4th Amendment Protection Eliminated In E-mail

I just read something on Slashdot that should be a great big red flag to anyone that has any interest in email privacy at all.

The 11th Circuit court handed down a decision in Rehberg v. Paulk which severely limits how much fourth amendment protection there is for Email.  The decision was that constitutional protection in stored copies of e-mail held by third parties disappears as soon as any copy of the communication is delivered.

The problem with this is that because of how email works, Just because a copy of the message was delivered to you when your email program downloaded it from the server it doesn’t mean that the copy on the server instantly ceases to exist.  This means that the government or any Law Enforcement Agency can just wait until email is delivered and then snag a copy from the server it was delivered from.

If you’d like an in depth look at why this decision is wrong I suggest you have a look at this article.  The author goes into the legal nuts and bolts of why the 11th circuit court is wrong.

Regardless of whether it’s ever overturned or not, this case serves as a reminder that even with forth amendment protections, email is NOT very private at all unless you take steps to MAKE it private.

The only real answer to the problem of course is to use encryption.  And before you start going with the “If you haven’t got anything to hide then you have nothing to worry about” crap think about this.  For the average person (even law abiding people), it’s not a question of having “something to hide” so much as having privacy.  Back in the days when everybody used postal mail, if you didn’t want the contents of your message to be read then you would use a security envelope or perhaps even put it into a package that was much more difficult to open.

The same thing applies to email.  People send emails every day the contents of which they very much do NOT want to be read by anyone but the intended recipient.  Those emails can be literally anything from important business matters about a new secret project to you Aunt Jane’s secret collection of home remedies for acne.  The point is that you want them to be read only by the person that you’re sending them to and that anyone else reading them is an invasion of privacy.

This is where encryption comes in.  For example if you use Thunderbird as your email program it’s a small thing to get a plugin called Enigmail and a copy of GnuPG, take a few minutes to read some instructions about how to set them up and create a keypair, publish the public part of the key and you’re ready to begin encrypting your email.

Ok, Granted, it’s not much use to encrypt email unless the other party has the same kind of setup but that’s really easy.  All of the programs I just mentioned are free and take only minutes to set up.

I have personally been using encryption for years.  Even when I don’t encrypt emails I use Enigmail & GnuPG to digitally sign all of my emails so that the recipients can A, verify that it was me that sent it and B, they can tell if the message has been altered in any way.

If you want your email to be private the ONLY way to insure this is to use encryption.  I think that it’s long overdue for encryption to come into mainstream use.  It’s not hard to do and does something that regular, unencrypted, email can’t do: It guarantees that you have an “Expectation of privacy” because you have taken extra steps to make it clear to anyone looking at the message that you don’t want anyone but the intended recipient to read it.

Technorati Tags: privacy, gnupg, enigmail, 11th circuit court, forth amendment, encryption, email

Why I PGP Sign All My Emails

I’ve been making it a point to PGP sign all of my emails for several years now and I still get the occasional question asking why I bother.  The answer is simple really, I’m using it as a form of identity theft protection.

You see about five or six years ago I and people I know suddenly started getting spam that had my email address in the From line.  I had known for a long time that it was actually a trivial matter to spoof the from line in an email but this is when it really hit home.  Just by faking the origin of the email somebody could, if they wanted to, send literally anything they wanted to my friends & family and there wouldn’t be any real way for me to convince anyone that I didn’t send it.

Granted, family members are most likely to believe me if I tell them I didn’t send that nasty email with my address in it’s header but most people don’t tend to be as forgiving if they’re not family.

I had been using PGP occasionally to encrypt private messages but I hadn’t used it much otherwise.  This is when I instituted a policy of always signing emails that I send.  That way, if there’s ever a question of “did you send such-and-such?”, I can ask them “Does it have a valid PGP signature created with my personal key?”.  If the answer is no then I didn’t send it.

After deciding on this I let everyone know that if there was ever a question about the validity of an email appearing to be from me, all they have to do is look for and check the signature.

It insures that nobody can send something claiming to be me because they can’t duplicate my signature without my private key and the passphrase.

And no, you can’t just copy the signature block from one email and past it in another.  It doesn’t work that way.  Any PGP signature is totally unique to message it appears in.

