Education is where it all starts.

"Fourth" is spelled with a "u".

Maybe that post got disemvoweled by the Feds.

SSH tunnel your email all you want but it won't protect it. First of all it has to be sent by another server, then it goes across the network before arriving at your ISP and then onto their (or your own) mailserver.

You SSHing into the mailserver is like the windows of your car being tinted only when you drive up the driveway to your house, not during your time on the street or while shopping.

I'd also be interested in hearing whether it's necessary to have passwords when encrypting disks or communications. I.e., if I convince a family member it's worthwhile to encrypt their communications, what happens when they forget their password?

Not that I'm trying to defend this legislation, but don't you think it's a bit sensationalist to claim it scraps the fourth amendment?

From Wikipedia:

Specifically, the bill:[2]

* Prohibits the individual states from investigating, sanctioning of, or requiring disclosure by complicit telecoms or other persons.
* Permits the government not to keep records of searches, and destroy existing records (it requires them to only keep the records for a period of 10 years).
* Protects telecommunications companies from lawsuits for "'past or future cooperation' with federal law enforcement authorities and will assist the intelligence community in determining the plans of terrorists."
* Removes requirements for detailed descriptions of the nature of information or property targeted by the surveillance.
* Increased the time allowed for warrantless surveillance to continue from 48 hours to 7 days.
* Requires FISA court permission to wiretap Americans who are overseas.
* Prohibits targeting a foreigner to eavesdrop on an American's calls or e-mails without court approval.
* Allows the FISA court 30 days to review existing but expiring surveillance orders before renewing them.
* Allows eavesdropping in emergencies without court approval, provided the government files required papers within a week.
* Prohibits the government from invoking war powers or other authorities to supersede surveillance rules in the future.

[2] = http://ap.google.com/article/ALeqM5hJKgeE0Z-SivATjok-utYBdh9wDwD91DU0Q00

Specifically, it seems the prohibitions in place are specifically there to prevent violations of the fourth amendment.

I'd plug the Obfuscated TCP project currently under rapid development by a friend of mine:

http://code.google.com/p/obstcp/
http://code.google.com/p/obstcp/wiki/Reasoning
http://obstcp.blogspot.com/

It, or something like it (such as the Pirate Bay-sponsored system that got mentioned on Slashdot today) could significantly protect against wholesale eavesdropping and packet mangling by network operators -- or, at the very least, raise the cost of doing so by orders of magnitude.

- - -

Separately, if you can get your head around the use of OpenPGP (as implemented by GnuPG and friends), it can -- if used correctly! -- help secure sensitive documents and emails.

Human-usable frontends like Enigmail and Seahorse provide much friendlier interfaces than the standard command-line tools:

http://enigmail.mozdev.org/
http://www.gnome.org/projects/seahorse/

Just before I saw this article, actually, I submitted a link to an article about how The Pirate Bay wants people to encrypt all of their communications at an Operating System level:

http://newteevee.com/2008/07/09/the-pirate-bay-wants-to-encrypt-the-entire-internet/

While I think they're unlikely to actually finish that project, I would LOVE to see some open-source alternatives crop up.

Remember the days of modem handshaking? It works the same way, any data transfer request first asks if you can encrypt, and then downgrades to open communication, if not. Why hasn't this been done on a system-wide scale in the past?

Frankly, 90% of the time, I'm more than willing to sacrifice a little bit of speed for a bit of peace of mind.

Chryso, read bullet points 2-4, 5 and 9, and tell me those don't all sound like easy outs for past and future abuse of civil liberties.

and that's the watered down, safe sounding, publicly edited Wikipedia version. The actual letter of the law is no doubt so harrowing i'd rather not think about it!

-T

@ #4 The protections were already in place, and this bill excuses people for violating them, setting a precedent that such protections aren't to be taken seriously. Also "Allows eavesdropping in emargencies without court approval, provided the government files the required papers within a week" really means "Allows evesdropping in whatever the government calls an emergency as long as the paperwork is lost within a week."

Regarding privacy, I've been wondering if there's a practical way to encrypt cell phone calls. Anyone know?

So, the government illegally performs wiretaps on US citizens. After getting caught, they pass legislation that makes everything they did OK but says it's not OK to do more than that... Does anybody really trust that they wouldn't just exceed the law again and pass legislation to make it OK retroactively?

I also saw the Slashdot item on The Pirate Bay. They are working on massive deployment of zero-configuration traffic encryption. This will hide *what* you are sending. TOR will hide *who* you are sending it to.

While widespread deployment of these tools is good to protect privacy as a whole, none of them will prevent targeted surveillance of individuals. The main character from Cory's recent book does everything he can think of (including in-person key exchanges to establish a trust network), but it is still compromised by a mole.

While I do get the heebee-geebees from the new FISA law, I'm not too worried about Scroogled coming true. Our society is in a paranoid-delusional phase regarding terrorism. I fully expect that in ten years, we'll have sobered up and be making reasonable decisions again.

I'm more interested in laying the substrate for trust webs, spam mitigation, and Whuffie-style reputation economies.

P.S. Cory fiction reference hat-trick! Can I has jelli-baen now?

@ #4

I couldn't agree more. This is the biggest overhyped non-story of recent memory. It would seem everyone who writes for/reads this site thinks EVERYONE is being monitored as if the legislation specifies all communications are now monitored all willy-nilly. This is completely absurd. In order to eavesdrop ON A SPECIFIC PERSON for up to 7 days, the authorities have to come up with enough evidence for probable cause, establish that it warrants emergency action that cannot wait for a normal court order, and then submit the paperwork. How this translates to every idiot on the internet thinking they need to suddenly start using 1024-bit keys for their Gmail traffic completely and utterly baffles me. Get over yourselves. The NSA doesn't care about the email you got from your mom with pictures of her cat's new sweater.

@ #3, use a provider which supports StartTLS: http://help.riseup.net/security/measures/#what_is_starttls

FISA is bad.

However, the 4th Ammendment still stands just as strong as it ever did. The only way to repeal the 4th amendment is (wait for it.....) to appeal the 4th amendment with another amendment.

Thus far, this hasn't been done. Therefore the 4th still stands.

#8

"...really means "Allows evesdropping in whatever the government calls an emergency as long as the paperwork is lost within a week.'"

That is asinine. What causes you to think there is no accountability? Clearly you know nothing of the chain of evidence or any law enforcement procedure. If your paranoia was even in the realm of reality, any evidence gained from such a blatant disregard for the policy would be ruled illegally obtained and rendered inadmissible in court. Case closed.

@#8 - If Television has taught me anything - and it has - the best thing you can do to avoid your cell phone calls from being eavesdropped on is to use "burners" ala The Wire. Single-use phones which can be cheaply purchased at finer convienece stores.

I've also seen do-hickies on TV where you just snap an extra mouthpiece onto your phone and it will garble your speech, only understandable to someone with a special decrypter. I think that device might have been BS though.

the fourth amendment protects against all kinds of unreasonable search and seizure. As in the police searching and seizing your property without a warrant. While this bill and the spy program may possibly violate the fourth amendement, I don't see where the fourth amendment has been repealed.

And now that there's a bill, it can be brought before the supreme court.

There are ways to show concern without resorting to sensationalism. "fourth amendment" is such a convenient catch all, much like "terrorism".

Tor provides anonymous surfing but does *NOT* provide security, as the embassies for Iran, India, Japan, and Russia discovered:

http://www.theregister.co.uk/2007/09/10/misuse_of_tor_led_to_embassy_password_breach/

Not to hijack this thread, but:

"What causes you to think there is no accountability?"

The immunity part of the law. That, and just about any news out of the USA in the last 8 years.

If it violates the 4th Amendment then the Supreme Court will over turn it. You just have to take it to court and demonstrate that you are an impacted party to this law. Should be easy enough to do, right? All you have to do is show that the government's program is violating your rights, just take the telecom that carries your traffic to court to demonstrate that .... or something like that.

How about using darknets? Like this one, for instance: http://www.anonet.org

#17

Wrong. The immunity part has NOTHING to do with my statement or the comment I was replying to at all which was in reference to federal law enforcement following the policies in the bill. It simply protects the data carriers who are stuck in the middle. Why should they be mired in lawsuit after lawsuit for simply doing what they were court ordered to do?

