
Where did the principle of secrecy in correspondence go? - jackgavigan
http://www.theguardian.com/technology/2015/aug/12/where-did-the-principle-of-secrecy-in-correspondence-go
======
nbadg
This was a great article OP. But I think the author misses two critical
points.

Privacy and secrecy, in my mind, are questions of agency. In this context
we're talking about information. You can, broadly speaking, only do three
things with information: create it, retain it, and share it. If you're to have
agency -- that is, the ability to independently control your own existence --
in a digital sense, that implies that you must be able to control those three
things. And if you think about it in terms of actual physical speech, it seems
so intuitive: it would be an extraordinary day indeed if there were widespread
physical manipulation of the very words coming out of our mouths, if somehow
some third party could magically eavesdrop at will over anything we speak. But
we've acclimated ourselves to thinking of digital spaces as somehow separate,
as if the perceived triviality of, say, instagramming food pics might also
imply that there is any less of a violation of our personal agency. That, for
me, is why "private-by-default" is and always has been so vital: without it,
you're incapable of exercising any meaningful control over the digital world
around you. I'm always sad to see this framing left out, because I think it's
a very important perspective to have.

The second, and likely more appropriate point (given that this is HN), is that
this isn't just economics and geopolitics. It is a technical failure that
allowed third parties to have any control over it in the first place. HTTP
doesn't even protect security, much less privacy. HTTPS is a step forward, but
if you think it's sufficient in protecting privacy, I would offer Facebook as
a counterexample. Protection of data in transit is an insufficient condition
for privacy, and therefore an insufficient condition for agency. It's
perfectly possible to create a protocol to address this, to afford not just
security but agency, and I am absolutely positive that there are people out
there working on this (I know, because I'm one of them:
[https://github.com/Muterra/doc-muse](https://github.com/Muterra/doc-muse)).
But the hard part is overcoming the inertia we already have, and on that
front, we are indeed back to economics and politics.

~~~
nickff
Your narrative fails to explain what happened to Skype. Skype was a fully
encrypted means of communication, and the only way to listen in on the parties
talking to each other was to hack one of their computers. Then the NSA (and
possibly other agencies) forced Skype to install a backdoor; this is one of
many examples. There is no technological solution to the government compelling
cooperation from any developers who venture to protect privacy. What would you
do if someone held a gun to your head and ordered you to either give them a
backdoor, go to jail, or be shot?

The US government (for example,) has used many rationales to justify this
behavior, including third party doctrine, and despite the obvious lack of any
enumerated power to spy on citizens and residents at-will. Most other
governments never pretended to provide privacy protections for their
populations, these people were largely kept safe because of the sheer volume
of traffic communications and the high cost of surveillance (before powerful
computers and huge national governments).

It seems that the problem is entirely political, as the government(s) will go
to any lengths necessary to preserve their ability to look in on citizens.
Powers that were once viewed as abhorrent and inherently totalitarian have
become accepted through the collective passivity of an ever-more risk-averse
populace.

~~~
nbadg
I don't buy framing that as a purely political issue; it's exceptionally rare
that anything fits so neatly into a box like that. Furthermore, boiling down
the deprecation of the original Skype protocol at the hands of post-
acquisition Microsoft is pretty far removed by what I'm saying; there's just
too much to account for.

Your characterization of a coercive state just isn't how the US political
world works. Black suits don't show up at a developer's door with a gun and
tell them "you must introduce technical vulnerabilities in your protocol
and/or implementation or we're going to kill you". That's Hollywood. In
reality, the government puts indirect economic pressure on Microsoft, and this
has a measurable impact on the command chain there, and eventually a
"favorable" outcome (from the government's perspective) is reached. This may
even be internally justified for "performance reasons" (and it was).

