
U.S. Government Compels Google To Hand Over Wikileaks Volunteer's Gmail Data - mcantelon
http://www.readwriteweb.com/archives/google_hands_wikileaks_volunteers_gmail_data_to_us.php
======
davidu
I know Jake. I had the proud privilege of employing Jake. This is a fishing
expedition, and an absolute abuse of the EPIC and PATRIOT acts.

The NYT filed a lawsuit yesterday to try to start getting some transparency
into these matters -- even Congress is urging people to find out the truth:
[http://www.techdirt.com/articles/20111010/04043716279/nytime...](http://www.techdirt.com/articles/20111010/04043716279/nytimes-
sues-federal-government-refusing-to-reveal-its-secret-interpretation-patriot-
act.shtml)

People can dislike Wikileaks all they want, but this is exactly why they
exist. The raw information is not being released and they see fit to do so.
When the USG has a law on the books that congress passed but the DoJ won't
share their interpretation of what the law means, you know something is very
very wrong. (see: <http://en.wikipedia.org/wiki/The_Trial> )

------
donohoe
The headline is a little disingenuous (technically correct, yes...) -
especially if thats all anyone ever reads. Google didn't hand this over on a
whim, rather:

    
    
      The contacts list and IP address data of Jacob 
      Appelbaum, a WikiLeaks volunteer and developer 
      for Tor was given to the U.S. government after 
      they requested it using a secret court order 
      enabled by a controversial 1986 law called the 
      Electronic Communications Privacy Act, according 
      to the Wall Street Journal. The law allows the 
      government to demand information from ISPs not
      only without a warrant, but without ever
      notifying the user.
    

The problem/fault/remedy lies with the US gov, not so much the compelled
company in this case.

~~~
guelo
You wanted them to put that in the headline?

~~~
waqf
It would have been easy to write a less disingenuous headline. For example,
"U.S. Compelled Google To Hand Over Wikileaks Volunteer's Gmail Data."

~~~
nostrademons
That's what the headline reads now - what was it before?

~~~
abraham
Title on the article:

> Google Hands Wikileaks Volunteer's Gmail Data to U.S. Government

Implies that Google did so out of free will rather then being legally
compelled to.

------
cookiecaper
Applebaum, a tor developer, is i am sure astute enough not to leave
unencrypted mails on gmail. he is used to governmental abuse at airpoets etc.,
so i am sure he saw this coming.

~~~
kragen
He can't prevent people from sending him unencrypted emails on Gmail, except
by not using Gmail, nor can he force Google to delete them.

~~~
cookiecaper
If he's receiving random emails they are probably not important or sensitive
enough to be valuable to the government. If he's receiving non-random emails
that contain sensitive data, it should all be encrypted.

If you do get something important that is not encrypted, you can forward the
mail to yourself as ciphertext.

You're correct that Appelbaum has no control over Google's retention
procedures.

~~~
kragen
The government did not request the contents of the mails in any case, but the
header information: who Jake was communicating with, and when.

------
RexRollman
It fairness to Google, they fought this, and they are part of Digital Due
Process, a group that is trying to get this law changed.

<http://www.digitaldueprocess.org/>

------
sudonim
From comments here, it looks like there aren't good options for secure email
outside of the jurisdiction of the US government.

I've been interested in setting this up for myself. If you're interested, let
me know on this form, and I'll begin looking into the issues of where to host,
and what legal structures I'd need to set up.

[https://ianap.wufoo.com/forms/do-you-want-secure-private-
ema...](https://ianap.wufoo.com/forms/do-you-want-secure-private-email/)

~~~
cookiecaper
If the US decides it wants access to your accounts, I don't think putting a
server in another country will be enough to stop them.

The real answer to this and all other serious privacy issues is to use strong
cryptography properly. There's no two ways about it. Anything that isn't
encrypted before it sees a NIC should essentially be considered a public
broadcast.

------
natch
Dear Google,

There must be ways to protect user privacy that are better than collecting
everything in a form that can just be handed over. Example: encrypt on the
client side, with user-supplied, large, non-compromised keys, and don't ever
inspect the data on the server. If you need to inspect data in order to serve
relevant ads, do it on the client, and only send back enough information to
tailor whatever ads are currently available. Maybe do the ad selection on the
client too. If this doesn't work for one of your services, consider it for
other services where it would work. Laws prevent you from providing service X
without providing such-and-such a hook? Then don't provide service X. Provide
a plugin framework instead, and let users bring their own service. Use your
heads. Maybe use a bit of the compute power the client has available. You spun
down a lot of your China presence because of stuff like this, supposedly. You
should be able to take big steps anywhere, not just in China. You are smart.
Figure. It. Out.

