Slashdot Mirror

← Back to Stories (view on slashdot.org)

That Was Fast: Leahy Drops Warrantless E-mail Surveillance Bill

Posted by Soulskill on from the sees-which-way-the-wind-is-blowing dept.

Presto Vivace writes "Under the right conditions, online activism can be very effective. U.S. Senator Patrick Leahy has already abandoned his warrantless e-mail surveillance bill we discussed this morning. 'The Vermont Democrat said today on Twitter that he would "not support such an exception" for warrantless access. ... A vote on the proposal in the Senate Judiciary committee, which Leahy chairs, is scheduled for next Thursday. The amendments were due to be glued onto a substitute (PDF) to H.R. 2471, which the House of Representatives already has approved. Leahy's about-face comes in response to a deluge of criticism today, including the ACLU saying that warrants should be required, and the conservative group FreedomWorks launching a petition to Congress -- with over 2,300 messages sent so far -- titled: "Tell Congress: Stay Out of My Email!""

27 of 107 comments (clear)

  1. Oops, somebody noticed by Attila+Dimedici · · Score: 5, Insightful

    Translation, "I thought nobody would notice."

    --
    The truth is that all men having power ought to be mistrusted. James Madison
    1. Re:Oops, somebody noticed by geekoid · · Score: 2, Insightful

      The people didn't like it, he changed his stance.

      It's how it's suppose to work.
      I know,it doesn't fit into your lazy ass whiny spoon fed view point.
      But there you are.

      --
      The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
    2. Re:Oops, somebody noticed by Anonymous Coward · · Score: 5, Insightful

      The fact that he even considered it in the first place is disturbing on its own.

    3. Re:Oops, somebody noticed by DaMattster · · Score: 4, Insightful

      No, Leahy's stance should never have been pro anything that erodes 4th Amendment protections. Our elected representatives are supposed to protect our rights, not sell them away. This is further proof positive that we need a third party. Both Democrats and Republicans want increasing control over us.

    4. Re:Oops, somebody noticed by klingers48 · · Score: 3, Insightful

      This is the key point. They will try again when the heat dies down. Spooks and ignorant senators/congressmen can't actually divorce themselves from the mentality of the intelligence community and really understand where most of the pushback is coming from. It's never been about having something to hide or not... It's a community of informed IT enthusiasts who embrace the technology to a point where it becomes a feeling of violation when their digital privacy is threatened.

      I'm not a behavioral scientist or a psychologist, and this might even be wrong, but I'm sure I've read before that our brain remaps our "personal space bubble" when we drive a car. I also believe that (beyond the obvious) reasons why we get angry at telemarketers/doorknockers, wear clothes, put locks on our doors and curtains on our windows is because we have a deep-down, hard-wired intellectual personal space that has evolved alongside our physical personal space.

      Problem is, every unsolicited knock on the door, phone ring from a stranger or person peeking through the curtains rankles us in our lizard brain because an external force is attempting to wrest some control of our intellectual personal space. It's no different to a perfect stranger standing two inches from our face. It's wrong. Our lower brain connected to our higher brain sees "THREAT!!"

      We feel the same way when the government pries into our communications, movements or histories. It's not about being ashamed of anything or having "something to hide", it's about a feeling of an exterior force violating our intellectual idea of personal space. We are being denied the control we desire over what we show the world. That is in my opinion the core issue governments will never be able to understand. That's the answer to the inevitable "Why are they protesting?" question.

    5. Re:Oops, somebody noticed by Anonymous Coward · · Score: 2, Interesting

      With the selection of third parties we have, they are not much better.

      The Greens:

      Where I live, they have managed to get public land closed, saying it was for the environment. Said land? Well, the local county "leased" it for a 50+ year term, and now sports a golf course. What once was an area for hiking and mountain biking is for golf carts, and the surrounding area is "blessed" by the runoff from fertilizer.

      They live in a world where they want to deprive people of enjoyment. Usually they end up as pawns of big business. The greens get an area closed off, then the loggers move in. They also have zero empathy for anyone not leading their lifestyles. Vandalizing a family's minivan just because it isn't a hybrid car promotes little other than resentment.

