I wish we would treat cyberspace analogues of established property with the same respect given to the original. For example, your e-mail inbox is the online equivalent of your mailbox. Yet, one being "on your lawn" and the other "at Google's data-center," all bets are off. While I believe the Supreme Court should do better job at explicitly addressing this (for instance, "responsible expectation of privacy" established Katz[1] would be a fair test for e-mail, while Jones[2] and Kyllo[3] show the importance of taking modern technology into account), the government needs to firmly establish which techniques are important for security while protecting us from those which recklessly violate privacy.
There is nothing about monitoring our email that is necessary for security. The war on terror is a giant hoax, more people are killed every year choking on peanut butter. Members of the government are always reaching for more and more control over our lives and power to watch us.
Not that I disagree entirely, but looking at deaths prevented isn't really relevant. Terrorism isn't about death, it's about terror, putting people in a state of fear. The war on terror isn't about preventing death, it's about preventing fear.
People aren't afraid of choking on peanut butter or car accidents because they feel they have some control over those situations. Terrorism creates fear by removing that sense of control.
Terrified people make stupid mistakes, sign away their rights with reckless abandon in the hope that it will allay their fears. No electorate is so easy to manipulate as one that is afraid.
Of course, but that fear that enables the war is the same fear the war is meant to eliminate, the fear caused by the initial terror attack. 911 scared the hell out of people, enough to allow some dreadful laws to be passed, but out of fear people do stupid things to try and feel safe again. The TSA doesn't make us safe, but it made most feel safer, at least initially.
No, I got the point. And Osama was quite effective at terrorism. Though I think most of the credit goes to the US government and media. I don't believe it was an inside job, rather that similar motivations created similar outcomes: radicalizing war in the middle east.
If humans were rational, terrorism wouldn't work. Driving your car to work is more dangerous than taking the subway to the world trade center, even if the WTC was demolished every year. But we are afraid of what we fear, not what will actually kill us. There are a lot of people who are eager to exploit that cognitive defect.
Almost all politics thrives on fear. Witness the left constantly trying to tell seniors that Republicans want to take away their social security and medicare.
This should be mentioned when we have people saying, in response to gun control, "Demand a plan! It's already too late; we need to do /something/".
Doing "something", something which the security state crowd had ready in '96, is what got us the PATRIOT act and the TSA.
The strong anti-gun crowd is trying to wage a slow war against gun ownership that would result in an Australia-like confiscation of weapons and the repeal of the 2nd amendment. Don't let the "do somethings" win again.
Is there really actual fear today in a western country?
I think actual fear would have to come from injuries to someone you know and can feel empathy towards. Dunbars number suggests theres only very little of that based on the number of deaths due to terrorism.
Fox News would not exist if people weren't scared of foreigners blowing up their house in Nebraska because some Saudi's crashed a plane into the WTC 11 years ago.
It also wasn't what it is today. The current fox news functions because of fear. Remember, in the last decade, MSNBC went from trying to beat fox by supporting Iraq more than them to what they are now, I wouldn't make a whole lot of conclusions of MSNBC programming today based on them circa 2000
Fox News exists because the other national broadcasters weren't serving half of the market. Not everyone is interested in getting the Democratic talking points of the day when they watch the news.
That's not to say Fox has a high quality broadcast. It doesn't. But it's no worse than CNN or CBS, and it's certainly better than MSNBC.
No, actually the half that's tired of being lied to by reporters with a liberal bias. Your "reality" isn't objective reality. Tell me, have you guys found Lucy Ramirez yet? In your, you know, reality?
False equivalence. Fox lies far more than any other station, finding a lie on CNN doesn't justify the "liberal media" non-sense conservatives have made up.
Conservatives distrust the media because they don't like hearing things that don't jive with the belief system and reality is full of those things; it's as simple as that. Colbert nailed it when he said reality has a liberal bias, as did Stewart when he dubbed Fox bullshit mountain.
>False equivalence. Fox lies far more than any other station, finding a lie on CNN doesn't justify the "liberal media" non-sense conservatives have made up.
If it's false equivalence then the difference lands in my favor. Fox has never used obviously fake documents to try to throw an election like that. And there's reason to believe "Fox lies more than any other station", no matter how many times liberals tell each other that's the case. The lying from CNN and (of course) MSNBC has been epic over the last few weeks.
Oh, and by the way, Rathergate was CBS, not CNN. At least try to get your facts straight.
>Conservatives distrust the media because they don't like hearing things that don't jive with the belief system and reality is full of those things; it's as simple as that.
This is just projection. Leftists in the US are angry at Fox because they no longer control 100% of the narrative. The idea this has anything to do with objective reporting is just conceit on your part.
