EFF Warns That Email Privacy Is In Jeopardy

← Back to Stories (view on slashdot.org)

EFF Warns That Email Privacy Is In Jeopardy

Posted by Soulskill on Saturday August 9, 2008 @12:15AM from the read-comprehend-legislate dept.

MojoKid writes with this excerpt from HotHardware: "According to the Electronic Frontier Foundation (EFF), a dangerous legal precedent has just been set that can potentially unravel existing federal privacy protections for e-mail and Internet usage. The alert from the EFF is not just to sound a general warning, but it also takes the form of an Amicus curiae (friend of the court) brief, filed with the federal 9th US Circuit Court of Appeals, asking for the court's legal finding to be overturned... The findings of this case could become the foundation of a legal precedent upon which other similar cases can subsequently be based. If that were to be the case, then the unauthorized retrieving of e-mails from an e-mail server would not be considered a violation of the federal Wiretap Act, which will then open the door for government-sponsored snooping."

152 comments

Min score:

Reason:

Sort:

Privacy? by clang_jangle · 2008-08-09 00:17 · Score: 5, Informative

Not to be flippant, but does anyone really believe there is any privacy anymore with simple, unencrypted email? Don't get me wrong, I'm glad the EFF is on the case. But it does seem to me that any expectation of privacy in any communication medium here in the USA went out the window with the news of the NSA telco backdoors. Our government is obsessed with spying on everyone, and they have demonstrated quite thoroughly they don't care about the rules at all.

--
Caveat Utilitor
1. Re:Privacy? by BitterOldGUy · 2008-08-09 00:21 · Score: 4, Insightful
  
  I've NEVER considered email to have been private: encrypted or not.
2. Re:Privacy? by mazarin5 · 2008-08-09 00:23 · Score: 4, Insightful
  
  Of course we should take technical precautions, but that doesn't mean we shouldn't stop this through legal action either. It seems like a Sisyphean task at this point, but we have to hold firm to our principles nonetheless.
  
  --
  Fnord.
3. Re:Privacy? by enrevanche · 2008-08-09 00:39 · Score: 5, Interesting
  
  By not expecting email to be private means that your email provider is allowed to do anything it wants with the information. It means that the government or anyone who wishes to pay for it should be allowed to have it.
  Being "not technically secure" is not the same thing as "not private".
4. Re:Privacy? by spykemail · 2008-08-09 01:05 · Score: 3, Insightful
  
  The idea that any communication involving telecommunication companies in the US is private is quite laughable, however, if there's even going to be the slightest chance of restoring or at least slowing down the rate of erosion of the right to a reasonable expectation of privacy every battle must be fought and thank the matrix we've got the EFF to do it.
  Personally I'd sign up for the government spy net - after all, the government doesn't listen to my complaints - if they read everything I write maybe something will sink in.
  
  --
  Haiku for you!
5. Re:Privacy? by BorgDrone · 2008-08-09 01:10 · Score: 5, Interesting
  
  By not expecting email to be private means that your email provider is allowed to do anything it wants with the information.
  I'm a bit divided about this subject. On the one hand I think that you should be able to expect some privacy in your email conversations. On the other hand I think you're kind of naive to let the privacy of a mail conversation depend solely on the willingness of others to not look at it.
  The government, not just the US but any government, cannot be trusted, simply because they're just a bunch of people. The only way to have a reasonable expectancy of privacy is to enforce it yourself by using insane amounts of encryption. e.g. encrypt a message in AES, 3DES, 32768 bit RSA, and ROT13 for good measure, then stenographically encode the message in a photograph. etc. etc.
  Laws guaranteeing privacy in email are great, but they don't actually give you 100% certainty that your email will be private.
6. Re:Privacy? by the_raptor · 2008-08-09 01:27 · Score: 4, Informative
  
  Exactly. How is unencrypted email different to a postcard? Every server along the path has full access (and probably stores a copy for hours to days) to the contents along with the routing information. Due to addressing problems I was receiving CC orders and other confidential emails for some mail order company, for about two months. I had to respond to every one and tell them not to be so stupid.
  The problem is that so few people are set up to read encrypted email, that it isn't useful in day to day work.
  
  --
  
  ========
  CINC, 4th Penguin Legion
7. Re:Privacy? by awrowe · 2008-08-09 01:32 · Score: 1, Insightful
  
  The government, not just the US but any government, cannot be trusted, simply because they're just a bunch of people with an agenda.
  Fixed that for ya.
  
  --
  A.I. Research. The peculiar science in which we know the question and we know the answer, but can't show the working
8. Re:Privacy? by Thiez · 2008-08-09 01:37 · Score: 3, Insightful
  
  Don't all people except for those in a coma have an agenda? Doesn't that make your 'fix' about as informative as saying that water is wet?
9. Re:Privacy? by Anonymous Coward · 2008-08-09 01:45 · Score: 4, Funny
  
  I've been in a coma and had an agenda you insensitive clod.
10. Re:Privacy? by BitterOldGUy · 2008-08-09 01:47 · Score: 4, Insightful
  
  If I want communication to be private I snail mail, fax, or phone on landline.
  Even if the ISP or whomever cannot share or pry into email for whatever reason, what's to prevent someone from accidentally hitting "reply all" or copying their entire address book and sending it out to the world? That's what I meant by my original statement. It's not so much folks prying, it's "accidents" that I'm worried about.
11. Re:Privacy? by ccady · 2008-08-09 01:55 · Score: 3, Insightful
  
  I think you are mistaking the "expectation that you do have privacy" with the "the expectation that you should have privacy."
  To me, the "expectation of privacy" says that I am supposed to have privacy, not that I have it.
  
  --
  J'aime mieux les méchants que les imbéciles, parce qu'ils se reposent. -- Alexandre Dumas
12. Re:Privacy? by pxlmusic · 2008-08-09 02:15 · Score: 1
  
  it's sad that i'm completely unsurprised by this.
  
  --
  "If for any reason you're not satisfied with our service, I hate you."
13. Re:Privacy? by MrNaz · 2008-08-09 02:26 · Score: 1
  
  There's no need to encrypt it that far. A single pass with AES256 should be sufficient. There is no reason to believe that there is any organization on Earth (the NSA included) that can break AES.
  If you're willing to go to the "insane" methods you talk about, then you're in the sort of inconvenience level where using one time pads would be worthwhile. You can transfer around gigabytes of OTP material relatively easily and securely these days. I mean you can hide one of those 4gb Micro SD cards just about anywhere, resistant even to a strip search. I mean, who's going to check the inside of your pee hole?
  
  --
  I hate printers.
14. Re:Privacy? by ScrewMaster · 2008-08-09 02:39 · Score: 5, Insightful
  
  How is unencrypted email different to a postcard?
  
  Look, the fact that postcards and most emails are sent in plaintext isn't what this is about.
  
  So far as I'm aware, the United States Post Office doesn't scan, OCR, and store the contents of every postcard that goes through its facilities. If they did, and then made that information available to the government or anyone else that wanted it, you would have a point. In other words, unencrypted does not mean "indexed, cross-indexed and searchable."
  
