Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

US Police Increasingly Peeping At Email, IMs

timothy posted more than 3 years ago | from the y'know-just-a-little-peek dept.

Government 113

angry tapir writes "US law enforcement organizations are making tens of thousands of requests for private electronic information from companies such as Sprint, Facebook and AOL, but few detailed statistics are available, according to a privacy researcher. Police and other agencies have 'enthusiastically embraced' asking for e-mail, instant messages and mobile-phone location data, but there's no US federal law that requires the reporting of requests for stored communications data, according to Christopher Soghoian, a doctoral candidate at the School of Informatics and Computing at Indiana University."

cancel ×

113 comments

Sorry! There are no comments related to the filter you selected.

Happened to me (3, Interesting)

Anonymous Coward | more than 3 years ago | (#35806190)

I had an out-of-state police dept. gain access to my Gmail account for a joke email I forwarded to somebody who requested it. The intended recipient provided me the wrong email address (off by one letter) and it ended up in the wrong mailbox. It was not threatening/sick/graphic, yet they were able to access my account and locate me by phone.

Re:Happened to me (1)

jonamous++ (1687704) | more than 3 years ago | (#35806280)

That's actually really creepy, more so since the email was just a joke email.

I always stick to the "email is not secure" motto. Encrypt something that needs to be protected. If the person doesn't screw around with e-mail encryption (let's be honest, it's not easy and most people would give up on it; they don't think there is a need), then I'll at least use an encrypted zip/rar file and stick it in my public dropbox. They can get it there.

Re:Happened to me (3, Informative)

Abstrackt (609015) | more than 3 years ago | (#35806340)

I say that if you're going to encrypt, encrypt everything or at least as much as possible. If the authorities want to come after me with a five dollar wrench so be it, anything that important wouldn't be in my email anyway.

And email encryption is not easy? Install Thunderbird, GnuPG [gnupg.org] and Enigmail [mozdev.org] . You can even set rules to encrypt emails to specific people by default. I've gotten my family, close friends and coworkers using Enigmail and they love it. Even better, and my ulterior motive from the start, is that I now have a good-sized web of trust.

Re:Happened to me (4, Insightful)

jonamous++ (1687704) | more than 3 years ago | (#35806594)

It's easy for me and it's easy for you - it's even easy to use once it's set up (assuming they are vigilant). But if I told my (very non-geek) girlfriend to encrypt her e-mails, she would have no clue on where to start. I could certainly help her but the problem is that not everyone has someone to ask or would even care enough to do so (obvious, since most people don't encrypt their email).

I definitely agree that everything should be encrypted, it has a great deal of benefits (aside from my opinion that cryptography is just fascinating). It's problematic though, since most people don't think that way - now we're back at square one, how am I supposed to send an encrypted e-mail to someone without a public key? Even if they had one, we still run into some problems with people not paying attention to what they are doing (did they verify that the fingerprint I gave them matched before they trusted my public key? Not likely).

I think computer security in general is far removed from many people's minds outside of paying their 40$/yr to Symantec. E-Mail encryption? They simply don't care.

Ask Slashdot Submission (2)

bradley13 (1118935) | more than 3 years ago | (#35808572)

It's easy for me and it's easy for you - it's even easy to use once it's set up (assuming they are vigilant). But if I told my (very non-geek) girlfriend to encrypt her e-mails, she would have no clue on where to start. I could certainly help her but the problem is that not everyone has someone to ask or would even care enough to do so (obvious, since most people don't encrypt their email).

I definitely agree that everything should be encrypted, it has a great deal of benefits (aside from my opinion that cryptography is just fascinating). It's problematic though, since most people don't think that way - now we're back at square one, how am I supposed to send an encrypted e-mail to someone without a public key? Even if they had one, we still run into some problems with people not paying attention to what they are doing (did they verify that the fingerprint I gave them matched before they trusted my public key? Not likely).

I think computer security in general is far removed from many people's minds outside of paying their 40$/yr to Symantec. E-Mail encryption? They simply don't care.

I have a submission pending on just this topic. I find it shocking that email encryption has not become simple to set up and standard to use. The reason our friends and family don't use it, is because solutions are platform dependent, or require technical knowledge to set up, or are a total pain to use, or all of the above.

There is really no excuse for this situation. Email encryption (and digital signing) should be automatic and transparent. Granted, only tech-nerds will take proper care of their keys, but a standardized solution would still be much better than nothing.

Re:Happened to me (0)

Anonymous Coward | more than 3 years ago | (#35810458)

One big problem here is the massive imbalance of writing-skills vs geek-power. The geek-syndrome often prevents things from being written in a truly clear and understandable format. Many of the tutorials I have seen attempting to explain encryption from basics to advanced, either miss things, or seem deliberately confusing.

Wrench & Geniuses (1)

TaoPhoenix (980487) | more than 3 years ago | (#35806498)

(Intro note - XKCD is speeding up communication by giving us handy memes!) I agree with the poster below that if the authorities decided to do their thing, we do really have to watch out for the five dollar wrench effect. Encrypted email? "Give us the key". Some double-blind unknown and unknowable key, on both sides? The "what are you hiding" crowd is having a disturbing influence lately.

  That's the downside of the "leverage the genius" effect of the new internet - it used to be any old state police force couldn't solve some things, but now they just have to refer it to "Cyril at the NSA" who will do some wizardry like "Schrodinger-Cat's Smile Analysis to boundary define what must be the same message covered by two different keys" or something coupled with Looping It Through Jones the Cyber-Dolphin" to crack it open anyway.

Re:Wrench & Geniuses (0, Interesting)

Anonymous Coward | more than 3 years ago | (#35807136)

The "what are you hiding" crowd is having a disturbing influence lately.

There's an easy, direct answer to that: "Well, what do you want to find??"
Because that's what it's all about. Them wanting to find "something". Anything, really. To get you to obey and serve.