"I use OSX 10.5 at home, and Windows 2003 behind a corporate network at work."

My condolences. Seriously. If you think that you're secure in your use of OS X 10.5 (or any thing else for that matter) stop reading now because you just don't get it. At all.

If you wish to protect your electronic communications between you and your friends you will need to use PGP for ALL of your e-mail. That means you AND anyone that you wish to e-mail -or that wants to e-mail you- must employ PGP on both the sending and receiving ends. Which requires that you exchange public keys with that person -and every person you wish to communicate with- in a secure and trusted fashion. Good luck getting that to work with the family and friends. If you want to communicate with people and don't want anyone to know what's being said, do it the old school way, face-to-face. If you need help here, watch some old mob/spy movies.

If you plan on traveling internationally, be prepared to securely wipe your laptop, phone, and music player prior to arriving at your destination and prior to your arrival back in the U.S. That means you have to setup or employ a trusted server somewhere with ssh access to allow you to securely retrieve all your data once you arrive at your destination and to upload all of your changed data prior to returning. You will also have to carry a DVD or CD with an installer or disk image of your laptop OS to be able to re-install the OS so you can startup the machine for the security droids at the airport to prove that it's a real, working, computer. That should waste the better part of day at the start and end of your trip.

Your best hope -our best hope- is that someone or some group, like the EFF, will have the testicular fortitude to challenge these laws on constitutional grounds in front of the Supreme Court and have them overturned, in their entirety.

"That is asinine. What causes you to think there is no accountability? Clearly you know nothing of the chain of evidence or any law enforcement procedure. If your paranoia was even in the realm of reality, any evidence gained from such a blatant disregard for the policy would be ruled illegally obtained and rendered inadmissible in court. Case closed."

You are making the assumption that the ill obtained information will be used directly in court. It can be used as a basis for targeting legal means of search, or used by means having nothing to do with the legal system at all. See J. Edgar Hoover for examples.

Wireless mesh net with household wireless routers. Sort of an updated FIDO net. You need sufficient density of users to blanket an area with signal and provide enough connectivity to relay data from each such network to a central server that in turn would use telephone lines to connect to other servers at a distance. This creates a network parallel to the internet but doesn't actually connect to it.

All of the software used must be open source, OS and apps, no exceptions. Also, make sure you compile the compiler from known-good source code. (And the assembler and the linker and the kernel and the loader.)

Also, make sure the compiler you use to compiler the compiler was also compiled from known-good source code.

Why? Just ask Ken Thompson.

#22

Incorrect. See "Fruit of the Poisonous Tree" for examples. Anything that stems whatsoever from illegally obtained evidence will also be thrown out. The person would still walk.

I am still trying to find ways to encrypt my voice communication in an end-to-end manner with my cell phone, so even if my provider lets someone listen in I am protected. That is a bit problematic and I have have yet to find a good solution. For VoIP traffic I have been using Asterisk with a patch from the zphone project that encrypts voice traffic.
http://zfoneproject.com/docs/asterisk/man/html/index.html

@#4 and anyone else who thinks this law is no big deal.

I tend to side with George Washington University Constitutional Law Professor Jonathan Turley who says this law "evicerates" the Fourth Amendment.

Why does he think it is being done, "Political convenience" to cover up the Bush Administration's law breaking. The Democrats in Congress know he broke the law but they don't want to enforce the law, because it would be inconvenient for them. Sad, truely truely sad.

http://www.youtube.com/watch?v=wmot0aZy4MM

why do they bother? If they want to destroy someone, can't they just use the Patriot Act to declare them an enemy of the state and therefore exempt from any legal protections in the first place? Or lure them into a Black Zone like a military site or border area where no rights apply at all?

Made this comment yesterday in another bb thread about the new bill. This link came up when searching the phrase, "encrypted drive implies guilt".

Practical Approaches to Recovering Encrypted Digital Evidence
By Eoghan Casey, MA

http://www.dfrws.org/2002/papers/Papers/Eoghan_Casey.pdf

I know next to nothing about encryption, looking forward to everyone's responses.

FYI, if you also run a Tor node to help others, be aware that if someone uses, for example, Bittorrent through Tor and you end up as the exit node, it will look like you are downloading whatever it is they are.

I ran Tor for one weekend and got a DMCA take-down the following Monday (which is silly, because I am in Canada, but what can my ISP really do?) for downloading a Japanese Wii game via Bittorrent.

The problem? I would never download a Wii game because I'm not that kind of geek, and I wasn't running Bittorrent.

There are ways to control this (to a point) but I really has not immediate choice but to kill Tor and close up the port.

So, be careful out there.

@ #26

I watched the video. All I saw was an incredibly unprofessional bias on the part of the news anchor talking with a typical university leftist. Say what you will about its materialization or the current administration, but the truth is this bill doesn't affect people like you and me, unless of course you are actually an arms dealer or the like. The idea that it someday might and that it's a "slippery slope" is pretty far-fetched. The fact of the matter is that this has already saved lives (see: Rammstein AFB attack thwarted by eavesdropping intelligence shared with German authorities).

Zuzu does an excellent short course, I suggest you have a rummage though his comments

John in BBgadgets touched on Full Disk Encryption (FDE), though for a laptop the upcoming solution is the AES-256 FDE drive from Fujitsu (MHZ2 CJ).

I've found that I2P provides more collective bandwidth for moving heavy files than Tor has available. (Nothing prevents you from running both.)

Instead of allowing Google to monitor your web searches, you could use YaCy distributed search engine.

At home, you could install a router that does network intrustion detection, such as the Watchguard Firebox or build your own pfSense firewall. (c.f. m0n0wall, untangle)

And as others have already said, definitely generate and publish your GPG public key and cryptographically sign all of your emails as a kind of passive evangelism. (Some people will be curious enough to ask, "What's that cypher block at the end of your email?" and that provides an opportunity to explain that every email is like a postcard that everyone can read, or rewrite, at every hop along the way of delivery.) If you use Apple Mail.app, install the GPGmail bundle. (Though I find the best way to install the most current version of GPG is using MacPorts. $ sudo port install gnupg +idea )

Finally, Cory, I don't mean to be a jackass in pressing this point, but previously you've implied that encrypting all web connections (TLS/SSL) to BoingBoing would be cost-prohibitive. Too bad BB can't lead by example -- to protect privacy or net neutrality.

@ #20 posted by Bluesk1d , July 11, 2008 7:52 AM

"Why should they be mired in lawsuit after lawsuit for simply doing what they were court ordered to do?"

Because they broke the law; it really is that simple. Break the law, you should pay the consequence.

The only place the telecoms are stuck is between whether or not to continue to break the law at the govt request or not if the govt doesn't pay the bill.

It is quite depressing to see that if you have enough money you can ask congress to retroactively immunize from previous breaches of the law. Boy it sure would be nice the next time I get pulled over for speeding to just call up my Congress-woman and to clean that up and all previous ones. As the votes showed yesterday that is exactly how it works out if you have enough money. Whatever happened to equal justice under the law?

The absolutely baffling thing is that no one disputes that the telecoms broke the law; that and the fact that so few actually know what behavior they immunized. In the USA, our history tells us time and time again that we DO NOT TRUST those with power, so why would we continue to believe the "Trust Me" line?

Obviously the only solution is to remove those in power who no longer believe in the rule of law and the effort to do just that can be joined here:

http://accountabilitynowpac.com/

@ #18 You've hit the nail on the head. "All you have to do is show that the government's program is violating your rights." There's no way to prove that rights are being violated if the executive branch doesn't need to report to anyone else. They can just deny that anything is happening and protect the telecoms when they do the same.

how much? Is there a creative way to fund this?

Noen,

I feel the same way. All these wireless routers showing up are just waiting to be linked together building a connect-the-dots encrypted, free, and independent wireless net. There is no reason for the telecoms to even exist.

