Pinwale
June 17, 2009 2:33 PM   Subscribe

NSA E-Mail Surveillance Renews Concerns in Congress. "Since April, when it was disclosed that the intercepts of some private communications of Americans went beyond legal limits in late 2008 and early 2009, several Congressional committees have been investigating. Those inquiries have led to concerns in Congress about the agency’s ability to collect and read domestic e-mail messages of Americans on a widespread basis, officials said. Supporting that conclusion is the account of a former N.S.A. analyst who, in a series of interviews, described being trained in 2005 for a program in which the agency routinely examined large volumes of Americans’ e-mail messages without court warrants. Two intelligence officials confirmed that the program was still in operation." [Via]
posted by homunculus (44 comments total) 9 users marked this as a favorite
 


I'll give 10000:1 odds that this brings no negative repercussions to anyone, anywhere, at any level, ever, for any of this.
posted by christonabike at 2:45 PM on June 17, 2009 [8 favorites]


Has anyone ever really considered email totally private? With the phone company, you've really got one or two companies dealing with your call, presumably with some control over who listens in, but with email, who knows who's server is going to be dealing with your message or on what network it will be transferred in plane text.

If you want secure email, use encryption. It's so much easier then trying to get secure voice communication.
posted by delmoi at 2:46 PM on June 17, 2009


What's the opposite of shocked?
posted by milarepa at 2:50 PM on June 17, 2009


Yet another reason why SMTP does not need patches or fixes or additions or extensions; we just need to start over.
posted by adipocere at 2:50 PM on June 17, 2009


> What's the opposite of shocked?

nonplussed?

:)
posted by christonabike at 2:53 PM on June 17, 2009


The former analyst added that his instructors had warned against committing any abuses, telling his class that another analyst had been investigated because he had improperly accessed the personal e-mail of former President Bill Clinton.
And probably christonabike's prediction is applicable to that, also.
posted by Kirth Gerson at 2:55 PM on June 17, 2009


Has anyone ever really considered email totally private?

"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated.."

So the real question becomes: "Is putting an optical splitter on the networks backbone -- intercepting ***ALL*** Email and Internet Usage regardless of source and destination -- a 'reasonable' act given the limited privileges granted the US Government?

Hells No. Someone needs to go to prison.
posted by mikelieman at 2:56 PM on June 17, 2009 [4 favorites]


...such concerns are among national security issues that the Obama administration has inherited from the Bush administration, including the use of brutal interrogation tactics...

I wonder what it would take to get them to finally call it "torture".

Waterboarding, I suppose.
posted by Joe Beese at 2:58 PM on June 17, 2009


Surely this...
posted by fuq at 2:59 PM on June 17, 2009 [1 favorite]


Yet another reason why SMTP does not need patches or fixes or additions or extensions; we just need to start over.

Megacorporations and startups alike salivate at the thought. The idea that you can go to any one of thousands of different email providers and get an account that's compatible with all the rest of them is anathema to them. Much preferred is the Facebook, Yahoo Messenger, etc. model where, if you're lucky enough to end up the winner, then no users get to communicate through your protocol without also connecting to your one server farm, agreeing to your one license, viewing their advertising, etc, and no competitors get to offer their own services without being crushed by network effects. Oh, and to get back on topic, you'd also be just one target for crooked Feds to deal with if they wanted to snoop on everyone at once.

No, this is why SMTP *does* need one extension: opportunistic encryption. My mail client shouldn't be trying cleartext SMTP until after it's already tried and failed to connect over SSL. Likewise for my mail server talking to my recipient's mail server. Even connecting to an unsigned certificate would be better than cleartext; anyone who can man-in-the-middle you in the former case can do it even more easily in the latter.

Real paranoids will still want/need to encrypt their own messages, of course, not trust to the channel. But if the stuff that could work automatically was in place for the rest of the world, then snooping on everyone would become 99% harder.
posted by roystgnr at 3:10 PM on June 17, 2009 [5 favorites]


I organize all my terrorist activities using Twitter. Get with the times, NSA. #killtheinfidels
posted by jal0021 at 3:15 PM on June 17, 2009 [2 favorites]


another analyst had been investigated because he had improperly accessed the personal e-mail of former President Bill Clinton

In fairness, I'm sure it was much more entertaining to read than the personal e-mail of former President Carter.
posted by Joe Beese at 3:23 PM on June 17, 2009 [1 favorite]




jal0021 posted 25 minutes ago, and yet there's nothing on twitter under '#killtheinfidels'.