That's why this goes so well with churches: They invented it! And churches are on the real pro level. Because they simply defined basic human things like having fun with sex, etc, as crimes ("sins"). So they don't have to find something. They know they have something on you to punish you for. And since everyone is a criminal^Wsinner, everyone has to do as they say, so be "saved".
They drove this so far, that the victims themselves protected their overlords!

Compared to churches, our semi-totalitarian governments are dilettantish n00bs. Look for the churches, and the dark ages, for the real professional mindfuck that might await us again.

Re:Wrench & Geniuses (1)

GameboyRMH (1153867) | more than 3 years ago | (#35807556)

The $5 wrench was known as the rubber hose before XKCD. But they helped teach people about it so that's always a plus.

Re:Happened to me (1)

Culture20 (968837) | more than 3 years ago | (#35807044)

I had an out-of-state police dept. gain access to my Gmail account for a joke email I forwarded to somebody who requested it. The intended recipient provided me the wrong email address (off by one letter) and it ended up in the wrong mailbox. It was not threatening/sick/graphic, yet they were able to access my account and locate me by phone.

That's actually really creepy, more so since the email was just a joke email. I always stick to the "email is not secure" motto. Encrypt something that needs to be protected. If the person doesn't screw around with e-mail encryption (let's be honest, it's not easy and most people would give up on it; they don't think there is a need), then I'll at least use an encrypted zip/rar file and stick it in my public dropbox. They can get it there.

"We received a complaint about you sending a gibberish email to the victim, so we accessed your gmail account and found all of your emails are encrypted. Just what are you hiding, jonamous++?"
Just imagine all the spam that gets sent with real people's email addresses as the sender; that potentially justifies a warrant for your email provider now?

Not surprising (1)

Anonymous Coward | more than 3 years ago | (#35806320)

As the business of government continually expands in both revenue and power over the people, liberty is oppressed proportinally. There is no way out, except to reduce the size and scope of government. You want a government big enough to give you everything you want? By necessity, that government is big enough to take everything you have -- including your god-given right to self-ownership.

Re:Not surprising (1)

Anonymous Coward | more than 3 years ago | (#35808290)

As the business of government continually expands in both revenue and power over the people, liberty is oppressed proportinally. There is no way out, except to reduce the size and scope of government. You want a government big enough to give you everything you want? By necessity, that government is big enough to take everything you have -- including your god-given right to self-ownership.

Yet the cuts that I see being proposed (yes, even by the tea party/libertarian types) are mostly bullshit on this front.

Where are the proposals to defund DHS or TSA? No one is proposing any. Yet, that's where the real threats to our liberty lie. Instead, it is nickel and dime bullshit directed against planned parenthood, NPR, or head start.

Now tell me, AC, who did you vote for in 2000? 2004? Because that's when the biggest power grab happened.

Fucking faux 'libertarians', you didn't bother getting involved because the theft of your rights was wrapped in the American flag and tied with a "Support our Troops" yellow ribbon.

But now that there is a Democrat in the White House, you come crawling out of the woodwork, crying a river about the loss of your liberties. Guess what, it already happened right under your flag-waving nose. You Johnny-come-lately libertarians are big fat hypocrites who missed, no, enabled the shredding of the Constitution because you were too fucking stupid to fight it when you had the chance.

Happened to me (-1)

Anonymous Coward | more than 3 years ago | (#35806430)

Cops reading your email? Burn their flag [flagburningworld.com]

Re:Happened to me (1)

Anonymous Coward | more than 3 years ago | (#35806578)

You are a sad individual.

Net neutrality (1)

bonch (38532) | more than 3 years ago | (#35809428)

After experiences like that, how can some people continue to advocate for "net neutrality" and increased government control of the internet? The potential for abuse and corruption seems so blindingly obvious. A private organization that accessed your Gmail account and located you by phone could be punished for violating privacy laws, but the government is free to sidestep such limitations all the time.

Re:Net neutrality (0)

Anonymous Coward | more than 3 years ago | (#35811780)

Once again, you lie about what net neutrality is because you know you are not competent to make an intelligent argument against it.

Big surprise. (-1)

Anonymous Coward | more than 3 years ago | (#35806208)

Dicks.

Re:Big surprise. (1)

Chrisq (894406) | more than 3 years ago | (#35806328)

Dicks.

A request for your IP address has already been registered.

The Constitution is federal law. (3, Informative)

jcr (53032) | more than 3 years ago | (#35806256)

What's it got to say about this kind of thing?

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

Any statute which purports to give the government access to our electronic communications without a warrant is not a law at all. It's a usurpation.

-jcr

Re:The Constitution is federal law. (3, Insightful)

Bob9113 (14996) | more than 3 years ago | (#35806706)

>> against unreasonable searches and seizures

> Any statute which purports to give the government access to our electronic communications without a warrant is not a law at all. It's a usurpation.

First, I agree with you. I believe that the spirit and intent of The 4th, and the spirit and intent of The 1st, are being violated. The 4th for obvious reasons. The 1st because the concept of free association and speech is hollow when the government is always listening.

That said, to clarify how the letter is not being violated, at least in their eyes:

"Unreasonable" is interpreted to mean that searches and seizures are Constitutional in any case where you do not have a reasonable expectation of privacy. Since email travels in the clear (mostly) and when you use a cloud service you are giving the information to an untrusted third party, the courts hold that you do not have a reasonable expectation of privacy.

We can wail and gnash our teeth all we want. It is, to me, unquestionably a violation of the principles upon which this nation was founded. And we should. We should make it clear to everyone we know that this is going on, and ask that the policy be changed.

Meanwhile, we (information science professionals, enthusiasts, and hobbyists) should focus on the letter-of-the-law side as well. Restore the reasonable expectation of privacy in electronic communication. Endpoints, content, protocols, everything. It's not easy, but we can do it.

I have a project in that vein I'm working on. We all should.

Re:The Constitution is federal law. (2)

Culture20 (968837) | more than 3 years ago | (#35807194)

Since email travels in the clear (mostly) and when you use a cloud service you are giving the information to an untrusted third party, the courts hold that you do not have a reasonable expectation of privacy.

