Slashdot Mirror
Court Upholds Warrantless Internet Snooping
amigoro writes to let us know about an appeals court ruling on Friday that holds that federal agents can snoop on an individual's web surfing, email and all other forms of Internet communication habits without a warrant. The court found recording this kind of information to be analogous to the use of a pen register. In 1979 the Supreme Court ruled that this technique did not constitute a search for Fourth Amendment purposes.
Well, back to rejecting software patent applications.
With a "pen register" all they get is the phone number you called.
That would be analogous to the IP address that you connected to (and maybe the port).
The question is how are they capturing the IP addresses? If they're capturing the packets, that's the same as a wiretap.
Encryption. Learn it. Love it. Live it.
They're saying that those don't apply in this case because they're not tapping wires, they're looking at logs.
They are allowed to look at the sender information on your e-mails and domain of websites you are looking at. The contents of the e-mails and which pages of a website, ie the URL, are still off limits.
If brevity is the soul of wit, then how does one explain Twitter?
...the court said, although the government learns what computer sites someone visited, "it does not find out the contents of the messages or the particular pages on the Web sites the person viewed."The search is no more intrusive than officers' examination of a list of phone numbers or the outside of a mailed package, neither of which requires a warrant, Judge Raymond Fisher said in the 3-0 ruling. I think that his honor missed something here. He seems to be saying that knowing the address of a web page is like knowing the address on an envelope, and in either case the contents is not being snooped upon. In the case of the letter he would be right, for a letter can contain anything ( I could mail a recipe for braised goat's eyes to Bin Laden ).
But a web address often has a 1-to-1 corespondence with its contents. Knowing the address is one simple - and undetectable - step from knowing the contents. They are doing an unconstitutional search here.
Circuit Courts of Appeals only have jurisdiction over cases arising in their proper Circuit. This decision is not applicable anywhere but the Ninth Circuit.
m b/d/df/US_Court_of_Appeals_and_District_Court_map. svg/620px-US_Court_of_Appeals_and_District_Court_m ap.svg.png
http://upload.wikimedia.org/wikipedia/commons/thu
Editors, please.
What the ruling held was that the header information of your email (and web browsing I believe) is subject to exactly the same standards as the information about what phone numbers you dial. Mostly this seems like an appropriate and totally correct extension of offline legal standards to the online world. The only reason that it is more problematic is that an email header includes things like the subject which contains a little bit of the content.
Still all things considered this seems like the correct rule. Subject lines don't contain that much information and if you are concerned you can just use an unrevealing subject. Moreover, we already contemplate the possibility that someone who happens to glance at the recipients screen might notice the title so it really doesn't seem like we have the same expectation of privacy for the title of the message as we do for the body.
Anyway for a better more interesting discussion about this case you can check out Orin Kerr's comments over at the Volokh Conspiracy.
If you liked this thought maybe you would find my blog nice too:
People died for the Freedom that too many of us seem willing to trade away.
If the worst thing that happens to you is some jail time because you refused to reveal your keys, consider yourself ahead of the game.
Fascism begins when the efficiency of the Government becomes more important than the Rights of the People.
This mess developed over time.
All this stems from a distinction in wiretap law that goes back to the dial telephone era. Listening to voice requires a warrant, because that info belongs to the parties of the call only. But information used by the telephone company itself to route the call, like dial digits, can be requested from the telephone company. A "pen register" was classically a little electromechanical gadget that recorded dial pulses as dashes on a paper tape. There was no way to extract voice info with a pen register.
Then came Touch-Tone. Now the switching data was in the voice channel. After some court decisions, it was established that listening to the voice channel and extracting tones was OK, if done with "minimal" access to the voice channel.
Over time, this led to the "pen register" exception being extended to content the telco didn't process, including tones sent during a call to third-party services like voice mail, packet headers, E-mail headers, cellular location data, etc. Then came a "lower standard for stored messages", which included SMS messages and E-mail. Then came bulk interception via CALEA. Then the Patriot Act.
In Canada, the police need a warrant (CanLII link) to get a dialled-number recorder placed on someone's phone (though apparently such a warrant is easier to get than a wire-tapping warrant), so extending this to the Internet wouldn't really be all that scary.
I think Quebec's general unwillingness to trust the federal government probably helps a lot here.
http://outcampaign.org/
Exactly.
Now, there are possible ways to get the IP addresses that you connect to WITHOUT getting any more information than that (and such information is just about useless).
But I don't trust the government to put any effort into protecting MY Freedoms and privacy when it is so much easier for them to abuse such.
There is a huge difference between knowing that I connected to 66.35.250.150 on port 80
and
Knowing that I connected to http://yro.slashdot.org/comments.pl?sid=247095&ci
--
Appeals Court Rules No Privacy Interest in IP Addresses, Email To/From Fields
The Ninth Circuit Court of Appeals ruled Friday in United States vs. Forester that IP addresses and the To/From fields in emails are the legal equivalent of dialed phone numbers and the government can get a court order to obtain them without showing probable cause as would be needed in a search one's house.
