Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Limited Email Surveillance Approved

Zonk posted more than 8 years ago | from the but-they-were-all-bad dept.

249

MrNougat writes "CNet reports that some surveillance of your email has been permitted by U.S. District Judge Thomas Hogan in Washington, D.C., without first requiring any evidence of wrongdoing. Curiously: 'instead of asking to eavesdrop on the contents of the e-mail messages, which would require some evidence of wrongdoing, prosecutors [of the US Justice Dept.] instead requested the identities of the correspondents. Also included in the request was header information like date and time and Internet address--but not subject lines.'"

cancel ×

249 comments

Sorry! There are no comments related to the filter you selected.

Fr1StagE P0sTagE (-1, Troll)

Anonymous Coward | more than 8 years ago | (#14686858)

N/T

Re:Fr1StagE P0sTagE (-1)

Anonymous Coward | more than 8 years ago | (#14686919)

yay! my first evar FP!!1 w00t!

Land of the free (5, Insightful)

Threni (635302) | more than 8 years ago | (#14686859)

Hey, you're still kind of free. Well, free-ish. I'm sure your government is doing this for your own good. There couldn't possibly be any other reason.

Don't worry. (2, Informative)

khasim (1285) | more than 8 years ago | (#14686938)

You only lose any Rights you haven't used within the last 90 days.

Now, you have to prove to the government that you're actually using any Rights you want to hang on to.

I recommend calling and sending real letters to your CongressCritters.

Re:Land of the free (1)

tibike77 (611880) | more than 8 years ago | (#14687027)

Well, let's see.

As a non-US-resident, I have no idea how the US Postal Service actually handles "privacy" issues.
Although, I find it hard to believe that generic data (who sent a letter, whom it was adressed to, when and where it was dropped in the mailbox, letter weight) would be deemed "private" enough, so that the government would have absolutely no access to it, if it wanted to.
(Note: perspective from a citizen of an ex-communist state)

Now, think about how the US Post handles this, and ask yourself if it's any different (rights-wise) when we talk about e-mail.

P.S. How does the "regular" post handle this in the US anyway ?

Re:Land of the free (0)

Anonymous Coward | more than 8 years ago | (#14687061)

I'm sure they handle it blindfolded and determine where to deliver it on the spot, without looking at it, with a computer. Anything less and I'd be outraged about the invasion of privacy!

Re:Land of the free (1, Insightful)

Anonymous Coward | more than 8 years ago | (#14687182)

And yet, the "communist" (more like totalitarian) states did not freely move to their past condition. In some, it was voted in for the good of their citizens. Then the gov. slowly took over whittling away at rights. Yes, some of the states were via revolution or invasion, but most certainly the first (germany) was via a vote and then a leader who slowly took away rights while pointing to a "threat" to the nation.

If you really were from a state like that, I am amazed that you would even consider giving the state a centimeter, let alone a meter.

Re:Land of the free (2, Insightful)

tibike77 (611880) | more than 8 years ago | (#14687228)

One word: Romania.
And yes, I don't give a rat's behind about "official" privacy policies.

What you grow accustomed to, during a "totalitarian regime", was to be TOLD your government is good, cares for you, and so on and so forth... while all along KNOWING that if you make a false move you risk your freedom, or even life.
That certainty of knowledge makes it more than easy to ignore any privacy issues... as you are too paranoid already to even start believing your government will do what they say they do.

The only difference in a "free" state is that, from time to time, people actually believe the bullshit... and other times, the state gets slapped for not being carefull enough to hide he didn't respect your privacy.

Re:Land of the free (1)

FLEB (312391) | more than 8 years ago | (#14687296)

Now, think about how the US Post handles this, and ask yourself if it's any different (rights-wise) when we talk about e-mail.

Yes. It's two different transfer methods. Just because one method of getting a message from A-to-B is naturally insecure, it doesn't give license for anyone to artificially introduce insecurity into a different system. By that token, the USPS should be able to open and read your mail, just like a sysadmin can open and read your email.

Re:Land of the free (1)

tibike77 (611880) | more than 8 years ago | (#14687453)

Have you read what I wrote ? Or the article ? Or the short version of the article ?

Any postal employee might be able to read the contents of your mail, but you might just notice something wrong about the envelope. Or you might not.
Any sysadmin could read your e-mail, and you would never know about it. And that's almost certain.

It's not the CONTENTS, it's the "wrapping". Sender, receiver, time and location of mail sent.

Is it a secret for the postal service, yes or no ?
If it's not a secret, why should e-mail be any different ?
If it is a secret, why allow it for e-mail then ?
I wasn't expressing an absolute oppinion, I was pointing out similarities and differences.

Ob Dr.Evil quotes (4, Funny)

dc29A (636871) | more than 8 years ago | (#14687177)

You're semi-free.
You're quasi-free.
You're the margarine of free.
You're the Diet Coke of free.
Just one calorie, not free enough!

Re:Land of the free (1)

Raven42rac (448205) | more than 8 years ago | (#14687181)

Yes, use encryption. But what happens is the one guy who uses it gets more scrutiny, if everyone uses it, then there would be less of a stigma. It starts with an inch, and eventually becomes a mile. I don't trust our elected and appointed leaders to protect my rights. My last name isn't Inc. or LLC.

Re:Land of the free (1)

PrinceAshitaka (562972) | more than 8 years ago | (#14687535)

To play devils advocate

If you sent a letter through the US mail. They would find out similar information without opening the letter. They would know the return address, mailing address, What day and from what post office it was mailed from. As long as they read the subject line or email It really isn't unvasion of privacy.

And like many people have commented, if your paranoid, use incyption.

So use encryption! (5, Insightful)

jdavidb (449077) | more than 8 years ago | (#14686861)

In my opinion, if you're not already assuming that the contents of your unencrypted email are public to the world, you're fooling yourself. If you want it to be unreadable, encrypt it.

I think the only permission anybody ought to need in order to eavesdrop on a communication is the owner of the wire. If you're contracting with the owner of the wire for services, and privacy is important to you, make that part of the contract. Or save yourself some effort and money and simply encrypt your communications. It's nearly effortless. It won't cost you anything (money wise) for the software.