*we*, the geeks, don't have a reasonable expectation of privacy, but ordinary folk should. They become very surprised when they find out their emails are more public than a land-line telephone conversation.

Re:The Constitution is federal law. (0)

Anonymous Coward | more than 3 years ago | (#35808684)

Every time we send snail mail we are giving information to a third party, but actually do have a reasonable expectation of privacy. Why should email be any different?

Re:The Constitution is federal law. (0)

Anonymous Coward | more than 3 years ago | (#35811826)

Every time we send snail mail we are giving information to a third party, but actually do have a reasonable expectation of privacy. Why should email be any different?

Because it is on a "computer" and sent over this thing called the "internet". And, when the anti-liberty, pro-gubmint lawyers argue how different it is, the judges' eyes glaze over and they start drooling out the side of their mouths.

Re:The Constitution is federal law. (2)

Sabriel (134364) | more than 3 years ago | (#35807990)

Since email travels in the clear (mostly) and when you use a cloud service you are giving the information to an untrusted third party, the courts hold that you do not have a reasonable expectation of privacy.

Um, as an Aussie I may just be showing my foreign lack of clue, but if you replace "email" with "postal mail", and "a cloud service" with "FedEx", how the bloody hell does that make one damn iota of difference to the Fourth Amendment? Seems to me Justice wasn't just blind on the day US courts came to that conclusion, she was stabbed with her own sword and left bleeding to death in an alley somewhere.

Or have I totally misunderstood the reach of the Fourth Amendment and the US government has always been allowed to go warrantlessly rifling through postal trucks and mail rooms reading everyone's letters?

Re:The Constitution is federal law. (0)

Anonymous Coward | more than 3 years ago | (#35808794)

Mail is generally sealed so it is "easy" (I quote this because adhesives do fail and items occasionally arrive 'open') to identify when it's been accessed prior to the recipient receiving it. The envelope creates the expectation of privacy.

However, email generally flies around in clear text, which is the equivalent of postcards. The problem, in my view, is that the owner of the email account must use a password to access their emails, so it's entirely plausible to me that an end user have a reasonable expectation of privacy because in order to view their own email, they must have a 'key' to open it (the password). The idea that there are many ways for others to view their personal email without this 'key' never really materializes in an end user's thought process.

Re:The Constitution is federal law. (1)

Yakasha (42321) | more than 3 years ago | (#35810644)

However, email generally flies around in clear text, which is the equivalent of postcards.

I thought it traveled around on a wire, like an unencrypted phone call, and is stored on a disk, like voice mail left for me on my cell phone... which requires a warrant to hear... unless... did Verizon switch to magic flying postcards and not tell us?

Re:The Constitution is federal law. (1)

Bob9113 (14996) | more than 3 years ago | (#35809644)

> if you replace "email" with "postal mail", and "a cloud service" with "FedEx", how the bloody hell does that make one damn iota of difference to the Fourth Amendment?

Not that I agree with it, but there are two differences that are in play:

1. The envelope.

2. In-transit versus stored.

I think the former does not hold water because telephone conversations do not take place within an envelope, but are protected. That is when they shift to item 2; phone calls are in-transit, not stored. I think that is a crock, but it is the difference they use.

I put it in roughly the same "Are you freaking kidding me?!?" class as the unitary executive.

Re:The Constitution is federal law. (1)

drinkypoo (153816) | more than 3 years ago | (#35806930)

In principle, I agree with you. But in reality, if the email is stored somewhere else, while it might be yours in name, it's NOT your data. It belongs to everyone who has it.

Re:The Constitution is federal law. (1)

betterunixthanunix (980855) | more than 3 years ago | (#35807608)

Which is exactly why we need to encrypt our emails and IMs. I have found that encrypting IMs is a hell of a lot easier to do with OTR, at least when dealing with non-technical folk, than encrypting email with PGP or S/MIME. OTR is non-intrusive, easy to install, and verification can be done without subjecting people to the pain of fingerprints (I never thought hashes were so hard to check, but most people seem to get turned off as soon as they see hexadecimal numbers).

Unfortunately, Facebook has set us back even further when it comes to encryption, but that is another story entirely.

Re:The Constitution is federal law. (1)

Gripp (1969738) | more than 3 years ago | (#35807730)

if that were true then why would we as individuals get in trouble with the law for doing the exact same thing? if i go and peek into your emails i'm subject to criminal prosecution. why? because its not mine to look at. so how are they any more justified in doing so without probable-cause/warrant?

Re:The Constitution is federal law. (1)

ahodgson (74077) | more than 3 years ago | (#35809564)

Because prosecutors choose who to prosecute. And cops are above the law, unless they get caught on film beating someone up without cause. And even then, they usually get away with it.

Not legally, but in reality. Welcome to the future. And it's not just the US, we have the same problem in Canada.

Re:The Constitution is federal law. (1)

Curunir_wolf (588405) | more than 3 years ago | (#35808304)

In principle, I agree with you. But in reality, if the email is stored somewhere else, while it might be yours in name, it's NOT your data. It belongs to everyone who has it.

They why is it treated differently if it is "stored" on a piece of paper?

Re:The Constitution is federal law. (1)

drinkypoo (153816) | more than 3 years ago | (#35809074)

What does paper have to do with anything? If your physical mail is stored somewhere out of your control then you have to assume someone else could have read it, too. I trust the USPS to carry the mail that I send through it. I trust the internet to carry the email that I send through it. If I feel it needs to be encrypted then I can do that. I don't trust my ISP or gmail to store anything and only give it to me. On the other hand, I don't engage in illegal activity via my gmail account.

Re:The Constitution is federal law. (1)

Curunir_wolf (588405) | more than 3 years ago | (#35809266)

What does paper have to do with anything?

Are you kidding with this? How about 18 USC 1702 [justia.com] ?

