Techdirt. Stories filed under "email"

FBI Still Doesn't Think It Needs A Warrant To Read Your Email, Despite Court Ruling To The Contrary

Mike Masnick — Thu, 9 May 2013 07:51:54 PDT

The ACLU has continued its campaign to explore whether or not the government gets a warrant before scouring your email. Last month, they discovered that the IRS doesn't believe in getting a warrant -- leading to the IRS promising to change that policy. Now they've received some documents from the FBI in response to a FOIA request that again suggest that, despite the ruling in US v. Warshak, in which the 6th Circuit said that a warrant is needed to compel an ISP to turn over emails, the FBI believes it can access emails older than 180 days without a warrant, under ECPA. As we've discussed at length, ECPA (the Electronic Communications Privacy Act) is a very outdated piece of legislation which considers emails on a server over 180 days to be "abandoned" because no one considered a cloud computing future.

What the ACLU found in these documents is that the FBI hasn't updated its Domestic Investigations and Operations Guide (DIOG) in response to the Warshak ruling, and it still suggests that agents can easily access such emails without a warrant. Instead, it says:

In enacting the ECPA, Congress concluded that customers may not retain a “reasonable expectation of privacy” in information sent to network providers. . . [I]f the contents of an unopened message are kept beyond six months or stored on behalf of the customer after the e-mail has been received or opened, it should be treated the same as a business record in the hands of a third party, such as an accountant or attorney. In that case, the government may subpoena the records from the third party without running afoul of either the Fourth or Fifth Amendment.

That's a... charitable interpretation of reality. That's what Congress felt back then, but based on a very different network setup. However, as the courts noted in Warshak, the 4th Amendment is still important and still rules.

The ACLU also asked different US Attorney's offices for their guidelines, and found that policies differed greatly based on location. Northern Illinois, for example, seemed to recognize the 4th Amendment. But others, including in Texas, still seem to think that no warrant is required. As the ACLU notes, this hodgepodge of rules and the fact that the FBI hasn't changed its guidelines in response to Warshak just highlights the need for comprehensive ECPA reform.

If nothing else, these records show that federal policy around access to the contents of our electronic communications is in a state of chaos. The FBI, the Executive Office for U.S. Attorneys, and DOJ Criminal Division should clarify whether they believe warrants are required across the board when accessing people’s email. It has been clear since 1877 that the government needs a warrant to read letters sent via postal mail. The government should formally amend its policies to require law enforcement agents to obtain warrants when seeking the contents of all emails too.

More importantly, Congress also needs to reform ECPA to make clear that a warrant is required for access to all electronic communications. Reform legislation is making its way through the Senate now, and the documents released by the U.S. Attorney in Illinois illustrate that the law can be fixed without harming law enforcement goals. If you agree that your email and other electronic communications should be private, you can urge Congress to take action here.

Permalink | Comments | Email This Story

You've Got (No) Mail! Major Law Firm Blocks Employee Email Access

Above The Law — Fri, 19 Apr 2013 14:22:24 PDT

Cross-posted from

Personal email accounts introduce possible threats to firm computers. A careless employee could open a trojan horse attachment and unleash a virus on the system. Even if the attack only infects the local drive, confidential information may be at risk.

This puts firms in a bind. Either invest time and energy teaching basic Internet skills to their employees — lessons like, “don’t open attachments from unknown email addresses” — that most of us learned when we still had Prodigy emails, or condescendingly cut off access to a modern necessity because the employees are too hopeless to understand the rules.

Yesterday, a major law firm chose the latter route…

King & Spalding dropped this nugget on their employees yesterday:

The firm’s internal security experts, as well as our outside security experts, have advised us that accessing Personal Email Accounts from firm computers creates a significant security risk. Therefore, effective May 1, 2013, access to Personal Email Accounts (i.e., anything other than your kslaw.com email, including, but not limited, to personal email accounts like Gmail, Yahoo, Hotmail, cable company, etc.) from King & Spalding computers will no longer be permitted.

Most personal email sites will be blocked while you are on the firm’s network. However, you should not access Personal Email Accounts from a firm computer, even if you are not automatically blocked when trying to do so.

Yes, this policy was announced yesterday at approximately 4 p.m. Eastern time. So while the whole country was conversing over personal email (and its companion chat systems) about the latest news updates surrounding a national tragedy, King & Spalding was announcing that it would be cutting off this access. Perhaps less than savvy timing. Someone in a position of authority may have wanted to hold off for a week or so.

Employees can continue to check email on their phones not connected to the main network (a new “ksmobile” network has been set up for this purpose). This means all their employees will now spend an order of magnitude longer every day cruising their inboxes on 3.5-inch screens and typing detailed responses with their touchpads. EFFICIENCY!

King & Spalding isn’t wrong to recognize that third-party email services constitute a threat to the firm network. But the actual threat is entirely between the keyboard and the chair if you will. Gmail isn’t threatening the network, Donny Dips**t clicking on a link sent by a Nigerian Prince is threatening the firm network. In the estimation of King & Spalding, its firm email system can better guard against phishing and thus minimize the opportunity of its employees to expose the firm to harm. However, Internet users are getting smarter every year, and with the decline in these “user errors,” the whole phenomenon of phishing is in decline.

So after years of exposing the firm’s computers to risk, King & Spalding has opted now, while the risk is in decline, to take the drastic step of blocking personal email accounts. Perhaps this explains why King & Spalding didn’t survive the first round of the “Which Firm Has The Brightest Future?” bracket.

Full email below.

Permalink | Comments | Email This Story

IRS Investigators See No Need For A Warrant To Snoop On Emails

Mike Masnick — Thu, 11 Apr 2013 11:40:00 PDT

The ACLU filed a freedom of information act (FOIA) request last year, asking for details about whether not IRS investigators get warrants before reading people's private communications. After finally getting 247 pages of records (which don't fully answer the questions asked), the ACLU has noted that the documents suggest that the IRS likely read private emails regularly without obtaining a warrant. In their blog post, they note that in the US v. Warshak case, the 6th Circuit made it clear that the government must get a warrant to turn over emails, and it seems clear that the IRS had to change its policy because of that.

The documents the ACLU obtained make clear that, before Warshak, it was the policy of the IRS to read people’s email without getting a warrant. Not only that, but the IRS believed that the Fourth Amendment did not apply to email at all. A 2009 “Search Warrant Handbook” from the IRS Criminal Tax Division’s Office of Chief Counsel baldly asserts that “the Fourth Amendment does not protect communications held in electronic storage, such as email messages stored on a server, because internet users do not have a reasonable expectation of privacy in such communications.” Again in 2010, a presentation by the IRS Office of Chief Counsel asserts that the “4^th Amendment Does Not Protect Emails Stored on Server” and there is “No Privacy Expectation” in those emails.

Other older documents corroborate that the IRS did not get warrants across the board. For example, the 2009 edition of the Internal Revenue Manual (the official compilation of IRS policies and procedures) explains that “the government may obtain the contents of electronic communication that has been in storage for more than 180 days” without a warrant.

