Shark Bait

Knowledge Centers

Operating Systems

Networking & Internet

Mobile & Wireless

Security

Storage

Business Intelligence

Servers & Data Center

Computerworld Reports

Industry

See your link here

Martin McKeay

Security Matters

Is your email private?

10 comments

IT TOPICS:Government & Regulation, Security, Software

The government doesn't believe the email you store at your ISP or online mail services like Gmail deserve the same right to privacy as your phone records or postal mail. The Electronic Freedom Frontier disagrees and believes we should enjoy the same Fourth Amendment rights against illegal search and seizure for email that we do for other methods of communications.

I hadn't realized that the government had been allowed to use the Stored Communication Act (SCA) to view our email for nearly 20 years, but given the inclination of many ISP's to simply turn over records without requiring warrants, I'd always assumed my email could be read by anyone with sufficient desire. Given the permanence of electronic communications and the ease of searching through such documents, it's always been safer to plan that someone will have the ability to read the emails later, whether it's the government or someone who was forwarded mycommunications . I always try to reread any email before hitting send, personal or professional, because I never know who will end up reading it.

The government should have the right to read my email if they believe they need to. But I want to see that ability treated with the same oversight as any other governmental search process: court oversight, official records and notification of the process. Being able to walk into any ISP and ask for my records without any other due process is more power than I'm comfortable with the government having. Think back over the emails you've sent over the last six months and tell me if it doesn't make you a little uncomfortable?

Email this

Digg this

What People Are Saying

Add new comment

Anyone on this blog ever

Submitted by Anonymous on November 29, 2006 - 3:26 P.M.

Anyone on this blog ever heard of Hushmail ? I am not tech savy but the service offered by this company is free encrypted email.

Reply | Report this comment

The only alternative is to

Submitted by Anonymous on November 29, 2006 - 8:25 A.M.

The only alternative is to encrypt private communications before they are submitted to the ISP. This is quite feasible but everyone will have to have the software, and standards must be established.

I don't think it matters whether the "save on server" box is checked. The government simply takes the backup tape of their choice from the ISP.

Reply | Report this comment

Agreed. The PGP product

Submitted by Anonymous on November 29, 2006 - 1:35 P.M.

Agreed. The PGP product works just fine. And Thawte's Web of Trust (also free) is easily integrated into many popular email clients, making it possible for non-techies to handle encrypted communications. (These solutions leave out the use of Web-based email, and so don't solve everything!)

Not that the government couldn't crack a given message if they tried, but it is so computer time intensive that (practically speaking) you needn't worry about your encrypted communications being compromised if you use PGP or Thawte's x.509 certs.

Reply | Report this comment

The government knows only

Submitted by Anonymous on December 8, 2006 - 9:25 P.M.

The government knows only stuff worth encrypting will be worth going after. Too computer intensive to decrypt? Don't kid yourself. Read The Cookoo's Egg.

Reply | Report this comment

Martin McKeay indicated that

Submitted by Anonymous on November 29, 2006 - 7:26 A.M.

Martin McKeay indicated that our phone record files are private.

It seems that I recall during this past year the phone companies were giving the Bush government our phone records wholesale without any warrants or court approval.

And as for snail mail....all any government agents have to do is speak to the postal inspectors and as the saying goes...one hand washes the other.

Reply | Report this comment

Martin, what you have said

Submitted by Ted Mittelstaedt on November 28, 2006 - 3:42 P.M.

