Slashdot Mirror

← Back to Stories (view on slashdot.org)

US DOJ Say They Don't Need Warrants For E-Mail, Chats

Posted by Soulskill on from the you-can-trust-us dept.

gannebraemorr writes "The U.S. Department of Justice and the FBI believe they don't need a search warrant to review Americans' e-mails, Facebook chats, Twitter direct messages, and other private files, internal documents reveal. Government documents obtained by the American Civil Liberties Union and provided to CNET show a split over electronic privacy rights within the Obama administration, with Justice Department prosecutors and investigators privately insisting they're not legally required to obtain search warrants for e-mail."

41 of 457 comments (clear)

  1. "split" by Anonymous Coward · · Score: 5, Insightful

    Keep knock'n back that cool-aid

  2. Land of the free by Anonymous Coward · · Score: 5, Insightful

    to be watched by the Government.

    1. Re:Land of the free by Joce640k · · Score: 5, Insightful

      Why isn't all email encrypted yet?

      All we need is email programs that perform a Diffie-Hellman key exchange during the first few emails you exchange with anybody (add an attachment the the email which the user never sees). After two or three emails exchanged, you're encrypted. Why isn't it being done?

      I'm guessing the men in black SUVs pay visits to anybody who attempts it. What's the explanation if not...?

      --
      No sig today...
    2. Re:Land of the free by netwarerip · · Score: 5, Insightful

      ....... What's the explanation if not...?

      Likely because 99.86% of the people that use email can't even pronounce Diffie-Hellman, let alone know what it is.

    3. Re:Land of the free by defaria · · Score: 5, Insightful

      Because it's difficult to understand and difficult to use and most people don't know and don't care about encryption. You don't need to put on your beany hat and start conspiracy theories with men in black SUVs - I tried to use encryption and by and large the people I tried it with were nothing but confused and couldn't see the value in it.

    4. Re:Land of the free by Anonymous Coward · · Score: 4, Interesting

      They don't need to be able to pronounce Diffie-Hellman. GP said that the attachment would even be hidden.

      All of us know the reason why S/MIME, GnuPG, and GP's scheme will never be implemented is because of Outlook and other proprietary clients that make dealing with those technologies a royal pain in the ass even for technical users. I remember Outlook 2003 had an implementation of S/MIME, but it failed the "just works" test badly.

      Now, I remember using KMail when KDE used to be good in the 3.x days. Integration with S/MIME and GnuPG were practically seamless. The question to ask is not whether end users should need to know what Diffie-Hellman even is, but why major vendors like Microsoft and Google have absolutely no interest in supporting these technologies in a seamless, under-the-hood way.

      Hell, at work, we have a proprietary software package that handles outbound email. The only encryption it supports looks like some piss-poor ROT13 with XOR implementation, and you need to install a desktop Windows-only program to decrypt the mail. This vendor knows that businesses like the one I work for not only have to deal with HIPAA ePHI, but we're now regulated by the HITECH act. Where's any initiative from them to even offer S/MIME or some kind of web-based message center that isn't a complete joke? There is none.

      Fortunately, TLS is becoming more common for server-to-server relay, but there seems to be no big business interest in enabling the encryption to happen on the end user's desktop. I'd get my tinfoil hat out, but I have a feeling that the answer is that it just isn't a big priority for these vendors because the end user isn't even aware of the problem. We can get our green URL bars for Verisign-approved shopping carts, but there's no interest in that green bar I used to see in KMail that told me that an email had been encrypted and signature verified as having been sent by who I thought sent it.

      Maybe most folks think that as long as they don't send credit card info over email, it's good enough. Who knows.

    5. Re:Land of the free by Anonymous Coward · · Score: 4, Insightful

      Why isn't all email encrypted yet?

      Because its useless for most people. If the encryption is truly end to end, then the common web mail providers can't read it, and thus can't use it for targeting ads, so there is no reason for them to provide email at all. If the web mail provider holds the keys, then the government can just ask them for the email.