>Colbert nailed it when he said reality has a liberal bias, as did Stewart when he dubbed Fox bullshit mountain.
The reason people on the left find Colbert and Stewart funny is they tell you what you want to hear. What Colbert "nailed" was his audience, and if you had any capacity for self reflection you would realize this.
The level of ignorance you've displayed thus far takes its own special talent. I salute you!
It might surprise you to know that, far from being a Fox news "junkie", I haven't watched broadcast television at all for years. But why would you be right about this when you're wrong about literally everything else? People like you are why the founding fathers thought a restricted franchise is a good idea, and I think they were right.
Most evidence, including recent data, points to Saddam shipping them to Syria before the invasion began.
Nobody has yet 'officially' explained what Saddam did with the WMD we know for a fact he had. Shipping the weapons to Syria is the only logical explanation for their sudden disappearance.
However terrible CNN and CBS may be (take for example their outright cheerleading for the second iraq war), they remain organisations devoted to covering the news. Fox is devoted to controlling the news, which isn't the same thing.
I don't find it controversial when a company's management gives editorial directives to its employees. I expect CNN and CBS do the same thing even if we don't have copies of the memos. Certainly it's not difficult to detect an editorial slant in their news coverage.
Why didn't CBS fire Dan Rather immediately when Rathergate came to light? It's hard for me to imagine Fox easing out someone slowly after they'd left its reputation in taters.
>However terrible CNN and CBS may be (take for example their outright cheerleading for the second iraq war), they remain organisations devoted to covering the news.
I haven't seen much evidence of that, especially lately when they've used every possible angle after the Connecticut shooting in their full-throated advocacy of gun control.
> Have you met the republican party? Their entire base lives off fear.
First off not all in the republican party can be characterized this way. You are painting with very broad strokes. Many turn the republican party because they are the closest they can get to their economic beliefs.
> It's not fear of death or injury, but fear of "other", of change, of being marginalized.
Do you honestly believe this? Do you get your views of republicans from reddit and articles you read about people talking about fox news?
> First off not all in the republican party can be characterized this way.
Duh. Do I really need to preface every statement I make with "this is a generalization that doesn't apply to every single person" or can I just assume that you have some intelligence and don't assume everyone speaks in absolute terms and that when I said base, that quite obviously doesn't mean everyone.
> You are painting with very broad strokes.
That's rather the point of generalizing; it's useful.
> Many turn the republican party because they are the closest they can get to their economic beliefs.
Hopefully they're sobering up and realizing how ridiculous that choice was.
> Do you honestly believe this?
I observe this, it's not a matter of belief, I live in a red state and see it constantly.
> Do you get your views of republicans from reddit and articles you read about people talking about fox news?
I see, it couldn't possibly be because I know a lot of republicans, it must be Fox news. I live in Arizona, practically the center of republican crazy these days; I don't have to make shit up.
+1 to gnaritas side here. I'm in the military, home of record is Texas, grew up in Kansas and Nebraska (what got me to read this thread), spent 95% of my adult life south of the Mason-Dixon line. Not all Republicans are crazy, but the disease of "Republican crazy" is rampant. See XKCD #1127 for another perspective. https://xkcd.com/1127/
What is an "economic belief"? Seeing how broken our financial system and ways of thinking about it are, I take it it's some kind of religion, including all the baggage that comes with such an approach?
"They kinda come close to my views w/r/t one small aspect of national policy" is a pretty terrible reason to vote for a party. If you're correct that many citizens vote this way, you'd all be better off withholding from participation until you can fix your electoral system.
Not a rant, just an observation: Republicans aren't conservative. They are military-industrial socialists. That's why things like Fox get annoying: they go around pointing fingers at the others, yet push out their own stimulus packages (via military spending increases) and their own flavor of socialism.
A lot of "true" conservatives have left the party.
FTR, I don't classify myself as either liberal or conservative; I've been a member of the Democratic party and the Republican party, and left them both. I can't stand either of them. And I really can't stand hypocrisy.
These true conservatives might have left the party, but they're still voting for the party because I don't see any big shift in representatives yet that mirrors this big exodus you speak of. I know many such ex-republicans, they all still voted Romney and republican despite their vocal protests of the party.
Given that Romney got a lower turnout than McCain, it certainly seems that some number of people have left the party, or are at least witholding support for the time being.
I'll grant you that; but abstaining doesn't help much. They should be splitting the party and separating the real conservatives from the religious right.
That's going to take time- plus I'm not sure they will attain critical mass for a party to succeed. I bet most self-professed 'conservatives' would argue that Republicans are conservative. It seems to be a religion or something.
