Slashdot Mirror
US Policy Would Allow Government Access to Any Email
An anonymous reader writes "National Intelligence Director Mike McConnell is currently helping to draft a new Cyber-Security Policy that could make the debate over warrantless wiretaps seem like a petty squabble. The new policy would allow the government to access to the content of any email, file transfer, or web search."
And what is it going to do about my encryption keys?
Not that I support this, but I sure as hell don't intend to make it easy for people to invade my privacy when I'm not doing anything illegal.
...is sadly dying. But it's ok because if you are doing nothing wrong you have nothing to hide right?
I guess we'll just have to do this the old-fashioned way. Now accepting (paper) applications for the next Paul Revere.
They already do (and have done) this for many years. Seems strange why they'd want to bring it to light now. Maybe it's more plausible since the country is in a post 9/11 atmosphere of fear.
so he can get through something we would consider "less onerous" but is still an affront to the Constitution.
If they're really trying to tap all that nonsense, it'll end up being a bit of a pain trying to pull the noise out of the signal at that point. It'd be relatively trivial to generate vast quantities of legit-looking noise to hide a small covert signal--and while data analysis algorithms and computer speeds have been steadily increasing, it's a bit of an arms race to keep up with the regular legitimate traffic, much less any obfuscation attempts.
In the end, it's probably a lot more trouble than it's worth to go about things this way, rather than doing the 'traditional' sort of real-life investigation leading to a warrant &c.
In Xanadu did Kubla Khan
A stately pleasure dome decree
why are they still trying to get my e-mails? I don't understand why they want to read my boring e-mails. The poor people who have to read my stuff...
This is a signature. Bow to me.
Because you can be damn sure that if they pass this law people will finally make sure to heavily encrypt what they say on the internet.
Then again, it's almost certain that they're already reading all the e-mail. This law is probably just to prevent them from getting sued about it later. Ug
Article links to another article which is paraphrasing some report made by a reporter who has seen this alleged draft Mike McConnell has a part in authoring, whilst the link to said report is dangling. I don't buy it. Seems like wacky journalism to me.
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
Visit Jonesblog and say hello.
The US is well along the path to becoming a police state. Personally, I am not concerned about a 1 in 1 billion chance of being murdered by terrists, but I clearly remain in the minority.
A likely scenario with this could also be to propose something outrageous initially, with a nearly as bad "back up" plan which seems benign in comparison and can sail through approvals and marginalize dissenters.
Curb CO2 emissions: Kill yourself today!
When the White House produces their missing emails, we'll produce ours
That should sufficiently prevent this from becoming law!
Error: Sig not found.
This article is entirely speculation. The only source it links to is an article that was not printed, and the link points to a 404 page.
It looks like it's time to outsource everything this bill covers to a more secure location.
I'm sure some enterprising person could rip off google and set up shop in the third world to offer secure searching and email.
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
Of course my grand plan gets fuddled up when they just stick a sniffer on the outside of my network. But maybe by then I will have figured it out and set my firewall to deny traffic containing the terms that incriminate us.
Then I guess the worst thing they can do is cut off my access to the int......._carrier lost_.........
CS: It is all sink or swim...oh and did I mention there are sharks in that water?
Gnu Privacy Guard (or other PGP) + Judge: Man can't be forced to divulge encryption passphrase = safety in communications.
Colin Dean Go a year without DRM
You need to have this sort of thing because you can't let the terrorists win, so what if you have to give up basic fundamental rights like privacy at least the terrorists won't have won.....
Oh hang on we were fighting for freedom and liberty weren't we? So you need to give up all your freedoms to protect your freedom? You'd almost thought that the government was a repressive regime that wanted to subjugate people.
An Eye for an Eye will make the whole world blind - Gandhi
So, that would mean that the societies with the most surveillance were the most secure, right?
Like Soviet Russia.
I thought that was Max Headroom.
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
So, that would mean that the societies with the most surveillance were the most secure, right?
As any one knows prisons and navy ships (i.e. the ultimate panopticon) have zero crime rates.
Some drink at the fountain of knowledge. Others just gargle.
Regardless of the laws, we've already seen that the telecoms will grant the government whatever access it wants. If they get busted, they'll go cry to Congress for retroactive protection. Same results with or without legal protection of your privacy.
I swear to God...I swear to God! That is NOT how you treat your human!
this has already been happening for years. I guess their mentality is, if you aren't doing anything wrong, you have nothing to hide, reminds me of this surveillance society. Secret police and indiscriminant surveillance practices are always conceived to protect against enemies of the state, real or perceived, however they always seem to become a tool to squash political-dissent when things turn bleak. It scares me to think about what our government will do in the name of protecting our "freedom".
According to a 2007 conversation in the Oval Office, McConnell told President Bush, "If the 9/11 perpetrators had focused on a single US bank through cyber-attack and it had been successful, it would have an order of magnitude greater impact on the US economy."
What utter twaddle. Banks get cyber-attacked avery minute of every day. Banks are quite consistently successfully cyber-attacked. It happens and they deal, no differently than any other company. The fear of financial panic is always legitimate, but it was quite clear shortly after 9/11 that all that such attacks could reasonably ever be were "weapons of mass annoyance".
Bush turned to Treasury Secretary Henry Paulson, asking him if it was true; Paulson said that it was.
I dearly hope Mr. Paulson is called to account for that remark. But he won't be.
While I'm not for the idea of codifying nanny-state monitoring, realistically I just don't care. I've always tried to take the approach (and educate others) that if I wouldn't write it on a postcard, then I don't type it on "the internet."
This has nothing to do with the government collecting and reading my emails (or anything else for that matter), I have just as little faith in the network of mail servers and search engines. I know google/aol/microsoft all say they're not doing anything I wouldn't like with the data they collect, but I'm more comfortable knowing that the data they collect on me is useless.
If I need something to be private, I can encrypt it.