#10

The legislation allows 7 days of individual surveilance without the court signing off on it. That much is true. However, there is no oversight as to what qualifies as an "emergency." Also, whereas under the old FISA law, the agency had to submit a 2 page form stating who they wanted to spy on and why, the oversight now is largely procedural. The court can see whether or not the agency has followed the correct process, but not the specifics (meaning "who they want to spy on and why).

I think, though, that the larger impact will be on the data-mining side. There is now a precedent that companies will be expected to turn over any data the government requests, in secret, regardless of whether or not they are violating privacy agreements or even the law. If phone companies are expected to turn over information without a warrant, why shouldn't ISPs or doctors or banks or...you get the idea.

In that environment, I don't think its especially paranoid to take a little personal interest in privacy.

#32

"There's no way to prove that rights are being violated if the executive branch doesn't need to report to anyone else. They can just deny that anything is happening and protect the telecoms when they do the same."

The only thing this statement would have to do with is a civil trial. Is it a big deal you can't sue them civilly for listening to you and then deciding not to charge you? How would you even know it happened? The executive branch never has to report to anyone else unless they want to actually prosecute you. The whole point of this discussion is having evidence gathered against you for criminal proceedings, not making money off the federal government.

I suppose everyone could learn Arabic. They have no staff to translate that.

@10 Blueskid

Yeah, it's not like they are copying all the internet traffic and phone calls.

http://www.eff.org/nsa/hepting

Well, I guess this is just anyone who uses the AT@T backbone.

#35

I like your rational respone but I think you may be oversimplifying how easy it is to fill out some meaningless form and get yourself a shiny emergency wiretap approval. This still has to stand up to later legal scrutiny if any criminal proceedings are to follow. Any court appointed attourney would get a shady approval thrown out before the trial even started.

"If phone companies are expected to turn over information without a warrant, why shouldn't ISPs or doctors or banks or...you get the idea."

Because this bill is for listening in on live (or recordings of live) transmissions, not arbitrarily seizing documents like your life history, web surfing habits, bank statements, and medical records from private entities.

"encrypted drive implies guilt"

Well of course it does. It's like carrying around a great big manila folder stamped with the words "Top Secret" on the cover. The ideal system would look like regular unformated or unused disk space.

To see what you're up against:

Microsoft Gives Government and Corporate Espionage the Green Light

Helix - Incident Response & Computer Forensics Live CD

The NSA has access to the internet backbone. There are no tricks to get around that. You can also be sure that all commercial software is compromised. The Microsoft Malicious Software Removal Tool has been used to break botnets and it reports back to MS without your knowledge. And boy there sure are a lot of transistors on IC chips these days. Who knows what's encoded in there. Is that how China broke into the Pentagon?

Wheels within wheels within wheels. Build your own software from trusted source.

#38

Yeah, it's not like they are copying all the internet traffic and phone calls.

http://www.eff.org/nsa/hepting

Well, I guess this is just anyone who uses the AT@T backbone.

That is great and all but that is outside the scope of this bill. If anything your point just illustrates that this has and will take place regardless of whatever bill is pass or not passed. Wouldn't you rather they at least follow the provisions and restrictions in this bill?

"* Protects telecommunications companies from lawsuits for "'past or future cooperation' with federal law enforcement authorities and will assist the intelligence community in determining the plans of terrorists."

#4 didn't read his own post.

"This still has to stand up to later legal scrutiny if any criminal proceedings are to follow. "

Because it's not like anyone would use the unlimited ability to spy on Americans for extralegal purposes like blackmailing political opponents or imprisoning people for years without trial or anything like that.

Blueskid, go read Glenn Greenwald on this subject and stop hijacking this thread. He is a constitutional lawyer and has extensively covered this subject.

http://www.salon.com/opinion/greenwald/

Otherwise, I request you go over there and discuss this.

"And then . . . they came for me . . . And by that time there was no one left to speak up."

The problem with erosions of privacy is that, even if they aren't targeting you now, they might later. How much would it take? Speaking out against the government? A prank phone call to the police? File-sharing? Just because they don't have a reason to watch you doesn't mean they won't find one later.

The need for a warrant and the explicit description of who and why are extremely important to judicial overview. How can you tell if powers are being abused if you don't know what was happening? The fact that they submitted the paperwork means nothing if the paperwork is blank (read: without details).

I have a friend who works in CSIS, and despite the fact that they are horribly understaffed, the truth is that they have a lot of information on a lot of people. It wouldn't take much to abuse this.

The problem with using litigation to combat abuse is that it's more difficult to prove abuse. If it's illegal to wiretap without a warrant, all you have to prove is that you were wiretapped and there was no warrant. If it's legal, but there are a bunch of conditions, you need to prove those various conditions. This is even more difficult when many things, such as who is tapped and why, are left out. How do you prove you were illegally wiretapped if there isn't even a paper with your name on?

These may sound like little details, but put together, it results in a vastly-weakened system of oversight, which is much easier to abuse.

Probably a good way to protect yourself is to stop visiting this site. It wouldn't surprise me one bit if it and others were on a list somewhere.

nice going Tim, now I have to kill you (again)

#41

This is the *point* Bluesk1d. The immunity provided in the bill was specifically engineered to prevent EFF and others from uncovering what was going on in the program. Do you think that they're going to stop warrantless wiretapping now that it (a) remains illegal, yet (b) there is no way anyone can defend themselves in the courts against it.

(Note that (b) isn't necessarily true -- but it was damn well the intent of the FISA reform act)

@ #36 You're missing the big picture. The 4th amendment protects us from search and seizure from the federal government, regardless of whether it's part of a criminal trial. The executive branch *does* have to report to people, in this case the FISA court, for this exact reason. But there's a huge loop hole, if the executive branch can say "don't worry, we'll file the paperwork later, it's an emergency" it gives them plausible deniability later, meaning they can spy on us illegally without leaving any proof. Regarding "fruit of the poisonous tree" if you can't prove there's a poisonous tree, you can't prove the fruit came from it.

@ #42

"Blueskid, go read Glenn Greenwald on this subject and stop hijacking this thread. He is a constitutional lawyer and has extensively covered this subject.

http://www.salon.com/opinion/greenwald/

Otherwise, I request you go over there and discuss this."

Thank you. I will read the article. However, can you please explain how I am hijacking this thread when the title of the article states the senate has repealed the 4th amendment? I am simply arguing against that assertion which is directly related to the post.

"If phone companies are expected to turn over information without a warrant, why shouldn't ISPs or doctors or banks or...you get the idea."

They already do. Ever been to an IRS audit? They come with all your bank account statements and purchasing history already in their hands. Banks are required by law to report suspicious activity and are only to eager to help. That's how they got Eliot Spitzer. Your insurance company also knows everything your doctor knows and you can count on them to cooperate in the "the war on terror" too.

BTW, the government does surprisingly little intelligence on it's own any more. They purchase intelligence "products" from private corporations like Booze Allen.

@ #47
"You're missing the big picture. The 4th amendment protects us from search and seizure from the federal government, regardless of whether it's part of a criminal trial."

This is not correct. The 4th amendment ONLY applies to criminal proceedings.

"But there's a huge loop hole, if the executive branch can say "don't worry, we'll file the paperwork later, it's an emergency" it gives them plausible deniability later, meaning they can spy on us illegally without leaving any proof."

This nonchalant privilege is not one of the provisions of the bill. Probable cause and an expressed exigency are required for approval.

"If you can't prove there's a poisonous tree, you can't prove the fruit came from it."

You don't need to prove there is a poisonous tree. They will do that for you. As soon as they present it as evidence, its validity and legality can immediately be called into question.

The bill of rights was intended to render moot any suggestion of future American laws becoming repressive. Each individual element of our secular
"Ethical Decalogue" was intended to secure an inviolate protection for a part of freedom itself.
It was the capstone of our nation's ideological identity so to speak. Those rights were the soul of a republic that lives,fortunes and sacred honors had been pledged to. Sadly my use of *PAST TENSE* may yet become literally accurate if we allow it to.
As to the topical nature of this post? That WAS in a better vanished time an issue rendered moot by that fourth amendment we are hopefully calling dead prematurely . SO my answer to this thread's query is an order to all 3 branches of America's government.