Also, I take exception with the summary that "some surveillance of your email has been permitted." The article says, "the Justice Department asked a federal magistrate judge to approve monitoring of an unnamed person's e-mail correspondents." I sincerely doubt that I am that person or one of his correspondents, unless he is a spammer. I recognize this could affect me in the future because a precedent has been set ... but again, that's easily handled with encryption now, isn't it?

Complaining about this is tantamount to making love to your wife in your open front doorway and then demanding a law be passed to protect your privacy from your neighbor or the police car driving by. For crying out loud! Isn't some burden on you to secure your own privacy? This is not so far from the DMCA requiring legal protection against breaking "protection mechanisms" that are not effective in the slightest. Why in the world would you trust the government enough to expect them to take responsibility for securing your privacy?

People seem to be looking for an expensive legislative solution to a technological problem that already has an inexpensive technical solution.

Re:So use encryption! (5, Insightful)

PDXNerd (654900) | more than 8 years ago | (#14686914)

Well, encryption won't help if the only information they want are the headers. Those nifty "TO" and "FROM" fields let them know who you're contacting. An added bonus is they get to see what type of computer you're running. If they are allowed to listen on the SMTP servers, they can catch your password in plain english (unless you're one of the few who are using SSL or some other form of encryption on the passwords.)

Encryption will block them knowing the dirty joke you just told your friends, but it won't stop them from knowing WHO your friends are!

The 6 degrees of Kevin Bacon. (2, Interesting)

khasim (1285) | more than 8 years ago | (#14686979)

Encryption will block them knowing the dirty joke you just told your friends, but it won't stop them from knowing WHO your friends are!
So, you sent and email to Mr. A.

Who sends email to Mr. B.

Who sends email to Mrs. C.

Yeah, you see where this is going. Just about anyone can be connected to anyone else with enough hops.

And the government would be "justified" in collecting the information on each of the people in those hops because those people are "connected" to someone under investigation.

Re:The 6 degrees of Kevin Bacon. (0, Redundant)

MarkusQ (450076) | more than 8 years ago | (#14687194)

Encryption will block them knowing the dirty joke you just told your friends, but it won't stop them from knowing WHO your friends are!


So, you sent and email to Mr. A.

Who sends email to Mr. B.

Who sends email to Mrs. C.

Yeah, you see where this is going. Just about anyone can be connected to anyone else with enough hops.

And the government would be "justified" in collecting the information on each of the people in those hops because those people are "connected" to someone under investigation.

It's potentially even worse than that. Say you get an e-mail about mortgage rates so low that it will make your penis size double while you earn a college degree from Canada (including videos of the dorm life you are missing).

So do 50 million other people, one of whom is a terrorist suspect. Hmmm, must be a coded activation message sent out to all the sleeper cells (note the funny way they spell "farmasuiticals"). So you are all suspects now.

Welcome to the slippery slope to hell. Watch your step, it's paved with "good intentions" and we wouldn't want anyone to slip up, now would we?

--MarkusQ

Re:So use encryption! (5, Informative)

Haxwell (229790) | more than 8 years ago | (#14687471)

Two words:

Mixmaster remailer.

Re:So use encryption! (4, Interesting)

forgotten_my_nick (802929) | more than 8 years ago | (#14686923)

TBH the whole system is pointless. Lets say Joe Terrorist wants to pass a message to another cell.

Does he fire up his hotmail account and send an email to durkadurka@hotmail.com?

Of course he doesn't. TBH the easiest way would be to post on a webboard that has a lot of innocent traffic, or on the USENET. Heck even just play an online game (MMORPG) and say something like your looking for +3 Orc slaying knife for two gold pieces.

This method of scanning email headers doesn't solve the issue. All combatants must realise they are being spied on.

Re:So use encryption! (4, Interesting)

DavidTC (10147) | more than 8 years ago | (#14687428)

There are actually Usenet groups for posting unlabeled encrypted messages in. People receive messages by merely downloading each article and trying to decrypt it. While you can figure out who is communicating using that method, you can't figure out who they are comunicating with, except it has to be someone else in that group.

Thanks to spammers, you can buy lists of 'open proxies' that will let you hide your IP and access the person with the owned computer's ISP's usenet server, which you really only need to do when sending messages. Thus rendering any sort of traffic analysis of the group completely useless.

But the best method of sending data on the internet is hiding it in, say, a GIF. You don't even need to use stenography, you can just take an encrypted binary file, put a GIF header at the start of it, and put it in a 1x1 image link somewhere on a web page between two specific times, and have any receipient 'innocently' surf past your page, and then go get it out of their cache. Bonus points if you manage to write bad HTML so that only one specific browser will go and get the 'image', like IE 4 or Firefox 0.7, although you shouldn't make that obvious or people might get curious. Be sure to put a real image up there the rest of the time, and reset the date back whenever you make changes.

And you can trivially think of a way to have two people do this to each other so they can talk back and forth. They just each have pages on somewhat related things, and browse a bunch of pages on that topic, always making sure to go past each other's.

The great thing about this is that the receiving end can defeat a keylogger. Just make sure the 'check the cache for encrypted files' is a program that they won't notice when installing the keylogger, for example a solitaire game, and it pops up the decoded message when you start it between exactly 32 minutes and 37 minutes after adding the image to your cache, or something. Most software keyloggers do not include any sort of screen capturing, because that would require a lot of space, and hardware ones cannot do it at all, or at least not reasonably. (And see Cryptonomicron for how to defeat this, although note the method of communication in that can be logged also.)

Although obviously if you send messages, a keylogger will catch them. In theory, you could click on the letter via your mouse, but a lot of software keyloggers are including mouse clicks exactly because of that. Although the message can be hidden via moving buttons around and renaming them, that is incredibly annoying for any message over two sentences, and it doesn't hide the fact you were doing something very suspicious, which, if they've bugged your machine, they were already pretty sure of.