Of course, the IRS is not alone in this. That's the same way other government agencies have treated email thanks to the outdated nature of ECPA, the Electronic Communications Privacy Act, a law written nearly 30 years ago, which assumed that any content left on a server for over 180 days was "abandoned," because the idea of online messaging systems was foreign to folks in Congress at the time.

The bigger question, though, is whether or not the IRS paid attention to the ruling in Warshak and started getting warrants. As the ACLU notes, while not entirely clear, the answer is likely "no."

Then came Warshak, decided on December 14, 2010. The key question our FOIA request seeks to answer is whether the IRS’s policy changed after Warshak, which should have put the agency on notice that the Fourth Amendment does in fact protect the contents of emails. The first indication of the IRS’s position, from an email exchange in mid-January 2011, does not bode well. In an email titled “US v. Warshak,” an employee of the IRS Criminal Investigation unit asks two lawyers in the IRS Criminal Tax Division whether Warshak will have any effect on the IRS’s work. A Special Counsel in the Criminal Tax Division replies: “I have not heard anything related to this opinion. We have always taken the position that a warrant is necessary when retrieving e-mails that are less than 180 days old.” But that’s just the ECPA standard. The real question is whether the IRS is obtaining warrants for emails more than 180 days old. Shortly after Warshak, apparently it still was not

The IRS had an opportunity to officially reconsider its position when it issued edits to the Internal Revenue Manual in March 2011. But its policy stayed the same: the Manual explained that under ECPA, “Investigators can obtain everything in an account except for unopened e-mail or voice mail stored with a provider for 180 days or less using a [relevant-and-material-standard] court order” instead of a warrant. Again, no suggestion that the Fourth Amendment might require more.

As the ACLU notes, the IRS owes the American public a clear explanation of its view on warrants... and it should put in place a clear warrant requirement before snooping through emails.

Permalink | Comments | Email This Story

Harvard Searched Email Subject Lines Of Faculty To Sniff Out Leak

Mike Masnick — Mon, 11 Mar 2013 16:13:09 PDT

We've written a few times about employers snooping through the emails of employees, and for the most part, courts have found this to be legal. There are a few exceptions -- such as for attorney/client communications -- but for the most part, if you're using work provided email, they can spy on it. Of course, just because they can doesn't mean they should. As we've been pointing out for over a decade, doing so probably fosters an environment of paranoia, which may not be the most productive. Still, it's a bit surprising to see that Harvard University chose to snoop through the emails of staff members in trying to hunt down the source of a leak. Specifically, the university searched the emails of 16 deans, telling them about the search a few days later. Again, even though this is likely legal, it seems odd that a university like Harvard would do it, as it inevitably creates distrust with some of its most important staffers. Indeed, the news apparently has faculty and staff up in arms.

Havard has defended the search by arguing it was very limited -- just to specific accounts and just to subject lines:

Consequently, with the approval of the Dean of FAS and the University General Counsel, and the support of the Dean of Harvard College, a very narrow, careful, and precise subject-line search was conducted by the University's IT Department. It was limited to the Administrative accounts for the Resident Deans — in other words, the accounts through which their official university business is conducted, as distinct from their individual Harvard email accounts. The search did not involve a review of email content; it was limited to a search of the subject line of the email that had been inappropriately forwarded. To be clear: No one's emails were opened and the contents of no one's emails were searched by human or machine. The subject-line search turned up two emails with the queried phrase, both from one sender. Even then, the emails were not opened, nor were they forwarded or otherwise shared with anyone in IT, the administration, or the board. Only a partial log of the 'metadata' — the name of the sender and the time the emails were sent — was returned.

"The Resident Dean whose account had been identified was asked about the incident and voluntarily reviewed his/her own sent items and confirmed that she/he had indeed forwarded the message to two students. Although the Resident Dean's actions violated the expectations of confidentiality surrounding the Administrative Board process, those involved in the review and the conversation with the individual were sufficiently convinced that it was an inadvertent error and not an intentional breach. The judgment was made not to take further action.

The issue, though, is the expectation of privacy and the level of trust built up between staffers and the university -- and actions like this, even when done narrowly and carefully, can break down that trust in significant ways.

Permalink | Comments | Email This Story

Wrong Legislative Thought Of The Day: An Email Tax To Save The Post Office

Timothy Geigner — Mon, 11 Mar 2013 07:37:06 PDT

There have been questions for quite some time now as to whether or not the traditional US postal system can survive the digital era. Frankly, the outlook isn't good, what with email replacing the sending of letters in large part and the postal service losing billions of dollars each year. The postal service itself tried to fight what I guess they thought was just a hip email trend by reminding everyone how terrible email is and how great letters are, or something. Sadly, it appears that campaign made little headway and the US mail system continues to look for a savior.

That's where Gordon Wozniak, Berkeley City Councilman and bad-idea generator, hopes to enter into the equation with his monumentally dumb idea of micro-taxing email, a service everyone uses, to fund the postal system, which nobody cares about.

Wozniak told the council: "There should be something like a bit tax. I mean a bit tax could be a cent per gigabit and they would still make, probably, billions of dollars a year… And there should be, also, a very tiny tax on email," perhaps one-hundredth of a cent. He said this would discourage spam and not have much impact on the typical Internet user. Wozniak went on to suggest a sales tax on internet transactions that could help, in part, fund "vital functions that the post office serves."

Let's set aside for a moment that the proliferation of spam blocking software and appliances has mostly erased spam emails for anyone interested. If Wozniak wants to propose tax law, he should at least familiarize himself with the relevant laws on the books, including the Internet Tax Nondiscrimination Act, which bans internet taxes entirely. Seems like kind of a big roadblock, no? Fortunately, Wozniak's idea is not only dumb, but it's also completely unworkable, as noted by Harvard Law School's Jonathan Zittrain:

"To the extent that the cheap flow of flat rate first class mail has positive effects for society at large, the insistence that the Post Office be revenue-neutral may not make sense," Zittrain said. "Taxing email as an alternative, however, is a terrible idea: bad in theory and truly unworkable in practice. There have been proposals to see fees imposed on email by service providers — or recipients themselves — as a way of minimizing spam, but to impose an external tax on it when there are ready substitutes (Facebook messaging, anyone?), and when collection would be a nightmare, seems a non-starter. There is no reason to tax electronic mail users in particular to save the Post Office, any more than it would make sense to tax coffee drinkers to do it."

In response, Wozniak said that despite not being an expert on internet taxes (wut?), he still thinks the idea deserves to be considered because "many billions of emails are sent every day [and] an email tax could raise substantial sums." By the way, he delivered that statement...wait for it...via email.

Well, I'm not a bad-idea tax expert, but since there are so many bad ideas generated every day, we could solve every financial crisis everywhere by taxing the hell out of bad ideas. Let's start with yours, Mr. Wozniak. After all, the postal service needs you.

Permalink | Comments | Email This Story

Why Google Should Encrypt Our Email

Mike Masnick — Tue, 18 Dec 2012 23:49:20 PST

Julian Sanchez has put forth an interesting and compelling proposal: if Google really wanted to take a stand in favor of user privacy, it should encrypt all our emails.