It's much different; we criticize Obama but don't consider him a DINO and want to kick him out of the party. Republicans tend to eat their own, they want ideological purity in a way Democrats never have. Democrats tolerate ideological differences within the party and within congressional votes vastly more than republicans do.
You can argue the opposite of anything, and many do; doesn't mean anything. 911 for example, caused the fear, which then was used to pass draconian laws, but those laws were meant to both seize power and alleviate the fear, to the point of implementing things like the TSA, which aren't real protection, but make people feel less fear.
Other than the government with it's war on terror, who has actually done anything to perpetrate fear in the population?
Since 2001, there has been no terrorist activity against the US. You are told about threats the war on terror has dealt with, but no actual action or actors can be pointed to yet the government is keeps the fear of terror alive. They have done far more to that end than any terrorist organization has. This causes the population in general to accept any course of action that they are told will deal with that looming threat, but it never seems to do so.
Once side of the government generates and keeps the fear alive, the other side uses the fear to do what they wish. Neither side wants the fear to go away.
The US Government is the largest group terrorizing the US population today. They use the war on terror to do it.
Do you disagree with anything specific, or are you just done discussing it?
I've not heard many people seriously argue that the TSA's mandate is to alleviate fear, much less argue that the TSA carries out said mandate successfully.
When considering the war on terror, and the threat to america/'the west', i think of how damn easy it would be for any one of us to cause at least double digit deaths, if we were determined[1]. And yet, there are extremely few of these events related to islamic extremism. I think of how basic the attacks that have happened have been. The US does not share it's intelligence with us, but these facts suggest that the real threat is.. minimal.
1. Look at Breivik for example. Or the latest nutter shooting up a school.
In the "follow the money" line of thinking, looking at who takes most benefits from terrorism explains a lot of things. "Terrorists" didn't get much I think. Politicians, law makers, government agencies got to push forward their agenda by leaps and bounds.
Hmmm... I kinda wonder sometimes. This is a ludicrous idea, but have you ever thought about the recent HSBC scandal, where they were laundering billions and billions of dollars for terrorist organizations and organized crime? The same terrorist organizations and organized crime that is the primary justification for domestic spying, paramilitary police, huge prison populations, secret rendition and indefinite detention?
From an outsider perspective, this is very relevant of what US has became. I'm always surprised that a country which places freedom as the highest value tends to give away all its civil rights so easily.
Sounds to me like people behind 9/11 attacks have succeeded : US is not fighting fear, it's diving into it, more and more every year, hence the loss of freedom for its people.
>> Terrorism isn't about death, it's about terror, putting people in a state of fear. The war on terror isn't about preventing death, it's about preventing fear.
Then it is the greatest irony of all time that people have become more fearful of surveillance and persecution by their own governments than some terrorists who live overseas.
The vast majority of people don't live in fear of their governments because they don't care. In fact, fear of government controlling out lives is mostly an American collective psychosis. (even then limited to internet activists, survivalists, gun horders etc.)
Not to say it's without merit, but this really doesn't preoccupy people's thoughts in other countries. I've tried to explaining to Japanese and British people that we have guns to prevent potential government oppression and to be able to take our personal protection into our own hands. They look at you ask if you're crazy/paranoid.
The whole slippery slope stuff doesn't resonate at all.
The whole thing basically boils down to:
"If I were to potentially at some point in the indefinite future plot anti government activities through my email I want to be sure that big brother doesn't read it"
It's because they're not infected since childhood with the particular American psychosis we call individuality and damn anyone else cause I got mine. That's very American.
If causing fear defines what terrorism is, then the terrorists are government and media outlets who portray these extremely unlikely events as a credible threat. That is what creates the terror.
No, the government exaggerates a fear of things people can't control well outside their level of risk in order to feed business to the security industries and receive campaign dollars.
Another good one is the number of people that die in car accidents in the US every year, largely due to human error - 32,367 people in 2011.
If the government took one tenth of the money it spends on defense every year (which was $1.030–$1.415 trillion for 2012), or approximately $100 billion dollars, and invested it in driverless car research and the infrastructure changes necessary for it, a much bigger benefit could be wrought. But that won't happen, because it's the lobbying of the military-industrial complex that determines where money is spent.
It isn't that nobody cares. It's that people see (however irrationally) car accidents as an unpreventable occurrence, while they see terrorism as something that can be stopped if we go and kill the bad guys that are doing it.