This might be a good cue to invest supercomputer stocks.
So my email from a .co.uk email address to a colleague at a .br address is going to be searchable by the US? ... We'll see what our governments have to say about that.
------ The best brain training is now totally free : )
That was TVs, but they could be made to be two-way samplers as well.
Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
have you ever looked at your google web history? yikes.
Tell the highest levels of the intelligence community what you think about this idea by picking up a phone and calling any number.
I know, it's not original.
Don't mess with The Phone Company. Piss them off and you'll be using two tin cans and a piece of string.
I hear Soviet Russia was pretty safe too. Looking at my (and everyone elses) email makes me about a zillionth of a percent safer. It alsomakes me several times less free.
This is NOT zero sum. The magnitude of damage caused by this kind of stuff far outweighs any even theoretical increase in security.
AccountKiller
There is only one candidate who would *not* allow this to go on. He is not any more un-electable than Regan was...twice elected was He?
But if you really feel strongly about personal freedom, and if you think the constitution is a good thing. (most folks did during the federalist party vs democrat-republican party race oh so long ago)
Support Ron Paul now. Otherwise you share the blame and shame of all those who are afraid of the big bad "terrorists"
40 million neocons think that everybody should have all their business hung out on their front door for anyone to inspect. Don't fool yourself, Hillary and Barack don't care about your rights either. It makes you feel dirty to register republican, but getting Dr Paul into office would fix (or at least delay) the big brother take over for a few years.
But you are completely uninteresting.
Yeah, I guess all those completely uninteresting people out there are why the FBI agents misuse national security letters and embezzle thousands of dollars from the wiretap tip jar.
If I have been able to see further than others, it is because I bought a pair of binoculars.
Yes and soon the governmnet will get the idea that placing us all in concentration camps would be better since we wouldn't be able do anything bad.
"Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety." --Benjamin Franklin
Its relatively easy to do and the NSA/HS are so nosey. My email is lost in billions of others.
Tag: fuckyouiwontdowhatyoutellme
I'm gonna need a spec.
It seems to me that we somehow got through the cold war, and two world wars, with our eavesdropping rules on the telephone lines intact. Why are we so afraid as to give up our freedoms to a bunch of terrorists who happened to get lucky one time eight years ago? It's sad. Besides, we're not really at war anyway. Last I checked, congress never declared a war.
My friends, it is high time we start encrypting everything. We'll just have to make PGP/GPG easier to use by the masses.
Ruby Neural Evolution of Augmenting Topologies
How many time for strong encryption as default feature in all email clients?
DNA in your Linux: DNALinux
I Know that obfuscation is not very popular to protect privacy (just have a look on Bruce Schneier review of TrackMeNot, and you'll see what I mean), but I think it remains a good solution to protect privacy in that case because anonymity does not exist anymore ;).
The idea is to use a tool that frequently generates queries to searches engines. Basically is quite like opening your WiFi access to protect against RIAA: if you use a tool that generates queries, none will be able to prove that a query is issued by you and not by the tool (with mail it's quite harder).
I know that TrackMeNot (http://mrl.nyu.edu/~dhowe/trackmenot) has been criticized, but they improved it, and there also SquiggleSR (I develop it, so it's quite a promo: http://squigglesr.free.fr./
Seriously. There are already libraries such as FLTK and QT for the graphic front end. For the back end, you could use XySSL, OpenSSL, or even GNU GPG.
I'm about 20 hours into an encryption client, and I've already got people using it. I initially wanted to use GPG, but realized that most technophobes won't go for a command line application. So I pulled out FLUID (the FLTK design utility) and had a prototype working within hours.
Today, there's no excuse for not encrypting your email. I realize that you may think you have Constitutional rights in this regard, but GW & Co. have the guns, the taxpayer financing, and even the (unsolicited!) cooperation of the major network carriers. It doesn't matter what you think the Constitution says if you can't even get a trial. You're on your own from here on out.
So why encrypt, even if you've nothing to hide? Well, simple, really. Why let the government violate the 4th ammendment with impunity? If you encrypt your email, the government can't perform secret, mass surveillance. Sure, they can pound on your door, and even demand the key. You might even have to give it to them. But in them doing so, you've achieved three key goals:
Encryption is highly Constitutional (TM) software. It keeps terrorists from eavesdropping on our conversations, knowing our whereabouts, and stealing our valuable intellectual property. If the government can't read my email, neither can the terrorists.
Be patriotic. Support the Constitution. Encrypt everything.
The society for a thought-free internet welcomes you.
A simple search into the archived information about a "difficult individual" could produce endless ways to force silence. This is a problem for political opposition, whistleblowers, etc.
The existence of an information database like that is a foothold for corruption and abuse - It's a total waste of money if it's not used in any way. In how many ways can you use a database containing communication of private citizens?
The first thing that comes in mind is that you can discriminate someone with it.
Think of the Facebook problems as analogous. All that information about different individuals makes for an interesting communication tool, which then became a nightmare when a public institution used it for discriminative purposes. That means the school that just recently expelled students (or otherwise penalized them) because of information found on their Facebook pages.
A government database has a couple points to keep in mind: The secrecy and security hinted in the linked article would mean that without authorization by the NSA you couldn't get confirmation about what information was in the database concerning yourself. Of course, there would be no way to remove information from the database, either. A simple and attractive option for corruption would be to sell database queries to companies seeking personal details of their employees, all in the name of "driving the economy forward."
If it were known that the plan expected doing searches without a warrant it would have been in the first sentence.
I just smile to myself and wonder when the government is going to quote the likes of Hitler and Mussolini in their speeches, these are the people that they seem to be emulating and aspiring to. The current policy's and the state of the country seem to be more in line with 1930's Germany then 1790's America, many people out of work, restrictive treaties that make no sense, and a large influx of immigration; people wonder why Adolf Mittler got so few votes in the NH primary. "Any society that would give up a little liberty to gain a little security will deserve neither and lose both" Ben Franklin
--Rules And Models Destroy Genius And Art--
I'd love to get a hold of state secrets then get drunk and run through the streets warning everyone about their imminent demise.
