Email

by Mike Masnick




Why Sweden's Plan To Spy On Emails Does More Harm Than Good

from the needle-and-a-haystack dept

There's been a lot of talk about the proposal from the Swedish government to monitor all emails crossing national borders for certain keywords that could suggest terrorist activity. It's not surprising that such a proposal would get plenty of attention, but there are a few reasons why it's simply a bad idea. The difference between this plan (if it's put into place) and similar efforts in other countries is that most require court order or warrant -- which adds a layer of oversight concerning whose content is open to monitoring. When it's just open ended it's not at all far-fetched to think that the system will be misused to spy on people who have absolutely nothing to do with terrorist activities. In a free and democratic society, you're not supposed to spy on those people. A second issue is that the more you make it possible to access and spy on people's emails, the more likely it is that someone with nefarious intent will also figure out a way to access those emails. Even if the government is made up of saints who will never misuse the information, by opening some sort of backdoor, someone else will figure out a way in -- and that's dangerous for everyone.

The biggest issue, however, concerns just how effective this type of monitoring really is in practice. Doing basic keyword or even contextual filtering will turn up a ton of false positives, making the haystack in which any needles need to be found pretty damn big. This actually makes it even harder to turn up the useful information, since anyone scanning the output becomes accustomed to false positives. The end result isn't better security, it's just a ton of excess data. Finally, those who actually are a threat have long known that their emails were open to monitoring, and have long moved on to various systems to hide their intent -- whether it's as simple as using code words or using some sort of encryption software to not using email at all -- many of these people aren't going to simply walk right into such a trap. There are much better means of tracking down and monitoring people who are dangerous to us. Setting up a broad system of monitoring and filtering emails sounds good on paper, but doesn't do much to make people any safer.

Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Casper, 9 Mar 2007 @ 12:22pm

    Yeah..

    "There are much better means of tracking down and monitoring people who are dangerous to us"

    Yeah, but profiling is illegal. Seriously thought, that law was more like a way around warrants. Do you really think they would scan all that mail every day? The first thing they would do is levels of filtering, with key people being very closely monitored... except this way they don't have to get a warrant.

    reply to this | link to this | view in chronology ]

  • identicon
    claire rand, 9 Mar 2007 @ 12:51pm

    like this sort of monitoring doesn't happen already.

    anyone with anything to hide encrypts it, or will use code words anyway. it will find people who talk about things governments don't like though, assuming they can actually monitor that well

    reply to this | link to this | view in chronology ]

  • identicon
    Geoffrey Kidd, 9 Mar 2007 @ 1:10pm

    One myth, one major weakness

    The myth is "The innocent have nothing to fear." Actually, they have MORE to fear than the guilty because a single mistake can start an avalanche that takes out their whole life. Just ask the man the London police murdered because they were told he was a terrorist.

    The major weakness: The malefactors will assume anything they send is being listened to and hide it in a pile of innocent chatter.

    John: I think we need to go to the opera tonight.

    Adam: Good for me. Meet for dinner and drinks at 8?

    Can stand for "We need to [terrorist act] tonight." "Good for me. [carry it out] at 8?"

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 Mar 2007 @ 2:02pm

    Why not have all computers equipped with a person that sits next to the machine to monitor all usage? Think of all the crimes and social ills that would suddenly be eliminated:

    -terrorism (read all in/out emails)
    -child sexual abuse (watch your MySpace usage)
    -reckless driving (limit video game usage)
    -Internet addiction (limit total online time)
    -marital infidelity (monitor craigslist erotic services)
    -prevent homosexuality (monitor craigslist casual encounters)
    -etc, etc, etc...

    Clearly, the computer is destroying our world faster than a Humvee with a bulldozer attachment clearing rain forest.

    reply to this | link to this | view in chronology ]

  • identicon
    dorpus, 9 Mar 2007 @ 2:02pm

    Faustian Bargain

    So should the government not monitor communications, and be surprised by anarchists who suddenly gather in cities and burn down city blocks, as happened in Copenhagen last week? How about animal rights activists who bomb the houses of scientists and intimidated them into not conducting research, as has happened before? Do we want Earth Liberation Front "activists" surrounding wealthy suburbs with coordinated arson fires, so upper class families are forced to throw babies out of their second floor windows? How about European liberals who plant bombs in McDonalds trash cans, or inject cyanide into Coca-Cola as a "statement" against America? The world is better off if these sickos are stopped before they ever do anything.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 Mar 2007 @ 2:41pm

    RE:Faustian Bargain

    "So should the government not monitor communications, and be surprised by anarchists who suddenly gather in cities and burn down city blocks, as happened in Copenhagen last week?"