Uphold your Oaths to protect the constitution or not even God will have mercy on your Oath Breaking souls

There was a question earlier about mobile call encryption. I helped write Scrambit last year that encrypts calls over a gsm csd line. The site is in Italian but it works anywhere the carrier supports the correct line.

bluesk1d, regarding "This is not correct. The 4th amendment ONLY applies to criminal proceedings."

So let's say a fictional current president want's to listen to Obama's phone conversations so he can leak any dirt he can find to the press. Let's say he asserts it's part of a terror investigation. 1. Are you saying that's not a 4th amendment issue? 2. How, with this law in place, can such a situation be prevented?

@ #53

"So let's say a fictional current president want's to listen to Obama's phone conversations so he can leak any dirt he can find to the press. Let's say he asserts it's part of a terror investigation. 1. Are you saying that's not a 4th amendment issue? 2. How, with this law in place, can such a situation be prevented?"

1. You are correct. The 4th amendment ONLY prevents criminal prosecution from evidence gathered. It does nothing to prevent the actual search from taking place. That seems to be a common misconception. Protection from the actual search or seizure comes from the same normal legislation that makes it illegal for Joe Shmo to listen in on your phone conversations or break into your house and take your property. They can be charged with a felony under federal law. Bills like this are just one of many exceptions for law enforcement (probable cause search, search incident to arrest, warrant searches, etc).

2. The current bill already prevents this situation. A normal request for a wiretap requires formal court approval after a review of evidence. The president does not have the power to simply declare him a terroris and begin listening in, bypassing the process this bill stipulates. Since there is no such evidence that Obama is a terrorist, the approval would not be granted due to lack of evidence.

Here's a response I got from Senator Feinsteins (D-CA) office regarding the content of the FISA bill and what it will acheive, (it's kind of long, sorry)

*************************************************

I write this in response to your communication indicating your concerns on the Foreign Intelligence Surveillance Act of 1978 (FISA) now before the Senate. This bill has passed the House of Representatives.

This legislation contains multiple sections, including one that deals specifically with liability for telecommunications companies. However, the primary intent of this new bill is to modernize our intelligence gathering capacity. The technology and communications industries have seen vast changes in the past thirty years since FISA was first written in 1978. This has changed the way surveillance is conducted, and the original law cannot adequately address these procedures. This is precisely why FISA needs to be modernized.

It is important to understand the consequences if the Senate does not pass this bill. We would either have to extend the temporary surveillance bill passed last August - which should not happen - or allow surveillance on certain foreign targets to expire which would lay the Nation bare and decrease our ability to identify and protect against terrorist threats. Neither of these options is acceptable.

I strongly believe that this bill is substantially better than the version the Senate passed in February 2008, which I opposed. It is also a major improvement from the Protect America Act that passed in August 2007, which had few privacy protections and was never intended to be a permanent solution. This bill:

Includes provisions I authored that make clear that FISA is the exclusive (or only) authority for conducting surveillance inside the United States. This is crucial as it requires that all future Presidents must act only within the law. FISA would be the only legal authority for conducting surveillance on Americans for intelligence purposes, and only legislation that specifically provides wiretapping authority in the future would be an exception to FISA.

Requires the government to obtain a warrant before surveillance can begin. This applies to all Americans - anywhere in the world. The Protect America Act allowed surveillance for up to six months before getting a warrant. This bill ends all warrantless surveillance of U.S. persons. In this sense it is precedent setting.

oBans reverse targeting, which was a concern under the Protect America Act. Reverse targeting would allow the government to collect the contents of telephone calls and e-mails of an American by conducting surveillance on the people with whom they communicate. This is prohibited in this bill.

oRequires that the government implement procedures approved by the Court for minimization. If an American's communication is incidentally caught up in electronic surveillance while the Government is targeting someone else, minimization protects that person's private information. This has been a hallmark of FISA for 30 years, but court review and approval of minimization procedures was not included in the Protect America Act. It is here.

oRequires the government to receive a warrant to conduct surveillance on an American outside of the United States. This means that Americans' privacy rights are protected everywhere around the world. A court warrant has never been required outside the United States before; this would be the strongest protection ever.

I understand your concern regarding Title II of this bill, which creates a process that may result in immunity for telecommunications companies that are alleged to have provided assistance to the Government. I agree that this is not the best approach to the current legal challenges to these companies. Earlier this year, I authored an amendment that would require court review of the legality of these companies' alleged actions. Under my proposal, cases against the companies would only be dismissed if the Court found that they acted legally. I continue to believe this is the right approach. I have joined as a co-sponsor on an amendment which accomplishes this, and will vote for it when it is able to come to the floor.

There may be amendments offered to the FISA legislation to strip or modify the telecom immunity provisions. Know that I will support any that I believe improve the current bill.

Bottom line: this FISA legislation, while not perfect, would bring intelligence activities back under U.S. law. It provides significant improvement in oversight and accountability of our intelligence collection programs while still giving the intelligence community the tools needed to keep our Nation safe. And, it provides the strongest privacy protections to U.S. persons in history.

In conclusion, I have served on the Intelligence Committee for seven years and I take the responsibility extremely seriously. If there is no bill, our Nation goes bare in mid-August, unless the Protect America Act, which does not offer, even remotely, the privacy protections for U.S. persons that are included in this bill, is extended. Additionally, the President - any President - cannot enact a program outside of this law in the future.

I hope this helps you understand my concerns.

Statement of Senator Dianne Feinstein

FISA Amendments Act of 2008

June 25, 2008

@#54 "Since there is no such evidence that Obama is a terrorist, the approval would not be granted due to lack of evidence. "

If the president claims an emergency, which requires *absolutely no review* by anyone else, the courts don't even get to consider the evidence until 7 days after the surveillance begins, what do they do, travel back in time to stop it? Do the telecoms have a way to ensure that the proper paperwork gets filed at all? Do the consumers have a way to ensure that the paperwork gets filed? The answer is clearly no.

@ #21

I'd check my assumptions if I were you. It's customary, when asking a technical question, to state one's current environment so he or she can receive relevant answer. The question itself implies Lee *doesn't* think he or she is secure!

Encrypting your communications will just make them look harder and longer at you-- because clearly "you have something to hide."

I have a better idea, I call it the "fat guy in the nude theory." Rather than hide anything, let ALL your dirty laundry hang out. Include photos of your rectum and bowel movements in all your email attachments, send long rambling Grampa-Simpson-esque diatribes about nothing at all, call a friend overseas and spend 15 minutes discussing the best way to pick your nose. Eventually the NSA will be so disgusted with you that they leave you alone.

Of course so will your friends and relatives, but that's a small price to pay for freedom.

@ #56

"If the president claims an emergency, which requires *absolutely no review* by anyone else, the courts don't even get to consider the evidence until 7 days after the surveillance begins, what do they do, travel back in time to stop it?"

You might want to check your facts. There IS a review, just not a formal warrant. To declare an emergency wiretap, the reason for the exigency as well as probable cause must be declared and documented.

"Do the telecoms have a way to ensure that the proper paperwork gets filed at all? Do the consumers have a way to ensure that the paperwork gets filed? The answer is clearly no."

This logic is fundamentally flawed. That is like saying a law on a highway speed limit is stupid because people will push the envelope and go faster anyway. Its a way to hold the people that DO act outside the scope of the law accountable. If you are talking about people ignoring the provisions of the bill, what makes you think they would magically behave themselves if no such bill existed? Using people who have no regard for the process is irrelevant when making an argument against the process itself.

To the people who think that this bill is somehow going to be "effective" or that the Fourth Amendment continues to be in effect:

Long before Sept 11th 2001, before the (illegal!) War, before the Patriot Act and the War Powers hooey, there were several recorded and reported incidents of Americans being surveilled - their personally identifiable information crossing the desk of the President of the United States - in violation of FISA law and the Fourth Amendment. Every single one was excused by the Justice Department as a "mistake", if not outright buried or denied confirmation under the Freedom of Information Act as being "National Security Interests".