Metafilter - I'm not angry with you. I'm just... disappointed in you...
posted by twine42 at 3:40 PM on June 17, 2009


If you want secure email, use encryption. It's so much easier then trying to get secure voice communication.

Note that Homeland Security has copies of the master encryption keys, so they can do man-in-the-middle attacks against any SSL entity, anywhere, unless you refuse to trust the Versign root authorities.

You can do secure email and web transactions, but Verisign can't be anywhere in the trust chain, or you can be spoofed.

(quick explanation: with the master keys, Homeland Security can generate and sign a key for any website, and then get between you and that website. They can present you a completely, absolutely legitimate SSL certificate, and then open another SSL connection on your behalf to the actual provider. You encrypt using the government's key; the government keeps the data and then re-encrypts and sends to the website. Neither you nor the website can easily determine that you're being spoofed, because you both trust the Verisign root keys, which the government now has.)

Basically, the entire security structure of the Internet has been compromised.
posted by Malor at 3:50 PM on June 17, 2009 [6 favorites]


I find it handy to assume that the government is always listening to everything that I say and reading everything that I write. It's nice to think that someone is actually listening when I tell them to FUCK OFF!!!
posted by It's Raining Florence Henderson at 4:09 PM on June 17, 2009 [1 favorite]


#Pinwale 1. a type of fabric –adjective (of a fabric, esp. corduroy) having very thin wales.
Whole cloth more like.
posted by acro at 4:11 PM on June 17, 2009


Malor: "Basically, the entire security structure of the Internet has been compromised."

Fucking hell. Remind me, why does anyone actually trust Verisign then? What's stopping everyone from abandoning them in favor of a cert authority that can actually be trusted?
posted by mullingitover at 4:18 PM on June 17, 2009


I organize all my terrorist activities using Twitter. Get with the times, NSA @NSA. #killtheinfidels

FTFY. Otherwise they won't get it.
posted by brundlefly at 4:22 PM on June 17, 2009 [1 favorite]


I pass all my terrorist cell messages in steganographically encrypted porn movies on bit torrent p2p networks. Should I be worried?
posted by doctor_negative at 4:38 PM on June 17, 2009


mullingitover: Go ahead and try it is what's stopping everyone.
posted by aubilenon at 4:45 PM on June 17, 2009


I guess, basically, the Bill of Rights is more of a list of loose suggestions for government behavior. As long as some government lawyer somewhere can write a memo arguing some compelling government interest, it surely seems that most of these civil liberties are pretty optional.
posted by darkstar at 5:18 PM on June 17, 2009 [5 favorites]


The inquiries and analyst’s account underscore how e-mail messages, more so than telephone calls, have proved to be a particularly vexing problem for the agency because of technological difficulties in distinguishing between e-mail messages by foreigners and by Americans.

What I find so frustrating about articles like this is that the legality and/or righteousness of the NSA spying program, writ large, is nowhere called into question. Instead, it's tacitly implied that EVERYONE agrees that the program is on the up and up, so long as it just intercepts correspondence from "foreigners;" furthermore, it also accepts the targeted surveillance of US citizens' communications as kosher, as well. What is here presented as "newsworthy" is the possibility that the targeted surveillance may not be so targeted after all (as if, as has already been pointed out repeatedly in this thread, there was anyone who actually believed that the NSA used laser-precision in its surveillance tactics), and that maybe something should be done about that, although it sure does seem awful tough. The most obvious solution--get rid of the whole illegal program, and any others like it that the govt may be running--isn't broached anywhere.

In passing, I'll note that I find it deeply ironic that so many news commentators have breathlessly trumpeted the recent situation in Iran as proof of the "inherently democratizing" nature of the Internet, while refusing to acknowledge that the selfsame technology is being deployed towards authoritarian ends here in the United States.
posted by Lee Marvin at 5:28 PM on June 17, 2009 [2 favorites]


Has anyone ever really considered email totally private?