Paul Revere was the MAN!
Unless it's bundled with Windows then a mass change to encrypted email simply isn't going to happen.
Encryption should have been built into the protocols from the start but now I'm afraid the horse has bolted.
No sig today...
since i wager i'm hardly the only slashdotter who doesn't know, here's how to find out who your representative is, what district you're in and his/her DC office.
(note, you will need to know your ZIP code, and possibly +4).
ed
All yanks are dumb as shit
You're not gonna like my sig.
The higher the technology, the sharper that two-edged sword.
Does GMail support encryption though it's web client? Does Yahoo?
Socialism: a lie told by totalitarians and believed by fools.
Wouldn't pretty draconian laws against spam make this sort of surveillance easier by lowering the noise? You have to see both sides of the coin, people (this coin, of course, not being a nickel).
Just callin' it like I see it.
Yeah, it's called Carnivore.
I'll hand it to the mods for not passing this off as some new thing that this administration was doing though, and instead referencing it in more generic terms. But yeah, it's already been going on for 11 years now. A search for "Carnivore" nets several dozen results on slashdot alone. So, old news, dupe...?
It seems the above comment focuses on "will probably" without sources, much like the Raw Story unsigned editorial.
Has anybody actually SEEN the draft so that we can comment on it intelligently without relying on "I think the US government is bad, so I'm going to assume they're doing horrible things"? The PDF link in the Rawstory unsigned editorial doesn't work, so it's awfully hard to evaluate their claims. The homepage of Rawstory makes their bias pretty clear, so I'm inclined to not just take their word.
To do what they have been doing all along?
What?
.. then why do you close the curtains at night?
Insert
By all means, let them read...
...as long as they have my public key, and
...as long as I've signed their public key...
They're welcome to read as much as they want.
Besides, using gpg is one way to authenticate the sender of said emails. Encryption isn't just to "hide things".
If one were to to plan a terrorist attack, wouldn't it be safer to communicate using cyphers anyway? I always wondered how these plotters get caught. Were they not being careful in their communications. I mean how hard can it be to write a coded letter that just blended in with the rest of the noise? Or, are the government able to really crack all these methods of manual encryption?
Someone should do a test and plan an attack as part of a performance art, just to see if they show up on the radar.
What ever happened to the founding father's view that tyrany was ever vigilant and the tyrant would use any means to strip liberty away from its citizens?
:(
Oh yeah, that isnt taught in schools
Start skating.
I can sign _and_ encrypt emails from outlook at work.
I don't read AC A human right
International Covenant on Civil and Political Rights; the U.S. is a signatory http://www2.ohchr.org/english/law/ccpr.htm#art17 >> Article 17 >> 1. No one shall be subjected to arbitrary or unlawful interference with his privacy, family, or correspondence, nor to unlawful attacks on his honour and reputation. >> 2. Everyone has the right to the protection of the law against such interference or attacks. also interesting >> Article 7 >> No one shall be subjected to torture or to cruel, inhuman or degrading treatment or punishment. In particular, no one shall be subjected without his free consent to medical or scientific experimentation. and >> Article 20 >> 1. Any propaganda for war shall be prohibited by law.
Create a whole host of new email addresses, and sign them up for regular batches of Goatse, and feel no pity.
I'm making a tinfoil hat for my email server.. I didn't need that wifi connection to it anyway.
Homo homini lupus
More likely less than five minutes. Have you seen video of people being waterboarded?
"We make our world significant by the courage of our questions and by the depth of our answers." Carl Sagan
I admit, I laughed hard at that.
These people are completely insane. They follow up every single total catastrophe in which they made us more endangered while demanding to violate our rights ever more with yet another demand to screw us while just scaring us and endangering us.
I mean, they're still spinning down how a Filipino Monkey almost gave Bush a pretext for armageddon with Iran last week, continuing to blame Iran.
They still act like they don't even really know for sure who is "the enemy" in Iraq, or when the next Taliban attack will show how badly we're losing in Afghanistan to a bunch of medieval hicks hellbent on returning to the Stone Age.
And yes, they're still spying on every email, Web hit and phonecall in the US (hi, Dick!), while hustling to hand telcos amnesty for breaking the law at their request, even though they can't even pay the phonebill so it gets shut down.
These Keystone Konservatives would be hilarious if they weren't the most dangerous people ever in the world.
We have to call our lazy, complacent congressmembers and insist they impeach these criminal retards, instead of just easily running against them this year and inheriting all their catastrophic tyrannical powers.
--
make install -not war
Or possibly pass legislation to make it illegal to have encryption that takes them longer than n seconds to crack - something to that effect.
How would they be able to stop it? Something can be programmed outside the US then distributed inside it.
FalconShould there be a Law?
The main obstacle to mass encryption these days is Microsoft. I expect to be skating over Hell's frozen wasteland before Microsoft adopts encryption in Outlook/Hotmail.
I've been encrypting and signing mail in Outlook Express and Outlook for years. The certificates are installed via XENROLL.DLL or CERTENROLL.DLL. Windows actually has a really good encrytion API.
If you go here you can get a free e-mail certificate. Once you install it to the cryptography store you can sign and encrypt mail in any Microsoft email program. If you use the Windows Live Mail application you can encrypt messages in Hotmail too.
The clash of honour calls, to stand when others fall.
See, you would have motive embedded in there somewhere, and if there ever got wind of it, the "performance" of the judges and jury would not be purely out of artistic license.
If you don't think you're willing to display motive, then you shouldn't try it.
But here would be an even better idea: see how much or how little work it takes to distill what you know for darn sure is pure garbage/gibberish/noise and turn it into an international terrorist coordination.