      For this to have any hope, we need everyone to stop using free web mail. Note that this reasoning regarding ad targeting is invalid for paid services (and personal mail servers obviously)

      Hey Google: I'll gladly pay a subscription to have my g-mail client side encrypted and decrypted. Problem solved.

      Ok, I likely could use a third party mail client, and overlay the encryption, but wouldn't it be nice if g-mail offered (on by default) encrypted email, and if you were willing to pay, only you held the keys? They could well integrate it, and with their user base, g-mail to g-mail would be common enough to get it started and supported elsewhere.

    6. Re:Land of the free by quarrelinastraw · · Score: 5, Insightful

      Because many email providers -- such as gmail, hotmail, yahoo, etc -- want to read your email to serve you ads. Encryption runs counter to the profit motive.

    7. Re:Land of the free by dinfinity · · Score: 4, Insightful

      Because major webmail providers don't really want email to be encrypted.
      Google/Gmail could easily push it and make it happen, but they would just be throwing money away by not being able to profile their users anymore.

      If everybody were still using Outlook Express and/or Thunderbird and ISP provided email accounts, there would have been loads of easy install plugins that would allow cross-client encryption.

    8. Re:Land of the free by spire3661 · · Score: 4, Insightful

      People who have read the Constitution, thats who.

      --
      Good-bye
    9. Re:Land of the free by spire3661 · · Score: 4, Insightful

      Did you somehow skip this part? "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.[1]"

      Considering all email as searchable is certainly an unreasonable overstepping of authority.

      --
      Good-bye
    10. Re:Land of the free by jc42 · · Score: 4, Insightful

      Did you somehow skip this part? "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.[1]"

      Ah, but you forgot the extension to all US laws that applies in this case: "... except when a computer is involved."

      A well-established principle in US (and most other) law is that if there's a computer involved, all precedent is forgotten, and the lessons of centuries of legal progress must be learned all over again.

      That clause in the US constitution was there because so many previous governments had done exactly what the US government is now doing with "computerized" communication. The folks who wrote that constitution wanted to prevent the abuses that governments had always foisted on their citizens. But modern people seem to accept the "except when there's a computer involved" qualification, so all those old abuses are being re-implemented online, and we'll have to fight all those old battles again before such safeguards are extended to the digital parts of our modern world.

      --
      Those who do study history are doomed to stand helplessly by while everyone else repeats it.
  3. Fourth Amendment by Anonymous Coward · · Score: 5, Informative

    "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

    1. Re:Fourth Amendment by zlives · · Score: 5, Funny

      when the government does it, that means that it is not unreasonable.

    2. Re:Fourth Amendment by Bugler412 · · Score: 4, Insightful

      And the entirety of the 4th amendment is eliminated by storing your data on somebody else's system since it's no longer considered part of YOUR "persons, houses, papers, and effects" Still like "the cloud"?

    3. Re:Fourth Amendment by funwithBSD · · Score: 5, Insightful

      I think you got that backwards, or forgot the /sarcasm tag:

      Searches by government are by definition unreasonable, thus they need a warrent.

      --
      Never answer an anonymous letter. - Yogi Berra
    4. Re:Fourth Amendment by CanHasDIY · · Score: 4, Insightful

      Safety deposit boxes are different since you have a lock on it.

      If I simply give you an unsealed packet of papers, I am assuming the risk you'll had those over to the government if they ask you for them even if I ask you not to. There's no 4th amendment protection under those circumstances. This is analogous to using a web mail provider like gmail, hotmail, etc. where you're asking them to store plain text emails.

      OK, then go access my gmail account and post all the content therein online.

      Oh, wait, you can't, because that account has a fucking lock on it, that only I (and Google, supposedly) have a key to.