FISA was just another way to legalise what the government was already doing in black ops. Now that Bush's black ops have been discovered AND they've been discovered to be illegal EVEN UNDER FISA LAW, this bill provides retroactive (illegally so) immunity (illegally so) to the infrastructure companies that cooperated (illegally so) with the (illegal) warrantless (illegal) wiretaps that (illegally) ignored the LAW requiring judicial review for EACH and EVERY instance. NOW, only the executive branch's PROCESSES are to be reviewed, and there's no method to hold the executive branch to actually following those processes, no balance of power, and the FISA court stops being an actual process (though one that nearly always approved the Executive's requests) to being a blind, powerless, masquerade.

This is Watergate, all over again, in every detail except that the people the President surveilled for political gain weren't rich and powerful.

When anyone says "This bill brings US intelligence activities back under US law", they are waving their hands over the fact that THE LAW WAS VIOLATED AND (nearly) NO-ONE INTENDS TO PROSECUTE.

Let me re-iterate:

THE LAW WAS VIOLATED. By the PRESIDENT. Who is NOT ABOVE THE LAW.

There are only a HANDFUL of people who are in a position to do so who intend to impeach and prosecute. Most of them are trying to make theatre that our civilisation can survive letting this slide.

When, in the course of human events, it becomes necessary ...

To the people who are claiming things about the Fourth Amendment of the Constitution: BLUESK1D, #50, I'm looking at you:

What part of

"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. "

do you fail to understand?

Nothing in there says "they can search all they want, but not use it in court unless they have a warrant.". We do not allow the fruits of the poisonous tree TO PREVENT searches from being made willy-nilly.

SHALL NOT BE VIOLATED.

All searches require a WARRANT or circumstances that WOULD produce a warrant - probable cause, an Oath or affirmation, and SPECIFIC DESCRIPTIONS. Warrants are ONLY ISSUED BY THE JUDICIARY. NEVER, EVER, EVER, EVER are they issued by the executive branch without the possibility of specific review by the judiciary.

The Executive has operated searches of Americans in their persons or effects without probable cause, without circumstances that would produce a warrant, without specific descriptions, and without an oath or affirmation to the truthfulness of the relation of the probable cause.

This bill makes it possible for the Executive branch to say "We promise to play by the rules, but you can't watch us to make sure we do."

What is this "Small price to pay for freedom" hooey?

LIBERTY IS A NATURAL RIGHT - NOT GRANTED BY EITHER MAN NOR GOVERNMENT. I OWE NO-ONE ANYTHING FOR MY LIBERTY. THAT IS WHAT THE CONSTITUTION OF THE UNITED STATES OF AMERICA SAYS. IT IS WHAT THE BILL OF RIGHTS FORCES THE GOVERNMENT TO RESPECT.

I - Just - Why?

Why do I live in a time when person after person after person fails to understand that IT IS NEVER THE GOVERNMENT'S PLACE TO CLAIM IT IS THE INTERMEDIARY BETWEEN PEOPLE AND THEIR LIBERTY?

"Freedom isn't free"? Horseshit. Government is a tradeoff of liberty for services. Government isn't free, neither as in beer nor as in speech.

Our laws exist to prevent our government from eating our lunch. Why? Why do I have to live with a bunch of high-school dropouts who are so very happy to hand over their lunch to the bully AND WANT TO FORCE EVERYONE ELSE TO? "Careful! The bully protects us from the XYZ gang!"

And the bully wants a SINECURE.

The WHOLE POINT of the FOURTH AMENDMENT is NOT that the government can be somehow trusted to do the right thing with our information, persons, or effects once they've performed the search, and that somehow the Fourth Amendment describes a way for the government to put down the truncheon and back away from the handcuffs and imprisonment.

IT FORBIDS. SEARCHES. AND. SEIZURES. BECAUSE. HUMAN. BEINGS. ARE. ENTITLED. TO. BE. SECURE.

The government is NEVER entitled to perform a search or seizure unless the circumstances VERIFIABLY and TRANSPARENTLY JUSTIFY IT.

This is no different than requiring a backdoor in your computer and claiming that "It's a secure backdoor and we promise to never abuse it."

NO.

NO BACKDOORS.

THE LINE. IT IS HERE. THEY HAVE CROSSED IT.

@ #61

For the people who don't understand the constitution, bardfinn I'm looking at you.

You need to do a little more resarch. You simply listed the provisions of the protection of private citizens against the state. When you were typing that up, didn't you wonder what the "or else" was? If the state does not follow said guidelines what happens? Their evidence will be thrown out. That's it. You, like mostly everyone else, believe the fourth amendment is a statute where someone can be charged with violating it like any other crime. It is NOT a criminal statute. It is simply protection from prosecution. Period.

BLUESK1D: I'm looking at you.

Oh, haha. Claiming I don't understand the Constitution.

I do not believe the Fourth Amendment is a statue. I believe it is a PART OF THE CONSTITUTION.

When police repeatedly and egregiously violate the Fourth Amendment, they are removed from office and prosecuted. Normally judges see mistakes as mistakes and give enforcement officers of the law the benefit of the doubt - because no matter how well-trained police are, they are not lawyers nor judges.

EXCEPT

When the law is plain and obvious and it is clearly apparent that the person wearing the badge knew it and knew they were violating it.

Because not even the police are above the law.

The Executive took an Oath to uphold and defend the Constitution. He broke that Oath. He should be removed from office and prosecuted. We will not charge him with violating the Fourth Amendment - we will charge him with egregiously and knowingly committing Treason by reason of undertaking a conspiracy to knowingly make the Fourth Amendment moot.

The Oath. Breaking it in the pursuit of a criminal conspiracy is treason.

So, Sen. Feinstein's statement says, we have made a long series of stupid mistakes, which have ended up putting us between a rock and a hard place. In the interim we allowed illegal surveillance of American citizens. Now in an effort to mitigate these stupid, shortsighted, incompetent mistakes, and keep things from getting worse, we are forced to pass a marginally better piece of legislation that continues the surveillance and attempts to close the book on the past. Oh, and please vote for my esteemed colleague Sen. Obama who helped us. I have a question; why was Nixon impeached?

P.S. I may have written discreet when I needed discrete, but I ain't that fkin stupid!

Wait, Takuan @30, Zuzu here isn't the same Zuzu that blogs at Shakespeare's Sister? Because that Zuzu is "she." Here I've been totally convinced that they were the same person this whole time. Will have to reorient mental landscape.

BTW - Bardfin, you are the MAN! Thanks for writing what I could not even hope to say, much less write. My hat is off to you.

@YAMARA, Right On.

Without education and respect for how intimidated people are by their set-top-boxes, any project to re-assert the right to privacy around techno issue is doomed either for failure or to stay preached to converted.

The type of education needed requires a teacher's humility and sustained involvement, which is hard to find among over-networked techno activists.

Cory inspired a group of undergrads at USC, which itself was inspiring to see, but these efforts need to sustained by larger communities/networks, not individuals.

has anyone else noticed that bluesk1d has never commented on anything else but this thread and seems as if he is spreading rightest propaganda. He doesn't seem all that "real" or perhaps I'm just paranoid about spying.

I feel the same way. All these wireless routers showing up are just waiting to be linked together building a connect-the-dots encrypted, free, and independent wireless net. There is no reason for the telecoms to even exist.

I'd also like to throw in my support for Noen's recommendation of a wireless mesh network. The problem so far has been the exponential lag that builds up with a half-duplex use of a single spectrum band (e.g. 2.4GHz). Hell, I've personally experienced this just in a single building when using WDS. In theory the dual-band routers for 802.11n (2.4GHz + 5GHz) improve this to full-duplex, but I'm rather convinced of the argument that a third band is needed for backhaul links -- which could be 900MHz in a tight-knit network or the 3.65GHz unlicensed band in a more widely spread network. Then there's the matter of deploying inexpensive easy-to-use and ubiquitous hardware units to people to achieve critical-mass.

At any rate:

Backdoors. They make your privacy moot wherever they exist.

Case in Point: Microsoft Windows.

If you wish to ensure your privacy, specifically /do not/ use Microsoft Windows.

