I've never owned a gmail account but have sent to plenty. Gmail is like the 21st century party landline but only a relative few people can listen in.
> Because I talked to Julian Assange, all information held by Google relating to my user account with them can be handed over to US prosecutors—not just the contents of my conversations with Julian.
There it is: If you have online contact with someone that's of interest, there's a chance all of your info will be of interest also.
Have you considered the possibility that we hear about surveillance of GMail accounts only because so many people happen to use GMail? Is there any particular property of Google that makes it more likely to cooperate with government than any other email provider?
Or, if you're in the "host your own email" crowd, what makes you think your ISP won't cooperate with the government just like Google does?
Here is the difference between GMail and a self-hosted email system: when you delete messages over IMAP, they do not get deleted in GMail. "All Mail" keeps all your mail, forever, unless you log in via the web interface and delete it manually. You could always use the web interface, but now encrypting your messages is much harder.
These are the sort of design decisions that can have far-reaching implications. Google was not thinking about protecting its users from government surveillance when it designed GMail.
As others have noted elsewhere, that's not true: you can have it delete emails on delete, but you do have to turn that on yourself.
It's not the default, and defaults matter, but it is an option that appears as soon as you click "enable IMAP" in gmail (go ahead and try it in your gmail settings). You'll have to read the options, yes, but considering the whole UX thing for gmail has been "never have to delete an email again", it's not an unmotivated default.
Also, I hope your email client does secure deletes on local disk by default.
Frankly, I missed the option, and usually I am pretty good with noticing if the defaults are what I want. The only reason I even noticed that "delete" was not actually deleting mail was that I had to search through All Mail one day, and I noticed some messages that I was sure I deleted. What makes this worse is the completely counterintuitive nature of deleting messages from All Mail: they just come back. I suppose it should have occurred to me that this is a setting I can change, but considering the other oddities I have seen in GMail's IMAP support I just jumped to the assumption that it is another weird "feature."
Really though, the point still stands: Google was not considering protecting its users from government surveillance to be a priority here. They probably had other reasons, maybe even well-justified reasons, for the defaults they chose, but those reasons only make sense in the context of their engineering requirements.
"Also, I hope your email client does secure deletes on local disk by default."
I do something better: whole disk encryption. Actually, since I use an SSD now, "securely deleting" anything is non-trivial; it is better to just negate the need for it by never storing plaintexts anywhere.
However, the option is there, and you're a person who notices if the defaults are what you want but didn't read one of only three options presented to you when enabling IMAP, basically the only settings that were even important if you're not using web mail. It's possible that the options screen was different when you originally turned on IMAP, though.
However, because of the historical lack of an "archive" IMAP function, it's still not clear that the default isn't the correct one for the average user, just like PGP on by default with private keys managed by the user wouldn't be the correct default because most users would be locked out of their own email within the week.
The lack of an "archive" function is pretty easy to fix: create an "Archive" folder. That is basically what "All Mail" is, at least for me.
The problem with this default is that it makes no sense. Most email clients already have an option to "delete" mail by moving it to the Trash folder (which Google has), and most users expect that deleting something from Trash means deleting it for good. I am just not seeing the use-case for someone wanting to "delete" a message from Trash or All Mail just to have the message reappear in All Mail (why on Earth would anyone want a message deleted from All Mail to come right back to All Mail?!).
> Or, if you're in the "host your own email" crowd, what makes you think your ISP won't cooperate with the government just like Google does?
They don't have the information Google does because it's on an e-mail server under your bed. And you enjoy certain legal protections as a citizen in your home country.
It's not a particularly enticing solution but it does have its upsides.
If your email server were under your bed, the FBI would just serve the warrant on you in person, seize your computer and all other computers in the same building, any spare disk drives, routers, appliances, and whatnot laying around, and probably half of the rest of your belongings besides.
For those of you outside the USA, the NSA/DIA will just hack into your server and take your email.
The NSA isn't the almighty spirit of the internet. They can't just clap their hands and magically get access to any server on earth. And even if they can, it certainly doesn't make the evidence obtained that way acceptable in court.
I don't like this argument that since the NSA is almighty, avoiding Gmail for security reasons is stupid. For the US government, accessing emails stored under my bed may not be impossible, but it's orders of magnitude more difficult than if they were on Gmail servers.