      --
      An enigma, wrapped in a riddle, shrouded in bacon and cheese
    5. Re:Fourth Amendment by MrHanky · · Score: 4, Insightful

      Slashdot: where obvious jokes are lost.

    6. Re:Fourth Amendment by Meeni · · Score: 4, Insightful

      Voice over phone line is in "clear", and ATT could listen to it. Yet it is still required to have warrant to bug the line. I fail to see what is different with my emails. They are traveling "the infrastructure" in clear, that doesn't mean they are intended to be read by every bystander. As a matter of fact, somebody got a very harsh sentence for intruding onto S. Palin's mailboxes and revealing the content of these emails, so it seems to be quite clear and settled that emails are not to be considered public by default.

    7. Re:Fourth Amendment by Anonymous Coward · · Score: 5, Insightful

      The Sarah Palin email hack occurred on September 16, 2008.... The incident was ultimately prosecuted in a U.S. federal court as four felony crimes punishable by up to 50 years in federal prison.[3][4] The charges were three felonies: identity theft, wire fraud, and anticipatory obstruction of justice; and one optional as felony or misdemeanor: intentionally accessing an account without authorization.

      If emails etc are not expected to be private, why is it a felony crime to access someone else's email?

    8. Re:Fourth Amendment by anagama · · Score: 4, Informative

      Bullshit - my papers and effects are my papers and effects, regardless of where I keep them.

      This should not be labeled informative because it is likely to get people into serious shit.

      Under the third-party records doctrine, a person cannot assert a Fourth Amendment interest in information knowingly provided to a third party. If strict application of the doctrine ever served us well, it no longer does, leading to absurd results. This is particularly true in an age where so much more information is communicated through intermediaries. ....

      http://www.abajournal.com/magazine/article/the_data_question_should_the_third-party_records_doctrine_be_revisited/

      The doctrine holds that law enforcement does not need a warrant to search and seize information lawfully held by third parties, such as online file hosting services like Dropbox or online email providers like Gmail. Nojeim argues that the third-party records doctrine is outdated and an ill-suited legal standard for today's digital world. For example, people can use physical storage lockers rented out to them by a third party -- that is, a locker rental company -- and retain a warrant protection for their property stored in the lockers. However, if people use an online storage service provided by a third party, their warrant protection is lost.

      https://www.cdt.org/blogs/suchismita-pahi/0108whats-wrong-third-party-doctrine-and-einstein-30

      --
      What changed under Obama? Nothing Good
    9. Re:Fourth Amendment by netwarerip · · Score: 5, Informative

      Coming from a former bank guy, they don't have keys to the customer's lock. They do, however, have a maintenance guy with a powerful drill.

    10. Re:Fourth Amendment by DrJimbo · · Score: 4, Insightful

      The GP said:

      when the government does it, that means that it is not unreasonable.

      Richard Milhous Nixon (who was forced to resign from the presidency of the United States due to his many flagrantly illegal acts) said:

      Well, when the president does it, that means that it is not illegal.

      Please don't speak for me and please don't include me in the group "everyone". I don't think the GP was being fucking retarded and counterproductive. Even though this is Slashdot, the GP's wit was not lost to all readers.

      --
      We don't see the world as it is, we see it as we are.
      -- Anais Nin
    11. Re:Fourth Amendment by ewieling · · Score: 4, Insightful

      Wouldn't the solution to "the e-mail problem" be to store your e-mail in a country with decent privacy protections and access it using SSL/TLS? It won't won't prevent the US government from accessing your e-mail if they really want to, but it is a start.

      --
      I really shouldn't have used someone else's email address for this account.
    12. Re:Fourth Amendment by PhxBlue · · Score: 4, Informative

      Because the government hates competition.

      --
      !#@%*)anks for hanging up the phone, dear.
  4. FOI Requests? by TheRaven64 · · Score: 5, Insightful

    Does the same logic mean that the government can not reject FOI requests for emails and can not redact anything in emails?