Martin, what you have said isn't true. For starters the SCA requires the government to get a warrant if the e-mail has not yet been read by the user. The SCA does not apply at all once the mail has been read. The reason the government can get read e-mail without a warrant is because the ISPs generally tell the user in the fine print of their service that the ISP will not guarentee privacy of anything saved on their service. In other words, the user isn't paying the ISP to keep something private they choose to store on the server, they are paying the ISP to supply mail services. The problem is that most users assume that "mail services" implies that the ISP has a responsibility to keep their stored stuff private.
As an ISP employee it continually amazes me that people expect the same level of privacy from a $9.95 a month dialup account that comes with a disclaimer that you aren't going to get privacy, that they get when they walk into the doctors office and lay out $200 to take off their clothes and get examined, after signing 5 forms that acknowledge the doctor is going to swear on a stack of Bibles a mile high to not disclose anything they find.
Frankly ISP's generally don't want users storing mail on their servers anyway, it consumes expensive disk space for one thing. And the solution to all of this is extremely simple - use POP3 as a mail protocol, download your mail to your PC via Outlook or other mail client, and don't check the "leave messages on the server" button in your Outlook settings (which in any case isn't checked by default)

Reply | Report this comment

It would be more correct to

Submitted by Anonymous on November 29, 2006 - 10:16 A.M.

It would be more correct to say that stored communications less than 180 days old require a warrant. Communications in storage longer require either a warrant or a subpoena. The subpoena process shifts the burden to the subpoena recipient to oppose or quash the government's demand for information. There isn't much incentive for the ISP to go to the mat and opose a subpoena. And, of course, there is no constitutional warrant requirement if the requestor isn't the government.

Reply | Report this comment

You wrote: "...ISP's

Submitted by Anonymous on November 28, 2006 - 5:08 P.M.

You wrote: "...ISP's generally don't want users storing mail on their servers anyway, it consumes expensive disk space..."

Are you saying that ISPs do not (generally) back up email onto other storage media? If they do, then your method of deleting from the server would not work.

If they do not generally back up files, then I still have a question: Does my 'deleting from server' on a POP3 account actually cause the file to be deleted and overwritten, or is it just a flag for deletion? Thx.

Reply | Report this comment

Martin- good to see you

Submitted by alan shimel on November 28, 2006 - 10:44 A.M.

Martin- good to see you writing again. I agree with you, right or wrong, we should realize that we have no expectation of privacy in our emails. Whether it be from an employer, the government or someone else, if you write it, someone can get it. I have written further on this at my blog here

Reply | Report this comment

Not just email. I use a

Submitted by jbl on November 28, 2006 - 5:20 P.M.

Not just email. I use a computer for my taxes, but not a web site. I doubt I'll ever use a web-based word processor or spreadsheet (except as a toy). And the only way I would ever use a public web-based remote bulk storage site to keep anything sensitive would be if my files were at least PGP encrypted before they left my machine -- and maybe not even then.

More of my personal information than I like is already out on the web; but I have tried since its earliest times to treat the Internet as public or semi-public space as much as possible.

Reply | Report this comment

Eugene Kaspersky wants no net anonymity

British finally apologize to Alan Turing; PM Gordon Brown says "sorry"

No easy fix for Word legal woes

Six of the best: June's IT Blogwatch

Today's Top Stories

Microsoft confirms IE6, IE7 zero-day bug

iPhone worm steals online bank codes, builds botnet

HP sees PC sales jump in China

Update: HP reports solid Q4 on services growth

PC market crash averted, says Gartner

Jolicloud eyes Chrome OS's thunder

Hot Posts

Chrome's mission: Making Windows obsolete

Posted by Steven J. Vaughan-Nichols | 118 comments

Apple voids Applecare warranty for smokers!

Posted by IT Blogwatch | 16 comments

Google Phone is actually a VoIP phone?

Posted by Seth Weintraub | 7 comments

White Papers & Webcasts

FISMA Prescriptive Guide
A Tactical Guide Enabling you to take Action and Achieve Operational Excellence

Key Strategies for Managing Data Growth
What are you storage challenges?

Data Manager Report Excerpt: File System Inventory
Cut storage costs and boost operational efficiencies.

Extending Client Refresh - 11 Steps to Maximize Savings
Register Now!

Reducing Storage Costs with F5 ARX
Save money- deploy ARX Solutions.

Lower the Cost and Complexity of a Mobile Workforce through Automation
Download This Resource Now!