In the councils of government, we must guard against the acquisition of unwarranted influence, whether sought or unsought, by the military-industrial complex. The potential for the disastrous rise of misplaced power exists and will persist. - Dwight D. Eisenhower, 1961
How is this nonsense? How does personal credibility enter into it, anyway? Argue with the statement, but spare the ironical projecting (saying "mentioning this or that phrase makes anything you say suspect" IS actually like intellectually lazy slogans you pretend to be against)
The business of buying weapons that takes place in the Pentagon is a corrupt business - ethically and morally corrupt from top to bottom. The process is dominated by advocacy, with few, if any, checks and balances. Most people in power like this system of doing business and do not want it changed.
-- Colonel James G. Burton
A rose is a rose is a rose, and so is a turd; what labels you accept or don't is your personal thing, but otherwise irrelevant.
What? The military-industrial complex is real. If you don't believe me, look at how the Army is requesting LESS money for tanks, claiming that they have enough and that the money would be better spent elsewhere.. And then Congress rejecting that plea and giving them more money for tanks.
I don't know about the peanut one, but you can find plenty others. Like more people die because of alcohol every year, or one that I read recently that more veterans commit suicide every year than die in the wars, etc.
A call to the CDC press office revealed that the number of
deaths from food allergies, as collected from 2.5 million
death certificates across the country, is miniscule. Only
eleven people died from food allergies in 2005, the last year
for which we have data available. More people died from
lawnmower accidents.
>The war on terror is a giant hoax, more people are killed every year choking on peanut butter.
The fact that the Islamists don't kill millions every year doesn't make it a "giant hoax". The fact that they haven't killed more isn't due to a lack of motivation, only to a lack of means. And they've been reaching for the means.
I know documentation was found in Afghanistan outlining attempts to acquire sarin gas for use in a terrorist attack in the US.
On the other hand, maybe it was all faked, right, like the WTC attack? Maybe you should keep it "quit" yourself. And while you're keeping it "quit", take an English class. I would advise keeping it "quit" during the class so the teacher doesn't realize you're not the sharpest tooth on the saw.
The Sixth Disctrict court of appeals did address this directly in US v Warshak [0]. What this scare article does a good job of is confusing the reader.
Unopened email left on a 3rd party server for longer than 180 days was considered discarded or abandoned property. Discarded physical property has never retained a reasonable expectation of privacy (for instance, the police are free to dumpster dive once your property is considered discarded). Similarly when you vacate an apartment and leave all your belongings behind, they become the property of the landlord. These are firmly established principles of common law. The waters become more grey when you are not using the 3rd party for communication but for storage, say for emails you have read and leave on the server for 180+ days. [1]
So in this case Congress wanted to establish a new right to privacy that required a warrant on rather vague and nebulous grounds. It was dropped and so the status quo remains.
All the people here complaining apparently have no idea what the law of the land currently is? Email communications residing on a third-party server for less than 180 days that offers services to the public can not be obtained without a warrant. Notification of the issuance of a warrant could be delayed by 90 days. This does not apply to 3rd party services that do not offer services to the public. They can voluntarily disclose content at their whim.
If you believe my understanding to be flawed I welcome the opportunity to be corrected.
Anything we can do to proactively claim or declare our emails older than 180 days to be not discarded and not abandoned? Or move them to a new server periodically so that they aren't stored in a server for more than 180 days?
From Wikipedia [1]: "Property is generally deemed to have been abandoned if it is found in a place where the true owner likely intended to leave it, but is in such a condition that it is apparent that he or she has no intention of returning to claim it."
I'm winging it here, but Gmail could have an optional feature to prompt every three months "do you claim your mail from January 2005 to December 2012?", and just answer yes every time. Then Google could respond to be subpoena that the user has no mail that has not been claimed in 180 days.
Any lawyers here who can come up with something more solid?
Google already does not fulfill subpoenas for email seizures in many cases due to the decision in Warshak - their contention is that they cannot be sure if the user resides or uses their email under the jurisdiction of the Sixth Circuit.
It's puzzling to think about why Warshak wasn't appealed to the Supreme Court (SC), where a decision would have federal instead of regional consequences. The Justice Department most likely felt such a move could easily end in the SC siding with the Sixth, ending the free lunch on electronic communications seizures that law enforcement currently enjoys.
Google's particular problem, in my humble opinion, is that the protections do not apply to non-content portions of the communication. For example, the government does not need a warrant to require production of the smtp logs, just as they don't need a warrant to see what phone numbers you called whereas listening to those same conversations does require court authority.
Google unlike most other email providers is going through the content of every email (I assume prior to its being read by the user) and indexing its contents for the purposes of determining relevant advertising (and whatever else they do with that info about which I admittedly know very little).
