Slashdot Mirror
US Wants Courts to OK Warrantless Email Snooping
Erris writes "The Register is reporting that the US government is seeking unprecedented access to private communications between citizens. 'On October 8, 2007, the United States Court of Appeals for the Sixth Circuit in Cincinnati granted the government's request for a full-panel hearing in United States v. Warshak case centering on the right of privacy for stored electronic communications. ... the position that the United States government is taking if accepted, may mean that the government can read anybody's email at any time without a warrant. The most distressing argument the government makes in the Warshak case is that the government need not follow the Fourth Amendment in reading emails sent by or through most commercial ISPs. The terms of service (TOS) of many ISPs permit those ISPs to monitor user activities to prevent fraud, enforce the TOS, or protect the ISP or others, or to comply with legal process. If you use an ISP and the ISP may monitor what you do, then you have waived any and all constitutional privacy rights in any communications or other use of the ISP.'"
Perhaps you and the GP should read TFA and become aware of some of the issues here.
Oh, and for the "it's the Register, pooh pooh" crowd, the original FA was frist psoted on Security Focus.
No folly is more costly than the folly of intolerant idealism. - Winston Churchill
Unprecedented in the US, yes. Just about anywhere else, no. China, morocco, iran, Russia and the Netherlands are all 4 running much worse programs. (like constant monitoring for keywords for example).
And we're not even going to "really" oppressive countries like north korea or pakistan.
If you speak dutch, read http://www.onderwereldblog.nl/?page_id=64 for example.
Here is a better alternative http://www.gnupg.org/
No problem... let them snoop. Now I'll just be twiddling the "Encrypt and sign all outgoing email" box on my MUA, and finally start using GPG full-time for all of my incoming and outgoing email, instead of with just my friends and close colleagues.
There are plugins for Evolution, pine, mutt, Thunderbird and just about every other Mail User Agent you can find out there.
Another great benefit, is that I can automatically block/quarantine/delete any and all email that does not contain a gpg-signed component (i.e. 99.999% of all email out there, mostly spam). dspam does an amazing job, but being able to just reject it at the MTA level would be great.
And for those that wish to converse with me, please make sure to use my GPG key to do so (also available here with detailed instructions).
Today is the perfect time to discover enigmail!
If you've ever agreed a typical EUA, seems to me you've waived at least two of these.
Reduce, reuse, cycle
Maybe they can crack it, but I'm betting they can't.
The UK Government already have this covered, by making it a criminal offence not to hand over your keys. Don't worry, I'm sure the US will catch up soon, as obviously only criminals have something to hide...
Let's see you test this. Take your fingers and make nice clear prints on a postcard, then write a death threat to the president on it and send it from your neighborhood post office to the White House. Repeat this action once every month.
But in that case, sending the postcard itself constitutes a crime, in that you're making a threat. I presume he meant the information obtained by the authorities reading a postcard whilst it's sent through the post. A better experiment would be to send it to someone else, detailing your plans.
Key exchange
A house divided against itself cannot stand.
I'm English so don't understand the US system. I always thought that the US constitution was the very foundation of US law. So please can someone explain:
How is it that the US government can choose to violate the constitution? Isn't the whole point of the constitution that they are obliged to conform to it?
Apparently "expectation of" has become a very technical term, basically meaning "desired."
.. well... giving consent.
Well yes it IS a technical term because we're talking about Constitutional Law here. The fact that it is expressed in English, where words can have multiple meanings, should not be taken to mean that any definition you like is the one that applies. The meaning of the phrase is put down in case law, not the Oxford English Dictionary.
And no, it doesn't just mean "desired", it means that it was the intent to be private, and that one could reasonably expect that privacy to be respected. So having a conversation in a public park has no "expectation of privacy" because no reasonable person would expect that others would not hear them -- they couldn't help but hear as they are walking past. Whereas having a conversation in a private house does have an expectation of privacy, even though it is fairly trivial to listen in (put an ear to the window).
Without cryptography, it's too easy for lots of people to be reading your email, and it'll happen without you ever knowing it happened.
I repeat: It has nothing to do with how easy it is. It has nothing to do with what unscrupulous people performing illegal actions could do.
Your mail is trivial to read by holding it up to the light. Your conversations in your home are trivial to listen to by holding a glass up to the door. Hell, I could read the contents of your phone conversations, or the contents of your computer screen, without ever physically coming into contact with the phone lines or your computer. So... for none of these things should you have an "expectation of privacy"? Law enforcement should be able to spy on these things at will without a warrant?
Likewise, it's so incredibly easy to use crypto, that refraining from doing so, is almost like
So easy eh? So how do you exchange keys with the one you are communicating with? You seem to be proposing the theory that if it is trivial to violate your privacy, then you never had any expectation of privacy at all. Well guess what? It is trivial to modify the unencrypted packets used to exchange public keys such that they are the public keys of a 3rd party, who can then act as a man-in-the-middle reading all the unencrypted communications with neither side the wiser.
Would you say, then, that your encrypted emails should carry no expectation of privacy? After all, it's so easy to get around this problem (always exchange keys with the intended recipient in person using a physical medium for the data) that you're basically giving consent by not doing it, right?
I know it's not, not really. But it's sort of like you put a sign in front of your house, saying, "This house is unlocked. Gee, I hope none of my stuff disappears. *wink* *wink*"
But we're not talking about what an unscrupulous criminal could do. We're talking about what a law abiding government agent should do to remain in compliance with the law. Does leaving your door unlocked imply that it should be legal for a cop to enter your house and search through your stuff for something incriminating (like your mp3 collection)? Of course not, and you know it's not.
Again, if it's not clear enough, let me try to make it so: The issue here is about the 4th Amendment and the requirement for a warrant before conducting a search. It is about what law enforcement and government intelligence agencies are allowed to do legally to read citizen's communications. It has nothing to do with what someone - law enforcement or otherwise - is physically capable of doing if they have no regard for the law.
Is privacy a right that, unlike all other rights, really can just be taken for granted, without anyone ever having to defend it? The obvious defense is right there to be used, and we just say, "Nah, it's not important enough."
Yes
The enemies of Democracy are