  --
  The higher the technology, the sharper that two-edged sword.
15. Re:Privacy? by cayenne8 · 2008-08-09 02:41 · Score: 1, Flamebait
  
  "I mean you can hide one of those 4gb Micro SD cards just about anywhere, resistant even to a strip search. I mean, who's going to check the inside of your pee hole?"
  Not to worry citizen, the govt. in all its wisdom and foresight, has thought of this eventuallity, and is currently working on different methods....some are a bit more painful than others, but, you needn't worry about that.
  Of course, they will use the proper method based on the situation.
  EOM
  
  --
  Light travels faster than sound. This is why some people appear bright until you hear them speak.........
16. Re:Privacy? by AngryLlama · 2008-08-09 02:46 · Score: 1
  
  You have a card reader in your urethra? I want! (The reader, not your urethra.)
17. Re:Privacy? by nurb432 · 2008-08-09 03:06 · Score: 2, Insightful
  
  While i agree, they do, they still shouldn't be reading it, even if its in open text, without a warrant.
  You should be able to expect a certain level of privacy.
  Its not just our government btw ( and its debatable if the government is 'ours' anymore anyway.. )
  
  --
  ---- Booth was a patriot ----
18. Re:Privacy? by nurb432 · 2008-08-09 03:07 · Score: 1
  
  Well you should, as it is a reasonable expectation.
  True, it turned out not to be, but it should have been.
  
  --
  ---- Booth was a patriot ----
19. Re:Privacy? by TubeSteak · 2008-08-09 03:07 · Score: 3, Informative
  
  How is unencrypted email different to a postcard?
  
  Differing expectations of privacy.
  An intermediate mail server is not a postal worker.
  Perhaps most importantly:
  Different laws regarding e-mail and postcards.
  
  --
  [Fuck Beta]
  o0t!
20. Re:Privacy? by syntek · 2008-08-09 03:08 · Score: 1
  
  Ha! That would be nice. Unfortunately they are only looking for interesting information they can use to build a case against you. They could care less about your opinion since most in the US are to scared of the government to do what is ours by decree of the Bill of Rights(The Right to Petition [ http://en.wikipedia.org/wiki/Freedom_to_petition ]) although there is this fun little law they added in there. ( http://www4.law.cornell.edu/uscode/18/usc_sec_18_00002385----000-.html [which basically says we can't without consequences])
21. Re:Privacy? by nurb432 · 2008-08-09 03:09 · Score: 1
  
  Its quite a bit different, and besides the PO isn't supposed to be reading your post card's content anyway.
  Besides, this isn't about plain text/or encryption, its about the government getting their hands on your data to use how they please, whenever they feel like it.
  
  --
  ---- Booth was a patriot ----
22. Re:Privacy? by L4t3r4lu5 · 2008-08-09 03:54 · Score: 1
  
  I bet you had a great deal more difficulty fulfilling your agenda than the current US leaders have, though.
  
  --
  Finally had enough. Come see us over at https://soylentnews.org/
23. Re:Privacy? by L4t3r4lu5 · 2008-08-09 03:55 · Score: 1
  
  From now on, every border agent in the US.
  
  Thanks.
  
  --
  Finally had enough. Come see us over at https://soylentnews.org/
24. Re:Privacy? by orasio · 2008-08-09 04:02 · Score: 1
  
  I don't understand that.
  What is so wrong about having an agenda?
  Having a hidden agenda _might_ be a bad thing, in a perfectly free society.
  I think modern people despite so much politicians that they even renounce to their duty to be political themselves. People are supposed to have political ideas. It's a good thing, not a bad thing.
  When people do not have and agenda, they lack depth in their political decisions, and only think day to day stuff, what doesn't seem wise to me.
25. Re:Privacy? by syntek · 2008-08-09 04:14 · Score: 1
  
  That reminds me of the www.donotreply.com thing. Which oddly enough, I can't get to today.
26. Re:Privacy? by Anonymous Coward · 2008-08-09 04:44 · Score: 0
  
  Email is more like a letter in an envelope that one can easily read by holding up to the light than a postcard. Postcards can be read by accident; emails can't.
27. Re:Privacy? by Leiterfluid · 2008-08-09 04:48 · Score: 1
  
  Not just ocean water, but all water is wet.
28. Re:Privacy? by Beale · 2008-08-09 08:17 · Score: 1
  
  Of course, this is exactly what you'd say if you were a member of the NSA, and the NSA had broken AES...
29. Re:Privacy? by mrogers · 2008-08-09 08:19 · Score: 1
  
  The only way to have a reasonable expectancy of privacy is to enforce it yourself by using insane amounts of encryption.
  Having a reasonable expectation of privacy doesn't mean it's reasonable to expect that nobody will invade your privacy, it means it's reasonable to expect that nobody should. 'Expectation' in this context doesn't mean 'prediction', it means something closer to 'entitlement'. A reasonable expectation is one that most people would recognise, not one that nobody can violate.
30. Re:Privacy? by CBravo · 2008-08-09 08:57 · Score: 1
  
  Not just ocean water, but all liquid water is wet.
  There, fixed that for you.
  
  --
  nosig today
31. Re:Privacy? by dbcad7 · 2008-08-09 09:00 · Score: 1
  
  Actually email is more similar to mail than a postcard in that you do have to open it. Of course there is no way to tell if an email has been opened by someone else.
  I am on the side that knows it's not secure, but it is a matter of professional ethics that you should expect that it is private.. Just as you should expect that people in the medical profession will protect your privacy.. Sure anyone in the hospital can find out what's wrong with you, but would you expect the janitor to be fired for looking at your records ?.. Would you expect someone visiting the hospital to be arrested for going through records ? .. Would you expect the police to be able to look at your records without a warrant ?
  
  --
  waiting for ad.doubleclick.net
32. Re:Privacy? by cjb658 · 2008-08-09 09:48 · Score: 1
  
  If I want communication to be private I snail mail, fax, or phone on landline.
  Even if the ISP or whomever cannot share or pry into email for whatever reason, what's to prevent someone from accidentally hitting "reply all" or copying their entire address book and sending it out to the world? That's what I meant by my original statement. It's not so much folks prying, it's "accidents" that I'm worried about.
  Don't you know about warrantless wiretapping?
  You must be new here.
33. Re:Privacy? by Anonymous Coward · 2008-08-09 11:38 · Score: 0
  
  If I want communication to be private I snail mail, fax, or phone on landline.
  In the USA...
  Postal inspectors can open your mail.
  The Feds pressured the telcos to put in backdoors for NSA benefit (a government security/intelligence agency).
  So still no absolute privacy.
  Only face to face meetings in a surveillance-proof setting is guaranteed private like out in the middle of the desert or off at sea with no other ships seen as far out as the horizon.
34. Re:Privacy? by Dan541 · 2008-08-09 12:10 · Score: 1
  
  I hope your not a sys admin.
  
  --
  An SQL query goes to a bar, walks up to a table and asks, "Mind if I join you?"
35. Re:Privacy? by Dan541 · 2008-08-09 12:18 · Score: 1
  
  Exactly. How is unencrypted email different to a postcard?
  The only similarity between the two is they are both sent in plain text.
  Email is private, reading someones email is the same as opening their snail mail.
  Do you consider it ok to read someone else's postcard, or how about that letter sitting on your co workers desk?
  