All White Papers | All Webcasts

Computerworld Reports

8 Questions To Ask About Your Intrusion-Security Solution

Computerworld Technology Briefings IT Service Management

Computerworld Briefing - Analytics: The Art and Science of Better

All Computerworld Reports

Receive the latest technology news and information.

	Computerworld Daily News (First Look and Wrap-Up)
	Computerworld Blogs Newsletter
	The Weekly Top 10

View all newsletters

* E-mail Address:

* Industry:

* Job Title:

* Company Size:

* Country:

* State:

I would like to receive offers via e-mail from Computerworld partners.

Martin McKeay's Archive

IT Topics

Sponsored Links

Play NetApp's New Data Defense Game.

Return on Information: Google Enterprise Search pays you back. Get the facts.

How Do You Rank as an Innovation Leader? Download Recent Study.

See how AT&T can help protect your network.

3 Innovations. 3 Free Downloads. Free trials of Windows 7, Windows Server 2008 R2 and Exchange Server 2010.

Citrix NetScaler with nCore Outperforms F5 BIG-IP - Learn More

64-page prescriptive guide to security, compliance, and IT operations.

Streamline IT Costs. Boost Performance with WAN Optimization

Enterprise Network & Server Monitoring Software. Cross over to Traverse...

Increase UPS efficiency without sacrificing protection

Crystal Reports Server: Single server access to reports & dashboards

Create new opportunities. See business making progress now

ESET NOD32 with ThreatSense(R) - Get your free trial now!

Looking to add Unix/Linux functionality to Windows?

Join the conversation about the hottest IT trends with Computerworld on Twitter.

ITwhitepapers.com - Access thousands of white papers on 300+ technical topics.

Leverage Your Cisco infrastructure for Superior Application Performance

Learn about the AMD Virtual Experience

Introducing: Project Icebreaker

Stay informed with custom newsletters from Tech Dispenser

New DW Options and Price Points. View Teradata Platform Family Data Sheet.

To get a better view of your entire data center, you need a better vantage point. Improve your vision with Hitachi IT Operations Analyzer - Free 30 day trial

Play NetApp's New Data Defense Game.

Take the Netezza TwinFin TestDrive!

NetScaler VPX : Harness the Power of Virtualized Web App Delivery

Get more enterprise mobility value for up to 25% less.

Unified Communications: Thoughts, Strategies and Predictions. Join the discussion.

NYUs M.S. in Management and Systems. Offered Online and On-site.

Crystal Reports Server: More options. Not more money.

Parallelism is not just for HPC. Create rich apps from desktop to device. Get the eval.

Tolly Performance Report "Citrix NetScaler with nCore Outperforms F5 BIG-IP"

Save up to 61% plus Free Cheesecake

Find IT jobs in the Healthcare industry on Dice.com

With the NEW KODAK i700 Series Scanners get full speed at 300dpi!

Not All QSAs Are Created Equal: What You Should Know Before You Buy

The arrival of Serial Attached SCSI (SAS) marks a new era in storage scalability

The AMD Virtual Experience Virtual Trade Show

About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map

CIO

Computerworld

CSO

DEMO

GamePro

Games.net

IDC

IDG

IDG Connect

IDG Knowledge Hub

IDG TechNetwork

IDG Ventures

IDG.net

InfoWorld

ITwhitepapers

ITworld

JavaWorld

LinuxWorld

Macworld

Network World

PC World

The Industry Standard

Copyright © 1994 - 2009 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of
Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.

Is your email private?

What People Are Saying

Anyone on this blog ever

The only alternative is to

Agreed. The PGP product

The government knows only

Martin McKeay indicated that

Martin, what you have said

It would be more correct to

You wrote: "...ISP's

Martin- good to see you

Not just email. I use a

Related Posts

Today's Top Stories

Hot Posts

Recent Comments

White Papers & Webcasts

Computerworld Reports

Newsletters

Martin McKeay's Archive

IT Topics

Sponsored Links