Re:So use encryption! (1)

danpsmith (922127) | more than 8 years ago | (#14687458)

That's just the excuse. It's important that they have these abilities to "use against terrorism," it's just an added bonus that they can use it to spy on non-terrorists. Let's face it, the Patriot act has probably resulted in Bush's team spying in more non-terrorist organizations than it did to stop actual terror. And that was probably the goal all along anyway. Like Talib says though, "You're a fool if you don't think that they've already tapped the line."

Re:So use encryption! (1)

Mostly a lurker (634878) | more than 8 years ago | (#14686925)

Encryption works fine for email correspondence between you and me. The trouble is that about 0.01% of the general public has any idea of public key encryption schemes. It is quite impractical for even a competent geek to try to ensure all his correspondents can receive and send encrypted emails.

Mod parent (0)

Anonymous Coward | more than 8 years ago | (#14687005)


exactly, try explaining how it works to your average Outlook User, never mind your non-pc-literate friends, most people dont use encryption because it is way too hard to understand and use, it has to be made simpler (ie. seamless/hidden/on-by-default) if its to be adopted by the masses

Re:So use encryption! (4, Insightful)

GoofyBoy (44399) | more than 8 years ago | (#14686942)

This is not about reading your email. Its about finding out who and when you sent an email.

Encrypt it all you want, they are not interested in what you are sending, and not even the subject, they are interested who you are communicating with and when.

Re:So use encryption! (1)

rolfwind (528248) | more than 8 years ago | (#14687068)

Yeah, from the summary itself:

Curiously: 'instead of asking to eavesdrop on the contents of the e-mail messages, which would require some evidence of wrongdoing, prosecutors [of the US Justice Dept.] instead requested the identities of the correspondents. Also included in the request was header information like date and time and Internet address--but not subject lines.'"


Which doesn't seem all that different from what they can do with snailmail in the USPS (I assume) anyway. Though in both cases, you have the easy chance decieve who the sender is - fake name on envelope, or different web-based email account on foreign computer - but not so much the reciever.

Re:So use encryption! (1)

ObsessiveMathsFreak (773371) | more than 8 years ago | (#14686961)

Complaining about this is tantamount to making love to your wife in your open front doorway and then demanding a law be passed to protect your privacy from your neighbor or the police car driving by. For crying out loud! Isn't some burden on you to secure your own privacy?

To entend the analogy, and answer your question, the situation for the last 30 years has essentially been that RSA have patented front doors and indeed, non transparent walls.

Re:So use encryption! (1)

sjonke (457707) | more than 8 years ago | (#14686978)

I think the flaw in what you are saying is that using encryption with email is not only not commonplace, but is very difficult to do, and that's why it isn't and will remain uncommon for the forseable future. It is impractical to expect people to encrypt their email because no one has made it easy and practical. To turn your comparison on its head, it's like installing hidden and boobytrapped surveilance cameras in everyones bedroom, and justifying it by saying that everyone should know they are there, be able to find them and be able to disable them without getting killed.

Re:So use encryption! (4, Insightful)

PFI_Optix (936301) | more than 8 years ago | (#14687021)

I think the only permission anybody ought to need in order to eavesdrop on a communication is the owner of the wire. If you're contracting with the owner of the wire for services, and privacy is important to you, make that part of the contract.

Let me call the phone company right quick and ask that my DSL contract be amended to express that they will not allow someone to tap the lines. I'm sure they'll get right on that.

Or save yourself some effort and money and simply encrypt your communications. It's nearly effortless. It won't cost you anything (money wise) for the software.

Because everyone automatically knows how to encrypt e-mails.

Also, I take exception with the summary that "some surveillance of your email has been permitted." The article says, "the Justice Department asked a federal magistrate judge to approve monitoring of an unnamed person's e-mail correspondents." I sincerely doubt that I am that person or one of his correspondents, unless he is a spammer. I recognize this could affect me in the future because a precedent has been set ...

I agree with this. If I'm reading this right, the government is investigating a particular person and is asking for permission to monitor that particular person's e-mail correspondents. It's like tapping the phones of everyone who calls/is called by a mob boss. The precedent creates a slippery slope, but we haven't fallen down every time we've hit one of those.

Complaining about this is tantamount to making love to your wife in your open front doorway and then demanding a law be passed to protect your privacy from your neighbor or the police car driving by. For crying out loud! Isn't some burden on you to secure your own privacy? This is not so far from the DMCA requiring legal protection against breaking "protection mechanisms" that are not effective in the slightest. Why in the world would you trust the government enough to expect them to take responsibility for securing your privacy?

No, complaining about this is more like making love to your wife in your bedroom and realizing there's some perv in the bushes outside your window. E-mails are NOT broadcasts, it requires some effort and intrusion to tap someone's e-mail. A girl in a slinky dress is NOT asking to be raped, a house without bars on the windows is NOT asking to be robbed, and unencrypted e-mail is NOT an invitation to intercept and open it. It's smart to lock your car.

If you leave your car running while you run into to the store and it's gone when you come out, I'll call you a dope for making it so easy, but I'll still call the thief a scumbag for stealing someone's car.

Re:So use encryption! (1)

jdavidb (449077) | more than 8 years ago | (#14687465)

Let me call the phone company right quick and ask that my DSL contract be amended to express that they will not allow someone to tap the lines. I'm sure they'll get right on that.

Yep. Real privacy is expensive. Somebody has to bear the cost.

Real protected media would be expensive, too. Instead of bearing the cost, the MPAA/RIAA just get laws passed so that no-good protection is legally "good enough."

Of course, if you want privacy you could instead use encryption.

Re:So use encryption! (1)

ajs (35943) | more than 8 years ago | (#14687199)

Of course, many people don't realize that you can enable TLS on your mail server, and many others (many right here on Slashdot) said that I and a few others were paranoid for not wanting to let a large ISP run our mail servers for us. Worse, we tend not to want to allow our mail to be relayed THROUGH such large mail servers. My ISP STILL doesn't use TLS if I try to relay through them (though I realize that would be pointless, since the Feds will simply require a tap into their MTA directly, which sees the unencrypted session).