The plain fact of the matter is that at the end of the day, a technical
vulnerability was implemented somewhere in the Skype protocol + implementation
+ system chain. That is still a technical deficiency, even if, as I said in my
original reply, it is influenced by economic and political factors.

~~~
Retric
_Lavabit was ordered to provide the SSL key in machine readable format by
noon, August 5 or face a fine of $5000 per day._

A phone call which from the IRS is defiantly backed up by people with guns
even if nobody is directly in your face about it. Suggesting people in Black
suits need to show up when

 _I wish that I could legally share with you the events that led to my
decision. I cannot._ [http://www.dailydot.com/news/email-anonymous-hushmail-
lavabi...](http://www.dailydot.com/news/email-anonymous-hushmail-lavabit-nsa/)

PS:
[https://en.wikipedia.org/wiki/Lavabit](https://en.wikipedia.org/wiki/Lavabit)
_The service suspended its operations on August 8, 2013 after US government
ordered it to turn over its Secure Sockets Layer (SSL) private keys._ _Levison
also stated he has even been banned from sharing some information with his
lawyer._ _Levison and his lawyer made two requests to Judge Claude M. Hilton
to unseal the records, both of which were denied._

~~~
nbadg
> Suggesting people in Black suits need to show up when

But that's exactly what I'm trying to say. I was responding to:

> What would you do if someone held a gun to your head and ordered you to
> either give them a backdoor, go to jail, or be shot?

Which is not reality. That's not the kind of coercion you experience. The
government applied (in this case direct) economic pressure, and Lavabit made a
business decision that a fine of $5000 per day (and potential future legal
problems) was an unacceptable operating expense. Goodbye, Lavabit.

And once again, a protocol (like SMTP) that doesn't inherently protect agency
is, in my opinion, a technical problem. That email requires SSL for
confidentiality is a security vulnerability. You don't fix that by taking on
the political system (I mean you could, but good luck). You fix it by
engineering a protocol that isn't vulnerable in the first place.

My point is that we need to stop waiting for the politics to change, and solve
the problem ourselves. That's going to mean questioning some very entrenched
protocols, like SMTP. So be it.

~~~
nickff
When you say he faced "potential legal problems", what you really mean is that
they were threatening to send him to jail, or if he failed to cooperate with
the brave boys in blue, they would shoot him. Fines are enforced in
essentially the same way: either pay, go to the small box, or die. It is
unpleasant to describe things this way, but using euphemisms to assuage our
consciences does not change the reality of the system we operate in.

~~~
derefr
Is there a federal debtors' prison I'm unaware of? A fine from the government
(when e.g. the sentence for a crime is a fine)—which you don't pay—turns into
credit-score damage, liens and garnished wages; it does not turn into reduced
freedom of movement/association.

~~~
garrettgrimsley
You can't be imprisoned for being _unable_ to pay a fine, but you _can_ be
imprisoned for being _unwilling_ to pay a fine. This goes back to Bearden v.
Georgia in which the SCOTUS ruled

>If the probationer has willfully refused to pay the fine or restitution when
he has the resources to pay or has failed to make sufficient bona fide efforts
to seek employment or borrow money to pay, the State is justified in using
imprisonment as a sanction to enforce collection. [0]

So yes, had Levinson refused to pay the fines imposed he could have been
facing a prison sentence. You can easily find a plethora of news stories about
people being imprisoned for failure to pay fines.

[0] [http://caselaw.findlaw.com/us-supreme-
court/461/660.html](http://caselaw.findlaw.com/us-supreme-court/461/660.html)

------
cokernel
Thomas M. Cooley's 1879 analysis of privacy of telegraphic correspondence (the
"hampered by fears" link in the Guardian article) is fascinating:
[https://archive.org/details/jstor-3303981/](https://archive.org/details/jstor-3303981/)

~~~
zaroth
This is so beautiful... what I was trying to say here:
[https://news.ycombinator.com/item?id=10384748](https://news.ycombinator.com/item?id=10384748)

    
    
      In brief, then, the doctrine that telegraph authorities may be
      required to produce private messages, on the application of third
      persons, is objected to, on the following grounds:--
    
      1. That it defeats the policy of the law, which invites free com-
      munication, and to the extent that it may discourage correspondence,
      it operates as a restraint upon industry and enterprise, and, what is
      of equal important, upon intimate social and family correspondence.
    
