4th Amendment Protection Eliminated In E-mail
March 17th, 2010 | Posted in domestic spying, Encryption, Internet, Opinion, Privacy | 2 CommentsI just read something on Slashdot that should be a great big red flag to anyone that has any interest in email privacy at all.
The 11th Circuit court handed down a decision in Rehberg v. Paulk which severely limits how much fourth amendment protection there is for Email. The decision was that constitutional protection in stored copies of e-mail held by third parties disappears as soon as any copy of the communication is delivered.
The problem with this is that because of how email works, Just because a copy of the message was delivered to you when your email program downloaded it from the server it doesn’t mean that the copy on the server instantly ceases to exist. This means that the government or any Law Enforcement Agency can just wait until email is delivered and then snag a copy from the server it was delivered from.
If you’d like an in depth look at why this decision is wrong I suggest you have a look at this article. The author goes into the legal nuts and bolts of why the 11th circuit court is wrong.
Regardless of whether it’s ever overturned or not, this case serves as a reminder that even with forth amendment protections, email is NOT very private at all unless you take steps to MAKE it private.
The only real answer to the problem of course is to use encryption. And before you start going with the “If you haven’t got anything to hide then you have nothing to worry about” crap think about this. For the average person (even law abiding people), it’s not a question of having “something to hide” so much as having privacy. Back in the days when everybody used postal mail, if you didn’t want the contents of your message to be read then you would use a security envelope or perhaps even put it into a package that was much more difficult to open.
The same thing applies to email. People send emails every day the contents of which they very much do NOT want to be read by anyone but the intended recipient. Those emails can be literally anything from important business matters about a new secret project to you Aunt Jane’s secret collection of home remedies for acne. The point is that you want them to be read only by the person that you’re sending them to and that anyone else reading them is an invasion of privacy.
This is where encryption comes in. For example if you use Thunderbird as your email program it’s a small thing to get a plugin called Enigmail and a copy of GnuPG, take a few minutes to read some instructions about how to set them up and create a keypair, publish the public part of the key and you’re ready to begin encrypting your email.
Ok, Granted, it’s not much use to encrypt email unless the other party has the same kind of setup but that’s really easy. All of the programs I just mentioned are free and take only minutes to set up.
I have personally been using encryption for years. Even when I don’t encrypt emails I use Enigmail & GnuPG to digitally sign all of my emails so that the recipients can A, verify that it was me that sent it and B, they can tell if the message has been altered in any way.
If you want your email to be private the ONLY way to insure this is to use encryption. I think that it’s long overdue for encryption to come into mainstream use. It’s not hard to do and does something that regular, unencrypted, email can’t do: It guarantees that you have an “Expectation of privacy” because you have taken extra steps to make it clear to anyone looking at the message that you don’t want anyone but the intended recipient to read it.
[tags]email, privacy, encryption, forth amendment, 11th circuit court, enigmail, gnupg[/tags]
Just copy this code and paste it on your site where you want the link to appear:
The simplest way to avoid this is to use an encryption protocol to send anything that you don’t want read by others. Trucrypt is free and works very well. The other benefit to this is if everyone encrypts, the volume of encrypted letters increases, thus, any attempt to read, or be able to read these messages, meets with a growing volume of material it must sort through in hopes of finding the proverbial needle in a haystack item of genuinely incriminating evidence. When you consider that some encryptions are so complex that it would take super computers hundreds of years to break even one, the data level required is so massive that no computer bank in the world, even one purchased and built by government entities could ever sift through all of the information to find what it needed.
All true. Yet in spite of the fact that strong encryption products like PGP and the totally free GnuPG are readily available and extremely easy to use, most people don’t bother encrypting anything. Part of the problem is that they have the idea that email is private when in fact it is not. Sending email is very much akin to sending old style postcards. If you’d rather the content of your message not be out there for anyone to read then you need to use encryption which has the effect of putting that message into a secure, tamper resistant, envelope that only the intended recipient can open.