    how are these two things connected in any way?! first of all the 'anarchists' didnt suddenly gather, they were there for 20 years...

    and all the other things, putting bombs in trash etc etc. I highly doubt anyone who is going to do this is going to write an email about it first, unless they are deliberately trying to tip someone off.

    reply to this | link to this | view in chronology ]

    • identicon
      dorpus, 9 Mar 2007 @ 2:49pm

      Re: RE:Faustian Bargain

      Keep in mind that many of these criminals are teenagers, and lack basic street smarts. If some hormonally enhanced European nerd with an imaginary grudge against Americans gets serious about building a bomb, it is better to arrest him before he does it.

      reply to this | link to this | view in chronology ]

  • identicon
    deacon, 9 Mar 2007 @ 3:13pm

    re: One myth, one major weakness

    "Actually, they [the innocent] have MORE to fear than the guilty because a single mistake can start an avalanche that takes out their whole life. Just ask the man the London police murdered because they were told he was a terrorist."

    Actually, I absolutely agree with the point you're making, but this conversation is likely to be pretty one-sided....

    reply to this | link to this | view in chronology ]

  • identicon
    Ted, 9 Mar 2007 @ 3:37pm

    Sweden?

    Hasn't Sweden been a neutral country since the Vikings? I'd hate to see them fallow in US footsteps...

    reply to this | link to this | view in chronology ]

    • identicon
      dorpus, 9 Mar 2007 @ 3:58pm

      Re: Sweden?

      What is "neutrality"? Switzerland calls itself a neutral country, but all men are conscripted, and all men keep an army-issue rifle at home. Thus, Switzerland has a higher rate of gun ownership than the USA. It is the world's premier conduit of questionable money, thanks to an ancient tradition of shady dealings with the nations surrounding it. It has one of the world's highest heroin addiction rates, while 40% of its electricity comes from nuclear power plants and 60% come from environment-damaging hydroelectric dams. Women were not allowed to vote until 1971, making it more backward than most African countries.

      reply to this | link to this | view in chronology ]

      • identicon
        Joe, 9 Mar 2007 @ 4:39pm

        Re: Re: Sweden?

        I'd call Switzerland a pretty neutral country. Yes, there army is obligatory for men of a certain age rage, but so what? Army's are (unfortunately) an important part of maintaining neutrality. Just a week or two ago the Swiss were laughed at when a few guards got lost in bad weather and "invaded" Lichtenstein. This was the largest action the Swiss Army has seen since probably the 17th century.

        However, the Swiss also have their Onyx intelligence system which monitors civilian emails in the same way that this Swedish program has been described. So maybe it doesn't matter so much after all?

        reply to this | link to this | view in chronology ]

  • identicon
    Ted, 9 Mar 2007 @ 3:39pm

    (follow)...

    reply to this | link to this | view in chronology ]

  • identicon
    GoblinJuice, 9 Mar 2007 @ 4:16pm

    Grow up.

    Congrats to Sweden!

    Note to the Swedish government: the left-wingers here in America scream, bitch and cry... but they, deep down in their hearts, know the Western governments of the world are - basically - good and want to protect their citizens.

    Have a strong back, thick skin and push thru this program. The Left will bitch, but they know it's for the best.

    reply to this | link to this | view in chronology ]

  • identicon
    reed, 9 Mar 2007 @ 5:04pm

    Joe said

    "The world is better off if these sickos are stopped before they ever do anything."

    The thing that is sick here is the propaganda you have been spoon fed. Yeah! Lets give all our rights to the rich so they can protect themselves from us?

    I don't agree with "extremists" but the reality is these laws don't stop there. Soon everyone could be an crazy liberal including you.

    According to a recent study by 2020 over 50% of my state (Washington) will have been involved in the prison system. Imprisoning people already accounts for over 80% of my property taxes.

    Ask yourself this, do we really want to let our governments find new reasons to imprison people? New reasons to search your private transactions? More reasons to turn you into a criminal and then lock you up in your new prison state?

    I will pass on it myself.

    reply to this | link to this | view in chronology ]

    • identicon
      Joe, 9 Mar 2007 @ 6:27pm

      Re:

      I believe that was dorpus, not Joe.
      ;)

      You're absolutely right, though. The government should be regulated...I think that's the point of democracy. But the question of "how far is too far" is quite a tricky one to answer.

      You don't have to be subjugated, though. Take some incentive and change the world! Jeez, haven't you ever read Nietzsche? You, too, can be an ubermensch!