Google is in an ideal position to overcome these difficulties, and finally make strong e-mail encryption a mass phenomenon. Their Gmail service—the one David Petraeus was using to exchange steamy messages with his biographer and lover, Paula Broadwell—has some 425 million active users by last count. Many of those users access the service through a Web interface, which Google can change and update for all users simultaneously. That means we could all wake up tomorrow to find a handy new “Encrypt Message” button included in the familiar Gmail interface we're already using. Meanwhile, Google (along with Facebook) has rapidly become a kind of universal Internet identity provider, with the Google Account used as a key not only to access Google’s own myriad offerings, but many other independent online services as well.

Because truly strong encryption is “end to end”—meaning the end-users generate, store, and have sole access to their own private encryption keys—a robust content encryption system may require users to have appropriate client software installed on their own machines. Here, too, Google is well positioned to provide a solution: They already make a widely-used browser, Chrome, and a popular operating system for mobile devices, Android, which could be updated with the necessary functionality built-in, eliminating the need for a separate browser plug-in.

Of course, as Julian notes, one reason why Google is resisting this is that it would make it more difficult to scan your emails and offer contextual advertising based on what's in those emails. He notes that Vint Cerf more or less admitted this last year, in noting that it would be a challenge to their business model. But Julian notes that there are other ways to target advertisements (some of which might be more effective) than keying them directly off each email -- for example, it can still use your search history, social profiles, Youtube videos, etc. For what it's worth, in all the years I've used Gmail, I don't recall ever looking at the ads they display -- though, obviously, some people out there must click. Also, a point worth noting: Microsoft's new Outlook.com email system does not scan each email for contextual advertising purposes. If they can do it, it seems silly to argue that Google needs to scan each email. More importantly, Julian isn't saying that every email should be encrypted -- so plenty of messages will still be sent in the clear, and those can be used for contextual ads. And the benefits may outweigh the negatives:

Meanwhile, Google would garner enormous goodwill from privacy advocates, reams of free press coverage, and an attractive new selling point, not only for Gmail but for Chrome and Android as well. Encryption would likely be a particularly appealing feature for Google's paying enterprise customers, whose messages may contain information that is not only private but highly valuable. At the very least, it's worth running the numbers again to see whether offering strong encryption might now be a net boon to the company's bottom line.

Furthermore, he notes that Google can use this to take a real stand against efforts by law enforcement to build wiretapping into email. Those efforts have been going on for a long time, and Google has fought against them in the past. But, he notes, getting people up in arms about the feds taking away something that people already have is a much more powerful motivator than getting them worked up about the feds making it impossible for Google to offer that feature in the future.

Because people are loss-averse, taking away something people already have and value can be all but impossible—while preventing them from getting it in the first place is far easier. By rolling out e-mail encryption now, Google can ensure that ordinary users see myopic efforts to regulate secure communications infrastructure as something that affects all of our privacy and security—not just that of faceless crooks or terrorists.

For what it's worth, Ed Felten responded to Julian's proposal by noting a few potential issues with it: (1) managing the crypto keys and cyrpto code would be an issue (would Google also store your key? if so, many of the benefits go away) and (2) there are features that rely on Google being able to see your email. For that latter issue, he notes that beyond just the question of contextual advertising, it could make things like filtering messages more difficult -- and that includes for more important filters like spam.

Julian responds by noting that these are not insurmountable issues. The management of the crypto keys could be handled by Google if people are okay with it, or they could offer up third party options (whether local, or some other "cloud" provider, such as Dropbox).

...lots of cloud services that offer encryption let the user choose whether or not to let the provider keep a backup copy of the user's keys. The more paranoid could sacrifice some mobility and convenience—and risk losing access to some of their messages if their local copies of the key are destroyed—by opting not to let Google keep even an encrypted copy of their key. Or, as a middle ground, a user could always store an encrypted backup copy of her key with a different cloud provider, like Dropbox, which need not even be known to Google. That provides all of the advantages of storing the key with Google at a relatively minor cost in added hassle, but substantially raises costs for any attacker, who now must not only crack the passphrase protecting the key, but figure out where in the cloud that key is located. Assuming it's accessed relatively infrequently (most of us read our e-mail on the same handful of devices most of the time) even a governmental attacker with subpoena power and access to IP logs is likely to be stymied, especially if the user is also employing traffic-masking tools like Tor

As for the filtering option, he notes that you can still filter based on other metadata, and that most of the encrypted notes are less likely to be spam, since they're more likely to be used between people who know each other. To avoid the problem of spammers suddenly jumping on the encryption bandwagon, he suggests an option where you might only accept encrypted mail from white-listed addresses.

Some Google haters will insist that Google will never do this because it might diminish the contextual ad business, but as Julian explains (in both links!) that's not necessarily the case. Furthermore, Google has, in the past, shown that it recognizes that making a goodwill gesture in terms of increasing privacy or better protecting its users can often pay off in much more usage and public goodwill in the long run. As Julian notes: it seems that it's at least worth running some numbers to see how it might make financial sense to better protect user emails.

Permalink | Comments | Email This Story

After All That, The Original 'Cyberstalking' Complaint That Created Petraeus Scandal Is Dropped

Mike Masnick — Tue, 18 Dec 2012 14:52:37 PST

What has been somewhat forgotten in the ensuing situation that resulted in General David Petraeus stepping down from his post at the top of the CIA, is that the whole thing started when his mistress and biographer Paula Broadwell was accused of "cyberstalking" by another woman, Jill Kelley. That led to a chain of events, including having the FBI go through various email accounts, exposing the affair and some other soap opera-y stuff involving generals. And, in the end, the original cyberstalking charge, that kicked it all off, is being dropped. Of course, that only raises even more questions about why the FBI went snooping through everyone's emails in the first place.

It was always questionable for the FBI to pursue a cyberstalking investigation against Broadwell, who used an anonymous email account, “kelleypatrol,” to tell Florida-based military officers like Marine Gen. John Allen that socialite Kelley was bad news. One former federal prosecutor told Danger Room that it was “highly irregular” for the FBI to take up such cases.

While some insist that it's fine for the FBI to snoop through Petraeus' emails given his position, it seems like they should have had much more of a reason than "hey, someone's bothering someone else online."

Permalink | Comments | Email This Story

Patrick Leahy Ready To Cave To Law Enforcement: Has ECPA Reform Amendment To Include Loopholes For Warrantless Spying

Mike Masnick — Tue, 20 Nov 2012 09:41:28 PST

See update at the bottom...

Back in September, we wrote about how Senator Patrick Leahy had introduced a really good bill for ECPA reform. ECPA (the Electronic Communications Privacy Act) is an incredibly outdated bill concerning (as it says) the privacy of electronic messages. It was written in a time (the mid-1980s) before everyone had email, let alone everyone used web-based, cloud-stored email. And thus, it has weird provisions, such as considering that messages stored on a server for more than 180 days are "abandonded" and thus subject to very little privacy protections. And that's just one of many, many problems with ECPA, which treats all kinds of messages differently.