  --
  An SQL query goes to a bar, walks up to a table and asks, "Mind if I join you?"
36. Re:Privacy? by ChangelingJane · 2008-08-09 12:29 · Score: 1
  
  Really? Congress seems to be in a coma these days. Or the members could all go into one and nobody'd notice.
37. Re:Privacy? by radu5er · 2008-08-09 15:31 · Score: 1
  
  So large amounts of data might be transported by, oh say someone like Johnny (Holmes) Mnemonic?
38. Re:Privacy? by Anonymous Coward · 2008-08-09 15:52 · Score: 0
  
  Just for a moment think of snail mail. Clearly my Telephone company is not going to send me an encrypted hard copy of my monthly statement. The envelope is only *secured* with a small amount of spit and glue. Am I ignorant for expecting the letter carrier to respect my privacy and not open it and see who I have been talking to? Do I have a reasonable "expectation of privacy" on my clear text and unsecured printed mail? If I do then it should extend to email IMHO.
39. Re:Privacy? by ps2os2 · 2008-08-09 16:33 · Score: 1
  
  What would be fun is if *EVERYONE* used encryption. The government would be buying so many CPU's to try and decode everyone's email. We would have a chance of breaking the governments will to try and do so.
40. Re:Privacy? by Velex · 2008-08-09 20:05 · Score: 1
  
  The problem is that so few people are set up to read encrypted email, that it isn't useful in day to day work.
  Wrong. Anyone who uses Microsoft Outlook or Mozilla Thunderbird is more than set up to read encrypted email. Personally I use Claws Mail, but using something that's not made by an über-corp certainly isn't a step people need to take.
  If you want to give up your personal information, you can go to Thawte and start sending signed emails right away, which will enable anyone with Outlook or Thunderbird to begin encrypting emails to you. Some people may find cacert an option, but all-in-all if I needed to ask my friends to install a CA, I figured I'd just roll my own.
  You might find these commands handy if you were so-inclined to set up your own personal CA for friends and family to whom you can give the CA in person (and to whom you're probably communicating personal information you want to keep private):
  Generate a self-signed CA: openssl req -x509 -newkey rsa:2048 -days 3650 -keyout ca.key -out ca.crt Generate a key: openssl genrsa -out client.key 2048 Generate a CSR: openssl req -new -key client.key -out client.csr Generate a certificate from the CSR with the CA: openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial \ -days 3650 -out client.crt Generate a PKCS12 key from the key and certificate: openssl pkcs12 -export -in client.crt -inkey client.key -certfile ca.crt \ -name "client" -out client.p12
  While it's too bad that PGP didn't catch on at all (no money in it for big CAs I guess), it's not correct to say that most people are not set up to read encrypted email. Your point about unencrypted email being a postcard is absolutely correct, though. It's a shame, however, that people think that encryption is difficult. It's not difficult; it's just that ISPs don't install a personal key and turn on encryption for you when they set up your hardware.
  (Personally, I wouldn't want to use a 3rd-party issued key anyway.)
  
  --
  Join the Slashcott! Stay away entirely Feb 10 thru Feb 17! Close all tabs to prevent autorefresh!
41. Re:Privacy? by Anonymous Coward · 2008-08-09 22:29 · Score: 0
  
  Exactly. How is unencrypted email different to a postcard?
  The correct question would be "how is unencrypted email different to an unencrypted letter?", actually. Cases in point:
  1) Both can be easily read by anyone with even a little bit of determination.
  2) Nevertheless, in both cases, you still actually need to take some sort of action to do so: unlike a postcard, which a postal worker just might glance at because it's in his view and he *can't help it*, in order to read a letter or an email, you actually have to take active steps in order to do so.
  This is what the expectation of privacy is about, too: not the fact that it is *impossible* to read something, but rather the fact that in order to do so, you have to take active steps and *do something* - that it can't happen just randomly, by coincidence.
  Put another way, does the fact that someone might smash or cut the windows in my place mean I can't expect to not be burglarised? I'd contend it's about as trivial for the government to enter my place (even if the door's locked) and search it as it is for them to read my email, but that doesn't mean I can't rightfully expect them to do neither.
42. Re:Privacy? by drinkypoo · 2008-08-10 04:17 · Score: 1
  
  I mean, who's going to check the inside of your pee hole?
  Mine? Nobody. But since you posted this comment on an open forum, you'd better be careful the next time you make an international flight.
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
43. Re:Privacy? by drinkypoo · 2008-08-10 04:18 · Score: 1
  
  So far as I'm aware, the United States Post Office doesn't scan, OCR, and store the contents of every postcard that goes through its facilities.
  They scan, OCR, and store the to and from address of every piece of mail that goes through their facilities.
  Is it that much of a stretch to assume that they would do the same with a postcard?
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
44. Re:Privacy? by RockDoctor · 2008-08-10 05:53 · Score: 1
  
  But it does seem to me that any expectation of privacy in any communication medium here in the USA went out the window with the news of the NSA telco backdoors.
  
  That begs the question, and not just for the USA or relating to NSA backdoors (is that the funny all-body underpants you see in Klondiker comedys?), just when, and why, did "any expectation of privacy" come in the window? Particularly in respect of any electronic communications?
  
  --
  Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"
45. Re:Privacy? by Jaazaniah · 2008-08-10 13:18 · Score: 1
  
  I'm sure there's techniques out there to run envelopes through a bright scanner and reconstruct contents by dividing relative optacity into different layers and OCR'ing it. Besides that, do you really think it would be beyond the CIA or FBI to order reading of outgoing mail to X recipient? And as for your other two suggestions, those are just wiretaps like the government has been doing all this time anyways. Even this, you think this content didn't go through an NSA computer? the edges are closing in with this EFF alert, and soon the only 'secret' will be how much social engineering happens based on what goes through all your smart devices.
  
  Yet...No one will ever do actually anything about it. Even those that continually break the rules are just pointed to and accused, but slip away anyways. Any history buff on here care to mention what happens when that's observed over long periods?
46. Re:Privacy? by Sloppy · 2008-08-11 04:26 · Score: 1
  
  With warrantless taps and the decision by Congress that civil liability for such taps cannot be pursued in court, hasn't the statement
  
  it's reasonable to expect that nobody should. 'Expectation' in this context doesn't mean 'prediction', it means something closer to 'entitlement'.
  been invalidated?
  Maybe you can say that since it was done by a lame duck Congress+President just a few months before elections, then it's not a real national policy despite now being the law. Fine, we'll defer judgment until after the November elections. I sadly predict, though, that society will overwhelmingly confirm that Republicans and Democrats should remain in power in Congress and the white house, and repealing the FISA amendment will not be on next years' Congress' agenda.
  Unencrypted communications are not merely technically vulnerable. We have a policy of them being vulnerable, too.
  
  --
  As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
47. Re:Privacy? by mrogers · 2008-08-11 07:06 · Score: 1
  
  No, the statement hasn't been invalidated - no circumstance can invalidate it, because it's a statement about what should happen, not what can happen. We still have a moral right to privacy even if our legal right to privacy is not being upheld by the courts. That's why I drew the distinctions between expectation-as-prediction and expectation-as-entitlement: if you don't distinguish between what can happen and what should happen, any right can be "proved not to exist" just by violating it.
48. Re:Privacy? by HTH+NE1 · 2008-08-12 07:31 · Score: 1
  
  Only face to face meetings in a surveillance-proof setting is guaranteed private like out in the middle of the desert or off at sea with no other ships seen as far out as the horizon.
  You do know surveillance satellites don't always point straight down and can be pointed at the limb of the Earth just as easily to get nearly horizontal views, right?
  That reminds me: has anyone transcribed the HAL-lip-reading scene in 2001?
  
  --
  Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
49. Re:Privacy? by HTH+NE1 · 2008-08-12 07:34 · Score: 1
  
  And didn't they make sealing envelopes with tamper-evident wax illegal in the late '70s or early '80s?
  
  --
  Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
50. Re:Privacy? by Anonymous Coward · 2008-08-13 08:20 · Score: 0
  
  I bet you had a great deal more difficulty fulfilling your agenda than the current US leaders have, though.
  Not if his agenda was to wake up.
An analogy by Daimanta · 2008-08-09 00:21 · Score: 5, Insightful

Even if breaking in houses is illegal, I still have a lock on my door. Why? Because some people don't care about the law.
Even if snooping on e-mail is illegal, you still need to encrypt your mails. Why? Because some governments don't care about the law.

--
Knowledge is power. Knowledge shared is power lost.
1. Re:An analogy by rustalot42684 · 2008-08-09 00:36 · Score: 3, Interesting
  The problem, for me, at any rate, is twofold:
  
  People with whom I communicate mostly use web-based clients like the GMail client, the Hotmail client, or some university's email site, all of which don't support encryption in an easy-to-use way. Also, at the moment (for several reasons) I happen to be using one of those clients.
  Most of the same people don't see why encrypting their emails is neccessary in light of the previous point. Given that it takes a great deal of work do do it, why bother?
  Whether I'd like to use encryption or not is irrelevant if those with whom I am communicating do not.
  