Just keep a tight network of otherwise unconnected people. Decide on a few things to do in your daily lives that seems innocuous yet suspicious for its coordination. Everybody keep P.O. boxes and send each other blank postcards, the kind with those suspicious UPC codes on the back. Print and stamp your own large UPC codes on them if the ones already provided aren't potentially information-dense enough. Agree to all go to open-all-night coffeehouses at midnight GMT no matter where you are in the world or what you're doing, and IM each other with nothing more than three-word bursts straight out of the codebook or famous names. "Alpha Delta." (response: "Judy Garland".) Everybody mail-order a new chia pet every every other month. Make sure they're all the same chia pet. Things like that.
I assure you, if they want to bad enough, they will be able to make an argument impressive enough to a jury to convict you of all charges, even if they are international terrorism. You don't agree? But there's a *reason* they call them "puzzle palace"!
Example: your corporation puts all documents on uniform letterhead, using the same font, margins, spacing, and so on. Particularly, all of your financial documents appear more or less identical, with the exception of the placement of numerals, of course. You bought a big order of shredders so each office-chair would have one nearby, all the same straight-edge shredders, and all your documents shred the same. One day some people show up from some government agency or department and start going through all your bags of shredded paper. They're really good puzzle-experts, so they almost as if by magic (but it's not magic, it's professional expertise) manage to put back together several documents WHICH INCRIMINATE YOU AND YOUR DESPICABLE HOARD OF MONEY-LAUNDERERS in the biggest financial scandal in years. And you and your corporation face time behind bars. Meanwhile, none of you knows where the hell THAT zinger came from, because as far as you all know nothing has actually been done wrong! But the employees further down the ladder don't know or care: they just know that they're under a serious threat and can't afford the same big attorneys that you can, and deeply resent you due to capitalist competition and class jealousy. They simply let themselves be led in questioning by the investigators, who all ask the same leading questions (it's a well-known tactic) and who all get the same answers: yes, there might have been something going on, all those closed-door fancy-suited bigwigs are definitely complicit in SOME kind of ill-intended goings-on, just look at their fancy little cars and how I can barely afford even the gas bill on my family's two S.U.V.s! SOMETHING was going on, sure! Yes I'll sign here. And then you actually DO get summoned to court even though you don't know why, and even though you didn't actually do anything. And you also get something else on your way home from the grocery store or the gym: a threat that you either go along with all the charges, including an outline of how you should frame your arguments and what you should admit to, or you'll face fates worse than prison. The threat is real, but you have nothing to show for it. You mention something about it to a few people, but you already knew what they'd say: the stress of the charges and the upcoming trial are already getting to you. Best you'd see your shrink and take some drugs. Gotta face the music. Fast-forward: you do time, and still to this day you aren't sure why or who's behind it. The most incriminating evidence at your tria
"Stratigraphically the origin of agriculture and thermonuclear destruction will appear essentially simultaneous" -- Lee
It would be fantastic if Gmail would offer this encryption as standard.
Right now you can get this as an extension
http://www.langenhoven.com/code/emailencrypt/gmailencrypt.php
...but its a bit of a hassle to do this manually.
What if all the ISP's and mail hosts decided to use encryption? Would the government demand to have a back door?
Self incrimination issues are at stake here.
I don't think its been decided yet, so until then you don't know if they can make you 'give up your keys'.
---- Booth was a patriot ----
but how many know of the genuine motivation of extreamist?
Trillion dollar stock market manipulation of the 90's striking and draining south east Asia including Indonesia (which is 88% Muslin according to CIA records)
And what would be the opposite direction or the removing of terrorist excuses at a far lower cost.
What the World Wants
Where does such access to emails come into play? The same as the telecoms assisting the government in spying on Americans. If you know what the public in general is thinking you will know what lies to tell them.
"Stratigraphically the origin of agriculture and thermonuclear destruction will appear essentially simultaneous" -- Lee
The main obstacle to mass encryption these days is Microsoft. I expect to be skating over Hell's frozen wasteland before Microsoft adopts encryption in Outlook/Hotmail.
You must be a pretty good skater by now. Outlook has supported encryption for at least a decade.
Maybe I read the act wrong or maybe its just been too long since I read it, but I thought the patriot act pretty much took care of this, from a legal standpoint anyway?
Pharmacies, porn sites, stocks, inheritances and other junk I have which constitutes about 90% my raw incoming mail to my mail server so they can read all of that. I wonder what method of spam filtering will they use?
Outlook/OE both support S/MIME and have since the mid-90s. PGP and other schemes are available too as third party add-ons.
The problem isn't the ease of use, even my grandmother can figure out S/MIME once someone sets it up. The problem is that nobody really cares.
Give a man a fish, he'll eat for a day, but teach a man to phish...
My feeling on any legislation (which this ISN'T) of this sort is sort of how I feel about the draft - anybody would have to be absolutely mental to put it into law. No congressperson wants to have any of their private correspondences probed, not to mention the voting public. It'd be the end of their (political) career in an instant. It's the old analogy of the frog in water - slowly turn up the heat and it will stay, but if you put a frog in extremely hot water, it will jump out. If you're gonna take away freedoms like this, it can't be in one fell swoop. Or, if it is, it needs to be after some big event (e.g. Pearl Harbor, 9/11).
There's no way this will ever even come near coming true.
I live in constant fear of the Coming of the Red Spiders.
http://gnupg.org/
The only thing new in this world is the history that you don't know.[Harry Truman]
67 6c 61 64 20 69 20 6c 69 76 65 20 69 6e 20 63 61 6e 61 64 61 2c 20 6f 6b 20 73 6f 20 69 74 73 20 6f 6e 6c 79 20 68 65 78 20 62 75 74 20 69 20 77 61 6e 74 65 64 20 74 6f 20 6d 61 6b 65 20 73 75 72 65 20 6d 79 20 63 6f 6d 6d 65 6e 74 20 63 6f 75 6c 64 20 62 65 20 72 65 61 64
I for one welcome our new security policy and am proud to live as a ...