I think this is completely missing the point. Few people use encryption in their postal snail-mail, but still there is an expectation that the govt ought to obey its own laws when snooping through your mail. Cynically knowing that the NSA is lawless is not at all at odds with also knowing that that it ought to act within the law, and that unwieldy processes are involved in attempting to bring this loose cannon to heel.
posted by -harlequin- at 5:30 PM on June 17, 2009 [1 favorite]


A short time just before Bush took office, NSA requested the "right" to do domestic tapping. After 9/11 it was granted--this is info available online from NSA itself. NSA had previously nto been doing domestic spying. Under Bush they did. Under Obama they continue to do so. If you read what is available you know that there is a capability to read any and all emails, if wanted, despite anfy and all encryption. And there is also the ability to listen to any and all phone calls. Major companies in both the phne biz and the net server biz have cooperated with the govt. Example: when the list of nuke sites was mistakenly made public, those sites that had the info suddenly had listing of those sites shut down. So too with the torture photos that the Obama administration did not want made public. A number of places had those photos. They were not made public all those urls and mirrors offer only "deleted because of violation of terms of service."
posted by Postroad at 5:30 PM on June 17, 2009


Postroad: These things were done, yes. But I think you are mistaken to think they were all done legally. A wobbly case can be made that it was legal if you make enough legal contortions, but it's pretty clear that what was going was illegal.

Another hint is that you don't often need emergency retro-active immunity, stat, for behavior that is demonstrably legal.
posted by -harlequin- at 5:36 PM on June 17, 2009


I'll give 10000:1 odds that this brings no negative repercussions to anyone, anywhere, at any level, ever, for any of this.

Except for you, for posting this.

run! run while you can!
posted by davejay at 5:38 PM on June 17, 2009 [1 favorite]


They can present you a completely, absolutely legitimate SSL certificate... which differs from the certificate that you saw the previous time you attempted to connect to that website. Now, people do change their encryption keys for legitimate reasons too, so perhaps it would be overboard for SSL client apps to behave as SSH does ("WARNING: HOST IDENTIFICATION KEY HAS CHANGED! PERFORM OBSCURE MANIPULATIONS OF YOUR CONFIG FILES OR YOU'LL NEVER BE ABLE TO CONNECT TO THIS HOST AGAIN!"). But as long as we're in the beautiful imaginary world of "Software Designers All Do As Roy Says Land", it wouldn't be too much to ask that notifications of host key changes be made visible to the users. Connect your web browser to a site with a new public key, and instead of seeing green you would see yellow (and then click on it for more information). Receive an email from someone where a public key changed during the transmission, and your mail client would display and highlight the Host-Key-Changed: line in the headers. Most people would have no idea what that meant, of course, but there would be no way to perform a man-in-the-middle attack on a thousand people without ten of them managing to find out what you did.

To some extent this would be closing the barn door after the horses have left, but even if it's impossible to prevent the US government from mass snooping on emails, making it immediately obvious when they do would be nearly as good.
posted by roystgnr at 5:44 PM on June 17, 2009


Has anyone ever really considered email totally private?

Not private in the sense that "nobody can read this", but perhaps private in the sense that "reading this without authorization is a felony, which should make it unconstitutional without a warrant". Just because a good law isn't automatically enforced by technical means yet doesn't mean that anyone, NSA included, should be immune to its enforcement via legal means.
posted by roystgnr at 5:49 PM on June 17, 2009 [1 favorite]


Lee Marvin: " I find it deeply ironic that so many news commentators have breathlessly trumpeted the recent situation in Iran as proof of the "inherently democratizing" nature of the Internet, while refusing to acknowledge that the selfsame technology is being deployed towards authoritarian ends here in the United States."

heh heh... They're a rascally bunch of bootlicks all right.

And you noticed that too... about the authoritarian thing. I wondered if it was just me.
posted by Joe Beese at 6:08 PM on June 17, 2009


No, not the reason. I said "yet another reason."

SMTP is hopelessly screwed. Sure, we can throw some encryption into the mix. But privacy is far and away not the leader of the pack when it comes to why it's outdated. Many of the reasons enable spam. It's still easy to do a Joe Job on someone or otherwise fake the sender, something I first learned how to do twenty years ago. Attachment encodings are still screwy.