      Then, there are are the Libertarians:

      The average Libertarian is essentially a loud Republican. Their cries are similar: remove regulation, business uber alles, golden showers from trickle down economics are the way to go, "small" government, let us return to the Gilded Age where tycoons were tycoons, and average Americans slept in shit, and "The Jungle" demonstrated the right way to make sausage. Almost no Libertarians have any grasp of basic macroeconomics, civics, and concepts like balances of power. They moan and groan about how hellish taxes were, however, they were almost triple when their hero, Reagan, was in office. On one hand, they want the people who make their products only making minimum wage, on the other hand, they whine about US jobs going overseas. Of course, this party is a God-send for big business. For example, when I see posts about any significant advance from NASA on Slashdot, there is the Libertarian posting about "why should our tax dollars go for this?"

      Of course, we have Occupy:

      Occupy had a message, but claiming parks as campgrounds and having to have coordinated police remove them has made any politician deaf to anything coming out of Occupy. The only thing that movement has done has been to sharpen the skills of riot police. Had Occupy mimiced the same strategy as the Tea Party (come into a city, stage an organized protest with proper permits given, then fscking LEAVE and not have to be thrown out of parks), they would have a voice at some place other than the defendant's chair.

      So, we have three sub parties. Two as puppets for big business, one that nobody will pay attention to because it is easy to confuse an Occupy event with a re-enactment of Woodstock.

      Once the US gets a party that actually represents the middle class (regulate business, put in reasonable fair trade laws, etc.) appears, then maybe it would be an alternative. Otherwise, there isn't anything to be taken seriously.

    6. Re:Oops, somebody noticed by slashmydots · · Score: 4, Interesting

      Exactly! This is why we need a randomly selected American civilian (similar to jury duty) to follow around every congress member and every time they do something stupid or controversial or clearly evil, they'd get to react like "WTF are you signing that crap? Are you shittin' me right now? Why are you adding that to the bill? Why are you going to a $1000 luxury dinner with that oil company exec?"
      Now that's representative-based democratic oversight, lol.

    7. Re:Oops, somebody noticed by pclminion · · Score: 2

      Our third parties are definitely a bit, uh, radical. But there's a difference between a government made up entirely of Greens, and a government that has a certain amount of Green influence. I voted for some Green candidates in the past election, and some Libertarians too. It's not because I want to see a government entirely composed of those viewpoints. I simply feel that a mixture of all of these views may lead to more diverse and effective government.

      A government composed entirely of Greens would probably require us to all kill ourselves for the good of the planet. A government composed entirely of Libertarians would disband itself the moment it formed. I don't want either of those things.

    8. Re:Oops, somebody noticed by pclminion · · Score: 2

      It's never been about having something to hide or not...

      Privacy in general is not about hiding things, not just restricted to IT-related topics. I once had a debate with a previous manager -- her claim was that if you didn't want anybody to know you were doing something, then perhaps you shouldn't be doing it. I wanted to counter that if she believed that, perhaps she wouldn't mind installing a camera in her bedroom so I could watch her having sex.

      Of course, I didn't say that. But I wanted to.

    9. Re:Oops, somebody noticed by noobermin · · Score: 2

      He didn't.

      http://thehill.com/blogs/hillicon-valley/technology/268929-leahy-denies-supporting-bill-to-allow-warrantless-email-searches

    10. Re:Oops, somebody noticed by Culture20 · · Score: 2

      I would love going back to runner-up in presidential elections becoming the Vice President. That could make for excellent gridlock within the executive branch.

    11. Re:Oops, somebody noticed by sydbarrett74 · · Score: 2

      THIS . Such as system worked well for decades, and fostered compromise between the parties. We need to return to this system ASAP. It would also reduce the mudslinging between candidates during the campaign, because they would both know they have to work with each other for the next four years. Abandoning this protocol was a deeply regressive move, IMO.

      --
      'He who has to break a thing to find out what it is, has left the path of wisdom.' -- Gandalf to Saruman
    12. Re:Oops, somebody noticed by mog007 · · Score: 2

      Decades? The 12th amendment (which changes the method for selecting VP) was ratified in 1804. That's only 17 years after the Constitution was formally adopted by the US.

      --
      Learn something new.
    13. Re:Oops, somebody noticed by sydbarrett74 · · Score: 2

      Uh, under the original system, McCain would've been VP. He wouldn't even have had Palin as a running-mate.

      --
      'He who has to break a thing to find out what it is, has left the path of wisdom.' -- Gandalf to Saruman
  2. Executive Order in 3... 2... 1... by hawks5999 · · Score: 4, Insightful

    Whenever this stuff can't get through Congress it just ends up in a Friday night EO dump. Is this one important enough for Black Friday? We'll know by Monday.

