None of Your Damn Business

After reading a post in my buddy’s blog (and the articles that post links to) about National Security Letters I started to get more and more irate. Apparently, our government sends out thousands and thousands of letters to Libraries, Web hosts, and the like, saying, “We’re the government, we’re fighting terrorists, so give us everything you have about this person. Also, you’re not allowed to tell anyone about this, not even your lawyer.” This is not like a search warrant, because there is no judicial oversight.

The FBI’s use of national security letters to get information on Americans without a court order increased from 16,804 in 2007 to 24,744 in 2008. The 2008 requests targeted 7,225 U.S. people.

Read More

Those are all requests for personal information with no warrant, no need for probable cause, and no right to legal counsel even for the people who are not themselves under investigation. I’m not a trained legal scholar, but good lord, this can’t possibly be constitutional.

Well, it’s not like I have anything to hide, but if my ISP got served with one of these letters, would they turn over the information, or would they fight? Would Google protect the emails mouldering in that account that I rarely check? What about my Web hosting provider? I would love to see each entity that has my personal information publicly state that they will not turn over information without due process.

The only way this governmental bullying will be stopped is if everyone agrees not to be intimidated.

On a personal level, I’ve decided to start a policy of encrypting my emails. Not because there’s anything incriminating in there, but because if only secrets are encrypted, then everyone knows where the secrets are. And really, it’s nobody’s business but mine what I put in private correspondence. If everyone encrypted all their messages, the constitutional rape called National Security Letters would be pointless.

Toward that end I have installed Gnu Privacy Guard, which is based on OpenPGP (Pretty Good Privacy), a system which can withstand any attacks feasible at this time (naturally as computing power increases, the encryption must be made ever-more sophisticated).

It takes two to pass a secret message, however. I’m not able to encrypt messages to people who do not also have GPG or PGP installed, and who do not have my public key. The system works with a pair of keys – one I keep secret and another that everyone can see. When the message is encoded using one key, it can be decoded using the other. So if I have your public key, I can encode a message that only you can read.

It’s a bit of a hassle to set up GnuPG (available for Mac, Windows, and Linux), but once you have your key generated and all the pieces in place, it’s pretty transparent to use. My public key is now available on many servers, so once you have the plugin to your email program installed, it’s easy to load.

You can learn more through the link called “Jerry’s public key” on the sidebar in the top section. Please join me in taking the teeth out of National Security Letters and the bullying bureaucrats that use them.

Addendum: Comcast’s privacy policy states that they will not disclose information without a subpoena, warrant, or “other valid legal process”. Then they go on to say they will also disclose information if they think “the disclosure of information is necessary to prevent financial loss“. That means they reserve the right to sell out their customers if they think they could end up incurring legal costs to protect them. Sigh.

3

11 thoughts on “None of Your Damn Business

  1. As I think about it, since my ISP is a communications giant, they have almost certainly been served with NSL’s. They wouldn’t be able to talk about individual ones, but I’d love to hear their policy stated as a hypothetical: IF we were served with an NSL, here’s what we would do…

  2. On an unrelated side note, when I copied the quote above from wired.com, it automatically included the Read More link. Pretty nice! They make it easy to include their material in other people’s sites with proper attribution. The only problem: The link as it pasted in was broken.

    Still, it’s good to recognize that most unattributed quotes are the result of sloth, rather than malice, and then do something to help the slothful be ethical.

  3. From your sidebar piece with the technical details of your public key you say:

    “The fact that nothing I say is worth encrypting is beside the point.”

    Which is a very important issue that privacy advocates have to fight all of the time. The public they are trying to defend is very fond of saying, “I have nothing to hide, why should I care what the government does. It’s the people who do have something to hide that should look out.”

    But man it’s a slippery slope. It means somebody else is getting to make the decisions. Maybe they’re looking for terrorists and you’re talking about playing golf hooky from work – how long until they forward your info to your employer? Just because they can.
    Or you talk about how great the tent revival was last night. Right now they’re looking for islamist terrorists, but what if they archive everything and 30 years from now comb it over for ultra religious statements?

    • Or what if they compile a list of everyone who has checked out The Monkey Wrench Gang at a Library? Or, for that matter, a list of everyone who has purchased a “subversive” book at Amazon?

  4. Two more thoughts: 1) You had mused on my blog about what we can do to fight deh power, and here you are doing something. Kudos. 2) It strikes me that there are lots of organizations, both self interested and altruistic, that fight hard to defend the first amendment, and there are lots of organizations that fight hard to defend the 2nd amendment (NRA is not the only one). What is needed is just as famous an organization to fight against the eroding fourth amendment. Granted the ACLU does a fine job here, but you always hear, “freedom of speech, right bear arms, freedom of speech, right to bear arms, blah blah blah.” Poor ol’ Fourth needs some love.

    • I may be trying to do something about it, but the course I’ve chosen is a team game. It only works when my correspondents play the game, too. I’m happy to help get people up and running. The main thing I need to remember is how I got my public key onto the global server network. I’ll post a link to the installation instructions and any commentary I can add (the Mac version is kind of skimpy on instructions in English).

  5. As I was typing up a new, more detailed set of instructions for getting started with GnuPG, I thought of the recent artificial scandal in which some climate scientist were accused of falsifying data. If their correspondences had been encrypted, then only people who understood the jargon would have been able to read them. Those messages would still be open to audit by people possessing the proper keys, but not by random assholes with an axe to grind who didn’t understand science, let alone climate science jargon.

    Those guys had nothing to hide, but didn’t police the way they said things, and that got them in trouble.

  6. A very geeky high-school friend of mine was working in the Los Alamos library when it was first going computerized. One of the nifty features of the new computer system was that it could track readers’ borrowing preferences and make recommendations of other books they might like — much the way that Amazon does now.

    Then the DOE decided that what a person checked out of the library was information that should be considered when that person applied for a security clearance, or when the clearance was up for renewal. My friend reprogrammed the library computers not to gather that information.

  7. I was investigating data backup possibilities tonight and I saw this on the front page of rsync.net’s site:

    NO data will EVER be released to LEAs/TLAs without court order.

    Will that affect my decision? Damn skippy it will.

    • An addendum to that last comment, rsync.net will actually comply with Patriot Act crap. However, they also have a Warrant Canary – a signed file that says no warrants have been served, which they update once a week. So while they can be bound to not disclose that they have been served a secret warrant, chances are they won’t be forced to continue to say that they have not been served a warrant. Clever.

Leave a Reply

Your email address will not be published. Required fields are marked *