Technorati Tags: digital signature, pgp, identity protection, encryption

TI Upset Because Hobbyists Cracked The 83+ OS Signing Key

Texas Instruments (TI) calculators have for a long time been a subject of hobbyist interest.  In particular is the TI-83.  However TI has long been known to be very uncooperative to say the least.  Recently news came out that somebody has managed to crack the RSA signing key for the programmable calculator’s operating system.

This development means that it will now be a LOT easier for people to load new custom operating systems into the calculator.  Unfortunately, TI seems to have a problem with this.  According to the Electronic Frontier Foundation, some TI execs have decided from the comfort of their fancy barcelona chairs that this is not tolerable and they have since been issuing DMCA takedown notices in an effort to suppress any mention of or links to the keys in question.

Fortunately for TI hobbyists, those keys are going to be very difficult to suppress.  Not only have preserved on Wikileaks and other sites, they have also been posted on a Freenet 0.5 “freesite” the URL to which is:

SSK@eaYn7lrnws~202trApiznva4-QkPAgM,r45BnHpoDlD-r2ozUE7I6g/TI83+OS//
(*note* you must be running Freenet 0.5 on 127.0.0.1:8888 for this link to work.)

Even if TI manages to get those keys totally suppressed and removed from Internet sites, which I think it’s already too late, They’ll never get it removed from Freenet, If only because once something is inserted into Freenet you CAN’T delete it, ever.

Technorati Tags: texas instruments, signing key cracked, ti 83 calculator, ti signing key

FBI Wants Authority To Snoop Internet Backbone Data

I think it’s pretty safe to say that the fact that there are government agencies doing a lot of snooping on all manner of Internet traffic.  It’s also safe to say that since 9-11 this snooping has escalated massively.  Now, the FBI is trying to get access to data that the NSA has been collecting from the Internet backbone (servers through which ALL Internet traffic passes through) so that they can look for criminal activity.

The problem with this is that they’re apparently not just limiting this to justifiable searches and evidence gathering in the course of an ongoing investigation.  This is a lot more “Big Brother” in nature, scanning data looking for things that they can then investigate and prosecute as crimes.  As if they don’t already have enough active cases to work on.

The problems with this kind of thing are many, most of which have to do with the fact that it blows all sorts of holes in people’s right to privacy.  It also means that it becomes more and more necessary to watch what you say online because you never know when “Big Brother” is watching and what he may decide is a sign that you’re on the wrong side of the law.

It means that people need to take active steps to maintain privacy.  The first thing to remember is that the online world has always been subject to people being able to snoop.  While it’s generally a good practice to never write anything online that you wouldn’t want posted on a billboard where everyone in town can read it, it’s also sometimes necessary to communicate privately.

This is why I think that everybody should take a little bit of time to get and learn how to use some basic privacy tools.  Like for example, users of the Thunderbird mail client could get GnuPG and the Enigmail plugin and learn how to send encrypted and / or signed emails.  Maintaining safe browsing practices, never entering important passwords on un-trusted computers. (and untrusted means something that you’re not in control of what’s on it)

As for the FBI’s quest for access to still more information about everybody and their habits.  This needs to be stopped, the problem is that too many people are either ignorant of or foolishly unconcerned about things like this until it’s too late.

Technorati Tags: encryption, security, fbi, nsa, internet+backbone, domestic+spying, gnupg, enigmail, safe+computing, privacy

Is Windows Collapsing?

According to an article on computerworld.com Microsoft had best make sure that the Windows operating system has an up to date programlife insurance quote.  Because the way things have been going with Vista and Microsoft’s refusal to just be sensible and stick with the XP that already works…. beefing that up instead of scrapping it in favor of the rolling and screaming … disaster that Vista has become.

If Microsoft can’t pull it’s collective heads out soon and do something right with XP, they’re going to end up a has-been that people will start forgetting.

Also, don’t look for the next version beyond vista, code named “Windows 7” to be any better.  From what I’ve see thus far, that thing is geared not for the user so much as it is to make Microsoft more money.  Instead of just providing a complete operating system, they’re carving that thing up into modular chunks, bits that will require more money (and activation codes no doubt) in order to add them in to the existing base install.

The only thing that this is going to do is turn people away from them even faster than Vista is doing.

Honestly, I think that vista has been the best thing for linux in a long time.  Windows 7 promises to be even better for linux.

Technorati Tags: Linux, microsoft, modular, upgrade, vista, windows, windows+7, windows+vista, windows+xp

 Page 1 of 2  1  2 »