(jackboots approach)
(hood put over speaker's head)
(thud as head is whacked)
(sounds of unconscious body dragged away by jackbooted NSA thugs)
-- Tigger warning: This post may contain tiggers! --
Defense...
"I don't recall"
If you wish to have a proper bill of rights, then you need to emigrate to Canada, Germany, South Africa or Russia. The constitutions of most other countries are rather lacking in comparison to those.
Excuse me, but please get off my Pennisetum Clandestinum, eh!
If the government is asking permission, you can bet that the NSA is already doing it.
~Ben
I hate to be the one that brings this up, but it needs to be said:
If the Bush administration 'loses' and 'accidentally deletes all traces' of their email every time they are being investigated, how could our inept government monitor the email of over 300,000,000 people in america?
Certainly there is a LOT of sarcasm in that question, but seriously [b]what grounds to they legitimately have[/b] to require access to users email WITHOUT a warrant? None if you consider that even our White House has redundant backup of their email which is likely on some cheesy Exchange server somewhere.
That means they have tons of time to get a warrant should it be justified.
I am open source, and Linux baby!
Perhaps while they're reading every piece of email they could perform a useful service and remove the spam!
Patent litigation: A doctrine of Mutually Assured Destruction... in which everyone seems willing to push the button
I don't know any major email system which enables encryption by default.
No sig today...
The real "Libtards" are the Libertarians!
The problem is in setting it up - you need a certificate, etc., could she do that by herself?
No sig today...
I just looked at their license agreement and it says:
... the Subscriber hereby consents to the disclosure to third parties of such Selected Subscriber Data held therein."
"9.1
No sig today...
There is a firefox plugin Firegpg that you can use with gmail to encrypt, sign, and decrypt email.
I dunno if it works with yahoo....it might...
Light travels faster than sound. This is why some people appear bright until you hear them speak.........
I don't know what percent of the US population is imprisoned, but the US has one of the largest prison populations in the world. Hold on... According to the Department of Justice in 2004 there were "486 sentenced inmates per 100,000 U.S." According to wiki "The United States has the highest incarceration rate in the world at 737 persons imprisoned per 100,000" and it references DOJ document Prisoners in 2005 [pfd].
FalconShould there be a Law?
...or any of my friends email either.
No sig today...
When I have to take constant measures to ensure my privacy on the internet, I will simply stop using it. If simply using the internet is a threat to MY security, out it goes. Keep in mind that your average American cannot even figure out how he keeps getting malware, let alone how to encrypt their email. After reading the article(and, yes, it occurred to me its possibly someones idea of propaganda. Who knows? Maybe someone is trying to pump up sales of encryption software) I asked myself "Is losing my privacy really worth the advantages of the internet?"
My answer was, quite simply, "No". I suspect I am not alone in that stance.
Now imagine if a large portion of the populace felt the same as me, and the Guv'ment went whole-hog and actually did something like the article states. If people began abandoning the internet for anything more then logging into World of Warcraft, that is going to seriously effect our existing economy. THAT will get peoples attention. Start fucking around in peoples wallets and they notice.
Writing to your representatives and pointing out just how far-reaching the effects of such stupidity could really be might actually get them thinking.
To be honest, I am sort of secretly(was...)hoping something like all this comes to a head in some grand, spectacular way that opens the eyes of all the Sheeple in this country. Let Bush/Cheney declare martial law so we can get down to business and start the Revolution and just get it over with. Sometimes I think thats the only thing that will fix the loss of rights that have already occurred.
I was born here in California and have lived here all my life. Never been out of the country even once, barely even been out of the state, either. Next month I'll be 43 years old. When I was a kid, sure, there were things going on that weren't too cool, but there were still things to be proud about the country I was born and raised in. I can't say that anymore. I love my country, still, especially living in California, but I'm ashamed of my government and the things it's doing and allowing to be done, and even the mere MENTION of things like this, true or not, make me feel weary down to my very bones. I don't care to see it all destroyed, but it needs to be FIXED, and it needs to be fixed NOW before these bastards make it all come crashing down around our ears.
Somebody needs to get cracking to devise a cipher that looks just like these spam noise words... something along the lines of a one-time pad
I'm not sure why so many folks here are focused on the government reading emails. Doesn't it seem like the web search issue is an even bigger privacy issue?
You won't be able to safely view "alternative" websites without the government knowing about it. You might as well just move to China.
It seems to be a standard defence here in Australia too.
In a recent enquiry, I think it was the AWB bribery enquiry but I'm not sure, the person doing the questioning lost it at one point and said something like "How did you become the CEO if your memory is so terrible?"
You forgot Gonzales and the former Director of FEMA who claimed he didn't know that formaldahyde was dangerous and then suggested that people in those trailers "crack a window".
What ever happened to the founding father's view that tyrany was ever vigilant and the tyrant would use any means to strip liberty away from its citizens?
Oh yeah, that isnt taught in schools :(
It, freedom from tyranny, not being taught in school may be part of the problem but another part is that those alive now haven't had to fight to preserve it. I think Thomas Jefferson hit it on the head when he suggested there should be a revolution about every 20 years. If you're born and raised under it more than likely you're going to be complacent.
FalconShould there be a Law?
Too little too late, but better late than never.
That's encryption between client and server. Mail still gets sent in-the-clear, in plaintext. GMail does not (sadly) implement any PPK encryption.
:)
I'd love to have that integrated right in GMail (verifying signatures, handling encryption/decryption) but the only (reasonably) secure way to actually do it is to shove all the encryption parts into the client-side part of the interface. GMail could store public keys so that the server could do signature verification, while the client-side piece (that never sends the private key (protected by passphrase or not) to the server) handles actual encryption/decryption/signing tasks. It'd probably be a bit on the slow side but that probably doesn't matter a huge amount for simple text messages.
