Sky’s Blog

Who has access to your email addresses and your email-writing history?

The Washington Post reported last week that the Obama administration is seeking to modify the 1993 Electronic Communications Privacy Act so that Internet service providers must turn over transaction records on email communications and possibly web browsing records, upon receipt of a “national security letter” from the FBI. This particular legal process doesn’t require review by a judge—unlike search warrants.^[1]

The law does not allow access to the contents of those emails without judicial oversight…only the more externally-visible addressing information, and that does tend to be what email systems log and archive. On the other hand, the term “electronic communication transactional records” which is what the government could require ISPs to divulge, is not defined in federal statutes, according to the Washington Post.^[2] And so it could conceivably be extended to include other person-to-person communications, such as social media contacts

This is the same process the Bush administration used, in the early 2000s, to ask libraries to turn over the records of books checked out by patrons, which was strongly resisted by librarians at that time.

Phone companies keep records of all of the numbers you call, and these are subject to the same access rules. This has never been a question, and most people in the US are probably at least marginally aware of this.

The real question isn’t whether someone is reading your email addresses and headers—it’s how they are interpreting the titles, subjects, and names of the people you are corresponding with. In the McCarthy era here in the US, you could be blacklisted for associating with the wrong people.

If you have an inquiring mind, would you want someone to judge you based on the titles of the books or publications you’re reading? Or the subjects and addressees of your email?

[2] The New York Times 30 July, 2010 — secondary report and opinion

A whole nother ancillary question is whether your ISP actually keeps these records or not. If they do not, are they then exempt from having to turn over any records, or will the government require that they keep such records in the future? Some ISPs intentionally do not keep certain kinds of records, which helps keep your use of certain services anonymous. And, for instance, I’d guess that very few ISPs, if any, keep records of your browsing history, and this makes it prohibitively difficult to document all of the web sites you’ve visited.

Tweet This Post

The government of the USA was constituted “to provide for the common defense” among other things.^[1] Unfortunately the line between public responsibility and private responsibility for defense in cyberspace could be rather blurry.

Clearly when there is warfare in the physical world the combatants are also likely to utilize cyber tactics of some sort, even if only for informational or propaganda purposes, but more likely as powerful tactics to take down their target’s ability to respond quickly or in a focused manner. Because governments aren’t really equipped to handle these types of attacks, which would include attacks against private infrastructure, not just government systems, they’d have to rely on private companies, individuals and groups — essentially private armies — to deflect or thwart any attack. (continue reading…)

Tweet This Post

The public release of the document Shadows in the Cloud is important because this document contains some very important messages—stated very clearly—that haven’t really been said publicly before.

If you’re not a cyberspace expert and don’t care for geek talk, you may think it’s just another report on cyber espionage. But the messages are important for everyone. And my point is that they are very clearly explained!

Ron Diebert and Rafal Rohozinski, in their Foreward, point out that crime and espionage go together. Or that wherever one goes, the other is soon to follow.

They don’t say this directly—these are my words: Crime, espionage (and warfare) seep into the interstitial spaces of society and occupy any vacuum they find. And from there they can grow to occupy the whole of the space, like a mold, fungus, or rot.

What we are seeing in online attacks against free speech sites these days, particularly drive-by attacks^[1], is that they do not seem to be politically or idealistically motivated, instead they are opportunistic and (presumably) economically motivated because they’re focused on injecting spambots and trojans, not on altering the message of the nonprofit web site.

Tweet This Post

In early June, I was in a nice rainy East Coast US city for meetings dealing with particularly thorny issues related to ways the Internet experience is being killed off for regular folks—and for institutions (NGOs) that are promoting free speech and human rights. Over a small breakfast, I sketched in my book some notes about the progression of malware over time. Basically paralleling the development I describe in my site The Social Graph of Malware, malware has gone from simple and juvenile defacement of web sites to become sophisticated and bandwidth-hogging socially-engineered schemes designed to get people to fall for a purchase they didn’t want to make,  or just to click a link to enroll their computer in a network of zombies poised to conduct nasty attacks on other people. (continue reading…)

Tweet This Post