Slashdot Mirror

← Back to Stories (view on slashdot.org)

US Police Increasingly Peeping At Email, IMs

Posted by timothy on from the y'know-just-a-little-peek dept.

angry tapir writes "US law enforcement organizations are making tens of thousands of requests for private electronic information from companies such as Sprint, Facebook and AOL, but few detailed statistics are available, according to a privacy researcher. Police and other agencies have 'enthusiastically embraced' asking for e-mail, instant messages and mobile-phone location data, but there's no US federal law that requires the reporting of requests for stored communications data, according to Christopher Soghoian, a doctoral candidate at the School of Informatics and Computing at Indiana University."

8 of 113 comments (clear)

  1. Happened to me by Anonymous Coward · · Score: 3, Interesting

    I had an out-of-state police dept. gain access to my Gmail account for a joke email I forwarded to somebody who requested it. The intended recipient provided me the wrong email address (off by one letter) and it ended up in the wrong mailbox. It was not threatening/sick/graphic, yet they were able to access my account and locate me by phone.

    1. Re:Happened to me by Abstrackt · · Score: 3, Informative

      I say that if you're going to encrypt, encrypt everything or at least as much as possible. If the authorities want to come after me with a five dollar wrench so be it, anything that important wouldn't be in my email anyway.

      And email encryption is not easy? Install Thunderbird, GnuPG and Enigmail. You can even set rules to encrypt emails to specific people by default. I've gotten my family, close friends and coworkers using Enigmail and they love it. Even better, and my ulterior motive from the start, is that I now have a good-sized web of trust.

      --
      They say a little knowledge is a dangerous thing, but it's not one half so bad as a lot of ignorance. - Terry Pratchett
    2. Re:Happened to me by jonamous++ · · Score: 4, Insightful

      It's easy for me and it's easy for you - it's even easy to use once it's set up (assuming they are vigilant). But if I told my (very non-geek) girlfriend to encrypt her e-mails, she would have no clue on where to start. I could certainly help her but the problem is that not everyone has someone to ask or would even care enough to do so (obvious, since most people don't encrypt their email).

      I definitely agree that everything should be encrypted, it has a great deal of benefits (aside from my opinion that cryptography is just fascinating). It's problematic though, since most people don't think that way - now we're back at square one, how am I supposed to send an encrypted e-mail to someone without a public key? Even if they had one, we still run into some problems with people not paying attention to what they are doing (did they verify that the fingerprint I gave them matched before they trusted my public key? Not likely).

      I think computer security in general is far removed from many people's minds outside of paying their 40$/yr to Symantec. E-Mail encryption? They simply don't care.

  2. Old news by Flipao · · Score: 5, Funny

    This has already been reported

  3. The Constitution is federal law. by jcr · · Score: 3, Informative

    What's it got to say about this kind of thing?

    The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

    Any statute which purports to give the government access to our electronic communications without a warrant is not a law at all. It's a usurpation.

    -jcr

    --
    The only title of honor that a tyrant can grant is "Enemy of the State."
    1. Re:The Constitution is federal law. by Bob9113 · · Score: 3, Insightful

      >> against unreasonable searches and seizures

      > Any statute which purports to give the government access to our electronic communications without a warrant is not a law at all. It's a usurpation.

      First, I agree with you. I believe that the spirit and intent of The 4th, and the spirit and intent of The 1st, are being violated. The 4th for obvious reasons. The 1st because the concept of free association and speech is hollow when the government is always listening.

      That said, to clarify how the letter is not being violated, at least in their eyes:

      "Unreasonable" is interpreted to mean that searches and seizures are Constitutional in any case where you do not have a reasonable expectation of privacy. Since email travels in the clear (mostly) and when you use a cloud service you are giving the information to an untrusted third party, the courts hold that you do not have a reasonable expectation of privacy.

      We can wail and gnash our teeth all we want. It is, to me, unquestionably a violation of the principles upon which this nation was founded. And we should. We should make it clear to everyone we know that this is going on, and ask that the policy be changed.

      Meanwhile, we (information science professionals, enthusiasts, and hobbyists) should focus on the letter-of-the-law side as well. Restore the reasonable expectation of privacy in electronic communication. Endpoints, content, protocols, everything. It's not easy, but we can do it.

      I have a project in that vein I'm working on. We all should.

      --
      Stop-Prism.org: Opt Out of Surveillance
  4. Simple Solution by PvtVoid · · Score: 3, Insightful

    Run your own mail server. It's not a complete solution, since in principle ISPs could be storing data transmitted over their networks, but it at least makes it more expensive to violate your privacy.

    But Gmail? Facebook? I am continually amazed by people who store their personal data in these places and expect it to stay private.

  5. Hopefully the Privacy Bill of Rights in Congress by Shivetya · · Score: 4, Informative

    will fix all of this, oh wait, by the standard of law naming in Congress this will do the opposite of what it claims.

    See http://www.washingtonwatch.com/bills/show/112_SN_799.html and http://www.cato-at-liberty.org/the-privacy-bill-of-rights-is-in-the-bill-of-rights/

    [T]he measure applies only to companies and some nonprofit groups, not to the federal, state, and local police agencies that have adopted high-tech surveillance technologies including cell phone tracking, GPS bugs, and requests to Internet companies for users’ personal information–in many cases without obtaining a search warrant from a judge.
    ---

    In other words, the government seems keen on protecting us from ourselves while opening us to them by any means. It really comes down to crafting laws with safe sounding names all in an effort to circumvent the Constitution. As most realize, Congress's favorite activity of the last fifty or so years has been how to get around the limits our Founding Fathers placed on the Federal Government.

    --
    * Winners compare their achievements to their goals, losers compare theirs to that of others.