SFGate: If You Send To Gmail, You Have ‘No Legitimate Expectation Of Privacy’
Not that this is really news but if you hand your message to a third-party for delivery you have no expectation of privacy. Agree with it or not that’s the way it is inside the United States. This is why it is important for people to use end-to-end encryption (like GnuPG) to protect the contents of messages being sent through any email provider. The same goes for using any instant messenger service, SMS, or telephone that uses a third-party provider.
This isn’t anything new, really. Ever since the telegraph was invented people have encrypted messages before handing them to a third-party for delivery. The Engima machine was actually developed as a business tool that was later used by the German military during World War II. Businesses needed to protect their communications during transit across a third-party. Today there isn’t a person sending your message to a distant point but rather a computer system that can not only efficiently and accurately send your message across distant lands but can also make a copy of that message and share it with whomever they wish.
While it has become easier for companies to share your messages with governments and third parties it has also become easier to protect your messages with encryption. The question now is how to make this technology easier for people to use and, perhaps more importantly, make people care about securing their messages. This last part is probably most important.
We’ve been kicking the ball down the field for a while. When Google implemented TLS encryption for its Gmail service people raved about the security measure. Sure, what they did was important as it prevented anyone watching the network traffic between the user and Google from seeing what was happening. But that left Google having open access to the contents of the messages being sent. This is the case for all email providers that use TLS encryption to secure the communications between users and their servers. Now is the time to fill that gap. How to do that easily is still up for debate.
If you’ve done any reading of 20th century European history then this story will seem familiar. Back then there were places where you had to be careful about what you said to whom. It could really be anything you said to any number of people including close friends, family members, and business associates. Conversations, even out of context comments, could be used against you for any reason. Trumped up charges or a violation of some old, obscure law could get you detained by the police or worse.
Here in the United States we had our constitution and, more importantly, the Bill of Rights to protect people from an over-reaching government. We didn’t see first-hand what many Europeans did. We felt protected based on a few words written down on paper. We became complacent.
An article was shared with me earlier today. The Guardian retells the story of police coming to someone’s home and interrogating the resident based on their Google searches and what they have viewed on the Internet.
Some might say “but after <fill in the event here> we have to do something so it won’t happen again”. Sure, there are things that need to happen to help prevent such future activities but “doing something” isn’t a real solution.
Fear drives power and if there is power up for grabs then the scariest thing wins. Detonate a bomb and you get fear. Unfortunately talking about detonating a bomb usually generates more fear. Many people will give up nearly everything just to have someone tell them that they are safe. Right now privacy is what’s taking most of the hits and it’s easy to understand why. It’s easy to control people, make a lot of money, and generally be able to “terrorize” anyone you don’t like when you have the keys to their thoughts. Having access to people’s thoughts is even easier today than it was fifty years ago. Today people talk via email, IM, and other digital means that generally go through a few centralized servers. Get to the servers and you’ve got access to the thoughts and feelings of millions of people. You now have leverage over almost anyone you wish.
Unless we want history to repeat itself we need to stand up to these types of actions. It is not okay to go sifting through my Internet searches. It is not okay to read my email. It is not okay to come to my home and interrogate me and my family. It’s time for this to stop.