I would wager that those indexes might fall under the "log" rather than "content" aspect and therefore their production would not be subject to warrant if they are keeping it stored somewhere; but, that's for someone receiving a higher pay grade to determine.
Cert for Warshak was not sought by either party most likely because the outcome of the appeal was largely in the govt's favor. Most of the convictions stood while only some were remanded. So I imagine it wasn't in either parties' best interest to roll the dice again. Finally, the precedent established in Warshak is applicable in the other horizontal jurisdictions. I would find it hard to believe any of the other appellate courts would go against its sound reasoning. But I guess the point stands that if you want to be safe you should ensure your servers reside in the jurisdiction of the Sixth!
This is the most informed post here so far. A couple of important points to add.
The problem is 2703(f). It allows a government entity to request a snapshot of a user's account "pending the issuance of a court order or other process", meaning that 180 days later, the government can just issue a subpoena - they get their foot in the door and then come back later with the lowered bar, and only need a subpoena. Same effect as not having warrant protection.
http://www.law.cornell.edu/uscode/text/18/2703
It's important to point out that the 90-day notification can be renewed indefinitely, pursuant to 2703(f)(2), which is probably a breach of what the 4th Amendment intended.
The concurring opinion authored by Judge Keith was directly on point of your second paragraph regarding the indefinite renewal constituting an illegal wiretap. It concludes that 2703(f) is vacuous as it is clearly fails constitutionality for this reason. [0]
I'm sure the irony that such an important case is based on the illegal money laundering of a company peddling a penis-enlarging drug scam will not be lost. Remember Enzyte and the smiling Bob ads? I'm still amazed how easily they got so many merchant accounts given their chargeback rates but I guess that's what fraud will get you.
The landlord doesn't get to go through my stuff while I still live there, though. Just because I have boxes in the garage I haven't opened in six months doesn't mean they're up for grabs.
But that's a dumb law. If the company can keep my e-mail "forever", then I expect it to be private forever. What kind of arbitrary rule is this that they can start looking into my e-mail after 180 days?
I find it interesting that the treatment of the digital analogue in legislation is contradictory. While it's beneficial to the government and businesses to remove the distinction between digital and physical when it comes to IP and copyright, it's just as beneficial to maintain that distinction for 'security' or 'anti-terrorism'.
'Modern' legislation doesn't feel all that progressive when it comes to technology.
The common analogy given from law academics is that email is more akin to the telegram than postal mail. With postal mail, no one along the entire path actually opens the envelope to see what is inside. This is in contrast to the telegram where the intermediary is exposed to the contents directly. This difference is what leads to the difference in expectation of privacy. In this analogy email is actually more like a telegram. Where I think that the analogy diverges with reality is that the intermediary is now a machine, not a person. Therefore, we expect the machine to not "understand" the data that passes through it and simply deliver it.
And then, using GPG or S/MIME would restore email to the status of a postal letter, with the message contained in an envelope of privacy. So if I GPG my email, that should confer a higher expectation of privacy than "normal" email would.
So the rights with respect to your mailbox derive from the fact that the Post Office was historically an appendage of the government. Giving your personal information to a government-run Post Office versus giving it to a third party like Google (that mines your personal information for advertisements!) is a salient distinction.
I think you drew the opposite inference from what I intended. Postal mail is more protected because the Post Office is (was) an organ of the government. As an organ of the government, it is restricted by the 4th amendment as to what it can do with your mail.
E-mail is different because the intermediaries are non-governmental third parties. The idea is that you do not give up your expectation of privacy by giving mail to the Post Office to deliver, because you know the Post Office is limited by the 4th amendment, while you do give up your expectation of privacy by giving mail to your e-mail provider, because you know your e-mail provider has no obligation to protect your privacy.
This seems a good place for a dose of "what is good for the goose is good for the gander"... Since Congress is employed solely to represent its constituents, maybe all of their communications(public or private, if they are in any relation to their employment) be disseminated far and wide to all of those constituents to monitor those representative's abilities to fulfill their obligations to their constituents.
A period of time observing the sausage-making process of crafting and passing law may be quite a wakeup call for Jane Q. Public....
The NDAA did exactly what this bill purports to do: leave intact an unfortunate status quo. Almost nothing people say about it on message boards is true; it has become a shibboleth for "I pass along public policy gossip without verifying it".
But did it leave it intact or did it enforce it? Why did they need to write in NDAA too that they can do that if there already was written in another law?
I don't understand the first question. The answer to the second question is that the powers granted to the executive under the 2012 NDAA (there's an NDAA every year) are more limited than the blanket authorization to use force granted in 2001.