  <sarcasm>
  
  Why? Because some governments don't care about the law.
  Well, I'm sure you could write them a nice letter asking them if they are illegally syping on you to find out. I see no reason why you wouldn't get an honest answer....
  
  </sarcasm>
2. Re:An analogy by megaditto · 2008-08-09 00:39 · Score: 3, Informative
  
  If you think your padlock is keeping the Government away (the guys with aircraft carriers and nukes), you must be crazy.
  US Government very much cares about the laws since that's about the ONLY thing that can stop them from doing to you what they do to everybody else. For example, the CIA torture manual advises you to always check the local laws first: http://en.wikipedia.org/wiki/The_Torture_Manuals#CIA_manuals
  
  --
  Obama likes poor people so much, he wants to make more of them.
3. Re:An analogy by seyyah · 2008-08-09 00:59 · Score: 1
  
  The conversation so far ...
  
  Daimanta:
  
  Even if breaking in houses is illegal, I still have a lock on my door. Why? Because some people don't care about the law. Even if snooping on e-mail is illegal, you still need to encrypt your mails. Why? Because some governments don't care about the law.
  megaditto:
  
  If you think your padlock is keeping the Government away (the guys with aircraft carriers and nukes), you must be crazy.
  The key, megaditto, is in the word "analogy". No one is trying to stop aircraft carriers with padlocks. (Or maybe padlock was your analogy for encryption and nukes, an analogy for decryption?)
4. Re:An analogy by Firehed · 2008-08-09 01:41 · Score: 4, Informative
  
  Regardless, it's not a very good analogy. It takes considerably more than the technological equivalent of a hacksaw to break a solid encryption scheme.
  
  --
  How are sites slashdotted when nobody reads TFAs?
5. Re:An analogy by Anonymous Coward · 2008-08-09 02:38 · Score: 0
  
  A car battery hooked up to one's genitals will break a solid encryption scheme.
  That's all it took for the US-trained death squads in El Salvador where the Constitution didn't apply. Without rights, your encryption means jack.
6. Re:An analogy by Daimanta · 2008-08-09 02:42 · Score: 1
  
  Gah, it's an analogy. Burglars will probably break a window, ignoring the lock on your door. Governments will probably try to read the e-mails at the endpoints, that is when they are stored on your or the reciever's pc. Analogies are not supposed to be 1:1 correct, that's why they are analogies.
  
  --
  Knowledge is power. Knowledge shared is power lost.
7. Re:An analogy by ScrewMaster · 2008-08-09 02:42 · Score: 1
  
  All right. How about an industrial cutting laser?
  
  --
  The higher the technology, the sharper that two-edged sword.
8. Re:An analogy by qwertysledge · 2008-08-09 03:32 · Score: 1
  
  The obvious analogy: Wouldn't you consider a hacksaw as taking some measure of brute force?
  
  --
  "There is a fine line between fishing and just standing on the shore like an idiot." -- Steven Wright
9. Re:An analogy by Anonymous Coward · 2008-08-09 03:42 · Score: 0
  
  All right. How about an industrial cutting laser?
  "Do you expect to me to tell you my passphrase?"
  "No, Mr. Godwin, I expect you to die!"
10. Re:An analogy by Anonymous Coward · 2008-08-09 04:42 · Score: 0
  
  I wouldn't say that. A hacksaw applied to the appropriate part of your anatomy would tend to reveal your encryption keys about as quickly as one might saw through a padlock.
  Actually, probably much faster.
11. Re:An analogy by Anonymous Coward · 2008-08-09 05:08 · Score: 0
  
  That's a great point you make. Now, will you please tell this AC how confident you are you're using a solid encryption scheme? For two years people were using Debian's openSSH client -- and I have yet to find a decent review of exactly how deep their flawed PRNG implementation went-- although I have found working exploit code that will take an old SSH session and decrypt it...
  Are you absolutely sure that the algorithm you're using has no bugs in it whatsoever? That your dev/urandom has a good entropy source? I'm not even confident that my via padlock hardware has a driver that's working without introducing bias...
12. Re:An analogy by Dan541 · 2008-08-09 14:16 · Score: 1
  
  I have a password on my email.
  Do you encrypt all paperwork inside your house?
  
  --
  An SQL query goes to a bar, walks up to a table and asks, "Mind if I join you?"
13. Re:An analogy by DMUTPeregrine · 2008-08-09 14:42 · Score: 1
  
  Encryption with GMail isn't hard. FireGPG extension. Or Enigmail+thunderbird. That said, gpg does need to be easier to use.
  
  --
  Not a sentence!
14. Re:An analogy by Anonymous Coward · 2008-08-09 20:12 · Score: 0
  
  Even if breaking in houses is illegal, I still have a lock on my door. Why? Because some people don't care about the law.
  Even if snooping on e-mail is illegal, you still need to encrypt your mails. Why? Because some governments don't care about the law.
  Even if I lock my door, breaking into my house is still illegal. Why? Because some people don't care about locks.
  Even if email is encrypted, snooping on e-mail should be illegal. Why? Because some governments don't care about encryption.
15. Re:An analogy by drinkypoo · 2008-08-10 04:20 · Score: 1
  
  FireGPG puts magic encryption buttons into Gmail's interface for you. It uses gpg to do the heavy lifting. I have used it, and it works. Since it uses gpg the signing key I created to sign debian packages showed right up in the list of keys and I was able to use it to send encrypted gmail. (you can also just sign of course.) You can use PortableApps' version of Firefox to carry it around with you. (Or a USB-bootable Linux.)
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Welcome to the New World Order by Anonymous Coward · 2008-08-09 00:22 · Score: 0

Thin end of the wedge error.
A)bort, R)etry or B)urst into Tears?
open the door for government-sponsored snooping by Anonymous Coward · 2008-08-09 00:26 · Score: 0

In the land of the free
IPSec, S/MIME, SSL, SSH, VPN, etc. by Anonymous Coward · 2008-08-09 00:27 · Score: 0

Encrypting the whole Internet wouldn't be a bad idea anyway (not just for the reasons presented here). Each user or at least each computer on the Internet should have a set of keys.
1. Re:IPSec, S/MIME, SSL, SSH, VPN, etc. by Lead+Butthead · 2008-08-09 03:52 · Score: 3, Insightful
  
  Encrypting the whole Internet wouldn't be a bad idea anyway (not just for the reasons presented here). Each user or at least each computer on the Internet should have a set of keys.
  You do realise that it's a matter of time before mandatory backdoor to all encrypted traffic is required by law.
  
  --
  ELOI, ELOI, LAMA SABACHTHANI!?
2. Re:IPSec, S/MIME, SSL, SSH, VPN, etc. by Dan541 · 2008-08-09 14:21 · Score: 1
  
  The point of security is to keep people out. Not make it easyer.
  
  --
  An SQL query goes to a bar, walks up to a table and asks, "Mind if I join you?"
Even worse by Anonymous Coward · 2008-08-09 00:36 · Score: 3, Interesting

IANAL, but as I understand it, this does not just apply to the government. Anyone can snoop without legal liability.
precedents not needed by fractic · 2008-08-09 00:37 · Score: 1

If this gets overturned it'll probably be written into law in a few months.
outlook encryption for POP3, SMTP, IMAP usage by Anonymous Coward · 2008-08-09 00:41 · Score: 0

we keep hearing this but can someone post a simple way to encrypt out emails for those of us using Microsoft Outlook to read and send mail over POP3, IMAP, and SMTP.
1. Re:outlook encryption for POP3, SMTP, IMAP usage by ettlz · 2008-08-09 00:57 · Score: 4, Informative
  
  Install Thunderbird, GnuPG and the EnigMail extension.
2. Re:outlook encryption for POP3, SMTP, IMAP usage by jeremyp · 2008-08-09 01:09 · Score: 1
  
  Outlook supports S/MIME.
  
