Friday, September 06, 2013

Once more, with feeling

 Isn't there a reasonable expectation of privacy in a bathroom?

Okay, let's take up the legal concept of "reasonable expectation of privacy" one more time.

Many users assume - or have been assured by Internet companies - that their data is safe from prying eyes, including those of the government, and the N.S.A. wants to keep it that way. The agency treats its recent successes in deciphering protected information as among its most closely guarded secrets, restricted to those cleared for a highly classified program code-named Bullrun, according to the documents, provided by Edward J. Snowden, the former N.S.A. contractor. Beginning in 2000, as encryption tools were gradually blanketing the Web, the N.S.A. invested billions of dollars in a clandestine campaign to preserve its ability to eavesdrop. Having lost a public battle in the 1990s to insert its own "back door" in all encryption, it set out to accomplish the same goal by stealth.

You have a reasonable expectation of privacy in your personal mail.  If you receive mail and work and your secretary opens it, instruct him/her how to handle personal mail (yes, I've been watching "Mad Men" episodes on DVD.  Maybe that world doesn't even exist anymore....).  You have a reasonable expectation of privacy in your phone calls, at least on land lines.  I seem to recall reading something about how easy it was to tap cell phone calls, and some courts ruling that ease reduced the reasonable expectation of privacy in such calls to zilch.

Takes some effort to tap a land line, especially in the days of fiber optics.  Or again, so the courts understand (and the understanding of the courts is all that matters).

Now:  do you have a reasonable expectation of privacy in an encrypted e-mail?  I would assume you do.  However, I don't know if the courts have ruled on that question, or what they have ruled; so the courts might surprise me (again, in matters of law, what the courts say is all that matters.  I despise several rulings of the US Supreme Court, not least the ruling on the VRA.  But it's now the law of the land.)

But having brought this up, let me take it away from you, because this analysis has nothing to do with the new reports on what the NSA is up to.  The new report says the NSA is working to crack all manner of encryptions. Well, so are most hackers, and Anonymous, to name a few.  Quelle surprise.

The assumption, though, and the one Charlie Pierce (among others) jumps to, is that this means the NSA is reading your encrypted e-mails.  Provided you actually send encrypted e-mails.

One problem with that:  there's no evidence the NSA is even collecting your e-mails, much less cracking the encryption on them.  Because aside from the unsubstantiated claims of Glenn Greenwald (which, yes, is one more reason he remains relevant to this story, and not just as a pipeline for Edward Snowden's NSA secrets), there is no evidence the NSA is not doing what it's rules and the law says it must not do:  gather all electronic communications from all American citizens, wherever those communicates originate and whomever they involve.  In other words, if you aren't communicating overseas (and so far as I know I never have), you aren't being scooped up by the NSA.

Now, if you want to believe otherwise, I will treat your assertions with the same consideration I treat the same assertions of Glenn Greenwald:  show me the evidence.

But given the evidence we have, this story about cracking encryptions doesn't add that much to what we knew about the NSA.  I mean, Anonymous and various hacker groups regularly either break encrypted systems or meet to share ways to do so.  Anyone who imagines there is a perfect system for protecting computer data is a fool (like the guy who used to put his Social Security number on those "LifeLock" ads; until somebody hacked his data and proved there is no lock that cannot be opened).  Did we really imagine the NSA wouldn't like a piece of that action?  The question is not:  why are they doing that?

The question is: who are they doing that to?

Or, as the Times put it, in a manner Mr. Pierce thinks is an understatement:
The agency's success in defeating many of the privacy protections offered by encryption does not change the rules that prohibit the deliberate targeting of Americans' e-mails or phone calls without a warrant. But it shows that the agency, which was sharply rebuked by a federal judge in 2011 for violating the rules and misleading the Foreign Intelligence Surveillance Court, cannot necessarily be restrained by privacy technology. N.S.A. rules permit the agency to store any encrypted communication, domestic or foreign, for as long as the agency is trying to decrypt it or analyze its technical features.  
Did anyone ever imagine the NSA could be restrained by privacy technology?  If so, I have a bridge you might want to buy.  As the Times report itself notes, this doesn't change the rules that the NSA can't target American e-mails or phone calls without particular authorization.  We may not want the government knowing when we're sleeping or when we are awake; but do we really want a government so hamstrung any gang of thieves or terrorists or even a foreign government, can use a simple encryption to communicate all kinds of nefarious information we might, in retrospect, wish we had?

I think we can find a balance that doesn't require the demolition of all American intelligence efforts and, by extension, all American police work.

No comments:

Post a Comment