Has anyone out there created a utility that will download and delete any gmail messages older than 6 months, storing them only in an encrypted local store?
I would be surprised if deleting a mail from your gmail account would actually delete them from Google's servers?! I was always under the assumption that Google will store them until eternity. But as assumptions go, I can't really back that up -- but perhaps someone on HN has better knowledge?
Good question. I deleted my Amazon account about a year ago which wasn't easy--required back and forth correspondence with tech support: "Yes, I'm absolutely 100% sure I really, really understand the implications of deleting my account." In any case, I keep getting Amazon gift cards from people so I go to sign up to Amazon for a new account. Turns out my account was never actually deleted, I was able to click "forgot my password" and they still had a record of everything.
War on terror is a hoax used for pushing forward an agenda. Save us from the terrorists and drugs! God forbid you travel out of the US and see some of the world, you might be "taken".
The way the media sensationalizes some of these shootings, it's like we have to live in a constant state of fear.
God forbid you travel out of the US and see some of the world, you might be "taken".
Ironically, I feel the same way about the US since 9/11: I'd rather freely run my yap about (politics of) the country on the internet and not ever set foot there, than visit it and risk my freedom. Which makes me sad, because I know it has many great people in it... but a lot of things would have to change rather drastically for me to revise this.
Yeah, I feel broadly the same way. In so many ways the US is a fantastic country, but the government and its politics are insane, and frankly scary from the outside. I thought things would vastly improve under Obama, but from what I can see, he's little more than a "Bush Lite". Pity, IMHO.
Worth separating the people from their government, although I would argue that in a democracy the government is the voter's fault. But it seems to me that the US government / establishment fears and hates its own population as much as it does foreigners.
I kinda wish Americans would wake up and see the monster, then do something about it. If the US establishment starts treating its own people better, that might fan out internationally for everyone's good. Not least, Americans.
But then, as I say, the US is supposed to be a democracy, so presumably they have what they want already. So, er, fair enough. Who am I to suggest otherwise?
EDIT: As mentioned a few times elsewhere on this thread, the biggest barrier to encrypted email adoption is the network effect, ie. both ends need to be using it. That is the core problem we're trying to solve--making an email system that would be better than the rest even if it weren't encrypted, but that's the icing on the cake.
If "works anywhere on any device" means it crypto code is loaded over Javascript without browser extensions, that's a goal that cannot share a project with "make it impossible for admins to read email even with a subpoena".
The reason it's 2012 and there's still no universal solution for encrypting email is that it's a hard problem. If you care about the security of your mail, you should use GPG.
We are in full agreement. Parley.co does not use Javascript crypto or browser plugins, ie. it is not webmail. (There is a webmail component that can be used to send messages which are encrypted at the server, and can allow synchronous two-way communications for logged in Parley users that is not end-to-end, but it is only provided as a stop-gap and the trade-offs are clearly presented. Discussing it usually ends up as a distraction, since our core offering is based on installing standalone clients.)
We'll be posting more information about the whole thing soon, but if anyone has any questions I'm always happy to discuss what we're doing either by email (in my profile) or (at risk of derailing the thread) here.
EDIT: Also, Parley uses OpenPGP. People who are happy with their PGP/GPG setup should continue using it, but the goal is to create a compatible service which those people would feel comfortable recommending to less tech-savvy friends.
Don't blame subpoenas for the problem of spineless admins that will actively hack their clients because the government asked them to. Backdoors can't be mandated by a subpoena, only the recording of server-side data (unless I am grossly misinformed).
This is why I like OTR clients. You just check a box and if the other client has it, it automatically starts an encrypted session. Otherwise it works normally. It's seamless. And it gives you forward secrecy.
Very interesting project. Since I watched the "what happened to the cryptodream" video, I have finally begun to understand that we need more tools like yours or say Wickr (closest to secure IM on ios...), tools which my mother who know shit about aes but know her history and what an enigma machine was, can use.
The fact that your code will (?) be opensourced, is a big +1
The fact that it's secure by design is a big +1
Count me in, and go defeat gmail, icloud, and all those monstrosities,... one user at a time !
Our code will absolutely be open source, and relies on established open source crypto libraries for the actual crypto. Thanks so much for the encouragement peterhost, and please tell your friends about Parley!
USA, with backups in Canada (we're a Canadian company). But the whole point is that not even us, with full server access, should be able to access your data (even under subpoena) so using third-party servers close to where we expect most of our users to be shouldn't raise any eyebrows.
We would eventually like to offer multiple options for server location, but that isn't feasible in the short term.
I think there is a real business opportunity in hosting email offshore for US customers, out of the reach of US laws and subpoena's.