Leahy's reform was pretty straightforward: it basically said that if the government wants to see your electronic info, it needs a warrant. This seems completely reasonable and something that probably should be considered the law already if the 4th Amendment were respected. Of course, almost immediately after he introduced his reform package, we noted that the law enforcement community had freaked out over the bill, saying that if law enforcement had to actually, you know, justify its activities to a judge, it might have "adverse impact" on investigations (you know, like reading the love letters of generals).

We noted that those concerns led Leahy to delay the markup on the bill. However, it had been widely reported that the bill was back on track for late next week. And... today comes the bombshell. According to Declan McCullagh, Leahy is planning a manager's amendment to the bill that will effectively give large parts of the federal government an exception to the warrant requirement and let them snoop on your email with just a subpoena (i.e., no judicial oversight).

Leahy's rewritten bill would allow more than 22 agencies -- including the Securities and Exchange Commission and the Federal Communications Commission -- to access Americans' e-mail, Google Docs files, Facebook wall posts, and Twitter direct messages without a search warrant. It also would give the FBI and Homeland Security more authority, in some circumstances, to gain full access to Internet accounts without notifying either the owner or a judge.

In other words, this went from being a much needed bill to a dangerous bill very quickly. That's extremely unfortunate. ECPA reform is needed, but not this kind of reform. From what we've heard, while there is this new manager's amendment, it is not certain that Leahy will introduce this version, and may still go with his old version (or a modified version that still requires warrants). It seems important to let folks in Congress know that this possible amendment, allowing warrantless spying, is not acceptable.

Update: There's some debate over how serious this proposal was. A new report claims that this amendment wasn't likely to be seriously considered, even though it does exist. Declan McCullagh is standing by his story, and saying that the claim that this amendment won't be seriously considered is in response to the public outcry about it.

Permalink | Comments | Email This Story

Taliban Spokesman Accidentally Copies Mailing List On Press Release Email

Timothy Geigner — Fri, 16 Nov 2012 14:37:00 PST

You know that mistake you make, where you want to send an email to a bunch of people, typically annoying chain letters about finding love next week if they forward it to twenty people immediately (luck doesn't just wait around, you know), but you don't want to expose all of your friends' and family's emails so you blind copy everyone...except you didn't. Now you're the jackass sending emails with forty addresses listed and your grandmother hates you for spamming her?

"Why is my grandson trying to help me find love? I'm 200 years old."
Image source: CC BY 2.0

Well, funny story: it turns out that one of the few things we freedom-loving folks in the States have in common with our Taliban enemies is an amusing incapacity to check to whom we're sending our emails. Take a look at the oops Taliban spokesperson, Qari Yousef Ahmedi, made when he accidentally CC'd, rather than BCC'd, the Taliban's mailing list on a press release email this past Saturday.

In a Dilbert-esque faux pas, a Taliban spokesperson sent out a routine email last week with one notable difference. He publicly CC'd the names of everyone on his mailing list. The names were disclosed in an email by Qari Yousuf Ahmedi, an official Taliban spokesperson, on Saturday. The email was a press release he received from the account of Zabihullah Mujahid, another Taliban spokesperson. Ahmedi then forwarded Mujahid's email to the full Taliban mailing list, but rather than using the BCC function, or blind carbon copy which keeps email addresses private, Ahmedi made the addresses public.

I'm sure years from now, when the CIA has once again employed the Taliban to fight on our behalf against the Chinese-Australian-Alien Alliance, we'll all look back on this and have a nice laugh, but there's no understating that this is a massive screw up. Sure, most of the folks on the distribution list were journalists, but exposing their names that way, particularly for those that are working within Afghanistan, isn't a good thing. Besides that, not all the people who were exposed were journalists.

[The list] also includes an address appearing to belong to a provincial governor, an Afghan legislator, several academics and activists, an l Afghan consultative committee, and a representative of Gulbuddein Hekmatar, an Afghan warlord whose outlawed group Hezb-i-Islami is believed to be behind several attacks against coalition troops.

Somehow I don't see this making the Taliban brass very happy. And Senator Joe Lieberman wants internet services to block Taliban messages? Why? Let them keep making these kind of mistakes.

Permalink | Comments | Email This Story

How Much Did The FBI Snoop On Email Messages To Uncover The Petreaus Situation?

Mike Masnick — Tue, 13 Nov 2012 10:27:00 PST

As you're probably aware since it's "the big story" right now, General David Petreaus stepped down last week after an FBI investigation turned up an affair he'd been having. It seems that every few hours more news "breaks" on the story, and it keeps getting more involved, with a growing number of players (and with each new revelation the story gets more and more bizarre). However, some have started wondering how and why the FBI was snooping on various emails. The original story was that it came about after Petreaus' mistress allegedly sent threatening (anonymous) emails to another woman, who reported them to the FBI. From that came a wider investigation, which supposedly may involve another General and a variety of other players. But some are realizing that this seems to show how the FBI has pretty free rein in terms of snooping on email accounts hosted online:

Under the 1986 Electronic Communications Privacy Act, federal authorities need only a subpoena approved by a federal prosecutor — not a judge — to obtain electronic messages that are six months old or older. To get more recent communications, a warrant from a judge is required. This is a higher standard that requires proof of probable cause that a crime is being committed.

But even that isn't entirely clear. Folks like Julian Sanchez have been puzzling through the timeline of events and wondering how a simple investigation into a small number of "rude" (but not illegal) emails then uncovered thousands of questionable emails involving a different general as alleged in the news that broke last night. It feels like the FBI may have taken a simple report of misconduct (which may have been driven by another love triangle issue involving an FBI agent who seemed to take the whole thing a lot more personally than makes sense) and turned it into a massive fishing expedition.

Given how fast new parts of this story keep breaking, I'm sure there are still a number of other dominoes to fall, but hopefully this actually gets people to pay attention to just how easy it is for law enforcement to snoop on people's emails these days based on next to nothing.

Permalink | Comments | Email This Story

Displaced NJ Voters Told To Email Ballot Requests To A Hotmail Account

Timothy Geigner — Tue, 6 Nov 2012 12:28:55 PST

The election day news is coming in rather fast today, but we're already seeing reports of voting issues. There's some viral videos floating around showing voting machines acting up. This, of course, can be added to the long history of voting machine nonsense we've written about in the past. But adding to the the confusion is that a great section of the East Coast is still recovering from Hurricane Sandy.

You may have seen the news over the past few days that displaced New Jersey voters are being allowed to (sorta) vote via email. Or, rather, they would be allowed to vote via email if the state's election officials could manage to act like they know what they're doing. Instead, reports indicate massive amounts of people have been unable to request ballots at the email addresses originally provided. This is causing frustration and confusion across the state, but the real absurdity shows up in Essex County.

Aware of the problems with the official e-mail system, Essex County Clerk Christopher Durkin suggested an alternative option: "Displaced voters can email a request for a ballot at cj_durkin@hotmail.com," according to a post on the Facebook page of the town of West Orange, NJ. Interestingly, security researcher Ashkan Soltani notes that Durkin's Hotmail address has his mother's maiden name as a "password recovery" question. This means that anyone who can figure out Durkin's mother's maiden name could seize control of his Hotmail account and intercept voters' official ballot requests.