Even then you'd still be trusting Google to send you a reliable, secure client that can't be tricked into giving up private keys, and that their *own* servers can't ever "trick" the client side piece into sending private keys.
The only alternative is to use GMail (and any of the other webmails, or really any mail server) as transport only, and just do encryption/decryption/signatures/verifies offline. That's *safest*, but it's a pain in the arse for most people
Read my stuff.
...that very little of the election debate has covered issues that really matter - like how the mess that Bush & Co have created will be cleaned up, and how/when sense of liberty put forth in our constitution will be restored? How can someone like Hillary Clinton take herself seriously and never discuss this issue?
...got passed, I would move to Canada, I'm sorry. Or vote for Ron Paul, which I would not normally do. I have strange fiscal ideas. Yes, I am aware that the last sentence was somewhat tangent.
The real "Libtards" are the Libertarians!
In 2000, during the media hype over the Elian Gonzalez affair, I wrote an email to my father and cousin in which I called the fascist thug Janet Reno "the domestic enemy I swore an oath to defend this country against." Three days later I got a knock on my door from two FBI agents who asked me a bunch of inane questions like whether I owned any firearms and whether I've ever visited Washington, D.C. I found out later that they had already interviewed everyone I worked with about my personality and behavior. So now I have an FBI file. Yay! (Are you reading this, Special Agent Irwin K. Summerville? Fuck you and everything you stand for!)
A few months later, the word "Carnivore" started showing up in the press. The FBI swore up and down that it was only used to monitor suspected criminals. But I have never been convicted (or even accused) of any crime.
To be fair, there is a rational explanation for why I might have been under specific surveillance: I held Secret security clearance because I was a military avionics technician who occasionally worked on ECM gear. However, I sent the email that tripped Carnivore from an off-base residential ISP account. So even if I was being specifically monitored, the FBI's investigation reveals the existence of a system for locating and tracking individuals by their 'net presence. That's scary enough, even if they're not secretly scanning everyone's email (which I strongly suspect they are).
Comment removed based on user account deletion
Sean?
I'd rather Simon.
FalconShould there be a Law?
It's apparent you have never served on a ship or been in jail. Captins mast is held on a regular basis to punish those who have committed infractions of regulations ( breaking the law) and the punishments range from a fine extra duty, reduction in rank, a combonation of the forementioned or imprisonment. Yeah 0 crime rate. Ask any sailor that has served and they will tell you that you're statement is WAY OFF. Regards
Everyone has the right to choose, even to choose wrongly, if ever they are to choose correctly.(Author Unknown)
Actually, any changes to the constitution have to be ratified by 3/4ths of the states (that is, first congress has to agree, and then the citizens of 3/4ths of the states have to), and I don't think that that's going to happen any time soon for something like removing 5th amendment rights.
There are 2 different ways to propose to amend the Constitutions but you've combined them. Article 5 is the relevant article:
"The Congress, whenever two thirds of both Houses shall deem it necessary, shall propose Amendments to this Constitution, or, on the Application of the Legislatures of two thirds of the several States, shall call a Convention for proposing Amendments, which, in either Case, shall be valid to all Intents and Purposes, as Part of this Constitution, when ratified by the Legislatures of three fourths of the several States, or by Conventions in three fourths thereof, as the one or the other Mode of Ratification may be proposed by the Congress; Provided that no Amendment which may be made prior to the Year One thousand eight hundred and eight shall in any Manner affect the first and fourth Clauses in the Ninth Section of the first Article; and that no State, without its Consent, shall be deprived of its equal Suffrage in the Senate."
Two thirds of congress can propose an amendment OR two thirds of the states' legislatures can propose to amend the Constitution.
FalconShould there be a Law?
I don't have any. And don't try to threaten to kill me either as I'm living on borrowed tyme and I welcome death.
And I mean that literally, I had a bad accident the docs said it would be a miracle if I survived. I wish I hadn't.
FalconShould there be a Law?
I for one welcome our new waterboarding, private contracting, email snooping, search analyzing, P2P sniffing overlords.
OSGGFG - Open Source Gamers Guide to Free Games
Well one could always swing this around. If they demand the right to read your mail, then you could always deem it to be content and charge the government a subscription, or even better, a pay-per-view rate.
Assuming that they are going to read everything, set a price on what you deem to be fair value on your content, and send them a bill, and don't forget to sue them when they don't pay.
Make your rates available to the public, and charge US$ 1000 per page if you deem you content to be worth that amount. Assume that the government is going to read everything you publish electronically, and charge them US$ 1000 per page for their electronic copy of your document.
It is your right as a content generator to charge for your work. (Control public access by requiring members of the public to quote a document reference to access/buy specific pages or documents.) The government cannot expect you to work for free. that is communism, and last time I checked, USA was still technically a democracy.
Multiply this effect by a million, and the Government of the day will have a legal crisis on its hands. Or sit back and do nothing and watch your civil liberties erode.
Participatory Governance : The only feasible option for a real democracy, where everyone really does have a say.
And the beauty of it all, is that in the desperate crusade to button down those "disruptive" types, the said disruptive types will simply up the ante. If you send a bright individualist into permanent unemployment, that individual still needs to eat, and still thinks about how to resolve his problems. And now he's justified in his sense of "otherness" and he IS being persecuted for his beliefs, literally. Thus making him all the more likely to resort to extreme measures.
Congratulations ! You've just bred a tribe of Unabombers, that was really smart.
That's still transport level security, which protects the message between you and Google. Once the message reaches Google it is in the clear. The GP is talking about message level security, which protects the message until it is decrypted by the intended recipient.
It goes from God, to Jerry, to me.
That's one of the funniest posts today. The moderators must be idiots.