Now, yeah, I am sure megacorps and various walled gardens would love to have a shot at it, but people do develop new protocols. The transition would be horrendous, but we could be rewarded for it with less spam. We'd need certain frameworks in place, which is why I don't think it's workable in the immediate future.

I'll admit to being a privacy nut, but that's not the greatest problem with email as it stands.
posted by adipocere at 6:29 PM on June 17, 2009


Too bad we can't access Dick Cheney's emails. Who knows? If we could access those, we might prevent another 9/11. Just a thought. Oh but I'm just being paranoid. Paranoid and rational.
posted by ornate insect at 7:15 PM on June 17, 2009


Olbermann interviews James Risen, one of the coauthors of the NYTimes article.
posted by homunculus at 7:30 PM on June 17, 2009


roystgnr: A fair number of mail hosts (mine, and according to the headers I see on my incoming mail, a large minority of others) do this already. If the receiving host advertises it supports STARTTLS, the sender will negotiate an encrypted connection. The Received: line indicates which hops were encrypted how.

Most support ephemeral diffie-hellman, which gives forward secrecy. It's still vulnerable to a man-in-the-middle attack, but a passive eavesdropper can't read your email on that particular hop. An active attacker is likely to have compromised the mailhost, not the intermediate link.

You could try to secure the hop-by-hop transmission more, until you run up against the general untrustworthiness of Verisign and their ilk, but really that's the wrong approach— encryption should be end-to-end, and you shouldn't have to rely on unknown, untrusted third parties like Verisign. Most mail clients already support that, too, to some extent. Moving to encrypted email with existing technologies would be easier and provide more benefits than an SMTP replacement.

adipocere: I've never seen a proposal for "new, improved SMTP" that would solve the problems I see with mail. Assume that spam generally comes from botnet-compromised end-user machines. How would a new SMTP prevent spam?


Anyway, this is all a derail, as -harlequin- points out; the real outrage here is the abuse of power, not the weakness of technology.
posted by hattifattener at 10:01 PM on June 17, 2009


It's important for law-abiding Americans to fill their emails with phrases like "fertilizer bomb" and words like "jihad," to raise so many flags in so many innocent places that the system becomes unusable. Fight fire with flood.
posted by breezeway at 1:44 AM on June 18, 2009


mikelieman: "Has anyone ever really considered email totally private?

"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated.."

So the real question becomes: "Is putting an optical splitter on the networks backbone -- intercepting ***ALL*** Email and Internet Usage regardless of source and destination -- a 'reasonable' act given the limited privileges granted the US Government?
"

This is not really the question, though. The search is pretty clearly "unreasonable," at least by any definition that I can imagine. However, I don't think it's a settled matter that email is protected to begin with. That would be the argument that I'd assume the NSA would take: "persons, houses, papers, and effects" doesn't include plaintext email being sent over shared infrastructure.

I'm not saying I agree with that, but that's what I'd assume they'd argue. IIRC a similar tack was taken shortly after the introduction of telephones, and the legislature had to carve out a zone of privacy around telephone calls. It was not initially the case that they were protected to the same extent as written documents:1
The amendment itself shows that the search is to be of material things-the person, the house, his papers, or his effects. The description of the warrant necessary to make the proceeding lawful is that it must specify the place to be searched and the person or things to be seized.

It is urged that the language of Mr. Justice Field in Ex parte Jackson, already quoted, offers an analogy to the interpretation of the Fourth Amendment in respect of wire tapping. But the analogy fails. The Fourth Amendment may have proper application to a sealed letter in the mail, because of the constitutional provision for the Postoffice Department and the relations between the government and those who pay to secure protection of their sealed letters. … It is plainly within the words of the amendment to say that the unlawful rifling by a government agent of a sealed letter is a search and seizure of the sender's papers of effects. The letter is a paper, an effect, and in the custody of a government that forbids carriage, except under its protection.

