The NSA May Read My Mail

Welcome to Crypto. We hope you enjoy your visit.

You're currently viewing our forum as a guest. This means you are limited to certain areas of the board and there are some features you can't use. If you join our community, you'll be able to access member-only sections, and use many member-only features such as customizing your profile, sending personal messages, and voting in polls. Registration is simple, fast, and completely free.

Join our community!

If you're already a member please log in to your account to access all of our features:

Pages:
1
2

The NSA may read my mail!
Yes, they may read all my mail	2 (16.7%)
Yes, they don't care about my mail, only about terrorists	2 (16.7%)
No, I have the right to have privacy, they are violating that!	7 (58.3%)
No, they can arrest you for something you wrote to someone	1 (8.3%)
Total Votes: 12

The NSA May Read My Mail; or not?
Topic Started: Sep 2 2005, 07:59 PM (1,191 Views)
Revelation	Sep 2 2005, 07:59 PM Post #1
Administrator Posts: 386 Group: Admin Member #1 Joined: August 23, 2005	Well, do you think the NSA or any other government agency has the right to read your mail? Discuss!
	RRRREJMEEEEEPVKLWENFNVJKEEEEEAOLKAFKLXCFZAASDJXZTTTTTTTLSIOWJXMOKLAFJNNKFNXN RAGRBAQEMHIGDJVDSEOXVIYCELFHWLELJFIENXLRATALSJFSLCYTKLASJDKMHGOVOKAJDNMNUITN RRRRLJVEEEEECLYVYHNVPFTAEEEEEMWLMEIRNGLARWJAKJDFLWNTIERJMIPQWOTZEOCXKNUBNXCN RJIRPOWEANFUSNCZVDVZNMSFEKLOEPZLDKDJWSAAAAAAAOERHJCTNCKFRIMVKSOFOMKMANREWNBN RZUDRGXEEEEENFQIDVLQNCKNEEEEEDGLLLLLLAWIOSNCDARLODMTOEJXMILDFJROTKJSDNLVCZNN


insecure	Sep 10 2005, 01:13 AM Post #2
Elite member Posts: 381 Group: Trusted Member Member #10 Joined: September 9, 2005	The State is there to serve the nation, not to be its master. A servant should not eavesdrop at the door of his master. When they do, they get fired. I can, however, see why a master might send his servant to eavesdrop on somebody else! In time of war or great international tension, the State has a responsibility to know its enemy as well as possible, and that will inevitably involve intercepting enemy signals traffic. So no, the NSA (or, in my case, GCHQ) has no business reading our email. But if Britain were to go to war with the USA, the NSA could read mine, and GCHQ could read yours, and I wouldn't have a problem with that.



Revelation	Sep 10 2005, 08:43 AM Post #3
Administrator Posts: 386 Group: Admin Member #1 Joined: August 23, 2005	Well, I don't live in the US, I am from Holland The problem is that terrorists do live in the US too, so they try to find them. Terrorists don't operate for a country, they do what they like to do. That's the problem. So maybe spying your own people is inevitably. I don't like my privacy being violated by (foreign) government agencies, but maybe they have got no choice.
	RRRREJMEEEEEPVKLWENFNVJKEEEEEAOLKAFKLXCFZAASDJXZTTTTTTTLSIOWJXMOKLAFJNNKFNXN RAGRBAQEMHIGDJVDSEOXVIYCELFHWLELJFIENXLRATALSJFSLCYTKLASJDKMHGOVOKAJDNMNUITN RRRRLJVEEEEECLYVYHNVPFTAEEEEEMWLMEIRNGLARWJAKJDFLWNTIERJMIPQWOTZEOCXKNUBNXCN RJIRPOWEANFUSNCZVDVZNMSFEKLOEPZLDKDJWSAAAAAAAOERHJCTNCKFRIMVKSOFOMKMANREWNBN RZUDRGXEEEEENFQIDVLQNCKNEEEEEDGLLLLLLAWIOSNCDARLODMTOEJXMILDFJROTKJSDNLVCZNN


insecure	Sep 10 2005, 10:31 AM Post #4
Elite member Posts: 381 Group: Trusted Member Member #10 Joined: September 9, 2005	Sorry for getting your country wrong. It makes a pleasant change to talk to someone who isn't from the USA. :-) As for governments, well, as you say, they're going to do it anyway whether it's right or wrong. There is, of course, something we can do about it, which is this: to use encryption ourselves wherever possible in email, and to encourage others to do the same. It doesn't even have to be strong encryption. Any old encryption will do! (Obviously, strong encryption is better for some purposes.) The more different ways in which people encrypt their emails, the better. I sometimes think we should set up a peer-to-peer email network which slides encrypted emails into random junk that is being broadcast on a fairly regular basis (to make traffic analysis much, much harder). Not to make life easier for terrorists (after all, if they have anything at all about them they are already using more secure channels, and if they haven't then they will get caught some other way anyway), but to carry a message to our servants that we don't want them looking through our keyholes.



