In the United States, after 180 days after opening your account, your email messages will lose their status as a protected communication under the Electronic Communications Privacy Act (ECPA). In short, it will become just another database record.
When that happens, a subpoena instead of a warrant is all that is needed for a government agency to force email providers to produce a copy. Just ask former Central Intelligence Agency (CIA) Director David Petraeus and U.S. commander in Afghanistan, Gen. John Allen, if you don't believe this.
Other countries may even lack this basic protection, and databases are distributed all over the world. Since the Patriot Act was passed, it's unclear whether this ECPA protection is worth much anymore in the U.S., or whether it even applies to email that originates from non-citizens in other countries.
On the other hand, email sent by employees through their employer's equipment has no expectation of privacy; the employer may monitor and all communications through their equipment. According to a 2005 survey by the American Management Association, about 55 percent of US employers monitor and read their employees' email. Even attorney–client privilege is not guaranteed through an employer's email system; US Courts have rendered contradictory verdicts on this issue.
To prevent any unwanted intrusion to your private life that will cost you your family and career, try to follow this short suggestion:
HIDE YOUR LOCATION. There are popular tools online that could mask the I.P.address of your email and allows you to browse the Web anonymously. You could also use a virtual private network, which adds a layer of security to public Wi-Fi networks like the one in your hotel room.
Remember, e-mail providers like Google and Yahoo keep login records, which reveal I.P. addresses, for 18 months, during which they can easily be subpoenaed. The Fourth Amendment requires the authorities to get a warrant from a judge to search physical property. Under the ECPA, a warrant is not required for e-mails six months old or older. Even if e-mails are more recent, the federal government needs a search warrant only for "unopened" e-mail, according to the Department of Justice's manual for electronic searches. The rest requires only a subpoena.
Google reported that United States law enforcement agencies requested data for 16,281 accounts from January to June of this year (2012), and it complied in 90 percent of cases.
GO OFF THE RECORD. At bare minimum, choose the "off the record" feature on Google Talk, Google's instant messaging client, which ensures that nothing typed is saved or searchable in either person's Gmail account.
ENCRYPT YOUR MESSAGES. E-mail encryption services, like GPG, help protect digital secrets from eavesdroppers. Without an encryption key, any message stored in an in-box, or reached from the cloud, will look like gibberish. The sender must get a key from the recipient to send them an encrypted message The drawback is that managing those keys can be cumbersome. And ultimately, even though a message's contents are unreadable, the frequency of communication is not. That is bound to arouse suspicions.
Wickr, a mobile app, performs a similar service for smartphones, encrypting video, photos and text and erasing deleted files for good. Typically, metadata for deleted files remains on a phone's hard drive, where forensics specialists and skilled hackers can piece it back together. Wickr erases those files by writing gibberish over the metadata.
SET YOUR SELF-DESTRUCT TIMER. Services like 10 Minute Mail allow users to open an e-mail address and send a message, and the address self-destructs 10 minutes later. Wickr also allows users to set a self-destruct timer for mobile communications so they can control how long a recipient can view a file before it disappears. But there is always the chance that your recipient captured screenshots.
DROP THE DRAFT FOLDER IDEA. It may sound clever, but saving e-mails in a shared draft folder is no safer than transmitting them. Christopher Soghoian, a policy analyst at the American Civil Liberties Union, noted that this tactic had long been used by terrorists — Khalid Shaikh Mohammed, the mastermind of the 9/11 attacks, and Richard Reid, "the shoe bomber," among them — and it doesn't work. E-mails saved to the draft folder are still stored in the cloud. Even if they are deleted, e-mail service providers can be compelled to provide copies.
USE ONLY A DESIGNATED DEVICE. Security experts suggest using a separate, designated device for sensitive communications. Of course, few things say philanderer, or meth dealer, for that matter, like a second cellphone.
GET AN ALIBI. Then there is the obvious problem of having to explain to someone why you are carrying a pager or suddenly so knowledgeable about encryption technologies. "The sneakier you are, the weirder you look," one expert use to say.
DON'T MESS UP. It is hard to pull off one of these steps, let alone all of them all the time. It takes just one mistake — forgetting to use your protection tool, leaving your encryption keys where someone can find them, connecting to an airport Wi-Fi just once — to ruin you.
