Wednesday, August 21, 2013

Your email inbox rummaged and rumbled

Protesters against secret monitoring.

Protesters against secret monitoring. Photo: Pawel Kopczynski

About the time Boy George was gracing the tabloids, the only way spooks could read private written communications was to make clever with a boiling kettle and a Minox miniature camera.

As US whistleblower and temporary Russian resident Edward Snowden's recent leaks made brutally clear, things are vastly different today.

Edward Snowden.

Edward Snowden. Photo: The Guardian

Snowden's testimony revealed that the bulk of the world's 150 billion or so daily emails were, theoretically at least, able to be read by American security analysts through the PRISM program.


Debate continues about whether Snowden, in showing the extent of state-sanctioned snooping, acted as a hero or traitor. The issue of whether security services should be able to read private communications is similarly fraught. One thing, however, has become obvious: email is not a private communication. And that raises a compelling question: is it time to give it the flick?

''Standard email is plain text,'' Electronic Frontiers Australia (EFA) executive officer Jon Lawrence says.

Google executive chairman Eric Schmidt.

Google executive chairman Eric Schmidt. Photo: Marilynn K. Yee

''In that sense, you need to be fairly aware that it's not a terribly secure system,'' he says.

Snowden went further in an encrypted exchange with The New York Times earlier this month. Talking about receiving emails from journalists, he said: ''In the wake of this year's disclosures, it should be clear that unencrypted journalist-source communication is unforgivably reckless.''

The actions, real or imagined, of US security services are not the only threat to email privacy, but official moves against Snowden have changed the game drastically. These have been cited, obliquely at least, this month by two boutique email services as the reason for closing down.

First to blink was Ladar Levison, 32, owner of the encrypted email service Lavabit. Levison shut his decade-old service without warning, obliterating 410,000 accounts and posting a message on his website that said, in part: ''I wish that I could legally share with you the events that led to my decision. I cannot … As things currently stand, I cannot share my experiences over the last six weeks.''

It later emerged that 24 hours before the shutdown, a human-rights activist had been contacted through Lavabit by Edward Snowden. It is not known if this was causal or coincidental.

A second boutique encrypted communication business, Silent Circle, closed its email service a day after Lavabit. A message on the company's website said the service was ''pre-emptively discontinued … to prevent spying''. The note added: ''Email as we know it with SMTP, POP3 and IMAP cannot be secure.''

This statement came as no surprise to Lawrence, who encourages fastidiousness when it comes to email hygiene.

''Encrypted email is a pain,'' he says. ''And it only works if the other party is also encrypting, which is almost never the case. People need to understand that if something is really private, then don't put it on the net, full stop.

''And do not put anything in an email that you're not prepared to stand up in court to defend.''

Net communications privacy is a moral and legal mire. Lavabit and Silent Circle can claim the high ground for their closure, but surely few felt sorry for Irish encryption service Freedom Web and its owner Eric Eoin Marques at the start of August, when the former was shut and the latter arrested on charges of aiding the distribution of child pornography.

Hence, in a way, the rub. We are rightly outraged at the thought of spooks reading our emails, but no doubt equally exercised at the idea of the evil and wicked operating safely away from the vigilant eyes of the law.

And, in any case, evidence emerged in a US court last month that our emails are far more likely to be read by the mail services' inbuilt automated systems - and for far more mundane purposes.

Fighting a class action brought against it by a cohort of its email subscribers, lawyers for Google argued that users of its popular Gmail service had ''no legitimate expectation of privacy''.

Citing a precedent dating from before the invention of email, the lawyers argued that using Gmail amounts to handing communications over to a third party, which is then free to sift through it for information useful to its advertisers.

In 2009, about the time Edward Snowden left the CIA and joined the US National Security Agency, Google executive chairman Eric Schmidt admitted: ''We're all subject, in the United States, to the Patriot Act, and it is possible that that information could be made available to the authorities.''

This, among other concerns, leads Lawrence to counsel great care when choosing an email provider.

''The free global services are the single most attacked and hacked services on the planet,'' he says. ''I suggest you should get your own domain name, then run your own mail service, preferably through a small server somewhere.''

Such a set-up costs money, but what price (relative) privacy? ''People who aren't prepared to pay get paid by what they're given,'' Lawrence says.

''Or … when you use a free service, you become the product that service sells.''

There is, of course, one easy solution to ensuring the privacy of written communication - one being used by Russian spy agencies. The Russian Federal Guard Service was last month reported to have invested in a large number of manual typewriters.

It's an attractive idea. As systems go, the result would be pretty much unhackable and free from PRISM's prying eyes. Just watch out for shady characters with kettles and tiny cameras.

■ Electronic Frontiers Australia:

■ Silent Circle:

■ Lavabit:
jika diwebsite ini anda menemukan artikel dengan informasi dan konten yang salah, tidak akurat, bersifat menyesatkan, bersifat memfitnah, bersifat asusila, mengandung pornografi, bersifat diskriminasi atau rasis mohon untuk berkenan menghubungi kami di sini agar segera kami hapus.
◄ Newer Post Older Post ►

© KAWUNGANTEN.COM Powered by Blogger