    --
    I am TheRaven on Soylent News
  5. Oh wait! by Anonymous Coward · · Score: 5, Informative

    Maybe we should create an amendment to the constitution that makes this issue more clear regarding illegal search.

    Oh, wait... http://en.wikipedia.org/wiki/Fourth_Amendment_to_the_United_States_Constitution

    well then maybe we should create a law that clarifies the position a bit further

    Oh, wait.. http://www.justice.gov/opcl/privstat.htm

    ok, well maybe we will have courts decide that emails are personal property

    Oh, wait... http://wiki.answers.com/Q/Are_emails_personal_property

    when/where does it end?

    1. Re:Oh wait! by Anonymous Coward · · Score: 5, Insightful

      It ends when you start sending prosecutors to jail for misconduct.

    2. Re:Oh wait! by CanHasDIY · · Score: 5, Insightful

      It ends when prosecutors start sending prosecutors to jail for misconduct.

      FTFY, and identified the real problem at the same time.

      If self-policing worked, we wouldn't have need for police, you know?

      --
      An enigma, wrapped in a riddle, shrouded in bacon and cheese
  6. Second Amendment by tekrat · · Score: 5, Interesting

    People keep claiming that they want to keep their guns because they need to protect themselves if their rights are taken away by the government...

    HELLO???? At what point do you start defending yourselves? Your rights are being slowly stripped away and have been over the course of the last 30 years, and nobody does anything?

    Even when the Stormtroopers are patrolling the streets, and curfew after dark is in place and people are afraid to speak against the government, or talk on their phones, with your neighbors turning each other in for 'treason'... you'll all still be sitting on your guns waiting for the government to take away your rights.

    --
    If telephones are outlawed, then only outlaws will have telephones.
    1. Re:Second Amendment by Zcar · · Score: 5, Insightful

      Hell, Boston proved that the Fourth Amendment is no obstacle to searching people's houses without a warrant. Not only did the people there let them do it, but they were happy to let them do it.

      Yes. And there's no violation of the 4th Amendment if you willingly wave that right and say, "Come right on in and look around!" The 4th is only about coerced searches.

    2. Re:Second Amendment by Anonymous Coward · · Score: 5, Informative

      Yes. And there's no violation of the 4th Amendment if you willingly wave that right and say, "Come right on in and look around!" The 4th is only about coerced searches.

      This was modded up?

      The searches in Boston weren't "consensual" by any definition of the word. Luckily, people took videos of the police, even if in their disarmed state they couldn't stand up to them. The police were showing up with a SWAT team, banging on the door, holding the person who answered outside at gunpoint, and searching the houses. On the street even more SWAT team members waited in a tank with guns aimed at people visible through windows - including the person taking the video.

      But go ahead, explain to me how that's not a "coerced" search.

      And then the people cheered the police over this behavior - literally, there were people in the streets thanking the police for stripping them of their Constitutional rights. It's absolutely sickening and a perfect example of why the OP is absolutely right. People need to stand up for their rights against a police force that does not hesitate to use excessive force against their own population.

  7. Saw this on the Web today by judoguy · · Score: 5, Interesting
    "And how we burned in the camps later, thinking: What would things have been like if every Security operative, when he went out at night to make an arrest, had been uncertain whether he would return alive and had to say good-bye to his family? Or if, during periods of mass arrests, as for example in Leningrad, when they arrested a quarter of the entire city, people had not simply sat there in their lairs, paling with terror at every bang of the downstairs door and at every step on the staircase, but had understood they had nothing left to lose and had boldly set up in the downstairs hall an ambush of half a dozen people with axes, hammers, pokers, or whatever else was at hand?... The Organs would very quickly have suffered a shortage of officers and transport and, notwithstanding all of Stalin's thirst, the cursed machine would have ground to a halt! If...if...We didn't love freedom enough. And even more - we had no awareness of the real situation.... We purely and simply deserved everything that happened afterward."