Yes and no. In some circumstances I agree with you, in other circumstances I think you have it backward.
I shall enumerate some cases (note that US citizens always count as "inside the US" in this case breakdown):
* inside the US, old-school warrant exists
* inside the US, secret warrant exists
* inside the US, no legal authority
* outside the US, no legal authority
* outside the US, weird US-logic legal authority
1) If you're inside the US, and the cops have a non-gag-order warrant, you're no safer with your own server. With your server, they serve you, you know about it; with gmail, they serve Google, and Google tells you about it. No difference.
2) If you're inside the US, and they use a secret warrant, in this case your own server might be better. They can probably still do something tricky to you, without you knowing, but using GMail makes it slightly easier for them to get your information without your knowledge.
3) If you're inside the US, and they have no legal authority, then you're fine in both cases. Unless they break into your server illegally. In this case, their job will be orders of magnitude easier if you run your own server.
4) If you're outside the US, and they have no legal authority at all, same as the previous point: if they try to break in, their job will be orders of magnitude easier if you run your own server.
5) If you're outside the US, they might get FISA clearance to get your stuff. In this case, I think you're better off with your own server. This is comparing Google's legal pushback vs breaking into your server. It's totally possible that breaking into your server is orders of magnitude harder than convincing Google that they have legal authority.
In an ideal world, this last case would only apply to political enemies of the US. You'd be able to figure out for yourself if it applied to you, and act accordingly. What kind of idiot uses a US company to plan terrorist attacks on US interests, amirite? Or to leak things to wikileaks (categorize that however you like). But what is much much less clear is whether the US does in fact use this type of surveillance to unethically benefit US corporations, for example. We've heard unsubstantiated accusations to that effect; nothing in my life experience helps me to know if I do or do not live in that kind of world.
It is worth noting that they often choose to do this the "loud" way, but the FBI has been granted warrants to pick people's locks and copy their hard drives without leaving traces. Alarm monitoring companies are also subject to the jurisdiction of the United States, so that won't help you either.
It is also worth noting that the problem here is how easily the FBI can access your mail from GMail. Sneaking into a house requires sending agents into the field, watching a person to make sure they are not going to walk in on you, being very careful not to leave a trace or wind up on a security camera they set up, etc. The FBI only has so many people it can dedicate to these sorts of activities. They are not going to be able to do this to you, and your friends, and their friends; it's too costly and runs too high a risk of tipping off the target.
With GMail, the agents do not even need to leave their desks. Just fax the court order to Google, and a few hours later you have thousands of emails waiting for you to read. Want to read the emails of the targets' acquaintances? Just send another fax! Nobody has to know, just call it a national security matter!
Relying on inefficiency as protection against the government is rarely a good bet. We've already seen a dramatic increase in national security spending; they will obtain the resources they need.
We need a new Wiretap Act to apply to non-voice communications.
Inefficiency is the most important protection we have against tyranny. The entire design of our government reflects this: three branches, two houses of congress, checks and balances, limits on how laws can be enforced, etc. Inefficiency is the only thing that ever stood between the USA and tyranny.
The real problem is that we have allowed the government to become far too efficient over the past few decades.
Someone could rig up their own system to notify themselves which is very doable. I can see the situation where someone gets notified, then emails their server to backup offsite, and wipe the hard drives (and for those well versed in demo, there's always that option…).
Why wipe the hard drives? Use WDE, and have the alarm (a) unmount the drive, (b) overwrite the system's RAM with 0s (or at least the portion of RAM where the keys are stored), and (c) power down the system. That is a lot faster that making a backup and wiping the drives; by the time an agent has snuck in and located the computer, the process should be over.
Also, it might help to install a security camera, so you can tell the difference between a rat triggering the alarm and an FBI agent (I'll leave it to the audience to make a few jokes). Alarm is triggered, the camera starts sending pictures of the intruders to your smartphone or to Usenet (encrypted, using a key you keep on a smartcard) or whatever.
Evidence tampering is a federal felony. In this case it doesn't matter how well you covered your tracks - if they can prove you rigged a failsafe, you're going to jail anyway.
I think it might be hard to prove the evidence tampering charge. It is not at all unreasonable to claim that you were trying to protect important secrets from criminals who might break into your home or office.