And now, you see why I insist on running my own MTA (though there are also business reasons). AOL may not be willing to accept my connections, but I get to encrypt the WHOLE SESSION, and the only thing anyone sniffing packets gets to know is that I'm sending mail to someone else's MTA. Given the amount of mailing list traffic and other noise that my machines generate, that's probably not as useful as one might want.

Want to evesdrop on my mail? Get a warrant. It's not that much to ask.

Re:So use encryption! (1)

dafragsta (577711) | more than 8 years ago | (#14687233)

This is not a batch of lemons with which to make lemonade. Your unencrypted emails are NOT available to the free world, even if they are easily intercepted. The window of availablility for intercepting email is small unless you are the sysadmin in charge of the email infrastructure. If this were true, we'd see more incriminating emails against companies who say things they shouldn't in interoffice emails. If the post office can't rightfully open your mail and read it, why is it allowed then to let the government open your email. THe sad fact is that federal agents probably DO read snail mail, but the time spent doing it and covering their tracks probably keeps that to a minimum. There's nothing to stop them from parsing shitloads of your email without you ever knowing.

There is no freedom on the internet. Bush came along too early in it's toddler years of wide acceptance. There are too many precedents to be set that a Republican government has no qualms about shifting in their favor. To anyone who'd try to defend Bush or the Republican congress, answer this, what has Bush done to PROTECT privacy as president? Tally that against the things he's done to invade privacy in the name of "anti-turrrism."

You people need to make some noise. I feel a Reich coming on. Anyone who says we are paranoid now is just shoving their head in the sand. What would be more effective for world domination than a quiet coup built by the exchange of money, to take control of the United States. It's not a conspiracy if everyone knows about it. In this case, everyone knows about it, but refuses to accept it. The government may not want to distrupt our consuming lifestyle because that turns the financial machine, but the tighter the grip they get on our freedoms and the more unchecked they can shove our privacy aside, the more the notion that a quiet power shift becomes a reality. I love America for the principles on which it was founded; a place where one has the freedom of expression, religion, and the fourth ammendment which is designed to make Americans feel secure in their own homes. If I'm worried about my political dissent being deliberatly misconstrued as something else to shut me up, I am not secure. It won't be long before people who are unsatisfied with the government aren't queitly wheeled off to some undisclosed location.

This kind of dissent is not just for the wackos living in their own "sovereign country" on some farm in Montana, it's for everyone who values their rights. Stop telling yourself it's all being done in the name of your protection. Ever have a roomate forget to pay the electric bill? One day you wake up and there are no lights, and you have to ask why. Well, when we all wake up one day afraid to show disappointment for the government or anything that violates no other civil rights, maybe we'll realize that we should've been more proactive about protecting the things this country was founded on.

Shit, Congress can't even leave Wikipedia alone. They want to rewrite history too!

Re:So use encryption! (1)

MoreCozmic (940211) | more than 8 years ago | (#14687430)

All this ranting is well and good, but would somebody be useful for a change and include some links to how to encrypt?

Re:So use encryption! (2, Insightful)

jdavidb (449077) | more than 8 years ago | (#14687495)

Bush came along too early in it's toddler years of wide acceptance. There are too many precedents to be set that a Republican government has no qualms about shifting in their favor. To anyone who'd try to defend Bush or the Republican congress, answer this, what has Bush done to PROTECT privacy as president?

If you think the blame for this lies solely on Republican shoulders, you're dreaming as much as the people who think that the fact that their emails are difficult to intercept means that nefarious personages will actually refrain from doing so.

Re:So use encryption! (1)

hacker (14635) | more than 8 years ago | (#14687472)

but again, that's easily handled with encryption now, isn't it?

Not quite, because its gainst the law to withold your encryption keys if you're asked for them [gnu-designs.com] .

Encryption is great (and I use it heavily on drives, mail, backups and everything that contains non-public data), but not when its against the law to use it. Lovely world we live in, isn't it?

Re:So use encryption! (1)

symbolic (11752) | more than 8 years ago | (#14687607)

I think the only permission anybody ought to need in order to eavesdrop on a communication is the owner of the wire.

You're missing the point. Yes, it's in plain view of the public, but this isn't the problem - the problem, quite simply, is that the government is surveilling it without cause. I do agree however, that encryption may be the only way to re-establish some balance.

China (5, Funny)

Anonymous Coward | more than 8 years ago | (#14686863)

Everyday I feel more like I'm Chinese....

So what's the problem (or the purpose?) (0)

pushf popf (741049) | more than 8 years ago | (#14686864)

This probably won't be a popular opinion, but I don't see any problem with them monitoring to: and from: addresses.

Given the availability of "throw-away" email addresses, I also don't see much use for it.

Sounds like another decision made by committee.

Btdd (4, Insightful)

broothal (186066) | more than 8 years ago | (#14686870)

We have the same law proposed here. It stranded due to the politicians lack of technical knowledge. They think that the To: From: and CC: field actually tells you who sent the email and to whom. It's extremely difficult to tell a non-tech savvy person that these header fields are purely cosmetic.

Re:Btdd (1)

XorNand (517466) | more than 8 years ago | (#14686972)

It's extremely difficult to tell a non-tech savvy person that these header fields are purely cosmetic.
I don't know why it would such a difficult concept to convey? I can send you a first class letter with Hugh Hefner's name and address scrawled in the upper left corner. It doesn't mean that you've finally received your invitation to the Playboy mansion.

Re:Btdd (1)

qwyeth (944726) | more than 8 years ago | (#14686974)

You mean they don't?

From an e-mail I got today:
From: webmaster@straightdope.com
Message-ID: <LISTMANAGER-3819143-1550980-2006.02.10-04.00.03-- a.wyatt.m#gmail.com@lyris.jokeaday.com>
Date: Fri, 10 Feb 2006 04:00:00 -0500
Subject: The Straight Dope 02/10/2006
To: "The Straight Dope" <straightdope-list@lyris.jokeaday.com>
These fields do seem to contain at least some (albeit very basic) information about the source and destination. Are you saying that they only contain that information by convention, and it's technically optional? Or are you referring to some trait of the actual data packets?