The Court extended to the internet a 1979 case known as Smith vs. Maryland, where the Supreme Court found that individuals have no reasonable expectation of privacy in the phone numbers they dial because they transmitted them to the phone company in order to complete the call. However, under Smith, the contents of the calls could not be listened in on without proving probable cause to a judge.
The Ninth Circuit, ruling in an appeal of an Ecstasy-drug ring conviction found that emails' To/From fields and visited IP addresses were the internet's equivalent of phone numbers. For example, the government could get a log that said a person visited to http://66.230.200.100/ (Wikipedia's address). However, the court suggested that knowing full urls are very close to content (e.g. http://en.wikipedia.org/wiki/Ecstasy) and would likely require a higher burden of proof to obtain than mere IP addresses.
From a footnote in the decision:
Surveillance techniques that enable the government to determine not only the IP addresses that a person accesses but also the uniform resource locators (URL) of the pages visited might be more constitutionally problematic. A URL, unlike an IP address, identifies the particular document within a website that a person views and thus reveals much more information about the persons Internet activity. For instance, a surveillance technique that captures IP addresses would show only that a person visited the New York Times' website at http://www.nytimes.com/ whereas a technique that captures URLs would also divulge the particular articles the person viewed.Professor Orin Kerr questions whether the decision is about getting this information from an ISP or whether it was from a device installed on a computer surreptitiously. He suggests the latter should require a higher standard, but I'm not sure why? Perhaps it's because that might require law enforcement to enter a person's house?
-----[0_o]-----
We are not amused.
The laws were written with specific technologies in mind.
For example a wiretap is conceptually, if not legally, tied to telephony. In order to be a wiretap, a communication must have an aural component. Thus intercepting an email being sent over WiFi is not a wiretap, but a VoIP intercept is. Likewise intercepting an email with a voice mail attachment (such as might be generated by a voice mail/email gateway on a system like Asterix) might qualify as a wiretap.
There are provisions for controlling the reading of text messages, but the law is written for a system like the old Telex system, in which the messages are ephemeral,but stored in temporary buffers at various stages of delivery. Thus while intercepting an email in a transfer agent queue is questionable, once it is delivered to your email box at the ISP, it becomes fair game. It is no longer in transit, but stored on a server. In the days of Telex, you'd take your message of the teleprinter, read it, and shred it, knowing that it was gone forever, not recoverable from your mail box or from backup tapes.
The third part of the ECPA laws deals with something called a Pen Register: a device that is attached to an old fashioned phone line to capture the in-band signaling of the phone numbers being called. Even though the privacy concerns for email or web proxy logs are identical, these situations are not covered by the Pen Register Act.
The underlying problem is this: although attempts were made in the laws to make them independent of a specific technology, those efforts failed because US law (unlike EU law) does not recognize a fundamental right to private communication. There are packages of specific rights secured by the Bill of Rights, statutes and common law privacy concerns, but these rights are much less than a true right of private communication. The reason is that you can't have a meaningful right to private communication when that communication is mediated by a third party like an ISP or a telephone company, not unless you have a fundamental right to informational privacy.
Without a right to information privacy, anything that falls into the hands of a third party is fair game. This includes information ISPs or telephone companies store in order to route and deliver a message, up to and including the entire content of the message. ECPA, which consists of the Wiretap Act, the Stored Communications Privacy Act and Pen Register Act, closed these loopholes in its time, but as of today those loopholes are wide open again.
This process will repeat itself forever, no matter how many times we close the loophole, until a fundamental right of informational privacy is recognized. We could do that be adopting into law the EU Data Directive. The reason we don't is that this would hurt US companies which are flourishing by exploiting the America's backwater status when it comes to privacy.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
The constitution isn't divine. I call for a reform.
Be careful what you wish for - the "reform" might not be quite what you wanted, citizen.
Seven puppies were harmed during the making of this post.
Sorry but this is bad news. Suppose you read an article on Fark, some guy gets busted making explosives or smoking salvia or anything crazy like that. You, being the curious type, do a little research and end up on some sites devoted to spreading information the application of which would be illegal. Whether or not you do anything illegal, you make some friends and hang around on their message board or IRC channel where 95% of the talk is off topic anyay.
Now the feds using their tap into the AT&T backbone and their data mining software pull your IP address as going to www.illegal.com repeatedly, and maybe looking at some lab glassware on ebay or whatever. This could amount to probable cause to raid your ass and seriously ruin your day.
Give me Classic Slashdot or give me death!