I'll be clear in saying that I understand that the situation in New Jersey is a difficult one and I'm sure election officials there are simply trying to do their best under the circumstances. Unfortunately, Durkin's best appears to suck. You simply cannot put something of such importance (voting) in the hands of someone who cannot either provide a working and secure email address for ballot access or, at the very least, take the most trivial security steps on another email address. We all want every citizen to be able to have their voice heard, but not at the cost of massive security risks.

Permalink | Comments | Email This Story

Why Regulations Aimed At Technology Almost Always Suck: Or Why Reading Someone's Gmail Isn't Reading 'Stored Communications'

Mike Masnick — Tue, 16 Oct 2012 07:19:09 PDT

There have been a couple of stories covering the fact that the South Carolina Supreme Court has ruled that reading someone's Gmail does not violate the Stored Communications Act, a part of ECPA -- a law we've written about a number of times for being completely out-of-date. Orin Kerr has a good breakdown of the details, if you want to read them. What struck me most, however, is how this case is a near perfect example of the kind of mess we get into when politicians try to regulate technology. Technology changes much, much, much faster than the law, and because of that, you get very silly results. The key issue here is that the Stored Communications Act is now found in 18 U.S.C. 2701 -- and it defines the offense as occurring when someone "obtains, alters or prevents" access to communication "while it is in electronic storage." Now, for the purpose of the law, "electronic storage" is defined over in 18 U.S.C. 2510, with the relevant definition noting:

“electronic storage” means--
(A) any temporary, intermediate storage of a wire or electronic communication incidental to the electronic transmission thereof; and
(B) any storage of such communication by an electronic communication service for purposes of backup protection of such communication;

Got that? It must have seemed reasonable at the time it was written, but it makes little sense these days, and is apparently so misaligned with reality today that this one single case interprets that definition in three different ways, and exactly none of those ways agree with a 9th Circuit ruling in Theofel v. Farey-Jones. There's disagreement over the meaning of "backup" in part (B) in particular. Is that backup for the user? Or for the service provider? And then, how do you figure out what is or what is not backup? If a person reads his or her Gmail account, then the message was copied to his or her local machine inside the browser. Thus, it seems reasonable to argue that the copy that remains on the server is a backup copy. But two of the judges in this case argued that because the recipient had not "downloaded" any other copies of the message to store, then the ones on the server were not "backups." This makes little sense because copies were downloaded, but many non-technical people don't understand how browsers really work.

Other judges focus on whether or not your webmail account is really "backup" for the ISP. Either way, the end conclusions: webmail is not considered "electronic storage" under the law for the purpose of the Stored Communications Act. While accessing someone's email can (and likely does) still violate other laws, the very law that most people would probably think most directly applies, almost certainly does not.

The reality is that, when it was passed, back in 1986, it probably seemed to make sense that "stored communications" would only be done for backup. While there were networked client/server type setups at the time, it's doubtful that the folks who wrote the law could have fathomed something like webmail or other online forms of communication. If we're talking about "stored communications" today, it seems ridiculous to have it not cover web-based mail systems or social networks. But the law doesn't seem to support that view -- because the law is incredibly out-of-date. But, of course, the problem with fixing the law is that lawmakers will, again, have trouble figuring out where we'll be just a few years out, and the law may either fail to cover what it thinks it covers or (perhaps worse) cover stuff that should be perfectly legal.

And this, of course, is what we fear when it comes to politicians meddling in technology. Even when they have the best of intentions, technology changes rapidly -- and old and obsolete definitions get left in the law and can create problems or situations that make very little sense. If Congress were able to clean those up quickly, perhaps there wouldn't be a problem, but Congress isn't known for fixing real problems quickly. We've been hearing talk of fixing ECPA for years, and it seems unlikely to happen for a while.

Permalink | Comments | Email This Story

Chevron Subpoenas Google, Yahoo & Microsoft To Get Info On Email Accounts Going Back Years

Mike Masnick — Mon, 15 Oct 2012 14:15:02 PDT

Chevron is embroiled in a big lawsuit with some folks in Ecuador that has been going on for 19 years, and resulted in an $18.2 billion judgment against the company for environmental damage in the country. Chevron is accusing the lawyer for the Ecuadorians of racketeering. A New Yorker article from earlier this year goes into significant detail about the case, including Chevron arguing that the whole thing is "a shakedown," and questioning whether or not the lawyer went too far in the case.

We actually wrote about this case a few years ago, when Chevron sought footage that a documentary filmmaker had taken of people involved in the case, including the lawyer, Steven Donziger. While it seemed like the filmmaker should have the right to protect the work like journalists protect their sources, a court ordered it turned over to Chevron. That footage turned out to provide info that Chevron believes shows evidence of racketeering in trying to influence the court decision. Here's the New Yorker describing some of what was in the footage:

As Mastro played a series of outtakes for Judge Kaplan, Donziger’s outspokenness was on full display. He riffed, indignantly, about the inadequacies of the Ecuadoran legal system. “They’re all corrupt,” he says of Ecuadoran judges in one clip. “It’s their birthright to be corrupt.”

... In one scene, a scientific expert for the plaintiffs tells him that one measurement of groundwater contamination was not as strong as he had thought. “This is Ecuador, O.K.?” Donziger says. “At the end of the day, if there’s a thousand people around the courthouse you’re going to get what you want.” As for the scientific data, he adds, it’s “just a bunch of smoke and mirrors and bullshit.”

[...] In another scene that Mastro showed to the court, Donziger chats with associates over dinner at a restaurant. Someone at the table, referring to the popular antipathy toward Chevron in Ecuador, suggests that if the judge in Lago Agrio ruled against the plaintiffs he might be killed.

“He might not be,” Donziger replies, cradling a glass of red wine. “But he thinks he will. Which is just as good.”

All of this, plus some other evidence led Chevron to go after Donziger for racketeering. And, as part of that, it has sent a subpoena to Google, Microsoft and Yahoo seeking information on more than 70 email accounts, claiming that this info may help them show that Donziger was "falsifying evidence from the outset of the trial in Ecuador." CNET notes that Chevron believes that among other things, the lawyers for the Ecuadorians may have been involved in "blackmailing a judge, ghostwriting expert reports, and even helping to draft the court's final opinion."

It's important to note that Chevron is not (yet) seeking the contents of the email, but a variety of information about the accounts -- such as IP address info, physical address, phone numbers and billing info (if available). The idea seems to be that Chevron believes some of the addresses have been faked, and this will help to show that. However, some of the requests clearly seem to be overly broad -- including going after law professor and blogger Kevin Heller, who was not happy about this. Heller was able to have the ACLU call Chevron on his behalf about this -- getting them to drop the request for his info. Chevron claims that this helped them prove that Heller's account belonged to a real person, which is all they're seeking, but Heller is justifiably upset about all of this, sensing significant chilling effects and worrying about possible intimidation.