To put it another way, this is not an illegal device:
If you had video confirmation that it was the police who tripped your alarm before firing a degausser, that would be pretty cut and dried. If it were automatic, maybe not.
It depends on what you mean by "host your own email." Sure, a server at, say, RackSpace, might be vulnerable to government intrusion without your knowledge, but if you have a physical server at your home, then the best that the government can do (without your knowledge) is to tap your upstream connection, which does little for past emails.
>the best that the government can do (without your knowledge) is to tap your upstream connection, which does little for past emails.
Really only applies to emails before Room 641A. It might be easier to go after email at the provider level, but NSA is capable of capturing all internet traffic if it wants to.
You assume they can't just rootkit and browse your server at will?
On one hand, government agencies are notoriously ineffective with technology. On the other hand, I'd rather assume competence and be incorrect than the opposite.
Note that two degrees was Binney's conservative proposal at the time to help preserve the privacy of the general population. The higher-ups weren't interested. But I assume there has been some research into how many degrees of separation are required to reach some threshold of confidence, and 2 degrees is pretty good.
"There it is: If you have online contact with someone that's of interest, there's a chance all of your info will be of interest also."
Aside from the obvious chilling effect this has, how do you know if the people you speak to will become "persons of interest" later? Anyone you speak to now could be a high-profile activist in a year. That means that anyone could be the subject of this sort of surveillance.
The way I see it, Google set up a system that is easy to conduct surveillance on. Gigabytes of storage, no way to actually delete messages over IMAP or POP3, and in various subtle ways GMail discourages the use of encryption.
This is all probably inadvertent, but it indicates that protecting users from this sort of surveillance is not a priority.
If you don't believe that they delete it when you tell them to delete it, then using Gmail is already a non-starter. Also, yes, defaults do matter: the outcry from users from not being able to undelete an email would be much louder than those wanting instant deletion.
"the outcry from users from not being able to undelete an email would be much louder than those wanting instant deletion."
[citation needed]
Seriously, I have trouble believing that anyone would complain about "delete" carrying any meaning other than "delete." I also find it hard to take such people seriously, given the existence of a Trash folder as a first stop for deleted messages, and All Mail as a second stop (and what is the default for deleting from All Mail? Having the message come right back to All Mail! Brilliant...).
Thanks for the tip on how to fix this behavior. It is an easy option to miss...
Using the default Gmail settings of (a) Enable IMAP and (b) Auto Expunge on, I just deleted an email via Sparrow (IMAP). The email instantly went straight into the Trash folder and is not visible in All Mail. I expect the email to be auto-deleted in about 30 days. I agree that the behavior you're describing would be weird, but I'm not seeing it. Can you please double check?
No, I don't have a citation, but is it so hard to believe that lots of people want an undelete? I accidentally delete emails all the time and I go into the trash and fish them out. Not giving users an undo seems ... unfriendly.
EDIT: I see, it applies to Custom Folders and delete only removes the label; doesn't move it to the trash. Here's what Google has to say about it. Is this a default IMAP behavior or Gmail-IMAP specific? https://support.google.com/mail/answer/78755?hl=en
I just confirmed the behavior: I deleted a message from my Inbox, and my mail client put it in my Trash folder. I deleted the message from Trash, and it was still in All Mail. I deleted from All Mail, and when I refresh the folder it is still there. I checked the network log, and the correct EXPUNGE commands are being sent.
As for "undelete," I believe the purpose of the Trash folder is to support that. I have yet to find the email client that does not, as a default, store deleted messages in the Trash folder. I am not disputing that people want that functionality, what I am saying is that I do not think people want the behavior that I am seeing.
The fact that GMail treats "delete" as "remove labels" is very problematic. IMAP supports labels, including client-defined labels. Treating folders as "labels" only breaks the abstraction IMAP presents. I suppose this was part of Mark Crispin's gripes with GMail.
The problem is that the default behavior for people who use an IMAP client is for "delete" to actually mean "keep a copy in All Mail." The server will also give a false OK status to the client following the EXPUNGE command (see the IMAP4 RFC for details), so the user is not alerted to the fact that messages are not being deleted.
