Limited Email Surveillance Approved

MrNougat writes "CNet reports that some surveillance of your email has been permitted by U.S. District Judge Thomas Hogan in Washington, D.C., without first requiring any evidence of wrongdoing. Curiously: 'instead of asking to eavesdrop on the contents of the e-mail messages, which would require some evidence of wrongdoing, prosecutors [of the US Justice Dept.] instead requested the identities of the correspondents. Also included in the request was header information like date and time and Internet address--but not subject lines.'"

Re:So use encryption!

[forgotten_my_nick]

TBH the whole system is pointless. Lets say Joe Terrorist wants to pass a message to another cell.

Does he fire up his hotmail account and send an email to durkadurka@hotmail.com?

Of course he doesn't. TBH the easiest way would be to post on a webboard that has a lot of innocent traffic, or on the USENET. Heck even just play an online game (MMORPG) and say something like your looking for +3 Orc slaying knife for two gold pieces.

This method of scanning email headers doesn't solve the issue. All combatants must realise they are being spied on.

The 6 degrees of Kevin Bacon.

[khasim]

Encryption will block them knowing the dirty joke you just told your friends, but it won't stop them from knowing WHO your friends are!

So, you sent and email to Mr. A.

Who sends email to Mr. B.

Who sends email to Mrs. C.

Yeah, you see where this is going. Just about anyone can be connected to anyone else with enough hops.

And the government would be "justified" in collecting the information on each of the people in those hops because those people are "connected" to someone under investigation.

Re:So use encryption!

[DavidTC]

There are actually Usenet groups for posting unlabeled encrypted messages in. People receive messages by merely downloading each article and trying to decrypt it. While you can figure out who is communicating using that method, you can't figure out who they are comunicating with, except it has to be someone else in that group.

Thanks to spammers, you can buy lists of 'open proxies' that will let you hide your IP and access the person with the owned computer's ISP's usenet server, which you really only need to do when sending messages. Thus rendering any sort of traffic analysis of the group completely useless.

But the best method of sending data on the internet is hiding it in, say, a GIF. You don't even need to use stenography, you can just take an encrypted binary file, put a GIF header at the start of it, and put it in a 1x1 image link somewhere on a web page between two specific times, and have any receipient 'innocently' surf past your page, and then go get it out of their cache. Bonus points if you manage to write bad HTML so that only one specific browser will go and get the 'image', like IE 4 or Firefox 0.7, although you shouldn't make that obvious or people might get curious. Be sure to put a real image up there the rest of the time, and reset the date back whenever you make changes.

And you can trivially think of a way to have two people do this to each other so they can talk back and forth. They just each have pages on somewhat related things, and browse a bunch of pages on that topic, always making sure to go past each other's.

The great thing about this is that the receiving end can defeat a keylogger. Just make sure the 'check the cache for encrypted files' is a program that they won't notice when installing the keylogger, for example a solitaire game, and it pops up the decoded message when you start it between exactly 32 minutes and 37 minutes after adding the image to your cache, or something. Most software keyloggers do not include any sort of screen capturing, because that would require a lot of space, and hardware ones cannot do it at all, or at least not reasonably. (And see Cryptonomicron for how to defeat this, although note the method of communication in that can be logged also.)

Although obviously if you send messages, a keylogger will catch them. In theory, you could click on the letter via your mouse, but a lot of software keyloggers are including mouse clicks exactly because of that. Although the message can be hidden via moving buttons around and renaming them, that is incredibly annoying for any message over two sentences, and it doesn't hide the fact you were doing something very suspicious, which, if they've bugged your machine, they were already pretty sure of.

Oh no! They're treating e-mail like regular mail!

[wiredog]

You know, looking at the address and the return address on the envelope for regular mail doesn't require, iirc, a warrant.

Re:So use encryption!

[gstoddart]

This is not about reading your email. Its about finding out who and when you sent an email.

Encrypt it all you want, they are not interested in what you are sending, and not even the subject, they are interested who you are communicating with and when.

You're right, but this is a complete license to conduct fishing expeditions.

Imagine a situation in which you (A), being a non-terrorist might be obliquely linked to someone who is a suspected-terrorist (B). Such expeditions will allow the following chain of logic:

"We believe B is a terrorist. A sent an e-mail to B. We now need a to closely investigate A because he is associated with our suspected terrorist B."

This opens up people for the worst sort of unsubstantiated witch-hunt crap. Think of the worst parts of McCarthy-ism, because suddenly you're on the hook to prove that your association with B has no nefarious activity; merely the suspicion of having contacted someone else who is under suspicion, and your ass is in deep trouble.

Don't believe it could happen? Do a google search for Maher Arar, a Canadian-Syrian citizen who was deported to Syria under that godawful 'rendering' program the US has been using. On final balance, it was determined that a foot note in an observation of someone else caused him to be flagged as an associate of a person of interest. On the basis of nothing else, he was arrested, detained, deported, tortured, etc.

Believe me, this falls very much into the onerous category of things. This will lead to all sorts of atrocities.

Re:Land of the free

[LilGuy]

Guess what happens when you don't hide your innocent opinions when they clash with the administration?

Ask Hunter S. Thompson.

Re:Why oh why is it not built into email clients?!

[ch-chuck]

Perhaps GnuPG? Well, there's the whole problem with the GPL (esp. V3).

How about S/MIME ? I'm just playing around with it, but Evolution email has
support for PGP and S/MIME. I just got a free cert from Thawte installed
in Firefox, exported and loaded it into Evolution and can now sign/encrypt email
and just recently send a signed email to Eudora which recognized it as a valid
signature.

Re:Don't worry.

[Catbeller]

Every point I made has come out of the news services in the last few weeks. "Michael Moore" didn't tell me this; Halliburton.com told me about the camps, and AP and the newspapers told me the rest. Abu Graib cost 8 million. How many camps are they building with 347 million??

The feeding chairs were in today's news. The prison officials are quite proud of their accomplishment. They seem to really like tying up naked men. Those men are simply trying to die to leave hell. They are being tortured, every day they are in a cage. We've let thousands free from these camps, uncharged, since they hadn't done anything. Fairly good bet we're hosing down innocent men. We've killed about 32 during their various tortures, didja know? It was in the news. Google is your friend. That's the number the military admits to torturing to death.

All you have to do is read. But you don't, do ya. Ya get your news from Limbaugh and the new, "culture-changed" CNN, and of course Fox News and the others.

this isn't "liberalism", this is about morality and truth. It's about not torturing innocent people, about concentration camps being built while CBS and NBC and CNN and Fox don't give a damn.