Sunday, November 18, 2012

Yes, the FBI and CIA can read your email. Here's how. By Zack Whittaker


Summary: "Petraeus-gate," some U.S. pundits are calling it. How significant is it that even the head of the CIA can have his emails read by an albeit friendly domestic intelligence agency, which can lead to his resignation and global, and very public humiliation? Here's how.

The U.S. government -- and likely your own government, for that matter -- is either watching your online activity every minute of the day through automated methods and non-human eavesdropping techniques, or has the ability to dip in as and when it deems necessary -- sometimes with a warrant, sometimes without.

That tin-foil hat really isn't going to help. Take it off, you look silly.

Gen. David Petraeus, the former head of the U.S. Central Intelligence Agency, resigned over the weekend after he was found to have engaged in an extra-marital affair. What caught Petraeus out was, of all things, his usage of Google's online email service, Gmail.

This has not only landed the former CIA chief in hot water but has ignited the debate over how, when, and why governments and law enforcement agencies are able to access ordinary citizens' email accounts, even if they are the head of the most powerful intelligence agency in the world.

If it makes you feel any better, the chances are small that your own or a foreign government will snoop on you. The odds are much greater -- at least for the ordinary person (terrorists, hijackers et al: take note) -- that your email account will be broken into by a stranger exploiting your weak password, or an ex-lover with a grudge (see "Fatal Attraction").

Forget ECHELON, or signals intelligence, or the interception of communications by black boxes installed covertly in data centers. Intelligence agencies and law enforcement bodies can access -- thanks to the shift towards Web-based email services in the cloud -- but it's not as exciting or as Jack Bauer-esque as one may think or hope for.

The easiest way to access almost anybody's email nowadays is still through the courts. (Sorry to burst your bubble, but it's true.)

[...]

Get a warrant, serve it to Google?

There's no such thing as a truly 'anonymous' email account, and no matter how much you try to encrypt the contents of the email you are sending, little fragments of data are attached by email servers and messaging companies. It's how email works and it's entirely unavoidable.

Every email sent and received comes with 'communications data,' otherwise known as "metadata" -- little fragments of information that carries the recipient and the sender's address, and routing data such as the IP addresses of the sender and the servers or data center that it's passed through. Extracting this metadata is not a mystery or difficult, in fact anyone can do it, but if you have the legal tools and law enforcement power to determine where the email was passed through -- such as an IP address of one of Google's data center in the United States.

The system is remarkably similar to the postal system. You can seal the envelope and hide what's inside, but it contains a postmark of where it came from and where it's going. It may even have your fingerprints on it. All of this information outside the contents is "metadata." ... ► Read the full story by Zack Whittaker in ZDNet.com




Source: ZDNet.com
Author: Zack Whittaker writes for ZDNet, CNET and CBS News. He is based in London, U.K. ...► more
Photo: Did FBI have legal right to spy on Petraeus’s personal email? Privacy in the age of the WebAllvoices.com

1 comment:

  1. ► Post-Petraeus, Net Privacy Backers Hope For A Boost. By Martin Kaste

    • http://www.kqed.org/news/story/2012/11/16/111236/postpetraeus_net_privacy_backers_hope_for_a_boost?source=npr&category=technology

    ReplyDelete