      Anyway, I think if you let democracy run its course through next November we'll find that you're not alone in fearing government invasion of privacy.

      reply to this | link to this | view in chronology ]

  • identicon
    I'm being Watched, 9 Mar 2007 @ 11:35pm

    Duh! USA gov is sifting this with 'CARNIVORE'

    Even as you read. Your emails too!

    reply to this | link to this | view in chronology ]

  • identicon
    |333173|3|_||3, 10 Mar 2007 @ 1:54am

    PGP

    Isn't PGP a readily available plug in for or included in all recent versions of Outlook, Thunderbird, and other modern mail clients anyway? If I was up to something, I would definitely use it, and good luck breaking it open. Actually, I I could be bothered distributing keys to people, I would use it for normal, everyday stuff, just to cause trouble.
    COme to think of it, it would not be too hard to breack public key encryption by using a crib, encrypting a string of data and then testing possible private keys. ONly the first few bytes would need to be tested at first, and that would allow you to get information about possible private keys. Each attempted private key tested would increase the amount of information you have, until you have a only a small set of possible private keys which can be brute-forced. This would probably take a lot less processor cycles than a straight burte-force crack, menaing that it could be much quicker for a government to break open encypted traffic, and maybe make it practical for private criminals to break into HTTPS traffic.

    Someone will probably say I should not ahve posted this idea, so I will defend myself now. Basically, the idea of using a crib and computer to provide information about the code used goes back to the the early British Bombes (or possilby even the earlier Polish Bomby), so it is hardly a new idea. Nor is using mathematicall analysis in cryptography. This ida may even be used now, since it is so obvious, but I have not come accross it written up anywhere, so I thought I would post it now.

    reply to this | link to this | view in chronology ]

    • identicon
      misanthropic humanist, 11 Mar 2007 @ 12:02pm

      Re: PGP

      Yep, this attack has been raised before. It's a bit like the "Linux security" argument, with so few people using it there is less motive to make it a target. Of course when everybody uses encryption (which they will eventually, mark my words) the incentives change. Then you want a hetrogeneous or highly salted base, moving towards a one time pad model where there is more uniqueness between the two parties.

      Interestingly, don't assume that all governments are afraid of or against encryption. Some forces in government very wisely realise that it's inevitable and correct. The European commission made a detailed report some time ago giving a point by point recommedation for why encryption should be encouraged and even mandated for civillian communications. It's only the very sinister, paranoid and insecure but vocal few that want an aymetrical state of affairs. That position reveals itself for what it is without further analysis.

      reply to this | link to this | view in chronology ]

  • identicon
    IYAMAH SYLVANIUS, 11 Aug 2007 @ 5:54am

    hjj

    7665

    reply to this | link to this | view in chronology ]

  • identicon
    FRED, 7 Sep 2007 @ 5:20am

    BUSINESS PROPOSAL

    Attn- RE-INVESTMENT. Dear Sir/Madam, This may come to you as a surprise, Please know that I am writing you with utmost confidentiality and I hope you treat this email as such. On October 15, 2001, our client Mr. Hatem Kamil Abdul Fatah who was the deputy governor in Baghdad in Iraq and also business man made a numbered fixed deposit for 12 calendar months, with a value of Four Million Five Hundred thousand pounds in a security Company in Europe Upon maturity several notice was sent to him, even after the war late last year. Another notification was sent and still now no response came from him.We later find out that the Governor has been assassinated in Baghdad. The websites below is a verification of the news about his death: http://news.bbc.co.uk/go/pr/fr//1/hi/world/middle_east/3970619.stm http://www.uslaboragains twar.org/article.php?id=6979. After further investigation it was also discovered that Mr. Hatem Kamil Abdul Fatah did not declare any next of kin in his official papers including the paper work of his bank deposit. And he also confided in me the last time he was at my office that no one except me knew of his deposit in this firm.According to the British Law, under foreign and defense affairs, at the expiration of 7(seven) years, such funds will revert to the ownership of the British Government account for financing military operations, such as purchasing of arms and ammunitions for the military. In order to avert this development, I will like to seek for your permission as a foreigner to stand as the next of kin to Mr. Hatem Kamil Abdul Fatah so that the fruits of this old man’s labor will not be use for financing weapons which will further enhance the courses of war in the world in general.The money will be paid into your account for us to share in the ratio of 60% for me and 30% for you and 10% for Expenses Incurred in the course of the transaction. If you are interested, please reply immediately. On acceptance to assist us, you will be required to travel to Europe to meet with the Security Company to take delivery of the Consignment in your capacity as the Beneficiary. We will give you further details on the take over proceedure. There is no risk involved whatsoever as everything has been perfected to ensure a hitch free transaction. We shall have to sign a working agreement with you in the form of a Memorandum of Understanding (MOU) to protect both parties in this transaction. Awaiting your urgent reply. Thanks Hinklemann Fred EMAIL

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Close
Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: Copying Is Not Theft
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.