  3. Re:No time like the present... by lister+king+of+smeg · · Score: 3, Interesting

    try convincing nongeeks and nontinfoilhaters to use double public key encryption for all of their communication be it email chat or voip. they will fight it tooth and nail because it "more complicated" translated requires one additional click per message maybe a couple keystrokes for your password.

    --
    ---Saying gnome 3 is better than windows 8 not so much a compliment as it is damning with light praise.
  4. Re:No time like the present... by fuzzyfuzzyfungus · · Score: 4, Insightful

    No problem! We can just simplify the process by setting up a large number of so called "certificate authorities", who we will trust implicitly and pay yearly fees for little chunks of math! Nothing could possibly go wrong, and we can have a comforting little padlock symbol for noobs...

  5. Two sides to every story by BinarySolo · · Score: 4, Informative

    According to this, Leahy claims CNET was incorrect in its original article and that he never supported the warrantless wiretapping. When he tried to clarify this stance, CNET comes out with this article saying that he backtracked because of the backlash caused by their article. Not going to make the judgment call on which side is right, but it should at least be noted that there are two sides to the story.

  6. Strange bedfellows... by sconeu · · Score: 3, Insightful

    When the ACLU and a conservative group are loudly on the same side of something, you know whatever it is is bad.

    --
    General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
    1. Re:Strange bedfellows... by Anonymous Coward · · Score: 3, Insightful

      Not really. ACLU shares many same beliefs as libertarians. So more correctly, when they do line up on the same side you know its a government versus privacy issue. In this particular case, I think they are correct. But I'll reserve my judgment for their future endorsements, as they both are kind of bizare at times.

  7. Re:No time like the present... by 0123456 · · Score: 2

    Duh. That's because a self-signed certificate delivered over the Internet from a random web site provides no protection whatsoever against a man-in-the-middle attack.

  8. Trial Balloon by nurb432 · · Score: 2

    Now that it was shot down from being in the open, it will reappear in a unrelated bill, buried under 1000's of other layers so it wont be noticed until its too late.

    --
    ---- Booth was a patriot ----
  9. We could have fixed this, but didn't by Okian+Warrior · · Score: 2

    We could have fixed this whole privacy thing from the beginning, but for whatever reason we didn't.

    There was a time when people read E-mail using local clients. Freeware programs such as Thunderbird and Pegasus Mail were common.

    The issue could have been addressed by fiat from any one popular software package. It would only have required:

    1) For each user, generate a default public and private key on install
    2) Add a field to the protocol requesting the recipient's public key if they have one
    3) Add a field advertizing the sender's public key
    4) Add a button on the interface for "Prevent others from reading the content"

    Done right, that's all it would have taken.

    The protocol allows for experimental fields which can be ignored if the client doesn't understand, and there is already a mechanism for "delivery confirmation" which could be adapted for "public key confirmation". It would have taken very little to have the client intercept the public key response, process it, and not bother the user about it.

    The mouseover for the button could have said "use encryption if the recipient has a compatible client".

    At the time, this would have been a feature that mainstream clients didn't have (Outlook, Exchange, &c), so it would have been a selling point for open source. It would have led people to encourage the recipient to change to a more secure client. There would be an incentive to make other packages compatible, and soon the feature would be everywhere.

    All of this could have been implemented transparently for the naive user, with a more sophisticated interface for advanced users who needed more control.

    But for some reason we didn't do that, and now everyone reads their E-mail online. We didn't make this a de-facto standard, and now we've missed our chance. (I've often wondered if the browser could automatically encrypt/decrypt the content of specific named text blocks from specific sites such as gmail. Then the content could be encrypted online, but show cleartext to the user.)

    We have the means and expertise to fix some of these problems, all it takes is the will to do it.

    1. Re:We could have fixed this, but didn't by Obfuscant · · Score: 4, Informative

      The issue could have been addressed by fiat from any one popular software package.

      Thus solving it for users of one package.

      2) Add a field to the protocol

      Which protocol? SMTP? POP? IMAP? UUCP?

      The protocol allows for experimental fields

      Same question.

      The mouseover for the button

      Oh, this would solve the problem only for the people with GUI mail clients.

      could have said "use encryption if the recipient has a compatible client".

      Sorry. How does my email client know what email client YOU are using and whether it supports this? Is there a new protocol you are proposing where one client asks another prior to sending an email? What happens if the recipient is offline?