Here is a little snippet from the Fine ruling..... Surveillance techniques that enable the government to determine not only the IP addresses that a person accesses but also the uniform resource locators (URL) of the pages visited might be more constitutionally problematic. A URL, unlike an IP address, identifies the particular document within a website that a person views and thus reveals much more information about the persons Internet activity. For instance, a surveillance technique that captures IP addresses would show only that a person visited the New York Times' website at http://www.nytimes.com/ whereas a technique that captures URLs would also divulge the particular articles the person viewed. They seem to be saying it's more problematic if this surveillance technique is capable of yielding any useful information. Please explain why the government would even want to use any technique that's not useful ? Well, ok, some hypothetical other government, not the incompetent boobs we are stuck with. But you get my point. Another point to consider, the 9th circuit is the most frequently overturned court in the countryhttp://www.realclearpolitics.com/articles/2 006/11/supreme_court_cleans_up_after.html
If reviewed by the supreme court, it very well might not stand.
Great news comes in strange forms sometimes...
Now we can all begin converting our internal infrastructure to using very strong, protocol-based encryption, end-to-end. Bittorrent for http, secure, anonymous, private networks wrapped around our standard applications and more.
Begin now, if you're not using strong encryption.. you should be. Don't let the government WE put into place, tell you what YOU can do with your own Internet time.
If the government we put into place is not representing your best interests, its time to replace them with one that does.
Lock everything down and keep prying eyes out.
The way I look at it, if you could catch one more "bad guy" a day
Lots.
As opposed to Ben Franklin's:
They'd rather follow Otto Bismark's opinion:
The problem is that it is the Government that chooses what "crime" and what "evidence" will be used to charge a person.
And the Government is composed of people. Sometimes honourable. Many times petty and vindictive if not outright criminals. Which is why our country was founded upon the belief that you cannot trust the Government. That we had to limit the Government's authority and protect the Rights of the People.
It's all about how you view Rights and whether you are with Franklin or Bismark.
The problem is they're all idiots, so when you vote one out, another comes in.
But the logs they are looking at are generated by equipment that taps into the wires. And the contents of the logs are not public knowledge, the contents of the second inner envelope are a private matter between a user and their service provider.
They are much more detailed than a list of phone numbers called. They are much more detailed than the address on an envelope.
The logged URL provides more information than the destination address on the packet.
In fact, even knowing that what was sent was a TCP/IP packet requires much more information than merely the source and destination of a Link Layer Packet.. the rough equivalent to a "Pen Register" for Ethernet is discovering a source and destination MAC Address sent over a certain wire, which is fairly uninteresting -- in fact, there is no precise equivalent to a PEN Register, because the header of the MAC frame is indistinguishable from the data signal, and it is not sent at a different frequency, it is necessary to listen on the actual content to hear the headers.
No PEN register is feasible for Ethernet, _without_ examining the data. If dialing signals were indistinguishable from the conversation on ordinary lines, do you suppose PEN registers would ever be allowed in the first place?
If you use the logic that "It's not wires, it's logs" to say it's not wiretapping, then any voice conversations can potentially be monitored, the only thing that needs to stop them from being considered "wiretapping" is to record the conversation, law enforcement agencies could then partner with major telcos, and arrange for them to "log" random bits and pieces of the PCM data for later review.
Think of a web connection as mailing a friend a letter that contains their address, but inside this outer envelope there is one or more second "inside" envelope that the friend has agreed to mail out. Then the address on these second "inner envelopes" is not public knowledge, and it cannot be easily seen by anyone other than the recipient of the outer envelope.
You can have several nested layers of envelopes -- then only the final recipient knows the real destination address (and that there are not more envelopes to be sent out to other addresses).
The first few envelopes are for your ISP's eyes only.. your ISP is a party to this conversation.
The next envelope (the actual TCP/IP packet contents) is for a destination host's eyes only.
Followed by the HTTP envelope which is for the web server's eyes only.
The contents of the innermost envelope are a private matter between a user and the TCP/IP service the user has connected to.
You can certainly listen in on these conversations if you are not the destination, such as packet sniffing, or by inserting a firewall or switch that digs in deeply and logs things.
But to not consider all these activities "tapping" the wire for the purposes of wiretap law is scary, since it in effect means monitoring can be accomplished on a packet switched network without it being considered wiretapping.
All you have to do is convince an interim provider to log packets as they are forwarding them to another agent. The fact that they only arbitrarily log the URL (which generally provides enough information to re-construct what the user saw), doesn't mean they can't in the future log more.
Chances are good these logs (especially for e-mail) also provide information on the unique message id and content length, which can also be used to discover (or verify) the contents of a message matches a candidate specimen [i.e. can confirm the message received was X].
Re: crypto...
GP: Until they illegalize it.
PP: Anyway - you've got no worries. If the USG tried that, you'd use all those wonderful 2nd-amendment protected firearms to overthrow it? :
Actually, you could make a Second Amendment argument to the court. Is strong crypto still on the ITAR list? If so, it's a "munition" and the Second Amendment guarantees your right to it.
General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.