  --
  All I want is a secure system where it's easy to do anything I want. Is that too much to ask ~~ Randall Munroe
3. Re:outlook encryption for POP3, SMTP, IMAP usage by Anonymous Coward · 2008-08-09 02:39 · Score: 0
  
  To bad no one I know that still uses the outdated email as a means of communication knows how to generate a encryption key let alone how to properly safeguard emails against snooping. I'm all for encryption, plausible deniability and OTR messaging but it's quite useless if no one I need to communicate with uses it.
4. Re:outlook encryption for POP3, SMTP, IMAP usage by Anonymous Coward · 2008-08-09 03:30 · Score: 1, Insightful
  
  Install Thunderbird, GnuPG and the EnigMail extension.
  And get everyone you correspond with to do that as well.
5. Re:outlook encryption for POP3, SMTP, IMAP usage by ettlz · 2008-08-09 03:54 · Score: 1
  
  Then it's time to start spreading the word.
6. Re:outlook encryption for POP3, SMTP, IMAP usage by devman · 2008-08-09 04:45 · Score: 1
  
  Outlook and just about every email client under the sun supports S/MIME. You can get an email certificate from Verisign or one of there competitiors for about $20 bucks for a year. ( there are a lot of CAs these days so choose the best price). The catch is both you and your recipient need certs to encrypt email, however only you need a cert to sign email and have it verified (your recipients email client will verify it for them). Alternatively there is PGP, which is less common and usually requires plug-ins. Thunderbird Enigmail is the most common one for windows if I'm not mistaken. PGP is free but has no third party verification so you need an out of channel way to do a key swap with your recipient who also needs his own PGP key.
7. Re:outlook encryption for POP3, SMTP, IMAP usage by Anonymous Coward · 2008-08-09 10:05 · Score: 0
  
  Or just use the built-in S/MIME support Thunderbird has. I hate that non-standard PGP/GPG shit. S/MIME is a world recognized standard and almost every mail client supports S/MIME right out of the box. Why use some kludge?
  Also with the S/MIME support in Thunderbird you get PKCS #11 support which opens up all kinds of possibilities like hardware crypto (smartcards, etc).
8. Re:outlook encryption for POP3, SMTP, IMAP usage by CronoCloud · 2008-08-09 16:57 · Score: 1
  
  http://en.wikipedia.org/wiki/GNU_Privacy_Guard
  
  GNU Privacy Guard (GnuPG or GPG) is a replacement for the PGP suite of cryptographic software. GnuPG is completely compliant with RFC 4880, which is the current IETF standards track specification of OpenPGP.
  GnuPG is also a world recognized standard. Proper mail clients should support it out of the box.
9. Re:outlook encryption for POP3, SMTP, IMAP usage by ettlz · 2008-08-10 00:07 · Score: 1
  
  GnuPG is also a world recognized standard. Proper mail clients should support it out of the box.
  Well said! The "trouble" is the PGP model completely decentralises and popularises certification — it's cryptographic anarchy, there is no authority but Number One, and control and responsibility is largely in my hands. I get the impression some people don't really like this idea. With S/MIME I have to trust the certificate authority to do a Proper Job. Heh, no thanks.
10. Re:outlook encryption for POP3, SMTP, IMAP usage by drinkypoo · 2008-08-10 04:21 · Score: 1
  
  There is such a thing as a trusted keyserver.
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
11. Re:outlook encryption for POP3, SMTP, IMAP usage by ettlz · 2008-08-10 04:29 · Score: 1
  
  There is such a thing as a trusted keyserver.
  Yes, it's called "mine".
12. Re:outlook encryption for POP3, SMTP, IMAP usage by Anonymous Coward · 2008-08-10 15:55 · Score: 0
  
  You can use a self-signed cert with S/MIME. It's no different than using the PGP kludge.
  And GnuPG is not a standard of any sort. If it is then show me the ISO spec... S/MIME actually is a standard.
Yet another reason... by FridayBob · 2008-08-09 00:44 · Score: 2

... to maintain your own mail server.
1. Re:Yet another reason... by mccalli · 2008-08-09 00:48 · Score: 5, Informative
  
  ... to maintain your own mail server.
  
  And how does maintaining your own email server help? Those outgoing mails are going to somewhere right? And the incoming ones arrived from somewhere? Then they're likely being transmitted in the plain somewhere along the line.
  
  Unless you encrypt the messages themselves, you're on your own. Having your own mailserver, which I do, simply doesn't help with this problem.
  
  Cheers,
  Ian
2. Re:Yet another reason... by cayenne8 · 2008-08-09 02:51 · Score: 2, Interesting
  
  "And how does maintaining your own email server help? Those outgoing mails are going to somewhere right? And the incoming ones arrived from somewhere? Then they're likely being transmitted in the plain somewhere along the line. "
  Well, you can also set your email coming to you and going out, to hop through several remailer servers, and a nym server .
  Sure you still have a hole on the receiver end if they don't encrypt, but, it sure can make it hard for the govt. to see where you're sending to...or receiving from. If you really want to make it hard...have the nym server send your messages, encrypted to a USENET group...you can retrieve it from there and no one will be able to really trace what you're doing.
  
  --
  Light travels faster than sound. This is why some people appear bright until you hear them speak.........
3. Re:Yet another reason... by FridayBob · 2008-08-09 03:04 · Score: 2, Informative
  
  True, running your own mailserver is only half of the solution, but as more people do the same it will become less likely that any 3rd party mail servers will be involved in your email exchanges. Many of my friends have ADSL connections and also run their own private mail servers. In these cases, my exchanges with them are also encrypted.
4. Re:Yet another reason... by Pitawg · 2008-08-09 03:11 · Score: 5, Insightful
  
  Grabbing a message from the stream is not that hard. Yes.
  Getting access to a pile of email that was sent over the course of days to years, I believe, is a much bigger issue. The stream takes good timing, access and preparation. Access to inbox or other folders of an entire email collection is scary. If the private sign leaves the stored email it will allow providers to do what they will with these email documents in the collections of users. Sending a message to a friend about a need for a product could turn into a barrage of ads for same or competing products. Storing old messages with idle threats with a buddy could turn into law suits. There could be corporate theft of ideas and more. How about getting fired from a job for idle discussions of other things you think about regarding other lines of work or even a competing company. Then there are the criminal cases that could be setup against you for some idle "what-if" messages with a child, friend, or co-worker. Information and insight about an individual could cause all kinds of difficulties in the wrong hands. If I wanted someone to be party to a conversation, I would have sent the message to that party when I wrote it.
  Email server ownership is a big help in these times. "Guilty until proven Innocent" is the opponent of privacy laws and practice. I do not have the time to waste proving every little aspect of my life was not a crime just because someone came into a conversation late, reading their own storyline into my existence. As it is now in consumer America, I have to open boxes at the checkout counter just to ensure the actual item purchased is in the box, and not just floor tiles. I also have to call phone and credit companies over charges that were added in error. Do I need to mention the corrections on food from a drive through, even after seeing the list in perfect order on the screen before getting to the window?
  Do not add to my itinerary, as it is full.
Just copyright your emails by moteyalpha · 2008-08-09 00:57 · Score: 4, Funny

Then let RIAA defend you, (ducks and covers ).
1. Re:Just copyright your emails by Anonymous Coward · 2008-08-09 04:22 · Score: 1, Informative
  
  Anything you write is automatically covered by the copyright laws.
2. Re:Just copyright your emails by Scroatzilla · 2008-08-09 13:23 · Score: 1
  