I know you preach encryption, but there is a lot that can still be subpoenad outside of the encrypted message payloads, such as login IP addresses, destination email adresses, frequency of messages, etc.
That's a really good point, and I agree. Offering multiple server locations is definitely on the road-map, but doing it well (ie. without providing a false sense of security) is an entirely separate and mostly legal challenge--as a Canadian company, we would be susceptible to mutual legal assistance treaties with the US, so we'd have to set up companies in a few different countries with different legal environments and then lay out the trade-offs in a transparent way.
Hopefully, we'll get to it, but if another startup gets there first we'd be much obliged ;) In the meantime we will focus on the big problem that's already right in front of us; I would encourage anyone who needs to operate outside of US legal influence to use a different mailserver (perhaps their own) and manage their own PGP keys.
Didn't they do the same dirty trick for the federal reserve act ? Basically all of congress is home with their families, and only a few people (who most likely want to see the change (for whatever reason AHEM)) show up to to vote.
So how does this work if, say, I have an mbox file with messages from 7 months ago and also yesterday? Do they get to snag the entire mbox file or do they have to painstakingly filter out messages from the files?
Right. Because Obama totally didn't continue a long legacy, he basically kickstarted this all by himself..
My suggestion would be to more or less ignore the sock puppet of the day and instead pay attention to interest groups and whatnot. Those don't change nearly as much as the faces or slogans that are put on stuff.
This is an article about an amendment proposed to a law that's already on the books. The 180 days thing is already the law of the land, this amendment sought to change that. There's now nothing in this bill relating to mail privacy (i.e. the existing law isn't being changed at all).
So, if that's the way you feel about it, the time to stop using free text email was 1986, when ECPA was first passed.
That only makes you MORE of a suspect and thus a target. Even for eavesdropping devices in your house perhaps...
A government that does those sort of things is bad in other ways too -- and can get your ass to wherever it wants at any time.
So, if you cannot trust the government not to do these things, then I suggest you try to change the government and the way things are done, instead of trying to hide from them with encryption or whatever.
We would need to change all governments simultaneously.
If one doesn't respect personal privacy as official policy then all government organizations will ship their logs to that country for decryption/de-obfuscation/de-whatever -- just the same as tax policies and Cayman Islands et al being 'tax havens.'
As for encryption advocacy attracting unwanted attention: I don't give a damn.
If you don't host your own mail server, you are a clown-person
Where can I get a pair of size 47 shoes, a banana-yellow suit, and a lime-green wig? I am a programmer, not an IT administrator. I know nothing about which patches are required to keep a server secure, nor should Ihave to.
Being familiar with the technology for making programs has the same relationship to maintaing a publicly facing server as being familiar with the technology for making buildings has with operating a property-management, real-estate leasing, and property security firm all in one.
It's great that you and many others have these skills, it's not a dichotomy, but they are loosely related.
Nonsense. Setting up a properly configured and secured mail server, and keeping it that way, takes time and is not a core value proposition for most of us. It makes complete sense to want to outsorce something like that.
And it doesn't protect any mail you wrote or received that's still in the recipients inbox or the senders "sent mail" folder. So it's a complete waste of time for that purpose.
Which contributes neither enlightening discussion nor useful solutions to the discussion at hand.
You have expressed your contempt for people who don't run their own mailservers; but your contempt is only an ego assertion. Your contempt, unless based on facts, and rational arguments taking into account the reality of people who have other things to do than learn whatever esoteric skills you've chosen to base your self-worth around; is of no interest to the rest of the people reading HN.
I run my own mailserver; therefore you should listen to me.
if the above statement seems ridiculous (which it is), it is merely the mirror of your original assertion.
Running your own mailserver is so basic of a technical skill that it is neither esoteric, nor is it something to be egotistical about. The name of the site is "hacker news" for Gods sake.
Second, there's nothing I'm asking you to "listen to". My point was that a lot of the wringing of hands and gnashing of teeth has no legitimacy without having taken the simplest, most elementary, first order step towards fixing this problem.
Come back and complain about your bad roast after you've actually ... you know ... turned your oven on.
I know how to run my own mail server - I have set up a couple. L still don't because my setups tend to be inferior security and feature wise to those of people that do nothing but run mailservers every day of the week. I could argue that building mailservers is such a basic skill that everybody should be capable of doing it. Or building a house. Or growing your own food. Neither you nor I do that even though growing your own food is the simplest, most basic step to solving a ton of problems in the food industry.
As I and others pointed out your most basic step does not solve the problem and you can just move to a different provider that is not subject to American laws to have the hsame effect.