Re:The Constitution is federal law. (1)

drinkypoo (153816) | more than 3 years ago | (#35809422)

You're still not getting it. You get as much justice as you can afford. Can you please explain for me why the USDOJ found that Microsoft had illegally exploited their monopoly position in a variety of ways, yet was let off the hook without so much as a hand-slap, and why Bill Gates continues to be in control of billions of dollars of money whose acquisition was actually proven to be illegal, but people are being evicted from their homes over their inability to pay off bullshit mortgages while companies hold seminars on how to avoid hiring qualified candidates so that you can hire H1-Bs instead? Much of the evidence against him was on the paper you love so well.

Yes, I DO just love to drag Microsoft and Gates through the fire, but it illustrates my point; justice is not applied evenly.

All I originally set out to state is that it's trivially easy to copy your digital records and you never even know about it. But frankly, anything you've written down can be used against you in one way or another. Bullshit charges are brought all the time and information found during a search in conjunction with an illegal arrest can now be used to build other cases against you and so on. You really don't have the rights you think you have. One by one they are being eliminated.

Re:The Constitution is federal law. (1)

Curunir_wolf (588405) | more than 3 years ago | (#35809610)

You're still not getting it. You get as much justice as you can afford.

Because the government is too big. Shrink it down to a manageable size and they wouldn't require tribute from everyone like they do now.

Can you please explain for me why the USDOJ found that Microsoft had illegally exploited their monopoly position in a variety of ways, yet was let off the hook without so much as a hand-slap.

Because Microsoft had tons of money and pretty much kept out of politics and ignored all the blustery puffing going on in DC. Once they started throwing money at the politicians and paying lobbyists to take them out to fancy dinners and junkets, they got all warm and fuzzy about them.

You really don't have the rights you think you have. One by one they are being eliminated.

Of course. Government grows at the expense of liberty.

Re:The Constitution is federal law. (1)

drinkypoo (153816) | more than 3 years ago | (#35809626)

You get as much justice as you can afford.

Because the government is too big. Shrink it down to a manageable size and they wouldn't require tribute from everyone like they do now.

I've seen no evidence that the size of government changes the fact of tribute, although it may well have bearing on the amount.

Re:The Constitution is federal law. (1)

Curunir_wolf (588405) | more than 3 years ago | (#35810038)

I've seen no evidence that the size of government changes the fact of tribute, although it may well have bearing on the amount.

Wow way to create a straw man out of something I barely said. It has a bearing not just on the amount, but the ability to demand it and the number of people they demand it from. At one time it was just the whiskey distillers and the import/export businesses. The government actually had to go begging for a loan from JP Morgan because he had money and they didn't. FDR grew government tremendously, and threw a much wider net, until he was demanding tribute from every business and farmer he could get his thumb on.

These days it's almost impossible for a business of any size to be successful without political contribution and lobbying fund, because if you don't your competitors that do will soon have crony laws in place that will put you at a significant disadvantage. It's no wonder consumers are their power to pick winners and losers in the marketplace - it's been rigged by a thousand rules from Washington that make sure their favored companies can crush all the unfavored competition.

If you think a smaller government could have that kind of manipulative influence in virtually every market, I've got a bridge you'll want to make an investment in.

Re:The Constitution is federal law. (0)

Anonymous Coward | more than 3 years ago | (#35809094)

So if it was a piece of music stored in digital form, then I need a licence to even listen to it and ownership resides entirely with the original creator.

But if it's personal mail, there's no licence required and ownership rests with whoever has possession?!

What the Fuck?

Re:The Constitution is federal law. (1)

Gripp (1969738) | more than 3 years ago | (#35807686)

what bother's me the most is that you only got a 2 for that post. people can debate the exact interpretation of individual words all they want, but we all know the intent. and these actions don't line up.

moreover, if the searches were "reasonable" then they wouldn't have a problem getting a warrant.

How do they know who it is (1)

Captain.Abrecan (1926372) | more than 3 years ago | (#35806264)

Yeah but how do the police link a citizen to a E-mail account? Is it easy enough to make snooping worthwhile?

Re:How do they know who it is (0)

Anonymous Coward | more than 3 years ago | (#35806346)

Easy! They backtrace it! These are the CyberPolice we're talking about here!

Re:How do they know who it is (1)

GameboyRMH (1153867) | more than 3 years ago | (#35807618)

I'm behind 7 proxies. Good luck.

Re:How do they know who it is (1)

corbettw (214229) | more than 3 years ago | (#35807274)

They use a GUI interface in Visual Basic, duh.

Re:How do they know who it is (1)

Bucky24 (1943328) | more than 3 years ago | (#35809978)

Since no one else seems to have given a useful answer here....
An email address is easily traced back to the domain it came from. At the company I work for, the domain is either one of our own email domains we give to customers or a hosted domain. All hosted domains point to our company. If someone wants to find out what customer is using an email they send us a subpoena request, then we look up the customer account based on domain/email address (which are records we are required by law to have).

I will (and have) refused to honor subpoena requests that didn't come attached with a judge's signature, so it's at least as difficult as getting a judge to sign off on something. You can decide for yourself how easy that is ;)

I'm sure this will get worse (1)

ciderbrew (1860166) | more than 3 years ago | (#35806282)

Any advice, other than do not use these services would be welcome. The dos and donts.

Re:I'm sure this will get worse (1)

Chrisq (894406) | more than 3 years ago | (#35806336)

Any advice, other than do not use these services would be welcome. The dos and donts.

Use your neighbour's wifi and a account in their name.

Re:I'm sure this will get worse (1)

muffen (321442) | more than 3 years ago | (#35806422)

Personally I run my own email-server, its not very expensive and you get full control of a domain. Now with all the virtual servers in-the-cloud, the entrycost is next to none, and you get a domain that you control. There are still some good ones out there up-for-grabs.
This way, at least communication between the people on the mailserver cannot be traced (of course, encrypt traffic to and from the mailserver).

If there are people outside this you are communicating with, then email encryption is probably the only resonable way. Same goes for IM, on the MAC I use Adium that can do encryption.

I'm sure there are people who has other suggestions but I do all of the above, and it works not only for me but also my wife, parents and sibblings, who care very little for computer security. Giving them an email address that has firstname@lastname.domain is something they found positive, and getting them to use Adium wasn't that hard as its an all-in-one-client. The security wasn't the selling point which, I think, is the reason I got them to use it.