  I laughed when I first saw this post, but thats actually a really insightful point. My understanding of copyright law is that (at least in the US) the moment you create something original, you technically/legally own the copyright to it. If my understanding is correct, and each email were considered an original work, then the nature of this particular privacy problem is simple:
  The US government, by performing domestic spying (and technically ignoring their constitutional mandate not to perform domestic spying), is illegally downloading copyrighted material. Therefore, they owe damages to the authors under copyright law. Exceptions might be made for emails facilitating plausible plans for committing acts of terror, assuming they have at least obtained the proper permission from the Court to monitor a particular email author.
  If enforced, this would make it financially impossible for the US government to follow through on any strategy involving the assumption that if you monitor every single piece of email, you will find some sort of needle in a haystack.
I can't believe I'm saying this.... by Anonymous Coward · 2008-08-09 01:08 · Score: 0

We need more spam.
One way to prevent this from being a problem is increasing the volume of email, thereby decreasing the signal:noise ratio beyond what The Powers That Be can handle. To that end, we need research into better and harder-to-filter spam.
1. Re:I can't believe I'm saying this.... by mikael · 2008-08-09 01:13 · Score: 1
  
  Or better still, a plain-text to spam encryption/decryption plugin for our E-mail applications.
  
  --
  Vintage computer adverts: http://www.vintageadbrowser.com/computers-and-software-ads
2. Re:I can't believe I'm saying this.... by ScrewMaster · 2008-08-09 02:45 · Score: 1
  
  Or better still, a plain-text to spam encryption/decryption plugin for our E-mail applications.
  
  "Make ur pen!s bigger in seconds! Satisfy your gf! We have name-brand v!agka on sale cheap!"
  
  Would translate to:
  
  Would you mind stopping off at the store for a loaf of bread on the way home, dear?
  
  --
  The higher the technology, the sharper that two-edged sword.
3. Re:I can't believe I'm saying this.... by nitehawk214 · 2008-08-09 04:33 · Score: 1
  
  Someone already thought of this.
  I love the "fake pgp" option.
  Spam Mimic
  
  --
  I'm a good cook. I'm a fantastic eater. - Steven Brust
just encrypt it by speedtux · 2008-08-09 01:09 · Score: 1

Any E-mail that you don't want to be seen, you have to encrypt. Otherwise, you can be sure that it will be data mined, analyzed, and keyword spotted.
1. Re:just encrypt it by betterunixthanunix · 2008-08-09 01:30 · Score: 1
  
  Exactly. Furthermore, if you want to ensure that the encrypted email doesn't arouse suspicions, you should encrypt all your mail, regardless of how trivial or innocent it seems to be. Besides, you never know when something that seemed innocent could turn up later to bite you in the rear.
  
  --
  Palm trees and 8
2. Re:just encrypt it by Dan541 · 2008-08-09 14:31 · Score: 1
  
  I have never in all my time working with computers EVER seen an encrypted email. I have also cannot name a single corporation that uses encryption for email.
  Encrypted email just doesn't happen, when I can't even get people to use secure voice communications what chance do I have with email?
  I agree encryption needs to be more widely adopted even as a "Just in case" measure but the problem is getting people educated in its use.
  
  --
  An SQL query goes to a bar, walks up to a table and asks, "Mind if I join you?"
HIPAA says no privacy by m0s3m8n · 2008-08-09 01:10 · Score: 5, Interesting

Working in the health care field as an IT admin exposes me to lots of HIPAA crap. One thing you learn on day one is that EMAIL IS NOT SECURE. And if it is not secure then considered public. I have no expectation that email is private UNLESS IT IS SECURE. This is why emailing of patient data is forbidden. It would sure make life easier if it were.

--
Conservative, mod down for violating /. political norms.
1. Re:HIPAA says no privacy by Anonymous Coward · 2008-08-09 02:02 · Score: 0
  
  Nor are letters secure. They can be steamed open. That doesn't make reading other people's letters legal.
2. Re:HIPAA says no privacy by Anonymous Coward · 2008-08-09 02:31 · Score: 0
  
  I would respectfully disagree about HIPAA being crap.
  I work in health care as an IT admin, and the problem I have observed is that most management in heathcare (pharma) have a poor understanding HIPAA and CFR 21 Part 11 which exposes me to a lot of crap.
3. Re:HIPAA says no privacy by m0s3m8n · 2008-08-09 03:59 · Score: 2, Interesting
  
  Yes, I agree with you, but letters have a chain of custody (sort of). You can't sniff a letter in the mail carrier's bag. You can steal it and later return it after you have steamed it open, but you don't have to even "steam open" email.
  
  --
  Conservative, mod down for violating /. political norms.
4. Re:HIPAA says no privacy by whoever57 · 2008-08-09 06:08 · Score: 1
  
  Working in the health care field as an IT admin exposes me to lots of HIPAA crap. One thing you learn on day one is that EMAIL IS NOT SECURE. And if it is not secure then considered public.
  I think such generalizations are dangerous. If I send an email to one of my kids, it is sent over an SSL-encrypted link to a private machine. When My kids download it, they do so over an SSL-encrypted session. The email might also be sent onto Gmail. Again, to connection from my mailserver to Gmail is protected by SSL/TLS. Finally, reading emails on Gmail is normally done (by me at least) over an SSL-encrypted session. Why should I not expect these emails to be private?
  
  --
  The real "Libtards" are the Libertarians!
5. Re:HIPAA says no privacy by xous · 2008-08-09 20:24 · Score: 1
  
  Because GMail stores the messages (and indexes them) in clear-text and every the server that SENT the email to Gmail's server used plain SMTP. This means that the postmaster /could/ be reading your latest lecture about missing the toilet seat.
Unfortunately by Anonymous Coward · 2008-08-09 01:10 · Score: 0

Nobody uses encrpyted e-mail really outside internal e-mail systems. I can't just send my friend bob an e-mail using PGP and expect him to be able to decrypt it.
1. Re:Unfortunately by Anonymous Coward · 2008-08-09 01:45 · Score: 2, Funny
  
  Hi Alice,
  just tell Bob he's not getting any until he learns about encryption.
2. Re:Unfortunately by Anonymous Coward · 2008-08-10 04:59 · Score: 0
  
  I'm worried that if I do he will just get some from Eve.
  Alice.
Duh by Anonymous Coward · 2008-08-09 01:16 · Score: 0

Better idea: If you're worried about who might see it, DON'T send it via e-mail!
You got it by Anonymous Coward · 2008-08-09 01:17 · Score: 0

Croatian Bin Laden passwd CDC hackers colonel South Africa insurgency e-cash Bush Wired North Korea offensive information warfare Watergate Manfurov munitions keyhole Sundevil Nazi Cohiba USCOI KGB Israel New World Order asset TELINT AMEMB FSF NORAD crypto anarchy Zachawi
You don't have to spam, just make it your email sig.
What are the options? by HangingChad · 2008-08-09 01:19 · Score: 2, Interesting

You can use BetterMail for a secure connection to Gmail, but Google still has all your messages and they're unencrypted when they go out from there. In this case store and forward is not your friend.
You could use a simple encryption tool like this one. It's a little less difficult than a system that requires a key exchange but it's also less secure. And there's still a decryption process. Copy, paste, type pass phrase, read.
If there's something that's easy to implement and lets you exchange encrypted messages with other email clients that don't support your encryption scheme, then I don't know about it. Far as I know you have to make a decision to encrypt or not every time you send a message. When you're sending to a compatible client you can at least encrypt the body of the message, but as far as I'm aware, that's the state of the art.