codebreaker11235	Sep 11 2005, 02:06 AM Post #5
Just registered Posts: 3 Group: New Members Member #9 Joined: September 9, 2005	As private citizens I do not think that we need to resort to having to use encryption methods in all of our emails. Although it is within the power of the NSA, GCHQ, or any other Signal Intelligence agency to intercept our private communications, as it should be; i know i would be rather upset to find out that that task was outside their ability. However, I do not worry that they are reading mine or most other private citizens emails, phone calls, etc. The reason I am confident with this is because of the intelligence problem of processing. Signal Intelligence agencies are already backed up and overloaded in terms of processing and analyzing all of those communications. The NSA just doesn't have the man-power to handle all of the COMINT and SIGINT coming from priority targets. Given this, it wouldn't be logical for those few analysts to waste their time scanning all the emails containing such things like family updates, that billy broke up with sharon, or that mr. jones is going to be late for his meeting. This is where ECHELON comes into play. This scans communications looking for key words. Unfortunately that list has to be extremely limited. The usual example is that is looks for communications containing the word 'president'. But, if you think about this every time someone expresses their political opinion, or someone's son or daughter is elected to the student body president, or even president of some other school club, those analysts are once again bogged down. Not only that, but in order to keep ECHELON from becoming backed up, since it is just a network of computers, and does have a processing limit, it only focuses on certain routers and paths where it is most likely for a target to communicate through. In order to keep this from becoming too lengthy and getting more into things that are probably better suited for other debates I'm going to end it there. So my vote goes for the second, that yes, they can read my emails, they have no reason to, and if they do find one, I hope they find no reason to forward my name onto the FBI. My vote would register, but I misclicked and apparently null voted :unsure: as a sidenote, just out of curiousity, why is it that you seem to annoyed with talking to Americans on such matters. I'm just curious so I can try and catch myself from causing any annoyance in the future. Just PM me so not to take up space on this board



Donald	Sep 11 2005, 02:53 AM Post #6
Elite member Posts: 454 Group: Trusted Member Member #8 Joined: September 2, 2005	Quote: As private citizens I do not think that we need to resort to having to use encryption methods in all of our emails. Why put letters in sealed envelopes? Yes, the government can read those letters anyway, but it takes more WORK to do so. Enough work that unless they have good cause, they won't bother. But we send our email all in the open, so that it's easy to scan most of it for interesting phrases. If everyone used crypto on their email, then they would only have time to look at stuff that they had a REASON to look at. Donald



codebreaker11235	Sep 11 2005, 03:26 AM Post #7
Just registered Posts: 3 Group: New Members Member #9 Joined: September 9, 2005	Good point, didn't think that line through. However, a physical letter is much easier to find and grasp than an email flying thru cyberspace. It is more likely for any random person to be able to get your snail mail, but what if you go down the street and ask people if they know how to intercept emails. Again you're dealing with resources, and who you're trying to protect against, and that depends on what you're communicating. So when it comes to the usual every day emails, they're secure enough, unless you are communication information best kept away from those who may be willing to spend the resources to intercept your emails.



insecure	Sep 11 2005, 04:40 AM Post #8
Elite member Posts: 381 Group: Trusted Member Member #10 Joined: September 9, 2005	An email server that encrypts emails isn't going to be very popular with all the other email servers. SMTP is a plaintext protocol. On the "I hate Americans" thing, I don't! Some of my best friends are Americans (and in fact I've never met around 70% of my best friends). I just said it makes a pleasant change, that's all. The fact that I assumed my correspondent was American indicates just how many of them I encounter online; the fact that my assumption was false shows that I'm far too old and the Internet is becoming far more international than I'd hitherto realised. I think that's a good thing, even though I get on just fine with Americans. Really I do! (Just don't ask me to speak in an American accent. It comes out as half-Australian, half-Irish, and half-Chinese. And half-baked, too. No, I am not from Australia, Ireland, or China. Or baked.)



insecure	Sep 11 2005, 04:42 AM Post #9
Elite member Posts: 381 Group: Trusted Member Member #10 Joined: September 9, 2005	Did someone change an article while I wasn't looking? I could have sworn someone claimed that email servers perform routine encryption, but that claim appears to have vanished, which makes my previous reply rather redundant.