You're also not required to have any technical skills at all to gnash your teeth about a government that tries to expand surveillance in every possible place. For some places you might have a technical solution such as running your own mail server at home, but what are you going to do once hacking of mail servers without a warrant is permitted and common place? Counter-Hack? As hackers we try to find technical solutions to social problems, but that's not going to work out in every place.
Well, again, my point was not that you're a clown for not growing your own food, my point was that you're a clown for regularly attending (and participating in) the farmers forum, having a shed full of farming implements, etc., and then complaining about the bad cucumbers at the store.
As I said, Joe 6 pack has an excuse (just like Joe Startup has an excuse not to be cultivating his own heirloom seeds).
And yes, I'm aware that email as a whole is just a mess, and that running my own mail server does nothing to combat a global observer that can just intercept all traffic anyway... but the big, big win is that my entire existing email history cannot be extracted by any LEA in the country (and possibly foreign) without my even knowing about it. The local sheriff cannot subpoena my entire email history. They have to come to me.
Another huge win is that you can communicate with others that share your mailserver without the email leaving the system - which thwarts even a global observer. It may interest you to know that no piece of rsync.net intra-company email has ever traversed any network.
you can use encrypted mail, however that requires you to convince all people that you exchange mails with to use encrypted mail as well.
You could use a hosted email service in another country where the american authorities don't have easy access. Europe might be an option. However, as with hosting your own email server, that's only a partial solution: If you communicate with other people, your mail is not only stored in your inbox but also in their outbox. So they'd have to use a mail provider outside the US as well - see the first paragraph.
The best is probably a hybrid solution: Try to educate as many people to use encrypted mail as you can and use a mail server that's located outside the US. It doesn't provide 100% protection, but at least you're not part of the dragnet search.
Valid point. It's a different branch and a different issue though. Mails that are already on your server and stored there would be relatively safe. Make sure communication is encrypted.
To receive mail, you could setup Haraka (a very simple NodeJS smtp server)[1] on any unix instance (such as AWS micro). You'll need to set proper MX records for your domain and a few simple configurations. If Heroku would let you specify a port (specifically, 25), you would be able to host on Heroku's free plan. This may put you back at odds by hosting your data on AWS (third-party). Also, you would likely need to setup a POP server to download your messages from the server.
I've been researching doing this for a while, but there's one big caveat that I can't get past- there's no decent server solutions for push mail. For desktop computers there's IMAP IDLE, but all the push solutions Apple's software uses are based on Microsoft Exchange (expensive).
I'm running it on two small sites (< 50 users each) and it works as advertised. The nice thing is, it isn't monolithic - you choose the MTA and web software (in my case postfix and apache) and it uses mysql as the backend.
The webmail interface is the best opensource one I've come across (easily beats redcube) and active sync works fine with iphone 4/5 and android.
You could use a local email program and set it to download then purge your mail from the server. That way it's not in their possession for more than 180 days. But you are then responsible for your own backups etc.
Mail servers are ridiculous PITAs. If it was something simple like installing Apache, you may be right, but it seems every mail server uses its own esoteric configuration conventions and requires a lot of legwork even to get a basically functional mail system together (Postfix+Dovecot+SpamAssassin+ClamAV), that you get for free with Gmail.
And unless you host the server in your residence (disallowed on most residential ISPs), you're still not going to have control over whether someone has a warrant or not when they look at your mail.
The answer is "encrypt all messages". Every other day I could comment on a post to which the answer is "encrypt [thing]". PGP is so important and yet it's nearly impossible to get anyone to use it.
While this might prevent government to look into archive of yours emails, this will not completely prevent monitoring. As long as email will leave from server within USA it can be tracked since most emails are transmitted in clear text. Solution is to use GPG or similar tool to encrypt email content, but you need both parties to use it which is not so easy.
Yes, Google-Yahoo-MSN, they have the best spam filters because they receive more spam than anyone--that allows them to identify it faster and more accurately. I doubt SpamAssassin will ever match them. Wasn't very effective for me, false-positives are the worst. And seems to me a mail server is just another open door for hackers and spammers to walk in and use your memory and CPU 99.99% of the day. So call me a clown-person. Like someone already said, mail servers are cryptic, complex and unwieldy and I think that's been true since at least the 90s. Not to mention, webmail is really convenient and fast and reliable. Last time I used an email client was the time I had to download 200 worms from POP before I could see my real email.
[1] http://www.law.cornell.edu/supct/html/historics/USSC_CR_0389...
[2] http://www.law.cornell.edu/supremecourt/text/10-1259
[3] http://www.law.cornell.edu/supct/html/99-8508.ZS.html