The encryption framework - the part of the operating system that handles encryption calls, installs various encryption modules, and so forth - is set up so that anyone who can gain access to one of the keys Microsoft holds to use to sign the framework and the modules - can replace any encryption module and even the framework itself with any code they so desire. This allows them to then hook the encryption module into any and all calls to read to or write from the disk or memory.

Microsoft is beholden to the US government for its' existence - in the same way that Verizon, Sprint, AT&T, and the telecoms now are. One of the keys is even called _NSAKEY.

If you're using a Microsoft Windows product (At least windows 2000, XP, and above) - no other steps that you take, including using GPG or PGP, will secure your effects and information from the United States Government.

That, is for certain.

Thanks to "steamed punk" for linking to the viewpoints of a constitutional law professor and to "druidbros" for linking us to the viewpoints of a constitutional lawyer. And Bardfin for some great arguments. I think they have you beat Bluesk1d, but that's just my opinion.

bardfinn,

Less caps lock, please.

@#65 posted by bardfinn

*sigh*

"Oh, haha. Claiming I don't understand the Constitution.
I do not believe the Fourth Amendment is a statue. I believe it is a PART OF THE CONSTITUTION."

Everything you have said has illustrated that you do not understand.

"When police repeatedly and egregiously violate the Fourth Amendment, they are removed from office and prosecuted. Normally judges see mistakes as mistakes and give enforcement officers of the law the benefit of the doubt - because no matter how well-trained police are, they are not lawyers nor judges."

Here you completely contradict yourself, demonstrating your ignorance on the subject. You previously state you realize the 4th amendment is not a statute yet here you claim some rogue officers have been prosecuted for numerous violations. Ummm if you agree this is not a statute then how exactly were they prosecuted for violating it? You can only be prosecuted for CRIMINAL STATUTES.

I personally don't know or know of any officers who have repeatedly violated people's civil rights either (and I know a lot of them). This would result in case after case being dismissed. What would be the point? This is completely counter productive (as their goal is to remove criminals from the street, not send them to court for 5 minutes to have the case dismissed). I imagine (since I've never heard of any officer that is this much of an epic fail) their employers would not be happy about the total waste of man hours either.

I just hope someone reads my posts and realizes that this is only a personal privacy debate where people can certainly have their own opionion but unless you are CHARGED WITH A CRIME, the Fourth Amendment is COMPLETELY IRRELEVANT.

Not to worry everyone. You won't have to endure me any longer. This will be my last post and visit to this site. You will believe what you want in order to justify your warped, paranoid views about "the man" and no amount of explanation will change that.

@ #72 posted by germpan

Hey and you are definitely entitled to it, my friend. Just try to remember just because arguments sound convincing, doesn't mean they are true or correct =) Cheers.

@ #71

There are a few issues with not using Windows though.

Have a look here at http://lvlup.tsunami-art.com/ and read the entry for 6/19/2008. (It's the top one as I'm posting this.)

I myself have even tried the Gutsy Gibbon version of Ubuntu. I made sure I had the right version for my hardware, burned a Live CD, and... It simply didn't even work.

Until Linux is easy to use for the average person, and it can run every windows platform program (I for one want my PC games), Windows won't be going anywhere.

Bluesk1d @ about half the thread;

Are you in favour of this bill? Do you think what was achieved here is a Good Thing? I mean, in the face of overwhelming odds, a great justice was reached? The people are served? Once again, the free prevail?

Just a question.

Dear Caroline: I have enough trouble keeping you bloody mammals sorted by limb-count, never mind naughty-bits trivialities. Until Zuzu,or anyone else for that matter, clearly specifies gender-identity preference you are all generically "male" to me. I would never be so rude as to assume and presume.............What's it like anyway?

Antinous:

I don't have a capslock - I used the Shift key for all of that. Point, however, taken.

BLUESK1D:

The Constitution and Bill of Rights are written in English.

I said that you do not understand the Fourth Amendment. Your argument makes it plain that you don't understand it, the language it uses is very plain and unambiguous. It does not even require translation to modern day English. Anyone can read it, and read your assertions, and see that never the twain shall meet.

You, on the other hand, are claiming I do not understand the Constitution. That's a pretty big claim, one that I would beg to claim is an extraordinary one.

You're also failing to see the forest for the trees.

The Constitution created the government.

The Bill of Rights RESTRICTS THE GOVERNMENT.

The Fourth Amendment RESTRICTS THE GOVERNMENT.

Claiming that the Fourth Amendment is irrelevant until you are charged with a crime ignores the fact that the Fourth Amendment RESTRICTS THE GOVERNMENT. IT IS ILLEGAL AND UNCONSTITUTIONAL FOR THE GOVERNMENT TO SEARCH OR SEIZE UNLESS THEY HAVE PROBABLE CAUSE TO DO SO.

The Constitution is the SUPREME LAW OF THE LAND.

It may not have a fine nor jail term spelled out as a consequence of an officer of the government violating that law, repeatedly, by design, with full knowledge aforehand - but it does state that it is a crime, it calls it Treason, and specifies a punishment for same. It is the ONLY crime and punishment outlined in the Constitution.

I understand it /just fine/.

not how things work in real life`though
http://www.huffingtonpost.com/tom-dantoni/its-outrageous-that-rove_b_111943.html

However allcaps definitely increases the truthieness. "Wow, he's shouting, he must be right."

nothing wrong with a little OCCASIONAL emotion

#58

The best answer is to send encrypted pictures of
your rectum to all government sites. Can you imagine the poor fool who spends days/months/years decrypting it, only to find out that he'd be goatse-rolled?

#59

You might want to check your facts. There IS a review, just not a formal warrant. To declare an emergency wiretap, the reason for the exigency as well as probable cause must be declared and documented.

My understanding is that, while this is true, it is a little misleading. The reason and probable cause must be declared, but the court no longer has the authority to review these reasons. They only have the authority to review whether or not the reasons were filed. At least, that's my understanding based on reading it and the ACLU's notes.

I don't want to diminish the importance of discussing this legislation's harshness, but I would really enjoy reading more posts about what measures we can use to a) defeat electronic surveillance and b) introduce more 'white noise' into general electronic communications to complicate their automated filtering. Plus that seems a bit more focused on the topic. We've seen a couple interesting applications- any others?

I use allcaps rather than curses. If I swear in writing, it's a very bad situation.

I'm wrong - The Constitution does not outline the punishment for treason, but leaves it to Congress to set the punishment.

It does restrict treason to those who wage war on the United States or adhering to, and giving aid and comfort to, the enemies of the United States.

It's quite possibly a very long stretch to state that disassembling the restrictions on the United States Executive's powers to ease the ability of powerful individuals and corporate interests to misuse the mantle of authority of the US Government is treason. There is a semblance there in that it has allowed Bush - and the GOP - to do the work of al Qaeda for them, and that it tyrranises the citizenry and destroys the public faith in the government.

I've been hyperbolic, and I apologise for that.

I do not apologise for refusing to buy the bullshit (yes, it is bullshit and yes I am cursing) argument that the government may violate an individual's right to privacy and the only time they may have recourse to the Fourth Amendment protections is to prevent prosecution in a court of law based on that amendment.

If that were the case, Nixon would have done nothing impeachable.

if you surrender an encrypted laptop no one is going to work on decrypting it. They'll store it a while and then pitch it or sell it at auction. The idea is your fear and obedience, as soon as they steal your property and prevent your movement, they have what they want.

@bardfinn

Too many good points to identify.

@Bluesk1d,

Your arguments certainly ring Truthy .

Ahh yes, you can't believe someone who is not on the right can you?

Good point too about University Professors too. Where do they get off offering expert opinion. They act like it is their full time job to study matters and explain meaning based on historical context.

You are wrong when you say it does not affect you and me. Telecomm companies were paid our tax dollars for spying on people illegally. Not only that but companies the acted legally and did not comply with illegal requests were denied other government contracts.

Further this law undermines the Rule of Law. Congress is not able to offer special justice to certain plantifs based on the size of their campaign contributions. This is bought justice plain and simple. That fact that it guts the Fourth Amendment is just insult to injurt.

Like the Military Commissions Act of 2005, it is unlikely this law will not survive judicial scrutiny.