--
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
1. Re:What are the options? by CronoCloud · 2008-08-09 16:59 · Score: 1
  
  Just use IMAP with Gmail, then you can use whatever encryption your mail client supports.
Economics by Wowsers · 2008-08-09 01:26 · Score: 0, Troll

So not only are businesses and tourists stopping going to the USA because of their over the top (and widely meaningless) security, now the US. wants to finish off their economy with people not doing trade altogether with the US. Smart thinking.

--
Take Nobody's Word For It.
1. Re:Economics by Dan541 · 2008-08-09 15:12 · Score: 1
  
  I totally agree its bullshit like this that makes me consider relocation of my servers to more friendly soil.
  
  --
  An SQL query goes to a bar, walks up to a table and asks, "Mind if I join you?"
Assert your rights by Anonymous Coward · 2008-08-09 02:01 · Score: 4, Insightful

I have discussed this issue with some friends who seem to believe that Obama will reverse the current warrantless surveillance practices. If history is to serve as a guide, it seems clear that he will not. I am convinced that contacting our legislators and voting for Democrats are two of the least effective means of protecting our rights. Indeed, the most effective way of protecting our rights is by asserting them. We as Americans have the responsibility of actively protecting our rights, rather than depending on the ineptitude and conflicted interests of our elected officials. This is why I propose not only opportunistic encryption, but also what I call gratuitous encryption. This means the ubiquitous use and advocacy of PGP, SSH, SSL, VPNs, tor, full disk encryption, and every other tool we have at our disposal.
Check out this page for ways to assert your rights.
Problem with the government? by Anonymous Coward · 2008-08-09 02:02 · Score: 0

So is not the solution to substantially change the government?
1. Re:Problem with the government? by Anonymous Coward · 2008-08-09 03:31 · Score: 0
  
  No: everyone who gives relationship advice always says don't try to change someone else: change yourself. So if you have a problem with the government, maybe you need to look at why you are so socially maladjusted. :)
2. Re:Problem with the government? by Ghubi · 2008-08-09 05:10 · Score: 1
  
  "The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefor all progress depends on the unreasonable man" - George Bernard Shaw
3. Re:Problem with the government? by Klaus_1250 · 2008-08-09 07:07 · Score: 1
  
  So if you have a problem with the government, maybe you need to look at why you are so socially maladjusted.
  If the majority of the people chooses a government, which forces people to adjust to its rules, needs and whishes, you could call it a democracy but you couldn't call a free society. I'd rather be free and maladjusted than be a sheep with no principles and opinions of its own.
  
  --
  It only takes one man to change the Wisdom of the Crowd to Tyranny of the Masses.
4. Re:Problem with the government? by Anonymous Coward · 2008-08-09 09:43 · Score: 0
  
  You mean like this?
  http://www.metagovernment.org/wiki/Representative_democracy
5. Re:Problem with the government? by Anonymous Coward · 2008-08-09 11:22 · Score: 0
  
  Then what would we have to bitch about?
Thunderbid? by Poorcku · 2008-08-09 02:42 · Score: 1

Why does Thunderbid not implement encryption from the start I will never understand. A license problem it ain't. They are perpetuating a status quo that is unacceptable.

--
I take my children to see Madonna(..), but I never for once ever thought I was in the same business.Chris Rea.
1. Re:Thunderbid? by Anonymous Coward · 2008-08-10 16:02 · Score: 0
  
  Uh, S/MIME? It's built into Thunderbird.
not a violation of the wiretap law by Anonymous Coward · 2008-08-09 02:52 · Score: 0

An employee of a firm stole a company property and sold it. Maybe there is a case that it was an evidence obtained through illegal means and therefire inadmissible in court.
compare it to snail mail by houghi · 2008-08-09 02:55 · Score: 1

You have postcards and letters in envelopes.
Unencrypted email is like a postcard. Encryped is like letters in envelopes. So why are people surprised if everybody read their postcards? Encrypting just takes out the content. It does not take out who the sender or reciever is however. And that can be used to extra investigation.
I am sure that when they find out I am mailing to and from Bin Laden, they will be looking closer. If I am however mailing with my lover and I am married, that would be something I might not want to be made public even if that in itself might not be illegal.
Now they go to the ISP to demand that data (normaly with a court order, but there are exceptions, like the USofA). This would mean they won't need a courtorder for that and can nicely lay out connections and networks and gather even more information then you want anybody to have.

--
Don't fight for your country, if your country does not fight for you.
1. Re:compare it to snail mail by Dan541 · 2008-08-09 15:19 · Score: 1
  
  A postcard is like an "ATTN: [username]" post on usenet.
  A Letter is like an email.
  An encoded letter is like an encrypted email.
  
  --
  An SQL query goes to a bar, walks up to a table and asks, "Mind if I join you?"
What goes around ... by Anonymous Coward · 2008-08-09 03:35 · Score: 5, Interesting

Time to revive the good 'ole FIDO mail system and BBS technology. This is not such a bad thing though as it is NOT the internet - it's the phone lines. Hmm .... Oh well, so much for freedom. It was nice while it existed.
Still, one can PGP that style of mail easily and it is by today's standards pretty secure in it's travels to and from. The phone company is involved though so look out. Short of floating our own satellites and running the entire thing end to end, there is NO WAY ANYTHING WE DO from this point on is beyond scrutiny or observation, "we" being those that still believe in the Constitution, Bill Of Rights, etc. and they that watch and record are those we think we'd like to avoid.
I work a FL county GIS and in 1998, our aerial maps were good enough that we zoomed down to look in the back of a co-worker's pickup truck and could easily read "Budweiser" on the case of beer in the truck bed. We were told that the military had these same maps but in 4 or 5 stages better resolution! THAT was 10 years ago - now it's LIVE.
I ran a multi-line BBS for 15 years and hubbed mail for FIDO most of that time. The mail "bags" came in, got sorted and went back out. It was true store and forward technology and with today's packer and encryption options, I believe that FIDO could once again offer relatively secure email. It would take a network though and with each added "node" would come potential trouble. Who's to say that hub in New Hampshire is not the FBI? With the right email client software, the playing field could be vastly leveled - are you listening Santos's?? End to end PGP enabled mail times the quantity factor would be REALLYPGP and the hardware that would have to be dedicated to breaking all that mail would be ridiculous. All this could run on old time BBS systems. Imagine this - NO SPAM (yet).
Rx --> Doctor Smith
I'm sure the public would like to take a look at.. by 3seas · 2008-08-09 03:41 · Score: 1

.....The emails of various Politician and Corporate government relationships.
And lets not leave out stock market related emails from those in the know.
What is the point of complaining? by st33med · 2008-08-09 03:55 · Score: 0, Flamebait

Why do people complain when people's privacy is being invaded by the NSA? It is not like they care about your love life, your favorite recipe, tax returns, etc. They want to keep this nation SAFE from terrorists.
1. Re:What is the point of complaining? by ResidntGeek · 2008-08-09 15:48 · Score: 1
  
  What if my love life involves the exchange of money, or my favorite recipe is magic brownies, or my tax return contains inaccuracies (like everyone else's)? Fuck your terrorists, I'm not giving up my freedom, due to unjust laws, just so you can have the illusion of safety.
  
  I know I'm feeding an unskilled troll. I don't care. Maybe he's genuinely stupid and can be set right. Dammit, I've got to try!
  