Re:I'm sure this will get worse (0)

Anonymous Coward | more than 3 years ago | (#35807376)

Personally I run my own email-server, its not very expensive and you get full control of a domain. Now with all the virtual servers in-the-cloud, the entrycost is next to none, and you get a domain that you control.

What makes you think this gives you any protection against this? Where is your server located? Is it in a secure facility where only you can access the hardware? Is it fully patched?
What makes you believe that when you are deemed a Worthy Target(tm) (and the barrier to becoming a worthy target is lowering by the day), a request wouldn't be made to whoever physically hosts your server for access to your machine? All they need is a tiny amount of 'downtime' (as it would appear on your radar) to make a full forensic copy of your server's drives. After that, the machine is booted up again and you are none the wiser... Heck you may not even notice the downtime at all...
Of course, you could encrypt everything (full HD encryption) on that box but why would you? Now there is 'proof' (or at least probable cause) that you may have something to hide (why else would you encrypt - I know, I know, "make encryption illegal and only criminals will encrypt)" which only justifies why you are a Worthy Target(tm) and should remain on their shortlist. (and just for your viewing pleasure, have this mandatory xkcd reference: http://xkcd.com/538/)

It baffles me that people continue to believe that this can't happen to them because they 'run their own server'...

Even if you run the machine in a secure facility where only you have physical access to the box, then it's just a matter of finding a root vulnerability in order to access it. It's not like that hasn't been done before...

Right... now where's me tin-foil hat...?

Re:I'm sure this will get worse (1)

Curunir_wolf (588405) | more than 3 years ago | (#35808446)

Personally I run my own email-server, its not very expensive and you get full control of a domain. Now with all the virtual servers in-the-cloud, the entrycost is next to none, and you get a domain that you control.

What makes you think this gives you any protection against this? Where is your server located?

Mine is in my house, which will require a warrant to access.

Even if you run the machine in a secure facility where only you have physical access to the box, then it's just a matter of finding a root vulnerability in order to access it. It's not like that hasn't been done before...

I thought we were talking about the police? If I was ever doing anything that would prompt law enforcement to go to that level of effort to access my email ... AND it was something that I could absolutely NOT avoid putting it in an email, well, it wouldn't be stored on anything I own can be linked to anyway.

Re:I'm sure this will get worse (1)

betterunixthanunix (980855) | more than 3 years ago | (#35808246)

Any advice, other than do not use these services would be welcome. The dos and donts.

End to end encryption for all email and IM. We have had strong encryption available to us for decades now.

Land of the free .... (2, Insightful)

Anonymous Coward | more than 3 years ago | (#35806292)

Welcome to the land of the free and the home of the brave, where big brother can ask for all of your private information and it will be handed over without record.

Where there is no Fourth amendment, and judicial oversight are things of the past. Where you have no expectation of privacy, and the government involves itself in every aspect of your life.

Never talk to the rest of the world about your freedoms and your wonderful society ... it doesn't exist as you remember it, and you're happy to be blissfully aware as long as they keep putting out American Idol and Facebook stays online.

You guys really need to reign in your government, before it's too late for all of us ... because once your government fully becomes asshats who don't respect your rights, all of the rest of us are completely fucked.

You're on your way to being worse than the soviets ever dreamed of.

Re:Land of the free .... (2)

dkleinsc (563838) | more than 3 years ago | (#35807552)

You guys really need to reign in your government, before it's too late for all of us ... because once your government fully becomes asshats who don't respect your rights, all of the rest of us are completely fucked.

We tried that the legal way, electing a guy who was a card-carrying ACLU member who had taught constitutional law and written a lot of pro-civil liberties articles to the highest office in the land. The trouble was that he just turned out to be another asshat who didn't respect our rights once he got in office.

There's good news though: So far, I haven't been privy to any recent attempts to violate my Third Amendment right to not have troops quartered in my home without my consent.

Re:Land of the free .... (0)

Anonymous Coward | more than 3 years ago | (#35807836)

"Never talk to the rest of the world about your freedoms and your wonderful society ... it doesn't exist as you remember it, and you're happy to be blissfully aware as long as they keep putting out American Idol and Facebook stays online."

You are positing that because citizens of the US have crafted an imperfect society their voices doesn't deserve to be heard. I'd recommend that you not tell tens of millions of people that their voice doesn't deserve to be heard in an online forum. It makes you appear as either delusional or incompetent. (I mean, what kind of autocrat would frequent ./?)

Re:Land of the free .... (2)

cobrausn (1915176) | more than 3 years ago | (#35807882)

... and you're happy to be blissfully aware as long as they keep putting out American Idol and Facebook stays online.

I'm reminded of a comment on the fake twitter account for Mahmoud Ahmadinejad when that asshat in Florida was going on about burning the Qur'an a few months ago. "I like to retaliate by burning a book that you Americans hold dear, but the only book you care about is Facebook."

I think Zuckerberg has created a monster. It seems to be capable of helping people organize great changes in their nation, but is equally capable of helping them continue to ignore what they should be paying attention to.

Nanny state (0)

pablo_max (626328) | more than 3 years ago | (#35806296)

Are you suggesting that a western nanny state government, is looking into the private lives of its citizens? That is simply shocking!

Re:Nanny state (0)

Anonymous Coward | more than 3 years ago | (#35810640)

It's pretty shocking to call the USA a "nanny state". Rapidly approaching third-world status in terms of social services; 20 million children living in poverty; nearly 4% of the population on parole, probation or in prison; incredible levels of corruption throughout government, law enforcement and media; failing educational system; wealth inequality rivaling the finest banana republics.

That is the short list.

Well, there is the Wall Street Daycare I suppose. The babies often switch places with the minders though which causes all sorts of problems...

Simple Solution (3, Insightful)

PvtVoid (1252388) | more than 3 years ago | (#35806332)

Run your own mail server. It's not a complete solution, since in principle ISPs could be storing data transmitted over their networks, but it at least makes it more expensive to violate your privacy.