Donald	Sep 11 2005, 05:07 AM Post #10
Elite member Posts: 454 Group: Trusted Member Member #8 Joined: September 2, 2005	"insecure" Did someone change an article while I wasn't looking? I could have sworn someone claimed that email servers perform routine encryptio Yep, that claim WAS made, but edited. Lots of traffic tonight, someone obviously thought better of it after they hit enter. It happens to me. "codebreaker11235" It is more likely for any random person to be able to get your snail mail, but what if you go down the street and ask people if they know how to intercept emails. I'm not worried about the random guy down the street. Every server that touches my email as it passes from me to the target has full access to the entire thing in plaintext. To put it in snailmail terms: Imagine if instead of the post office being a government organization, what if it was just a co-op kind of thing. In order to send a letter from, say, Florida to New York, I would just hand the letter to the first car I see driving down the street going north. That guy would take a quick peek at the address, see where it was headed, and would pass it on to the next vehicle he found that was going further north than he was. The letter would keep bouncing around that way until it actually ended up at the intended address in New York. BUT, now imagine that none of the letters being sent this way are in envelopes. Almost all of them are post cards. Now ANYONE in that long chain of cars and trucks can simply glance down at your letter and see every thing you have written. Correct me if I'm wrong guys, I'm not a networking specialist, but I do believe that is about how the internet email system works. All it takes is ONE unscrupulous guy in the chain of servers. Someone who decides he can make money selling email addresses to spammers, or selling marketing information to companies. For example, I bet you could sell a list of email adresses that sent an email in the last few days containing the phrase "I need a new car". I don't encrypt all me emails, but we really ought to. Encrypting every single email sent anywhere would greatly increase the security and privacy of the entire system. There are ways it could be adopted as a standard.



insecure	Sep 11 2005, 05:45 AM Post #11
Elite member Posts: 381 Group: Trusted Member Member #10 Joined: September 9, 2005	Your "hey, is anyone headed East? I have a letter for Joe Soapski in Siberia - could you take it?" analogy for SMTP is broadly correct, although the "long chain" is probably not all that long - I would guess that most emails are delivered via a chain fewer than, say, ten servers in length. But there's plenty of scope there for abuse! I concur about regular encryption of emails, except for one small problem. As you have said, there are ways in which it could be standardised, but the problem with all standardisation efforts is that of producing effective standards and then getting people to buy into them. If you eliminate from consideration the opinions of people who either know nothing about cryptography at all, or who fail to understand Kerckhoffs' Principle, on the grounds that they don't know what they're talking about, that leaves a (relative) handful of people who might reasonably be said to be worth listening to on the subject of standardisation. Alas, many of these people work for NSA, GCHQ, or related agencies! So how do we know we can trust them? Or let's say, for the sake of argument, that everyone decides that Twofish or Rijndael (AES) is trustworthy, so we'll all use - oh, AES for the sake of argument. We now have the problem that anyone wishing to write an email client must be able either to code AES (which isn't as easy as it sounds) or be prepared to trust a third-party developer's AES library. The second option may be workable, provided it's Open Source (so that you can read through it to make sure that it's not sending plaintext to a government agency in its spare time). But how do we know that, say, the NSA doesn't have a crack for AES? In practice, as you say, AES (or Twofish) might be good enough, on the grounds that, even if the NSA does have a crack for it, they would have to make an effort, whereas at present the only problem they have is sheer volume. This will, of course, slow down email - AES is not infinitely fast - but that is a price worth paying, I think. Another problem: if all email were encrypted, how would we send email to countries to which cryptographic export is illegal? Should we lift those export controls? (Undoubtedly YES in my opinion, on several grounds; but several governments seem to disagree with me.)