  --
  ResidntGeek
Didn't you know? by Anonymous Coward · 2008-08-09 03:59 · Score: 0

ROT13 doesn't work on RSA-ciphered strings.
Noob.
Encrypted phonecalls? by Anonymous Coward · 2008-08-09 04:21 · Score: 0

If someone just plugged into the circuit between you and the person you're talking to, they can hear in plain english (assuming language). Does this mean that your phone conversations with your S.O. are not private?
Does it make your conversation to unlock your banking funds not private?
BOLLOCKS.
Neither does plaintext on your email
Compare it to a phone call by Anonymous Coward · 2008-08-09 04:26 · Score: 0

You don't have a voice scrambler on your phone line, do you? Well, it's still considered ***private***.
Not just e-mail... by Stanislav_J · 2008-08-09 04:53 · Score: 3, Insightful

Not to be flippant, but does anyone really believe there is any privacy anymore with simple, unencrypted email?
Does anyone really believe there is any privacy anymore with ANYTHING? Technology, government and law enforcement practices, and the general public indifference are all converging to insure that nothing is hidden. Rant and rave, fight the good fight, but those of us who give a shit are becoming increasingly rare. It's an out of control freight train that can't be stopped -- delayed maybe, diverted to do less damage perhaps, but unstoppable.
The only thing you can do is try to leave as small a footprint as possible. I know damn well that if someone really wanted to find me, or know my business, they could do so. I long ago abandoned any notion of being able to prevent any and all personal, corporate, or governmental snooping. All I can do is use some common sense, do nothing to call attention to myself, and try to make it as difficult as possible so as to not be worth the effort for all but those who are truly determined. And try to avoid doing the things that would make those determined folks want to find me.
Unfortunately, the list of those things gets longer everyday, and all those peculiar interests and eccentric foibles I used to take pride in may now well brand me as "suspicious" and worthy of further scrutiny.

--
"Every great cause begins as a movement, becomes a business, and eventually degenerates into a racket." -- Eric Hoffer
1. Re:Not just e-mail... by Anonymous Coward · 2008-08-09 22:26 · Score: 0
  
  this is also why i no longer have a slashdot user, and why i dont comment on many sensitive articles, it's just not worth it
  i dont care who wins the presidency, i dont care who my supposed rep is
  i try to take the lowest paying job possible so as not to fund this insanity
  i plan on leaving this country soon, we have technology which the soviets and even Chinese do not, which means the spy task is even easier here, there is no constitution or bill of rights, the black projects of national security have rendered all of our freedoms not applicable
Klingon Proverb by pentalive · 2008-08-09 05:07 · Score: 1

If you do not wish a thing heard
do not say it.
I wonder though, is a walk in a random park still private enough for some sensitive communications.
Carcarius by Carcarius · 2008-08-09 06:11 · Score: 1

How much sensitive information is being shared via email anyway? The government can parse every single piece of email transmitted over the net but all they will likely find is false-positives and intel designed to misdirect. Or do they think they can succeed in getting valid intel through reverse psychology. "We are looking at every email over the 'net... or are we? " We no longer live in an age where we have any realistic expectation of privacy. If you want your communications to be private, don't use an inherently public device (the internet) to communicate with.
1. Re:Carcarius by gujo-odori · 2008-08-09 09:35 · Score: 1
  
  Actually, a lot. I'm in the email security industry and have access to what is probably the largest corpus of ham and spam in the world (unless the government has an even larger secret collection, which is entirely possible), and you wouldn't believe the kind of stuff that people send in clear text email, not even cryptographically signed. Passwords, account numbers, details of their personal lives that they really wouldn't want to have become general knowledge, etc. You name it, it's out there.
Works both ways by PPH · 2008-08-09 06:50 · Score: 2, Interesting

If selling e-mail off of servers is not wiretapping, then its not wiretapping if the e-mail being sold belongs to the government, GOP, or whomever. Even if that e-mail is encrypted, the traffic analysis data is quite valuable. Law enforcement is way behind the game in link analysis. That is: who phones, or e-mails who, when and how often. That data has been gold to marketing departments for years. Undoubtedly, it will be valuable to political competitors, foreign intelligence agencies and others.
It sounds like the door is wide open for a whole new business plan. The "3) ????" just before "4) Profit!" has now been solved.

--
Have gnu, will travel.
1. Re:Works both ways by Dan541 · 2008-08-09 15:24 · Score: 1
  
  How many stories do we see of government laptops being stolen?
  I doubt encryption is used in governmnet email, even if it is the keys are on the unencrypted laptops that keep getting stolen.
  
  --
  An SQL query goes to a bar, walks up to a table and asks, "Mind if I join you?"
DIY by Fishbulb · 2008-08-09 07:34 · Score: 1

Aaaaannndd...
If anyone out there still thinks their libertarian IT-guy-next-door is a bit over-the-top or paranoid for running his own email server in his basement, here's why*!
Time to get an unfettered DSL line with a static IP and setup my own server.
(Actually, time to become an email server configuration consultant)
* - and yes, I RTFA'd and this has to do with slurping email off of a server's storage area and not making a copy of an email being transmitted
Precedant for voice tapping too...a matter of time by Anonymous Coward · 2008-08-09 07:52 · Score: 0

From the EFF brief..."the federal district court ruled that because the emails were stored on the mail server for several milliseconds during transmission, they were not technically "intercepted" under the federal Wiretap Act"
in digital voice transmission, the data is stored in registers for several picoseconds during transmission.
-Duck
USENET is dead, long live USENET... by zooblethorpe · 2008-08-09 09:16 · Score: 1

Somehow I suspect this is a contributory reason for why USENET is being killed off...

If you really want to make it hard...have the nym server send your messages, encrypted to a USENET group...you can retrieve it from there and no one will be able to really trace what you're doing.
Powers that be, be they governmental or corporate or what-have-you, don't like fully distributed no-one-owns-them systems like USENET. Note too how the intarwebs are becoming increasingly being consolidated as the property of these same powers -- both in terms of the pipes and in terms of the content sites.
Toodle-oo, Wild West, it was nice knowin ya.
Cheers,

--
"What in the name of Fats Waller is that?"
"A four-foot prune."
phones by ClioCJS · 2008-08-09 10:42 · Score: 1

When you talk on the phone, you are sending an unencrypted version of your speech through the copper wires, into telephone poles that cross public space. Why do you expect privacy when you have just transmitted your conversation via [sort-of-]publicly-owned wires?
There was no phone privacy at first. Congress had to make it law. Now we are seeing the same metaphor NOT being extended to the modern day equivalent. That constitutes an erosion of rights.

--
-Clio
Karma: Bad (mostly from not giving a fuck)
Blog: http://clintjcl.wordpress.com
Already done by SonicSpike · 2008-08-09 12:58 · Score: 1

Your e-mails are already copyrighted essentially. The metric is basically 'anything with a minimal amount of creativity fixed into a tangible medium of expression"

--
Libertas in infinitum
Um, use the SCA by Anonymous Coward · 2008-08-09 17:06 · Score: 0

So if the Wiretap Act/ECPA doesn't apply to store and forward email, sue under the Stored Communications Act. Amend the complaint if you have to. The defense can't have it both ways. This is not rocket science.
Court actually might have a point... by Gverig · 2008-08-09 17:29 · Score: 1

Is it considered a wiretap (or mail... whatever... crime) if an employee scanned snail mail and sold it? What if he printed emails and then sold printouts? What if he recorded a conference call at which he was legally present? This actually indeed does not necessarily sound like a wiretap- does not mean it's legal but wiretap law might not cover it (IANAL).
One more thought... Many people raised questions about privacy of unencrypted emails. That's true it can be intercepted at about million different points but that's not the issue in question. Phone conversation can be wiretapped (especially wireless phones), IRS employee can steal SSNs, any DBA or network admin at an online store can steal CC numbers. None of the above is *legal* thought and information obtained that way would not be acceptable as evidence in any trial- and that's the critical point of the discussion.
As usual, IMHO, IANAL, don't know much and don't really care to learn...
SSL to E-Mail by HTH+NE1 · 2008-08-12 07:40 · Score: 1

I learned from my time working for a web site design company (now long out of business) that even though your connection to a site may be secure, that doesn't mean that the site doesn't immediately forward your submitted form data to an aol.com address without the benefit of any encryption.

--
Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?