I don't follow this stream of logic. If you have to build technical systems, the sole purpose of which is to sidestep laws, in order to be good then aren't the laws at fault here? I find the acceptance that governments will do whatever this wants, we will just use end to end encryption , TOR and Bitcoin defeats the purpose we have regulated currencies, governments and democracies. If there is an action item on the list, it should be to change unjust laws not to circumvent them. The latter is both defeatist and useless. Because if you are not keeping a check on the government they will keep bringing in more laws that hinder your sense of justice and your technical system keep moving its architecture like a fugitive.
"If you have to build technical systems, the sole purpose of which is to sidestep laws"
Nobody is talking about sidestepping laws. You are not breaking laws, nor breaking the spirit of the law, if your users cannot store many years of their personal communications on your server. Encouraging people to delete mail would have the effect of limiting the government's surveillance power, in an entirely legal fashion.
"aren't the laws at fault here?"
It is not that simple. The relevant laws were written at a time when mail quotas were commonly measured in megabytes, when people had to delete their mail in order to stay under the limit. Back then, if a few personal messages happened to be on the server when a court order was received, it was not such a big deal; those messages probably pertained to very recent things anyway. Now, when a court order for "all of Joe's email" is received, that will very likely include messages dating back years, long before whatever crime Joe is suspected of was even committed. The laws have not been updated in light of these new privacy implications.
"If there is an action item on the list, it should be to change unjust laws not to circumvent them. The latter is both defeatist and useless."
Why not do both? Why should we suffer while we wait for the deliberately slow wheels of government to turn? Neither action excludes the other, you can both circumvent unjust laws and work to take those laws off the books.
> You are not breaking laws, nor breaking the spirit of the law
I wasn't suggesting that either. Sidestepping is avoidance not evasion.
> The laws have not been updated in light of these new privacy implications. ... the deliberately slow wheels of government to turn?
So change the law. And speed up your justice system. Don't elect individuals who slow down progress deliberately.
> you can both circumvent unjust laws and work to take those laws off the books.
And fight the laws and its usage, which is what Google does. It was also the entity that disclosed the original order in this particular case, so that the person in question can also take some action if possible. It also publishes transparency reports and it was the first one to do that, which gives you an idea about how frequent usage of the unjust laws are so that you, as a community, has more information about what your government is doing. If I am not wrong, there have been 2 elections since the FISA was passed and the voting population of US was aware of the broad surveillance since the first election (Obama based some of his campaign on it). If he hadn't acted on it, then it should have become a point of debate in the reelection. But it was celebrated on Hacker News as much as anywhere else, without a single mention of his inability of reducing the scope of such laws. So guess what? Overboard surveillance didn't seem to be a priority for most of the people here and Google has been more transparent and more vigilant about it since longer than the PRISM episode. The gist is that it is easy to transfer blame in this case, but the root cause it solely the astoundingly broad laws and the undoubted trust that voters put in the current government that used them instead of removing them as it had promised.
It is not contrarian, I was replying to two separate points. The first was the claim that I was saying that Google should have set up its system to circumvent the law; the is not what I was saying. The second was the claim that we must either circumvent laws or change them; my point was that the choice is not exclusive.
As for the point of the laws being faulty, what I was saying was that the laws were designed with a particular communications model in mind. Google's system is designed very differently from that model, but despite Google's popularity and despite other services adopting a model similar to Google's the law has not changed. Just saying that the law is at fault is too simplistic; the laws may have good reasons behind them and may have made sense at the time they were passed (and had technology not changed, the laws might still make sense now).
That's stupid. Particularly how you list 'plentiful storage' as a drawback, if that's the case then it's plainly an issue of law as it pits privacy against usability.
They could have done what they thought was right in the interests of the Internet as a free, unregulated medium and by extension their business which depends on the Internet, even if that course of action (or inaction) was not clearly legal. Then they could have used some of their billions in cash on hand and their team of lawyers to defend themselves against prosecution. They, instead of some random sysadmin, could be the ones bringing this issue of Internet spying to the fore.
Now, before you say "What, do you expect them to break the law?", consider that they routinely push the boundaries of US law (securities law, copyright law, tax law, etc.) and lo and behold they are usually successful.
Now, I expect you might say "What you're suggesting is still nonsensical because resisting orders related to national security is, among other things, far too controversial and not in the interests of shareholders." And I would not disgaree with you.
My point is simply that Google, with its vast resources, is in a much better position than Ed Snowden to take on this fight for the future of the Internet and privacy of communications.