Donald	Sep 11 2005, 02:01 PM Post #12
Elite member Posts: 454 Group: Trusted Member Member #8 Joined: September 2, 2005	"insecure" But how do we know that, say, the NSA doesn't have a crack for AES? I don't think the NSA has a crack for AES, and I think that if they found one, they would switch the standard to something they could not crack. Now I know that sounds like I'm being very trusting of "No Such Agency", but I'm not. Let me explain my reasoning. Now it's true that the NSA would LOVE to be reading everyone's AES encrypted data. BUT, snooping is not their only job. One of the NSA's primary goals is to defend the USA from foreign cryptographic attacks. The NSA has suggested all of the US's business use AES as a standard. IF the NSA had a crack for AES, then they would have to live in constant fear that some OTHER government may have discovered the same crack! And if, some hostile government had, when will they use that crack to destroy the US's banking system overnight? Now this IS assuming that the government will act intelligently, NOT a safe assumption! But, we DO have evidence from the past that indicates they think this way. When DES was set as the standard, the NSA modified the algorithm a bit. They did some kind of change to the way the S-Boxes were handled. Now at the time, the civilian world didn't understand the change, and many assumed it was a deliberate weakness added to the system so the NSA could break DES whenever they wanted. Well, the civilian world of cryptography has advanced somewhat since that date, and they now think they understand why the NSA changed the s-boxes. There was a WEAKNESS in the original design, a weakness that the NSA experts saw, but the civilians didn't. The NSA changes fixed that weakness and made DES STRONGER. Yes they limited the keysize, but they didn't want anyone being able to break DES in a useful amount of time. The NSA does NOT want anyone to be able to break into our banking system, so as long as our banking system uses AES, I will assume that the NSA actually thinks AES is secure. For now... "insecure" Should we lift those export controls? The USA mainly ignores those controls right now, since there are easy ways around them. We can HOPE that someone in the government with two braincells to rub together will lift them entirely in the near future.



cows	Oct 10 2005, 04:03 PM Post #13
Advanced Member Posts: 91 Group: New Members Member #20 Joined: October 10, 2005	(I am from the U.K. so it may not apply but...) 3 Words - HUMAN RIGHTS ACT Surely we have the right to private lives and secure emails. Sure the NSA must be bogged down but how do we know what is really there???? How many people must work there??? How many computers do they have - dedicated to the decyphering of emails encryptions and the like? How do we even know that they don't have a mega computer like in the dan brown book - digital fortress (i think - correct if wrong) That has 3000 processors and is 26 floors big. Anyway that is what I think - I really don't mind iff the NSA or anybody else reads my email as I have nothing to hide. 'Those that will not share have something to hide...' A famous quote that I made up a minute ago unless I have unknowingly stolen it, obviously it applies within reason - not just showing a random person in the library your emails. --Cows--
	Everything is possible, The impossible just takes longer If we do not know what a particle is doing then it is allowed t do everything possible simultaneously. "Anyone who can contemplate Quantum Mechanics without getting dizzy, didn't understand it."


insecure	Oct 11 2005, 08:14 AM Post #14
Elite member Posts: 381 Group: Trusted Member Member #10 Joined: September 9, 2005	Governments will only pay attention to human rights legislation if it isn't too inconvenient for them to do so. Remember that governments think they are more important than people - whereas in fact they are supposed to serve the people. We have a moral right to secure communications, but not all governments grant their peoples a legal right to it. The NSA knows that most people don't encrypt email. Echelon probably uses keyword searches to discard the vast majority of open email. Encrypted email, at present, probably gets closer attention. That will only change if we all start to encrypt our emails. It shouldn't matter how many computers the NSA has. Choose an encryption algorithm that would take the entire computing resources of the universe a whole creation's-worth of time to crack, and you won't need to worry about the NSA's computers. (You will still have to worry about their cryppies, though.) "Those that will not share have something to hide" is indeed a recognisable form of a famous saying (often phrased as "those with nothing to hide have nothing to fear"), used down the centuries by dictators, torturers, inquisitors, the Gestapo, and so on and so forth to justify their intrusions into people's private lives.



cows	Oct 11 2005, 02:29 PM Post #15
Advanced Member Posts: 91 Group: New Members Member #20 Joined: October 10, 2005	First of all - have you read the Dan Brown book - Digital Fortress? As you will see in that book - they have a super computer that has 3000 processors and it's sole purpose is to decrypt encrypted mail. This is what i meant by the NSA using a computer to decrypt emails. If a human can do it - then a computer can do it. Did not know that Quote: 'Those that will not share have something to hide...' was a real quote but all the same it still has the same meaning. If you encrypt your mail thn you have something to hide. It is the governments job to decrypt the email, just in case it is a terrorist plot. Don't encrypt your mail - that is the answer... maybe? --Cows--
	Everything is possible, The impossible just takes longer If we do not know what a particle is doing then it is allowed t do everything possible simultaneously. "Anyone who can contemplate Quantum Mechanics without getting dizzy, didn't understand it."


1 user reading this topic (1 Guest and 0 Anonymous)


Go to Next Page
« Previous Topic · Debates · Next Topic »

Pages:
1
2