Inquiring minds want to know...

Re:Btdd (1)

alicenextdoor (910558) | more than 8 years ago | (#14687066)

Email headers are not hard to spoof [windowsecurity.com] . I have several times sent myself spam about things which I would have expected myself to have known that I didn't want to buy...

Re:Btdd (3, Informative)

Transcendent (204992) | more than 8 years ago | (#14687148)

Look up a little about SMTP. You can send e-mails to addresses not contained anywhere in the e-mail header. The sender simply has to put in "RCPT TO: someone@somewhere.something" or even simply the username on the server and it'll get to them, no matter what it says in the To.

Try it. Telnet to your SMTP server and send an e-mail to yourself:

EHLO localhost
MAIL FROM: valid@email.address
RCPT TO: destination@email.address (or username on the system)
DATA
(From, To, Subject, etc would go here)
Any message
.
QUIT

This will send an e-mail with no To, or Subject in the header (it should contain the From at least). The only restriction you may have is that the SMTP server may do checks on the MAIL FROM or RCPT TO lines, which will restrict the addresses you can send to/from. If it's running AUTH, you may have other troubles too.

Re:Btdd (1)

budgenator (254554) | more than 8 years ago | (#14687547)

I get spam all the time that looks like is was realy sent to someone else, subject line like "here's the nude pics you wanted", hard not to get currious.

Re:Btdd (1)

slavemowgli (585321) | more than 8 years ago | (#14687499)

Those fields *typically* contain the correct information, but it's not actually necessary for it to be there - SMTP servers don't care about these things, so it's just a convention for the sake of end-user convenience. Read up on how SMTP works, and all will become clear. :) (If you feel so inclined, you can also look for an "Envelope-To:" header in your emails - some (?) SMTP servers add that to indicate where they were told to send the email to.)

Re:Btdd (1)

HairyCanary (688865) | more than 8 years ago | (#14687539)

Every single header line you listed is put there by the e-mail client. Without a Message-ID field, some mail servers will add one. But it will not be nearly as descriptive as the one you have there. And the mail server software should identify the envelope sender address (the address specified during the SMTP conversation). Some mail server software will also added Received header fields that include the envelope recipient (specified during the SMTP conversation). qmail is an example I can think of immediately. But not all software will do that, and the entire remainder of the message, headers & body alike, are supplied by the e-mail client.

Privacy (4, Insightful)

backslashdot (95548) | more than 8 years ago | (#14687065)

Thanks to boring people, world is moving towards a total lack of privacy. The governments want to be in on every piece of human interaction. Not only that, they wish to record it too.

Soon a day will come ..worldwide .. no place to run style .. if it hasn't already for muslims .. where one can no longer can you be silly on the phone. No longer can you make racially biased or culturally insensitive jokes even among non-racist friends. I hope our body is well toned, for it'll be on camera .. you don't want your friendly monitors laughing at you. You have to worry about everything you say on the phone. You can't ask about the weather even because you'll have to worry about whether it'll be interpreted as meaning something else ("why would you care about weather in some other country"). No longer can you raise your voice to your own child. No longer can you tell little white lies to hold on to some image. On the "bright" side .. you won't be able to cheat on your girlfriend.

They already want to be in on every financial interaction (sales/income tax). I rather pay a flat amount every year for "my share" of defense costs and be done with it. Are they going to ta happiness too soon? "You exchanged happiness, we want out fair share cause you wouldnt have been able to exchange happiness was it not for us" .. Sorry but I only give to Caesar what belongs to him.

I value my privacy, and I believe that the fourth amendment makes America a strong nation. The founding fathers of the USA understood that the right to privacy is one of those inalienable human rights endowed by our creator. (if you read the first amendment you will see that that it's a right "ot to be violated", rather than a gift from government. I believe the right to privacy is what keeps a nation free from oppression, tyranny, and pathological dictators. Fuck all the fake patriots who'll sell us otherwise.

Ethics of extended recording for later analysis (1)

backslashdot (95548) | more than 8 years ago | (#14687114)

The ethics of recording for criminal activities over an extended period of times is dubious. How many of you would like it if your local police department recorded speeders over a period of 1 month on video and sent out notices for every time you sped .. the first time you "get caught"?

Somehow I think many of us would be against that particular thing. But hey privacy is only for those who have soemthing to hide. NOT.

Re:Btdd (0)

Anonymous Coward | more than 8 years ago | (#14687121)

I agree the From: field is easy to spoof, but the To: / Cc: / Bcc: fields needs to be valid in order for the email to actually get somewhere...

Re:Btdd (0)

Anonymous Coward | more than 8 years ago | (#14687283)

No they don't. To an SMTP server, the entire contents of the email, including the headers, is just pure data, and they don't care about it (other than that they might throw in some headers of their own). The SMTP protocol has separate from and to commands...those are the ones that are used for actual accepting/rejecting/routing of the message, and those fields do NOT ever get stored in the email itself. Of course, there is nothing stopping the server from logging those lines too (I log it on our server at work as part of the spam/virus analysis), but that's not what the other poster was talking about.

Re:Btdd (1)

MarkusQ (450076) | more than 8 years ago | (#14687344)

I agree the From: field is easy to spoof, but the To: / Cc: / Bcc: fields needs to be valid in order for the email to actually get somewhere...

No, not really. They may get caught in a spam filter or something, but a non-paranoid SMPT server just looks at the SMTP commands and ignores the headers in the DATA block. SMTP is a protocol born in a more trusting era, when people on the net more or less knew each other--and if you did something stupid, you were likely to get a call ("Hey Bob, did you read the RFC, or just print it out to look at later?") from your neighbors.