I will likely never know why Chevron subpoenaed me. But I do know that it is unacceptable for a party to litigation to try to obtain private information from a blogger-journalist who has criticized its tactics. This is not about my journalistic freedom; it is about the journalistic freedom of all bloggers. And it is not about Chevron; it is about any party that thinks it is acceptable to subpoena a blogger’s private information. I would be no less critical of an attempt by Greenpeace to subpoena Glenn Reynolds. Tactics like this need to be exposed and resisted, no matter who uses them or whom they target; passive acquiescence is simply an invitation to further abuses.

Heller also goes after Google, his email provider, for not more actively fighting back on his behalf:

I also think that Google needs to do far more to protect the privacy of its users. Twitter has been very active in resisting attempts to obtain its users’ private information. Google has also done so in the past, but it did nothing to help me, even after I informed it via email that I was a law professor and a blogger-journalist. But again, this isn’t about me. It’s about all the other bloggers who might find themselves facing a similar subpoena. I’m lucky: I have friends like Glenn Greenwald to ask for help. I’m sure that the ACLU would assist anyone in my position — but not everyone knows that the ACLU is out there, much less that no case is seemingly too small or too unimportant for them to be concerned. More importantly, the ACLU should not have to get involved in every case like this one (and again, I am but one of 44 people named in the subpoena); Google itself — and all other service providers in similar situations — need to be the first line of defense.

Google has asked the judge for more time to respond to the subpoenas, which Chevron has already agreed to. The magistrate judge is also going to hold a hearing in a few weeks to "evaluate" the subpoenas. Microsoft told Declan McCullagh at CNET that it had provided notice to the Microsoft accounts in question. Yahoo didn't respond to McCullagh's questions about the subpoenas, so it's unclear what they've done.

There may be legitimate reasons for Chevron's request, but given Heller's experience, it certainly appears that the fishing expedition is overly broad, and could have significant chilling effects in intimidating people who were legitimately helping out with the case. That should be a big concern, and the judge should be exceptionally careful in making the companies reveal info on these email accounts. We've talked in the past about things like the Dendrite rules for determining when possibly identifying info on anonymous people should be allowed, as it sets a high bar that protects a person's right to anonymity. Hopefully the court recognizes that Chevron's requests seem to go too far.

Permalink | Comments | Email This Story

Iranians Protest Leads To The Return Of Gmail

Timothy Geigner — Wed, 3 Oct 2012 19:55:53 PDT

As the fervor over the hateful Innocence Of Muslims movie is beginning to die down, you may have heard that in response to that film the Iranian government blocked access to Gmail. There has been much postulation over why Gmail suddenly became a target, including what seems to be a ridiculous claim from the Iranian Telecommunications Ministry that they were simply trying to put a heavy block on YouTube (it's been blocked since long before this movie showed up). But, as most of us probably expected, Gmail is back on.

Regardless of whether or not the block on Gmail was intentional, the obstruction to one of the world’s most popular email services resulted in many complaints from Iran officials. Legislator Hossein Garousi reportedly threatened to summon Iran’s telecommunications minister Reza Taqipour for parliamentary questioning if the service was not unblocked.

Iran continues to block any site or network that expresses “anti-government views,” including sites like Twitter, Facebook and YouTube, which helped rally citizens and circularize the massive protests following the questionable re-election of President Mahmoud Ahmadinejad.

Now, the blocking of such sites probably doesn't shock any of us anymore. It's unfortunate, but they're doing it. Hell, Iran has previously announced plans to build their very own internet. The good news is that Iranian citizens aren't simply rolling over at their government's heavy-handed censorship of the internet. They know how to use technology to get around the filters too.

Even though YouTube was previously blocked in Iran before the film was released and Gmail access was barred, Reuters reports on the ability of Iranian citizens to “circumvent Internet restrictions” using virtual private network (VPN) software, which makes it appear as if the computer accessing the content is located in another country.

So best of luck to you, Iranian government, because you're going to need it if you think that suppressing thought and the freedom to access an unfettered internet is going to work out for you in the long term. At least you can rest easy knowing that your citizens can't play online roleplaying games. We've got that covered from our end.

Permalink | Comments | Email This Story

DHS Boss, In Charge Of Cybersecurity, Doesn't Use Email Or Any Online Services

Mike Masnick — Fri, 28 Sep 2012 10:32:47 PDT

We've talked in the past about the problematic efforts to push for new cybersecurity regulations, especially when little to nothing has been done to show the actual problem. There has been quite a turf war over who would "own" cybersecurity within the federal government, with some wanting to give it to the Defense Department, where the NSA would control it (along with all your info), and others wanting to give it to the Department of Homeland Security. While neither option is ideal, DHS is clearly the lesser of two evils should it come to pass. It makes much more sense for this issue to be in the hands of a civilian organization rather than a military one -- especially a military one with a horrible track record when it comes to privacy. That said, it's tough to be enthusiastic about DHS either, given the various problems and abuses we've seen in that Department as well. Making matters even worse, it appears that the DHS boss, Janet Napolitano, who would effectively be in charge of cybersecurity, doesn't know much (if anything) about the internet, and seems rather proud of that fact, referring to herself as a Luddite:

Homeland Security Secretary Janet Napolitano, who is a key player in national cybersecurity efforts, said on Friday she doesn't use e-mail.

"Don't laugh, but I just don't use e-mail at all," she said during a discussion at a Cybersecurity Summit hosted by National Journal and Government Executive. She didn't explain what communications tools she does use.

President Obama, who appointed Napolitano, broke precedent by carrying his own BlackBerry device. But in response to a question about her personal cybersecurity practices, Napolitano said she avoids many online services. "I don't have any of my own accounts. Some would call me a Luddite," she said.

I don't think anyone should be laughing, but perhaps they should be very, very worried. Or, perhaps they should be asking why she's in that job when she doesn't seem to have the necessary experience. If it does come to pass that DHS gets control over new cybersecurity efforts, this seems like a good reason to find someone else who actually has some grasp on what it is that they're regulating.

Permalink | Comments | Email This Story

Email: The Original Cloud

Mike Masnick — Wed, 26 Sep 2012 15:48:00 PDT

Biggest Critic Of NBC's Awful Olympic Coverage Has Twitter Account Suspended For Tweeting NBC Exec's Email

Mike Masnick — Mon, 30 Jul 2012 14:11:00 PDT

One of the loudest critics of NBC Universal's awful Olympics coverage was Guy Adams, who certainly wasn't pulling any punches with his Olympics-related tweets. Either way he was a bit surprised to find his account suspended. When he sought to find out why, he discovered it was because he had tweeted the email address of Gary Zenkel, NBC's exec in charge of the Olympics coverage. Twitter claims that this was the revealing of "private information," in violation of Twitter's terms of service.

Adams, quite rightly, found this to be odd, noting that Zenkel's corporate email address is not private at all. As Deadspin shows in the link above, Adams let Twitter's PR folks know it:

I'm of course happy to abide by Twitter's rules, now and forever. But I don't see how I broke them in this case: I didn't publish a private email address. Just a corporate one, which is widely available to anyone with access to Google, and is identical to one that all of the tens of thousands of NBC Universal employees share.

It's no more "private" than the address I'm emailing you from right now.