But Gmail? Facebook? I am continually amazed by people who store their personal data in these places and expect it to stay private.

Re:Simple Solution (1)

JustAnotherIdiot (1980292) | more than 3 years ago | (#35806650)

"not a complete solution"

Nor is it a realistic solution for most of the world.

Re:Simple Solution (1)

pipboy9999 (1088005) | more than 3 years ago | (#35806790)

"not a complete solution" Nor is it a realistic solution for most of the world.

Running a mail server from home would violate just about every ISP ToS I have seen as well.

Re:Simple Solution (2)

PvtVoid (1252388) | more than 3 years ago | (#35806902)

Running a mail server from home would violate just about every ISP ToS I have seen as well.

Pay a commercial provider for SMTP connections to/from the outside world, and have them forward the messages to your local server. Configure your IMAP server to listen on a non-standard port. The point is to have the storage be local.

An ISP that blocks all incoming connections isn't an ISP.

Re:Simple Solution (2)

GeorgeS (11440) | more than 3 years ago | (#35808000)

An ISP that blocks ANY incoming connections isn't an ISP.

Fixed that for ya.

Re:Simple Solution (1)

Baseclass (785652) | more than 3 years ago | (#35809794)

An ISP that blocks ANY connections isn't an ISP.

FTFY

Or encryption (1)

DrYak (748999) | more than 3 years ago | (#35806840)

GPG for email, OTR for IM, and ZRTP for VoIP. (No. No skype for VoIP. It's encrypted too, but as it's not opensource, nobody can check there's no backdoor).
Everybody has a right to privacy, everybody has a right to use the correct tools for that.

If anyone pulls a "but this will allow the evil pedo-terrorist pirates to roam free" complain, see all the report of arrests :
- How many high level criminal were arrested thanks to communication intercepted by stealing encryption keys, cracking 56-bits password with continent-sized super-clusters, etc. (None that I've ever heard, and I think /. would be the fist to post about it if it happened)
- How many high level criminal were arrested, because their communication was encrypted with some moronic Caesar or ROT-13 scheme (seems to pop up on a regular basis
- How many normal people got embarrassed because they didn't encrypt critical data, and got the hard-disk or the laptop stolen / hacked / sold 2nd hand without wiping ?

Most of the time, encryption protects privacy. Not "evil pedo-terrorist pirates".

Re:Simple Solution (0)

Anonymous Coward | more than 3 years ago | (#35807014)

You don't have to run your own server, you just have to encrypt your mail. I use comcast's server. But evolution, kmail, almost every other modern email client has built in support for GPG. All you have to do is use it. Then it doesn't matter whose server you use. Only the headers are exposed, not the message body.

I'm astonished more people don't do this by now.

Re:Simple Solution (0)

Anonymous Coward | more than 3 years ago | (#35807358)

I actually ran my own mail server from home for a little while. The problem with that was because of the IP my email was originating from, people I would send email to, would not receive the email. Their (company) email servers would block my email. I was receiving emails, and some of the free services (like a hotmail) would receive what I sent, but most people would never get the email.

Re:Simple Solution (1)

chihowa (366380) | more than 3 years ago | (#35811000)

I actually ran my own mail server from home for a little while. The problem with that was because of the IP my email was originating from, people I would send email to, would not receive the email. Their (company) email servers would block my email. I was receiving emails, and some of the free services (like a hotmail) would receive what I sent, but most people would never get the email.

If you get a static IP address from your ISP, ask them to change the reverse DNS record so that it points to your chosen host and domain name. Unless you're in a block that has been specifically included in a blacklist (like some cable company blocks), then passing reverse-DNS will satisfy most other mail servers. I've never had my email not go through and I'm on DSL.

From a cop... (2, Interesting)

Anonymous Coward | more than 3 years ago | (#35806342)

My father is a cop, supervisor of investigations here actually, and I asked him about this once. If I remember correctly, the standard our police use is that any electronic documents that you have in your possession (i.e. a cell phone pic or document on a laptop) at the time of arrest are free game unless they are locked, encrypted, etc. If the document is not in your immediate possession (readable with out connecting to a server or decrypting), then they need a warrant from a judge to view them. The concept is the same as a locked briefcase, they can't force you to open it with out a warrant.

Also, Keep in mind that just because they are making the requests, doesn't mean they are being honored. I didn't see any thing in the article citing how many of these requests were actually processed, and the desired information handed over to the police. In fact, when I worked for Sprint we were all instructed in the event that some one approached the retail staff about making these requests that they were required to contact a division of the legal department and that they would likely need a warrant/court order.

Also, IANAL and neither is my father...so take what I say with a grain of salt.

Re:From a cop... (0)

Anonymous Coward | more than 3 years ago | (#35806762)

Also, Keep in mind that just because they are making the requests, doesn't mean they are being honored. I didn't see any thing in the article citing how many of these requests were actually processed, and the desired information handed over to the police. In fact, when I worked for Sprint we were all instructed in the event that some one approached the retail staff about making these requests that they were required to contact a division of the legal department and that they would likely need a warrant/court order.

I don't know when you supposedly works for Sprint but they, along with every other mobile carrier in the US, have a portal set up where the police enter the desired information request, along with qualifying information, pay, and get said information. There is not warrant or even notice to the customer being searched. This should be prosecuted to the fullest extent of the law, IMO.

Re:From a cop... (1)

MaskedSlacker (911878) | more than 3 years ago | (#35810908)

This should be prosecuted to the fullest extent of the law, IMO.

Done, and done. Oh, I'm sorry, did you mean it should actually be illegal? Maybe you should try saying what you actually mean.

a closer look at living in fear/deceit immersion.. (0)

Anonymous Coward | more than 3 years ago | (#35806488)

as a means to 'cool' the populations' perception of being annihilated, so that's good? sort of works? fear, like the hymen, appears to be an 'installed' feature of man'kind'? opposes everything we were designed to do. the truth hurts? we don't want to know? two lies we believe daily? now the local cops are 'spies' too? pr.gov fails again?