    Aleksandr I. Solzhenitsyn

    --
    Peace is easy to achieve, just surrender. Liberty is much harder get/keep.
  8. Re:Depends by CanHasDIY · · Score: 5, Insightful

    If you can sniff the network and easily read what I sent then fine. If I secure my emails so they don't appear in plain text then I think you do.

    So basically your stance is - if you mail a letter in a sealed envelope, it's fair game, but if the letter is written in code, it's not.

    Strange philosophy you have there.

    --
    An enigma, wrapped in a riddle, shrouded in bacon and cheese
  9. Hard pressed to disagree by bignetbuy · · Score: 4, Interesting

    Cue the flamebait accusations....

    I'm can't disagree with the U.S. Government's position on this one. If data is sent via the Internet, the world's biggest public network, and isn't encrypted, then why should anybody need anything to read it? Unreasonable search and seizure doesn't apply when one person is talking to another person on a street corner...or on the world's biggest public network.

    Encrypt your messages and then an argument can be made for 4th Amendment violations.

  10. Yes, but... by Zcar · · Score: 4, Informative

    Yes, those all apply to email in your possession. But, not necessarily to those stored with third parties. It's called the Third Party Doctrine.

    http://www.abajournal.com/magazine/article/the_data_question_should_the_third-party_records_doctrine_be_revisited/

    In essence, the doctrine holds that information lawfully held by many third parties is treated differently from information held by the suspect himself. It can be obtained by subpoenaing the third party, by securing the third party’s consent or by any other means of legal discovery; the suspect has no role in the matter, and no search warrant is required.

  11. Re:Anonymous by homey+of+my+owney · · Score: 4, Informative

    Really. Carnivore has been around for 15 years.

  12. Definition of people has changed by Anonymous Coward · · Score: 4, Insightful

    Corporations are people, humans aren't.
    Money is speech, writing isn't.
    Democracy has sold out.

    Didn't you get the memo?

    movetoamend.org if you don't like it.

  13. Key management by Anonymous Coward · · Score: 5, Informative

    All we need is email programs that perform a Diffie-Hellman key exchange during the first few emails you exchange with anybody

    As always, the hardest part of practical cryptography is key management. What you are talking about is opportunistic encryption. It won't actually prevent decryption but it will force the attacker to do an active Man-In-The-Middle attack, which can be detected after the fact.

    This should be the default mode of operation for PGP mail. Whenever you send an email it should append your public key into the headers. As soon as your interlocutor responds, he can encrypt his reply and sign with his own public key, so all messages but the first one are encrypted. It should just work, nothing should be exposed to the user except a small keylock, which he can click if he's so inclined and verify things like key thumbprint etc. to detect tampering and/or explore full PGP functionality.

    For an environment such as webmail, this still offers zero security: you either keep the private key on the server, or you do the encryption operations on the clients's side. Since Javascript run-time a href=http://www.matasano.com/articles/javascript-cryptography/>is malleable it's very easy to retrieve the private key or the plain text back from the user when the government asks you.

  14. Second Amendment ... by pollarda · · Score: 5, Insightful

    The gun issue not withstanding, the Government's attack on the Second Amendment is horrific and sets up really bad precidence for the Fourth Amendment, First Amendment, as well as others.

    FOURTH AMENDMENT
    Just think: In order to exercise your Fourth Amendment rights against unreasonable search and seizure, the Government needs to perform a background check on you to ensure that you are an upstanding citizen.

    FIRST AMENDMENT
    In order to exercise your First Amendment rights, you are subject to a three day waiting period. You may only use media types approved by the Government. Discourses conducted through media not sanctioned is a felony.

    etc.

  15. Gun Clutchers... by Uberbah · · Score: 4, Insightful

    The gun issue not withstanding, the Government's attack on the Second Amendment is horrific

    ...need to get the hell over themselves and come back to reality. What attack on the Second Amendment. The Senate can't even expand background checks FFS.