You could even argue Google has more skin in the game than Mr. Snowden, or any of us individually (aside from those who exploit others' private information for profit, of course)... because if this controversy brings about knee-jerk changes in privacy law, it could materially affect their bottom line.
Google has a legal team whose full-time job is pushing back on these requests. At some point, they have to either obey the law, or go to prison themselves. Get off your high horse.
It feels like some people won't be satisfied unless Google says "well, our existence has many benefits, but it also makes it slightly easier for the government to spy on people, so we're closing up shop".
The warrant should detail the nature of the crime being investigated, the dates under which they believe a crime was committed and the range of dates that are reasonable to investigate based on the aforementioned facts.
That's reasonable. A blanket warrant impacting all emails since the beginning of time is not reasonable.
If the cant name a crime and give a date or dates then they shouldn't be asking for a warrant.
Google has a legal team whose full-time job is pushing back on these requests. At some point, they have to either obey the law, or go to prison themselves. Get off your high horse.
Google has a business model whose entire premise is to push the envelope on privacy and to collect as much as possible and hold it forever--to make a few extra pennies per user. Get off your high horse. Google (and FB) is /are a menace to us all, even if only because they gather so much private data about us.
No way would that be considered an over-broad warrant. If, e.g., you suspected someone of financial fraud, it would be totally okay to get a warrant for the contents of all the filing cabinets in his office.
But I think "filing cabinets in the office" is a lot more specific. I think an equivalent would be "emails that contain the phrase X", or emails from these addresses, et cetera.
"betterunix's g-mail account" is plenty specific as a "place to be searched" and "e-mails" is plenty specific as "things to be seized." If you printed out every letter you've ever sent to someone and put it in a filing cabinet, it would be totally fair game for a warrant to get the contents of the filing cabinet. Or if you kept them on a hard drive, it would be totally fair game to get a warrant to get the hard drive.
In this case, the problem is not investigators overreaching the law. The problem is the amount of information consolidation modern technology enables and encourages.
"If you printed out every letter you've ever sent to someone and put it in a filing cabinet, it would be totally fair game for a warrant to get the contents of the filing cabinet"
Except that people do not typically do that, and it is reasonable to expect that a filing cabinet will contain only important or current documents. With GMail, you typically see personal messages that date back years, probably long before whatever crime the person is suspected of.
"The problem is the amount of information consolidation modern technology enables and encourages."
I think for once, we might agree. The relevant laws were written with a very different model of communication in mind.
Because a computer is a small self-contained thing that you can often fit in a bag? That's my point about information consolidation: the law is rooted in the physical (and necessarily so). You can wax philosophical about "virtual spaces" but at the end of the day a hard drive is a small physical object that is treated the same as any other small physical object.
You are evading the question: "Everything in the house" is obviously not specific enough. And here is where the evasion comes in: The problem is not the size of the container. Does a search warrant even ask you to describe the container? No. It asks you to describe the thing to be seized.
If H&R Block had Whitey Bulger's tax returns, would the warrant be required to describe those documents, or, would all of the small, baggable disk drives at their data center be subject to seizure?
Exactly. "All emails" negates all bullet points. It's like asking for 9 specific items in a real world warrant, and then point #10 is "and your whole house and everything in it".
I'm sure that will be of great interest if this person is ever charged with a crime. Until then, he has neither venue nor standing to challenge the warrant.
Imperfect warrants are a problem for the state at trial. Outside of trial, any old warrant will do.
Can someone clarify if Google had to reveal they had done this? The article implies that they did not, and thus the reveal was a "not evil" gesture of transparency. But I'm wondering if they may have known it would get out anyway and they are just getting in front of it. Anyone have more information?
Your wording implies that you think Google has something to hide or to be embarrassed about releasing the data, and that is not the case.
The government asks for people's data all the time, and Google is legally obligated to provide the requested data. They then go the extra step and tell the users as soon as they are allowed to.
The definition of "anyone who does anything that might piss off a government" includes a lot of people. What if I become a political activist in 20 years time, I might well piss of a future government, should I stop using gmail now in case that happens?
> Because I talked to Julian Assange, all information held by Google relating to my user account with them can be handed over to US prosecutors—not just the contents of my conversations with Julian.
There it is: If you have online contact with someone that's of interest, there's a chance all of your info will be of interest also.