Just callin' it like I see it.
I haven't yet seen the details of the policy, but if it allows the US government access to any message transferred or stored on a US-based computing device, I think it's time for the rest of the world to abandon GMail, Yahoo mail etc. in droves.
Every US citizen needs to read Deterring Democracy (Noam Chomsky) or failing that, try The Shock Doctrine (Naomi Klein); your government is out of control.
Once upon a time, some people imagined that the internet would be the ultimate platform for free speech. Terrorists will simply get more creative in their communication technology (e.g. steganography on Flickr or other image-sharing web-sites) - it's the regular folk who are losing privacy, not by inches but by miles.
this is the bad with the good
on the one hand i don't like the government making warrantless searches anymore than anyone else
on the otherhand searching the internet is probably warranted, generally:if i hadda vote today I'd prefer government supervision to the mess these hackers have created for us
William Penn noted for us to the effect that
Those who will not be governed by [conscience] will be ruled by TyrantsEnjoy.
It's interesting the overwritten of the statement that says that you are innocent until proven guilty, this set EXACTLY the opposite.
Is there anybody out there?
Haven't you ever heard law enforcement types saying that ignorance is no excuse? If not knowing about a law is no excuse for not breaking it (a ridiculous but very convenient proposition, if you ask me), then not remembering something after you knew it definitely won't be.
In the case where they tried to compel a passphrase http://www.news.com/8301-13578_3-9834495-38.html?tag=nefd.blgs there was only one piece of useful information (for me): Secret Service Agent Matthew Fasvlo, who has experience and training in computer forensics, testified that it is nearly impossible to access these encrypted files without knowing the password. There are no "back doors" or secret entrances to access the files. The only way to get access without the password is to use an automated system which repeatedly guesses passwords. According to the government, the process to unlock drive Z could take years, based on efforts to unlock similarly encrypted files in another case. Despite its best efforts, to date the government has been unable to learn the password to access drive Z. I haven't figured out yet, at least in the FOSS arenea, why Public Key Encryption isn't a default with packages. Ubuntu has done a good job keeping most things under the hood. It wouldn't take a lot when starting an Email client for the first time to walk a user through creating keys. Or Ubuntu walking the user through it during the install. GNU/Linux could be known not just for securing the OS but also for the traffic it generates.
It would require the ability to decrypt on the other end but as the number of Linux installs increases at one point the encrypted transport default will reach a critical mass. Until that time I'm sure we could come up with some kind of [use encryption if available] handshake.
I.E. Send the email encrypted as default with instructions to ask for a clear text version if they can't decrypt it. Then make it semi-automatic: The recipient has requested you send a clear text version of the email, send now? Yes/No. And/Or The recipient has asked for your Public Key, Send Now...
Surely we're all smart enough to come up with a way to make this transition. Clear text should have been gone 10 years ago.
They will harrass you with everything they can dig about you, they will bait you and try to get something to blackmail you with. Your private information will be in the public domain and the CIA will harrass you by mocking you about them anonymously to your friends and associates. The worst neocon school-bullies will be given the information to mock you and harrass you with. All the friends you had, you will lose thanks to government harrassing and feeding them lies about you, or simply "seducing" them away from you. You will lose your job because they will feed bullshit about you to your boss. It is already happening mainly to democratic anti-war activists, for the nearly past 8 years now, and it's not like this is anything new. COINTELPRO and alike are old programs and inventions.
Only as americans, you have enjoyed some modicum of protection against this CIA harrassment, but abroad, we have not had the same luxury.
Fear the neocons with their databases because they can make your life living hell and destroy all you have, and at worst they will drive you to suicide. Oh, they won't do it overtly, but there is always one among them who will hate your guts and will see to it that you "get what's coming to you."
So much for your democracy, liberty, equal rights to life and pursuit of happiness. And yes, I speak from personal experience in this, having lost now nearly everything thanks to this kind of harrassment.
Not just that. Much of the traffic goes through backbones in US so you'll never know whether you are being watched or not for sure.
I encourage everyone here to watch Rick Falvinge's talk entitled "Copyright Regime vs. Civil Liberties" at Google. Basically it says that anti-copyright measures should stop where your privacy starts.
Doesn't the NSA force companies like Microsoft to build in backdoors to their encryption methods anyway?
That could just be a rumor, and I don't have a source for it, but I thought that this was one of the principle complaints about PGP. Specifically, that it didn't contain such a flaw.
IANAL, but I've seen this argument before, based on case law involving things like safe combinations and lock keys. In a nutshell the courts threw it out since the safe combination, key, etc., are not intrinsically incriminating. The contents of the safe might incriminate you, but they aren't -you- and fall under the Fourth, not Fifth, Amendment. That means they have to be turned over given a legal search warrant. This is the same logic that allows cops to seize money "suspected" of being involved in a crime (e.g., as potential payment for drugs) and putting the burden on you to prove its "innocence". (I strongly disagree with that interpretation of the law, btw, even though I can see merit in the argument that safe combinations are not intrinsically incriminating.)
I don't know if anyone has ever tried dipping a lock key in the victim's blood and claiming that that protected it from seizure. It probably wouldn't work, again, since it's something that is not the person himself. I suspect the same logic would apply to a passphrase like "I murdered Bob at 12:47 on Tuesday".
As for "forgetting" your encryption keys, again the courts have had to deal with people who "forgot" safe combinations, "lost" lock keys, etc. for generations. Are you ready to spend months in jail on contempt charges? Or face prosecution for obstruction of justice?
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
The more privacy (I.E. "National Security") the government has, the less secure we are.
--Mike--
Templar, or Travaglia? ;-) (Clearly, Templar -- the BOFH would've had electrified door handles or something similarly Zrrt-riffic.)
This is particularly disturbing to me as I host email and other services for several clients and will start scaling it up very soon.