Either way, quite worrying that NBC, whose parent company are an Olympic sponsor, are apparently trying (and, in this case, succeeding) in shutting down the Twitter accounts of journliasts who are critical of their Olympic coverage.

Adams also wonders if the suspension happened because of complaints from NBC -- a Twitter partner in this Olympics coverage, remember -- who is upset about Adams' constant berating on Twitter as well as in the publication he writes for, The Independent. In fact, NBC has put out a statement confirming that it filed a complaint about Adams' Twitter account, though Twitter did not need to then suspend his account.

And, of course, as tends to happen in these sorts of situations, Gary Zenkel's email address is now much more widely available because tons of press reports are including it.

Permalink | Comments | Email This Story

DailyDirt: Technology In Education

Michael Ho — Mon, 16 Apr 2012 17:00:00 PDT

The digital revolution of the education system has yet to really take off. Many students communicate with their teachers via email and have figured out how to use word processors (instead of typewriters), but the widespread use of technology in classrooms hasn't exactly caught on. Cool projects like the Khan Academy are starting to ramp up, but introducing cheap laptops or ebooks into public schools hasn't met with wild success. (Though, if you've heard of any inspiring programs, let us know in the comments.)

Peru spent $225 million on an education initiative that involved One Laptop per Child and 850,000 basic laptops for schools throughout the country. Unfortunately, the results so far have not shown much improvement in math or reading scores. [url]
India's $35 tablet, the Aakash, is being revised and will probably cost closer to $50. The next version will be called 'Aakash 2' (not the 'new Aakash') and offer a capacitative touch screen. [url]
Wilco Electronics is bidding on a contract to make Aakash tablets and to create a pilot program for these devices in underserved Philadelphia schools. But if Peru is any indication of what will happen.... [url]
To discover more interesting education-related content, check out what's currently floating around the StumbleUpon universe. [url]

By the way, StumbleUpon can recommend some good Techdirt articles, too.

Permalink | Comments | Email This Story

Celebrating 20 Years Of Patent-Free Email Attachments

Leigh Beadon — Wed, 14 Mar 2012 06:19:13 PDT

Tech innovation happens in layers. The internet was built to make computers more useful, the web was built to make the internet more useful, social media (for example) was built to make the web more useful, other online services are built to make social media more useful, and so on. This kind of incremental improvement is always faster and more efficient when the last round of innovations is open and accessible to a new generation of developers—contrary to the claims of patent-system supporters who insist that protection is necessary to promote progress.

Such claims look the most ridiculous when you consider the fundamental technologies of the digital world. The high user counts of the latest web startups are nothing compared to the underlying communication protocols that make them and every other online service possible. A big part of the reason these technologies have become so widespread, and created a reliable foundation on which others can build, is that they were free to use. Last year, after the 20th anniversary of Tim Berners-Lee's invention of the world wide web, we wondered what the online world would look like today if he had locked the technology up behind a patent. A similar question is raised this month as we mark another 20th anniversary: that of the Multipurpose Internet Mail Extension protocol, better known as MIME, the technology that powers every single email attachment.

TechWeekEurope spoke to Nathaniel Borenstein, MIME's creator, about why he built the technology and what he thinks of its massive adoption. Like Berners-Lee, and indeed most "old-guard" internet engineers, Borenstein's attitude is one of openness and genuine, useful problem solving:

Mostly, [MIME] was a natural continuation of things I was pursuing. I wanted to live in a world where certain functionality existed.

When people asked me, "why do you work so hard on this?" I used to say that someday I'm going to have grandchildren, and I wanted to get their pictures by e-mail. A lot of people laughed, because it was inconceivable back then. No one even thought of digital cameras, so people pictured taking a print and scanning it in, and then transmitting it over their 1200 baud modem, and even that was expensive equipment.

Borenstein notes that the real challenge of developing MIME wasn't the engineering aspect, but the difficulty of getting everyone to agree to a single standard. By coming up with a clever solution and making it free and open-source, he succeeded, and now the entire world of email relies on MIME. Some might see his situation and think he got a raw deal, and that if he had patented MIME he could be pulling fat checks—but he knows it doesn't work that way:

The most common question I get about MIME is, "have you ever imagined what it would be like if you got a penny every time MIME was used?" And the answer is oh yeah, I imagined that (laughs). I did some checking up, and there's an estimate that MIME is used a trillion times every day. So if I got a penny every time, my annual income would be roughly equal to the GDP of Germany. But of course, that's just a silly fantasy. If there was any money involved, it would never have succeeded. Somebody would have been motivated to develop a similar thing for free.

This is the attitude of a true innovator. Borenstein developed MIME because he saw a problem that he wanted to solve—and he knew his solution wouldn't be of much use to anyone if he demanded an ongoing monopoly on it. Contrast that with trolls who obtain patents on abstract ideas and demand a cut from companies that are actually implementing them, and you see why the very nature of technology patents is opposed to their stated goal of promoting innovation. Today's true innovators recognize this, but the broken system forces them to pursue patents anyway, lest someone else try to patent their idea out from under them and use it to hold them back.

As we mark the anniversaries of fundamental online technologies like MIME, which have benefited the world and driven innovation by remaining free and open, maybe it's time to look at today's patent system, and update it to reflect the way technological progress really happens.

Permalink | Comments | Email This Story

A Cracked Look At The Impact Of Spam

Leigh Beadon — Wed, 7 Mar 2012 16:38:58 PST

As you may know, I'm a pretty big fan of Cracked.com. They also share a lot of values with Techdirt. Recently, they published an angry tirade against spammers that's also an interesting look at how years of steadily-increasing crap have shaped user habits and expectations online. Examples include things like browser toolbars, which are almost universally hated and yet still bundled with lots of software and foisted upon users during the install process, often through a confusing combination of checkboxes and accept/decline buttons:

Can you imagine how we would jump down the throat of any real-world business that tried that shit? Imagine ordering your lunch at McDonald's, but when they got to the "fries" question, they phrased it as, "Don't you not want to not have fries with that?" Then, no matter how you answered that ridiculous triple negative, they told you, "By pulling forward to the next window, you are agreeing to buy fries" and shoved them into your car anyway, claiming, "No, you said you wanted them, so now you have to pay for them. No take-backs!" Also, the fries are poison.

It also takes on the fact that most web users ignore virtually all advertising, since so much of it is untrustworthy to a degree that old media rarely reached:

On TV, even if the ad is laced with misleading information (no, Axe Body Spray probably won't lead to instant female-on-male street rape), at least we know that the product is real. Toyota isn't selling you a cardboard car. If you order one of those stupid robe/blanket things, they're going to deliver that retarded, sex-repellant monstrosity to your house. The few ads that do reek of scam are the late night commercials (Enzyte, bullshit diet scams, one-year online colleges), and at least you know when they're coming. You can separate them from the legitimate products. On the net, you just have to assume that everything you see is out to screw you, the only exceptions being brands that you already know.

It's an entertaining read, and one that underlines one of the biggest ways online advertising is different from traditional advertising. When space was limited, the battle was for exposure; when space is unlimited, the battle is for trust and relevance in an increasingly uncertain and noisy world.

