Over the last few days, two stories about emails have hit the headlines, and it leads to questions over the future security of email as a communications medium. What has been considered a fairly private method of communication is now under increasing threat from both government and corporate scrutiny.
Our email accounts carry more than just messages, they are the primary way we sign up for accounts, and verify our identity online. With our email accounts being made insecure, our whole online identity becomes compromised. Everything we do online, comes down to our email addresses. It could be said that they are our online identities. That’s why the threat to the privacy of them is one that should not be taken lightly.
By far the more well-known of the stories was about Facebook, and their decision to change the displayed email of every user on the social network to one @facebook.com. The insidious nature of this change – made without notice let alone fanfare – meant that from the time of the change, which happened sometime Friday, until it gained widespread notice on Monday, people who believed they were emailing a friend were actually sending their email into the internal Facebook message system.
Had they enabled the addresses, and sent out a notice, there wouldn’t have been much of a problem. That they decided to REMOVE any visible email address, and display this Facebook one publicly instead is the problem. All of a sudden there’s one approved email contact published and it happens to be one where the information goes to Facebook’s servers.
An email intended for a private email box, sent by someone unaware of the swap or the nature of the email address could send information to it, unaware that it is feeding the Facebook advertising machine. The message enters Facebook’s systems, if the sender’s email address is associated with an account, it’s shown as being from that account (and is virtually indistinguishable from an internal Facebook message)
In a quick test I ran, I sent my Facebook email a message from another email address. One not associated with a Facebook account. Within a minute, the message was sitting in Facebook’s message centre, but hidden in ‘other’ messages. I got no notification of it, no number in the message icon, no email notice. When an email is sent from an address with an associated account, it looks almost indistinguishable from a regular chat message, and again, no email notice, although this time the site does alert you to a message.
So either way, unless you log in to Facebook, you won’t know you have been sent an email. Unless you check a folder most aren’t aware of, you won’t know of messages from non-Facebook associated email addresses. Meanwhile, Facebook has access to contact information and message contents, because of how they’ve changed your displayed information. This could in fact be described as a Man-in-the-Middle attack, for email.
For a company that’s in hot water already over the way its IPO was handled (again, an issue of information disclosure) this was not a smart move.
Meanwhile, on the other side of the world, border officials in Israel have a different opinion on email privacy. If they want to read your private emails at will, you will give them access or forget about entering the country.
Think about that for a moment. This goes beyond the US border searches (where you can at least exert some control over what you have on you) which were already excessively intrusive. In one case, reported on by the Times of Israel, a suspected Palestinian supporter and activist was placed before a computer screen at Israel’s International Airport.
The traveller, 42-year-old American citizen Sandra Tamari, was then told to log into her personal Gmail account, so that a security agent could search it for incriminating evidence. Tamari declined the request and was denied entry into the country. Nor is she alone in this – at least three other American women have been expelled from Israel for similar reasons. The email search was not premeditated, or backed by any sort of court; the agent only became aware of the address during a physical search of Tamari’s belongings.
It’s not just confined to emails either. There are reports that other people have been asked to log into Facebook or other services so that Israeli officials can determine if someone is Palestinian supporter.
Israeli officials portray these data-mining fishing trips as normal security practice, for a country constantly under threat. Yet it is Israel that is clearly the rogue state here, rather than one who should be applauded or seen a security visionary. While Iraq was invaded by the US for possibly being in violation of UNSC Resolution 1441, (which turned out to not be the case) Israel has violated over 20 UN Resolutions, and has been called on to respect the 4th Geneva Convention.
Clearly not a country whose actions we should be following, but yet is anyone in any doubt that this idea will spread? It remains to be seen just how much longer email, for a long time considered to be private as far as online communications go, will keep that status. Of course, technology can help mitigate things somewhat, as public/private key encryption remains a possibility. Yet don’t expect them to let you in if you don’t decrypt emails for them as well.
The end of the day it’s a no-win scenario for free speech activists. They are, after all, the easiest to go after and make headlines about, giving the impression to the masses of security without actually making anything secure. In fact, since such measures only foster ill-feeling, such policies only make things LESS secure… but that’s acceptable to those behind it, because there has to be a reason to implement even more intrusive policies at a later date. That is the real (and only) effect of such policies after all.
Meanwhile, your email security is under increasing threat, from companies wanting to monetize it, or Governments wanting to monitor it.
This is exactly why i run my own opensource exchange server and jabber server offshore and full disc encrypted in case of server seizure. Too bad the average netizen joy cant afford or have the know how to setup/maintain there own solution which is ideal. Suppose if you were to use AnonymousSpeech.com via imap/thunderbird with enigmail it would be a close solution.
Rule of thumb encrypt everything 🙂 they cant plant evidence in something that’s encrypted 🙂
Try email security from Comodo!!
Lite inte på något företag.
This blog was… how do I say it? Relevant!! Finally I’ve found something which helped me.
Appreciate it!
I’ve been exploring for a little bit for any high quality articles
or weblog posts on this sort of area . Exploring in Yahoo I finally stumbled upon this site.
Studying this info So i’m satisfied to show that I’ve a very just right uncanny feeling I found out just what I
needed. I most no doubt will make sure to do not overlook this website and give
it a glance regularly.
The government allows the ordering of these documents if
you want to use them for a background investigation. It also leaves the employee with limited options and ineligibility for unemployment benefits in the US.
Such a check verifies the employee’s education and experience claims, and performs criminal, credit history, and other checks to verify the integrity
of the candidate.
Dear all,
One would like to bring to your attention a new vehicle of censorship now being used to prevent free speech on the internet; an international (and anonymous) organisation called ‘Spamhaus’.
My ISP address range has been blocked by this international organisation twice, and my IP address range is now listed by Spamhaus as an address that allegedly sends out spam. Because of this fact, I have been prevented from sending legitimate e-mail and participating in online forums; in effect, my right to free speech has been removed by the anonymous people whom hide behind the name ‘Spamhaus’.
I am an average PC user, web-browsing, the occasional forum, YouTube, e-mail to friends and family.
Now one finds oneself being prevented by an anonymous international organisation called ‘Spamhaus’ from free and open discussion on the internet.
If that is not censorship, then I don’t know what is!
Has anyone else here had this same problem?
Your help in this matter is appreciated.
Best regards,
Jack
[…] piece was first published at Falkvinge on InfoPolicy on 29 June 2012. It is under a CC0 […]
Wonderful goods from you, man. I’ve understand your stuff previous to and you’re just extremely fantastic.
I really like what you’ve acquired here, certainly like what
you’re stating and the way in which you say it.
You make it enjoyable and you still take care of to keep it wise.
I can’t wait to read far more from you. This is actually
a great website.
I couldn’t refrain from commenting. Exceptionally well written!
I know this site provides quality depending content and other material,
is there any other web site which provides such stuff in quality?
I’m very pleaseed to discover this page. I ned too to thank you forr ones time due
to this fantastic read!! I definitely liked every part of itt and i also
have you saved as a favorite tto look at new stuff on your website.