The United States takes no such care of telegraph or telephone messages as of mailed sealed letters. The amendment does not forbid what was done here. There was no searching. There was no seizure. The evidence was secured by the use of the sense of hearing and that only. There was no entry of the houses or offices of the defendants. …

Congress may, of course, protect the secrecy of telephone messages by making them, when intercepted, inadmissible in evidence in federal criminal trials, by direct legislation, and thus depart from the common law of evidence. But the courts may not adopt such a policy by attributing an enlarged and unusual meaning to the Fourth Amendment. The reasonable view is that one who installs in his house a telephone instrument with connecting wires intends to project his voice to those quite outside, and that the wires beyond his house, and messages while passing over them, are not within the protection of the Fourth Amendment.
So while we may today take for granted that telephone conversations are protected from unreasonable interception by law enforcement, that was definitely not the case when the technology was new. I think this is a sound analogy to the current situation with email, and it will take either a concerted public demand and action by the legislature, or the widespread use of encryption, in order to put a stop to interception.

1: OLMSTEAD v. U.S., 277 U.S. 438 (1928) is, I think, the first USSC wiretapping case. It's quite readable and worth your time if you're interested in such things. It contains a very nice summary of 4th Amendment caselaw up to that time.
posted by Kadin2048 at 7:10 AM on June 18, 2009 [2 favorites]




I screwed up, upthread, and misremembered which keys had been requested by the government. Further, when I started really digging, I can't find evidence that the government actually GOT the keys, just that they were asking for them.

Specifically, they were asking for the DNSSEC master keys. One article is here:

http://www.theregister.co.uk/2007/04/03/dns_master_key_controversy/

DNSSEC is not SSL. Rather, it's the new signing method to guarantee the security of site address records. The stated reasons they'd want it look entirely bogus to me; the only real reason I can see for them to have these keys is to spoof and reroute non-encrypted traffic.

This would be useful for non-encrypted surveillance, but would be much more effective if they had at least one set of trusted master SSL keys as well. This would let them do targeted and very intense surveillance of particular sites, but it would be very difficult to snoop on SSL connections on a widespread basis.

So my statement upthread that internet security is broken isn't yet provably true. This specific request makes it somewhat more likely, but definitely not factual. Further, if ONLY this specific claim is true, and they don't have an SSL master key, then all it impacts is DNSSEC. But regular DNS isn't trustworthy anyway, so we're not losing that much. You might potentially think you're secure when you're not, which is worse than realizing you're not secure at all, but that's the limits of the provable damage, and only if they actually got the keys.

My apologies for the bad information -- I read a summary of this article that was not accurate.
posted by Malor at 2:54 PM on June 20, 2009


Malor: There is a lot of speculation that if/when DNSSEC becomes widespread, that people will stop relying quite so much on the commercial X.509 certificate vendors, and do the chain-of-trust thing through DNS.

This makes sense from a technical perspective: the trust chain in an SSL certificate is redundant if you could trust DNS (which implies a trust chain there). If you trust the DNS record and the associated WHOIS information, you have authentication; to add encryption and prevent an IP-based MITM, you just create a keypair and put the fingerprint as a TXT record. Together you have everything you get from X.509, but without the overhead of specialized certificate issuers; the registries just handle it when you get the domain.

I don't know if it will ever really work that way in practice, it just strikes me as the way things would have gone if DNS had been secure from the beginning.

But if there's any chance at all that someday, DNS might be used as the linchpin of secure global communications, the root DNSSEC keys have real value. It would make sense for an organization to try to grab them early, before their value was obvious. If DNSSEC never ends up getting used for anything besides actual DNS lookups, nothing lost. But if it does take over authentication functions down the road, having the keys would let you perform clandestine spoofing pretty much at-will.

I'm not trying to break out the tinfoil hats or anything — I think it's unlikely (possible, but unlikely) that any agency of the U.S. government was thinking that far ahead — just pointing out that DNSSEC might turn out to be much more important than some people are making it out to be today. The Internet community should be extremely wary about who holds the top-level keys, if anyone does at all. (I think some implementation of key-sharing via threshold cryptography would be a good solution; that way no single person or entity has unrestricted access to the root private key.)
posted by Kadin2048 at 8:55 PM on June 20, 2009


If you have nothing to hide, why worry?

Joke.
posted by HylandErickson at 6:35 PM on June 22, 2009








« Older Web of Research   |   "All I got in this world is my balls and my word... Newer »


This thread has been archived and is closed to new comments