Lastly, any mention of Ramstein AFB is a red herring, because that effort targeted foreigners. Even the ACLU and the EFF supports the updating of FISA to allow our government to monitor communications of foreigners that happen to go through the US.

p.s. its nice to suggest that I should not complain about unchecked surveillance unless I am doing something illegal.

p.p.s slippery slope you say? We still have no idea how much law breaking occurred. We only know that it was so bad that John Ascroft threatened to resign over it, as well as half Acting Attorney General James Comey, and then FBI Director Robert S. Mueller III. Then again those are all leftist university elite types, right?

it is possible to be insulting without resorting to curses...you cotton-headed ninny-muggins!

um where's the howto? theres no link

Encryption sounds super, but would be rather like doing your in person banking business with a bandana covering your face (for you allergies :).

(Off Topic)
Couldn't help thinking of a good soundtrack for reading this page and came up the music from the Harder They Come especially Johnny Too Bad and the title song.

Use Off-the-Record Messaging to secure your IM communications:

http://www.cypherpunks.ca/otr/

Let me say this:

I've written software that recognised individual authors by style. The same basic technology is used by Postini, Google, etcetera - anyone involved in sorting out spam from signal - to do just that: distinguish static from signal.

Google and Postini have it down to the point where very little spam hits my inbox. Why? Because software is very good at detecting human signal versus automatically-generated noise.

I believe that attempting to hide a signal by raising an ambient noise floor is pointless. The best it could do is possibly produce a denial of service, but such a condition usually applies to everyone and prevents signal period.

[I ran some of this in the original FISA discussion; since the topic has come up again, I'm rerunning it here, with some additions]

1. For a typical citizen or business, I think the measures to take are those appropriate to avoid inadvertent exposure of private data--to keep your data from being swept up in the mass monitoring system. The measures that are needed to secure your data against a determined assault are likely to make more problems than they solve. Exception: if you keep other people's data, you may be held to a higher legal standard.

2. Make backups and store them securely--the simplest attack on your computer is stealing it. So make backups.

3. In general, use Firefox. Run Safari as little as possible. If possible, don't run Outlook, or any Microsoft Office app--they are way easy to crack.

4. For e-mail, there's GPG, which is a free solution which requires, in my opinion, more expertise than most users have to set up, and a pay solution, PGP; if you don't have expertise on tap, just buy PGP.

5. Apple offers drive encryption, BUT, you must make a copies of your keys and store them in safe places like a safety deposit box, or with your lawyer. Otherwise, there's a good chance you will end up locked out of your own drive. (Yes, keeping copies of your keys is a risk. The risk of being locked out of your data is probably higher than the risk of determined harassment.) The only time it's appropriate not to make copies of your keys is when the risk of a security break is larger than the risk of data loss. For most of us, that's not the case.

6. Links:
PGP: [http://www.pgp.com]
GPG for Macs: [http://macgpg.sourceforge.net]
ccrypt (simple general-purpose file encryption): [http://ccrypt.sourceforge.net/]
PGP does support Notes and Office/Outlook.

bardfinn -
all good points. 2 more points (maybe good / bad):

FISC (Foreign Intelligence Surveillence Court) has granted over 18,000 warrants. It has rejected 5. I'm sure that not all 18,000 were rigorously reasoned and written. Even under the 99% rule, dozens of bad warrants were issued. We can never know, but Congress has said "Just trust your Government."

New FISA allows emergency surveillence without immediate court review. If request is found to be faulty, and warrant is denied, collected data is still retained by government for other, future uses. If NSA discovers that I am paying hookers with counterfeit bills that I get from Osama, who's to say that while I won't end up in Guantanamo (due to bad warrant application),but the IRS may come calling in a year or two looking for my 'hidden' income?

Third point: America was not founded upon the notion that we should trust our rulers. To suggest that we can trust Bush / Obama / McCain is not only stupid, but unpatriotic and un-American. He who takes away my rights offends Heaven and shall not stand. (I'm not sure who first said that, but I'm stealing it.)

Anyone that honestly believes that publicly available cryptosystems aren't 0wn3d by the NSA and friends, you need to pull your head out of the sand my friend. Do you honestly think that in a country where crypto is considered _MUNITIONS_ that anybody would be allowed to have something that "dangerous" without a backdoor/brute-force way in so they can check in on you?

All I have to say is Crays & FPGA arrays.

Have you not ever wondered why the supercomputer list that comes out every year has like half the systems "classified". Crays are in the same boat. You can find inventories of their existence, but can't find out where they are. All the addresses end up in "someplace", VA.

Read "The Puzzle Palace". NSA has been able to collect all your calls w. voice activated tracers since the 60's.

No surprise, but still very disappointing the bill passed.

I always liked the French solution. Storm the castle and behead the king. Has a way of focusing the minds of the aristocracy.

I'm surprised there's been no mention of truecrypt yet. That's part of my current solution.

As for the fourth amendment and customs....well...it was just fine with everybody when it was Colombian druglords whose privacy was being violated at "borders" and so effectively, the fourth amendment no longer applies (if it ever did) at the border...and in the eyes of the law, if one arrives from overseas they have not entered the U.S., and therefore have no rights, until they clear customs.

Here's an article detailing some techniques to use to maintain data security while traveling: http://www.thelifenomadic.com/data-security-while-traveling/

Here is the Obama response letter, much the same as Fienstien's. I give his staff kudos for sending an on-topic form letter within 24hrs.
-
Dear Friend,

Thank you for contacting us and sharing your strong feelings about this important issue. Please find a statement from Senator Obama below.

We appreciate hearing from you.

Sincerely,

Obama for America,

---
Given the grave threats that we face, our national security agencies must have the capability to gather intelligence and track down terrorists before they strike, while respecting the rule of law and the privacy and civil liberties of the American people. There is also little doubt that the Bush Administration, with the cooperation of major telecommunications companies, has abused that authority and undermined the Constitution by intercepting the communications of innocent Americans without their knowledge or the required court orders.

That is why last year I opposed the so-called Protect America Act, which expanded the surveillance powers of the government without sufficient independent oversight to protect the privacy and civil liberties of innocent Americans. I have also opposed the granting of retroactive immunity to those who were allegedly complicit in acts of illegal spying in the past.

After months of negotiation, the House passed a compromise that, while far from perfect, is a marked improvement over last year's Protect America Act. Under this compromise legislation, an important tool in the fight against terrorism will continue, but the President's illegal program of warrantless surveillance will be over. It restores FISA and existing criminal wiretap statutes as the exclusive means to conduct surveillance - making it clear that the President cannot circumvent the law and disregard the civil liberties of the American people. It also firmly re-establishes basic judicial oversight over all domestic surveillance in the future.

It does, however, grant retroactive immunity, and I voted in the Senate three times to remove this provision so that we could seek full accountability for past offenses. Unfortunately, these attempts were unsuccessful. But this compromise guarantees a thorough review by the Inspectors General of our national security agencies to determine what took place in the past, and ensures that there will be accountability going forward. By demanding oversight and accountability, a grassroots movement of Americans has helped yield a bill that is far better than the Protect America Act.

It is not all that I would want. But given the legitimate threats we face, providing effective intelligence collection tools with appropriate safeguards is too important to delay. So I support the compromise, but do so with a firm pledge that as President, I will carefully monitor the program, review the report by the Inspectors General, and work with the Congress to take any additional steps I deem necessary to protect the lives - and the liberty - of the American people.

----------------------
Paid for by Obama for America

All this talk of security makes me wonder, Can I set up TOR on my Iphone ? or am I just a bit of pyrite ATnT's data mining business now?

SSH tunnel your email all you want but it won't protect it.

#3 is right in pointing out the limitations to this, but it's not useless. It's the equivalent to using HTTPS instead of HTTP to access your web-mail. Imagine you've configured your WLAN as securely as you could manage, but someone who tries to spy on you has still managed to break in there. (I'd say that's more likely than breaking into your ISP or Yahoo or whoever hosts your e-mails.) Now the attacker will see you browsing Boingboing, but not reading your mails. Better than nothing.