Hm. (1)

JustAnotherIdiot (1980292) | more than 3 years ago | (#35806598)

"there's no US federal law that requires the reporting of requests for stored communications data"

This is the only problem I have with this. If they want to look through my logs, fine, but I want to know what they're looking at and why.
And while I don't expect it in a million years, it would also be nice to have the power to tell them to fuck off if I don't want them looking

Re:Hm. (1)

pipboy9999 (1088005) | more than 3 years ago | (#35806746)

Unfortunately if you are being arrested or they have a warrant you don't have the right to tell them to fuck off...for the most part.

Re:Hm. (2)

linuxwolf69 (1996104) | more than 3 years ago | (#35807456)

The point is, according to TFS, the cops DON'T have a warrant. At this point, you could tell them to fuck off... Of course, many people would say that this leads the cops to have "probable cause" because if the person doesn't have anything to hide, why wouldn't they let the cops look?

Re:Hm. (1)

freaq (466117) | more than 3 years ago | (#35808642)

No, you don't tell them to fuck off. You tell them to come back with the proper paperwork from a judge proving that they are not engaging in a personal vendetta on company time.

Personally, I don't let cops search without a warrant because having nothing to hide means any reason they offer for inspection is false. If it's even remotely plausible, then they should try to gussy it up for a judge first. I've found that judges are, in general, adept at spotting shenanigans.

Please, practice saying this: "I object to your search because there is nothing to hide."

Re:Hm. (1)

linuxwolf69 (1996104) | more than 3 years ago | (#35809260)

I agree with you entirely, and have taught my kids that their privacy is their privacy, and the school has no right going through their stuff. I've even told my daughter that if they send her to the office, that's ok, she won't be in trouble for refusing to let them search hear stuff, and I'll be notified and will come up there.

I think a lot of people in the US need to reread the US Bill of Rights, Constitution, and all of the amendments and really study them. This really needs to be done in the government as well. How about a mandatory study of the constitution before congressional term begins after being elected? And on the electee's time and dollar, not the tax payer's.

Re:Hm. (1)

Bucky24 (1943328) | more than 3 years ago | (#35810054)

And on the electee's time and dollar, not the tax payer's.

And that's why it will never happen.

Re:Hm. (1)

MaskedSlacker (911878) | more than 3 years ago | (#35810940)

Of course, many people would say that this leads the cops to have "probable cause" because if the person doesn't have anything to hide, why wouldn't they let the cops look?

Thankfully those morons usually aren't judges. Refusing to consent to a search (along with pleading the fifth) is not, never has been, probable cause.

Hopefully the Privacy Bill of Rights in Congress (4, Informative)

Shivetya (243324) | more than 3 years ago | (#35806690)

will fix all of this, oh wait, by the standard of law naming in Congress this will do the opposite of what it claims.

See http://www.washingtonwatch.com/bills/show/112_SN_799.html [washingtonwatch.com] and http://www.cato-at-liberty.org/the-privacy-bill-of-rights-is-in-the-bill-of-rights/ [cato-at-liberty.org]

[T]he measure applies only to companies and some nonprofit groups, not to the federal, state, and local police agencies that have adopted high-tech surveillance technologies including cell phone tracking, GPS bugs, and requests to Internet companies for users’ personal information–in many cases without obtaining a search warrant from a judge.
---

In other words, the government seems keen on protecting us from ourselves while opening us to them by any means. It really comes down to crafting laws with safe sounding names all in an effort to circumvent the Constitution. As most realize, Congress's favorite activity of the last fifty or so years has been how to get around the limits our Founding Fathers placed on the Federal Government.

Re:Hopefully the Privacy Bill of Rights in Congres (1)

TheVelvetFlamebait (986083) | more than 3 years ago | (#35808422)

As most realize, Congress's favorite activity of the last fifty or so years has been how to get around the limits our Founding Fathers placed on the Federal Government.

As most realise, most people are ignorant. [wikipedia.org] Knowledge is power!

Who to Thank (0)

Anonymous Coward | more than 3 years ago | (#35806986)

The traitors in Congress like McCain and Kerry.

The traitor Presidents George (Johnny) Walker Bush (Burp-Ya) and Barak (Barak-O-Vision) Hussain Obama (Obama-Nation).

Sprint Is Lo-Jacking Customers (1)

organgtool (966989) | more than 3 years ago | (#35807140)

In 2009, Facebook told the news magazine Newsweek that it received 10 to 20 requests from police per day. Sprint received so many requests from law enforcement for mobile-phone location information that it overwhelmed its 110-person electronic surveillance team. It then set up a Web interface to give police direct access to users' location data, which was used more than 8 million times in one year, Soghoian wrote, citing a U.S. Court of Appeals judge.

So Sprint admits that they are essentially lo-jacking their customers. How do they know the registered user of the web interface is even a law enforcement officer? Do they verify the other credentials of the user such as name and precinct or do they just go by username and let "bigcopinyourmouth69" access the location information of hot actresses whenever they please?

Re:Sprint Is Lo-Jacking Customers (2, Insightful)

Anonymous Coward | more than 3 years ago | (#35807534)

They don't give a FUCK. You did notice the mention of them collecting money for this, right?

It's about time... (1)

Sarten-X (1102295) | more than 3 years ago | (#35807146)

In related news, criminals (and everybody else, for that matter) are increasingly using email and IMs to plan or discuss crimes (or family reunions).

What's happened to the rate of landline wiretaps, or good old-fashioned undercover following? How many telegrams per day are intercepted now?

Everything is done by email now, and I find it perfectly reasonable that the police are increasingly turning to email for evidence. That's where the evidence is.

Re:It's about time... (1)

Anonymous Coward | more than 3 years ago | (#35807378)

In the "good old days" you describe, police still needed a warrant to seize and read your mail/telegrams or add a wiretap to your landline...

Now they don't, they don't need to get a permission or tell anyone and it is not registered, they can just "walk in" and say "Hey, give us all the email sent to and from someone@aol.com" and then read through that persons private life...