Permalink | Comments | Email This Story

How The Guy Who Didn't Invent Email Got Memorialized In The Press & The Smithsonian As The Inventor Of Email

Mike Masnick — Wed, 22 Feb 2012 12:54:57 PST

Late last week, the Washington Post reported that The Smithsonian had acquired "tapes, documentation, copyrights, and over 50,000 lines of code from V.A. Shiva Ayyadurai, who both the Smithsonian and the Washington Post insisted was the "inventor of e-mail." There's just one problem with this: It's not actually true. Lots of internet old-timers quickly started to speak out against this, especially on Dave Farber's Interesting People email list, where they highlighted how it's just not true. As is nicely summarized on Wikipedia's talk page about Ayyadurai, he was responsible for "merely inventing an email management system that he named EMAIL," which came long after email itself. The Washington Post eventually offered the following "clarification":

Clarification: A number of readers have accurately pointed out that electronic messaging predates V. A. Shiva Ayyadurai’s work in 1978. However, Ayyadurai holds the copyright to the computer program called "email," establishing him as the creator of the “computer program for [an] electronic mail system” with that name, according to the U.S. Copyright Office.

Except... that "clarification" seems to confuse copyright with patents. Copyright is only over the specific copyrightable work created -- which would be the specific code he used. It does not, in any way, establish him as "the creator" of "the" electronic mail system -- merely an electronic mail system -- and hardly the first one. I could write some sort of email management software tomorrow and copyright that... and it would no more make me an "inventor" of email than Ayyadurai.

There's a detailed history of email over at the NetHistory site, and you'll note that Ayyadurai doesn't warrant a mention -- which isn't surprising since his work comes way after most of the important stuff was done. Thomas Haigh sent a detailed email to the SIGCIS list, breaking down what happened. Apparently, Time Magazine ran a profile of Ayyadurai a few months back, calling him "the man who invented email," which resulted in the Smithsonian's interest. But even that article notes at the beginning that Ayyadurai actually just holds a copyright on EMAIL, rather than email itself. It even asks about the fact that Ray Tomlinson is often credited as being the inventor of email -- and his efforts came much earlier.

Either way, it appears that Ayyadurai has played up this idea that he's the inventor of email, despite little to back that up (apparently frustrating many people who actually know the history). Yes, he copyrighted a particular bit of code, but there's little to support the idea that he had very much to do with "the invention of email" in any way. But, that's not what the Washington Post (or, apparently, the Smithsonian) will tell you...

Permalink | Comments | Email This Story

Syrian President's Email Hacked... His Password Was 12345

Mike Masnick — Wed, 8 Feb 2012 10:57:21 PST

Well, this is rather incredible. With the news that Anonymous hacked the offices of the Syrian President and dumped a ton of emails online... comes the news that the hack was insanely easy. Why? Because, apparently, the password was 12345. No joke. Of course, that's considered one of the worst passwords of all time. And, as pointed out by Lauren Weinstein, this is the exact same password that was immortalized by Dark Helmet (the original one, rather than our local Techdirt hero) as being the stupidest password he's ever heard -- and the "kind of thing an idiot would have on his luggage!"

Permalink | Comments | Email This Story

Whistle-blowing Scientists (Trying To Prevent Dangerous Products From Reaching The Market) Sue FDA For Snooping On Their Personal Email Accounts

Mike Masnick — Thu, 2 Feb 2012 06:23:34 PST

Last year, we wrote about the federal whistle-blowing act, which was designed to give protections to federal employees who blow the whistle on federal fraud and abuse. For reasons that still aren't clear, that bill was killed by a secret hold by either Senators Jon Kyl or Jeff Sessions. That fact only came out due to an amazing effort by the folks at On The Media, who kept hounding all 100 Senators to find out who would possibly kill such a bill. Recently, On The Media revisited the topic, noting that there was a new version of the bill. The report also talks about just how vindictive the government has been against whistleblowers. Even as President Obama has insisted that whistleblowers are important and should be protected, that's not what's happening in real life, with many getting stripped of their responsibility and demoted -- all for daring to point out waste, fraud and abuse. The worst example to date, remains the horrifying story of Thomas Drake, who was threatened with 35 years in jail in a bogus vindictive lawsuit against him, due to his blowing the whistle on a bogus NSA project.

More evidence of the insane lengths the federal government will go to against whistleblowers has been revealed in the form of a lawsuit from a group of FDA scientists and doctors. The group had been trying to blow the whistle on fraud and abuse in the FDA, in the form of approvals for medical devices that didn't actually meet health and safety standards. The scientists reached out to Congress to blow the whistle... and in response, the FDA started spying on their personal emails. Yes, it does appear that these scientists were accessing their personal Gmail accounts from work computers, and using them to work with Congressional staffers to craft their whistleblowing complaint, but does that give the FDA the right to spy on their personal communications? The doctors, via their lawsuit, believe the answer is no.

The FDA is defending its actions by claiming that this whistleblowing involved "improperly disclosed confidential business information about the devices," and it wanted an investigation of the doctors involved. That sounds ridiculous. Or, perhaps, all too typical. It seems clear that the FDA bosses just didn't like the fact that some folks there blew the whistle on what they were doing and took vindictive actions. This is exactly the kind of thing that a Whistle Blower Act should protect. That it doesn't do so already is really a shame.

Permalink | Comments | Email This Story

VW Will Block BlackBerry Email When People Are Off Work. Isn't That When It's Most Useful?

Mike Masnick — Tue, 27 Dec 2011 07:09:17 PST

This is a bit odd. It appears that, as part of an agreement with its workers in Germany, Volkswagen has agreed to turn off BlackBerry messages to workers while they're away from work. Basically emails will stop going to BlackBerries a half hour after they leave work and won't come back until a half hour before they come back in.

Of course, it seems like if they don't want people to access emails while away from work there's a simpler solution: don't have workers use BlackBerries. Just saying.

The idea here is to keep employees from "feeling chained" and allowing them to enjoy the life part of the work/life balance. And, as we've discussed in the past, the blurring of the work/life balance is definitely an issue that some people need to deal with. But I have difficulty seeing how this helps in any way. In my experience, being able to access emails while not at my desk and in off-hours actually helps keep the work/life balance, since stuff doesn't pile up at work.

Years back, in college, I actually spent a lot of time studying how labor relations worked in Germany, and unions there tend to have a lot more say in how companies operate, to the point of being on councils with management making these kinds of decisions (it's a lot more partnership oriented than the US adversarial model). In many ways that's a good thing. Having management and employees working together to take on challenges, rather than just being at each other's throats, definitely has its advantages, but it can also create some wacky outcomes... like this.

Permalink | Comments | Email This Story

Email Is 40 Years Old

Mike Masnick — Mon, 17 Oct 2011 15:41:00 PDT

For a few years now, we've been joking about how email is for old people. Studies have increasingly been showing that the younger generation prefers text messaging, instant messaging and various social networking private message systems to good old fashioned email. So it's worth noting that sometime this month, email apparently turned 40 years old. So perhaps it's showing its age, which is why the kids today don't bother with it.

Permalink | Comments | Email This Story