Uncle Sam Wants You -- And Your Email

Who's reading your email, besides you? If you send it from work, it's probably your boss or some rogue tech admin. If you send it from home, it may be your spouse, your kids, or your nosy neighbors. (I told you not to write your password on a Post-it note and leave your Wi-Fi router open.) From an Internet café? Probably some slacker with a goatee, unless you remembered to log out first and/or encrypt your connection.

And if you send or receive email from any of those places, your Uncle may also be reading it -- you know, the guy with the top hat, the snowy beard, and the fondness for red-white-and-blue ensembles? Him.

That goes double if you work for companies the U.S. government has a keen interest in, such as Wikipedia or the Tor Project. Jacob Applebaum works for both -- as a volunteer for the notorious whistle-blowing operation and as a developer for Tor, a technology that anonymizes communications across the Web and is used by WikiLeaks leakers, as well as dissidents in repressive regimes around the globe.

A story in today's Wall Street Journal reveals how the U.S. Attorney General's office has demanded that Google and Applebaum's ISP, Sonic.Net, turn over his email. Technically, the feds' order demands to know who Applebaum has been corresponding with, not what he's been saying -- the email equivalent of a pen register, not a wiretap -- as well as the IP addresses he's used.

But because the requests were made under a law so ancient it has age spots -- the Electronic Communications Privacy Act of 1986 -- the government can request this information directly from service providers without the need for a search warrant or informing the people being investigated.

Presumably, the feds want to know who's been leaking to Applebaum. But with Bradley Manning already pretty much confessing to leaking the 250,000 diplomatic cables during his endless chats with hacker/journo Adrian Lamo, it's unclear why they need this.

Google and Sonic fought the orders in court but lost. The one point Sonic managed to win, however, was the release of Applebaum's name; at least he knows he's a target, despite the fact he's not been accused of doing anything wrong. And now, so do we.

There are two big thorny legal issues here. One is the ECPA, which was written before the World Wide Web and GPS-powered smartphones were even invented, and is desperately in need of updating. The other is data retention requirements.

I've written about the ECPA before. Overhauling it has the support of nearly every big player on the InterWebs, including fierce rivals like Google, Microsoft, Apple, AT&T, Facebook, and many more. In fact, it often seems like the only folks who don't want to update the ECPA are the law enforcement agencies who benefit from its hassle-free approach to snooping.

But data retention is another matter. A bill currently before the House of Representatives would require ISPs to retain subscriber data for an entire year -- essentially so that the feds can conduct fishing expeditions into it and see who they can hook.

For its part, Sonic has publicly stated that it will only retain user data for two weeks, unless ordered otherwise. In a blog post regarding its decision, CEO Dane Jasper notes the following:

Storing logs longer presents an attractive nuisance, and would potentially make our customers the target of invasions of privacy. Any lawyer could simply file a Doe lawsuit, draft up a subpoena and request a customer's identity. It's far too easy.

The EFF is conducting a letter-writing campaign opposing the data retention bill (HR 1981), which is being pushed under the guise of fighting kiddie pornography. You can add your voice here.

I'm not saying law enforcement should be kept from doing its job. I'm saying the protections we have for the other aspects of our lives we might wish to keep private -- the letters we write, the calls we make, the books we read, the things we say and think -- should extend to the digital realm as well. Isn't that how things are supposed to work in the Land of the Free?

What's your take on electronic communications and privacy? Weigh in below or email me: cringe@infoworld.com.

This article, "Uncle Sam wants you -- and your email," was originally published at InfoWorld.com. Follow the crazy twists and turns of the tech industry with Robert X. Cringely's Notes from the Field blog, and subscribe to Cringely's Notes from the Underground newsletter.

Subscribe to the Security Watch Newsletter

Comments