--MarkusQ

Re:Btdd (1)

budgenator (254554) | more than 8 years ago | (#14687485)

My first point is the FEDs really really like this new toy and are smart enough to know if they get too carried away with it, congress is going to slap their little pinkies and take it away. Once it's taken away, it'll be really hard for them to get it back. I expect the feds will show a lot of restraint in using this because they don't want to lose the whole ball of wax.
My second point is the FEDs are going to quickly realise that your completely right. In fact pretty soon they'll realise that stoping viruses and worms and the bot-net they produce from spewing spam, DDOS attacks and shit like that is a National Security Matter. They don't have a snowball's chance in hell of figurinng out terrorist's social networks when a spambot is spewing 10K spams and only 3 people know the jibberish isn't a baysian filter circumvention but a coded message.

No suject lines (1)

Albanach (527650) | more than 8 years ago | (#14686872)

I presume this is because most email logs wouldn't store this information, so it's not there to collect. I'm sure if it had been there'd be lots more interest.

This leads me to wonder, are there regulations in place saying how long a US ISP must maintain email logs for? If not, do any ISP's actually publish their data retention policy?

Re:No suject lines (1)

Amouth (879122) | more than 8 years ago | (#14687186)

well i am not to worried about this.. my main mail server (that filters for several others) is set to delete the logs every 15min because well if not they eat up alot of space.. and if they want to get to the messages well then they will have to do a little work because i seem to remember forgetting the password to that box..

A Little Background (1)

adavies42 (746183) | more than 8 years ago | (#14686875)

Regarding that "curiously", long-standing precedent regarding phone surveillance makes a distinction between surveillance which reveals "public" information, analogous to the outside of an envelope (the parties in communication and the times of their contacts) and that which reveals "private" information (i.e. the actual content of their communications). IANAL, but I'm fairly sure the police are allowed to get the phone company's records of the recipients and times of your phone calls. ("LUD"s, for all you Law and Order junkies). This is a logical extension of the same policy.

chatter (1)

DarkClown (7673) | more than 8 years ago | (#14686879)

this is akin to the nsa approach to collecting 'chatter' - a tree of correspondence without focus on the content of the communication.

Re:chatter (0)

Anonymous Coward | more than 8 years ago | (#14687293)

Yes, except that it's called traffic analysis and more recently, social network analysis. It goes back at least to the Cold War. Imagine correlating the activity of communications stations to military movements and you'll get the picture. If station X consistently is active just before a major troop movement, then it is probably a command and control station. When there are too many messages to try to decrypt or read all of them, the first step is to figure out which "stations" -- people, in terms of email -- are mostly likely to be significant, via traffic and network analysis. You only look at the content of the messages once you've narrowed them down this way.

This conflicts with the Fourth Amendment because it inherently has to cover a lot of the network. Bush says that we want to know if you're talking to terrorists, as if we had the technology to zoom in on only such messages. But that's not at all practical, since it is impossible to differentiate without looking at a big piece of the network.

I invented some of this stuff, which wound up being used by intelligence agencies after it was acquired by another company. Cringely wrote about it at the end of this week's column, quoting me:

Now for a final word on wiretapping, the NSA, and you, which were the primary topics of my last two columns. This last thought comes from an old friend of mine who is conservative in the very best sense and knows what he is writing about:

"Traffic analysis, at the NSA? I'm tempted to be sarcastic, but I won't be. As you might know, I started a company a few years ago with a former NSA guy -- somebody who was a cryptographer and Russian linguist on those submarines that snuck into Soviet harbors to tap their phone lines -- and we applied traffic analysis to Internet discussion groups to identify opinion leaders, conversation trends and so forth. We used a lot of techniques that were developed or applied to law enforcement. And we didn't use anything that violated anybody's security clearances... really!

"(My company) was acquired by a business intelligence company funded by the CIA venture capital outfit. Apparently the stuff I invented is now in the hands of a couple of intelligence agencies, including Homeland Security.

"I'll tell you what I think the most troubling thing about all this is. It's easy to see whatever pattern you're looking for. It's like curve fitting in the stock market -- looks beautiful historically and maybe even in the short run, but it's a disaster in the making. So we have these guys running the country who saw a non-existent pattern in Iraq that justified a war ... and now we're going to give them software that will make it easy to create the illusion of patterns of conspiracy.

"Your friend from the NSA was right, but it's worse than he suggests. It's not just that social network analysis casts a wide net. It's that without oversight by people who really grasp the mathematics and have some distance from the whole thing, they're going to see patterns where there aren't any.

"They have a history of that."


http://www.pbs.org/cringely/pulpit/pulpit20060202. html [pbs.org]

Two options left (1)

77Punker (673758) | more than 8 years ago | (#14686881)

There's two choices for us now. Either you can install GPG (works well with a particular Thunderbird extension) or send pictures of your penis to the agency responsible for reading the emails. Personally, I've started doing the former and as soon as I get my digital camera some batteries will start doing the latter. A picture of my penis that says in the subject line "SURVEIL THIS" will (with any luck) deter them from surveillance. If not, some goatse or tubgirl oughtta do the trick.

Re:Two options left (1)

Mistshadow2k4 (748958) | more than 8 years ago | (#14686901)

How will that help? No matter what size your penis is, they'll just send you (more) penis-enlargement spam.

Re:Two options left (1)

77Punker (673758) | more than 8 years ago | (#14686955)

Well, it was supposed to be more funny than useful. But hey, if everybody did it then I bet it could make a difference. If they start rejecting attachments and HTML there's always the ASCII penis route as well.

Re:Two options left (0)

LiquidCoooled (634315) | more than 8 years ago | (#14686924)

Since they won't see the subject name, they will just assume your a sick fuck and lock you away for years and years :P

Re:Two options left (1)

smooth wombat (796938) | more than 8 years ago | (#14686988)

or send pictures of your penis to the agency responsible for reading the emails.

Goatse might be better.

gone... POOF! peace out! OUTTA HERE! (-1, Troll)

RocFlipz (953415) | more than 8 years ago | (#14686886)

Well there goes our civil liberties right out the door -- Why do I have a feeling Bush is behind this? he's behind everything; he's an idiot... Just my thoughts..

