Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Intimate Social Graph

Posted by Soulskill on from the anything-you-tweet-may-be-used-against-you-in-a-court-of-law dept.

jamie tips an article by Slashdot vet Keith Dawson about the uncertain state of privacy protection for one-to-one online communications through social sites and services. Quoting: "The privacy of these communications is protected mainly under a law — ECPA, the Electronic Communications Privacy Act — dating from 1986 and crafted for then-existing email (think Compuserve and Prodigy) and emerging cellular networks. This law is an increasingly poor fit for modern and emerging communication modalities. Email stored on servers is treated differently depending on whether or not the user has read a particular message; and messages older than 6 months in storage enjoy different protection than newer messages. In attempting to apply the ECPA to social networking media, courts have interpreted users' privacy rights in a variety of ways. ... One shortcoming of the ECPA is that it does not require email, search engine, cloud computing or social networking sites to report how many requests for private data they get from authorities. Whatever the number, it almost certainly dwarfs the number of real-time online intercepts (wiretap, pen register, and trap and trace orders), for which statistics must be kept."

12 of 21 comments (clear)

  1. GPG FTW by Anonymous Coward · · Score: 2, Informative

    GPG is ported to about everything in creation. If you care about email privacy, use it. It makes whatever the law says some company must do irrelevant, and guards against "accidental" leaks by those companies.

    Nearly every ISP provides you with POP or other mail. Run your own mail client: most have built in support for GPG so it's transparent to you once you have made your keys.

    Depending on some "benevolent entity" to protect you is unwise.

    1. Re:GPG FTW by icebraining · · Score: 4, Interesting

      Of course, getting your recipients to accept and send encrypted mails is a different matter.

      I have GPG configured and sent the grand total of 3 emails using it. Nobody else I know (in an entire CS course, both teachers and colleagues) has a public key I can use. Even if they understand the concept (I've explained it some times) they simply don't care.

      --
      Dilbert RSS feed
    2. Re:GPG FTW by yahwotqa · · Score: 1

      Just refuse to send sensitive data over plain e-mail. Recipient, if they need the data, can then offer alternatives, or ask for suggestions from you.

      I'm way past the point to go out of my way to convince people to use correct solutions if they do not want to. I value my free time much more than 10 years ago.

    3. Re:GPG FTW by Jotii · · Score: 1

      Your OpenPGP key (093461E7) expired two years ago. A good way to promote the usage of OpenPGP encryption is to always be ready to accept encryptet emails.

      --
      [sig]
  2. kdawson is a "vet"? by abigor · · Score: 1

    Does this mean he no longer works at Slashdot?

    1. Re:kdawson is a "vet"? by corbettw · · Score: 1

      From your lips to CmdrTaco's ears.

      --
      God invented whiskey so the Irish would not rule the world.
  3. Intimate Social Graph WTF? by Apple+Acolyte · · Score: 1

    Is this article FUBAR? What's with the title? What do the terms "Intimate Social Graph" have to do with law enforcement snooping on stored electronic correspondence? Anyway, I think the safe thing to assume is, anything you send online in the clear is potentially open for anyone with interest and some technical experience to intercept and learn about you. There should be no expectation of privacy for that sort of information. If you proceed with that assumption in mind, you won't be disappointed if you find out you're being snooped on, and hopefully you will have taken some measure to guard yourself based on that realization.

    --
    Part of the hardcore faithful who believed in Apple long before it was cool again to do so
    1. Re:Intimate Social Graph WTF? by yahwotqa · · Score: 1

      Anything with "social (network|graph)", "web 2.0", "html5" "i(phone|pad)" in the title will get more pagehits on /., don't you know that?

  4. Re:Ahahahahahaha that's funny! by Worthless_Comments · · Score: 5, Funny

    This guy sounds legit.

  5. Re:Ahahahahahaha that's funny! by TheUnknownCoder · · Score: 2, Insightful

    What a proper username!

    --
    Uncopyrightable: The longest word you can write without repeating a letter.
  6. It could be made easy, with cooperation by Burz · · Score: 1

    If operating systems (including the desktop environments) treated keys and certificates as interesting standardized objects complete with consistent/appropriate icons, it would help people feel familiar with and in control of privacy measures like PGP.

    It would help further if the FOSS world and other techies had their druthers and started an initiative to identify/brand communications software as adhering to a certain standard that is both consumer-friendly and devoid of any backdoors. If the software carried a certain "trustworthy" badge then users would know it passed scrutiny and that there weren't any "legal snooping" deals being cut with governments, etc.

    When I first saw TFA summary, I thought of ZPhone and how cool it would be if similar communication apps like it could be grouped together and explained to average people who are seeking more privacy. If the concept catches on, it could encourage the creation of more user-friendly security software or prompt the big guys like Skype to become more open so they can earn the badge.

    1. Re:It could be made easy, with cooperation by Burz · · Score: 1

      Interestingly, the ZPhone website now has this:

      Submitted to IETF as a proposal for a public standard, and source code is published

      So maybe ZPhone itself would serve as a kind of assurance of privacy/trust.