I would of course, being a "good citizen", cooperate with a court order from a Judge to access contents of a specific client. That is an order coming from the Judicial Branch of our government allowing the Executive Branch to conduct it's affairs. That is checks and balances at work.
I don't ever intend to cooperate with the Executive Branch for one second on it's own. I won't have them install software or hardware in my racks where I co-locate.
It's hard to get clients to understand this as well. I already force all client connections to be encrypted and protected by SSL. That only protects my communications between my servers and the clients. Very prudent to do so, given the current environment on the Internet regardless of government corruption and totalitarian fascist ambitions. Attempts are also made to initiate SSL or TLS connections from my mail server to other mail servers, but not all mail servers support this. Only a fraction do so by default. I suspect the big guys, you know who I am talking about, don't do it on purpose. Not to save CPU cycles or anything like that, but to make sure that transmission to and from their servers are in plaintext. Why would the government even need to get into the servers when they can just watch what is happening from outside? Sounds crazy, but I remember somebody coming forward about how one of the 3 letter agencies were "copying" all the traffic on AT&T's lines to a backroom.
I could completely eliminate my liability by providing faqs and videos to educate my clients on how to encrypt email contents from their end to the recipient. Then all content that I host would be encrypted and I could not possibly know the keys. This is becoming more popular too. I predict technology like Freenet nodes will multiply like rabbits in the future.
I know there are some people out there that will point out, in a quasi X-Files way, that the government possesses secret software and server farms capable of slicing through any encryption within minutes if not seconds. Okay, but can they do that on all communications throughout the US simultaneously? I mean, if they can do that, we really are screwed and these discussions are merely academic. We should then already resign ourselves to the fact that freedom is an illusion to facilitate production quotas being met, and that we are already plugged into the Matrix. The question then becomes, what do you do about it? Interestingly, even talking about that could be construed as treason.
If we assume that they don't have those abilities yet, then layering encryption on all of our communications could provide some measure of protection. We could take that further and provide anonymity to those communications as well. Freenet nodes, TOR, etc.
So technological measures do exist to thwart such ambitions, and are already implemented at various different levels. Any corporation could take advantage of it and claim, "I only host the encrypted content, I cannot hand it to you decrypted. Talk to the user". For myself, as a corporation, I REALLY like that. I can guarantee privacy for all my customers by moving all of the responsibility to them. Does not work for all types of businesses and business models, but will work for any corporation that has to host data, that only the user should have access too. I know that I have been approaching this with my "corporate" hat on. How do this affect my ability to do business? What I worry about is, how the government will react to this and what laws they will pass to deal with encrypted communications. Key Escrow is the single most stupid, and transparently corrupt, initiatives to "attack" encryption EVER. It is neither secure, nor private. The day they attempt to force me in to installing, and maintaining Key Escrow policies between my clients and my company, is the day I start having those "Rebel Scum" meeting
One word: Terrorism.
... until you have to implement it into software. Then any little tiny defect will be exploited against you.
Or, the (government's perceived) common good outweighs your individual right to privacy.
If terrorism gets worse, (i.e. 1 or 2 major attacks on U.S. soil), you can be almost guaranteed that government-sanctioned privacy will have been an interesting theory circa 1990-2015, that was trampled by a need to catch the Bad Guys. In other countries, it may take longer, depending on the level of fear in their media, prior exposure, tolerance of terrorism, and U.S. bullying to fall in line.
I don't think they'll go so far as to outlaw encryption (that would hamper eCommerce too much), but there may be a technology arms race so private citizens can protect themselves. This is already happening to some extent, if you follow the progress of the crypto/security community. Crypto is wonderful
And I bet there will be watchdogs set up to ensure "appropriate uses" of these powers, though they probably won't have many teeth, especially considering popular support will likely be *in favour* of it in times of fear.
-Stu
...that terrorism works, at times.
On the other hand, privacy may just evolve from being "government-supported" into "lassez-faire", where privacy technologies & hacking techniques become a massive consumer market -- way larger than it is now. Vernor Vinge's Rainbow's End is coming to mind.....
"Your hack was noticed. Back when I was young, you could have got a patent off it. Nowadays--"
"Nowadays, it should be worth a decent grade in a high-school class."
-Stu
That's a very cool plug-in! Hopefully this idea becomes more wide-spread.
Socialism: a lie told by totalitarians and believed by fools.
True that. Sadly enough it's hard enough to get specific answers on what the Presidential candidates' stances are on the subject, much less all the representatives.
You're not going to get the chance to get an answer to this question, so you have to go with the candidate that would bristle at the very notion of a Federal Government engaging in this kind of activity. When actions are derived from principles it's easier to get a read on these kinds of situations.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
They have to be able to follow and investigate agents of foreign countries without the surveillance being discovered.
Yea, like Martin Luther King was a spy. Fact is is the FBI has targeted US citizens for peacefully demonstrating and protesting.
FalconShould there be a Law?
Templar. I thought Val Kilmer was better than Roger Moore.
FalconShould there be a Law?
Actually, the grandparent was implicitly making the very reasonable point that we often see in this forum stories about how the United States government is screwing us over in some way, which upon further inspection turn out to be much ado about nothing.
Like when the government forcibly sterilized Native American Indian women? Or when the military conducted medical experiments on black airmen, giving them syphilis?
FalconShould there be a Law?
Afterall, it's not torture. And everyone breaks, usually in well under a minute.
However I can just go ahead and breath in the water to drawn myself.
However it is torture despite the games the Bush admin wants to play. Even so I love swimming and can hold my breath under water for more than a minute. The only sports team I was on in high school was the swim and dive team and I could swim further under water than most on the team. Of course it didn't directly help me as there was no competition in distance swimming underwater.
FalconShould there be a Law?
Back in the Thirties and Forties George Sanders played both "The Saint" and "The Falcon" in movies.
Thanks, I didn't know.
FalconShould there be a Law?