      2. It violates the confidence which the law undertakes to render
      secure, and makes the promise of the law a deception.
    
      3. It seeks to reach a species of evidence which, from the very
      course of the business, parties are interested to render blind and
      misleading, and which, therefore, must often present us with error in
      the guise of truth, under circumstances which preclude a discovery
      of the deception.
    
      4. It renders one of the most important convfeniences of modern life
      susceptible at any moment of being used as an instrument of infinite
      mischiefs in the community. It is not necessary to enumerate these
      mischiefs. Any one can picture to his own mind what would be the
      condition of things in any neighborhood, if its whole correspondence
      were exposed to the public gaze. A single instance, in which the veil
      of confidential secrecy is thrust aside, will introduce some of these
      evils, but it will suggest the possibility that any moment all the others
      may follow.
    
      Inviolability of Telegraphic Correspondence.
      Supreme Court of the United States.
      Thomas Snell et al. v. The Atlantic Fire and Marine Insurance Company. 
      February 1, 1879

~~~
cokernel
A minor nit: Thomas Snell et al. v. The Atlantic Fire and Marine Insurance
Company is the opinion which _follows_ Thomas M. Cooley's opinion you are
quoting here.

~~~
zaroth
Oh that's funny, I copied the header text off the scanned page but it's for
the next article in the book. Thanks for pointing that out.

------
twic
You could easily miss the tiny text on the left where it says:

    
    
      Sponsored by:
    
      Silent Circle
    

This doesn't necessarily detracts from the article, of course, but it's
interesting metadata.

------
mirimir
Where did it go? From what I've read, it never existed, except as comforting
bullshit. Read Bamford's books about the NSA. Read about the British Black
Chamber.[0,1]

[0]
[http://www.tandfonline.com/doi/pdf/10.1080/02684528708431876](http://www.tandfonline.com/doi/pdf/10.1080/02684528708431876)

[1]
[http://www.theatlantic.com/international/archive/2013/06/gen...](http://www.theatlantic.com/international/archive/2013/06/gentlemen-
reading-each-others-mail-a-brief-history-of-diplomatic-spying/276940/)

~~~
thesteamboat
The Black Chamber typically refers to an American organization[0] although, to
be fair, it was not the only use.

> The term "Black Chamber" predates Yardley's use of it in the title of his
> book. Codes and code breakers have been used throughout history, notably by
> Sir Francis Walsingham in Elizabethan England. A so-called cabinet noir was
> established by King Henry IV of France in 1590 as part of the Poste aux
> Lettres.

[0]:
[https://en.wikipedia.org/wiki/Black_chamber](https://en.wikipedia.org/wiki/Black_chamber)

------
area51org
_Privacy as a legal construct is relatively recent._

It's as old as the fourth amendment.

The right of the people to be secure in their persons, houses, _papers, and
effects_ , against unreasonable searches and seizures, shall not be violated,
and no Warrants shall issue, but upon probable cause, supported by Oath or
affirmation, and particularly describing the place to be searched, and the
persons or things to be seized.

~~~
schoen
It wasn't called privacy then or analyzed as a right to privacy until 1890,
although courts have agreed since then that "privacy" is part of what the
fourth amendment protects.

[https://en.wikipedia.org/wiki/The_Right_to_Privacy_%28articl...](https://en.wikipedia.org/wiki/The_Right_to_Privacy_%28article%29)

Sometimes courts have thought of the privacy protections in the fourth
amendment as very narrow and specific. For example, they've carved out almost
everything we do that's intermediated from fourth amendment privacy
protections!

[https://en.wikipedia.org/wiki/Third-
party_doctrine](https://en.wikipedia.org/wiki/Third-party_doctrine)