It just gets dumber. (2)

RoffleTheWaffle (916980) | more than 8 years ago | (#14686893)

This idea is made of crap and stupid. What, are they just trying to scare people into not using e-mail if they're going to blow something up, or do they actually care if someone is sending e-mail from a spoofed site named "rofl.mao"?

Re:It just gets dumber. (1)

PDXNerd (654900) | more than 8 years ago | (#14686930)

How many people spoof all headers? You and a few dozen other paranoid few? The majority of people do not, and that is all they care about. (If this was really about terrorism, they would know this wouldn't work - they want to fill out their "social connections" database a little better.)

Re:It just gets dumber. (-1)

Anonymous Coward | more than 8 years ago | (#14686982)

They DO Care. Mao was a communist, and I don't know who Rofl is but he sounds rather unsavory.

hello i am a potato (-1)

Anonymous Coward | more than 8 years ago | (#14686899)

hello i am a potato

look at the size of my hot throbbing turnip (-1)

Anonymous Coward | more than 8 years ago | (#14686950)


greetings

Get yer encryption here, folks (5, Informative)

chiph (523845) | more than 8 years ago | (#14686911)

Disclaimer (1)

ObsessiveMathsFreak (773371) | more than 8 years ago | (#14686985)

PGP may make email correspondence with most users, including virtually all webmail based users, impossible.

Re:Disclaimer (1)

sulli (195030) | more than 8 years ago | (#14687218)

Until they get PGP also. (Why oh why is it not built into email clients?!)

Use encrypted ESMTP (1)

tvlinux (867035) | more than 8 years ago | (#14686939)

There is a protocol that supports end to end encryption, ESMTP. I use courier-mta on Linux as my mail server, sendmail also supports it. The problem is there are those admins that are clueless and don't know about ESMTP encryption or don't care or use older MSwindows. If I required TLS I could not send half my mail.
This protocol would only protect against passive snooping, if the DNS was poisoned then the man-in-the-middle attack would work if they did not have a signed certificate.

Re:Use encrypted ESMTP (0)

Anonymous Coward | more than 8 years ago | (#14687408)

How is encryption of the email body going to affect them logging headers? Didn't you even read past the title of the summary?

ThinkGeek sponsorship (1)

thaerin (937575) | more than 8 years ago | (#14686949)

I'm thinking they should team up with ThinkGeek and hand out shirts to all those who take advantage of this ruling - http://www.thinkgeek.com/tshirts/frustrations/31fb / [thinkgeek.com]

I hate to be redundant (-1, Flamebait)

quokkapox (847798) | more than 8 years ago | (#14686991)

But if you believe if freedom, get the f*ck out of the U.S.A. while you still can.

This is "it".

Re:I hate to be redundant (-1, Flamebait)

Aranth Brainfire (905606) | more than 8 years ago | (#14687154)

You might want to start seeing a psychologist. You're seriously way the hell too paranoid.

Oh my god, the goverment can, with an order, see who and when I'm emailing! This is completely different from phone records and anything involving written communication! THEY'RE COMING TO GET US!!!!!!!!!!!!//1?!!!eleven

This is definitely not "it". The surveillance of every single out-of-country phone call might have been "it". Some of the dozens of things the government has/hasn't gotten in trouble for doing illegally might have been "it". But this is, seriously, nothing.

Re:I hate to be redundant (1)

teslar (706653) | more than 8 years ago | (#14687279)

Well, there is an easy way to check if you're being monitored:

1. CC (or BCC) o.bin-laden@aljazeera.net in every email.
2. Wait 10 minutes.
3. Look outside.

Nothing unusual - you're fine.
Black vans start pulling up, neighbours with a two mile radius have been told to "go for a walk" - yup, you were right to be paranoid after all.

Re:I hate to be redundant (1)

quokkapox (847798) | more than 8 years ago | (#14687391)

I've got a little karma to spare. Slashdot can be fun :)

What about other countries (1)

Pulse_Instance (698417) | more than 8 years ago | (#14686994)

I am wondering if the people doing the surveilance will care about stopping at their own borders. Sure it is probably ok if they read an email that I send to one of my friends or co-workers in the states, well aside from the co-workers as that sometimes contains confidential information, but are they going to stop at reading the email that I send here in Canada. With what I have seen so far there does not seem to be anything stopping them and with the technical knowledge that most of the people making decisions seem to have they could easily argue something that would enable them to get away with reading the email that everyone in the world sends. If the American laws state that it is ok for them to read emails, sure it is just read sender and recipient right now, I have no problem with them doing it as long as they are only reading emails send to or received by Americans, in America.

Re:What about other countries (0)

Anonymous Coward | more than 8 years ago | (#14687189)

Don't worry, the CSE is already reading your email, eh?

If you arent doing anything wrong then dont worry? (2, Insightful)

digitaldc (879047) | more than 8 years ago | (#14686997)

Welcome to the land of the 'free' and the home of the surveilled.

We are on our way to... (2, Informative)

dwayner79 (880742) | more than 8 years ago | (#14687015)

Re:We are on our way to... (1)

aztec rain god (827341) | more than 8 years ago | (#14687247)

How quaint that when you hit "Take Action" you get a "Page not found" message.

This is the envelope information (1)

mi (197448) | more than 8 years ago | (#14687026)

I suppose, the information on the regular paper envelopes (adress and return address) was always available to prosecutors.

How about the phone calls — couldn't they always observe, who is calling a suspect, even if the actual listening requires a judicial warrant?

This is nothing new (1)

slackaddict (950042) | more than 8 years ago | (#14687028)

First of all, employers have been monitoring e-mail for years and we all know how fundamentally unsecure plain text e-mail is. Just like your regular paper mail, if you want to have some privacy, use some measures to conceal the content. If you send postcards all the time, don't expect any privacy.

No different then phones (1)

RingDev (879105) | more than 8 years ago | (#14687045)

This is already the case with any phone call you make. The police can pull the luds on the phone and know what numbers you called and for how long. They have no idea on the content how ever. And I don't believe they need a warrent to get this information.