In the best possible cases, this can lead to "the good cop" (only existing on TV) being able to bust some crook that otherwise hid his tracks too well... And this 1:1000000 case is the one where you could not get a warrant, which seem to be given out from a vending machine anyway these days.

In most cases, this is simply invasion of privacy, best cases used to snicker at someone because you know they are unfaithful or organizing a surprise party for a 3rd. guy... Just think about how many cases this can be misused... And even if you think it is used for good, then consider what someone can get from going through all your mail... Have you ever written a mail or wrote an IM line that regretted? Something that could be used against you in some way? Did you ever call your boss an ass? Or your spouse a cow? Perhaps even something that could be considered crimial? like "I'll fucking kill that bitch" even if you would never do such a thing... Then consider someone did murder her (Burglary gone wrong) and this message is admitted in court and you go away because of it...

Consider what power you give to law enforcement, and especially consider any case they can misuse it, intentionally and unintentionally... Then consider if it is still a good idea...

Re:It's about time... (1)

PPH (736903) | more than 3 years ago | (#35807522)

I'm concerned about the instances where cops moonlight to provide 'private security' for companies. Using their police poers to perform industrial espionage is not unheard of.

Re:It's about time... (2)

corbettw (214229) | more than 3 years ago | (#35807596)

I'm concerned about the instances where cops take bribes

A bit of a tangent, but it pertains to the larger issue of police corruption that's been enabled by granting them too many powers.

Police like to say that they're "always a cop", even when off duty. If that's the case, then why are they allowed to get paid by people they may have to investigate in the future? What if a cop on a detail is getting paid, I dunno, $2000 a month to work as a part-time security guard (while in his police uniform) at a theater, then the theater owner becomes a suspect in a crime. How hard is that cop (or his buddies) going to work to destroy that income?

Re:It's about time... (2)

corbettw (214229) | more than 3 years ago | (#35807532)

It's one thing for the police to look for evidence in email, that's all well and good. The problem here is twofold: they don't have to serve a warrant to the person whose email they're perusing, and they don't have to even tell that person they're snooping around. Contrast that with if the police want to search your house, your car, or even your CPA's office. In all of those cases you at least have an idea that they're doing this, which provides some oversight on these activities.

The idea that just because my email sits on Yahoo's servers that I don't have an expectation of privacy with it is ludicrous. My will sits in a safe in my financial adviser's office (since he's also the trustee of the estate if both my wife and die, but that's another story), but I fully expect him not to open it unless he's informed by next of kin that we've both passed away. In the same way, I expect Yahoo's employees not to poke around in my email (and this is one of the reasons I don't use Google since their systems do just that to serve up ads).

Just wondering (1)

Anonymous Coward | more than 3 years ago | (#35808302)

I'm curious, at what point does a country become a police state? Is there an objective measure? Because at a cursory glance the US is ticking all the right boxes; imprisonment without trial, torture, executive kill orders, mass surveillance...
Because seriously, if the only metric is “at least it's not as bad as North Korea” then we're headed for some interesting times.

Re:Just wondering (1)

Bucky24 (1943328) | more than 3 years ago | (#35810080)

I think once the average citizen actually cannot say something like "my president is an assclown" without being thrown in jail is when we get a police state. AFAIK that hasn't happened yet, though I could be wrong...

Re:Just wondering (1)

tomthepom (314977) | more than 3 years ago | (#35811750)

Or perhaps we're talking a really self-confident police state? One that's reached such an impervious level of power that it can tolerate a little harmless dissent?
The real test of course is can you say something that might realistically damage the president? For example if your average citizen (without, say, the protection of a press pass) were to say something like "my president is a war criminal and I have official evidence to the fact", would he still be safe from being thrown in jail?

Re:Just wondering (1)

Bucky24 (1943328) | more than 3 years ago | (#35811798)

Now that is a good point. Someone (else) should test it out.

Defcon 2010 - Your ISP and the Government BFF (1)

Ceriel Nosforit (682174) | more than 3 years ago | (#35808588)

Defcon 2010 - Your ISP and the Government Best Friends Forever - Christopher Soghoian
http://www.youtube.com/watch?v=jJDCxzKmROY [youtube.com]

Sit back, relax, be freaked out and go make a tinfoil hat out of desperation.

Recent NPR story (1)

JAZ (13084) | more than 3 years ago | (#35808744)

I heard a story on NPR last Sunday about someone being taught by their parents that what made America great (and so much better than "the old country") was our privacy. Specifically, that it was a "federal crime to open the mail".

The story was about the effects of living connected lives. It also mentioned Zuckerberg's recent comments about the pointlessness of privacy. And how the more connected we are, the harder it is to reinvent ourselves.

More and more if feels like we've lost something of our individuality and with it something of the greatness of being a free country. Perhaps we'll find new greatness in the future, but I can't help but think that those of us in transition generations will have a rough time of it.

Re:Recent NPR story (0)

Anonymous Coward | more than 3 years ago | (#35808882)

I'm an American (born and raised in the US) who actually moved back to "the old country" and I feel that I have more rights and privacy than I ever did in the US. (Being a dual citizen has its merits)

how do you spell hypocrite? U..S...A... (0)

Anonymous Coward | more than 3 years ago | (#35808826)

Human rights, it's much more fun to preach it than to practice it.

Why is this news? (0)

Froeschle (943753) | more than 3 years ago | (#35809106)

Just asking.

Re:Why is this news? (1)

Ja'Achan (827610) | more than 3 years ago | (#35810114)

It's a keep-alive signal. At some point, the stories will stop, and at that time we'll know /. is being monitored/filtered.

And this is news to who exactly?? (0)

Schmyz (1265182) | more than 3 years ago | (#35810262)

Unless you have been living under a rock your whole life or has never seen a single starlight scope video then you have to accept that law enforcement will use EVERYTHING to some sort of advantage. And in many cases they should. (Yes I do understand some agencies and or members therein will abuse this)
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?