When that happens, a subpoena instead of a warrant is all that is needed for a government agency to force email providers to produce a copy. Just ask former Central Intelligence Agency (CIA) Director David Petraeus and U.S. commander in Afghanistan, Gen. John Allen, if you don't believe this.
Other countries may even lack this basic protection, and databases are distributed all over the world. Since the Patriot Act was passed, it's unclear whether this ECPA protection is worth much anymore in the U.S., or whether it even applies to email that originates from non-citizens in other countries.
On the other hand, email sent by employees through their employer's equipment has no expectation of privacy; the employer may monitor and all communications through their equipment. According to a 2005 survey by the American Management Association, about 55 percent of US employers monitor and read their employees' email. Even attorney–client privilege is not guaranteed through an employer's email system; US Courts have rendered contradictory verdicts on this issue.
To prevent any unwanted intrusion to your private life that will cost you your family and career, try to follow this short suggestion:
HIDE YOUR LOCATION. There are popular tools online that could mask the I.P.address of your email and allows you to browse the Web anonymously. You could also use a virtual private network, which adds a layer of security to public Wi-Fi networks like the one in your hotel room.
Remember, e-mail providers like Google and Yahoo keep login records, which reveal I.P. addresses, for 18 months, during which they can easily be subpoenaed. The Fourth Amendment requires the authorities to get a warrant from a judge to search physical property. Under the ECPA, a warrant is not required for e-mails six months old or older. Even if e-mails are more recent, the federal government needs a search warrant only for "unopened" e-mail, according to the Department of Justice's manual for electronic searches. The rest requires only a subpoena.
Google reported that United States law enforcement agencies requested data for 16,281 accounts from January to June of this year (2012), and it complied in 90 percent of cases.
GO OFF THE RECORD. At bare minimum, choose the "off the record" feature on Google Talk, Google's instant messaging client, which ensures that nothing typed is saved or searchable in either person's Gmail account.
ENCRYPT YOUR MESSAGES. E-mail encryption services, like GPG, help protect digital secrets from eavesdroppers. Without an encryption key, any message stored in an in-box, or reached from the cloud, will look like gibberish. The sender must get a key from the recipient to send them an encrypted message The drawback is that managing those keys can be cumbersome. And ultimately, even though a message's contents are unreadable, the frequency of communication is not. That is bound to arouse suspicions.
Wickr, a mobile app, performs a similar service for smartphones, encrypting video, photos and text and erasing deleted files for good. Typically, metadata for deleted files remains on a phone's hard drive, where forensics specialists and skilled hackers can piece it back together. Wickr erases those files by writing gibberish over the metadata.
SET YOUR SELF-DESTRUCT TIMER. Services like 10 Minute Mail allow users to open an e-mail address and send a message, and the address self-destructs 10 minutes later. Wickr also allows users to set a self-destruct timer for mobile communications so they can control how long a recipient can view a file before it disappears. But there is always the chance that your recipient captured screenshots.
DROP THE DRAFT FOLDER IDEA. It may sound clever, but saving e-mails in a shared draft folder is no safer than transmitting them. Christopher Soghoian, a policy analyst at the American Civil Liberties Union, noted that this tactic had long been used by terrorists — Khalid Shaikh Mohammed, the mastermind of the 9/11 attacks, and Richard Reid, "the shoe bomber," among them — and it doesn't work. E-mails saved to the draft folder are still stored in the cloud. Even if they are deleted, e-mail service providers can be compelled to provide copies.
USE ONLY A DESIGNATED DEVICE. Security experts suggest using a separate, designated device for sensitive communications. Of course, few things say philanderer, or meth dealer, for that matter, like a second cellphone.
GET AN ALIBI. Then there is the obvious problem of having to explain to someone why you are carrying a pager or suddenly so knowledgeable about encryption technologies. "The sneakier you are, the weirder you look," one expert use to say.
DON'T MESS UP. It is hard to pull off one of these steps, let alone all of them all the time. It takes just one mistake — forgetting to use your protection tool, leaving your encryption keys where someone can find them, connecting to an airport Wi-Fi just once — to ruin you.
Posts
0 comments
Post a Comment