      But for some reason we didn't do that,

      Mainly because it is an intractable problem, much more difficult than simply having one GUI email client start doing it. Here's one big problem: how do I read those encrypted emails sitting in my mailbox when I'm not using the specific GUI email client that deals with them, or I don't happen to have the key and can't get it because I'm not online at the moment?

      (I've often wondered if the browser could automatically encrypt/decrypt the content of specific named text blocks from specific sites such as gmail. Then the content could be encrypted online, but show cleartext to the user.)

      If you are limiting yourself to defining "email" as "gmail accessed via a web browser", you simplify the problem considerably. Of course Google could store all your email in an encrypted form and send you a javascript (if you have a js enabled/capable broswer) applet that decodes it on your system. If you send them your public key, they could even encrypt the stuff they store on their disks as it came in for you, if it wasn't already. You still have the problem of how you make sure every system you use to access that email has the key kept locally, and what happens for people who have gmail forwarded to some place else.

      So, yes, the problem is rather trivial if you force everyone and everything through one mail server and ignore the huge diversity in protocols used to transport email and the kinds and types of clients/servers used to do it.

  10. Re:No time like the present... by Score+Whore · · Score: 4, Insightful

    It does if you'd bother to look at the fingerprint and verify it's the same as last time. Which the browsers should do, but they don't because it cuts into their CA root key inclusion fees.

  11. or maybe go ahead and do it anyway by Presto+Vivace · · Score: 2

    and pass a retroactive legalize anyway deal like they did with FISA abuse.

  12. Please stop being a troll by Okian+Warrior · · Score: 2

    The issue could have been addressed by fiat from any one popular software package.

    Thus solving it for users of one package.

    Yes, solving it for one package. As mentioned in the post, there would be an incentive for other packages to implement the scheme in order to be compatible. As mentioned in the post. Perhaps enough incentive to form a Tipping point.

    2) Add a field to the protocol

    Which protocol? SMTP? POP? IMAP? UUCP?

    The protocol allows for experimental fields

    Same question.

    Which one do you think? Do you need a complete spec, or will just an outline do? Google is your friend.

    The mouseover for the button

    Oh, this would solve the problem only for the people with GUI mail clients.

    Did you really think I was advocating implementing this only on GUI clients?

    The point was to get enough naive users into the system to make it a de-facto standard. Most naive users use a GUI client, so starting there would put the solution before a wide audience quickly.

    could have said "use encryption if the recipient has a compatible client".

    Sorry. How does my email client know what email client YOU are using and whether it supports this? Is there a new protocol you are proposing where one client asks another prior to sending an email? What happens if the recipient is offline?

    If you have the public key for the recipient, then they have a compatible client. If you don't, you send the message in the clear and request the public key.

    Really, this isn't rocket science - the first message I receive from the recipient would contain their public key. My first message to them would be in the clear, but would provoke a public-key sendback which my client would silently process.

    (I've often wondered if the browser could automatically encrypt/decrypt the content of specific named text blocks from specific sites such as gmail. Then the content could be encrypted online, but show cleartext to the user.)

    If you are limiting yourself to defining "email" as "gmail accessed via a web browser", you simplify the problem considerably. Of course Google could store all your email in an encrypted form and send you a javascript (if you have a js enabled/capable broswer) applet that decodes it on your system. If you send them your public key, they could even encrypt the stuff they store on their disks as it came in for you, if it wasn't already. You still have the problem of how you make sure every system you use to access that email has the key kept locally, and what happens for people who have gmail forwarded to some place else.

    So, yes, the problem is rather trivial if you force everyone and everything through one mail server and ignore the huge diversity in protocols used to transport email and the kinds and types of clients/servers used to do it.

    The protocol doesn't matter, since the message body can contain any text.

    You could, for instance, encode public keys as part of the body of any message by wrapping it in a field delimiter which the client could pick out. If your browser isn't compatible, then the recipient would see the public key encoding as text.

    This isn't so different from digital signatures, which are encodings of binary data attached to the bottom of a document body. I'm only suggesting that a similar method be used to attach the sender's public key, and have the client make note of the public keys as it gets them.

    The sender uses the recipient's public key if it has one. Otherwise, it sends in the clear. The first messages will be in the clear, and encoded for all subsequent messages.

    Really, this is not rocket science. Take a moment to think things through.