------
linuxhansl
Would someone please remind me when Wikileaks was convicted or even accused of
a crime?

That's right: Neither ever happened.

What is going on in this country? Is the desire to operate in the dark, to
work behind the backs of the very people that this government represents so
strong, that any organization shining light on this must be squashed?

------
GermTheGeek
Now the question is: What major options do privacy advocates have apart from
hosting their own mailservers?

~~~
01PH
Even if you host it yourself but at a regular hosting provider "they" might
just confiscate your servers. Increasing email encryption usability might be
the road out of this dilemma. Otherwise email encryption is going to stay
within a very small circle of users.

~~~
GermTheGeek
When I said "Host your own" I meant on a physically secure box using full disk
encryption.

But I do like the idea of encryption, GPG does this really well already but
key distribution is still a problem.

Just an idea for a secure physical box: Throw in a external "always on" GPS
receiver on the box and have it physically destroy the hard drive if it is
outside of a certain area or if it detects a certain amount of movement (think
someone removing it from a rack without disabling the service first). If your
server was moved/confiscated it would ensure some safety. Just a tinfoil
thought.

~~~
protomyth
When you say "physically destroy" do not use any form or anything that could
be spun as a incinderary, explosive, or projectile device. The laws on those
type of things will put you in prison for a long time.

~~~
GermTheGeek
How would one go about safely destroying multiple hard-disks anyway. Closest
thing I can think of is a small compactor with the disks inside of it.

~~~
JoshTriplett
You're much better off just using full-disk encryption; throwing away the key
effectively destroys all the data. You do need to make sure you actually erase
all traces of the key
([https://secure.wikimedia.org/wikipedia/en/wiki/Cold_boot_att...](https://secure.wikimedia.org/wikipedia/en/wiki/Cold_boot_attack)),
but you need not worry about physically destroying the disks.

------
guelo
Maybe Americans should use European hosts and Europeans can use American ones.
Does anyone know of any good international webmail providers, with SSL?

~~~
cookiecaper
My understanding is that using a non-domestic service would actually make it
much easier to retain data under traditional espionage procedures. Perhaps
this is incorrect. Clarifications welcome.

~~~
andrewcooke
it doesn't make any difference. you us citizens are being tapped just the same
as all us evil foreign terrorists these days. <https://www.eff.org/issues/nsa-
spying>

~~~
cookiecaper
I'm aware of the illegal NSA spying, but surely they're still somewhat more
cautious about deploying domestic surveillance. Going overseas makes it all
legal and OK, here they at least theoretically are not supposed to be doing
things, and that's better than nothing, right?

~~~
andrewcooke
so you're arguing that despite doing massive domestic surveillance, solidly
supported by the government, they're not going to use the data because of
their good moral standing.

or are you being sarcastic?

~~~
cookiecaper
I suggest that there are legal implications that make it more difficult to use
that information on cases that are not "high value".

------
RobertKohr
Interestingly www.torproject.org is currently down... I don't know if this is
related.

~~~
RobertKohr
As is <http://www.appelbaum.net/> (his website)

------
chadp
A good (but already known) reason to leave gmail.

~~~
yanw
How is it a gmail only problem? The government got a court order to force
them, Google didn't hand it over willingly. It's the government who is at
fault here and the shitty laws that enable it.

~~~
Abundnce10
The article states that the government had a court order but didn't have a
search warrant. It seems there is a loop in the system with the Electronic
Communications Privacy Act. My questions is, did Google 'have' to give over
his Gmail account information? Or do they just comply to make their lives
easier?

~~~
fleitz
In today's society 'having to' and making your life easier is just about the
same thing. Don't want to comply citizen? We do have those antitrust hearings
scheduled in a few weeks, would be a shame if we found out you were running a
monopoly and had to break up your company.

When US citizens are assassinated by presidential order rather than being
brought to trial it's probably time to 'make your life easier' rather than
wait around for the ICC.

~~~
tripzilch
Interesting point. It's not unlikely that played a role in their decision not
to fight it (too much).

------
zobzu
tor developer didnt use tor ? odd.

~~~
mkjones
Using tor wouldn't have helped anonymize his contact list.