This is the same thing only for email. Instead of a list of numbers, they get a list of email address and times that you've sent stuff too. No content, no subject lines.

Just Jimmy@MyMail.com emailed Jonna@YourMail.com at 9:37pm on 02/06/2006.

-Rick

It's for a grand jury , so different rules apply (2, Informative)

reverendlex (184328) | more than 8 years ago | (#14687077)

Since it's a Grand Jury investigation, the regular 4th Amendment (search and seizure/probable cause) rules are relaxed. A Grand Jury subpoena only requires that the information obtained isn't a fishing expedition.

This isn't another spying story- grand juries have had the power to read all of your documents to determine if a crime has been committed for hundreds of years.

Re:It's for a grand jury , so different rules appl (0)

Anonymous Coward | more than 8 years ago | (#14687244)

did you read the article or the summary?

Someone is going a bit far... (1, Funny)

Anonymous Coward | more than 8 years ago | (#14687112)

to see if his girlfriend is talking to other guys.

Hmmm (1)

Pizentios (772582) | more than 8 years ago | (#14687163)

Sounds like somebody's trying to make the world's largest spam list. Should go something like this: 1) Work your population into a lather of fear. 2) Get a grand jury to let the cops find out who you email. 3) Profit!!!

Clearance sale at ThinkGeek (1)

Provocateur (133110) | more than 8 years ago | (#14687219)

Those stickers that say "I read your email" suddenly take on new meaning.

And will be featured in special editions of the 'Despair' and 'Demotivator' calendars if you pre-order now.

slippery slope into police state 24/7 (2, Insightful)

Intangion (816356) | more than 8 years ago | (#14687245)

whats next? you have to store your files where the government can look at them whenever? you have to live in a plastic box with bars over it and camera survelance on you? concentration camps? thought monitoring? so you can be scrutinized and analyzed and your everythought crossreferenced with everything else to determine if you one day might think of doing something criminal? its going to be like the movie minority report, only worse.

we are losing our liberties faster than we can blink, life under a microscope is not freedom

No different than phones (1)

Phrack (9361) | more than 8 years ago | (#14687292)

They are being treated the same way as phone records. Phone records (originating number, terminating number, etc) are not considered the same way as the *content* of the call itself. The records can be obtained with a simple subpoena. A log entry that shows some originating email address sent mail to another without revealing the content of the message is quite analogous.

I forget the case/legislation that established that difference in treatment. Someone else might can followup with that.

Government concerns aside... (1)

Mantrid (250133) | more than 8 years ago | (#14687300)

Government concerns aside, if you have something in any way, shape, or form, that you consider to be sensitive or private, WTH WOULD YOU PUT IT IN AN EMAIL? I mean seriously, nevermind that government could read it, what about any hacker or shady type with any sort of desire to read your email and any bit of technical knowledge.

I can't believe some of the stuff that people will put in an email that can be intercepted, forwarded, CC'd etc.

Northing new (1)

cfulmer (3166) | more than 8 years ago | (#14687304)

Police have long been able to record the telephone numbers that you're dialing without a warrant. The idea is that the information you give a third party (like the phone number you're dialing to the phone company) isn't protected. Similar information comes from the header of e-mails -- you have to tell your ISP where it's going, so they're the third party.

The interesting case is going to be when your computer sends the e-mail directly to your friend's computer. In that case, there is no third party.

Suspect this has nothing to do with email content (1)

JustASlashDotGuy (905444) | more than 8 years ago | (#14687349)


From this, I get the feeling this has nothing to do with email content. If
the feds are looking for someone, the body/subject of the email may be
unimportant. After all, it could be encrypted in some fashion that the feds
are unable to decrypt.

The headers are gold tho. The headers can help the feds trace down a
suspected terrorist, here's an example.

1) Assume we have been tracking some terrorist in the US. We haven't
arrested him because we are hoping he will lead us to a big fish. So, we
install some monitoring software on his PC.

2) Eventually, he sets up a bogus hotmail account and then emails the big
fish about his current email address.

3) The feds sit and wait for one of two options.

..Option 1) If possible, they monitor for that big fish to check his email.
As soon as that account is logged into, we trace his IP and find out where
he is. That of course depends on the email provider notifying us as soon as
it's check. It could be most difficult if that ISP is not a US friendly
ISP.

..Option 2) We wait for the small fish to start receiving emails to his
bogus account. We can't read the body of the email (because it's
encrypted), but we can look at the originating IP and trace it back to its
source. It's slower than option 1, but hopefully the big fish will still be
sitting behind his PC when we drop the bomb. Or if we are lucky, we capture
him and then get him to decrypt the emails for us.


Another perk of knowing who the small fish is emailing, is that if the Big
Fish's email host happens to be US Friendly, then we can monitor the big
fish and see who else has been emailing him and then repeat the process
again. It's possible that you could build up a fairly large matrix pretty
quick.

Traffic Analysis (1)

redelm (54142) | more than 8 years ago | (#14687476)

This is similar to looking at addresses on postal envelopes. Probably considered a minimal invasion of privacy. Where none was reasonably expected. Next down the slippery slope is comparing keyword sniffers to drug dogs. Very limited detection on both, and no possibility of other (private) information leakage. But an alert _is_ probable cause.

Not unlike what police can get now with phones (1)

_LORAX_ (4790) | more than 8 years ago | (#14687598)

They are seeking to get the routing information of email. They must certify that it is needed for an ongoing investigation, but need not certify that the person is accused of any wrongdoing. This is hardly a huge leap in caselaw, just a new extension for the digital age. If you really feel threatened by it use hushmail. This is not a huge change in our existing privacy rights. Hell if the post office kept that kind of information I'm sure the police could get routing information there too ( if they don't already ).

So hold on to your tin foil beanies, the sky is not falling.

Oh no! They're treating e-mail like regular mail! (2, Interesting)

wiredog (43288) | more than 8 years ago | (#14687608)

You know, looking at the address and the return address on the envelope for regular mail doesn't require, iirc, a warrant.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>