may be subtley telling the Pentagon cretins, "You screw with us, and we'll screw with you."

No, they shouldn't

[Kittenman]

Get low-tech here. Phone calls aren't private - not because they can be wire-tapped, but because they can be overheard. From where I sit (in my cubicle) I can overhear two or three phone calls going on.

When I want to talk privately, I could grab an empty office - or more reliably, talk in code. As in "Any chance of being on the team tonight, love?"

Re:Protected by the Constitution?

[Kittenman]

Depends on definition. I mean, really. In the 18th century "all men" didn't include women, slaves, most immigrant groups, Native Americans, etc etc.

Noble words though - just remember that they don't mean what they say.

Re:Protected by the Constitution?

[Krojack]

Toll for giving my opinion? wow.. Seems someone wants to silence me like the select few that want to silence Talk Radio through means like the Fairness Doctrine.