The NSA doesn't care about the email you got from your mom with pictures of her cat's new sweater. [– #12]

The occasional situation, and if it occurs only once every tens years, in which you'd like to send or receive an encrypted message is reason enough to encrypt as many communications as possible. If you only encrypt what you really want to hide, it'll stand out, and if the NSA will read it if they want to. To criminals, the question may be whether they want someone to read their e-mails, but to you the question is whether you'd prefer to have large-scale data mining or privacy.

I've also seen do-hickies on TV where you just snap an extra mouthpiece onto your phone and it will garble your speech, only understandable to someone with a special decrypter. I think that device might have been BS though. [– #16]

VOIP phones (or Skype etc.) send sound as data. Data can be encrypted. Modems send data (which may be encrypted) as sound. Putting these three ideas together is not exactly BS. Not that this really matters, because cell phones already send digital data (modulating analog radio signals, sure ... doesn't matter) and some of them have quite a bit of computing power – so, it would be much more inconspicuous to make this "mouthpiece" purely in software; voice in, encrypted data out. No idea how well it would thwart a really dedicated and resourceful eavesdropper, just saying it's not impractical.

If you think that you're secure in your use of OS X 10.5 (or any thing else for that matter) stop reading now because you just don't get it. At all. If you wish to protect your electronic communications between you and your friends you will need to use PGP for ALL of your e-mail. [– #23]

And PGP can't run on OS X?

Wireless mesh net with household wireless routers. [– #25]

You might like to know that the guy who made the above post has written a novel about this idea ... ;)

All these wireless routers showing up are just waiting to be linked together building a connect-the-dots encrypted, free, and independent wireless net. There is no reason for the telecoms to even exist. [– #38]

Except that the money they collect goes into maintining massive (and massively expensive) transcontinental connections. And connections between hick villages without any wireless nodes between them, for that matter.

The ideal system would look like regular unformated or unused disk space. [– #44]

The idea that it looks perfectly normal and unsuspicious that someone shells out for a 500GB notebook drive and then only uses half of it is hardly ideal. If it looked like a completely formatted 250GB drive until you give it the secret handshake, wouldn't that be better?

I find it naive in the extreme that anyone can believe that honest, law-abiding citizens have nothing to fear from a government that acts above the law. Have we so soon forgotten the excesses of Hoover, McCarthy and Nixon?

The FISA bill has at it's core created a legal framework for continuing large scale eavesdropping on US citizens. I do not trust our elected officials to safeguard my freedom.

At the present time, our president is above the law. He disregards any legislation he doesn't agree with by issuing a "signing statement."

He has his minions ignore subpoenas from congress and has generally used "executive privilege" to avoid any oversight.

He uses extra governmental email to hide correspondence from public view and destroys email records when confronted.

He can declare anyone in the world an "enemy combatant" and detain them indefinitely.

In light of the recent Supreme Court decision he can simply render you to any country he wishes where you can be held indefinitely and tortured. Try bringing up your habeas corpus rights in a prison cell in Syria or Egypt.

I believe it is obvious that an attack on the US has been used to wantonly destroy our rights as citizens of a free nation and to create as far as possible a police state.

9/11 was a tragedy and we should protect ourselves from another occurrence -- but at what costs. Should we win the "war on terror" by selling our souls?

VOIP phones (or Skype etc.) send sound as data. Data can be encrypted. Modems send data (which may be encrypted) as sound. Putting these three ideas together is not exactly BS. Not that this really matters, because cell phones already send digital data (modulating analog radio signals, sure ... doesn't matter) and some of them have quite a bit of computing power – so, it would be much more inconspicuous to make this "mouthpiece" purely in software; voice in, encrypted data out. No idea how well it would thwart a really dedicated and resourceful eavesdropper, just saying it's not impractical.

But to encrypt this in a way that provides end-to-end security (in the way GPG does), requires something like ZRTP (i.e. Zfone). This is particularly advantageous since even given CALEA, using SIP / H.323 VoIP breaks up every discrete aspect of telephony service into something that can be provided by a separate supplier, such that creating mix network (i.e. bouncing calls around the globe, through multiple jurisdictions) becomes far easier, more reliable, and less expensive than was possible with traditional POTS. Though I wouldn't bet my life on it, I doubt CALEA could keep up; maybe ECHELON could.

I'm still waiting for someone to implement ZRTP on the iPhone, or on Google Android.

Furthermore, someday, mobile phone service could also work using the aforementioned wireless mesh networking technology, such that each phone is a repeater when not in use. (c.f. scatternets)

I agree that being able to do end-to-end encryption for mobile phone calls would be nice[*], but the two approaches I described already are end-to-end; how exactly you do key exchange has nothing to do with that.

Scatternets for phones? Presently, no thanks. I'm already much dissatisfied with my phone's standby time as it is. In terms of dreaming up the perfect utopia for the future, yes, I'd like to see lots of mesh and ad-hoc networking. But in such a scenario, I'd say all you have to consider is the internet and mobile computers (notebooks, UMPCs, PDAs, ...) with integrated WLAN routers. If I could have my wish, you could use these for VoIP by pairing them up with a headset/earpiece/whatever (or just holding them up to your head), and maybe some of these devices would still be referred to as 'phones', but there would be no more bifurcation of the telecommunications infrastructure into voice and data services. Presently, I can IM with my colleague back in the other office without the traffic leaving the building (i.e. it would still work if the internet connection was down [our Jabber server happens to be located inside the building] or even if the entire network was down and power was out [via Bonjour]). — but I can't call him with my phone without going through one of my phone provider's data centres and paying for it. Doesn't make sense. If both types of traffic were one and the same, you could apply OTR just as easily to voice as to IM. (Whew, managed to get back on topic at the last moment ;)

[*] I'm not holding my breath, though, as law enforcement would hate it.

Sorry, I'm getting to this rather late, but...

#15

This law is not, and hasn't been (over the last seven years, at least) about evidence for prosecutions. So admissibility of evidence is completely irrelevant. You're right, as far as it goes, but that was never the point of the eavesdropping. After all, to use it as evidence, the law would then necessarily be subject to judicial review, and the administration has been doing everything in their power to prevent that.

#22

You've missed a couple of salient points. One, the telecoms never were court-ordered to do that surveillance. A warrant is a court order. It is the only form of court order. That's why they're calling it "warrantless wiretapping". If they had those, this would have been a non-issue. They were asked by the president. The president does not have the legal authority to order illegal operations. The telecoms were not "stuck in the middle".

#28

You're pretty much dead on, sadly.

#32

It doesn't affect you unless, say, you happen to say something that sounds like it might be dangerous. The big danger of this is catching innocent people. What do you think would happen if you made the wrong joke? I think being on the terrorist watch list (and no-fly list) would be the smallest of your problems. Don't think it could happen? Then consider how large those lists already are.

#60

Just from the start of Feinstein's response, there's already a lie. Modernization was the one (at least arguably) useful thing that the Patriot Act did accomplish.

Another problem is her assertion about "exclusivity". A judge has already ruled that FISA itself already has all the "exclusivity" needed. So adding another provision saying, "We really mean it, this time" actually likely weakens that protection.

m0loch, zuzu, fred666, and anyone else out there who actually contributed something useful here. THANKYOU. I feel like this thread has been totally hijacked by the discussion of the constitutionality of FISA. I'm going to make a real effort to learn how to encrypt my data, and if i can, document the process. thanks again!

lifehacker is very helpful on these issues. here is what i've found so far.

http://lifehacker.com/software/top/how-to-encrypt-your-email-180878.php
http://lifehacker.com/software/ssh/geek-to-live--encrypt-your-web-browsing-session-with-an-ssh-socks-proxy-237227.php
http://lifehacker.com/software/instant-messaging/geek-to-live--encrypt-your-instant-messages-with-gaim-228878.php

the articles/how-to's are all written in a manner that makes it easy for a pundit like me to understand.

ps. sorry for the ridiculously long links. im terrible with the whole html tag thing.

spammer

You can also try the new Google Opt-Out Village to protect your data.

Here is a small video on Google Opt-Out Village - http://www.webguild.org/2009/08/protect-your-data-by-moving-to-the-google-opt-out-village.php?p=p2

Joe